1 /*
2  * FIPS 180-2 SHA-224/256/384/512 implementation
3  * Last update: 02/02/2007
4  * Issue date:  04/30/2005
5  *
6  * Since this code has been incorporated into a GPLv2 project, it is
7  * distributed under GPLv2 inside mmc-utils.  The original BSD license
8  * that the code was released under is included below for clarity.
9  *
10  * Copyright (C) 2005, 2007 Olivier Gay <olivier.gay@a3.epfl.ch>
11  * All rights reserved.
12  *
13  * Redistribution and use in source and binary forms, with or without
14  * modification, are permitted provided that the following conditions
15  * are met:
16  * 1. Redistributions of source code must retain the above copyright
17  *    notice, this list of conditions and the following disclaimer.
18  * 2. Redistributions in binary form must reproduce the above copyright
19  *    notice, this list of conditions and the following disclaimer in the
20  *    documentation and/or other materials provided with the distribution.
21  * 3. Neither the name of the project nor the names of its contributors
22  *    may be used to endorse or promote products derived from this software
23  *    without specific prior written permission.
24  *
25  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
26  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
27  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
28  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
29  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
30  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
31  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
32  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
33  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
34  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35  * SUCH DAMAGE.
36  */
37 
38 #if 0
39 #define UNROLL_LOOPS /* Enable loops unrolling */
40 #endif
41 
42 #include <string.h>
43 
44 #include "sha2.h"
45 
46 #define SHFR(x, n)    (x >> n)
47 #define ROTR(x, n)   ((x >> n) | (x << ((sizeof(x) << 3) - n)))
48 #define ROTL(x, n)   ((x << n) | (x >> ((sizeof(x) << 3) - n)))
49 #define CH(x, y, z)  ((x & y) ^ (~x & z))
50 #define MAJ(x, y, z) ((x & y) ^ (x & z) ^ (y & z))
51 
52 #define SHA256_F1(x) (ROTR(x,  2) ^ ROTR(x, 13) ^ ROTR(x, 22))
53 #define SHA256_F2(x) (ROTR(x,  6) ^ ROTR(x, 11) ^ ROTR(x, 25))
54 #define SHA256_F3(x) (ROTR(x,  7) ^ ROTR(x, 18) ^ SHFR(x,  3))
55 #define SHA256_F4(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ SHFR(x, 10))
56 
57 #define SHA512_F1(x) (ROTR(x, 28) ^ ROTR(x, 34) ^ ROTR(x, 39))
58 #define SHA512_F2(x) (ROTR(x, 14) ^ ROTR(x, 18) ^ ROTR(x, 41))
59 #define SHA512_F3(x) (ROTR(x,  1) ^ ROTR(x,  8) ^ SHFR(x,  7))
60 #define SHA512_F4(x) (ROTR(x, 19) ^ ROTR(x, 61) ^ SHFR(x,  6))
61 
62 #define UNPACK32(x, str)                      \
63 {                                             \
64     *((str) + 3) = (uint8) ((x)      );       \
65     *((str) + 2) = (uint8) ((x) >>  8);       \
66     *((str) + 1) = (uint8) ((x) >> 16);       \
67     *((str) + 0) = (uint8) ((x) >> 24);       \
68 }
69 
70 #define PACK32(str, x)                        \
71 {                                             \
72     *(x) =   ((uint32) *((str) + 3)      )    \
73            | ((uint32) *((str) + 2) <<  8)    \
74            | ((uint32) *((str) + 1) << 16)    \
75            | ((uint32) *((str) + 0) << 24);   \
76 }
77 
78 #define UNPACK64(x, str)                      \
79 {                                             \
80     *((str) + 7) = (uint8) ((x)      );       \
81     *((str) + 6) = (uint8) ((x) >>  8);       \
82     *((str) + 5) = (uint8) ((x) >> 16);       \
83     *((str) + 4) = (uint8) ((x) >> 24);       \
84     *((str) + 3) = (uint8) ((x) >> 32);       \
85     *((str) + 2) = (uint8) ((x) >> 40);       \
86     *((str) + 1) = (uint8) ((x) >> 48);       \
87     *((str) + 0) = (uint8) ((x) >> 56);       \
88 }
89 
90 #define PACK64(str, x)                        \
91 {                                             \
92     *(x) =   ((uint64) *((str) + 7)      )    \
93            | ((uint64) *((str) + 6) <<  8)    \
94            | ((uint64) *((str) + 5) << 16)    \
95            | ((uint64) *((str) + 4) << 24)    \
96            | ((uint64) *((str) + 3) << 32)    \
97            | ((uint64) *((str) + 2) << 40)    \
98            | ((uint64) *((str) + 1) << 48)    \
99            | ((uint64) *((str) + 0) << 56);   \
100 }
101 
102 /* Macros used for loops unrolling */
103 
104 #define SHA256_SCR(i)                         \
105 {                                             \
106     w[i] =  SHA256_F4(w[i -  2]) + w[i -  7]  \
107           + SHA256_F3(w[i - 15]) + w[i - 16]; \
108 }
109 
110 #define SHA512_SCR(i)                         \
111 {                                             \
112     w[i] =  SHA512_F4(w[i -  2]) + w[i -  7]  \
113           + SHA512_F3(w[i - 15]) + w[i - 16]; \
114 }
115 
116 #define SHA256_EXP(a, b, c, d, e, f, g, h, j)               \
117 {                                                           \
118     t1 = wv[h] + SHA256_F2(wv[e]) + CH(wv[e], wv[f], wv[g]) \
119          + sha256_k[j] + w[j];                              \
120     t2 = SHA256_F1(wv[a]) + MAJ(wv[a], wv[b], wv[c]);       \
121     wv[d] += t1;                                            \
122     wv[h] = t1 + t2;                                        \
123 }
124 
125 #define SHA512_EXP(a, b, c, d, e, f, g ,h, j)               \
126 {                                                           \
127     t1 = wv[h] + SHA512_F2(wv[e]) + CH(wv[e], wv[f], wv[g]) \
128          + sha512_k[j] + w[j];                              \
129     t2 = SHA512_F1(wv[a]) + MAJ(wv[a], wv[b], wv[c]);       \
130     wv[d] += t1;                                            \
131     wv[h] = t1 + t2;                                        \
132 }
133 
134 uint32 sha224_h0[8] =
135             {0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939,
136              0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4};
137 
138 uint32 sha256_h0[8] =
139             {0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,
140              0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19};
141 
142 uint64 sha384_h0[8] =
143             {0xcbbb9d5dc1059ed8ULL, 0x629a292a367cd507ULL,
144              0x9159015a3070dd17ULL, 0x152fecd8f70e5939ULL,
145              0x67332667ffc00b31ULL, 0x8eb44a8768581511ULL,
146              0xdb0c2e0d64f98fa7ULL, 0x47b5481dbefa4fa4ULL};
147 
148 uint64 sha512_h0[8] =
149             {0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL,
150              0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL,
151              0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL,
152              0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL};
153 
154 uint32 sha256_k[64] =
155             {0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
156              0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
157              0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
158              0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
159              0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
160              0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
161              0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
162              0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
163              0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
164              0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
165              0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
166              0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
167              0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
168              0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
169              0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
170              0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2};
171 
172 uint64 sha512_k[80] =
173             {0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
174              0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
175              0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
176              0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
177              0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
178              0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
179              0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
180              0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
181              0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
182              0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
183              0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
184              0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
185              0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
186              0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
187              0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
188              0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
189              0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
190              0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
191              0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
192              0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
193              0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
194              0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
195              0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
196              0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
197              0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
198              0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
199              0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
200              0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
201              0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
202              0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
203              0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
204              0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
205              0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
206              0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
207              0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
208              0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
209              0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
210              0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
211              0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
212              0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL};
213 
214 /* SHA-256 functions */
215 
sha256_transf(sha256_ctx * ctx,const unsigned char * message,unsigned int block_nb)216 void sha256_transf(sha256_ctx *ctx, const unsigned char *message,
217                    unsigned int block_nb)
218 {
219     uint32 w[64];
220     uint32 wv[8];
221     uint32 t1, t2;
222     const unsigned char *sub_block;
223     int i;
224 
225 #ifndef UNROLL_LOOPS
226     int j;
227 #endif
228 
229     for (i = 0; i < (int) block_nb; i++) {
230         sub_block = message + (i << 6);
231 
232 #ifndef UNROLL_LOOPS
233         for (j = 0; j < 16; j++) {
234             PACK32(&sub_block[j << 2], &w[j]);
235         }
236 
237         for (j = 16; j < 64; j++) {
238             SHA256_SCR(j);
239         }
240 
241         for (j = 0; j < 8; j++) {
242             wv[j] = ctx->h[j];
243         }
244 
245         for (j = 0; j < 64; j++) {
246             t1 = wv[7] + SHA256_F2(wv[4]) + CH(wv[4], wv[5], wv[6])
247                 + sha256_k[j] + w[j];
248             t2 = SHA256_F1(wv[0]) + MAJ(wv[0], wv[1], wv[2]);
249             wv[7] = wv[6];
250             wv[6] = wv[5];
251             wv[5] = wv[4];
252             wv[4] = wv[3] + t1;
253             wv[3] = wv[2];
254             wv[2] = wv[1];
255             wv[1] = wv[0];
256             wv[0] = t1 + t2;
257         }
258 
259         for (j = 0; j < 8; j++) {
260             ctx->h[j] += wv[j];
261         }
262 #else
263         PACK32(&sub_block[ 0], &w[ 0]); PACK32(&sub_block[ 4], &w[ 1]);
264         PACK32(&sub_block[ 8], &w[ 2]); PACK32(&sub_block[12], &w[ 3]);
265         PACK32(&sub_block[16], &w[ 4]); PACK32(&sub_block[20], &w[ 5]);
266         PACK32(&sub_block[24], &w[ 6]); PACK32(&sub_block[28], &w[ 7]);
267         PACK32(&sub_block[32], &w[ 8]); PACK32(&sub_block[36], &w[ 9]);
268         PACK32(&sub_block[40], &w[10]); PACK32(&sub_block[44], &w[11]);
269         PACK32(&sub_block[48], &w[12]); PACK32(&sub_block[52], &w[13]);
270         PACK32(&sub_block[56], &w[14]); PACK32(&sub_block[60], &w[15]);
271 
272         SHA256_SCR(16); SHA256_SCR(17); SHA256_SCR(18); SHA256_SCR(19);
273         SHA256_SCR(20); SHA256_SCR(21); SHA256_SCR(22); SHA256_SCR(23);
274         SHA256_SCR(24); SHA256_SCR(25); SHA256_SCR(26); SHA256_SCR(27);
275         SHA256_SCR(28); SHA256_SCR(29); SHA256_SCR(30); SHA256_SCR(31);
276         SHA256_SCR(32); SHA256_SCR(33); SHA256_SCR(34); SHA256_SCR(35);
277         SHA256_SCR(36); SHA256_SCR(37); SHA256_SCR(38); SHA256_SCR(39);
278         SHA256_SCR(40); SHA256_SCR(41); SHA256_SCR(42); SHA256_SCR(43);
279         SHA256_SCR(44); SHA256_SCR(45); SHA256_SCR(46); SHA256_SCR(47);
280         SHA256_SCR(48); SHA256_SCR(49); SHA256_SCR(50); SHA256_SCR(51);
281         SHA256_SCR(52); SHA256_SCR(53); SHA256_SCR(54); SHA256_SCR(55);
282         SHA256_SCR(56); SHA256_SCR(57); SHA256_SCR(58); SHA256_SCR(59);
283         SHA256_SCR(60); SHA256_SCR(61); SHA256_SCR(62); SHA256_SCR(63);
284 
285         wv[0] = ctx->h[0]; wv[1] = ctx->h[1];
286         wv[2] = ctx->h[2]; wv[3] = ctx->h[3];
287         wv[4] = ctx->h[4]; wv[5] = ctx->h[5];
288         wv[6] = ctx->h[6]; wv[7] = ctx->h[7];
289 
290         SHA256_EXP(0,1,2,3,4,5,6,7, 0); SHA256_EXP(7,0,1,2,3,4,5,6, 1);
291         SHA256_EXP(6,7,0,1,2,3,4,5, 2); SHA256_EXP(5,6,7,0,1,2,3,4, 3);
292         SHA256_EXP(4,5,6,7,0,1,2,3, 4); SHA256_EXP(3,4,5,6,7,0,1,2, 5);
293         SHA256_EXP(2,3,4,5,6,7,0,1, 6); SHA256_EXP(1,2,3,4,5,6,7,0, 7);
294         SHA256_EXP(0,1,2,3,4,5,6,7, 8); SHA256_EXP(7,0,1,2,3,4,5,6, 9);
295         SHA256_EXP(6,7,0,1,2,3,4,5,10); SHA256_EXP(5,6,7,0,1,2,3,4,11);
296         SHA256_EXP(4,5,6,7,0,1,2,3,12); SHA256_EXP(3,4,5,6,7,0,1,2,13);
297         SHA256_EXP(2,3,4,5,6,7,0,1,14); SHA256_EXP(1,2,3,4,5,6,7,0,15);
298         SHA256_EXP(0,1,2,3,4,5,6,7,16); SHA256_EXP(7,0,1,2,3,4,5,6,17);
299         SHA256_EXP(6,7,0,1,2,3,4,5,18); SHA256_EXP(5,6,7,0,1,2,3,4,19);
300         SHA256_EXP(4,5,6,7,0,1,2,3,20); SHA256_EXP(3,4,5,6,7,0,1,2,21);
301         SHA256_EXP(2,3,4,5,6,7,0,1,22); SHA256_EXP(1,2,3,4,5,6,7,0,23);
302         SHA256_EXP(0,1,2,3,4,5,6,7,24); SHA256_EXP(7,0,1,2,3,4,5,6,25);
303         SHA256_EXP(6,7,0,1,2,3,4,5,26); SHA256_EXP(5,6,7,0,1,2,3,4,27);
304         SHA256_EXP(4,5,6,7,0,1,2,3,28); SHA256_EXP(3,4,5,6,7,0,1,2,29);
305         SHA256_EXP(2,3,4,5,6,7,0,1,30); SHA256_EXP(1,2,3,4,5,6,7,0,31);
306         SHA256_EXP(0,1,2,3,4,5,6,7,32); SHA256_EXP(7,0,1,2,3,4,5,6,33);
307         SHA256_EXP(6,7,0,1,2,3,4,5,34); SHA256_EXP(5,6,7,0,1,2,3,4,35);
308         SHA256_EXP(4,5,6,7,0,1,2,3,36); SHA256_EXP(3,4,5,6,7,0,1,2,37);
309         SHA256_EXP(2,3,4,5,6,7,0,1,38); SHA256_EXP(1,2,3,4,5,6,7,0,39);
310         SHA256_EXP(0,1,2,3,4,5,6,7,40); SHA256_EXP(7,0,1,2,3,4,5,6,41);
311         SHA256_EXP(6,7,0,1,2,3,4,5,42); SHA256_EXP(5,6,7,0,1,2,3,4,43);
312         SHA256_EXP(4,5,6,7,0,1,2,3,44); SHA256_EXP(3,4,5,6,7,0,1,2,45);
313         SHA256_EXP(2,3,4,5,6,7,0,1,46); SHA256_EXP(1,2,3,4,5,6,7,0,47);
314         SHA256_EXP(0,1,2,3,4,5,6,7,48); SHA256_EXP(7,0,1,2,3,4,5,6,49);
315         SHA256_EXP(6,7,0,1,2,3,4,5,50); SHA256_EXP(5,6,7,0,1,2,3,4,51);
316         SHA256_EXP(4,5,6,7,0,1,2,3,52); SHA256_EXP(3,4,5,6,7,0,1,2,53);
317         SHA256_EXP(2,3,4,5,6,7,0,1,54); SHA256_EXP(1,2,3,4,5,6,7,0,55);
318         SHA256_EXP(0,1,2,3,4,5,6,7,56); SHA256_EXP(7,0,1,2,3,4,5,6,57);
319         SHA256_EXP(6,7,0,1,2,3,4,5,58); SHA256_EXP(5,6,7,0,1,2,3,4,59);
320         SHA256_EXP(4,5,6,7,0,1,2,3,60); SHA256_EXP(3,4,5,6,7,0,1,2,61);
321         SHA256_EXP(2,3,4,5,6,7,0,1,62); SHA256_EXP(1,2,3,4,5,6,7,0,63);
322 
323         ctx->h[0] += wv[0]; ctx->h[1] += wv[1];
324         ctx->h[2] += wv[2]; ctx->h[3] += wv[3];
325         ctx->h[4] += wv[4]; ctx->h[5] += wv[5];
326         ctx->h[6] += wv[6]; ctx->h[7] += wv[7];
327 #endif /* !UNROLL_LOOPS */
328     }
329 }
330 
sha256(const unsigned char * message,unsigned int len,unsigned char * digest)331 void sha256(const unsigned char *message, unsigned int len, unsigned char *digest)
332 {
333     sha256_ctx ctx;
334 
335     sha256_init(&ctx);
336     sha256_update(&ctx, message, len);
337     sha256_final(&ctx, digest);
338 }
339 
sha256_init(sha256_ctx * ctx)340 void sha256_init(sha256_ctx *ctx)
341 {
342 #ifndef UNROLL_LOOPS
343     int i;
344     for (i = 0; i < 8; i++) {
345         ctx->h[i] = sha256_h0[i];
346     }
347 #else
348     ctx->h[0] = sha256_h0[0]; ctx->h[1] = sha256_h0[1];
349     ctx->h[2] = sha256_h0[2]; ctx->h[3] = sha256_h0[3];
350     ctx->h[4] = sha256_h0[4]; ctx->h[5] = sha256_h0[5];
351     ctx->h[6] = sha256_h0[6]; ctx->h[7] = sha256_h0[7];
352 #endif /* !UNROLL_LOOPS */
353 
354     ctx->len = 0;
355     ctx->tot_len = 0;
356 }
357 
sha256_update(sha256_ctx * ctx,const unsigned char * message,unsigned int len)358 void sha256_update(sha256_ctx *ctx, const unsigned char *message,
359                    unsigned int len)
360 {
361     unsigned int block_nb;
362     unsigned int new_len, rem_len, tmp_len;
363     const unsigned char *shifted_message;
364 
365     tmp_len = SHA256_BLOCK_SIZE - ctx->len;
366     rem_len = len < tmp_len ? len : tmp_len;
367 
368     memcpy(&ctx->block[ctx->len], message, rem_len);
369 
370     if (ctx->len + len < SHA256_BLOCK_SIZE) {
371         ctx->len += len;
372         return;
373     }
374 
375     new_len = len - rem_len;
376     block_nb = new_len / SHA256_BLOCK_SIZE;
377 
378     shifted_message = message + rem_len;
379 
380     sha256_transf(ctx, ctx->block, 1);
381     sha256_transf(ctx, shifted_message, block_nb);
382 
383     rem_len = new_len % SHA256_BLOCK_SIZE;
384 
385     memcpy(ctx->block, &shifted_message[block_nb << 6],
386            rem_len);
387 
388     ctx->len = rem_len;
389     ctx->tot_len += (block_nb + 1) << 6;
390 }
391 
sha256_final(sha256_ctx * ctx,unsigned char * digest)392 void sha256_final(sha256_ctx *ctx, unsigned char *digest)
393 {
394     unsigned int block_nb;
395     unsigned int pm_len;
396     unsigned int len_b;
397 
398 #ifndef UNROLL_LOOPS
399     int i;
400 #endif
401 
402     block_nb = (1 + ((SHA256_BLOCK_SIZE - 9)
403                      < (ctx->len % SHA256_BLOCK_SIZE)));
404 
405     len_b = (ctx->tot_len + ctx->len) << 3;
406     pm_len = block_nb << 6;
407 
408     memset(ctx->block + ctx->len, 0, pm_len - ctx->len);
409     ctx->block[ctx->len] = 0x80;
410     UNPACK32(len_b, ctx->block + pm_len - 4);
411 
412     sha256_transf(ctx, ctx->block, block_nb);
413 
414 #ifndef UNROLL_LOOPS
415     for (i = 0 ; i < 8; i++) {
416         UNPACK32(ctx->h[i], &digest[i << 2]);
417     }
418 #else
419    UNPACK32(ctx->h[0], &digest[ 0]);
420    UNPACK32(ctx->h[1], &digest[ 4]);
421    UNPACK32(ctx->h[2], &digest[ 8]);
422    UNPACK32(ctx->h[3], &digest[12]);
423    UNPACK32(ctx->h[4], &digest[16]);
424    UNPACK32(ctx->h[5], &digest[20]);
425    UNPACK32(ctx->h[6], &digest[24]);
426    UNPACK32(ctx->h[7], &digest[28]);
427 #endif /* !UNROLL_LOOPS */
428 }
429 
430 /* SHA-512 functions */
431 
sha512_transf(sha512_ctx * ctx,const unsigned char * message,unsigned int block_nb)432 void sha512_transf(sha512_ctx *ctx, const unsigned char *message,
433                    unsigned int block_nb)
434 {
435     uint64 w[80];
436     uint64 wv[8];
437     uint64 t1, t2;
438     const unsigned char *sub_block;
439     int i, j;
440 
441     for (i = 0; i < (int) block_nb; i++) {
442         sub_block = message + (i << 7);
443 
444 #ifndef UNROLL_LOOPS
445         for (j = 0; j < 16; j++) {
446             PACK64(&sub_block[j << 3], &w[j]);
447         }
448 
449         for (j = 16; j < 80; j++) {
450             SHA512_SCR(j);
451         }
452 
453         for (j = 0; j < 8; j++) {
454             wv[j] = ctx->h[j];
455         }
456 
457         for (j = 0; j < 80; j++) {
458             t1 = wv[7] + SHA512_F2(wv[4]) + CH(wv[4], wv[5], wv[6])
459                 + sha512_k[j] + w[j];
460             t2 = SHA512_F1(wv[0]) + MAJ(wv[0], wv[1], wv[2]);
461             wv[7] = wv[6];
462             wv[6] = wv[5];
463             wv[5] = wv[4];
464             wv[4] = wv[3] + t1;
465             wv[3] = wv[2];
466             wv[2] = wv[1];
467             wv[1] = wv[0];
468             wv[0] = t1 + t2;
469         }
470 
471         for (j = 0; j < 8; j++) {
472             ctx->h[j] += wv[j];
473         }
474 #else
475         PACK64(&sub_block[  0], &w[ 0]); PACK64(&sub_block[  8], &w[ 1]);
476         PACK64(&sub_block[ 16], &w[ 2]); PACK64(&sub_block[ 24], &w[ 3]);
477         PACK64(&sub_block[ 32], &w[ 4]); PACK64(&sub_block[ 40], &w[ 5]);
478         PACK64(&sub_block[ 48], &w[ 6]); PACK64(&sub_block[ 56], &w[ 7]);
479         PACK64(&sub_block[ 64], &w[ 8]); PACK64(&sub_block[ 72], &w[ 9]);
480         PACK64(&sub_block[ 80], &w[10]); PACK64(&sub_block[ 88], &w[11]);
481         PACK64(&sub_block[ 96], &w[12]); PACK64(&sub_block[104], &w[13]);
482         PACK64(&sub_block[112], &w[14]); PACK64(&sub_block[120], &w[15]);
483 
484         SHA512_SCR(16); SHA512_SCR(17); SHA512_SCR(18); SHA512_SCR(19);
485         SHA512_SCR(20); SHA512_SCR(21); SHA512_SCR(22); SHA512_SCR(23);
486         SHA512_SCR(24); SHA512_SCR(25); SHA512_SCR(26); SHA512_SCR(27);
487         SHA512_SCR(28); SHA512_SCR(29); SHA512_SCR(30); SHA512_SCR(31);
488         SHA512_SCR(32); SHA512_SCR(33); SHA512_SCR(34); SHA512_SCR(35);
489         SHA512_SCR(36); SHA512_SCR(37); SHA512_SCR(38); SHA512_SCR(39);
490         SHA512_SCR(40); SHA512_SCR(41); SHA512_SCR(42); SHA512_SCR(43);
491         SHA512_SCR(44); SHA512_SCR(45); SHA512_SCR(46); SHA512_SCR(47);
492         SHA512_SCR(48); SHA512_SCR(49); SHA512_SCR(50); SHA512_SCR(51);
493         SHA512_SCR(52); SHA512_SCR(53); SHA512_SCR(54); SHA512_SCR(55);
494         SHA512_SCR(56); SHA512_SCR(57); SHA512_SCR(58); SHA512_SCR(59);
495         SHA512_SCR(60); SHA512_SCR(61); SHA512_SCR(62); SHA512_SCR(63);
496         SHA512_SCR(64); SHA512_SCR(65); SHA512_SCR(66); SHA512_SCR(67);
497         SHA512_SCR(68); SHA512_SCR(69); SHA512_SCR(70); SHA512_SCR(71);
498         SHA512_SCR(72); SHA512_SCR(73); SHA512_SCR(74); SHA512_SCR(75);
499         SHA512_SCR(76); SHA512_SCR(77); SHA512_SCR(78); SHA512_SCR(79);
500 
501         wv[0] = ctx->h[0]; wv[1] = ctx->h[1];
502         wv[2] = ctx->h[2]; wv[3] = ctx->h[3];
503         wv[4] = ctx->h[4]; wv[5] = ctx->h[5];
504         wv[6] = ctx->h[6]; wv[7] = ctx->h[7];
505 
506         j = 0;
507 
508         do {
509             SHA512_EXP(0,1,2,3,4,5,6,7,j); j++;
510             SHA512_EXP(7,0,1,2,3,4,5,6,j); j++;
511             SHA512_EXP(6,7,0,1,2,3,4,5,j); j++;
512             SHA512_EXP(5,6,7,0,1,2,3,4,j); j++;
513             SHA512_EXP(4,5,6,7,0,1,2,3,j); j++;
514             SHA512_EXP(3,4,5,6,7,0,1,2,j); j++;
515             SHA512_EXP(2,3,4,5,6,7,0,1,j); j++;
516             SHA512_EXP(1,2,3,4,5,6,7,0,j); j++;
517         } while (j < 80);
518 
519         ctx->h[0] += wv[0]; ctx->h[1] += wv[1];
520         ctx->h[2] += wv[2]; ctx->h[3] += wv[3];
521         ctx->h[4] += wv[4]; ctx->h[5] += wv[5];
522         ctx->h[6] += wv[6]; ctx->h[7] += wv[7];
523 #endif /* !UNROLL_LOOPS */
524     }
525 }
526 
sha512(const unsigned char * message,unsigned int len,unsigned char * digest)527 void sha512(const unsigned char *message, unsigned int len,
528             unsigned char *digest)
529 {
530     sha512_ctx ctx;
531 
532     sha512_init(&ctx);
533     sha512_update(&ctx, message, len);
534     sha512_final(&ctx, digest);
535 }
536 
sha512_init(sha512_ctx * ctx)537 void sha512_init(sha512_ctx *ctx)
538 {
539 #ifndef UNROLL_LOOPS
540     int i;
541     for (i = 0; i < 8; i++) {
542         ctx->h[i] = sha512_h0[i];
543     }
544 #else
545     ctx->h[0] = sha512_h0[0]; ctx->h[1] = sha512_h0[1];
546     ctx->h[2] = sha512_h0[2]; ctx->h[3] = sha512_h0[3];
547     ctx->h[4] = sha512_h0[4]; ctx->h[5] = sha512_h0[5];
548     ctx->h[6] = sha512_h0[6]; ctx->h[7] = sha512_h0[7];
549 #endif /* !UNROLL_LOOPS */
550 
551     ctx->len = 0;
552     ctx->tot_len = 0;
553 }
554 
sha512_update(sha512_ctx * ctx,const unsigned char * message,unsigned int len)555 void sha512_update(sha512_ctx *ctx, const unsigned char *message,
556                    unsigned int len)
557 {
558     unsigned int block_nb;
559     unsigned int new_len, rem_len, tmp_len;
560     const unsigned char *shifted_message;
561 
562     tmp_len = SHA512_BLOCK_SIZE - ctx->len;
563     rem_len = len < tmp_len ? len : tmp_len;
564 
565     memcpy(&ctx->block[ctx->len], message, rem_len);
566 
567     if (ctx->len + len < SHA512_BLOCK_SIZE) {
568         ctx->len += len;
569         return;
570     }
571 
572     new_len = len - rem_len;
573     block_nb = new_len / SHA512_BLOCK_SIZE;
574 
575     shifted_message = message + rem_len;
576 
577     sha512_transf(ctx, ctx->block, 1);
578     sha512_transf(ctx, shifted_message, block_nb);
579 
580     rem_len = new_len % SHA512_BLOCK_SIZE;
581 
582     memcpy(ctx->block, &shifted_message[block_nb << 7],
583            rem_len);
584 
585     ctx->len = rem_len;
586     ctx->tot_len += (block_nb + 1) << 7;
587 }
588 
sha512_final(sha512_ctx * ctx,unsigned char * digest)589 void sha512_final(sha512_ctx *ctx, unsigned char *digest)
590 {
591     unsigned int block_nb;
592     unsigned int pm_len;
593     unsigned int len_b;
594 
595 #ifndef UNROLL_LOOPS
596     int i;
597 #endif
598 
599     block_nb = 1 + ((SHA512_BLOCK_SIZE - 17)
600                      < (ctx->len % SHA512_BLOCK_SIZE));
601 
602     len_b = (ctx->tot_len + ctx->len) << 3;
603     pm_len = block_nb << 7;
604 
605     memset(ctx->block + ctx->len, 0, pm_len - ctx->len);
606     ctx->block[ctx->len] = 0x80;
607     UNPACK32(len_b, ctx->block + pm_len - 4);
608 
609     sha512_transf(ctx, ctx->block, block_nb);
610 
611 #ifndef UNROLL_LOOPS
612     for (i = 0 ; i < 8; i++) {
613         UNPACK64(ctx->h[i], &digest[i << 3]);
614     }
615 #else
616     UNPACK64(ctx->h[0], &digest[ 0]);
617     UNPACK64(ctx->h[1], &digest[ 8]);
618     UNPACK64(ctx->h[2], &digest[16]);
619     UNPACK64(ctx->h[3], &digest[24]);
620     UNPACK64(ctx->h[4], &digest[32]);
621     UNPACK64(ctx->h[5], &digest[40]);
622     UNPACK64(ctx->h[6], &digest[48]);
623     UNPACK64(ctx->h[7], &digest[56]);
624 #endif /* !UNROLL_LOOPS */
625 }
626 
627 /* SHA-384 functions */
628 
sha384(const unsigned char * message,unsigned int len,unsigned char * digest)629 void sha384(const unsigned char *message, unsigned int len,
630             unsigned char *digest)
631 {
632     sha384_ctx ctx;
633 
634     sha384_init(&ctx);
635     sha384_update(&ctx, message, len);
636     sha384_final(&ctx, digest);
637 }
638 
sha384_init(sha384_ctx * ctx)639 void sha384_init(sha384_ctx *ctx)
640 {
641 #ifndef UNROLL_LOOPS
642     int i;
643     for (i = 0; i < 8; i++) {
644         ctx->h[i] = sha384_h0[i];
645     }
646 #else
647     ctx->h[0] = sha384_h0[0]; ctx->h[1] = sha384_h0[1];
648     ctx->h[2] = sha384_h0[2]; ctx->h[3] = sha384_h0[3];
649     ctx->h[4] = sha384_h0[4]; ctx->h[5] = sha384_h0[5];
650     ctx->h[6] = sha384_h0[6]; ctx->h[7] = sha384_h0[7];
651 #endif /* !UNROLL_LOOPS */
652 
653     ctx->len = 0;
654     ctx->tot_len = 0;
655 }
656 
sha384_update(sha384_ctx * ctx,const unsigned char * message,unsigned int len)657 void sha384_update(sha384_ctx *ctx, const unsigned char *message,
658                    unsigned int len)
659 {
660     unsigned int block_nb;
661     unsigned int new_len, rem_len, tmp_len;
662     const unsigned char *shifted_message;
663 
664     tmp_len = SHA384_BLOCK_SIZE - ctx->len;
665     rem_len = len < tmp_len ? len : tmp_len;
666 
667     memcpy(&ctx->block[ctx->len], message, rem_len);
668 
669     if (ctx->len + len < SHA384_BLOCK_SIZE) {
670         ctx->len += len;
671         return;
672     }
673 
674     new_len = len - rem_len;
675     block_nb = new_len / SHA384_BLOCK_SIZE;
676 
677     shifted_message = message + rem_len;
678 
679     sha512_transf(ctx, ctx->block, 1);
680     sha512_transf(ctx, shifted_message, block_nb);
681 
682     rem_len = new_len % SHA384_BLOCK_SIZE;
683 
684     memcpy(ctx->block, &shifted_message[block_nb << 7],
685            rem_len);
686 
687     ctx->len = rem_len;
688     ctx->tot_len += (block_nb + 1) << 7;
689 }
690 
sha384_final(sha384_ctx * ctx,unsigned char * digest)691 void sha384_final(sha384_ctx *ctx, unsigned char *digest)
692 {
693     unsigned int block_nb;
694     unsigned int pm_len;
695     unsigned int len_b;
696 
697 #ifndef UNROLL_LOOPS
698     int i;
699 #endif
700 
701     block_nb = (1 + ((SHA384_BLOCK_SIZE - 17)
702                      < (ctx->len % SHA384_BLOCK_SIZE)));
703 
704     len_b = (ctx->tot_len + ctx->len) << 3;
705     pm_len = block_nb << 7;
706 
707     memset(ctx->block + ctx->len, 0, pm_len - ctx->len);
708     ctx->block[ctx->len] = 0x80;
709     UNPACK32(len_b, ctx->block + pm_len - 4);
710 
711     sha512_transf(ctx, ctx->block, block_nb);
712 
713 #ifndef UNROLL_LOOPS
714     for (i = 0 ; i < 6; i++) {
715         UNPACK64(ctx->h[i], &digest[i << 3]);
716     }
717 #else
718     UNPACK64(ctx->h[0], &digest[ 0]);
719     UNPACK64(ctx->h[1], &digest[ 8]);
720     UNPACK64(ctx->h[2], &digest[16]);
721     UNPACK64(ctx->h[3], &digest[24]);
722     UNPACK64(ctx->h[4], &digest[32]);
723     UNPACK64(ctx->h[5], &digest[40]);
724 #endif /* !UNROLL_LOOPS */
725 }
726 
727 /* SHA-224 functions */
728 
sha224(const unsigned char * message,unsigned int len,unsigned char * digest)729 void sha224(const unsigned char *message, unsigned int len,
730             unsigned char *digest)
731 {
732     sha224_ctx ctx;
733 
734     sha224_init(&ctx);
735     sha224_update(&ctx, message, len);
736     sha224_final(&ctx, digest);
737 }
738 
sha224_init(sha224_ctx * ctx)739 void sha224_init(sha224_ctx *ctx)
740 {
741 #ifndef UNROLL_LOOPS
742     int i;
743     for (i = 0; i < 8; i++) {
744         ctx->h[i] = sha224_h0[i];
745     }
746 #else
747     ctx->h[0] = sha224_h0[0]; ctx->h[1] = sha224_h0[1];
748     ctx->h[2] = sha224_h0[2]; ctx->h[3] = sha224_h0[3];
749     ctx->h[4] = sha224_h0[4]; ctx->h[5] = sha224_h0[5];
750     ctx->h[6] = sha224_h0[6]; ctx->h[7] = sha224_h0[7];
751 #endif /* !UNROLL_LOOPS */
752 
753     ctx->len = 0;
754     ctx->tot_len = 0;
755 }
756 
sha224_update(sha224_ctx * ctx,const unsigned char * message,unsigned int len)757 void sha224_update(sha224_ctx *ctx, const unsigned char *message,
758                    unsigned int len)
759 {
760     unsigned int block_nb;
761     unsigned int new_len, rem_len, tmp_len;
762     const unsigned char *shifted_message;
763 
764     tmp_len = SHA224_BLOCK_SIZE - ctx->len;
765     rem_len = len < tmp_len ? len : tmp_len;
766 
767     memcpy(&ctx->block[ctx->len], message, rem_len);
768 
769     if (ctx->len + len < SHA224_BLOCK_SIZE) {
770         ctx->len += len;
771         return;
772     }
773 
774     new_len = len - rem_len;
775     block_nb = new_len / SHA224_BLOCK_SIZE;
776 
777     shifted_message = message + rem_len;
778 
779     sha256_transf(ctx, ctx->block, 1);
780     sha256_transf(ctx, shifted_message, block_nb);
781 
782     rem_len = new_len % SHA224_BLOCK_SIZE;
783 
784     memcpy(ctx->block, &shifted_message[block_nb << 6],
785            rem_len);
786 
787     ctx->len = rem_len;
788     ctx->tot_len += (block_nb + 1) << 6;
789 }
790 
sha224_final(sha224_ctx * ctx,unsigned char * digest)791 void sha224_final(sha224_ctx *ctx, unsigned char *digest)
792 {
793     unsigned int block_nb;
794     unsigned int pm_len;
795     unsigned int len_b;
796 
797 #ifndef UNROLL_LOOPS
798     int i;
799 #endif
800 
801     block_nb = (1 + ((SHA224_BLOCK_SIZE - 9)
802                      < (ctx->len % SHA224_BLOCK_SIZE)));
803 
804     len_b = (ctx->tot_len + ctx->len) << 3;
805     pm_len = block_nb << 6;
806 
807     memset(ctx->block + ctx->len, 0, pm_len - ctx->len);
808     ctx->block[ctx->len] = 0x80;
809     UNPACK32(len_b, ctx->block + pm_len - 4);
810 
811     sha256_transf(ctx, ctx->block, block_nb);
812 
813 #ifndef UNROLL_LOOPS
814     for (i = 0 ; i < 7; i++) {
815         UNPACK32(ctx->h[i], &digest[i << 2]);
816     }
817 #else
818    UNPACK32(ctx->h[0], &digest[ 0]);
819    UNPACK32(ctx->h[1], &digest[ 4]);
820    UNPACK32(ctx->h[2], &digest[ 8]);
821    UNPACK32(ctx->h[3], &digest[12]);
822    UNPACK32(ctx->h[4], &digest[16]);
823    UNPACK32(ctx->h[5], &digest[20]);
824    UNPACK32(ctx->h[6], &digest[24]);
825 #endif /* !UNROLL_LOOPS */
826 }
827 
828 #ifdef TEST_VECTORS
829 
830 /* FIPS 180-2 Validation tests */
831 
832 #include <stdio.h>
833 #include <stdlib.h>
834 
test(const char * vector,unsigned char * digest,unsigned int digest_size)835 void test(const char *vector, unsigned char *digest,
836           unsigned int digest_size)
837 {
838     char output[2 * SHA512_DIGEST_SIZE + 1];
839     int i;
840 
841     output[2 * digest_size] = '\0';
842 
843     for (i = 0; i < (int) digest_size ; i++) {
844        sprintf(output + 2 * i, "%02x", digest[i]);
845     }
846 
847     printf("H: %s\n", output);
848     if (strcmp(vector, output)) {
849         fprintf(stderr, "Test failed.\n");
850         exit(EXIT_FAILURE);
851     }
852 }
853 
main(void)854 int main(void)
855 {
856     static const char *vectors[4][3] =
857     {   /* SHA-224 */
858         {
859         "23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7",
860         "75388b16512776cc5dba5da1fd890150b0c6455cb4f58b1952522525",
861         "20794655980c91d8bbb4c1ea97618a4bf03f42581948b2ee4ee7ad67",
862         },
863         /* SHA-256 */
864         {
865         "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad",
866         "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1",
867         "cdc76e5c9914fb9281a1c7e284d73e67f1809a48a497200e046d39ccc7112cd0",
868         },
869         /* SHA-384 */
870         {
871         "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed"
872         "8086072ba1e7cc2358baeca134c825a7",
873         "09330c33f71147e83d192fc782cd1b4753111b173b3b05d22fa08086e3b0f712"
874         "fcc7c71a557e2db966c3e9fa91746039",
875         "9d0e1809716474cb086e834e310a4a1ced149e9c00f248527972cec5704c2a5b"
876         "07b8b3dc38ecc4ebae97ddd87f3d8985",
877         },
878         /* SHA-512 */
879         {
880         "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a"
881         "2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f",
882         "8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018"
883         "501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909",
884         "e718483d0ce769644e2e42c7bc15b4638e1f98b13b2044285632a803afa973eb"
885         "de0ff244877ea60a4cb0432ce577c31beb009c5c2c49aa2e4eadb217ad8cc09b"
886         }
887     };
888 
889     static const char message1[] = "abc";
890     static const char message2a[] = "abcdbcdecdefdefgefghfghighijhi"
891                                     "jkijkljklmklmnlmnomnopnopq";
892     static const char message2b[] = "abcdefghbcdefghicdefghijdefghijkefghij"
893                                     "klfghijklmghijklmnhijklmnoijklmnopjklm"
894                                     "nopqklmnopqrlmnopqrsmnopqrstnopqrstu";
895     unsigned char *message3;
896     unsigned int message3_len = 1000000;
897     unsigned char digest[SHA512_DIGEST_SIZE];
898 
899     message3 = malloc(message3_len);
900     if (message3 == NULL) {
901         fprintf(stderr, "Can't allocate memory\n");
902         return -1;
903     }
904     memset(message3, 'a', message3_len);
905 
906     printf("SHA-2 FIPS 180-2 Validation tests\n\n");
907     printf("SHA-224 Test vectors\n");
908 
909     sha224((const unsigned char *) message1, strlen(message1), digest);
910     test(vectors[0][0], digest, SHA224_DIGEST_SIZE);
911     sha224((const unsigned char *) message2a, strlen(message2a), digest);
912     test(vectors[0][1], digest, SHA224_DIGEST_SIZE);
913     sha224(message3, message3_len, digest);
914     test(vectors[0][2], digest, SHA224_DIGEST_SIZE);
915     printf("\n");
916 
917     printf("SHA-256 Test vectors\n");
918 
919     sha256((const unsigned char *) message1, strlen(message1), digest);
920     test(vectors[1][0], digest, SHA256_DIGEST_SIZE);
921     sha256((const unsigned char *) message2a, strlen(message2a), digest);
922     test(vectors[1][1], digest, SHA256_DIGEST_SIZE);
923     sha256(message3, message3_len, digest);
924     test(vectors[1][2], digest, SHA256_DIGEST_SIZE);
925     printf("\n");
926 
927     printf("SHA-384 Test vectors\n");
928 
929     sha384((const unsigned char *) message1, strlen(message1), digest);
930     test(vectors[2][0], digest, SHA384_DIGEST_SIZE);
931     sha384((const unsigned char *)message2b, strlen(message2b), digest);
932     test(vectors[2][1], digest, SHA384_DIGEST_SIZE);
933     sha384(message3, message3_len, digest);
934     test(vectors[2][2], digest, SHA384_DIGEST_SIZE);
935     printf("\n");
936 
937     printf("SHA-512 Test vectors\n");
938 
939     sha512((const unsigned char *) message1, strlen(message1), digest);
940     test(vectors[3][0], digest, SHA512_DIGEST_SIZE);
941     sha512((const unsigned char *) message2b, strlen(message2b), digest);
942     test(vectors[3][1], digest, SHA512_DIGEST_SIZE);
943     sha512(message3, message3_len, digest);
944     test(vectors[3][2], digest, SHA512_DIGEST_SIZE);
945     printf("\n");
946 
947     printf("All tests passed.\n");
948 
949     return 0;
950 }
951 
952 #endif /* TEST_VECTORS */
953 
954