release/src/router/nettle/sha256.c

   1 /* sha256.c
   2  *
   3  * The sha256 hash function.
   4  *
   5  * See http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
   6  */
   7
   8 /* nettle, low-level cryptographics library
   9  *
  10  * Copyright (C) 2001 Niels Möller
  11  *
  12  * The nettle library is free software; you can redistribute it and/or modify
  13  * it under the terms of the GNU Lesser General Public License as published by
  14  * the Free Software Foundation; either version 2.1 of the License, or (at your
  15  * option) any later version.
  16  *
  17  * The nettle library is distributed in the hope that it will be useful, but
  18  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  19  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
  20  * License for more details.
  21  *
  22  * You should have received a copy of the GNU Lesser General Public License
  23  * along with the nettle library; see the file COPYING.LIB.  If not, write to
  24  * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
  25  * MA 02111-1301, USA.
  26  */
  27
  28 /* Modelled after the sha1.c code by Peter Gutmann. */
  29
  30 #if HAVE_CONFIG_H
  31 # include "config.h"
  32 #endif
  33
  34 #include <assert.h>
  35 #include <stdlib.h>
  36 #include <string.h>
  37
  38 #include "sha2.h"
  39
  40 #include "macros.h"
  41 #include "nettle-write.h"
  42
  43 /* Generated by the shadata program. */
  44 static const uint32_t
  45 K[64] =
  46 {
  47   0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
  48   0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
  49   0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
  50   0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
  51   0xe49b69c1UL, 0xefbe4786UL, 0xfc19dc6UL, 0x240ca1ccUL,
  52   0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
  53   0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
  54   0xc6e00bf3UL, 0xd5a79147UL, 0x6ca6351UL, 0x14292967UL,
  55   0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
  56   0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
  57   0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
  58   0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
  59   0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
  60   0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
  61   0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
  62   0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL,
  63 };
  64
  65 #define COMPRESS(ctx, data) (_nettle_sha256_compress((ctx)->state, (data), K))
  66
  67 /* Initialize the SHA values */
  68
  69 void
  70 sha256_init(struct sha256_ctx *ctx)
  71 {
  72   /* Initial values, also generated by the shadata program. */
  73   static const uint32_t H0[_SHA256_DIGEST_LENGTH] =
  74   {
  75     0x6a09e667UL, 0xbb67ae85UL, 0x3c6ef372UL, 0xa54ff53aUL,
  76     0x510e527fUL, 0x9b05688cUL, 0x1f83d9abUL, 0x5be0cd19UL,
  77   };
  78
  79   memcpy(ctx->state, H0, sizeof(H0));
  80
  81   /* Initialize bit count */
  82   ctx->count_low = ctx->count_high = 0;
  83
  84   /* Initialize buffer */
  85   ctx->index = 0;
  86 }
  87
  88 void
  89 sha256_update(struct sha256_ctx *ctx,
  90               unsigned length, const uint8_t *data)
  91 {
  92   MD_UPDATE (ctx, length, data, COMPRESS, MD_INCR(ctx));
  93 }
  94
  95 static void
  96 sha256_write_digest(struct sha256_ctx *ctx,
  97                     unsigned length,
  98                     uint8_t *digest)
  99 {
 100   uint32_t high, low;
 101
 102   assert(length <= SHA256_DIGEST_SIZE);
 103
 104   MD_PAD(ctx, 8, COMPRESS);
 105
 106   /* There are 512 = 2^9 bits in one block */
 107   high = (ctx->count_high << 9) | (ctx->count_low >> 23);
 108   low = (ctx->count_low << 9) | (ctx->index << 3);
 109
 110   /* This is slightly inefficient, as the numbers are converted to
 111      big-endian format, and will be converted back by the compression
 112      function. It's probably not worth the effort to fix this. */
 113   WRITE_UINT32(ctx->block + (SHA256_DATA_SIZE - 8), high);
 114   WRITE_UINT32(ctx->block + (SHA256_DATA_SIZE - 4), low);
 115   COMPRESS(ctx, ctx->block);
 116
 117   _nettle_write_be32(length, digest, ctx->state);
 118 }
 119
 120 void
 121 sha256_digest(struct sha256_ctx *ctx,
 122               unsigned length,
 123               uint8_t *digest)
 124 {
 125   sha256_write_digest(ctx, length, digest);
 126   sha256_init(ctx);
 127 }
 128
 129 /* sha224 variant. FIXME: Move to seperate file? */
 130
 131 void
 132 sha224_init(struct sha256_ctx *ctx)
 133 {
 134   /* Initial values. I's unclear how they are chosen. */
 135   static const uint32_t H0[_SHA256_DIGEST_LENGTH] =
 136   {
 137     0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939,
 138     0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4,
 139   };
 140
 141   memcpy(ctx->state, H0, sizeof(H0));
 142
 143   /* Initialize bit count */
 144   ctx->count_low = ctx->count_high = 0;
 145
 146   /* Initialize buffer */
 147   ctx->index = 0;
 148 }
 149
 150 void
 151 sha224_digest(struct sha256_ctx *ctx,
 152               unsigned length,
 153               uint8_t *digest)
 154 {
 155   sha256_write_digest(ctx, length, digest);
 156   sha224_init(ctx);
 157 }