"Fossies" - the Fresh Open Source Software Archive 
Member "tin-2.6.2/libcanlock/src/sha384-512.c" (23 Aug 2021, 37638 Bytes) of package /linux/misc/tin-2.6.2.tar.xz:
As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style:
standard) with prefixed line numbers and
code folding option.
Alternatively you can here
view or
download the uninterpreted source code file.
For more information about "sha384-512.c" see the
Fossies "Dox" file reference documentation.
1 /************************* sha384-512.c ************************/
2 /***************** See RFC 6234 for details. *******************/
3 /* Copyright (c) 2011 IETF Trust and the persons identified as */
4 /* authors of the code. All rights reserved. */
5 /* See sha.h for terms of use and redistribution. */
6
7 /*
8 * Description:
9 * This file implements the Secure Hash Algorithms SHA-384 and
10 * SHA-512 as defined in the U.S. National Institute of Standards
11 * and Technology Federal Information Processing Standards
12 * Publication (FIPS PUB) 180-3 published in October 2008
13 * and formerly defined in its predecessors, FIPS PUB 180-1
14 * and FIP PUB 180-2.
15 *
16 * A combined document showing all algorithms is available at
17 * http://csrc.nist.gov/publications/fips/
18 * fips180-3/fips180-3_final.pdf
19 *
20 * The SHA-384 and SHA-512 algorithms produce 384-bit and 512-bit
21 * message digests for a given data stream. It should take about
22 * 2**n steps to find a message with the same digest as a given
23 * message and 2**(n/2) to find any two messages with the same
24 * digest, when n is the digest size in bits. Therefore, this
25 * algorithm can serve as a means of providing a
26 * "fingerprint" for a message.
27 *
28 * Portability Issues:
29 * SHA-384 and SHA-512 are defined in terms of 64-bit "words",
30 * but if USE_32BIT_ONLY is #defined, this code is implemented in
31 * terms of 32-bit "words". This code uses <stdint.h> (included
32 * via "sha.h") to define the 64-, 32- and 8-bit unsigned integer
33 * types. If your C compiler does not support 64-bit unsigned
34 * integers and you do not #define USE_32BIT_ONLY, this code is
35 * not appropriate.
36 *
37 * Caveats:
38 * SHA-384 and SHA-512 are designed to work with messages less
39 * than 2^128 bits long. This implementation uses SHA384/512Input()
40 * to hash the bits that are a multiple of the size of an 8-bit
41 * octet, and then optionally uses SHA384/256FinalBits()
42 * to hash the final few bits of the input.
43 *
44 */
45
46 #include "canlock-private.h"
47 #include "sha.h"
48
49 #ifdef USE_32BIT_ONLY
50 /*
51 * Define 64-bit arithmetic in terms of 32-bit arithmetic.
52 * Each 64-bit number is represented in a 2-word array.
53 * All macros are defined such that the result is the last parameter.
54 */
55
56 /*
57 * Define shift, rotate left, and rotate right functions
58 */
59 #define SHA512_SHR(bits, word, ret) ( \
60 /* (((uint64_t)((word))) >> (bits)) */ \
61 (ret)[0] = (((bits) < 32) && ((bits) >= 0)) ? \
62 ((word)[0] >> (bits)) : 0, \
63 (ret)[1] = ((bits) > 32) ? ((word)[0] >> ((bits) - 32)) : \
64 ((bits) == 32) ? (word)[0] : \
65 ((bits) >= 0) ? \
66 (((word)[0] << (32 - (bits))) | \
67 ((word)[1] >> (bits))) : 0 )
68
69 #define SHA512_SHL(bits, word, ret) ( \
70 /* (((uint64_t)(word)) << (bits)) */ \
71 (ret)[0] = ((bits) > 32) ? ((word)[1] << ((bits) - 32)) : \
72 ((bits) == 32) ? (word)[1] : \
73 ((bits) >= 0) ? \
74 (((word)[0] << (bits)) | \
75 ((word)[1] >> (32 - (bits)))) : \
76 0, \
77 (ret)[1] = (((bits) < 32) && ((bits) >= 0)) ? \
78 ((word)[1] << (bits)) : 0 )
79
80 /*
81 * Define 64-bit OR
82 */
83 #define SHA512_OR(word1, word2, ret) ( \
84 (ret)[0] = (word1)[0] | (word2)[0], \
85 (ret)[1] = (word1)[1] | (word2)[1] )
86
87 /*
88 * Define 64-bit XOR
89 */
90 #define SHA512_XOR(word1, word2, ret) ( \
91 (ret)[0] = (word1)[0] ^ (word2)[0], \
92 (ret)[1] = (word1)[1] ^ (word2)[1] )
93
94 /*
95 * Define 64-bit AND
96 */
97 #define SHA512_AND(word1, word2, ret) ( \
98 (ret)[0] = (word1)[0] & (word2)[0], \
99 (ret)[1] = (word1)[1] & (word2)[1] )
100
101 /*
102 * Define 64-bit TILDA
103 */
104 #define SHA512_TILDA(word, ret) \
105 ( (ret)[0] = ~(word)[0], (ret)[1] = ~(word)[1] )
106
107 /*
108 * Define 64-bit ADD
109 */
110 #define SHA512_ADD(word1, word2, ret) ( \
111 (ret)[1] = (word1)[1], (ret)[1] += (word2)[1], \
112 (ret)[0] = (word1)[0] + (word2)[0] + ((ret)[1] < (word1)[1]) )
113
114 /*
115 * Add the 4word value in word2 to word1.
116 */
117 static uint32_t ADDTO4_temp, ADDTO4_temp2;
118 #define SHA512_ADDTO4(word1, word2) ( \
119 ADDTO4_temp = (word1)[3], \
120 (word1)[3] += (word2)[3], \
121 ADDTO4_temp2 = (word1)[2], \
122 (word1)[2] += (word2)[2] + ((word1)[3] < ADDTO4_temp), \
123 ADDTO4_temp = (word1)[1], \
124 (word1)[1] += (word2)[1] + ((word1)[2] < ADDTO4_temp2), \
125 (word1)[0] += (word2)[0] + ((word1)[1] < ADDTO4_temp) )
126
127 /*
128 * Add the 2word value in word2 to word1.
129 */
130 static uint32_t ADDTO2_temp;
131 #define SHA512_ADDTO2(word1, word2) ( \
132 ADDTO2_temp = (word1)[1], \
133 (word1)[1] += (word2)[1], \
134 (word1)[0] += (word2)[0] + ((word1)[1] < ADDTO2_temp) )
135
136 /*
137 * SHA rotate ((word >> bits) | (word << (64-bits)))
138 */
139 static uint32_t ROTR_temp1[2], ROTR_temp2[2];
140 #define SHA512_ROTR(bits, word, ret) ( \
141 SHA512_SHR((bits), (word), ROTR_temp1), \
142 SHA512_SHL(64-(bits), (word), ROTR_temp2), \
143 SHA512_OR(ROTR_temp1, ROTR_temp2, (ret)) )
144
145 /*
146 * Define the SHA SIGMA and sigma macros
147 *
148 * SHA512_ROTR(28,word) ^ SHA512_ROTR(34,word) ^ SHA512_ROTR(39,word)
149 */
150 static uint32_t SIGMA0_temp1[2], SIGMA0_temp2[2],
151 SIGMA0_temp3[2], SIGMA0_temp4[2];
152 #define SHA512_SIGMA0(word, ret) ( \
153 SHA512_ROTR(28, (word), SIGMA0_temp1), \
154 SHA512_ROTR(34, (word), SIGMA0_temp2), \
155 SHA512_ROTR(39, (word), SIGMA0_temp3), \
156 SHA512_XOR(SIGMA0_temp2, SIGMA0_temp3, SIGMA0_temp4), \
157 SHA512_XOR(SIGMA0_temp1, SIGMA0_temp4, (ret)) )
158
159 /*
160 * SHA512_ROTR(14,word) ^ SHA512_ROTR(18,word) ^ SHA512_ROTR(41,word)
161 */
162 static uint32_t SIGMA1_temp1[2], SIGMA1_temp2[2],
163 SIGMA1_temp3[2], SIGMA1_temp4[2];
164 #define SHA512_SIGMA1(word, ret) ( \
165 SHA512_ROTR(14, (word), SIGMA1_temp1), \
166 SHA512_ROTR(18, (word), SIGMA1_temp2), \
167 SHA512_ROTR(41, (word), SIGMA1_temp3), \
168 SHA512_XOR(SIGMA1_temp2, SIGMA1_temp3, SIGMA1_temp4), \
169 SHA512_XOR(SIGMA1_temp1, SIGMA1_temp4, (ret)) )
170
171 /*
172 * (SHA512_ROTR( 1,word) ^ SHA512_ROTR( 8,word) ^ SHA512_SHR( 7,word))
173 */
174 static uint32_t sigma0_temp1[2], sigma0_temp2[2],
175 sigma0_temp3[2], sigma0_temp4[2];
176 #define SHA512_sigma0(word, ret) ( \
177 SHA512_ROTR( 1, (word), sigma0_temp1), \
178 SHA512_ROTR( 8, (word), sigma0_temp2), \
179 SHA512_SHR( 7, (word), sigma0_temp3), \
180 SHA512_XOR(sigma0_temp2, sigma0_temp3, sigma0_temp4), \
181 SHA512_XOR(sigma0_temp1, sigma0_temp4, (ret)) )
182
183 /*
184 * (SHA512_ROTR(19,word) ^ SHA512_ROTR(61,word) ^ SHA512_SHR( 6,word))
185 */
186 static uint32_t sigma1_temp1[2], sigma1_temp2[2],
187 sigma1_temp3[2], sigma1_temp4[2];
188 #define SHA512_sigma1(word, ret) ( \
189 SHA512_ROTR(19, (word), sigma1_temp1), \
190 SHA512_ROTR(61, (word), sigma1_temp2), \
191 SHA512_SHR( 6, (word), sigma1_temp3), \
192 SHA512_XOR(sigma1_temp2, sigma1_temp3, sigma1_temp4), \
193 SHA512_XOR(sigma1_temp1, sigma1_temp4, (ret)) )
194
195 #ifndef USE_MODIFIED_MACROS
196 /*
197 * These definitions are the ones used in FIPS 180-3, section 4.1.3
198 * Ch(x,y,z) ((x & y) ^ (~x & z))
199 */
200 static uint32_t Ch_temp1[2], Ch_temp2[2], Ch_temp3[2];
201 #define SHA_Ch(x, y, z, ret) ( \
202 SHA512_AND(x, y, Ch_temp1), \
203 SHA512_TILDA(x, Ch_temp2), \
204 SHA512_AND(Ch_temp2, z, Ch_temp3), \
205 SHA512_XOR(Ch_temp1, Ch_temp3, (ret)) )
206
207 /*
208 * Maj(x,y,z) (((x)&(y)) ^ ((x)&(z)) ^ ((y)&(z)))
209 */
210 static uint32_t Maj_temp1[2], Maj_temp2[2],
211 Maj_temp3[2], Maj_temp4[2];
212 #define SHA_Maj(x, y, z, ret) ( \
213 SHA512_AND(x, y, Maj_temp1), \
214 SHA512_AND(x, z, Maj_temp2), \
215 SHA512_AND(y, z, Maj_temp3), \
216 SHA512_XOR(Maj_temp2, Maj_temp3, Maj_temp4), \
217 SHA512_XOR(Maj_temp1, Maj_temp4, (ret)) )
218 #else /* !USE_MODIFIED_MACROS */
219 /*
220 * These definitions are potentially faster equivalents for the ones
221 * used in FIPS 180-3, section 4.1.3.
222 * ((x & y) ^ (~x & z)) becomes
223 * ((x & (y ^ z)) ^ z)
224 */
225 #define SHA_Ch(x, y, z, ret) ( \
226 (ret)[0] = (((x)[0] & ((y)[0] ^ (z)[0])) ^ (z)[0]), \
227 (ret)[1] = (((x)[1] & ((y)[1] ^ (z)[1])) ^ (z)[1]) )
228
229 /*
230 * ((x & y) ^ (x & z) ^ (y & z)) becomes
231 * ((x & (y | z)) | (y & z))
232 */
233 #define SHA_Maj(x, y, z, ret) ( \
234 ret[0] = (((x)[0] & ((y)[0] | (z)[0])) | ((y)[0] & (z)[0])), \
235 ret[1] = (((x)[1] & ((y)[1] | (z)[1])) | ((y)[1] & (z)[1])) )
236 #endif /* USE_MODIFIED_MACROS */
237
238 /*
239 * Add "length" to the length.
240 * Set Corrupted when overflow has occurred.
241 */
242 static uint32_t addTemp[4] = { 0, 0, 0, 0 };
243 #define SHA384_512AddLength(context, length) ( \
244 addTemp[3] = (length), SHA512_ADDTO4((context)->Length, addTemp), \
245 (context)->Corrupted = (((context)->Length[3] < (length)) && \
246 ((context)->Length[2] == 0) && ((context)->Length[1] == 0) && \
247 ((context)->Length[0] == 0)) ? shaInputTooLong : \
248 (context)->Corrupted )
249
250 /* Local Function Prototypes */
251 static int SHA384_512Reset(SHA512Context *context,
252 uint32_t H0[SHA512HashSize/4]);
253 static void SHA384_512ProcessMessageBlock(SHA512Context *context);
254 static void SHA384_512Finalize(SHA512Context *context,
255 uint8_t Pad_Byte);
256 static void SHA384_512PadMessage(SHA512Context *context,
257 uint8_t Pad_Byte);
258 static int SHA384_512ResultN( SHA512Context *context,
259 uint8_t Message_Digest[ ], int HashSize);
260
261 /* Initial Hash Values: FIPS 180-3 sections 5.3.4 and 5.3.5 */
262 static uint32_t SHA384_H0[SHA512HashSize/4] = {
263 0xCBBB9D5D, 0xC1059ED8, 0x629A292A, 0x367CD507, 0x9159015A,
264 0x3070DD17, 0x152FECD8, 0xF70E5939, 0x67332667, 0xFFC00B31,
265 0x8EB44A87, 0x68581511, 0xDB0C2E0D, 0x64F98FA7, 0x47B5481D,
266 0xBEFA4FA4
267 };
268 static uint32_t SHA512_H0[SHA512HashSize/4] = {
269 0x6A09E667, 0xF3BCC908, 0xBB67AE85, 0x84CAA73B, 0x3C6EF372,
270 0xFE94F82B, 0xA54FF53A, 0x5F1D36F1, 0x510E527F, 0xADE682D1,
271 0x9B05688C, 0x2B3E6C1F, 0x1F83D9AB, 0xFB41BD6B, 0x5BE0CD19,
272 0x137E2179
273 };
274
275 #else /* !USE_32BIT_ONLY */
276
277 #include "sha-private.h"
278
279 /* Define the SHA shift, rotate left and rotate right macros */
280 #define SHA512_SHR(bits,word) (((uint64_t)(word)) >> (bits))
281 #define SHA512_ROTR(bits,word) ((((uint64_t)(word)) >> (bits)) | \
282 (((uint64_t)(word)) << (64-(bits))))
283
284 /*
285 * Define the SHA SIGMA and sigma macros
286 *
287 * SHA512_ROTR(28,word) ^ SHA512_ROTR(34,word) ^ SHA512_ROTR(39,word)
288 */
289 #define SHA512_SIGMA0(word) \
290 (SHA512_ROTR(28,word) ^ SHA512_ROTR(34,word) ^ SHA512_ROTR(39,word))
291 #define SHA512_SIGMA1(word) \
292 (SHA512_ROTR(14,word) ^ SHA512_ROTR(18,word) ^ SHA512_ROTR(41,word))
293 #define SHA512_sigma0(word) \
294 (SHA512_ROTR( 1,word) ^ SHA512_ROTR( 8,word) ^ SHA512_SHR( 7,word))
295 #define SHA512_sigma1(word) \
296 (SHA512_ROTR(19,word) ^ SHA512_ROTR(61,word) ^ SHA512_SHR( 6,word))
297
298 /*
299 * Add "length" to the length.
300 * Set Corrupted when overflow has occurred.
301 */
302 static uint64_t addTemp;
303 #define SHA384_512AddLength(context, length) \
304 (addTemp = context->Length_Low, context->Corrupted = \
305 ((context->Length_Low += length) < addTemp) && \
306 (++context->Length_High == 0) ? shaInputTooLong : \
307 (context)->Corrupted)
308
309 /* Local Function Prototypes */
310 static int SHA384_512Reset(SHA512Context *context,
311 uint64_t H0[SHA512HashSize/8]);
312 static void SHA384_512ProcessMessageBlock(SHA512Context *context);
313 static void SHA384_512Finalize(SHA512Context *context,
314 uint8_t Pad_Byte);
315 static void SHA384_512PadMessage(SHA512Context *context,
316 uint8_t Pad_Byte);
317 static int SHA384_512ResultN(SHA512Context *context,
318 uint8_t Message_Digest[ ], int HashSize);
319
320 /* Initial Hash Values: FIPS 180-3 sections 5.3.4 and 5.3.5 */
321 static uint64_t SHA384_H0[ ] = {
322 0xCBBB9D5DC1059ED8ll, 0x629A292A367CD507ll, 0x9159015A3070DD17ll,
323 0x152FECD8F70E5939ll, 0x67332667FFC00B31ll, 0x8EB44A8768581511ll,
324 0xDB0C2E0D64F98FA7ll, 0x47B5481DBEFA4FA4ll
325 };
326 static uint64_t SHA512_H0[ ] = {
327 0x6A09E667F3BCC908ll, 0xBB67AE8584CAA73Bll, 0x3C6EF372FE94F82Bll,
328 0xA54FF53A5F1D36F1ll, 0x510E527FADE682D1ll, 0x9B05688C2B3E6C1Fll,
329 0x1F83D9ABFB41BD6Bll, 0x5BE0CD19137E2179ll
330 };
331
332 #endif /* USE_32BIT_ONLY */
333
334 /*
335 * SHA384Reset
336 *
337 * Description:
338 * This function will initialize the SHA384Context in preparation
339 * for computing a new SHA384 message digest.
340 *
341 * Parameters:
342 * context: [in/out]
343 * The context to reset.
344 *
345 * Returns:
346 * sha Error Code.
347 *
348 */
349 int SHA384Reset(SHA384Context *context)
350 {
351 return SHA384_512Reset(context, SHA384_H0);
352 }
353
354 /*
355 * SHA384Input
356 *
357 * Description:
358 * This function accepts an array of octets as the next portion
359 * of the message.
360 *
361 * Parameters:
362 * context: [in/out]
363 * The SHA context to update.
364 * message_array[ ]: [in]
365 * An array of octets representing the next portion of
366 * the message.
367 * length: [in]
368 * The length of the message in message_array.
369 *
370 * Returns:
371 * sha Error Code.
372 *
373 */
374 int SHA384Input(SHA384Context *context,
375 const uint8_t *message_array, unsigned int length)
376 {
377 return SHA512Input(context, message_array, length);
378 }
379
380 /*
381 * SHA384FinalBits
382 *
383 * Description:
384 * This function will add in any final bits of the message.
385 *
386 * Parameters:
387 * context: [in/out]
388 * The SHA context to update.
389 * message_bits: [in]
390 * The final bits of the message, in the upper portion of the
391 * byte. (Use 0b###00000 instead of 0b00000### to input the
392 * three bits ###.)
393 * length: [in]
394 * The number of bits in message_bits, between 1 and 7.
395 *
396 * Returns:
397 * sha Error Code.
398 *
399 */
400 int SHA384FinalBits(SHA384Context *context,
401 uint8_t message_bits, unsigned int length)
402 {
403 return SHA512FinalBits(context, message_bits, length);
404 }
405
406 /*
407 * SHA384Result
408 *
409 * Description:
410 * This function will return the 384-bit message digest
411 * into the Message_Digest array provided by the caller.
412 * NOTE:
413 * The first octet of hash is stored in the element with index 0,
414 * the last octet of hash in the element with index 47.
415 *
416 * Parameters:
417 * context: [in/out]
418 * The context to use to calculate the SHA hash.
419 * Message_Digest[ ]: [out]
420 * Where the digest is returned.
421 *
422 * Returns:
423 * sha Error Code.
424 *
425 */
426 int SHA384Result(SHA384Context *context,
427 uint8_t Message_Digest[SHA384HashSize])
428 {
429 return SHA384_512ResultN(context, Message_Digest, SHA384HashSize);
430 }
431
432 /*
433 * SHA512Reset
434 *
435 * Description:
436 * This function will initialize the SHA512Context in preparation
437 * for computing a new SHA512 message digest.
438 *
439 * Parameters:
440 * context: [in/out]
441 * The context to reset.
442 *
443 * Returns:
444 * sha Error Code.
445 *
446 */
447 int SHA512Reset(SHA512Context *context)
448 {
449 return SHA384_512Reset(context, SHA512_H0);
450 }
451
452 /*
453 * SHA512Input
454 *
455 * Description:
456 * This function accepts an array of octets as the next portion
457 * of the message.
458 *
459 * Parameters:
460 * context: [in/out]
461 * The SHA context to update.
462 * message_array[ ]: [in]
463 * An array of octets representing the next portion of
464 * the message.
465 * length: [in]
466 * The length of the message in message_array.
467 *
468 * Returns:
469 * sha Error Code.
470 *
471 */
472 int SHA512Input(SHA512Context *context,
473 const uint8_t *message_array,
474 unsigned int length)
475 {
476 if (!context) return shaNull;
477 if (!length) return shaSuccess;
478 if (!message_array) return shaNull;
479 if (context->Computed) return context->Corrupted = shaStateError;
480 if (context->Corrupted) return context->Corrupted;
481
482 while (length--) {
483 context->Message_Block[context->Message_Block_Index++] =
484 *message_array;
485
486 if ((SHA384_512AddLength(context, 8) == shaSuccess) &&
487 (context->Message_Block_Index == SHA512_Message_Block_Size))
488 SHA384_512ProcessMessageBlock(context);
489
490 message_array++;
491 }
492
493 return context->Corrupted;
494 }
495
496 /*
497 * SHA512FinalBits
498 *
499 * Description:
500 * This function will add in any final bits of the message.
501 *
502 * Parameters:
503 * context: [in/out]
504 * The SHA context to update.
505 * message_bits: [in]
506 * The final bits of the message, in the upper portion of the
507 * byte. (Use 0b###00000 instead of 0b00000### to input the
508 * three bits ###.)
509 * length: [in]
510 * The number of bits in message_bits, between 1 and 7.
511 *
512 * Returns:
513 * sha Error Code.
514 *
515 */
516 int SHA512FinalBits(SHA512Context *context,
517 uint8_t message_bits, unsigned int length)
518 {
519 static uint8_t masks[8] = {
520 /* 0 0b00000000 */ 0x00, /* 1 0b10000000 */ 0x80,
521 /* 2 0b11000000 */ 0xC0, /* 3 0b11100000 */ 0xE0,
522 /* 4 0b11110000 */ 0xF0, /* 5 0b11111000 */ 0xF8,
523 /* 6 0b11111100 */ 0xFC, /* 7 0b11111110 */ 0xFE
524 };
525 static uint8_t markbit[8] = {
526 /* 0 0b10000000 */ 0x80, /* 1 0b01000000 */ 0x40,
527 /* 2 0b00100000 */ 0x20, /* 3 0b00010000 */ 0x10,
528 /* 4 0b00001000 */ 0x08, /* 5 0b00000100 */ 0x04,
529 /* 6 0b00000010 */ 0x02, /* 7 0b00000001 */ 0x01
530 };
531
532 if (!context) return shaNull;
533 if (!length) return shaSuccess;
534 if (context->Corrupted) return context->Corrupted;
535 if (context->Computed) return context->Corrupted = shaStateError;
536 if (length >= 8) return context->Corrupted = shaBadParam;
537
538 SHA384_512AddLength(context, length);
539 SHA384_512Finalize(context, (uint8_t)
540 ((message_bits & masks[length]) | markbit[length]));
541
542 return context->Corrupted;
543 }
544
545 /*
546 * SHA512Result
547 *
548 * Description:
549 * This function will return the 512-bit message digest
550 * into the Message_Digest array provided by the caller.
551 * NOTE:
552 * The first octet of hash is stored in the element with index 0,
553 * the last octet of hash in the element with index 63.
554 *
555 * Parameters:
556 * context: [in/out]
557 * The context to use to calculate the SHA hash.
558 * Message_Digest[ ]: [out]
559 * Where the digest is returned.
560 *
561 * Returns:
562 * sha Error Code.
563 *
564 */
565 int SHA512Result(SHA512Context *context,
566 uint8_t Message_Digest[SHA512HashSize])
567 {
568 return SHA384_512ResultN(context, Message_Digest, SHA512HashSize);
569 }
570
571 /*
572 * SHA384_512Reset
573 *
574 * Description:
575 * This helper function will initialize the SHA512Context in
576 * preparation for computing a new SHA384 or SHA512 message
577 * digest.
578 *
579 * Parameters:
580 * context: [in/out]
581 * The context to reset.
582 * H0[ ]: [in]
583 * The initial hash value array to use.
584 *
585 * Returns:
586 * sha Error Code.
587 *
588 */
589 #ifdef USE_32BIT_ONLY
590 static int SHA384_512Reset(SHA512Context *context,
591 uint32_t H0[SHA512HashSize/4])
592 #else /* !USE_32BIT_ONLY */
593 static int SHA384_512Reset(SHA512Context *context,
594 uint64_t H0[SHA512HashSize/8])
595 #endif /* USE_32BIT_ONLY */
596 {
597 int i;
598 if (!context) return shaNull;
599 context->Message_Block_Index = 0;
600
601 #ifdef USE_32BIT_ONLY
602 context->Length[0] = context->Length[1] =
603 context->Length[2] = context->Length[3] = 0;
604
605 for (i = 0; i < SHA512HashSize/4; i++)
606 context->Intermediate_Hash[i] = H0[i];
607 #else /* !USE_32BIT_ONLY */
608 context->Length_High = context->Length_Low = 0;
609
610 for (i = 0; i < SHA512HashSize/8; i++)
611 context->Intermediate_Hash[i] = H0[i];
612 #endif /* USE_32BIT_ONLY */
613
614 context->Computed = 0;
615 context->Corrupted = shaSuccess;
616
617 return shaSuccess;
618 }
619
620 /*
621 * SHA384_512ProcessMessageBlock
622 *
623 * Description:
624 * This helper function will process the next 1024 bits of the
625 * message stored in the Message_Block array.
626 *
627 * Parameters:
628 * context: [in/out]
629 * The SHA context to update.
630 *
631 * Returns:
632 * Nothing.
633 *
634 * Comments:
635 * Many of the variable names in this code, especially the
636 * single character names, were used because those were the
637 * names used in the Secure Hash Standard.
638 *
639 *
640 */
641 static void SHA384_512ProcessMessageBlock(SHA512Context *context)
642 {
643 #ifdef USE_32BIT_ONLY
644 /* Constants defined in FIPS 180-3, section 4.2.3 */
645 static const uint32_t K[80*2] = {
646 0x428A2F98, 0xD728AE22, 0x71374491, 0x23EF65CD, 0xB5C0FBCF,
647 0xEC4D3B2F, 0xE9B5DBA5, 0x8189DBBC, 0x3956C25B, 0xF348B538,
648 0x59F111F1, 0xB605D019, 0x923F82A4, 0xAF194F9B, 0xAB1C5ED5,
649 0xDA6D8118, 0xD807AA98, 0xA3030242, 0x12835B01, 0x45706FBE,
650 0x243185BE, 0x4EE4B28C, 0x550C7DC3, 0xD5FFB4E2, 0x72BE5D74,
651 0xF27B896F, 0x80DEB1FE, 0x3B1696B1, 0x9BDC06A7, 0x25C71235,
652 0xC19BF174, 0xCF692694, 0xE49B69C1, 0x9EF14AD2, 0xEFBE4786,
653 0x384F25E3, 0x0FC19DC6, 0x8B8CD5B5, 0x240CA1CC, 0x77AC9C65,
654 0x2DE92C6F, 0x592B0275, 0x4A7484AA, 0x6EA6E483, 0x5CB0A9DC,
655 0xBD41FBD4, 0x76F988DA, 0x831153B5, 0x983E5152, 0xEE66DFAB,
656 0xA831C66D, 0x2DB43210, 0xB00327C8, 0x98FB213F, 0xBF597FC7,
657 0xBEEF0EE4, 0xC6E00BF3, 0x3DA88FC2, 0xD5A79147, 0x930AA725,
658 0x06CA6351, 0xE003826F, 0x14292967, 0x0A0E6E70, 0x27B70A85,
659 0x46D22FFC, 0x2E1B2138, 0x5C26C926, 0x4D2C6DFC, 0x5AC42AED,
660 0x53380D13, 0x9D95B3DF, 0x650A7354, 0x8BAF63DE, 0x766A0ABB,
661 0x3C77B2A8, 0x81C2C92E, 0x47EDAEE6, 0x92722C85, 0x1482353B,
662 0xA2BFE8A1, 0x4CF10364, 0xA81A664B, 0xBC423001, 0xC24B8B70,
663 0xD0F89791, 0xC76C51A3, 0x0654BE30, 0xD192E819, 0xD6EF5218,
664 0xD6990624, 0x5565A910, 0xF40E3585, 0x5771202A, 0x106AA070,
665 0x32BBD1B8, 0x19A4C116, 0xB8D2D0C8, 0x1E376C08, 0x5141AB53,
666 0x2748774C, 0xDF8EEB99, 0x34B0BCB5, 0xE19B48A8, 0x391C0CB3,
667 0xC5C95A63, 0x4ED8AA4A, 0xE3418ACB, 0x5B9CCA4F, 0x7763E373,
668 0x682E6FF3, 0xD6B2B8A3, 0x748F82EE, 0x5DEFB2FC, 0x78A5636F,
669 0x43172F60, 0x84C87814, 0xA1F0AB72, 0x8CC70208, 0x1A6439EC,
670 0x90BEFFFA, 0x23631E28, 0xA4506CEB, 0xDE82BDE9, 0xBEF9A3F7,
671 0xB2C67915, 0xC67178F2, 0xE372532B, 0xCA273ECE, 0xEA26619C,
672 0xD186B8C7, 0x21C0C207, 0xEADA7DD6, 0xCDE0EB1E, 0xF57D4F7F,
673 0xEE6ED178, 0x06F067AA, 0x72176FBA, 0x0A637DC5, 0xA2C898A6,
674 0x113F9804, 0xBEF90DAE, 0x1B710B35, 0x131C471B, 0x28DB77F5,
675 0x23047D84, 0x32CAAB7B, 0x40C72493, 0x3C9EBE0A, 0x15C9BEBC,
676 0x431D67C4, 0x9C100D4C, 0x4CC5D4BE, 0xCB3E42B6, 0x597F299C,
677 0xFC657E2A, 0x5FCB6FAB, 0x3AD6FAEC, 0x6C44198C, 0x4A475817
678 };
679 int t, t2, t8; /* Loop counter */
680 uint32_t temp1[2], temp2[2], /* Temporary word values */
681 temp3[2], temp4[2], temp5[2];
682 uint32_t W[2*80]; /* Word sequence. Security review: Location L6a */
683 uint32_t A[2], B[2], C[2], D[2], /* Word buffers */
684 E[2], F[2], G[2], H[2];
685
686 /* Initialize the first 16 words in the array W */
687 for (t = t2 = t8 = 0; t < 16; t++, t8 += 8) {
688 W[t2++] = ((((uint32_t)context->Message_Block[t8 ])) << 24) |
689 ((((uint32_t)context->Message_Block[t8 + 1])) << 16) |
690 ((((uint32_t)context->Message_Block[t8 + 2])) << 8) |
691 ((((uint32_t)context->Message_Block[t8 + 3])));
692 W[t2++] = ((((uint32_t)context->Message_Block[t8 + 4])) << 24) |
693 ((((uint32_t)context->Message_Block[t8 + 5])) << 16) |
694 ((((uint32_t)context->Message_Block[t8 + 6])) << 8) |
695 ((((uint32_t)context->Message_Block[t8 + 7])));
696 }
697
698 for (t = 16; t < 80; t++, t2 += 2) {
699 /* W[t] = SHA512_sigma1(W[t-2]) + W[t-7] +
700 SHA512_sigma0(W[t-15]) + W[t-16]; */
701 uint32_t *Wt2 = &W[t2-2*2];
702 uint32_t *Wt7 = &W[t2-7*2];
703 uint32_t *Wt15 = &W[t2-15*2];
704 uint32_t *Wt16 = &W[t2-16*2];
705 SHA512_sigma1(Wt2, temp1);
706 SHA512_ADD(temp1, Wt7, temp2);
707 SHA512_sigma0(Wt15, temp1);
708 SHA512_ADD(temp1, Wt16, temp3);
709 SHA512_ADD(temp2, temp3, &W[t2]);
710 }
711
712 A[0] = context->Intermediate_Hash[0];
713 A[1] = context->Intermediate_Hash[1];
714 B[0] = context->Intermediate_Hash[2];
715 B[1] = context->Intermediate_Hash[3];
716 C[0] = context->Intermediate_Hash[4];
717 C[1] = context->Intermediate_Hash[5];
718 D[0] = context->Intermediate_Hash[6];
719 D[1] = context->Intermediate_Hash[7];
720 E[0] = context->Intermediate_Hash[8];
721 E[1] = context->Intermediate_Hash[9];
722 F[0] = context->Intermediate_Hash[10];
723 F[1] = context->Intermediate_Hash[11];
724 G[0] = context->Intermediate_Hash[12];
725 G[1] = context->Intermediate_Hash[13];
726 H[0] = context->Intermediate_Hash[14];
727 H[1] = context->Intermediate_Hash[15];
728
729 for (t = t2 = 0; t < 80; t++, t2 += 2) {
730 /*
731 * temp1 = H + SHA512_SIGMA1(E) + SHA_Ch(E,F,G) + K[t] + W[t];
732 */
733 SHA512_SIGMA1(E,temp1);
734 SHA512_ADD(H, temp1, temp2);
735 SHA_Ch(E,F,G,temp3);
736 SHA512_ADD(temp2, temp3, temp4);
737 SHA512_ADD(&K[t2], &W[t2], temp5);
738 SHA512_ADD(temp4, temp5, temp1);
739 /*
740 * temp2 = SHA512_SIGMA0(A) + SHA_Maj(A,B,C);
741 */
742 SHA512_SIGMA0(A,temp3);
743 SHA_Maj(A,B,C,temp4);
744 SHA512_ADD(temp3, temp4, temp2);
745 H[0] = G[0]; H[1] = G[1];
746 G[0] = F[0]; G[1] = F[1];
747 F[0] = E[0]; F[1] = E[1];
748 SHA512_ADD(D, temp1, E);
749 D[0] = C[0]; D[1] = C[1];
750 C[0] = B[0]; C[1] = B[1];
751 B[0] = A[0]; B[1] = A[1];
752 SHA512_ADD(temp1, temp2, A);
753 }
754
755 cl_clear_secret((void *) W, sizeof(W), sizeof(W));
756
757 SHA512_ADDTO2(&context->Intermediate_Hash[0], A);
758 SHA512_ADDTO2(&context->Intermediate_Hash[2], B);
759 SHA512_ADDTO2(&context->Intermediate_Hash[4], C);
760 SHA512_ADDTO2(&context->Intermediate_Hash[6], D);
761 SHA512_ADDTO2(&context->Intermediate_Hash[8], E);
762 SHA512_ADDTO2(&context->Intermediate_Hash[10], F);
763 SHA512_ADDTO2(&context->Intermediate_Hash[12], G);
764 SHA512_ADDTO2(&context->Intermediate_Hash[14], H);
765
766 #else /* !USE_32BIT_ONLY */
767 /* Constants defined in FIPS 180-3, section 4.2.3 */
768 static const uint64_t K[80] = {
769 0x428A2F98D728AE22ll, 0x7137449123EF65CDll, 0xB5C0FBCFEC4D3B2Fll,
770 0xE9B5DBA58189DBBCll, 0x3956C25BF348B538ll, 0x59F111F1B605D019ll,
771 0x923F82A4AF194F9Bll, 0xAB1C5ED5DA6D8118ll, 0xD807AA98A3030242ll,
772 0x12835B0145706FBEll, 0x243185BE4EE4B28Cll, 0x550C7DC3D5FFB4E2ll,
773 0x72BE5D74F27B896Fll, 0x80DEB1FE3B1696B1ll, 0x9BDC06A725C71235ll,
774 0xC19BF174CF692694ll, 0xE49B69C19EF14AD2ll, 0xEFBE4786384F25E3ll,
775 0x0FC19DC68B8CD5B5ll, 0x240CA1CC77AC9C65ll, 0x2DE92C6F592B0275ll,
776 0x4A7484AA6EA6E483ll, 0x5CB0A9DCBD41FBD4ll, 0x76F988DA831153B5ll,
777 0x983E5152EE66DFABll, 0xA831C66D2DB43210ll, 0xB00327C898FB213Fll,
778 0xBF597FC7BEEF0EE4ll, 0xC6E00BF33DA88FC2ll, 0xD5A79147930AA725ll,
779 0x06CA6351E003826Fll, 0x142929670A0E6E70ll, 0x27B70A8546D22FFCll,
780 0x2E1B21385C26C926ll, 0x4D2C6DFC5AC42AEDll, 0x53380D139D95B3DFll,
781 0x650A73548BAF63DEll, 0x766A0ABB3C77B2A8ll, 0x81C2C92E47EDAEE6ll,
782 0x92722C851482353Bll, 0xA2BFE8A14CF10364ll, 0xA81A664BBC423001ll,
783 0xC24B8B70D0F89791ll, 0xC76C51A30654BE30ll, 0xD192E819D6EF5218ll,
784 0xD69906245565A910ll, 0xF40E35855771202All, 0x106AA07032BBD1B8ll,
785 0x19A4C116B8D2D0C8ll, 0x1E376C085141AB53ll, 0x2748774CDF8EEB99ll,
786 0x34B0BCB5E19B48A8ll, 0x391C0CB3C5C95A63ll, 0x4ED8AA4AE3418ACBll,
787 0x5B9CCA4F7763E373ll, 0x682E6FF3D6B2B8A3ll, 0x748F82EE5DEFB2FCll,
788 0x78A5636F43172F60ll, 0x84C87814A1F0AB72ll, 0x8CC702081A6439ECll,
789 0x90BEFFFA23631E28ll, 0xA4506CEBDE82BDE9ll, 0xBEF9A3F7B2C67915ll,
790 0xC67178F2E372532Bll, 0xCA273ECEEA26619Cll, 0xD186B8C721C0C207ll,
791 0xEADA7DD6CDE0EB1Ell, 0xF57D4F7FEE6ED178ll, 0x06F067AA72176FBAll,
792 0x0A637DC5A2C898A6ll, 0x113F9804BEF90DAEll, 0x1B710B35131C471Bll,
793 0x28DB77F523047D84ll, 0x32CAAB7B40C72493ll, 0x3C9EBE0A15C9BEBCll,
794 0x431D67C49C100D4Cll, 0x4CC5D4BECB3E42B6ll, 0x597F299CFC657E2All,
795 0x5FCB6FAB3AD6FAECll, 0x6C44198C4A475817ll
796 };
797 int t, t8; /* Loop counter */
798 uint64_t temp1, temp2; /* Temporary word value */
799 uint64_t W[80]; /* Word sequence. Security review: Location L6b */
800 uint64_t A, B, C, D, E, F, G, H; /* Word buffers */
801
802 /*
803 * Initialize the first 16 words in the array W
804 */
805 for (t = t8 = 0; t < 16; t++, t8 += 8)
806 W[t] = ((uint64_t)(context->Message_Block[t8 ]) << 56) |
807 ((uint64_t)(context->Message_Block[t8 + 1]) << 48) |
808 ((uint64_t)(context->Message_Block[t8 + 2]) << 40) |
809 ((uint64_t)(context->Message_Block[t8 + 3]) << 32) |
810 ((uint64_t)(context->Message_Block[t8 + 4]) << 24) |
811 ((uint64_t)(context->Message_Block[t8 + 5]) << 16) |
812 ((uint64_t)(context->Message_Block[t8 + 6]) << 8) |
813 ((uint64_t)(context->Message_Block[t8 + 7]));
814
815 for (t = 16; t < 80; t++)
816 W[t] = SHA512_sigma1(W[t-2]) + W[t-7] +
817 SHA512_sigma0(W[t-15]) + W[t-16];
818 A = context->Intermediate_Hash[0];
819 B = context->Intermediate_Hash[1];
820 C = context->Intermediate_Hash[2];
821 D = context->Intermediate_Hash[3];
822 E = context->Intermediate_Hash[4];
823 F = context->Intermediate_Hash[5];
824 G = context->Intermediate_Hash[6];
825 H = context->Intermediate_Hash[7];
826
827 for (t = 0; t < 80; t++) {
828 temp1 = H + SHA512_SIGMA1(E) + SHA_Ch(E,F,G) + K[t] + W[t];
829 temp2 = SHA512_SIGMA0(A) + SHA_Maj(A,B,C);
830 H = G;
831 G = F;
832 F = E;
833 E = D + temp1;
834 D = C;
835 C = B;
836 B = A;
837 A = temp1 + temp2;
838 }
839
840 cl_clear_secret((void *) W, sizeof(W), sizeof(W));
841
842 context->Intermediate_Hash[0] += A;
843 context->Intermediate_Hash[1] += B;
844 context->Intermediate_Hash[2] += C;
845 context->Intermediate_Hash[3] += D;
846 context->Intermediate_Hash[4] += E;
847 context->Intermediate_Hash[5] += F;
848 context->Intermediate_Hash[6] += G;
849 context->Intermediate_Hash[7] += H;
850 #endif /* USE_32BIT_ONLY */
851
852 context->Message_Block_Index = 0;
853 }
854
855 /*
856 * SHA384_512Finalize
857 *
858 * Description:
859 * This helper function finishes off the digest calculations.
860 *
861 * Parameters:
862 * context: [in/out]
863 * The SHA context to update.
864 * Pad_Byte: [in]
865 * The last byte to add to the message block before the 0-padding
866 * and length. This will contain the last bits of the message
867 * followed by another single bit. If the message was an
868 * exact multiple of 8-bits long, Pad_Byte will be 0x80.
869 *
870 * Returns:
871 * sha Error Code.
872 *
873 */
874 static void SHA384_512Finalize(SHA512Context *context,
875 uint8_t Pad_Byte)
876 {
877 int_least16_t i;
878 SHA384_512PadMessage(context, Pad_Byte);
879 /* message may be sensitive, clear it out */
880 for (i = 0; i < SHA512_Message_Block_Size; ++i)
881 context->Message_Block[i] = 0;
882 #ifdef USE_32BIT_ONLY /* and clear length */
883 context->Length[0] = context->Length[1] = 0;
884 context->Length[2] = context->Length[3] = 0;
885 #else /* !USE_32BIT_ONLY */
886 context->Length_High = context->Length_Low = 0;
887 #endif /* USE_32BIT_ONLY */
888 context->Computed = 1;
889 }
890
891 /*
892 * SHA384_512PadMessage
893 *
894 * Description:
895 * According to the standard, the message must be padded to the next
896 * even multiple of 1024 bits. The first padding bit must be a '1'.
897 * The last 128 bits represent the length of the original message.
898 * All bits in between should be 0. This helper function will
899 * pad the message according to those rules by filling the
900 * Message_Block array accordingly. When it returns, it can be
901 * assumed that the message digest has been computed.
902 *
903 * Parameters:
904 * context: [in/out]
905 * The context to pad.
906 * Pad_Byte: [in]
907 * The last byte to add to the message block before the 0-padding
908 * and length. This will contain the last bits of the message
909 * followed by another single bit. If the message was an
910 * exact multiple of 8-bits long, Pad_Byte will be 0x80.
911 *
912 * Returns:
913 * Nothing.
914 *
915 */
916 static void SHA384_512PadMessage(SHA512Context *context,
917 uint8_t Pad_Byte)
918 {
919 /*
920 * Check to see if the current message block is too small to hold
921 * the initial padding bits and length. If so, we will pad the
922 * block, process it, and then continue padding into a second
923 * block.
924 */
925 if (context->Message_Block_Index >= (SHA512_Message_Block_Size-16)) {
926 context->Message_Block[context->Message_Block_Index++] = Pad_Byte;
927 while (context->Message_Block_Index < SHA512_Message_Block_Size)
928 context->Message_Block[context->Message_Block_Index++] = 0;
929
930 SHA384_512ProcessMessageBlock(context);
931 } else
932 context->Message_Block[context->Message_Block_Index++] = Pad_Byte;
933
934 while (context->Message_Block_Index < (SHA512_Message_Block_Size-16))
935 context->Message_Block[context->Message_Block_Index++] = 0;
936
937 /*
938 * Store the message length as the last 16 octets
939 */
940 #ifdef USE_32BIT_ONLY
941 context->Message_Block[112] = (uint8_t)(context->Length[0] >> 24);
942 context->Message_Block[113] = (uint8_t)(context->Length[0] >> 16);
943 context->Message_Block[114] = (uint8_t)(context->Length[0] >> 8);
944 context->Message_Block[115] = (uint8_t)(context->Length[0]);
945 context->Message_Block[116] = (uint8_t)(context->Length[1] >> 24);
946 context->Message_Block[117] = (uint8_t)(context->Length[1] >> 16);
947 context->Message_Block[118] = (uint8_t)(context->Length[1] >> 8);
948 context->Message_Block[119] = (uint8_t)(context->Length[1]);
949
950 context->Message_Block[120] = (uint8_t)(context->Length[2] >> 24);
951 context->Message_Block[121] = (uint8_t)(context->Length[2] >> 16);
952 context->Message_Block[122] = (uint8_t)(context->Length[2] >> 8);
953 context->Message_Block[123] = (uint8_t)(context->Length[2]);
954 context->Message_Block[124] = (uint8_t)(context->Length[3] >> 24);
955 context->Message_Block[125] = (uint8_t)(context->Length[3] >> 16);
956 context->Message_Block[126] = (uint8_t)(context->Length[3] >> 8);
957 context->Message_Block[127] = (uint8_t)(context->Length[3]);
958 #else /* !USE_32BIT_ONLY */
959 context->Message_Block[112] = (uint8_t)(context->Length_High >> 56);
960 context->Message_Block[113] = (uint8_t)(context->Length_High >> 48);
961 context->Message_Block[114] = (uint8_t)(context->Length_High >> 40);
962 context->Message_Block[115] = (uint8_t)(context->Length_High >> 32);
963 context->Message_Block[116] = (uint8_t)(context->Length_High >> 24);
964 context->Message_Block[117] = (uint8_t)(context->Length_High >> 16);
965 context->Message_Block[118] = (uint8_t)(context->Length_High >> 8);
966 context->Message_Block[119] = (uint8_t)(context->Length_High);
967
968 context->Message_Block[120] = (uint8_t)(context->Length_Low >> 56);
969 context->Message_Block[121] = (uint8_t)(context->Length_Low >> 48);
970 context->Message_Block[122] = (uint8_t)(context->Length_Low >> 40);
971 context->Message_Block[123] = (uint8_t)(context->Length_Low >> 32);
972 context->Message_Block[124] = (uint8_t)(context->Length_Low >> 24);
973 context->Message_Block[125] = (uint8_t)(context->Length_Low >> 16);
974 context->Message_Block[126] = (uint8_t)(context->Length_Low >> 8);
975 context->Message_Block[127] = (uint8_t)(context->Length_Low);
976 #endif /* USE_32BIT_ONLY */
977
978 SHA384_512ProcessMessageBlock(context);
979 }
980
981 /*
982 * SHA384_512ResultN
983 *
984 * Description:
985 * This helper function will return the 384-bit or 512-bit message
986 * digest into the Message_Digest array provided by the caller.
987 * NOTE:
988 * The first octet of hash is stored in the element with index 0,
989 * the last octet of hash in the element with index 47/63.
990 *
991 * Parameters:
992 * context: [in/out]
993 * The context to use to calculate the SHA hash.
994 * Message_Digest[ ]: [out]
995 * Where the digest is returned.
996 * HashSize: [in]
997 * The size of the hash, either 48 or 64.
998 *
999 * Returns:
1000 * sha Error Code.
1001 *
1002 */
1003 static int SHA384_512ResultN(SHA512Context *context,
1004 uint8_t Message_Digest[ ], int HashSize)
1005 {
1006 int i;
1007 #ifdef USE_32BIT_ONLY
1008 int i2;
1009 #endif /* USE_32BIT_ONLY */
1010
1011 if (!context) return shaNull;
1012 if (!Message_Digest) return shaNull;
1013 if (context->Corrupted) return context->Corrupted;
1014
1015 if (!context->Computed)
1016 SHA384_512Finalize(context, 0x80);
1017
1018 #ifdef USE_32BIT_ONLY
1019 for (i = i2 = 0; i < HashSize; ) {
1020 Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2]>>24);
1021 Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2]>>16);
1022 Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2]>>8);
1023 Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2++]);
1024 Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2]>>24);
1025 Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2]>>16);
1026 Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2]>>8);
1027 Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2++]);
1028 }
1029 #else /* !USE_32BIT_ONLY */
1030 for (i = 0; i < HashSize; ++i)
1031 Message_Digest[i] = (uint8_t)
1032 (context->Intermediate_Hash[i>>3] >> 8 * ( 7 - ( i % 8 ) ));
1033 #endif /* USE_32BIT_ONLY */
1034
1035 return shaSuccess;
1036 }