]>
git.ipfire.org Git - thirdparty/util-linux.git/blob - lib/sha256.c
2 * public domain sha256 crypt implementation
4 * original sha crypt design: http://people.redhat.com/drepper/SHA-crypt.txt
5 * in this implementation at least 32bit int is assumed,
6 * key length is limited, the $5$ prefix is mandatory, '\n' and ':' is rejected
7 * in the salt and rounds= setting must contain a valid iteration count,
8 * on error "*" is returned.
18 /* public domain sha256 implementation based on fips180-3 */
21 uint64_t len
; /* processed message length */
22 uint32_t h
[8]; /* hash state */
23 uint8_t buf
[64]; /* message block buffer */
26 static uint32_t ror(uint32_t n
, int k
) { return (n
>> k
) | (n
<< (32-k
)); }
27 #define Ch(x,y,z) (z ^ (x & (y ^ z)))
28 #define Maj(x,y,z) ((x & y) | (z & (x | y)))
29 #define S0(x) (ror(x,2) ^ ror(x,13) ^ ror(x,22))
30 #define S1(x) (ror(x,6) ^ ror(x,11) ^ ror(x,25))
31 #define R0(x) (ror(x,7) ^ ror(x,18) ^ (x>>3))
32 #define R1(x) (ror(x,17) ^ ror(x,19) ^ (x>>10))
34 static const uint32_t K
[64] = {
35 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
36 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
37 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
38 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
39 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
40 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
41 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
42 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
45 static void processblock(struct sha256
*s
, const uint8_t *buf
)
47 uint32_t W
[64], t1
, t2
, a
, b
, c
, d
, e
, f
, g
, h
;
50 for (i
= 0; i
< 16; i
++) {
51 W
[i
] = (uint32_t)buf
[4*i
]<<24;
52 W
[i
] |= (uint32_t)buf
[4*i
+1]<<16;
53 W
[i
] |= (uint32_t)buf
[4*i
+2]<<8;
57 W
[i
] = R1(W
[i
-2]) + W
[i
-7] + R0(W
[i
-15]) + W
[i
-16];
66 for (i
= 0; i
< 64; i
++) {
67 t1
= h
+ S1(e
) + Ch(e
,f
,g
) + K
[i
] + W
[i
];
68 t2
= S0(a
) + Maj(a
,b
,c
);
88 static void pad(struct sha256
*s
)
90 unsigned r
= s
->len
% 64;
94 memset(s
->buf
+ r
, 0, 64 - r
);
96 processblock(s
, s
->buf
);
98 memset(s
->buf
+ r
, 0, 56 - r
);
100 s
->buf
[56] = s
->len
>> 56;
101 s
->buf
[57] = s
->len
>> 48;
102 s
->buf
[58] = s
->len
>> 40;
103 s
->buf
[59] = s
->len
>> 32;
104 s
->buf
[60] = s
->len
>> 24;
105 s
->buf
[61] = s
->len
>> 16;
106 s
->buf
[62] = s
->len
>> 8;
108 processblock(s
, s
->buf
);
111 static void sha256_init(struct sha256
*s
)
114 s
->h
[0] = 0x6a09e667;
115 s
->h
[1] = 0xbb67ae85;
116 s
->h
[2] = 0x3c6ef372;
117 s
->h
[3] = 0xa54ff53a;
118 s
->h
[4] = 0x510e527f;
119 s
->h
[5] = 0x9b05688c;
120 s
->h
[6] = 0x1f83d9ab;
121 s
->h
[7] = 0x5be0cd19;
124 static void sha256_sum(struct sha256
*s
, uint8_t *md
)
129 for (i
= 0; i
< 8; i
++) {
130 md
[4*i
] = s
->h
[i
] >> 24;
131 md
[4*i
+1] = s
->h
[i
] >> 16;
132 md
[4*i
+2] = s
->h
[i
] >> 8;
137 static void sha256_update(struct sha256
*s
, const void *m
, unsigned long len
)
139 const uint8_t *p
= m
;
140 unsigned r
= s
->len
% 64;
145 memcpy(s
->buf
+ r
, p
, len
);
148 memcpy(s
->buf
+ r
, p
, 64 - r
);
151 processblock(s
, s
->buf
);
153 for (; len
>= 64; len
-= 64, p
+= 64)
155 memcpy(s
->buf
, p
, len
);
158 void ul_SHA256(unsigned char hash_out
[UL_SHA256LENGTH
], const unsigned char *str
, size_t len
) {
159 struct sha256 state
= {};
161 sha256_update(&state
, str
, len
);
162 sha256_sum(&state
, hash_out
);