]>
git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/sha/sha256.c
096981b1a5d4eda1c22cba3aa727c2b7816de197
1 /* crypto/sha/sha256.c */
2 /* ====================================================================
3 * Copyright (c) 2004 The OpenSSL Project. All rights reserved
4 * according to the OpenSSL license [found in ../../LICENSE].
5 * ====================================================================
7 #include <openssl/opensslconf.h>
12 #include <openssl/crypto.h>
13 #include <openssl/sha.h>
14 #include <openssl/opensslv.h>
16 int SHA224_Init(SHA256_CTX
*c
)
18 memset(c
, 0, sizeof(*c
));
19 c
->h
[0] = 0xc1059ed8UL
;
20 c
->h
[1] = 0x367cd507UL
;
21 c
->h
[2] = 0x3070dd17UL
;
22 c
->h
[3] = 0xf70e5939UL
;
23 c
->h
[4] = 0xffc00b31UL
;
24 c
->h
[5] = 0x68581511UL
;
25 c
->h
[6] = 0x64f98fa7UL
;
26 c
->h
[7] = 0xbefa4fa4UL
;
27 c
->md_len
= SHA224_DIGEST_LENGTH
;
31 int SHA256_Init(SHA256_CTX
*c
)
33 memset(c
, 0, sizeof(*c
));
34 c
->h
[0] = 0x6a09e667UL
;
35 c
->h
[1] = 0xbb67ae85UL
;
36 c
->h
[2] = 0x3c6ef372UL
;
37 c
->h
[3] = 0xa54ff53aUL
;
38 c
->h
[4] = 0x510e527fUL
;
39 c
->h
[5] = 0x9b05688cUL
;
40 c
->h
[6] = 0x1f83d9abUL
;
41 c
->h
[7] = 0x5be0cd19UL
;
42 c
->md_len
= SHA256_DIGEST_LENGTH
;
46 unsigned char *SHA224(const unsigned char *d
, size_t n
, unsigned char *md
)
49 static unsigned char m
[SHA224_DIGEST_LENGTH
];
54 SHA256_Update(&c
, d
, n
);
56 OPENSSL_cleanse(&c
, sizeof(c
));
60 unsigned char *SHA256(const unsigned char *d
, size_t n
, unsigned char *md
)
63 static unsigned char m
[SHA256_DIGEST_LENGTH
];
68 SHA256_Update(&c
, d
, n
);
70 OPENSSL_cleanse(&c
, sizeof(c
));
74 int SHA224_Update(SHA256_CTX
*c
, const void *data
, size_t len
)
76 return SHA256_Update(c
, data
, len
);
79 int SHA224_Final(unsigned char *md
, SHA256_CTX
*c
)
81 return SHA256_Final(md
, c
);
84 #define DATA_ORDER_IS_BIG_ENDIAN
86 #define HASH_LONG SHA_LONG
87 #define HASH_CTX SHA256_CTX
88 #define HASH_CBLOCK SHA_CBLOCK
91 * Note that FIPS180-2 discusses "Truncation of the Hash Function Output."
92 * default: case below covers for it. It's not clear however if it's
93 * permitted to truncate to amount of bytes not divisible by 4. I bet not,
94 * but if it is, then default: case shall be extended. For reference.
95 * Idea behind separate cases for pre-defined lenghts is to let the
96 * compiler decide if it's appropriate to unroll small loops.
98 #define HASH_MAKE_STRING(c,s) do { \
101 switch ((c)->md_len) \
102 { case SHA224_DIGEST_LENGTH: \
103 for (nn=0;nn<SHA224_DIGEST_LENGTH/4;nn++) \
104 { ll=(c)->h[nn]; (void)HOST_l2c(ll,(s)); } \
106 case SHA256_DIGEST_LENGTH: \
107 for (nn=0;nn<SHA256_DIGEST_LENGTH/4;nn++) \
108 { ll=(c)->h[nn]; (void)HOST_l2c(ll,(s)); } \
111 if ((c)->md_len > SHA256_DIGEST_LENGTH) \
113 for (nn=0;nn<(c)->md_len/4;nn++) \
114 { ll=(c)->h[nn]; (void)HOST_l2c(ll,(s)); } \
119 #define HASH_UPDATE SHA256_Update
120 #define HASH_TRANSFORM SHA256_Transform
121 #define HASH_FINAL SHA256_Final
122 #define HASH_BLOCK_DATA_ORDER sha256_block_data_order
126 void sha256_block_data_order(SHA256_CTX
*ctx
, const void *in
, size_t num
);
128 #include "internal/md32_common.h"
131 static const SHA_LONG K256
[64] = {
132 0x428a2f98UL
, 0x71374491UL
, 0xb5c0fbcfUL
, 0xe9b5dba5UL
,
133 0x3956c25bUL
, 0x59f111f1UL
, 0x923f82a4UL
, 0xab1c5ed5UL
,
134 0xd807aa98UL
, 0x12835b01UL
, 0x243185beUL
, 0x550c7dc3UL
,
135 0x72be5d74UL
, 0x80deb1feUL
, 0x9bdc06a7UL
, 0xc19bf174UL
,
136 0xe49b69c1UL
, 0xefbe4786UL
, 0x0fc19dc6UL
, 0x240ca1ccUL
,
137 0x2de92c6fUL
, 0x4a7484aaUL
, 0x5cb0a9dcUL
, 0x76f988daUL
,
138 0x983e5152UL
, 0xa831c66dUL
, 0xb00327c8UL
, 0xbf597fc7UL
,
139 0xc6e00bf3UL
, 0xd5a79147UL
, 0x06ca6351UL
, 0x14292967UL
,
140 0x27b70a85UL
, 0x2e1b2138UL
, 0x4d2c6dfcUL
, 0x53380d13UL
,
141 0x650a7354UL
, 0x766a0abbUL
, 0x81c2c92eUL
, 0x92722c85UL
,
142 0xa2bfe8a1UL
, 0xa81a664bUL
, 0xc24b8b70UL
, 0xc76c51a3UL
,
143 0xd192e819UL
, 0xd6990624UL
, 0xf40e3585UL
, 0x106aa070UL
,
144 0x19a4c116UL
, 0x1e376c08UL
, 0x2748774cUL
, 0x34b0bcb5UL
,
145 0x391c0cb3UL
, 0x4ed8aa4aUL
, 0x5b9cca4fUL
, 0x682e6ff3UL
,
146 0x748f82eeUL
, 0x78a5636fUL
, 0x84c87814UL
, 0x8cc70208UL
,
147 0x90befffaUL
, 0xa4506cebUL
, 0xbef9a3f7UL
, 0xc67178f2UL
151 * FIPS specification refers to right rotations, while our ROTATE macro
152 * is left one. This is why you might notice that rotation coefficients
153 * differ from those observed in FIPS document by 32-N...
155 # define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10))
156 # define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7))
157 # define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3))
158 # define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10))
160 # define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
161 # define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
163 # ifdef OPENSSL_SMALL_FOOTPRINT
165 static void sha256_block_data_order(SHA256_CTX
*ctx
, const void *in
,
168 unsigned MD32_REG_T a
, b
, c
, d
, e
, f
, g
, h
, s0
, s1
, T1
, T2
;
171 const unsigned char *data
= in
;
184 for (i
= 0; i
< 16; i
++) {
187 T1
+= h
+ Sigma1(e
) + Ch(e
, f
, g
) + K256
[i
];
188 T2
= Sigma0(a
) + Maj(a
, b
, c
);
199 for (; i
< 64; i
++) {
200 s0
= X
[(i
+ 1) & 0x0f];
202 s1
= X
[(i
+ 14) & 0x0f];
205 T1
= X
[i
& 0xf] += s0
+ s1
+ X
[(i
+ 9) & 0xf];
206 T1
+= h
+ Sigma1(e
) + Ch(e
, f
, g
) + K256
[i
];
207 T2
= Sigma0(a
) + Maj(a
, b
, c
);
232 # define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \
233 T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; \
234 h = Sigma0(a) + Maj(a,b,c); \
235 d += T1; h += T1; } while (0)
237 # define ROUND_16_63(i,a,b,c,d,e,f,g,h,X) do { \
238 s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \
239 s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \
240 T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \
241 ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0)
243 static void sha256_block_data_order(SHA256_CTX
*ctx
, const void *in
,
246 unsigned MD32_REG_T a
, b
, c
, d
, e
, f
, g
, h
, s0
, s1
, T1
;
249 const unsigned char *data
= in
;
268 if (!is_endian
.little
&& sizeof(SHA_LONG
) == 4
269 && ((size_t)in
% 4) == 0) {
270 const SHA_LONG
*W
= (const SHA_LONG
*)data
;
273 ROUND_00_15(0, a
, b
, c
, d
, e
, f
, g
, h
);
275 ROUND_00_15(1, h
, a
, b
, c
, d
, e
, f
, g
);
277 ROUND_00_15(2, g
, h
, a
, b
, c
, d
, e
, f
);
279 ROUND_00_15(3, f
, g
, h
, a
, b
, c
, d
, e
);
281 ROUND_00_15(4, e
, f
, g
, h
, a
, b
, c
, d
);
283 ROUND_00_15(5, d
, e
, f
, g
, h
, a
, b
, c
);
285 ROUND_00_15(6, c
, d
, e
, f
, g
, h
, a
, b
);
287 ROUND_00_15(7, b
, c
, d
, e
, f
, g
, h
, a
);
289 ROUND_00_15(8, a
, b
, c
, d
, e
, f
, g
, h
);
291 ROUND_00_15(9, h
, a
, b
, c
, d
, e
, f
, g
);
293 ROUND_00_15(10, g
, h
, a
, b
, c
, d
, e
, f
);
295 ROUND_00_15(11, f
, g
, h
, a
, b
, c
, d
, e
);
297 ROUND_00_15(12, e
, f
, g
, h
, a
, b
, c
, d
);
299 ROUND_00_15(13, d
, e
, f
, g
, h
, a
, b
, c
);
301 ROUND_00_15(14, c
, d
, e
, f
, g
, h
, a
, b
);
303 ROUND_00_15(15, b
, c
, d
, e
, f
, g
, h
, a
);
305 data
+= SHA256_CBLOCK
;
311 ROUND_00_15(0, a
, b
, c
, d
, e
, f
, g
, h
);
314 ROUND_00_15(1, h
, a
, b
, c
, d
, e
, f
, g
);
317 ROUND_00_15(2, g
, h
, a
, b
, c
, d
, e
, f
);
320 ROUND_00_15(3, f
, g
, h
, a
, b
, c
, d
, e
);
323 ROUND_00_15(4, e
, f
, g
, h
, a
, b
, c
, d
);
326 ROUND_00_15(5, d
, e
, f
, g
, h
, a
, b
, c
);
329 ROUND_00_15(6, c
, d
, e
, f
, g
, h
, a
, b
);
332 ROUND_00_15(7, b
, c
, d
, e
, f
, g
, h
, a
);
335 ROUND_00_15(8, a
, b
, c
, d
, e
, f
, g
, h
);
338 ROUND_00_15(9, h
, a
, b
, c
, d
, e
, f
, g
);
341 ROUND_00_15(10, g
, h
, a
, b
, c
, d
, e
, f
);
344 ROUND_00_15(11, f
, g
, h
, a
, b
, c
, d
, e
);
347 ROUND_00_15(12, e
, f
, g
, h
, a
, b
, c
, d
);
350 ROUND_00_15(13, d
, e
, f
, g
, h
, a
, b
, c
);
353 ROUND_00_15(14, c
, d
, e
, f
, g
, h
, a
, b
);
356 ROUND_00_15(15, b
, c
, d
, e
, f
, g
, h
, a
);
359 for (i
= 16; i
< 64; i
+= 8) {
360 ROUND_16_63(i
+ 0, a
, b
, c
, d
, e
, f
, g
, h
, X
);
361 ROUND_16_63(i
+ 1, h
, a
, b
, c
, d
, e
, f
, g
, X
);
362 ROUND_16_63(i
+ 2, g
, h
, a
, b
, c
, d
, e
, f
, X
);
363 ROUND_16_63(i
+ 3, f
, g
, h
, a
, b
, c
, d
, e
, X
);
364 ROUND_16_63(i
+ 4, e
, f
, g
, h
, a
, b
, c
, d
, X
);
365 ROUND_16_63(i
+ 5, d
, e
, f
, g
, h
, a
, b
, c
, X
);
366 ROUND_16_63(i
+ 6, c
, d
, e
, f
, g
, h
, a
, b
, X
);
367 ROUND_16_63(i
+ 7, b
, c
, d
, e
, f
, g
, h
, a
, X
);
383 #endif /* SHA256_ASM */