1 files changed, 300 insertions, 0 deletions
diff --git a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hash_sha256.c b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hash_sha256.c
new file mode 100644
index 00000000..2fddc126
--- /dev/null
+++ b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hash_sha256.c
@@ -0,0 +1,300 @@
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+#ifdef  VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
+/*-
+ * Copyright 2005,2007,2009 Colin Percival
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+//#include "api.h"
+#include "crypto_hash_sha256.h"
+#include "utils.h"
+#include <sys/types.h>
+#include <limits.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+/* Avoid namespace collisions with BSD <sys/endian.h>. */
+#define be32dec _sha256_be32dec
+#define be32enc _sha256_be32enc
+static inline uint32_t
+be32dec(const void *pp)
+{
+    const uint8_t *p = (uint8_t const *)pp;
+    return ((uint32_t)(p[3]) + ((uint32_t)(p[2]) << 8) +
+            ((uint32_t)(p[1]) << 16) + ((uint32_t)(p[0]) << 24));
+}
+static inline void
+be32enc(void *pp, uint32_t x)
+{
+    uint8_t * p = (uint8_t *)pp;
+    p[3] = x & 0xff;
+    p[2] = (x >> 8) & 0xff;
+    p[1] = (x >> 16) & 0xff;
+    p[0] = (x >> 24) & 0xff;
+}
+static void
+be32enc_vect(unsigned char *dst, const uint32_t *src, size_t len)
+{
+    size_t i;
+    for (i = 0; i < len / 4; i++) {
+        be32enc(dst + i * 4, src[i]);
+    }
+}
+static void
+be32dec_vect(uint32_t *dst, const unsigned char *src, size_t len)
+{
+    size_t i;
+    for (i = 0; i < len / 4; i++) {
+        dst[i] = be32dec(src + i * 4);
+    }
+}
+#define Ch(x, y, z)     ((x & (y ^ z)) ^ z)
+#define Maj(x, y, z)    ((x & (y | z)) | (y & z))
+#define SHR(x, n)       (x >> n)
+#define ROTR(x, n)      ((x >> n) | (x << (32 - n)))
+#define S0(x)           (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22))
+#define S1(x)           (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25))
+#define s0(x)           (ROTR(x, 7) ^ ROTR(x, 18) ^ SHR(x, 3))
+#define s1(x)           (ROTR(x, 17) ^ ROTR(x, 19) ^ SHR(x, 10))
+#define RND(a, b, c, d, e, f, g, h, k)              \
+    t0 = h + S1(e) + Ch(e, f, g) + k;               \
+    t1 = S0(a) + Maj(a, b, c);                      \
+    d += t0;                                        \
+    h  = t0 + t1;
+#define RNDr(S, W, i, k)                    \
+    RND(S[(64 - i) % 8], S[(65 - i) % 8],   \
+        S[(66 - i) % 8], S[(67 - i) % 8],   \
+        S[(68 - i) % 8], S[(69 - i) % 8],   \
+        S[(70 - i) % 8], S[(71 - i) % 8],   \
+        W[i] + k)
+static void
+SHA256_Transform(uint32_t *state, const unsigned char block[64])
+{
+    uint32_t W[64];
+    uint32_t S[8];
+    uint32_t t0, t1;
+    int i;
+    be32dec_vect(W, block, 64);
+    for (i = 16; i < 64; i++) {
+        W[i] = s1(W[i - 2]) + W[i - 7] + s0(W[i - 15]) + W[i - 16];
+    }
+    memcpy(S, state, 32);
+    RNDr(S, W, 0, 0x428a2f98);
+    RNDr(S, W, 1, 0x71374491);
+    RNDr(S, W, 2, 0xb5c0fbcf);
+    RNDr(S, W, 3, 0xe9b5dba5);
+    RNDr(S, W, 4, 0x3956c25b);
+    RNDr(S, W, 5, 0x59f111f1);
+    RNDr(S, W, 6, 0x923f82a4);
+    RNDr(S, W, 7, 0xab1c5ed5);
+    RNDr(S, W, 8, 0xd807aa98);
+    RNDr(S, W, 9, 0x12835b01);
+    RNDr(S, W, 10, 0x243185be);
+    RNDr(S, W, 11, 0x550c7dc3);
+    RNDr(S, W, 12, 0x72be5d74);
+    RNDr(S, W, 13, 0x80deb1fe);
+    RNDr(S, W, 14, 0x9bdc06a7);
+    RNDr(S, W, 15, 0xc19bf174);
+    RNDr(S, W, 16, 0xe49b69c1);
+    RNDr(S, W, 17, 0xefbe4786);
+    RNDr(S, W, 18, 0x0fc19dc6);
+    RNDr(S, W, 19, 0x240ca1cc);
+    RNDr(S, W, 20, 0x2de92c6f);
+    RNDr(S, W, 21, 0x4a7484aa);
+    RNDr(S, W, 22, 0x5cb0a9dc);
+    RNDr(S, W, 23, 0x76f988da);
+    RNDr(S, W, 24, 0x983e5152);
+    RNDr(S, W, 25, 0xa831c66d);
+    RNDr(S, W, 26, 0xb00327c8);
+    RNDr(S, W, 27, 0xbf597fc7);
+    RNDr(S, W, 28, 0xc6e00bf3);
+    RNDr(S, W, 29, 0xd5a79147);
+    RNDr(S, W, 30, 0x06ca6351);
+    RNDr(S, W, 31, 0x14292967);
+    RNDr(S, W, 32, 0x27b70a85);
+    RNDr(S, W, 33, 0x2e1b2138);
+    RNDr(S, W, 34, 0x4d2c6dfc);
+    RNDr(S, W, 35, 0x53380d13);
+    RNDr(S, W, 36, 0x650a7354);
+    RNDr(S, W, 37, 0x766a0abb);
+    RNDr(S, W, 38, 0x81c2c92e);
+    RNDr(S, W, 39, 0x92722c85);
+    RNDr(S, W, 40, 0xa2bfe8a1);
+    RNDr(S, W, 41, 0xa81a664b);
+    RNDr(S, W, 42, 0xc24b8b70);
+    RNDr(S, W, 43, 0xc76c51a3);
+    RNDr(S, W, 44, 0xd192e819);
+    RNDr(S, W, 45, 0xd6990624);
+    RNDr(S, W, 46, 0xf40e3585);
+    RNDr(S, W, 47, 0x106aa070);
+    RNDr(S, W, 48, 0x19a4c116);
+    RNDr(S, W, 49, 0x1e376c08);
+    RNDr(S, W, 50, 0x2748774c);
+    RNDr(S, W, 51, 0x34b0bcb5);
+    RNDr(S, W, 52, 0x391c0cb3);
+    RNDr(S, W, 53, 0x4ed8aa4a);
+    RNDr(S, W, 54, 0x5b9cca4f);
+    RNDr(S, W, 55, 0x682e6ff3);
+    RNDr(S, W, 56, 0x748f82ee);
+    RNDr(S, W, 57, 0x78a5636f);
+    RNDr(S, W, 58, 0x84c87814);
+    RNDr(S, W, 59, 0x8cc70208);
+    RNDr(S, W, 60, 0x90befffa);
+    RNDr(S, W, 61, 0xa4506ceb);
+    RNDr(S, W, 62, 0xbef9a3f7);
+    RNDr(S, W, 63, 0xc67178f2);
+    for (i = 0; i < 8; i++) {
+        state[i] += S[i];
+    }
+    sodium_memzero((void *) W, sizeof W);
+    sodium_memzero((void *) S, sizeof S);
+    sodium_memzero((void *) &t0, sizeof t0);
+    sodium_memzero((void *) &t1, sizeof t1);
+}
+static unsigned char PAD[64] = {
+    0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+static void
+SHA256_Pad(crypto_hash_sha256_state *state)
+{
+    unsigned char len[8];
+    uint32_t r, plen;
+    be32enc_vect(len, state->count, 8);
+    r = (state->count[1] >> 3) & 0x3f;
+    plen = (r < 56) ? (56 - r) : (120 - r);
+    crypto_hash_sha256_update(state, PAD, (unsigned long long) plen);
+    crypto_hash_sha256_update(state, len, 8);
+}
+int
+crypto_hash_sha256_init(crypto_hash_sha256_state *state)
+{
+    state->count[0] = state->count[1] = 0;
+    state->state[0] = 0x6A09E667;
+    state->state[1] = 0xBB67AE85;
+    state->state[2] = 0x3C6EF372;
+    state->state[3] = 0xA54FF53A;
+    state->state[4] = 0x510E527F;
+    state->state[5] = 0x9B05688C;
+    state->state[6] = 0x1F83D9AB;
+    state->state[7] = 0x5BE0CD19;
+    return 0;
+}
+int
+crypto_hash_sha256_update(crypto_hash_sha256_state *state,
+                          const unsigned char *in,
+                          unsigned long long inlen)
+{
+    uint32_t bitlen[2];
+    uint32_t r;
+    r = (state->count[1] >> 3) & 0x3f;
+    bitlen[1] = ((uint32_t)inlen) << 3;
+    bitlen[0] = (uint32_t)(inlen >> 29);
+    if ((state->count[1] += bitlen[1]) < bitlen[1]) {
+        state->count[0]++;
+    }
+    state->count[0] += bitlen[0];
+    if (inlen < 64 - r) {
+        memcpy(&state->buf[r], in, inlen);
+        return 0;
+    }
+    memcpy(&state->buf[r], in, 64 - r);
+    SHA256_Transform(state->state, state->buf);
+    in += 64 - r;
+    inlen -= 64 - r;
+    while (inlen >= 64) {
+        SHA256_Transform(state->state, in);
+        in += 64;
+        inlen -= 64;
+    }
+    memcpy(state->buf, in, inlen);
+    return 0;
+}
+int
+crypto_hash_sha256_final(crypto_hash_sha256_state *state,
+                         unsigned char *out)
+{
+    SHA256_Pad(state);
+    be32enc_vect(out, state->state, 32);
+    sodium_memzero((void *) state, sizeof *state);
+    return 0;
+}
+int
+crypto_hash(unsigned char *out, const unsigned char *in,
+            unsigned long long inlen)
+{
+    crypto_hash_sha256_state state;
+    crypto_hash_sha256_init(&state);
+    crypto_hash_sha256_update(&state, in, inlen);
+    crypto_hash_sha256_final(&state, out);
+    return 0;
+}
+#endif

diff --git a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hash_sha256.c b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hash_sha256.c new file mode 100644 index 00000000..2fddc126 --- /dev/null +++ b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hash_sha256.c
@@ -0,0 +1,300 @@
	1	#ifdef HAVE_CONFIG_H
	2	#include "config.h"
	3	#endif
	4	#ifdef VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
	5
	6	/*-
	7	* Copyright 2005,2007,2009 Colin Percival
	8	* All rights reserved.
	9	*
	10	* Redistribution and use in source and binary forms, with or without
	11	* modification, are permitted provided that the following conditions
	12	* are met:
	13	* 1. Redistributions of source code must retain the above copyright
	14	* notice, this list of conditions and the following disclaimer.
	15	* 2. Redistributions in binary form must reproduce the above copyright
	16	* notice, this list of conditions and the following disclaimer in the
	17	* documentation and/or other materials provided with the distribution.
	18	*
	19	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
	20	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	21	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	22	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	23	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	24	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	25	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	26	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	27	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	28	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	29	* SUCH DAMAGE.
	30	*
	31	*/
	32
	33	//#include "api.h"
	34	#include "crypto_hash_sha256.h"
	35	#include "utils.h"
	36
	37	#include <sys/types.h>
	38
	39	#include <limits.h>
	40	#include <stdint.h>
	41	#include <stdlib.h>
	42	#include <string.h>
	43
	44	/* Avoid namespace collisions with BSD <sys/endian.h>. */
	45	#define be32dec _sha256_be32dec
	46	#define be32enc _sha256_be32enc
	47
	48	static inline uint32_t
	49	be32dec(const void *pp)
	50	{
	51	const uint8_t p = (uint8_t const )pp;
	52
	53	return ((uint32_t)(p[3]) + ((uint32_t)(p[2]) << 8) +
	54	((uint32_t)(p[1]) << 16) + ((uint32_t)(p[0]) << 24));
	55	}
	56
	57	static inline void
	58	be32enc(void *pp, uint32_t x)
	59	{
	60	uint8_t * p = (uint8_t *)pp;
	61
	62	p[3] = x & 0xff;
	63	p[2] = (x >> 8) & 0xff;
	64	p[1] = (x >> 16) & 0xff;
	65	p[0] = (x >> 24) & 0xff;
	66	}
	67
	68	static void
	69	be32enc_vect(unsigned char dst, const uint32_t src, size_t len)
	70	{
	71	size_t i;
	72
	73	for (i = 0; i < len / 4; i++) {
	74	be32enc(dst + i * 4, src[i]);
	75	}
	76	}
	77
	78	static void
	79	be32dec_vect(uint32_t dst, const unsigned char src, size_t len)
	80	{
	81	size_t i;
	82
	83	for (i = 0; i < len / 4; i++) {
	84	dst[i] = be32dec(src + i * 4);
	85	}
	86	}
	87
	88	#define Ch(x, y, z) ((x & (y ^ z)) ^ z)
	89	#define Maj(x, y, z) ((x & (y \| z)) \| (y & z))
	90	#define SHR(x, n) (x >> n)
	91	#define ROTR(x, n) ((x >> n) \| (x << (32 - n)))
	92	#define S0(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22))
	93	#define S1(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25))
	94	#define s0(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ SHR(x, 3))
	95	#define s1(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ SHR(x, 10))
	96
	97	#define RND(a, b, c, d, e, f, g, h, k) \
	98	t0 = h + S1(e) + Ch(e, f, g) + k; \
	99	t1 = S0(a) + Maj(a, b, c); \
	100	d += t0; \
	101	h = t0 + t1;
	102
	103	#define RNDr(S, W, i, k) \
	104	RND(S[(64 - i) % 8], S[(65 - i) % 8], \
	105	S[(66 - i) % 8], S[(67 - i) % 8], \
	106	S[(68 - i) % 8], S[(69 - i) % 8], \
	107	S[(70 - i) % 8], S[(71 - i) % 8], \
	108	W[i] + k)
	109
	110	static void
	111	SHA256_Transform(uint32_t *state, const unsigned char block[64])
	112	{
	113	uint32_t W[64];
	114	uint32_t S[8];
	115	uint32_t t0, t1;
	116	int i;
	117
	118	be32dec_vect(W, block, 64);
	119	for (i = 16; i < 64; i++) {
	120	W[i] = s1(W[i - 2]) + W[i - 7] + s0(W[i - 15]) + W[i - 16];
	121	}
	122
	123	memcpy(S, state, 32);
	124
	125	RNDr(S, W, 0, 0x428a2f98);
	126	RNDr(S, W, 1, 0x71374491);
	127	RNDr(S, W, 2, 0xb5c0fbcf);
	128	RNDr(S, W, 3, 0xe9b5dba5);
	129	RNDr(S, W, 4, 0x3956c25b);
	130	RNDr(S, W, 5, 0x59f111f1);
	131	RNDr(S, W, 6, 0x923f82a4);
	132	RNDr(S, W, 7, 0xab1c5ed5);
	133	RNDr(S, W, 8, 0xd807aa98);
	134	RNDr(S, W, 9, 0x12835b01);
	135	RNDr(S, W, 10, 0x243185be);
	136	RNDr(S, W, 11, 0x550c7dc3);
	137	RNDr(S, W, 12, 0x72be5d74);
	138	RNDr(S, W, 13, 0x80deb1fe);
	139	RNDr(S, W, 14, 0x9bdc06a7);
	140	RNDr(S, W, 15, 0xc19bf174);
	141	RNDr(S, W, 16, 0xe49b69c1);
	142	RNDr(S, W, 17, 0xefbe4786);
	143	RNDr(S, W, 18, 0x0fc19dc6);
	144	RNDr(S, W, 19, 0x240ca1cc);
	145	RNDr(S, W, 20, 0x2de92c6f);
	146	RNDr(S, W, 21, 0x4a7484aa);
	147	RNDr(S, W, 22, 0x5cb0a9dc);
	148	RNDr(S, W, 23, 0x76f988da);
	149	RNDr(S, W, 24, 0x983e5152);
	150	RNDr(S, W, 25, 0xa831c66d);
	151	RNDr(S, W, 26, 0xb00327c8);
	152	RNDr(S, W, 27, 0xbf597fc7);
	153	RNDr(S, W, 28, 0xc6e00bf3);
	154	RNDr(S, W, 29, 0xd5a79147);
	155	RNDr(S, W, 30, 0x06ca6351);
	156	RNDr(S, W, 31, 0x14292967);
	157	RNDr(S, W, 32, 0x27b70a85);
	158	RNDr(S, W, 33, 0x2e1b2138);
	159	RNDr(S, W, 34, 0x4d2c6dfc);
	160	RNDr(S, W, 35, 0x53380d13);
	161	RNDr(S, W, 36, 0x650a7354);
	162	RNDr(S, W, 37, 0x766a0abb);
	163	RNDr(S, W, 38, 0x81c2c92e);
	164	RNDr(S, W, 39, 0x92722c85);
	165	RNDr(S, W, 40, 0xa2bfe8a1);
	166	RNDr(S, W, 41, 0xa81a664b);
	167	RNDr(S, W, 42, 0xc24b8b70);
	168	RNDr(S, W, 43, 0xc76c51a3);
	169	RNDr(S, W, 44, 0xd192e819);
	170	RNDr(S, W, 45, 0xd6990624);
	171	RNDr(S, W, 46, 0xf40e3585);
	172	RNDr(S, W, 47, 0x106aa070);
	173	RNDr(S, W, 48, 0x19a4c116);
	174	RNDr(S, W, 49, 0x1e376c08);
	175	RNDr(S, W, 50, 0x2748774c);
	176	RNDr(S, W, 51, 0x34b0bcb5);
	177	RNDr(S, W, 52, 0x391c0cb3);
	178	RNDr(S, W, 53, 0x4ed8aa4a);
	179	RNDr(S, W, 54, 0x5b9cca4f);
	180	RNDr(S, W, 55, 0x682e6ff3);
	181	RNDr(S, W, 56, 0x748f82ee);
	182	RNDr(S, W, 57, 0x78a5636f);
	183	RNDr(S, W, 58, 0x84c87814);
	184	RNDr(S, W, 59, 0x8cc70208);
	185	RNDr(S, W, 60, 0x90befffa);
	186	RNDr(S, W, 61, 0xa4506ceb);
	187	RNDr(S, W, 62, 0xbef9a3f7);
	188	RNDr(S, W, 63, 0xc67178f2);
	189
	190	for (i = 0; i < 8; i++) {
	191	state[i] += S[i];
	192	}
	193
	194	sodium_memzero((void *) W, sizeof W);
	195	sodium_memzero((void *) S, sizeof S);
	196	sodium_memzero((void *) &t0, sizeof t0);
	197	sodium_memzero((void *) &t1, sizeof t1);
	198	}
	199
	200	static unsigned char PAD[64] = {
	201	0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
	202	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
	203	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
	204	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
	205	};
	206
	207	static void
	208	SHA256_Pad(crypto_hash_sha256_state *state)
	209	{
	210	unsigned char len[8];
	211	uint32_t r, plen;
	212
	213	be32enc_vect(len, state->count, 8);
	214
	215	r = (state->count[1] >> 3) & 0x3f;
	216	plen = (r < 56) ? (56 - r) : (120 - r);
	217	crypto_hash_sha256_update(state, PAD, (unsigned long long) plen);
	218
	219	crypto_hash_sha256_update(state, len, 8);
	220	}
	221
	222	int
	223	crypto_hash_sha256_init(crypto_hash_sha256_state *state)
	224	{
	225	state->count[0] = state->count[1] = 0;
	226
	227	state->state[0] = 0x6A09E667;
	228	state->state[1] = 0xBB67AE85;
	229	state->state[2] = 0x3C6EF372;
	230	state->state[3] = 0xA54FF53A;
	231	state->state[4] = 0x510E527F;
	232	state->state[5] = 0x9B05688C;
	233	state->state[6] = 0x1F83D9AB;
	234	state->state[7] = 0x5BE0CD19;
	235
	236	return 0;
	237	}
	238
	239	int
	240	crypto_hash_sha256_update(crypto_hash_sha256_state *state,
	241	const unsigned char *in,
	242	unsigned long long inlen)
	243	{
	244	uint32_t bitlen[2];
	245	uint32_t r;
	246
	247	r = (state->count[1] >> 3) & 0x3f;
	248
	249	bitlen[1] = ((uint32_t)inlen) << 3;
	250	bitlen[0] = (uint32_t)(inlen >> 29);
	251
	252	if ((state->count[1] += bitlen[1]) < bitlen[1]) {
	253	state->count[0]++;
	254	}
	255	state->count[0] += bitlen[0];
	256
	257	if (inlen < 64 - r) {
	258	memcpy(&state->buf[r], in, inlen);
	259	return 0;
	260	}
	261	memcpy(&state->buf[r], in, 64 - r);
	262	SHA256_Transform(state->state, state->buf);
	263	in += 64 - r;
	264	inlen -= 64 - r;
	265
	266	while (inlen >= 64) {
	267	SHA256_Transform(state->state, in);
	268	in += 64;
	269	inlen -= 64;
	270	}
	271	memcpy(state->buf, in, inlen);
	272
	273	return 0;
	274	}
	275
	276	int
	277	crypto_hash_sha256_final(crypto_hash_sha256_state *state,
	278	unsigned char *out)
	279	{
	280	SHA256_Pad(state);
	281	be32enc_vect(out, state->state, 32);
	282	sodium_memzero((void ) state, sizeof state);
	283
	284	return 0;
	285	}
	286
	287	int
	288	crypto_hash(unsigned char out, const unsigned char in,
	289	unsigned long long inlen)
	290	{
	291	crypto_hash_sha256_state state;
	292
	293	crypto_hash_sha256_init(&state);
	294	crypto_hash_sha256_update(&state, in, inlen);
	295	crypto_hash_sha256_final(&state, out);
	296
	297	return 0;
	298	}
	299
	300	#endif