1 /*
2 * FIPS-180-2 compliant SHA-256 implementation
3 * written by Christophe Devine
4 *
5 * This code has been distributed as PUBLIC DOMAIN.
6 *
7 * Although normally licensed under the GPL on the author's web site,
8 * he has given me permission to distribute it as public domain as
9 * part of md5deep. THANK YOU! Software authors are encouraged to
10 * use the GPL'ed version of this code available at:
11 * http://www.cr0.net:8040/code/crypto/sha256/ whenever possible.
12 */
13
14 /* $Id$ */
15
16 #include <string.h>
17 #include "sha256.h"
18
19
hash_init_sha256(void * ctx)20 void hash_init_sha256(void * ctx)
21 {
22 sha256_starts((context_sha256_t *)ctx);
23 }
24
hash_update_sha256(void * ctx,const unsigned char * buf,size_t len)25 void hash_update_sha256(void * ctx, const unsigned char *buf, size_t len)
26 {
27 sha256_update((context_sha256_t *)ctx,buf,(uint32_t) len);
28 }
29
hash_final_sha256(void * ctx,unsigned char * digest)30 void hash_final_sha256(void * ctx, unsigned char *digest)
31 {
32 sha256_finish((context_sha256_t *)ctx, digest);
33 }
34
35
36
37 #define GET_UINT32(n,b,i) \
38 { \
39 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
40 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
41 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
42 | ( (uint32_t) (b)[(i) + 3] ); \
43 }
44
45 #define PUT_UINT32(n,b,i) \
46 { \
47 (b)[(i) ] = (uint8_t) ( (n) >> 24 ); \
48 (b)[(i) + 1] = (uint8_t) ( (n) >> 16 ); \
49 (b)[(i) + 2] = (uint8_t) ( (n) >> 8 ); \
50 (b)[(i) + 3] = (uint8_t) ( (n) ); \
51 }
52
sha256_starts(context_sha256_t * ctx)53 void sha256_starts( context_sha256_t *ctx )
54 {
55 ctx->total[0] = 0;
56 ctx->total[1] = 0;
57
58 ctx->state[0] = 0x6A09E667;
59 ctx->state[1] = 0xBB67AE85;
60 ctx->state[2] = 0x3C6EF372;
61 ctx->state[3] = 0xA54FF53A;
62 ctx->state[4] = 0x510E527F;
63 ctx->state[5] = 0x9B05688C;
64 ctx->state[6] = 0x1F83D9AB;
65 ctx->state[7] = 0x5BE0CD19;
66 }
67
68 void sha256_process( context_sha256_t *ctx, const uint8_t data[64] );
sha256_process(context_sha256_t * ctx,const uint8_t data[64])69 void sha256_process( context_sha256_t *ctx, const uint8_t data[64] )
70 {
71 uint32_t temp1, temp2, W[64];
72 uint32_t A, B, C, D, E, F, G, H;
73
74 GET_UINT32( W[0], data, 0 );
75 GET_UINT32( W[1], data, 4 );
76 GET_UINT32( W[2], data, 8 );
77 GET_UINT32( W[3], data, 12 );
78 GET_UINT32( W[4], data, 16 );
79 GET_UINT32( W[5], data, 20 );
80 GET_UINT32( W[6], data, 24 );
81 GET_UINT32( W[7], data, 28 );
82 GET_UINT32( W[8], data, 32 );
83 GET_UINT32( W[9], data, 36 );
84 GET_UINT32( W[10], data, 40 );
85 GET_UINT32( W[11], data, 44 );
86 GET_UINT32( W[12], data, 48 );
87 GET_UINT32( W[13], data, 52 );
88 GET_UINT32( W[14], data, 56 );
89 GET_UINT32( W[15], data, 60 );
90
91 #define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
92 #define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
93
94 #define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
95 #define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
96
97 #define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
98 #define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
99
100 #define F0(x,y,z) ((x & y) | (z & (x | y)))
101 #define F1(x,y,z) (z ^ (x & (y ^ z)))
102
103 #define R(t) \
104 ( \
105 W[t] = S1(W[t - 2]) + W[t - 7] + \
106 S0(W[t - 15]) + W[t - 16] \
107 )
108
109 #define P(a,b,c,d,e,f,g,h,x,K) \
110 { \
111 temp1 = h + S3(e) + F1(e,f,g) + K + x; \
112 temp2 = S2(a) + F0(a,b,c); \
113 d += temp1; h = temp1 + temp2; \
114 }
115
116 A = ctx->state[0];
117 B = ctx->state[1];
118 C = ctx->state[2];
119 D = ctx->state[3];
120 E = ctx->state[4];
121 F = ctx->state[5];
122 G = ctx->state[6];
123 H = ctx->state[7];
124
125 P( A, B, C, D, E, F, G, H, W[ 0], 0x428A2F98 );
126 P( H, A, B, C, D, E, F, G, W[ 1], 0x71374491 );
127 P( G, H, A, B, C, D, E, F, W[ 2], 0xB5C0FBCF );
128 P( F, G, H, A, B, C, D, E, W[ 3], 0xE9B5DBA5 );
129 P( E, F, G, H, A, B, C, D, W[ 4], 0x3956C25B );
130 P( D, E, F, G, H, A, B, C, W[ 5], 0x59F111F1 );
131 P( C, D, E, F, G, H, A, B, W[ 6], 0x923F82A4 );
132 P( B, C, D, E, F, G, H, A, W[ 7], 0xAB1C5ED5 );
133 P( A, B, C, D, E, F, G, H, W[ 8], 0xD807AA98 );
134 P( H, A, B, C, D, E, F, G, W[ 9], 0x12835B01 );
135 P( G, H, A, B, C, D, E, F, W[10], 0x243185BE );
136 P( F, G, H, A, B, C, D, E, W[11], 0x550C7DC3 );
137 P( E, F, G, H, A, B, C, D, W[12], 0x72BE5D74 );
138 P( D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE );
139 P( C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7 );
140 P( B, C, D, E, F, G, H, A, W[15], 0xC19BF174 );
141 P( A, B, C, D, E, F, G, H, R(16), 0xE49B69C1 );
142 P( H, A, B, C, D, E, F, G, R(17), 0xEFBE4786 );
143 P( G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6 );
144 P( F, G, H, A, B, C, D, E, R(19), 0x240CA1CC );
145 P( E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F );
146 P( D, E, F, G, H, A, B, C, R(21), 0x4A7484AA );
147 P( C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC );
148 P( B, C, D, E, F, G, H, A, R(23), 0x76F988DA );
149 P( A, B, C, D, E, F, G, H, R(24), 0x983E5152 );
150 P( H, A, B, C, D, E, F, G, R(25), 0xA831C66D );
151 P( G, H, A, B, C, D, E, F, R(26), 0xB00327C8 );
152 P( F, G, H, A, B, C, D, E, R(27), 0xBF597FC7 );
153 P( E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3 );
154 P( D, E, F, G, H, A, B, C, R(29), 0xD5A79147 );
155 P( C, D, E, F, G, H, A, B, R(30), 0x06CA6351 );
156 P( B, C, D, E, F, G, H, A, R(31), 0x14292967 );
157 P( A, B, C, D, E, F, G, H, R(32), 0x27B70A85 );
158 P( H, A, B, C, D, E, F, G, R(33), 0x2E1B2138 );
159 P( G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC );
160 P( F, G, H, A, B, C, D, E, R(35), 0x53380D13 );
161 P( E, F, G, H, A, B, C, D, R(36), 0x650A7354 );
162 P( D, E, F, G, H, A, B, C, R(37), 0x766A0ABB );
163 P( C, D, E, F, G, H, A, B, R(38), 0x81C2C92E );
164 P( B, C, D, E, F, G, H, A, R(39), 0x92722C85 );
165 P( A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1 );
166 P( H, A, B, C, D, E, F, G, R(41), 0xA81A664B );
167 P( G, H, A, B, C, D, E, F, R(42), 0xC24B8B70 );
168 P( F, G, H, A, B, C, D, E, R(43), 0xC76C51A3 );
169 P( E, F, G, H, A, B, C, D, R(44), 0xD192E819 );
170 P( D, E, F, G, H, A, B, C, R(45), 0xD6990624 );
171 P( C, D, E, F, G, H, A, B, R(46), 0xF40E3585 );
172 P( B, C, D, E, F, G, H, A, R(47), 0x106AA070 );
173 P( A, B, C, D, E, F, G, H, R(48), 0x19A4C116 );
174 P( H, A, B, C, D, E, F, G, R(49), 0x1E376C08 );
175 P( G, H, A, B, C, D, E, F, R(50), 0x2748774C );
176 P( F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5 );
177 P( E, F, G, H, A, B, C, D, R(52), 0x391C0CB3 );
178 P( D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A );
179 P( C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F );
180 P( B, C, D, E, F, G, H, A, R(55), 0x682E6FF3 );
181 P( A, B, C, D, E, F, G, H, R(56), 0x748F82EE );
182 P( H, A, B, C, D, E, F, G, R(57), 0x78A5636F );
183 P( G, H, A, B, C, D, E, F, R(58), 0x84C87814 );
184 P( F, G, H, A, B, C, D, E, R(59), 0x8CC70208 );
185 P( E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA );
186 P( D, E, F, G, H, A, B, C, R(61), 0xA4506CEB );
187 P( C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7 );
188 P( B, C, D, E, F, G, H, A, R(63), 0xC67178F2 );
189
190 ctx->state[0] += A;
191 ctx->state[1] += B;
192 ctx->state[2] += C;
193 ctx->state[3] += D;
194 ctx->state[4] += E;
195 ctx->state[5] += F;
196 ctx->state[6] += G;
197 ctx->state[7] += H;
198 }
199
sha256_update(context_sha256_t * ctx,const uint8_t * input,uint32_t length)200 void sha256_update( context_sha256_t *ctx, const uint8_t *input, uint32_t length )
201 {
202 uint32_t left, fill;
203
204 if( ! length ) return;
205
206 left = ctx->total[0] & 0x3F;
207 fill = 64 - left;
208
209 ctx->total[0] += length;
210 ctx->total[0] &= 0xFFFFFFFF;
211
212 if( ctx->total[0] < length )
213 ctx->total[1]++;
214
215 if( left && length >= fill )
216 {
217 memcpy( (void *) (ctx->buffer + left),
218 (const void *) input, fill );
219 sha256_process( ctx, ctx->buffer );
220 length -= fill;
221 input += fill;
222 left = 0;
223 }
224
225 while( length >= 64 )
226 {
227 sha256_process( ctx, input );
228 length -= 64;
229 input += 64;
230 }
231
232 if( length )
233 {
234 memcpy( (void *) (ctx->buffer + left),
235 (const void *) input, length );
236 }
237 }
238
239 static uint8_t sha256_padding[64] =
240 {
241 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
242 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
243 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
244 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
245 };
246
sha256_finish(context_sha256_t * ctx,uint8_t digest[32])247 void sha256_finish( context_sha256_t *ctx, uint8_t digest[32] )
248 {
249 uint32_t last, padn;
250 uint32_t high, low;
251 uint8_t msglen[8];
252
253 high = ( ctx->total[0] >> 29 )
254 | ( ctx->total[1] << 3 );
255 low = ( ctx->total[0] << 3 );
256
257 PUT_UINT32( high, msglen, 0 );
258 PUT_UINT32( low, msglen, 4 );
259
260 last = ctx->total[0] & 0x3F;
261 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
262
263 sha256_update( ctx, sha256_padding, padn );
264 sha256_update( ctx, msglen, 8 );
265
266 PUT_UINT32( ctx->state[0], digest, 0 );
267 PUT_UINT32( ctx->state[1], digest, 4 );
268 PUT_UINT32( ctx->state[2], digest, 8 );
269 PUT_UINT32( ctx->state[3], digest, 12 );
270 PUT_UINT32( ctx->state[4], digest, 16 );
271 PUT_UINT32( ctx->state[5], digest, 20 );
272 PUT_UINT32( ctx->state[6], digest, 24 );
273 PUT_UINT32( ctx->state[7], digest, 28 );
274 }
275
276 #ifdef TEST
277
278 #include <stdlib.h>
279 #include <stdio.h>
280
281 /*
282 * those are the standard FIPS-180-2 test vectors
283 */
284
285 static char *msg[] =
286 {
287 "abc",
288 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
289 NULL
290 };
291
292 static char *val[] =
293 {
294 "ba7816bf8f01cfea414140de5dae2223" \
295 "b00361a396177a9cb410ff61f20015ad",
296 "248d6a61d20638b8e5c026930c3e6039" \
297 "a33ce45964ff2167f6ecedd419db06c1",
298 "cdc76e5c9914fb9281a1c7e284d73e67" \
299 "f1809a48a497200e046d39ccc7112cd0"
300 };
301
main(int argc,char * argv[])302 int main( int argc, char *argv[] )
303 {
304 FILE *f;
305 int i, j;
306 char output[65];
307 context_sha256_t ctx;
308 unsigned char buf[1000];
309 unsigned char sha256sum[32];
310
311 if( argc < 2 )
312 {
313 printf( "\n SHA-256 Validation Tests:\n\n" );
314
315 for( i = 0; i < 3; i++ )
316 {
317 printf( " Test %d ", i + 1 );
318
319 sha256_starts( &ctx );
320
321 if( i < 2 )
322 {
323 sha256_update( &ctx, (uint8_t *) msg[i],
324 strlen( msg[i] ) );
325 }
326 else
327 {
328 memset( buf, 'a', 1000 );
329
330 for( j = 0; j < 1000; j++ )
331 {
332 sha256_update( &ctx, (uint8_t *) buf, 1000 );
333 }
334 }
335
336 sha256_finish( &ctx, sha256sum );
337
338 for( j = 0; j < 32; j++ )
339 {
340 sprintf( output + j * 2, "%02x", sha256sum[j] );
341 }
342
343 if( memcmp( output, val[i], 64 ) )
344 {
345 printf( "failed!\n" );
346 return( 1 );
347 }
348
349 printf( "passed.\n" );
350 }
351
352 printf( "\n" );
353 }
354 else
355 {
356 if( ! ( f = fopen( argv[1], "rb" ) ) )
357 {
358 perror( "fopen" );
359 return( 1 );
360 }
361
362 sha256_starts( &ctx );
363
364 while( ( i = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
365 {
366 sha256_update( &ctx, buf, i );
367 }
368
369 sha256_finish( &ctx, sha256sum );
370
371 for( j = 0; j < 32; j++ )
372 {
373 printf( "%02x", sha256sum[j] );
374 }
375
376 printf( " %s\n", argv[1] );
377 }
378
379 return( 0 );
380 }
381
382 #endif
383