Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Blame
Revision Log

source: trunk/minix/servers/inet/sha2.c@ 9

Last change on this file since 9 was 9, checked in by Mattia Monga, 13 years ago
Minix 3.1.2a
File size: 31.7 KB

Line
1
2	/*
3	* sha2.c
4	*
5	* Version 1.0.0beta1
6	*
7	* Written by Aaron D. Gifford <me@aarongifford.com>
8	*
9	* Copyright 2000 Aaron D. Gifford. All rights reserved.
10	*
11	* Redistribution and use in source and binary forms, with or without
12	* modification, are permitted provided that the following conditions
13	* are met:
14	* 1. Redistributions of source code must retain the above copyright
15	* notice, this list of conditions and the following disclaimer.
16	* 2. Redistributions in binary form must reproduce the above copyright
17	* notice, this list of conditions and the following disclaimer in the
18	* documentation and/or other materials provided with the distribution.
19	* 3. Neither the name of the copyright holder nor the names of contributors
20	* may be used to endorse or promote products derived from this software
21	* without specific prior written permission.
22	*
23	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTOR(S) ``AS IS'' AND
24	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTOR(S) BE LIABLE
27	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33	* SUCH DAMAGE.
34	*
35	*/
36
37
38	#include <sys/types.h>
39	/* #include <sys/time.h> */
40	/* #include <sys/systm.h> */
41	/* #include <machine/endian.h> */
42	#include "sha2.h"
43
44	/*
45	* ASSERT NOTE:
46	* Some sanity checking code is included using assert(). On my FreeBSD
47	* system, this additional code can be removed by compiling with NDEBUG
48	* defined. Check your own systems manpage on assert() to see how to
49	* compile WITHOUT the sanity checking code on your system.
50	*
51	* UNROLLED TRANSFORM LOOP NOTE:
52	* You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform
53	* loop version for the hash transform rounds (defined using macros
54	* later in this file). Either define on the command line, for example:
55	*
56	* cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c
57	*
58	* or define below:
59	*
60	* #define SHA2_UNROLL_TRANSFORM
61	*
62	*/
63
64	#if defined(__bsdi__) \|\| defined(__FreeBSD__)
65	#define assert(x)
66	#endif
67
68
69	/* SHA-256/384/512 Machine Architecture Definitions ***************/
70	/*
71	* SHA2_BYTE_ORDER NOTE:
72	*
73	* Please make sure that your system defines SHA2_BYTE_ORDER. If your
74	* architecture is little-endian, make sure it also defines
75	* SHA2_LITTLE_ENDIAN and that the two (SHA2_BYTE_ORDER and
76	* SHA2_LITTLE_ENDIAN) are equivilent.
77	*
78	* If your system does not define the above, then you can do so by
79	* hand like this:
80	*
81	* #define SHA2_LITTLE_ENDIAN 1234
82	* #define SHA2_BIG_ENDIAN 4321
83	*
84	* And for little-endian machines, add:
85	*
86	* #define SHA2_BYTE_ORDER SHA2_LITTLE_ENDIAN
87	*
88	* Or for big-endian machines:
89	*
90	* #define SHA2_BYTE_ORDER SHA2_BIG_ENDIAN
91	*
92	* The FreeBSD machine this was written on defines BYTE_ORDER
93	* appropriately by including <sys/types.h> (which in turn includes
94	* <machine/endian.h> where the appropriate definitions are actually
95	* made).
96	*/
97	#if !defined(SHA2_BYTE_ORDER) \|\| (SHA2_BYTE_ORDER != SHA2_LITTLE_ENDIAN && SHA2_BYTE_ORDER != SHA2_BIG_ENDIAN)
98	#error Define SHA2_BYTE_ORDER to be equal to either SHA2_LITTLE_ENDIAN or SHA2_BIG_ENDIAN
99	#endif
100
101	/*
102	* Define the followingsha2_* types to types of the correct length on
103	* the native archtecture. Most BSD systems and Linux define u_intXX_t
104	* types. Machines with very recent ANSI C headers, can use the
105	* uintXX_t definintions from inttypes.h by defining SHA2_USE_INTTYPES_H
106	* during compile or in the sha.h header file.
107	*
108	* Machines that support neither u_intXX_t nor inttypes.h's uintXX_t
109	* will need to define these three typedefs below (and the appropriate
110	* ones in sha.h too) by hand according to their system architecture.
111	*
112	* Thank you, Jun-ichiro itojun Hagino, for suggesting using u_intXX_t
113	* types and pointing out recent ANSI C support for uintXX_t in inttypes.h.
114	*/
115	#if 0 /def SHA2_USE_INTTYPES_H/
116
117	typedef uint8_t sha2_byte; /* Exactly 1 byte */
118	typedef uint32_t sha2_word32; /* Exactly 4 bytes */
119	typedef uint64_t sha2_word64; /* Exactly 8 bytes */
120
121	#else /* SHA2_USE_INTTYPES_H */
122
123	typedef u_int8_t sha2_byte; /* Exactly 1 byte */
124	typedef u_int32_t sha2_word32; /* Exactly 4 bytes */
125	typedef u_int64_t sha2_word64; /* Exactly 8 bytes */
126
127	#endif /* SHA2_USE_INTTYPES_H */
128
129
130	/* SHA-256/384/512 Various Length Definitions *********************/
131	/* NOTE: Most of these are in sha2.h */
132	#define SHA256_SHORT_BLOCK_LENGTH (SHA256_BLOCK_LENGTH - 8)
133	#define SHA384_SHORT_BLOCK_LENGTH (SHA384_BLOCK_LENGTH - 16)
134	#define SHA512_SHORT_BLOCK_LENGTH (SHA512_BLOCK_LENGTH - 16)
135
136
137	/* ENDIAN REVERSAL MACROS *****************************************/
138	#if SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN
139	#define REVERSE32(w,x) { \
140	sha2_word32 tmp = (w); \
141	tmp = (tmp >> 16) \| (tmp << 16); \
142	(x) = ((tmp & 0xff00ff00UL) >> 8) \| ((tmp & 0x00ff00ffUL) << 8); \
143	}
144	#define REVERSE64(w,x) { \
145	sha2_word64 tmp = (w); \
146	tmp = (tmp >> 32) \| (tmp << 32); \
147	tmp = ((tmp & 0xff00ff00ff00ff00ULL) >> 8) \| \
148	((tmp & 0x00ff00ff00ff00ffULL) << 8); \
149	(x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) \| \
150	((tmp & 0x0000ffff0000ffffULL) << 16); \
151	}
152	#if MINIX_64BIT
153	#undef REVERSE64
154	#define REVERSE64(w,x) { \
155	u32_t hi, lo; \
156	REVERSE32(ex64hi((w)), lo); \
157	REVERSE32(ex64lo((w)), hi); \
158	(x) = make64(lo, hi); \
159	}
160	#endif /* MINIX_64BIT */
161	#endif /* SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN */
162
163	/*
164	* Macro for incrementally adding the unsigned 64-bit integer n to the
165	* unsigned 128-bit integer (represented using a two-element array of
166	* 64-bit words):
167	*/
168	#define ADDINC128(w,n) { \
169	(w)[0] += (sha2_word64)(n); \
170	if ((w)[0] < (n)) { \
171	(w)[1]++; \
172	} \
173	}
174
175	/* THE SIX LOGICAL FUNCTIONS **************************************/
176	/*
177	* Bit shifting and rotation (used by the six SHA-XYZ logical functions:
178	*
179	* NOTE: The naming of R and S appears backwards here (R is a SHIFT and
180	* S is a ROTATION) because the SHA-256/384/512 description document
181	* (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this
182	* same "backwards" definition.
183	*/
184	/* Shift-right (used in SHA-256, SHA-384, and SHA-512): */
185	#define R(b,x) ((x) >> (b))
186	/* 32-bit Rotate-right (used in SHA-256): */
187	#define S32(b,x) (((x) >> (b)) \| ((x) << (32 - (b))))
188	/* 64-bit Rotate-right (used in SHA-384 and SHA-512): */
189	#define S64(b,x) (((x) >> (b)) \| ((x) << (64 - (b))))
190
191	/* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */
192	#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
193	#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
194
195	/* Four of six logical functions used in SHA-256: */
196	#define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x)))
197	#define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x)))
198	#define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x)))
199	#define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x)))
200
201	/* Four of six logical functions used in SHA-384 and SHA-512: */
202	#define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x)))
203	#define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x)))
204	#define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x)))
205	#define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x)))
206
207	/* INTERNAL FUNCTION PROTOTYPES ***********************************/
208	/* NOTE: These should not be accessed directly from outside this
209	* library -- they are intended for private internal visibility/use
210	* only.
211	*/
212	void SHA512_Last(SHA512_CTX*);
213	void SHA256_Transform(SHA256_CTX, const sha2_word32);
214	void SHA512_Transform(SHA512_CTX, const sha2_word64);
215
216
217	/* SHA-XYZ INITIAL HASH VALUES AND CONSTANTS **********************/
218	/* Hash constant words K for SHA-256: */
219	const static sha2_word32 K256[64] = {
220	0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
221	0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
222	0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
223	0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
224	0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
225	0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
226	0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
227	0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
228	0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
229	0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
230	0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
231	0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
232	0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
233	0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
234	0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
235	0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
236	};
237
238	/* Initial hash value H for SHA-256: */
239	const static sha2_word32 sha256_initial_hash_value[8] = {
240	0x6a09e667UL,
241	0xbb67ae85UL,
242	0x3c6ef372UL,
243	0xa54ff53aUL,
244	0x510e527fUL,
245	0x9b05688cUL,
246	0x1f83d9abUL,
247	0x5be0cd19UL
248	};
249
250	#if !NO_64BIT
251	/* Hash constant words K for SHA-384 and SHA-512: */
252	const static sha2_word64 K512[80] = {
253	0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
254	0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
255	0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
256	0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
257	0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
258	0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
259	0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
260	0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
261	0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
262	0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
263	0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
264	0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
265	0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
266	0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
267	0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
268	0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
269	0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
270	0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
271	0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
272	0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
273	0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
274	0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
275	0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
276	0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
277	0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
278	0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
279	0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
280	0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
281	0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
282	0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
283	0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
284	0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
285	0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
286	0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
287	0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
288	0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
289	0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
290	0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
291	0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
292	0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
293	};
294
295	/* Initial hash value H for SHA-384 */
296	const static sha2_word64 sha384_initial_hash_value[8] = {
297	0xcbbb9d5dc1059ed8ULL,
298	0x629a292a367cd507ULL,
299	0x9159015a3070dd17ULL,
300	0x152fecd8f70e5939ULL,
301	0x67332667ffc00b31ULL,
302	0x8eb44a8768581511ULL,
303	0xdb0c2e0d64f98fa7ULL,
304	0x47b5481dbefa4fa4ULL
305	};
306
307	/* Initial hash value H for SHA-512 */
308	const static sha2_word64 sha512_initial_hash_value[8] = {
309	0x6a09e667f3bcc908ULL,
310	0xbb67ae8584caa73bULL,
311	0x3c6ef372fe94f82bULL,
312	0xa54ff53a5f1d36f1ULL,
313	0x510e527fade682d1ULL,
314	0x9b05688c2b3e6c1fULL,
315	0x1f83d9abfb41bd6bULL,
316	0x5be0cd19137e2179ULL
317	};
318	#endif /* !NO_64BIT */
319
320	/*
321	* Constant used by SHA256/384/512_End() functions for converting the
322	* digest to a readable hexadecimal character string:
323	*/
324	static const char *sha2_hex_digits = "0123456789abcdef";
325
326
327	/* SHA-256: *******************************************************/
328	void SHA256_Init(SHA256_CTX* context) {
329	if (context == (SHA256_CTX*)0) {
330	return;
331	}
332	bcopy(sha256_initial_hash_value, context->state, SHA256_DIGEST_LENGTH);
333	bzero(context->buffer, SHA256_BLOCK_LENGTH);
334	#if MINIX_64BIT
335	context->bitcount= cvu64(0);
336	#else /* !MINIX_64BIT */
337	context->bitcount = 0;
338	#endif /* MINIX_64BIT */
339	}
340
341	#ifdef SHA2_UNROLL_TRANSFORM
342
343	/* Unrolled SHA-256 round macros: */
344
345	#if SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN
346
347	#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
348	REVERSE32(*data++, W256[j]); \
349	T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
350	K256[j] + W256[j]; \
351	(d) += T1; \
352	(h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
353	j++
354
355
356	#else /* SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN */
357
358	#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
359	T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
360	K256[j] + (W256[j] = *data++); \
361	(d) += T1; \
362	(h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
363	j++
364
365	#endif /* SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN */
366
367	#define ROUND256(a,b,c,d,e,f,g,h) \
368	s0 = W256[(j+1)&0x0f]; \
369	s0 = sigma0_256(s0); \
370	s1 = W256[(j+14)&0x0f]; \
371	s1 = sigma1_256(s1); \
372	T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \
373	(W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \
374	(d) += T1; \
375	(h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
376	j++
377
378	void SHA256_Transform(SHA256_CTX* context, const sha2_word32* data) {
379	sha2_word32 a, b, c, d, e, f, g, h, s0, s1;
380	sha2_word32 T1, *W256;
381	int j;
382
383	W256 = (sha2_word32*)context->buffer;
384
385	/* Initialize registers with the prev. intermediate value */
386	a = context->state[0];
387	b = context->state[1];
388	c = context->state[2];
389	d = context->state[3];
390	e = context->state[4];
391	f = context->state[5];
392	g = context->state[6];
393	h = context->state[7];
394
395	j = 0;
396	do {
397	/* Rounds 0 to 15 (unrolled): */
398	ROUND256_0_TO_15(a,b,c,d,e,f,g,h);
399	ROUND256_0_TO_15(h,a,b,c,d,e,f,g);
400	ROUND256_0_TO_15(g,h,a,b,c,d,e,f);
401	ROUND256_0_TO_15(f,g,h,a,b,c,d,e);
402	ROUND256_0_TO_15(e,f,g,h,a,b,c,d);
403	ROUND256_0_TO_15(d,e,f,g,h,a,b,c);
404	ROUND256_0_TO_15(c,d,e,f,g,h,a,b);
405	ROUND256_0_TO_15(b,c,d,e,f,g,h,a);
406	} while (j < 16);
407
408	/* Now for the remaining rounds to 64: */
409	do {
410	ROUND256(a,b,c,d,e,f,g,h);
411	ROUND256(h,a,b,c,d,e,f,g);
412	ROUND256(g,h,a,b,c,d,e,f);
413	ROUND256(f,g,h,a,b,c,d,e);
414	ROUND256(e,f,g,h,a,b,c,d);
415	ROUND256(d,e,f,g,h,a,b,c);
416	ROUND256(c,d,e,f,g,h,a,b);
417	ROUND256(b,c,d,e,f,g,h,a);
418	} while (j < 64);
419
420	/* Compute the current intermediate hash value */
421	context->state[0] += a;
422	context->state[1] += b;
423	context->state[2] += c;
424	context->state[3] += d;
425	context->state[4] += e;
426	context->state[5] += f;
427	context->state[6] += g;
428	context->state[7] += h;
429
430	/* Clean up */
431	a = b = c = d = e = f = g = h = T1 = 0;
432	}
433
434	#else /* SHA2_UNROLL_TRANSFORM */
435
436	void SHA256_Transform(SHA256_CTX* context, const sha2_word32* data) {
437	sha2_word32 a, b, c, d, e, f, g, h, s0, s1;
438	sha2_word32 T1, T2, *W256;
439	int j;
440
441	W256 = (sha2_word32*)context->buffer;
442
443	/* Initialize registers with the prev. intermediate value */
444	a = context->state[0];
445	b = context->state[1];
446	c = context->state[2];
447	d = context->state[3];
448	e = context->state[4];
449	f = context->state[5];
450	g = context->state[6];
451	h = context->state[7];
452
453	j = 0;
454	do {
455	#if SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN
456	/* Copy data while converting to host byte order */
457	REVERSE32(*data++,W256[j]);
458	/* Apply the SHA-256 compression function to update a..h */
459	T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j];
460	#else /* SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN */
461	/* Apply the SHA-256 compression function to update a..h with copy */
462	T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++);
463	#endif /* SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN */
464	T2 = Sigma0_256(a) + Maj(a, b, c);
465	h = g;
466	g = f;
467	f = e;
468	e = d + T1;
469	d = c;
470	c = b;
471	b = a;
472	a = T1 + T2;
473
474	j++;
475	} while (j < 16);
476
477	do {
478	/* Part of the message block expansion: */
479	s0 = W256[(j+1)&0x0f];
480	s0 = sigma0_256(s0);
481	s1 = W256[(j+14)&0x0f];
482	s1 = sigma1_256(s1);
483
484	/* Apply the SHA-256 compression function to update a..h */
485	T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] +
486	(W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0);
487	T2 = Sigma0_256(a) + Maj(a, b, c);
488	h = g;
489	g = f;
490	f = e;
491	e = d + T1;
492	d = c;
493	c = b;
494	b = a;
495	a = T1 + T2;
496
497	j++;
498	} while (j < 64);
499
500	/* Compute the current intermediate hash value */
501	context->state[0] += a;
502	context->state[1] += b;
503	context->state[2] += c;
504	context->state[3] += d;
505	context->state[4] += e;
506	context->state[5] += f;
507	context->state[6] += g;
508	context->state[7] += h;
509
510	/* Clean up */
511	a = b = c = d = e = f = g = h = T1 = T2 = 0;
512	}
513
514	#endif /* SHA2_UNROLL_TRANSFORM */
515
516	void SHA256_Update(SHA256_CTX* context, const sha2_byte *data, size_t len) {
517	unsigned int freespace, usedspace;
518
519	if (len == 0) {
520	/* Calling with no data is valid - we do nothing */
521	return;
522	}
523
524	/* Sanity check: */
525	assert(context != (SHA256_CTX)0 && data != (sha2_byte)0);
526
527	#if MINIX_64BIT
528	usedspace= rem64u(context->bitcount, SHA256_BLOCK_LENGTH*8)/8;
529	#else /* !MINIX_64BIT */
530	usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH;
531	#endif /* MINIX_64BIT */
532	if (usedspace > 0) {
533	/* Calculate how much free space is available in the buffer */
534	freespace = SHA256_BLOCK_LENGTH - usedspace;
535
536	if (len >= freespace) {
537	/* Fill the buffer completely and process it */
538	bcopy(data, &context->buffer[usedspace], freespace);
539	#if MINIX_64BIT
540	context->bitcount= add64u(context->bitcount,
541	freespace << 3);
542	#else /* !MINIX_64BIT */
543	context->bitcount += freespace << 3;
544	#endif /* MINIX_64BIT */
545	len -= freespace;
546	data += freespace;
547	SHA256_Transform(context, (sha2_word32*)context->buffer);
548	} else {
549	/* The buffer is not yet full */
550	bcopy(data, &context->buffer[usedspace], len);
551	#if MINIX_64BIT
552	context->bitcount= add64u(context->bitcount, len << 3);
553	#else /* !MINIX_64BIT */
554	context->bitcount += len << 3;
555	#endif /* MINIX_64BIT */
556	/* Clean up: */
557	usedspace = freespace = 0;
558	return;
559	}
560	}
561	while (len >= SHA256_BLOCK_LENGTH) {
562	/* Process as many complete blocks as we can */
563	SHA256_Transform(context, (const sha2_word32*)data);
564	#if MINIX_64BIT
565	context->bitcount= add64u(context->bitcount,
566	SHA256_BLOCK_LENGTH << 3);
567	#else /* !MINIX_64BIT */
568	context->bitcount += SHA256_BLOCK_LENGTH << 3;
569	#endif /* MINIX_64BIT */
570	len -= SHA256_BLOCK_LENGTH;
571	data += SHA256_BLOCK_LENGTH;
572	}
573	if (len > 0) {
574	/* There's left-overs, so save 'em */
575	bcopy(data, context->buffer, len);
576	#if MINIX_64BIT
577	context->bitcount= add64u(context->bitcount, len << 3);
578	#else /* !MINIX_64BIT */
579	context->bitcount += len << 3;
580	#endif /* MINIX_64BIT */
581	}
582	/* Clean up: */
583	usedspace = freespace = 0;
584	}
585
586	void SHA256_Final(sha2_byte digest[], SHA256_CTX* context) {
587	sha2_word32 d = (sha2_word32)digest;
588	unsigned int usedspace;
589
590	/* Sanity check: */
591	assert(context != (SHA256_CTX*)0);
592
593	/* If no digest buffer is passed, we don't bother doing this: */
594	if (digest != (sha2_byte*)0) {
595	#if MINIX_64BIT
596	usedspace= rem64u(context->bitcount, SHA256_BLOCK_LENGTH*8)/8;
597	#else /* !MINIX_64BIT */
598	usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH;
599	#endif /* MINIX_64BIT */
600	#if SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN
601	/* Convert FROM host byte order */
602	REVERSE64(context->bitcount,context->bitcount);
603	#endif
604	if (usedspace > 0) {
605	/* Begin padding with a 1 bit: */
606	context->buffer[usedspace++] = 0x80;
607
608	if (usedspace <= SHA256_SHORT_BLOCK_LENGTH) {
609	/* Set-up for the last transform: */
610	bzero(&context->buffer[usedspace], SHA256_SHORT_BLOCK_LENGTH - usedspace);
611	} else {
612	if (usedspace < SHA256_BLOCK_LENGTH) {
613	bzero(&context->buffer[usedspace], SHA256_BLOCK_LENGTH - usedspace);
614	}
615	/* Do second-to-last transform: */
616	SHA256_Transform(context, (sha2_word32*)context->buffer);
617
618	/* And set-up for the last transform: */
619	bzero(context->buffer, SHA256_SHORT_BLOCK_LENGTH);
620	}
621	} else {
622	/* Set-up for the last transform: */
623	bzero(context->buffer, SHA256_SHORT_BLOCK_LENGTH);
624
625	/* Begin padding with a 1 bit: */
626	*context->buffer = 0x80;
627	}
628	/* Set the bit count: */
629	(sha2_word64)&context->buffer[SHA256_SHORT_BLOCK_LENGTH] = context->bitcount;
630
631	/* Final transform: */
632	SHA256_Transform(context, (sha2_word32*)context->buffer);
633
634	#if SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN
635	{
636	/* Convert TO host byte order */
637	int j;
638	for (j = 0; j < 8; j++) {
639	REVERSE32(context->state[j],context->state[j]);
640	*d++ = context->state[j];
641	}
642	}
643	#else
644	bcopy(context->state, d, SHA256_DIGEST_LENGTH);
645	#endif
646	}
647
648	/* Clean up state data: */
649	bzero(context, sizeof(context));
650	usedspace = 0;
651	}
652
653	char SHA256_End(SHA256_CTX context, char buffer[]) {
654	sha2_byte digest[SHA256_DIGEST_LENGTH], *d = digest;
655	int i;
656
657	/* Sanity check: */
658	assert(context != (SHA256_CTX*)0);
659
660	if (buffer != (char*)0) {
661	SHA256_Final(digest, context);
662
663	for (i = 0; i < SHA256_DIGEST_LENGTH; i++) {
664	buffer++ = sha2_hex_digits[(d & 0xf0) >> 4];
665	buffer++ = sha2_hex_digits[d & 0x0f];
666	d++;
667	}
668	*buffer = (char)0;
669	} else {
670	bzero(context, sizeof(context));
671	}
672	bzero(digest, SHA256_DIGEST_LENGTH);
673	return buffer;
674	}
675
676	char* SHA256_Data(const sha2_byte* data, size_t len, char digest[SHA256_DIGEST_STRING_LENGTH]) {
677	SHA256_CTX context;
678
679	SHA256_Init(&context);
680	SHA256_Update(&context, data, len);
681	return SHA256_End(&context, digest);
682	}
683
684	#if !NO_64BIT
685
686	/* SHA-512: *******************************************************/
687	void SHA512_Init(SHA512_CTX* context) {
688	if (context == (SHA512_CTX*)0) {
689	return;
690	}
691	bcopy(sha512_initial_hash_value, context->state, SHA512_DIGEST_LENGTH);
692	bzero(context->buffer, SHA512_BLOCK_LENGTH);
693	context->bitcount[0] = context->bitcount[1] = 0;
694	}
695
696	#ifdef SHA2_UNROLL_TRANSFORM
697
698	/* Unrolled SHA-512 round macros: */
699	#if SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN
700
701	#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
702	REVERSE64(*data++, W512[j]); \
703	T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
704	K512[j] + W512[j]; \
705	(d) += T1, \
706	(h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)), \
707	j++
708
709
710	#else /* SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN */
711
712	#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
713	T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
714	K512[j] + (W512[j] = *data++); \
715	(d) += T1; \
716	(h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
717	j++
718
719	#endif /* SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN */
720
721	#define ROUND512(a,b,c,d,e,f,g,h) \
722	s0 = W512[(j+1)&0x0f]; \
723	s0 = sigma0_512(s0); \
724	s1 = W512[(j+14)&0x0f]; \
725	s1 = sigma1_512(s1); \
726	T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \
727	(W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \
728	(d) += T1; \
729	(h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
730	j++
731
732	void SHA512_Transform(SHA512_CTX* context, const sha2_word64* data) {
733	sha2_word64 a, b, c, d, e, f, g, h, s0, s1;
734	sha2_word64 T1, W512 = (sha2_word64)context->buffer;
735	int j;
736
737	/* Initialize registers with the prev. intermediate value */
738	a = context->state[0];
739	b = context->state[1];
740	c = context->state[2];
741	d = context->state[3];
742	e = context->state[4];
743	f = context->state[5];
744	g = context->state[6];
745	h = context->state[7];
746
747	j = 0;
748	do {
749	ROUND512_0_TO_15(a,b,c,d,e,f,g,h);
750	ROUND512_0_TO_15(h,a,b,c,d,e,f,g);
751	ROUND512_0_TO_15(g,h,a,b,c,d,e,f);
752	ROUND512_0_TO_15(f,g,h,a,b,c,d,e);
753	ROUND512_0_TO_15(e,f,g,h,a,b,c,d);
754	ROUND512_0_TO_15(d,e,f,g,h,a,b,c);
755	ROUND512_0_TO_15(c,d,e,f,g,h,a,b);
756	ROUND512_0_TO_15(b,c,d,e,f,g,h,a);
757	} while (j < 16);
758
759	/* Now for the remaining rounds up to 79: */
760	do {
761	ROUND512(a,b,c,d,e,f,g,h);
762	ROUND512(h,a,b,c,d,e,f,g);
763	ROUND512(g,h,a,b,c,d,e,f);
764	ROUND512(f,g,h,a,b,c,d,e);
765	ROUND512(e,f,g,h,a,b,c,d);
766	ROUND512(d,e,f,g,h,a,b,c);
767	ROUND512(c,d,e,f,g,h,a,b);
768	ROUND512(b,c,d,e,f,g,h,a);
769	} while (j < 80);
770
771	/* Compute the current intermediate hash value */
772	context->state[0] += a;
773	context->state[1] += b;
774	context->state[2] += c;
775	context->state[3] += d;
776	context->state[4] += e;
777	context->state[5] += f;
778	context->state[6] += g;
779	context->state[7] += h;
780
781	/* Clean up */
782	a = b = c = d = e = f = g = h = T1 = 0;
783	}
784
785	#else /* SHA2_UNROLL_TRANSFORM */
786
787	void SHA512_Transform(SHA512_CTX* context, const sha2_word64* data) {
788	sha2_word64 a, b, c, d, e, f, g, h, s0, s1;
789	sha2_word64 T1, T2, W512 = (sha2_word64)context->buffer;
790	int j;
791
792	/* Initialize registers with the prev. intermediate value */
793	a = context->state[0];
794	b = context->state[1];
795	c = context->state[2];
796	d = context->state[3];
797	e = context->state[4];
798	f = context->state[5];
799	g = context->state[6];
800	h = context->state[7];
801
802	j = 0;
803	do {
804	#if SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN
805	/* Convert TO host byte order */
806	REVERSE64(*data++, W512[j]);
807	/* Apply the SHA-512 compression function to update a..h */
808	T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j];
809	#else /* SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN */
810	/* Apply the SHA-512 compression function to update a..h with copy */
811	T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++);
812	#endif /* SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN */
813	T2 = Sigma0_512(a) + Maj(a, b, c);
814	h = g;
815	g = f;
816	f = e;
817	e = d + T1;
818	d = c;
819	c = b;
820	b = a;
821	a = T1 + T2;
822
823	j++;
824	} while (j < 16);
825
826	do {
827	/* Part of the message block expansion: */
828	s0 = W512[(j+1)&0x0f];
829	s0 = sigma0_512(s0);
830	s1 = W512[(j+14)&0x0f];
831	s1 = sigma1_512(s1);
832
833	/* Apply the SHA-512 compression function to update a..h */
834	T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] +
835	(W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0);
836	T2 = Sigma0_512(a) + Maj(a, b, c);
837	h = g;
838	g = f;
839	f = e;
840	e = d + T1;
841	d = c;
842	c = b;
843	b = a;
844	a = T1 + T2;
845
846	j++;
847	} while (j < 80);
848
849	/* Compute the current intermediate hash value */
850	context->state[0] += a;
851	context->state[1] += b;
852	context->state[2] += c;
853	context->state[3] += d;
854	context->state[4] += e;
855	context->state[5] += f;
856	context->state[6] += g;
857	context->state[7] += h;
858
859	/* Clean up */
860	a = b = c = d = e = f = g = h = T1 = T2 = 0;
861	}
862
863	#endif /* SHA2_UNROLL_TRANSFORM */
864
865	void SHA512_Update(SHA512_CTX* context, const sha2_byte *data, size_t len) {
866	unsigned int freespace, usedspace;
867
868	if (len == 0) {
869	/* Calling with no data is valid - we do nothing */
870	return;
871	}
872
873	/* Sanity check: */
874	assert(context != (SHA512_CTX)0 && data != (sha2_byte)0);
875
876	usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH;
877	if (usedspace > 0) {
878	/* Calculate how much free space is available in the buffer */
879	freespace = SHA512_BLOCK_LENGTH - usedspace;
880
881	if (len >= freespace) {
882	/* Fill the buffer completely and process it */
883	bcopy(data, &context->buffer[usedspace], freespace);
884	ADDINC128(context->bitcount, freespace << 3);
885	len -= freespace;
886	data += freespace;
887	SHA512_Transform(context, (sha2_word64*)context->buffer);
888	} else {
889	/* The buffer is not yet full */
890	bcopy(data, &context->buffer[usedspace], len);
891	ADDINC128(context->bitcount, len << 3);
892	/* Clean up: */
893	usedspace = freespace = 0;
894	return;
895	}
896	}
897	while (len >= SHA512_BLOCK_LENGTH) {
898	/* Process as many complete blocks as we can */
899	SHA512_Transform(context, (const sha2_word64*)data);
900	ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3);
901	len -= SHA512_BLOCK_LENGTH;
902	data += SHA512_BLOCK_LENGTH;
903	}
904	if (len > 0) {
905	/* There's left-overs, so save 'em */
906	bcopy(data, context->buffer, len);
907	ADDINC128(context->bitcount, len << 3);
908	}
909	/* Clean up: */
910	usedspace = freespace = 0;
911	}
912
913	void SHA512_Last(SHA512_CTX* context) {
914	unsigned int usedspace;
915
916	usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH;
917	#if SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN
918	/* Convert FROM host byte order */
919	REVERSE64(context->bitcount[0],context->bitcount[0]);
920	REVERSE64(context->bitcount[1],context->bitcount[1]);
921	#endif
922	if (usedspace > 0) {
923	/* Begin padding with a 1 bit: */
924	context->buffer[usedspace++] = 0x80;
925
926	if (usedspace <= SHA512_SHORT_BLOCK_LENGTH) {
927	/* Set-up for the last transform: */
928	bzero(&context->buffer[usedspace], SHA512_SHORT_BLOCK_LENGTH - usedspace);
929	} else {
930	if (usedspace < SHA512_BLOCK_LENGTH) {
931	bzero(&context->buffer[usedspace], SHA512_BLOCK_LENGTH - usedspace);
932	}
933	/* Do second-to-last transform: */
934	SHA512_Transform(context, (sha2_word64*)context->buffer);
935
936	/* And set-up for the last transform: */
937	bzero(context->buffer, SHA512_BLOCK_LENGTH - 2);
938	}
939	} else {
940	/* Prepare for final transform: */
941	bzero(context->buffer, SHA512_SHORT_BLOCK_LENGTH);
942
943	/* Begin padding with a 1 bit: */
944	*context->buffer = 0x80;
945	}
946	/* Store the length of input data (in bits): */
947	(sha2_word64)&context->buffer[SHA512_SHORT_BLOCK_LENGTH] = context->bitcount[1];
948	(sha2_word64)&context->buffer[SHA512_SHORT_BLOCK_LENGTH+8] = context->bitcount[0];
949
950	/* Final transform: */
951	SHA512_Transform(context, (sha2_word64*)context->buffer);
952	}
953
954	void SHA512_Final(sha2_byte digest[], SHA512_CTX* context) {
955	sha2_word64 d = (sha2_word64)digest;
956
957	/* Sanity check: */
958	assert(context != (SHA512_CTX*)0);
959
960	/* If no digest buffer is passed, we don't bother doing this: */
961	if (digest != (sha2_byte*)0) {
962	SHA512_Last(context);
963
964	/* Save the hash data for output: */
965	#if SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN
966	{
967	/* Convert TO host byte order */
968	int j;
969	for (j = 0; j < 8; j++) {
970	REVERSE64(context->state[j],context->state[j]);
971	*d++ = context->state[j];
972	}
973	}
974	#else
975	bcopy(context->state, d, SHA512_DIGEST_LENGTH);
976	#endif
977	}
978
979	/* Zero out state data */
980	bzero(context, sizeof(context));
981	}
982
983	char SHA512_End(SHA512_CTX context, char buffer[]) {
984	sha2_byte digest[SHA512_DIGEST_LENGTH], *d = digest;
985	int i;
986
987	/* Sanity check: */
988	assert(context != (SHA512_CTX*)0);
989
990	if (buffer != (char*)0) {
991	SHA512_Final(digest, context);
992
993	for (i = 0; i < SHA512_DIGEST_LENGTH; i++) {
994	buffer++ = sha2_hex_digits[(d & 0xf0) >> 4];
995	buffer++ = sha2_hex_digits[d & 0x0f];
996	d++;
997	}
998	*buffer = (char)0;
999	} else {
1000	bzero(context, sizeof(context));
1001	}
1002	bzero(digest, SHA512_DIGEST_LENGTH);
1003	return buffer;
1004	}
1005
1006	char* SHA512_Data(const sha2_byte* data, size_t len, char digest[SHA512_DIGEST_STRING_LENGTH]) {
1007	SHA512_CTX context;
1008
1009	SHA512_Init(&context);
1010	SHA512_Update(&context, data, len);
1011	return SHA512_End(&context, digest);
1012	}
1013
1014
1015	/* SHA-384: *******************************************************/
1016	void SHA384_Init(SHA384_CTX* context) {
1017	if (context == (SHA384_CTX*)0) {
1018	return;
1019	}
1020	bcopy(sha384_initial_hash_value, context->state, SHA512_DIGEST_LENGTH);
1021	bzero(context->buffer, SHA384_BLOCK_LENGTH);
1022	context->bitcount[0] = context->bitcount[1] = 0;
1023	}
1024
1025	void SHA384_Update(SHA384_CTX* context, const sha2_byte* data, size_t len) {
1026	SHA512_Update((SHA512_CTX*)context, data, len);
1027	}
1028
1029	void SHA384_Final(sha2_byte digest[], SHA384_CTX* context) {
1030	sha2_word64 d = (sha2_word64)digest;
1031
1032	/* Sanity check: */
1033	assert(context != (SHA384_CTX*)0);
1034
1035	/* If no digest buffer is passed, we don't bother doing this: */
1036	if (digest != (sha2_byte*)0) {
1037	SHA512_Last((SHA512_CTX*)context);
1038
1039	/* Save the hash data for output: */
1040	#if SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN
1041	{
1042	/* Convert TO host byte order */
1043	int j;
1044	for (j = 0; j < 6; j++) {
1045	REVERSE64(context->state[j],context->state[j]);
1046	*d++ = context->state[j];
1047	}
1048	}
1049	#else
1050	bcopy(context->state, d, SHA384_DIGEST_LENGTH);
1051	#endif
1052	}
1053
1054	/* Zero out state data */
1055	bzero(context, sizeof(context));
1056	}
1057
1058	char SHA384_End(SHA384_CTX context, char buffer[]) {
1059	sha2_byte digest[SHA384_DIGEST_LENGTH], *d = digest;
1060	int i;
1061
1062	/* Sanity check: */
1063	assert(context != (SHA384_CTX*)0);
1064
1065	if (buffer != (char*)0) {
1066	SHA384_Final(digest, context);
1067
1068	for (i = 0; i < SHA384_DIGEST_LENGTH; i++) {
1069	buffer++ = sha2_hex_digits[(d & 0xf0) >> 4];
1070	buffer++ = sha2_hex_digits[d & 0x0f];
1071	d++;
1072	}
1073	*buffer = (char)0;
1074	} else {
1075	bzero(context, sizeof(context));
1076	}
1077	bzero(digest, SHA384_DIGEST_LENGTH);
1078	return buffer;
1079	}
1080
1081	char* SHA384_Data(const sha2_byte* data, size_t len, char digest[SHA384_DIGEST_STRING_LENGTH]) {
1082	SHA384_CTX context;
1083
1084	SHA384_Init(&context);
1085	SHA384_Update(&context, data, len);
1086	return SHA384_End(&context, digest);
1087	}
1088
1089	#endif /* !NO_64BIT */
1090
1091	/*
1092	* $PchId: sha2.c,v 1.1 2005/06/28 14:29:23 philip Exp $
1093	*/

Note: See TracBrowser for help on using the repository browser.

Download in other formats: