sha256.c

   1 #include "sha256.h"
   2
   3 /**
   4  * SHA256 Hashing
   5  * @addr: pointers to the data area
   6  * @len: Lengths of the data block
   7  * @res: Buffer for the digest
   8  * Returns: 0 on success, -1 of failure
   9  */
  10 int sha256(const unsigned char *addr, const size_t len,
  11                    unsigned char *res)
  12 {
  13         struct sha256_state ctx;
  14
  15         sha256_init(&ctx);
  16
  17         if (sha256_process(&ctx, addr, len) || sha256_done(&ctx, res))
  18                 return -1;
  19
  20         return 0;
  21 }
  22
  23 /** ===== start - public domain SHA256 implementation ===== */
  24
  25 /** This is based on SHA256 implementation in LibTomCrypt that was released into
  26  * public domain by Tom St Denis.
  27  */
  28
  29 /** the K array */
  30 static const unsigned long K[64] = {
  31         0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL,
  32         0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL,
  33         0x243185beUL, 0x550c7dc3UL, 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL,
  34         0xc19bf174UL, 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
  35         0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 0x983e5152UL,
  36         0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 0xc6e00bf3UL, 0xd5a79147UL,
  37         0x06ca6351UL, 0x14292967UL, 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL,
  38         0x53380d13UL, 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
  39         0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 0xd192e819UL,
  40         0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 0x19a4c116UL, 0x1e376c08UL,
  41         0x2748774cUL, 0x34b0bcb5UL, 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL,
  42         0x682e6ff3UL, 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
  43         0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
  44 };
  45
  46
  47 /** Various logical functions */
  48 #define RORc(x, y) \
  49 (((((unsigned long) (x) & 0xFFFFFFFFUL) >> (unsigned long) ((y) & 31)) | \
  50 ((unsigned long) (x) << (unsigned long) (32 - ((y) & 31)))) & 0xFFFFFFFFUL)
  51 #define Ch(x, y, z)       (z ^ (x & (y ^ z)))
  52 #define Maj(x, y, z)      (((x | y) & z) | (x & y))
  53 #define S(x, n)         RORc((x), (n))
  54 #define R(x, n)         (((x)&0xFFFFFFFFUL)>>(n))
  55 #define Sigma0(x)       (S(x, 2) ^ S(x, 13) ^ S(x, 22))
  56 #define Sigma1(x)       (S(x, 6) ^ S(x, 11) ^ S(x, 25))
  57 #define Gamma0(x)       (S(x, 7) ^ S(x, 18) ^ R(x, 3))
  58 #define Gamma1(x)       (S(x, 17) ^ S(x, 19) ^ R(x, 10))
  59 #ifndef MIN
  60 #define MIN(x, y) (((x) < (y)) ? (x) : (y))
  61 #endif
  62
  63 /* compress 512-bits */
  64 static int sha256_compress(struct sha256_state *md, const unsigned char *buf)
  65 {
  66         __u32 S[8], W[64], t0, t1;
  67         __u32 t;
  68         int i;
  69
  70         /* copy state into S */
  71         for (i = 0; i < 8; i++)
  72                 S[i] = md->state[i];
  73
  74         /* copy the state into 512-bits into W[0..15] */
  75         for (i = 0; i < 16; i++)
  76                 W[i] = LOAD32B(buf + (4 * i));
  77
  78         /* fill W[16..63] */
  79         for (i = 16; i < 64; i++)
  80                 W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + W[i - 16];
  81
  82         /* Compress */
  83 #define RND(a, b, c, d, e, f, g, h, i) \
  84         t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \
  85         t1 = Sigma0(a) + Maj(a, b, c); \
  86         d += t0; \
  87         h  = t0 + t1;
  88
  89         for (i = 0; i < 64; ++i) {
  90                 RND(S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7], i);
  91                 t = S[7]; S[7] = S[6]; S[6] = S[5]; S[5] = S[4];
  92                 S[4] = S[3]; S[3] = S[2]; S[2] = S[1]; S[1] = S[0]; S[0] = t;
  93         }
  94
  95         /* feedback */
  96         for (i = 0; i < 8; i++)
  97                 md->state[i] = md->state[i] + S[i];
  98
  99         return 0;
 100 }
 101
 102
 103 /* Initialize the hash state */
 104 void sha256_init(struct sha256_state *md)
 105 {
 106         md->curlen = 0;
 107         md->length = 0;
 108         md->state[0] = 0x6A09E667UL;
 109         md->state[1] = 0xBB67AE85UL;
 110         md->state[2] = 0x3C6EF372UL;
 111         md->state[3] = 0xA54FF53AUL;
 112         md->state[4] = 0x510E527FUL;
 113         md->state[5] = 0x9B05688CUL;
 114         md->state[6] = 0x1F83D9ABUL;
 115         md->state[7] = 0x5BE0CD19UL;
 116 }
 117
 118 /**
 119  *  Process a block of memory though the hash
 120  * @param md     The hash state
 121  * @param in     The data to hash
 122  * @param inlen  The length of the data (octets)
 123  * @return CRYPT_OK if successful
 124 */
 125 int sha256_process(struct sha256_state *md, const unsigned char *in,
 126                                    unsigned long inlen)
 127 {
 128         unsigned long n;
 129
 130         if (md->curlen >= sizeof(md->buf))
 131                 return -1;
 132
 133         while (inlen > 0) {
 134                 if (md->curlen == 0 && inlen >= SHA256_BLOCK_SIZE) {
 135                         if (sha256_compress(md, (unsigned char *) in) < 0)
 136                                 return -1;
 137                         md->length += SHA256_BLOCK_SIZE * 8;
 138                         in += SHA256_BLOCK_SIZE;
 139                         inlen -= SHA256_BLOCK_SIZE;
 140                 } else {
 141                         n = MIN(inlen, (SHA256_BLOCK_SIZE - md->curlen));
 142                         memcpy(md->buf + md->curlen, in, n);
 143                         md->curlen += n;
 144                         in += n;
 145                         inlen -= n;
 146                         if (md->curlen == SHA256_BLOCK_SIZE) {
 147                                 if (sha256_compress(md, md->buf) < 0)
 148                                         return -1;
 149                                 md->length += 8 * SHA256_BLOCK_SIZE;
 150                                 md->curlen = 0;
 151                         }
 152                 }
 153         }
 154
 155         return 0;
 156 }
 157
 158
 159 /**
 160  * Terminate the hash to get the digest
 161  * @param md  The hash state
 162  * @param out [out] The destination of the hash (32 bytes)
 163  * @return CRYPT_OK if successful
 164 */
 165 int sha256_done(struct sha256_state *md, unsigned char *out)
 166 {
 167         int i;
 168
 169         if (md->curlen >= sizeof(md->buf))
 170                 return -1;
 171
 172         /* increase the length of the message */
 173         md->length += md->curlen * 8;
 174
 175         /* append the '1' bit */
 176         md->buf[md->curlen++] = (unsigned char) 0x80;
 177
 178         /* if the length is currently above 56 bytes we append zeros
 179          * then compress.  Then we can fall back to padding zeros and length
 180          * encoding like normal.
 181          */
 182         if (md->curlen > 56) {
 183                 while (md->curlen < SHA256_BLOCK_SIZE)
 184                         md->buf[md->curlen++] = (unsigned char) 0;
 185
 186                 sha256_compress(md, md->buf);
 187                 md->curlen = 0;
 188         }
 189
 190         /* pad up to 56 bytes of zeroes */
 191         while (md->curlen < 56)
 192                 md->buf[md->curlen++] = (unsigned char) 0;
 193
 194         /* store length */
 195         STORE64B(md->buf + 56, md->length);
 196         sha256_compress(md, md->buf);
 197
 198         /* copy output */
 199         for (i = 0; i < 8; i++)
 200                 STORE32B(out + (4 * i), md->state[i]);
 201
 202         return 0;
 203 }
 204
 205 /* ===== end - public domain SHA256 implementation ===== */