1 /*
2 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
3 * Use is subject to license terms.
4 */
5
6 /*
7 * The basic framework for this code came from the reference
8 * implementation for MD5. That implementation is Copyright (C)
9 * 1991-2, RSA Data Security, Inc. Created 1991. All rights reserved.
10 *
11 * License to copy and use this software is granted provided that it
12 * is identified as the "RSA Data Security, Inc. MD5 Message-Digest
13 * Algorithm" in all material mentioning or referencing this software
14 * or this function.
15 *
16 * License is also granted to make and use derivative works provided
17 * that such works are identified as "derived from the RSA Data
18 * Security, Inc. MD5 Message-Digest Algorithm" in all material
19 * mentioning or referencing the derived work.
20 *
21 * RSA Data Security, Inc. makes no representations concerning either
22 * the merchantability of this software or the suitability of this
23 * software for any particular purpose. It is provided "as is"
24 * without express or implied warranty of any kind.
698 ctx->state.s64[1] = 0x629a292a367cd507ULL;
699 ctx->state.s64[2] = 0x9159015a3070dd17ULL;
700 ctx->state.s64[3] = 0x152fecd8f70e5939ULL;
701 ctx->state.s64[4] = 0x67332667ffc00b31ULL;
702 ctx->state.s64[5] = 0x8eb44a8768581511ULL;
703 ctx->state.s64[6] = 0xdb0c2e0d64f98fa7ULL;
704 ctx->state.s64[7] = 0x47b5481dbefa4fa4ULL;
705 break;
706 case SHA512_MECH_INFO_TYPE:
707 case SHA512_HMAC_MECH_INFO_TYPE:
708 case SHA512_HMAC_GEN_MECH_INFO_TYPE:
709 ctx->state.s64[0] = 0x6a09e667f3bcc908ULL;
710 ctx->state.s64[1] = 0xbb67ae8584caa73bULL;
711 ctx->state.s64[2] = 0x3c6ef372fe94f82bULL;
712 ctx->state.s64[3] = 0xa54ff53a5f1d36f1ULL;
713 ctx->state.s64[4] = 0x510e527fade682d1ULL;
714 ctx->state.s64[5] = 0x9b05688c2b3e6c1fULL;
715 ctx->state.s64[6] = 0x1f83d9abfb41bd6bULL;
716 ctx->state.s64[7] = 0x5be0cd19137e2179ULL;
717 break;
718 #ifdef _KERNEL
719 default:
720 cmn_err(CE_PANIC,
721 "sha2_init: failed to find a supported algorithm: 0x%x",
722 (uint32_t)mech);
723
724 #endif /* _KERNEL */
725 }
726
727 ctx->algotype = (uint32_t)mech;
728 ctx->count.c64[0] = ctx->count.c64[1] = 0;
729 }
730
731 #ifndef _KERNEL
732
733 #pragma inline(SHA256Init, SHA384Init, SHA512Init)
734 void
735 SHA256Init(SHA256_CTX *ctx)
736 {
737 SHA2Init(SHA256, ctx);
884 * : The function actually uses void* because many
885 * : callers pass things other than uchar_t here.
886 * SHA2_CTX * : the context to finalize, save, and zero
887 * output: void
888 */
889
890 void
891 SHA2Final(void *digest, SHA2_CTX *ctx)
892 {
893 uint8_t bitcount_be[sizeof (ctx->count.c32)];
894 uint8_t bitcount_be64[sizeof (ctx->count.c64)];
895 uint32_t index;
896 uint32_t algotype = ctx->algotype;
897
898 if (algotype <= SHA256_HMAC_GEN_MECH_INFO_TYPE) {
899 index = (ctx->count.c32[1] >> 3) & 0x3f;
900 Encode(bitcount_be, ctx->count.c32, sizeof (bitcount_be));
901 SHA2Update(ctx, PADDING, ((index < 56) ? 56 : 120) - index);
902 SHA2Update(ctx, bitcount_be, sizeof (bitcount_be));
903 Encode(digest, ctx->state.s32, sizeof (ctx->state.s32));
904
905 } else {
906 index = (ctx->count.c64[1] >> 3) & 0x7f;
907 Encode64(bitcount_be64, ctx->count.c64,
908 sizeof (bitcount_be64));
909 SHA2Update(ctx, PADDING, ((index < 112) ? 112 : 240) - index);
910 SHA2Update(ctx, bitcount_be64, sizeof (bitcount_be64));
911 if (algotype <= SHA384_HMAC_GEN_MECH_INFO_TYPE) {
912 ctx->state.s64[6] = ctx->state.s64[7] = 0;
913 Encode64(digest, ctx->state.s64,
914 sizeof (uint64_t) * 6);
915 } else
916 Encode64(digest, ctx->state.s64,
917 sizeof (ctx->state.s64));
918 }
919
920 /* zeroize sensitive information */
921 bzero(ctx, sizeof (*ctx));
922 }
|
1 /*
2 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
3 * Use is subject to license terms.
4 */
5 /*
6 * Copyright 2013 Saso Kiselkov. All rights reserved.
7 */
8
9 /*
10 * The basic framework for this code came from the reference
11 * implementation for MD5. That implementation is Copyright (C)
12 * 1991-2, RSA Data Security, Inc. Created 1991. All rights reserved.
13 *
14 * License to copy and use this software is granted provided that it
15 * is identified as the "RSA Data Security, Inc. MD5 Message-Digest
16 * Algorithm" in all material mentioning or referencing this software
17 * or this function.
18 *
19 * License is also granted to make and use derivative works provided
20 * that such works are identified as "derived from the RSA Data
21 * Security, Inc. MD5 Message-Digest Algorithm" in all material
22 * mentioning or referencing the derived work.
23 *
24 * RSA Data Security, Inc. makes no representations concerning either
25 * the merchantability of this software or the suitability of this
26 * software for any particular purpose. It is provided "as is"
27 * without express or implied warranty of any kind.
701 ctx->state.s64[1] = 0x629a292a367cd507ULL;
702 ctx->state.s64[2] = 0x9159015a3070dd17ULL;
703 ctx->state.s64[3] = 0x152fecd8f70e5939ULL;
704 ctx->state.s64[4] = 0x67332667ffc00b31ULL;
705 ctx->state.s64[5] = 0x8eb44a8768581511ULL;
706 ctx->state.s64[6] = 0xdb0c2e0d64f98fa7ULL;
707 ctx->state.s64[7] = 0x47b5481dbefa4fa4ULL;
708 break;
709 case SHA512_MECH_INFO_TYPE:
710 case SHA512_HMAC_MECH_INFO_TYPE:
711 case SHA512_HMAC_GEN_MECH_INFO_TYPE:
712 ctx->state.s64[0] = 0x6a09e667f3bcc908ULL;
713 ctx->state.s64[1] = 0xbb67ae8584caa73bULL;
714 ctx->state.s64[2] = 0x3c6ef372fe94f82bULL;
715 ctx->state.s64[3] = 0xa54ff53a5f1d36f1ULL;
716 ctx->state.s64[4] = 0x510e527fade682d1ULL;
717 ctx->state.s64[5] = 0x9b05688c2b3e6c1fULL;
718 ctx->state.s64[6] = 0x1f83d9abfb41bd6bULL;
719 ctx->state.s64[7] = 0x5be0cd19137e2179ULL;
720 break;
721 case SHA512_224_MECH_INFO_TYPE:
722 ctx->state.s64[0] = 0x8C3D37C819544DA2ULL;
723 ctx->state.s64[1] = 0x73E1996689DCD4D6ULL;
724 ctx->state.s64[2] = 0x1DFAB7AE32FF9C82ULL;
725 ctx->state.s64[3] = 0x679DD514582F9FCFULL;
726 ctx->state.s64[4] = 0x0F6D2B697BD44DA8ULL;
727 ctx->state.s64[5] = 0x77E36F7304C48942ULL;
728 ctx->state.s64[6] = 0x3F9D85A86A1D36C8ULL;
729 ctx->state.s64[7] = 0x1112E6AD91D692A1ULL;
730 break;
731 case SHA512_256_MECH_INFO_TYPE:
732 ctx->state.s64[0] = 0x22312194FC2BF72CULL;
733 ctx->state.s64[1] = 0x9F555FA3C84C64C2ULL;
734 ctx->state.s64[2] = 0x2393B86B6F53B151ULL;
735 ctx->state.s64[3] = 0x963877195940EABDULL;
736 ctx->state.s64[4] = 0x96283EE2A88EFFE3ULL;
737 ctx->state.s64[5] = 0xBE5E1E2553863992ULL;
738 ctx->state.s64[6] = 0x2B0199FC2C85B8AAULL;
739 ctx->state.s64[7] = 0x0EB72DDC81C52CA2ULL;
740 break;
741 #ifdef _KERNEL
742 default:
743 cmn_err(CE_PANIC,
744 "sha2_init: failed to find a supported algorithm: 0x%x",
745 (uint32_t)mech);
746
747 #endif /* _KERNEL */
748 }
749
750 ctx->algotype = (uint32_t)mech;
751 ctx->count.c64[0] = ctx->count.c64[1] = 0;
752 }
753
754 #ifndef _KERNEL
755
756 #pragma inline(SHA256Init, SHA384Init, SHA512Init)
757 void
758 SHA256Init(SHA256_CTX *ctx)
759 {
760 SHA2Init(SHA256, ctx);
907 * : The function actually uses void* because many
908 * : callers pass things other than uchar_t here.
909 * SHA2_CTX * : the context to finalize, save, and zero
910 * output: void
911 */
912
913 void
914 SHA2Final(void *digest, SHA2_CTX *ctx)
915 {
916 uint8_t bitcount_be[sizeof (ctx->count.c32)];
917 uint8_t bitcount_be64[sizeof (ctx->count.c64)];
918 uint32_t index;
919 uint32_t algotype = ctx->algotype;
920
921 if (algotype <= SHA256_HMAC_GEN_MECH_INFO_TYPE) {
922 index = (ctx->count.c32[1] >> 3) & 0x3f;
923 Encode(bitcount_be, ctx->count.c32, sizeof (bitcount_be));
924 SHA2Update(ctx, PADDING, ((index < 56) ? 56 : 120) - index);
925 SHA2Update(ctx, bitcount_be, sizeof (bitcount_be));
926 Encode(digest, ctx->state.s32, sizeof (ctx->state.s32));
927 } else {
928 index = (ctx->count.c64[1] >> 3) & 0x7f;
929 Encode64(bitcount_be64, ctx->count.c64,
930 sizeof (bitcount_be64));
931 SHA2Update(ctx, PADDING, ((index < 112) ? 112 : 240) - index);
932 SHA2Update(ctx, bitcount_be64, sizeof (bitcount_be64));
933 if (algotype <= SHA384_HMAC_GEN_MECH_INFO_TYPE) {
934 ctx->state.s64[6] = ctx->state.s64[7] = 0;
935 Encode64(digest, ctx->state.s64,
936 sizeof (uint64_t) * 6);
937 } else if (algotype == SHA512_224_MECH_INFO_TYPE) {
938 uint8_t last[sizeof (uint64_t)];
939 /*
940 * Since SHA-512/224 doesn't align well to 64-bit
941 * boundaries, we must do the encode in three steps:
942 * 1) encode the three 64-bit words that fit neatly
943 * 2) encode the last 64-bit word to a temp buffer
944 * 3) chop out the lower 32-bits from the temp buffer
945 * and append them to the digest
946 */
947 Encode64(digest, ctx->state.s64, sizeof (uint64_t) * 3);
948 Encode64(last, &ctx->state.s64[3], sizeof (uint64_t));
949 bcopy(last, (uint8_t *)digest + 24, 4);
950 } else if (algotype == SHA512_256_MECH_INFO_TYPE) {
951 Encode64(digest, ctx->state.s64, sizeof (uint64_t) * 4);
952 } else {
953 Encode64(digest, ctx->state.s64,
954 sizeof (ctx->state.s64));
955 }
956 }
957
958 /* zeroize sensitive information */
959 bzero(ctx, sizeof (*ctx));
960 }
|