389ff92cc1
* Makefile, Scripts: new linter * About: remove ID from IC * Firmware: remove double define for DIVC/DIVR * Scripts: check folder names too. Docker: replace syntax check with make lint. * Reformat Sources and Migrate to new file naming convention * Docker: symlink clang-format-12 to clang-format * Add coding style guide
222 lines
7.1 KiB
C
222 lines
7.1 KiB
C
/*
|
|
* sha256.c -- Compute SHA-256 hash
|
|
*
|
|
* Just for little endian architecture.
|
|
*
|
|
* Code taken from:
|
|
* http://gladman.plushost.co.uk/oldsite/cryptography_technology/sha/index.php
|
|
*
|
|
* File names are sha2.c, sha2.h, brg_types.h, brg_endian.h
|
|
* in the archive sha2-07-01-07.zip.
|
|
*
|
|
* Code is modified in the style of PolarSSL API.
|
|
*
|
|
* See original copyright notice below.
|
|
*/
|
|
/*
|
|
---------------------------------------------------------------------------
|
|
Copyright (c) 2002, Dr Brian Gladman, Worcester, UK. All rights reserved.
|
|
|
|
LICENSE TERMS
|
|
|
|
The free distribution and use of this software in both source and binary
|
|
form is allowed (with or without changes) provided that:
|
|
|
|
1. distributions of this source code include the above copyright
|
|
notice, this list of conditions and the following disclaimer;
|
|
|
|
2. distributions in binary form include the above copyright
|
|
notice, this list of conditions and the following disclaimer
|
|
in the documentation and/or other associated materials;
|
|
|
|
3. the copyright holder's name is not used to endorse products
|
|
built using this software without specific written permission.
|
|
|
|
ALTERNATIVELY, provided that this notice is retained in full, this product
|
|
may be distributed under the terms of the GNU General Public License (GPL),
|
|
in which case the provisions of the GPL apply INSTEAD OF those given above.
|
|
|
|
DISCLAIMER
|
|
|
|
This software is provided 'as is' with no explicit or implied warranties
|
|
in respect of its properties, including, but not limited to, correctness
|
|
and/or fitness for purpose.
|
|
---------------------------------------------------------------------------
|
|
Issue Date: 01/08/2005
|
|
*/
|
|
|
|
#include <string.h>
|
|
#include <stdint.h>
|
|
#include <stdlib.h>
|
|
#include "sha256.h"
|
|
|
|
#define SHA256_MASK (SHA256_BLOCK_SIZE - 1)
|
|
|
|
static void memcpy_output_bswap32(unsigned char* dst, const uint32_t* p) {
|
|
int i;
|
|
uint32_t q = 0;
|
|
|
|
for(i = 0; i < 32; i++) {
|
|
if((i & 3) == 0) q = __builtin_bswap32(p[i >> 2]); /* bswap32 is GCC extention */
|
|
dst[i] = q >> ((i & 3) * 8);
|
|
}
|
|
}
|
|
|
|
#define rotr32(x, n) (((x) >> n) | ((x) << (32 - n)))
|
|
|
|
#define ch(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
|
|
#define maj(x, y, z) (((x) & (y)) | ((z) & ((x) ^ (y))))
|
|
|
|
/* round transforms for SHA256 compression functions */
|
|
#define vf(n, i) v[(n - i) & 7]
|
|
|
|
#define hf(i) (p[i & 15] += g_1(p[(i + 14) & 15]) + p[(i + 9) & 15] + g_0(p[(i + 1) & 15]))
|
|
|
|
#define v_cycle0(i) \
|
|
p[i] = __builtin_bswap32(p[i]); \
|
|
vf(7, i) += p[i] + k_0[i] + s_1(vf(4, i)) + ch(vf(4, i), vf(5, i), vf(6, i)); \
|
|
vf(3, i) += vf(7, i); \
|
|
vf(7, i) += s_0(vf(0, i)) + maj(vf(0, i), vf(1, i), vf(2, i))
|
|
|
|
#define v_cycle(i, j) \
|
|
vf(7, i) += hf(i) + k_0[i + j] + s_1(vf(4, i)) + ch(vf(4, i), vf(5, i), vf(6, i)); \
|
|
vf(3, i) += vf(7, i); \
|
|
vf(7, i) += s_0(vf(0, i)) + maj(vf(0, i), vf(1, i), vf(2, i))
|
|
|
|
#define s_0(x) (rotr32((x), 2) ^ rotr32((x), 13) ^ rotr32((x), 22))
|
|
#define s_1(x) (rotr32((x), 6) ^ rotr32((x), 11) ^ rotr32((x), 25))
|
|
#define g_0(x) (rotr32((x), 7) ^ rotr32((x), 18) ^ ((x) >> 3))
|
|
#define g_1(x) (rotr32((x), 17) ^ rotr32((x), 19) ^ ((x) >> 10))
|
|
#define k_0 k256
|
|
|
|
static const uint32_t k256[64] = {
|
|
0X428A2F98, 0X71374491, 0XB5C0FBCF, 0XE9B5DBA5, 0X3956C25B, 0X59F111F1, 0X923F82A4, 0XAB1C5ED5,
|
|
0XD807AA98, 0X12835B01, 0X243185BE, 0X550C7DC3, 0X72BE5D74, 0X80DEB1FE, 0X9BDC06A7, 0XC19BF174,
|
|
0XE49B69C1, 0XEFBE4786, 0X0FC19DC6, 0X240CA1CC, 0X2DE92C6F, 0X4A7484AA, 0X5CB0A9DC, 0X76F988DA,
|
|
0X983E5152, 0XA831C66D, 0XB00327C8, 0XBF597FC7, 0XC6E00BF3, 0XD5A79147, 0X06CA6351, 0X14292967,
|
|
0X27B70A85, 0X2E1B2138, 0X4D2C6DFC, 0X53380D13, 0X650A7354, 0X766A0ABB, 0X81C2C92E, 0X92722C85,
|
|
0XA2BFE8A1, 0XA81A664B, 0XC24B8B70, 0XC76C51A3, 0XD192E819, 0XD6990624, 0XF40E3585, 0X106AA070,
|
|
0X19A4C116, 0X1E376C08, 0X2748774C, 0X34B0BCB5, 0X391C0CB3, 0X4ED8AA4A, 0X5B9CCA4F, 0X682E6FF3,
|
|
0X748F82EE, 0X78A5636F, 0X84C87814, 0X8CC70208, 0X90BEFFFA, 0XA4506CEB, 0XBEF9A3F7, 0XC67178F2,
|
|
};
|
|
|
|
void sha256_process(sha256_context* ctx) {
|
|
uint32_t i;
|
|
uint32_t* p = ctx->wbuf;
|
|
uint32_t v[8];
|
|
|
|
memcpy(v, ctx->state, 8 * sizeof(uint32_t));
|
|
|
|
v_cycle0(0);
|
|
v_cycle0(1);
|
|
v_cycle0(2);
|
|
v_cycle0(3);
|
|
v_cycle0(4);
|
|
v_cycle0(5);
|
|
v_cycle0(6);
|
|
v_cycle0(7);
|
|
v_cycle0(8);
|
|
v_cycle0(9);
|
|
v_cycle0(10);
|
|
v_cycle0(11);
|
|
v_cycle0(12);
|
|
v_cycle0(13);
|
|
v_cycle0(14);
|
|
v_cycle0(15);
|
|
|
|
for(i = 16; i < 64; i += 16) {
|
|
v_cycle(0, i);
|
|
v_cycle(1, i);
|
|
v_cycle(2, i);
|
|
v_cycle(3, i);
|
|
v_cycle(4, i);
|
|
v_cycle(5, i);
|
|
v_cycle(6, i);
|
|
v_cycle(7, i);
|
|
v_cycle(8, i);
|
|
v_cycle(9, i);
|
|
v_cycle(10, i);
|
|
v_cycle(11, i);
|
|
v_cycle(12, i);
|
|
v_cycle(13, i);
|
|
v_cycle(14, i);
|
|
v_cycle(15, i);
|
|
}
|
|
|
|
ctx->state[0] += v[0];
|
|
ctx->state[1] += v[1];
|
|
ctx->state[2] += v[2];
|
|
ctx->state[3] += v[3];
|
|
ctx->state[4] += v[4];
|
|
ctx->state[5] += v[5];
|
|
ctx->state[6] += v[6];
|
|
ctx->state[7] += v[7];
|
|
}
|
|
|
|
void sha256_update(sha256_context* ctx, const unsigned char* input, unsigned int ilen) {
|
|
uint32_t left = (ctx->total[0] & SHA256_MASK);
|
|
uint32_t fill = SHA256_BLOCK_SIZE - left;
|
|
|
|
ctx->total[0] += ilen;
|
|
if(ctx->total[0] < ilen) ctx->total[1]++;
|
|
|
|
while(ilen >= fill) {
|
|
memcpy(((unsigned char*)ctx->wbuf) + left, input, fill);
|
|
sha256_process(ctx);
|
|
input += fill;
|
|
ilen -= fill;
|
|
left = 0;
|
|
fill = SHA256_BLOCK_SIZE;
|
|
}
|
|
|
|
memcpy(((unsigned char*)ctx->wbuf) + left, input, ilen);
|
|
}
|
|
|
|
void sha256_finish(sha256_context* ctx, unsigned char output[32]) {
|
|
uint32_t last = (ctx->total[0] & SHA256_MASK);
|
|
|
|
ctx->wbuf[last >> 2] = __builtin_bswap32(ctx->wbuf[last >> 2]);
|
|
ctx->wbuf[last >> 2] &= 0xffffff80 << (8 * (~last & 3));
|
|
ctx->wbuf[last >> 2] |= 0x00000080 << (8 * (~last & 3));
|
|
ctx->wbuf[last >> 2] = __builtin_bswap32(ctx->wbuf[last >> 2]);
|
|
|
|
if(last > SHA256_BLOCK_SIZE - 9) {
|
|
if(last < 60) ctx->wbuf[15] = 0;
|
|
sha256_process(ctx);
|
|
last = 0;
|
|
} else
|
|
last = (last >> 2) + 1;
|
|
|
|
while(last < 14) ctx->wbuf[last++] = 0;
|
|
|
|
ctx->wbuf[14] = __builtin_bswap32((ctx->total[0] >> 29) | (ctx->total[1] << 3));
|
|
ctx->wbuf[15] = __builtin_bswap32(ctx->total[0] << 3);
|
|
sha256_process(ctx);
|
|
|
|
memcpy_output_bswap32(output, ctx->state);
|
|
memset(ctx, 0, sizeof(sha256_context));
|
|
}
|
|
|
|
static const uint32_t initial_state[8] = {
|
|
0x6a09e667,
|
|
0xbb67ae85,
|
|
0x3c6ef372,
|
|
0xa54ff53a,
|
|
0x510e527f,
|
|
0x9b05688c,
|
|
0x1f83d9ab,
|
|
0x5be0cd19};
|
|
|
|
void sha256_start(sha256_context* ctx) {
|
|
ctx->total[0] = ctx->total[1] = 0;
|
|
memcpy(ctx->state, initial_state, 8 * sizeof(uint32_t));
|
|
}
|
|
|
|
void sha256(const unsigned char* input, unsigned int ilen, unsigned char output[32]) {
|
|
sha256_context ctx;
|
|
|
|
sha256_start(&ctx);
|
|
sha256_update(&ctx, input, ilen);
|
|
sha256_finish(&ctx, output);
|
|
}
|