Chunk is purely a wrapper class, any 'state variables', like 'characters in room...
[UnsignedByte.git] / src / Resource / sha2.c
bloba30a6a07db884fc2ab8a96146852c2b3cae67010
1 /*
2 * FIPS-180-2 compliant SHA-256 implementation
4 * Copyright (C) 2006-2007 Christophe Devine
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License, version 2.1 as published by the Free Software Foundation.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
18 * MA 02110-1301 USA
21 * The SHA-256 Secure Hash Standard was published by NIST in 2002.
23 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
26 #ifndef _CRT_SECURE_NO_DEPRECATE
27 #define _CRT_SECURE_NO_DEPRECATE 1
28 #endif
30 #include <string.h>
31 #include <stdio.h>
33 #include "sha2.h"
36 * 32-bit integer manipulation macros (big endian)
38 #ifndef GET_UINT32_BE
39 #define GET_UINT32_BE(n,b,i) \
40 { \
41 (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
42 | ( (unsigned long) (b)[(i) + 1] << 16 ) \
43 | ( (unsigned long) (b)[(i) + 2] << 8 ) \
44 | ( (unsigned long) (b)[(i) + 3] ); \
46 #endif
48 #ifndef PUT_UINT32_BE
49 #define PUT_UINT32_BE(n,b,i) \
50 { \
51 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
52 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
53 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
54 (b)[(i) + 3] = (unsigned char) ( (n) ); \
56 #endif
59 * SHA-256 context setup
61 void sha2_starts( sha2_context *ctx, int is224 )
63 ctx->total[0] = 0;
64 ctx->total[1] = 0;
66 if( is224 == 0 )
68 /* SHA-256 */
69 ctx->state[0] = 0x6A09E667;
70 ctx->state[1] = 0xBB67AE85;
71 ctx->state[2] = 0x3C6EF372;
72 ctx->state[3] = 0xA54FF53A;
73 ctx->state[4] = 0x510E527F;
74 ctx->state[5] = 0x9B05688C;
75 ctx->state[6] = 0x1F83D9AB;
76 ctx->state[7] = 0x5BE0CD19;
78 else
80 /* SHA-224 */
81 ctx->state[0] = 0xC1059ED8;
82 ctx->state[1] = 0x367CD507;
83 ctx->state[2] = 0x3070DD17;
84 ctx->state[3] = 0xF70E5939;
85 ctx->state[4] = 0xFFC00B31;
86 ctx->state[5] = 0x68581511;
87 ctx->state[6] = 0x64F98FA7;
88 ctx->state[7] = 0xBEFA4FA4;
91 ctx->is224 = is224;
94 static void sha2_process( sha2_context *ctx, unsigned char data[64] )
96 unsigned long temp1, temp2, W[64];
97 unsigned long A, B, C, D, E, F, G, H;
99 GET_UINT32_BE( W[ 0], data, 0 );
100 GET_UINT32_BE( W[ 1], data, 4 );
101 GET_UINT32_BE( W[ 2], data, 8 );
102 GET_UINT32_BE( W[ 3], data, 12 );
103 GET_UINT32_BE( W[ 4], data, 16 );
104 GET_UINT32_BE( W[ 5], data, 20 );
105 GET_UINT32_BE( W[ 6], data, 24 );
106 GET_UINT32_BE( W[ 7], data, 28 );
107 GET_UINT32_BE( W[ 8], data, 32 );
108 GET_UINT32_BE( W[ 9], data, 36 );
109 GET_UINT32_BE( W[10], data, 40 );
110 GET_UINT32_BE( W[11], data, 44 );
111 GET_UINT32_BE( W[12], data, 48 );
112 GET_UINT32_BE( W[13], data, 52 );
113 GET_UINT32_BE( W[14], data, 56 );
114 GET_UINT32_BE( W[15], data, 60 );
116 #define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
117 #define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
119 #define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
120 #define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
122 #define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
123 #define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
125 #define F0(x,y,z) ((x & y) | (z & (x | y)))
126 #define F1(x,y,z) (z ^ (x & (y ^ z)))
128 #define R(t) \
130 W[t] = S1(W[t - 2]) + W[t - 7] + \
131 S0(W[t - 15]) + W[t - 16] \
134 #define P(a,b,c,d,e,f,g,h,x,K) \
136 temp1 = h + S3(e) + F1(e,f,g) + K + x; \
137 temp2 = S2(a) + F0(a,b,c); \
138 d += temp1; h = temp1 + temp2; \
141 A = ctx->state[0];
142 B = ctx->state[1];
143 C = ctx->state[2];
144 D = ctx->state[3];
145 E = ctx->state[4];
146 F = ctx->state[5];
147 G = ctx->state[6];
148 H = ctx->state[7];
150 P( A, B, C, D, E, F, G, H, W[ 0], 0x428A2F98 );
151 P( H, A, B, C, D, E, F, G, W[ 1], 0x71374491 );
152 P( G, H, A, B, C, D, E, F, W[ 2], 0xB5C0FBCF );
153 P( F, G, H, A, B, C, D, E, W[ 3], 0xE9B5DBA5 );
154 P( E, F, G, H, A, B, C, D, W[ 4], 0x3956C25B );
155 P( D, E, F, G, H, A, B, C, W[ 5], 0x59F111F1 );
156 P( C, D, E, F, G, H, A, B, W[ 6], 0x923F82A4 );
157 P( B, C, D, E, F, G, H, A, W[ 7], 0xAB1C5ED5 );
158 P( A, B, C, D, E, F, G, H, W[ 8], 0xD807AA98 );
159 P( H, A, B, C, D, E, F, G, W[ 9], 0x12835B01 );
160 P( G, H, A, B, C, D, E, F, W[10], 0x243185BE );
161 P( F, G, H, A, B, C, D, E, W[11], 0x550C7DC3 );
162 P( E, F, G, H, A, B, C, D, W[12], 0x72BE5D74 );
163 P( D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE );
164 P( C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7 );
165 P( B, C, D, E, F, G, H, A, W[15], 0xC19BF174 );
166 P( A, B, C, D, E, F, G, H, R(16), 0xE49B69C1 );
167 P( H, A, B, C, D, E, F, G, R(17), 0xEFBE4786 );
168 P( G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6 );
169 P( F, G, H, A, B, C, D, E, R(19), 0x240CA1CC );
170 P( E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F );
171 P( D, E, F, G, H, A, B, C, R(21), 0x4A7484AA );
172 P( C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC );
173 P( B, C, D, E, F, G, H, A, R(23), 0x76F988DA );
174 P( A, B, C, D, E, F, G, H, R(24), 0x983E5152 );
175 P( H, A, B, C, D, E, F, G, R(25), 0xA831C66D );
176 P( G, H, A, B, C, D, E, F, R(26), 0xB00327C8 );
177 P( F, G, H, A, B, C, D, E, R(27), 0xBF597FC7 );
178 P( E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3 );
179 P( D, E, F, G, H, A, B, C, R(29), 0xD5A79147 );
180 P( C, D, E, F, G, H, A, B, R(30), 0x06CA6351 );
181 P( B, C, D, E, F, G, H, A, R(31), 0x14292967 );
182 P( A, B, C, D, E, F, G, H, R(32), 0x27B70A85 );
183 P( H, A, B, C, D, E, F, G, R(33), 0x2E1B2138 );
184 P( G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC );
185 P( F, G, H, A, B, C, D, E, R(35), 0x53380D13 );
186 P( E, F, G, H, A, B, C, D, R(36), 0x650A7354 );
187 P( D, E, F, G, H, A, B, C, R(37), 0x766A0ABB );
188 P( C, D, E, F, G, H, A, B, R(38), 0x81C2C92E );
189 P( B, C, D, E, F, G, H, A, R(39), 0x92722C85 );
190 P( A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1 );
191 P( H, A, B, C, D, E, F, G, R(41), 0xA81A664B );
192 P( G, H, A, B, C, D, E, F, R(42), 0xC24B8B70 );
193 P( F, G, H, A, B, C, D, E, R(43), 0xC76C51A3 );
194 P( E, F, G, H, A, B, C, D, R(44), 0xD192E819 );
195 P( D, E, F, G, H, A, B, C, R(45), 0xD6990624 );
196 P( C, D, E, F, G, H, A, B, R(46), 0xF40E3585 );
197 P( B, C, D, E, F, G, H, A, R(47), 0x106AA070 );
198 P( A, B, C, D, E, F, G, H, R(48), 0x19A4C116 );
199 P( H, A, B, C, D, E, F, G, R(49), 0x1E376C08 );
200 P( G, H, A, B, C, D, E, F, R(50), 0x2748774C );
201 P( F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5 );
202 P( E, F, G, H, A, B, C, D, R(52), 0x391C0CB3 );
203 P( D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A );
204 P( C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F );
205 P( B, C, D, E, F, G, H, A, R(55), 0x682E6FF3 );
206 P( A, B, C, D, E, F, G, H, R(56), 0x748F82EE );
207 P( H, A, B, C, D, E, F, G, R(57), 0x78A5636F );
208 P( G, H, A, B, C, D, E, F, R(58), 0x84C87814 );
209 P( F, G, H, A, B, C, D, E, R(59), 0x8CC70208 );
210 P( E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA );
211 P( D, E, F, G, H, A, B, C, R(61), 0xA4506CEB );
212 P( C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7 );
213 P( B, C, D, E, F, G, H, A, R(63), 0xC67178F2 );
215 ctx->state[0] += A;
216 ctx->state[1] += B;
217 ctx->state[2] += C;
218 ctx->state[3] += D;
219 ctx->state[4] += E;
220 ctx->state[5] += F;
221 ctx->state[6] += G;
222 ctx->state[7] += H;
226 * SHA-256 process buffer
228 void sha2_update( sha2_context *ctx, unsigned char *input, int ilen )
230 int fill;
231 unsigned long left;
233 if( ilen <= 0 )
234 return;
236 left = ctx->total[0] & 0x3F;
237 fill = 64 - left;
239 ctx->total[0] += ilen;
240 ctx->total[0] &= 0xFFFFFFFF;
242 if( ctx->total[0] < (unsigned long) ilen )
243 ctx->total[1]++;
245 if( left && ilen >= fill )
247 memcpy( (void *) (ctx->buffer + left),
248 (void *) input, fill );
249 sha2_process( ctx, ctx->buffer );
250 input += fill;
251 ilen -= fill;
252 left = 0;
255 while( ilen >= 64 )
257 sha2_process( ctx, input );
258 input += 64;
259 ilen -= 64;
262 if( ilen > 0 )
264 memcpy( (void *) (ctx->buffer + left),
265 (void *) input, ilen );
269 static const unsigned char sha2_padding[64] =
271 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
272 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
273 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
274 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
278 * SHA-256 final digest
280 void sha2_finish( sha2_context *ctx, unsigned char *output )
282 unsigned long last, padn;
283 unsigned long high, low;
284 unsigned char msglen[8];
286 high = ( ctx->total[0] >> 29 )
287 | ( ctx->total[1] << 3 );
288 low = ( ctx->total[0] << 3 );
290 PUT_UINT32_BE( high, msglen, 0 );
291 PUT_UINT32_BE( low, msglen, 4 );
293 last = ctx->total[0] & 0x3F;
294 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
296 sha2_update( ctx, (unsigned char *) sha2_padding, padn );
297 sha2_update( ctx, msglen, 8 );
299 PUT_UINT32_BE( ctx->state[0], output, 0 );
300 PUT_UINT32_BE( ctx->state[1], output, 4 );
301 PUT_UINT32_BE( ctx->state[2], output, 8 );
302 PUT_UINT32_BE( ctx->state[3], output, 12 );
303 PUT_UINT32_BE( ctx->state[4], output, 16 );
304 PUT_UINT32_BE( ctx->state[5], output, 20 );
305 PUT_UINT32_BE( ctx->state[6], output, 24 );
307 if( ctx->is224 == 0 )
308 PUT_UINT32_BE( ctx->state[7], output, 28 );
312 * Output = SHA-256( input buffer )
314 void sha2( unsigned char *input, int ilen,
315 unsigned char *output, int is224 )
317 sha2_context ctx;
319 sha2_starts( &ctx, is224 );
320 sha2_update( &ctx, input, ilen );
321 sha2_finish( &ctx, output );
323 memset( &ctx, 0, sizeof( sha2_context ) );
327 * Output = SHA-256( file contents )
329 int sha2_file( char *path, unsigned char *output, int is224 )
331 FILE *f;
332 size_t n;
333 sha2_context ctx;
334 unsigned char buf[1024];
336 if( ( f = fopen( path, "rb" ) ) == NULL )
337 return( 1 );
339 sha2_starts( &ctx, is224 );
341 while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
342 sha2_update( &ctx, buf, (int) n );
344 sha2_finish( &ctx, output );
346 memset( &ctx, 0, sizeof( sha2_context ) );
348 if( ferror( f ) != 0 )
350 fclose( f );
351 return( 2 );
354 fclose( f );
355 return( 0 );
359 * SHA-256 HMAC context setup
361 void sha2_hmac_starts( sha2_context *ctx, int is224,
362 unsigned char *key, int keylen )
364 int i;
366 memset( ctx->ipad, 0x36, 64 );
367 memset( ctx->opad, 0x5C, 64 );
369 for( i = 0; i < keylen; i++ )
371 if( i >= 64 ) break;
373 ctx->ipad[i] ^= key[i];
374 ctx->opad[i] ^= key[i];
377 sha2_starts( ctx, is224 );
378 sha2_update( ctx, ctx->ipad, 64 );
382 * SHA-256 HMAC process buffer
384 void sha2_hmac_update( sha2_context *ctx,
385 unsigned char *input, int ilen )
387 sha2_update( ctx, input, ilen );
391 * SHA-256 HMAC final digest
393 void sha2_hmac_finish( sha2_context *ctx, unsigned char *output )
395 int is224, hlen;
396 unsigned char tmpbuf[32];
398 is224 = ctx->is224;
399 hlen = ( is224 == 0 ) ? 32 : 28;
401 sha2_finish( ctx, tmpbuf );
402 sha2_starts( ctx, is224 );
403 sha2_update( ctx, ctx->opad, 64 );
404 sha2_update( ctx, tmpbuf, hlen );
405 sha2_finish( ctx, output );
407 memset( tmpbuf, 0, sizeof( tmpbuf ) );
411 * Output = HMAC-SHA-256( hmac key, input buffer )
413 void sha2_hmac( unsigned char *key, int keylen,
414 unsigned char *input, int ilen,
415 unsigned char *output, int is224 )
417 sha2_context ctx;
419 sha2_hmac_starts( &ctx, is224, key, keylen );
420 sha2_hmac_update( &ctx, input, ilen );
421 sha2_hmac_finish( &ctx, output );
423 memset( &ctx, 0, sizeof( sha2_context ) );
426 static const char _sha2_src[] = "_sha2_src";
428 #if defined(SELF_TEST)
430 * FIPS-180-2 test vectors
432 static const char sha2_test_str[3][57] =
434 { "abc" },
435 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
436 { "" }
439 static const unsigned char sha2_test_sum[6][32] =
442 * SHA-224 test vectors
444 { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
445 0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
446 0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
447 0xE3, 0x6C, 0x9D, 0xA7 },
448 { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC,
449 0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
450 0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19,
451 0x52, 0x52, 0x25, 0x25 },
452 { 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8,
453 0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B,
454 0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE,
455 0x4E, 0xE7, 0xAD, 0x67 },
458 * SHA-256 test vectors
460 { 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
461 0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
462 0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
463 0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD },
464 { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
465 0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
466 0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
467 0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 },
468 { 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92,
469 0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67,
470 0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E,
471 0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 }
475 * Checkup routine
477 int sha2_self_test( int verbose )
479 int i, j, k;
480 unsigned char buf[1000];
481 unsigned char sha2sum[32];
482 sha2_context ctx;
484 memset( buf, 'a', 1000 );
486 for( i = 0; i < 6; i++ )
488 j = i % 3;
489 k = i < 3;
491 if( verbose != 0 )
492 printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 );
494 sha2_starts( &ctx, k );
496 if( j < 2 )
497 sha2_update( &ctx,
498 (unsigned char *) sha2_test_str[j],
499 strlen( sha2_test_str[j] ) );
500 else
502 for( j = 0; j < 1000; j++ )
503 sha2_update( &ctx, buf, 1000 );
506 sha2_finish( &ctx, sha2sum );
508 if( memcmp( sha2sum, sha2_test_sum[i], 32 - k * 4 ) != 0 )
510 if( verbose != 0 )
511 printf( "failed\n" );
513 return( 1 );
516 if( verbose != 0 )
517 printf( "passed\n" );
520 if( verbose != 0 )
521 printf( "\n" );
523 return( 0 );
525 #else
526 int sha2_self_test( int verbose )
528 return( 0 );
530 #endif