root/lib/crypto/sha256.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. SHA256_Init
  2. calc
  3. cshift
  4. swap_uint32_t
  5. SHA256_Update
  6. SHA256_Final

   1 /*
   2   based on heildal lib/hcrypto/sha256.c. Copied to lib/crypto to avoid a link
   3   problem. Hopefully will be removed once we solve this link problem
   4 
   5    (tridge)
   6  */
   7 
   8 /*
   9  * Copyright (c) 2006 Kungliga Tekniska Högskolan
  10  * (Royal Institute of Technology, Stockholm, Sweden).
  11  * All rights reserved.
  12  * 
  13  * Redistribution and use in source and binary forms, with or without
  14  * modification, are permitted provided that the following conditions
  15  * are met:
  16  * 
  17  * 1. Redistributions of source code must retain the above copyright
  18  *    notice, this list of conditions and the following disclaimer.
  19  * 
  20  * 2. Redistributions in binary form must reproduce the above copyright
  21  *    notice, this list of conditions and the following disclaimer in the
  22  *    documentation and/or other materials provided with the distribution.
  23  * 
  24  * 3. Neither the name of the Institute nor the names of its contributors
  25  *    may be used to endorse or promote products derived from this software
  26  *    without specific prior written permission.
  27  * 
  28  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  29  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  30  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  31  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  32  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  33  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  34  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  35  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  36  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  37  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  38  * SUCH DAMAGE.
  39  */
  40 
  41 #include "includes.h"
  42 #include "sha256.h"
  43 
  44 #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
  45 #define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
  46 
  47 #define ROTR(x,n)   (((x)>>(n)) | ((x) << (32 - (n))))
  48 
  49 #define Sigma0(x)       (ROTR(x,2)  ^ ROTR(x,13) ^ ROTR(x,22))
  50 #define Sigma1(x)       (ROTR(x,6)  ^ ROTR(x,11) ^ ROTR(x,25))
  51 #define sigma0(x)       (ROTR(x,7)  ^ ROTR(x,18) ^ ((x)>>3))
  52 #define sigma1(x)       (ROTR(x,17) ^ ROTR(x,19) ^ ((x)>>10))
  53 
  54 #define A m->counter[0]
  55 #define B m->counter[1]
  56 #define C m->counter[2]
  57 #define D m->counter[3]
  58 #define E m->counter[4]
  59 #define F m->counter[5]
  60 #define G m->counter[6]
  61 #define H m->counter[7]
  62 
  63 static const uint32_t constant_256[64] = {
  64     0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
  65     0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
  66     0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
  67     0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
  68     0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
  69     0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
  70     0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
  71     0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
  72     0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
  73     0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
  74     0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
  75     0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
  76     0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
  77     0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
  78     0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
  79     0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
  80 };
  81 
  82 void
  83 SHA256_Init (SHA256_CTX *m)
     /* [<][>][^][v][top][bottom][index][help] */
  84 {
  85     m->sz[0] = 0;
  86     m->sz[1] = 0;
  87     A = 0x6a09e667;
  88     B = 0xbb67ae85;
  89     C = 0x3c6ef372;
  90     D = 0xa54ff53a;
  91     E = 0x510e527f;
  92     F = 0x9b05688c;
  93     G = 0x1f83d9ab;
  94     H = 0x5be0cd19;
  95 }
  96 
  97 static void
  98 calc (SHA256_CTX *m, uint32_t *in)
     /* [<][>][^][v][top][bottom][index][help] */
  99 {
 100     uint32_t AA, BB, CC, DD, EE, FF, GG, HH;
 101     uint32_t data[64];
 102     int i;
 103 
 104     AA = A;
 105     BB = B;
 106     CC = C;
 107     DD = D;
 108     EE = E;
 109     FF = F;
 110     GG = G;
 111     HH = H;
 112 
 113     for (i = 0; i < 16; ++i)
 114         data[i] = in[i];
 115     for (i = 16; i < 64; ++i)
 116         data[i] = sigma1(data[i-2]) + data[i-7] + 
 117             sigma0(data[i-15]) + data[i - 16];
 118 
 119     for (i = 0; i < 64; i++) {
 120         uint32_t T1, T2;
 121 
 122         T1 = HH + Sigma1(EE) + Ch(EE, FF, GG) + constant_256[i] + data[i];
 123         T2 = Sigma0(AA) + Maj(AA,BB,CC);
 124                              
 125         HH = GG;
 126         GG = FF;
 127         FF = EE;
 128         EE = DD + T1;
 129         DD = CC;
 130         CC = BB;
 131         BB = AA;
 132         AA = T1 + T2;
 133     }
 134 
 135     A += AA;
 136     B += BB;
 137     C += CC;
 138     D += DD;
 139     E += EE;
 140     F += FF;
 141     G += GG;
 142     H += HH;
 143 }
 144 
 145 /*
 146  * From `Performance analysis of MD5' by Joseph D. Touch <touch@isi.edu>
 147  */
 148 
 149 #if !defined(WORDS_BIGENDIAN) || defined(_CRAY)
 150 /* Vector Crays doesn't have a good 32-bit type, or more precisely,
 151    int32_t as defined by <bind/bitypes.h> isn't 32 bits, and we don't
 152    want to depend in being able to redefine this type.  To cope with
 153    this we have to clamp the result in some places to [0,2^32); no
 154    need to do this on other machines.  Did I say this was a mess?
 155    */
 156 
 157 #ifdef _CRAY
 158 #define CRAYFIX(X) ((X) & 0xffffffff)
 159 #else
 160 #define CRAYFIX(X) (X)
 161 #endif
 162 
 163 static inline uint32_t
 164 cshift (uint32_t x, unsigned int n)
     /* [<][>][^][v][top][bottom][index][help] */
 165 {
 166     x = CRAYFIX(x);
 167     return CRAYFIX((x << n) | (x >> (32 - n)));
 168 }
 169 
 170 static inline uint32_t
 171 swap_uint32_t (uint32_t t)
     /* [<][>][^][v][top][bottom][index][help] */
 172 {
 173     uint32_t temp1, temp2;
 174 
 175     temp1   = cshift(t, 16);
 176     temp2   = temp1 >> 8;
 177     temp1  &= 0x00ff00ff;
 178     temp2  &= 0x00ff00ff;
 179     temp1 <<= 8;
 180     return temp1 | temp2;
 181 }
 182 #endif
 183 
 184 struct x32{
 185     unsigned int a:32;
 186     unsigned int b:32;
 187 };
 188 
 189 void
 190 SHA256_Update (SHA256_CTX *m, const void *v, size_t len)
     /* [<][>][^][v][top][bottom][index][help] */
 191 {
 192     const unsigned char *p = v;
 193     size_t old_sz = m->sz[0];
 194     size_t offset;
 195 
 196     m->sz[0] += len * 8;
 197     if (m->sz[0] < old_sz)
 198         ++m->sz[1];
 199     offset = (old_sz / 8) % 64;
 200     while(len > 0){
 201         size_t l = MIN(len, 64 - offset);
 202         memcpy(m->save + offset, p, l);
 203         offset += l;
 204         p += l;
 205         len -= l;
 206         if(offset == 64){
 207 #if !defined(WORDS_BIGENDIAN) || defined(_CRAY)
 208             int i;
 209             uint32_t current[16];
 210             struct x32 *u = (struct x32*)m->save;
 211             for(i = 0; i < 8; i++){
 212                 current[2*i+0] = swap_uint32_t(u[i].a);
 213                 current[2*i+1] = swap_uint32_t(u[i].b);
 214             }
 215             calc(m, current);
 216 #else
 217             calc(m, (uint32_t*)m->save);
 218 #endif
 219             offset = 0;
 220         }
 221     }
 222 }
 223 
 224 void
 225 SHA256_Final (void *res, SHA256_CTX *m)
     /* [<][>][^][v][top][bottom][index][help] */
 226 {
 227     unsigned char zeros[72];
 228     unsigned offset = (m->sz[0] / 8) % 64;
 229     unsigned int dstart = (120 - offset - 1) % 64 + 1;
 230 
 231     *zeros = 0x80;
 232     memset (zeros + 1, 0, sizeof(zeros) - 1);
 233     zeros[dstart+7] = (m->sz[0] >> 0) & 0xff;
 234     zeros[dstart+6] = (m->sz[0] >> 8) & 0xff;
 235     zeros[dstart+5] = (m->sz[0] >> 16) & 0xff;
 236     zeros[dstart+4] = (m->sz[0] >> 24) & 0xff;
 237     zeros[dstart+3] = (m->sz[1] >> 0) & 0xff;
 238     zeros[dstart+2] = (m->sz[1] >> 8) & 0xff;
 239     zeros[dstart+1] = (m->sz[1] >> 16) & 0xff;
 240     zeros[dstart+0] = (m->sz[1] >> 24) & 0xff;
 241     SHA256_Update (m, zeros, dstart + 8);
 242     {
 243         int i;
 244         unsigned char *r = (unsigned char*)res;
 245 
 246         for (i = 0; i < 8; ++i) {
 247             r[4*i+3] = m->counter[i] & 0xFF;
 248             r[4*i+2] = (m->counter[i] >> 8) & 0xFF;
 249             r[4*i+1] = (m->counter[i] >> 16) & 0xFF;
 250             r[4*i]   = (m->counter[i] >> 24) & 0xFF;
 251         }
 252     }
 253 }

/* [<][>][^][v][top][bottom][index][help] */