Annotation of embedaddon/bird/lib/sha256.c, revision 1.1
1.1 ! misho 1: /*
! 2: * BIRD Library -- SHA-256 and SHA-224 Hash Functions
! 3: *
! 4: * (c) 2015 CZ.NIC z.s.p.o.
! 5: *
! 6: * Based on the code from libgcrypt-1.6.0, which is
! 7: * (c) 2003, 2006, 2008, 2009 Free Software Foundation, Inc.
! 8: *
! 9: * Can be freely distributed and used under the terms of the GNU GPL.
! 10: */
! 11:
! 12: #include "lib/sha256.h"
! 13: #include "lib/unaligned.h"
! 14:
! 15:
! 16: // #define SHA256_UNROLLED
! 17:
! 18: void
! 19: sha256_init(struct hash_context *CTX)
! 20: {
! 21: struct sha256_context *ctx = (void *) CTX;
! 22:
! 23: ctx->h0 = 0x6a09e667;
! 24: ctx->h1 = 0xbb67ae85;
! 25: ctx->h2 = 0x3c6ef372;
! 26: ctx->h3 = 0xa54ff53a;
! 27: ctx->h4 = 0x510e527f;
! 28: ctx->h5 = 0x9b05688c;
! 29: ctx->h6 = 0x1f83d9ab;
! 30: ctx->h7 = 0x5be0cd19;
! 31:
! 32: ctx->nblocks = 0;
! 33: ctx->count = 0;
! 34: }
! 35:
! 36: void
! 37: sha224_init(struct hash_context *CTX)
! 38: {
! 39: struct sha224_context *ctx = (void *) CTX;
! 40:
! 41: ctx->h0 = 0xc1059ed8;
! 42: ctx->h1 = 0x367cd507;
! 43: ctx->h2 = 0x3070dd17;
! 44: ctx->h3 = 0xf70e5939;
! 45: ctx->h4 = 0xffc00b31;
! 46: ctx->h5 = 0x68581511;
! 47: ctx->h6 = 0x64f98fa7;
! 48: ctx->h7 = 0xbefa4fa4;
! 49:
! 50: ctx->nblocks = 0;
! 51: ctx->count = 0;
! 52: }
! 53:
! 54: /* (4.2) same as SHA-1's F1. */
! 55: static inline u32
! 56: f1(u32 x, u32 y, u32 z)
! 57: {
! 58: return (z ^ (x & (y ^ z)));
! 59: }
! 60:
! 61: /* (4.3) same as SHA-1's F3 */
! 62: static inline u32
! 63: f3(u32 x, u32 y, u32 z)
! 64: {
! 65: return ((x & y) | (z & (x|y)));
! 66: }
! 67:
! 68: /* Bitwise rotation of an uint to the right */
! 69: static inline u32 ror(u32 x, int n)
! 70: {
! 71: return ((x >> (n&(32-1))) | (x << ((32-n)&(32-1))));
! 72: }
! 73:
! 74: /* (4.4) */
! 75: static inline u32
! 76: sum0(u32 x)
! 77: {
! 78: return (ror(x, 2) ^ ror(x, 13) ^ ror(x, 22));
! 79: }
! 80:
! 81: /* (4.5) */
! 82: static inline u32
! 83: sum1(u32 x)
! 84: {
! 85: return (ror(x, 6) ^ ror(x, 11) ^ ror(x, 25));
! 86: }
! 87:
! 88: /*
! 89: Transform the message X which consists of 16 32-bit-words. See FIPS
! 90: 180-2 for details. */
! 91: #define S0(x) (ror((x), 7) ^ ror((x), 18) ^ ((x) >> 3)) /* (4.6) */
! 92: #define S1(x) (ror((x), 17) ^ ror((x), 19) ^ ((x) >> 10)) /* (4.7) */
! 93: #define R(a,b,c,d,e,f,g,h,k,w) \
! 94: do \
! 95: { \
! 96: t1 = (h) + sum1((e)) + f1((e),(f),(g)) + (k) + (w); \
! 97: t2 = sum0((a)) + f3((a),(b),(c)); \
! 98: h = g; \
! 99: g = f; \
! 100: f = e; \
! 101: e = d + t1; \
! 102: d = c; \
! 103: c = b; \
! 104: b = a; \
! 105: a = t1 + t2; \
! 106: } while (0)
! 107:
! 108: /*
! 109: The SHA-256 core: Transform the message X which consists of 16
! 110: 32-bit-words. See FIPS 180-2 for details.
! 111: */
! 112: static uint
! 113: sha256_transform(struct sha256_context *ctx, const byte *data)
! 114: {
! 115: static const u32 K[64] = {
! 116: 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
! 117: 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
! 118: 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
! 119: 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
! 120: 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
! 121: 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
! 122: 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
! 123: 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
! 124: 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
! 125: 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
! 126: 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
! 127: 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
! 128: 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
! 129: 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
! 130: 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
! 131: 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
! 132: };
! 133:
! 134: u32 a,b,c,d,e,f,g,h,t1,t2;
! 135: u32 w[64];
! 136: int i;
! 137:
! 138: a = ctx->h0;
! 139: b = ctx->h1;
! 140: c = ctx->h2;
! 141: d = ctx->h3;
! 142: e = ctx->h4;
! 143: f = ctx->h5;
! 144: g = ctx->h6;
! 145: h = ctx->h7;
! 146:
! 147: for (i = 0; i < 16; i++)
! 148: w[i] = get_u32(data + i * 4);
! 149:
! 150: for (; i < 64; i++)
! 151: w[i] = S1(w[i-2]) + w[i-7] + S0(w[i-15]) + w[i-16];
! 152:
! 153: for (i = 0; i < 64;)
! 154: {
! 155: #ifndef SHA256_UNROLLED
! 156: R(a,b,c,d,e,f,g,h,K[i],w[i]);
! 157: i++;
! 158: #else /* Unrolled */
! 159: t1 = h + sum1(e) + f1(e, f, g) + K[i] + w[i];
! 160: t2 = sum0(a) + f3(a, b, c);
! 161: d += t1;
! 162: h = t1 + t2;
! 163:
! 164: t1 = g + sum1(d) + f1(d, e, f) + K[i+1] + w[i+1];
! 165: t2 = sum0(h) + f3(h, a, b);
! 166: c += t1;
! 167: g = t1 + t2;
! 168:
! 169: t1 = f + sum1(c) + f1(c, d, e) + K[i+2] + w[i+2];
! 170: t2 = sum0(g) + f3(g, h, a);
! 171: b += t1;
! 172: f = t1 + t2;
! 173:
! 174: t1 = e + sum1(b) + f1(b, c, d) + K[i+3] + w[i+3];
! 175: t2 = sum0(f) + f3(f, g, h);
! 176: a += t1;
! 177: e = t1 + t2;
! 178:
! 179: t1 = d + sum1(a) + f1(a, b, c) + K[i+4] + w[i+4];
! 180: t2 = sum0(e) + f3(e, f, g);
! 181: h += t1;
! 182: d = t1 + t2;
! 183:
! 184: t1 = c + sum1(h) + f1(h, a, b) + K[i+5] + w[i+5];
! 185: t2 = sum0(d) + f3(d, e, f);
! 186: g += t1;
! 187: c = t1 + t2;
! 188:
! 189: t1 = b + sum1(g) + f1(g, h, a) + K[i+6] + w[i+6];
! 190: t2 = sum0(c) + f3(c, d, e);
! 191: f += t1;
! 192: b = t1 + t2;
! 193:
! 194: t1 = a + sum1(f) + f1(f, g, h) + K[i+7] + w[i+7];
! 195: t2 = sum0(b) + f3(b, c, d);
! 196: e += t1;
! 197: a = t1 + t2;
! 198:
! 199: i += 8;
! 200: #endif
! 201: }
! 202:
! 203: ctx->h0 += a;
! 204: ctx->h1 += b;
! 205: ctx->h2 += c;
! 206: ctx->h3 += d;
! 207: ctx->h4 += e;
! 208: ctx->h5 += f;
! 209: ctx->h6 += g;
! 210: ctx->h7 += h;
! 211:
! 212: return /*burn_stack*/ 74*4+32;
! 213: }
! 214: #undef S0
! 215: #undef S1
! 216: #undef R
! 217:
! 218: /* Common function to write a chunk of data to the transform function
! 219: of a hash algorithm. Note that the use of the term "block" does
! 220: not imply a fixed size block. Note that we explicitly allow to use
! 221: this function after the context has been finalized; the result does
! 222: not have any meaning but writing after finalize is sometimes
! 223: helpful to mitigate timing attacks. */
! 224: void
! 225: sha256_update(struct hash_context *CTX, const byte *buf, uint len)
! 226: {
! 227: struct sha256_context *ctx = (void *) CTX;
! 228:
! 229: if (ctx->count)
! 230: {
! 231: /* Fill rest of internal buffer */
! 232: for (; len && ctx->count < SHA256_BLOCK_SIZE; len--)
! 233: ctx->buf[ctx->count++] = *buf++;
! 234:
! 235: if (ctx->count < SHA256_BLOCK_SIZE)
! 236: return;
! 237:
! 238: /* Process data from internal buffer */
! 239: sha256_transform(ctx, ctx->buf);
! 240: ctx->nblocks++;
! 241: ctx->count = 0;
! 242: }
! 243:
! 244: if (!len)
! 245: return;
! 246:
! 247: /* Process data from input buffer */
! 248: while (len >= SHA256_BLOCK_SIZE)
! 249: {
! 250: sha256_transform(ctx, buf);
! 251: ctx->nblocks++;
! 252: buf += SHA256_BLOCK_SIZE;
! 253: len -= SHA256_BLOCK_SIZE;
! 254: }
! 255:
! 256: /* Copy remaining data to internal buffer */
! 257: memcpy(ctx->buf, buf, len);
! 258: ctx->count = len;
! 259: }
! 260:
! 261: /*
! 262: * The routine finally terminates the computation and returns the digest. The
! 263: * handle is prepared for a new cycle, but adding bytes to the handle will the
! 264: * destroy the returned buffer.
! 265: *
! 266: * Returns: 32 bytes with the message the digest. 28 bytes for SHA-224.
! 267: */
! 268: byte *
! 269: sha256_final(struct hash_context *CTX)
! 270: {
! 271: struct sha256_context *ctx = (void *) CTX;
! 272: u32 t, th, msb, lsb;
! 273:
! 274: sha256_update(CTX, NULL, 0); /* flush */
! 275:
! 276: t = ctx->nblocks;
! 277: th = 0;
! 278:
! 279: /* multiply by 64 to make a byte count */
! 280: lsb = t << 6;
! 281: msb = (th << 6) | (t >> 26);
! 282: /* add the count */
! 283: t = lsb;
! 284: if ((lsb += ctx->count) < t)
! 285: msb++;
! 286: /* multiply by 8 to make a bit count */
! 287: t = lsb;
! 288: lsb <<= 3;
! 289: msb <<= 3;
! 290: msb |= t >> 29;
! 291:
! 292: if (ctx->count < 56)
! 293: {
! 294: /* enough room */
! 295: ctx->buf[ctx->count++] = 0x80; /* pad */
! 296: while (ctx->count < 56)
! 297: ctx->buf[ctx->count++] = 0; /* pad */
! 298: }
! 299: else
! 300: {
! 301: /* need one extra block */
! 302: ctx->buf[ctx->count++] = 0x80; /* pad character */
! 303: while (ctx->count < 64)
! 304: ctx->buf[ctx->count++] = 0;
! 305: sha256_update(CTX, NULL, 0); /* flush */;
! 306: memset(ctx->buf, 0, 56 ); /* fill next block with zeroes */
! 307: }
! 308:
! 309: /* append the 64 bit count */
! 310: put_u32(ctx->buf + 56, msb);
! 311: put_u32(ctx->buf + 60, lsb);
! 312: sha256_transform(ctx, ctx->buf);
! 313:
! 314: byte *p = ctx->buf;
! 315: #define X(a) do { put_u32(p, ctx->h##a); p += 4; } while(0)
! 316: X(0);
! 317: X(1);
! 318: X(2);
! 319: X(3);
! 320: X(4);
! 321: X(5);
! 322: X(6);
! 323: X(7);
! 324: #undef X
! 325:
! 326: return ctx->buf;
! 327: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to sha256.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / bird / lib