CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

1
/*
2
 *  FIPS-180-2 compliant SHA-256 implementation
3
 *
4
 *  Copyright (C) 2001-2003  Christophe Devine
5
 *
6
 *  This program is free software; you can redistribute it and/or modify
7
 *  it under the terms of the GNU General Public License as published by
8
 *  the Free Software Foundation; either version 2 of the License, or
9
 *  (at your option) any later version.
10
 *
11
 *  This program is distributed in the hope that it will be useful,
12
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
13
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14
 *  GNU General Public License for more details.
15
 *
16
 *  You should have received a copy of the GNU General Public License
17
 *  along with this program; if not, write to the Free Software
18
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
19
 */
20

21
#include <string.h>
22

23
#include "sha256.h"
24

25
#define GET_uint32_t(n,b,i)                       \
26
{                                               \
27
    (n) = ( (uint32_t) (b)[(i)    ] << 24 )       \
28
        | ( (uint32_t) (b)[(i) + 1] << 16 )       \
29
        | ( (uint32_t) (b)[(i) + 2] <<  8 )       \
30
        | ( (uint32_t) (b)[(i) + 3]       );      \
31
}
32

33
#define PUT_uint32_t(n,b,i)                       \
34
{                                               \
35
    (b)[(i)    ] = (uint8_t) ( (n) >> 24 );       \
36
    (b)[(i) + 1] = (uint8_t) ( (n) >> 16 );       \
37
    (b)[(i) + 2] = (uint8_t) ( (n) >>  8 );       \
38
    (b)[(i) + 3] = (uint8_t) ( (n)       );       \
39
}
40

41
void sha256_starts( sha256_context *ctx )
42
{
43
    ctx->total[0] = 0;
44
    ctx->total[1] = 0;
45

46
    ctx->state[0] = 0x6A09E667;
47
    ctx->state[1] = 0xBB67AE85;
48
    ctx->state[2] = 0x3C6EF372;
49
    ctx->state[3] = 0xA54FF53A;
50
    ctx->state[4] = 0x510E527F;
51
    ctx->state[5] = 0x9B05688C;
52
    ctx->state[6] = 0x1F83D9AB;
53
    ctx->state[7] = 0x5BE0CD19;
54
}
55

56
void sha256_process( sha256_context *ctx, const uint8_t data[64] )
57
{
58
    uint32_t temp1, temp2, W[64];
59
    uint32_t A, B, C, D, E, F, G, H;
60

61
    GET_uint32_t( W[0],  data,  0 );
62
    GET_uint32_t( W[1],  data,  4 );
63
    GET_uint32_t( W[2],  data,  8 );
64
    GET_uint32_t( W[3],  data, 12 );
65
    GET_uint32_t( W[4],  data, 16 );
66
    GET_uint32_t( W[5],  data, 20 );
67
    GET_uint32_t( W[6],  data, 24 );
68
    GET_uint32_t( W[7],  data, 28 );
69
    GET_uint32_t( W[8],  data, 32 );
70
    GET_uint32_t( W[9],  data, 36 );
71
    GET_uint32_t( W[10], data, 40 );
72
    GET_uint32_t( W[11], data, 44 );
73
    GET_uint32_t( W[12], data, 48 );
74
    GET_uint32_t( W[13], data, 52 );
75
    GET_uint32_t( W[14], data, 56 );
76
    GET_uint32_t( W[15], data, 60 );
77

78
#define  SHR(x,n) ((x & 0xFFFFFFFF) >> n)
79
#define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
80

81
#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^  SHR(x, 3))
82
#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^  SHR(x,10))
83

84
#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
85
#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
86

87
#define F0(x,y,z) ((x & y) | (z & (x | y)))
88
#define F1(x,y,z) (z ^ (x & (y ^ z)))
89

90
#define R(t)                                    \
91
(                                               \
92
    W[t] = S1(W[t -  2]) + W[t -  7] +          \
93
           S0(W[t - 15]) + W[t - 16]            \
94
)
95

96
#define P(a,b,c,d,e,f,g,h,x,K)                  \
97
{                                               \
98
    temp1 = h + S3(e) + F1(e,f,g) + K + x;      \
99
    temp2 = S2(a) + F0(a,b,c);                  \
100
    d += temp1; h = temp1 + temp2;              \
101
}
102

103
    A = ctx->state[0];
104
    B = ctx->state[1];
105
    C = ctx->state[2];
106
    D = ctx->state[3];
107
    E = ctx->state[4];
108
    F = ctx->state[5];
109
    G = ctx->state[6];
110
    H = ctx->state[7];
111

112
    P( A, B, C, D, E, F, G, H, W[ 0], 0x428A2F98 );
113
    P( H, A, B, C, D, E, F, G, W[ 1], 0x71374491 );
114
    P( G, H, A, B, C, D, E, F, W[ 2], 0xB5C0FBCF );
115
    P( F, G, H, A, B, C, D, E, W[ 3], 0xE9B5DBA5 );
116
    P( E, F, G, H, A, B, C, D, W[ 4], 0x3956C25B );
117
    P( D, E, F, G, H, A, B, C, W[ 5], 0x59F111F1 );
118
    P( C, D, E, F, G, H, A, B, W[ 6], 0x923F82A4 );
119
    P( B, C, D, E, F, G, H, A, W[ 7], 0xAB1C5ED5 );
120
    P( A, B, C, D, E, F, G, H, W[ 8], 0xD807AA98 );
121
    P( H, A, B, C, D, E, F, G, W[ 9], 0x12835B01 );
122
    P( G, H, A, B, C, D, E, F, W[10], 0x243185BE );
123
    P( F, G, H, A, B, C, D, E, W[11], 0x550C7DC3 );
124
    P( E, F, G, H, A, B, C, D, W[12], 0x72BE5D74 );
125
    P( D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE );
126
    P( C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7 );
127
    P( B, C, D, E, F, G, H, A, W[15], 0xC19BF174 );
128
    P( A, B, C, D, E, F, G, H, R(16), 0xE49B69C1 );
129
    P( H, A, B, C, D, E, F, G, R(17), 0xEFBE4786 );
130
    P( G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6 );
131
    P( F, G, H, A, B, C, D, E, R(19), 0x240CA1CC );
132
    P( E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F );
133
    P( D, E, F, G, H, A, B, C, R(21), 0x4A7484AA );
134
    P( C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC );
135
    P( B, C, D, E, F, G, H, A, R(23), 0x76F988DA );
136
    P( A, B, C, D, E, F, G, H, R(24), 0x983E5152 );
137
    P( H, A, B, C, D, E, F, G, R(25), 0xA831C66D );
138
    P( G, H, A, B, C, D, E, F, R(26), 0xB00327C8 );
139
    P( F, G, H, A, B, C, D, E, R(27), 0xBF597FC7 );
140
    P( E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3 );
141
    P( D, E, F, G, H, A, B, C, R(29), 0xD5A79147 );
142
    P( C, D, E, F, G, H, A, B, R(30), 0x06CA6351 );
143
    P( B, C, D, E, F, G, H, A, R(31), 0x14292967 );
144
    P( A, B, C, D, E, F, G, H, R(32), 0x27B70A85 );
145
    P( H, A, B, C, D, E, F, G, R(33), 0x2E1B2138 );
146
    P( G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC );
147
    P( F, G, H, A, B, C, D, E, R(35), 0x53380D13 );
148
    P( E, F, G, H, A, B, C, D, R(36), 0x650A7354 );
149
    P( D, E, F, G, H, A, B, C, R(37), 0x766A0ABB );
150
    P( C, D, E, F, G, H, A, B, R(38), 0x81C2C92E );
151
    P( B, C, D, E, F, G, H, A, R(39), 0x92722C85 );
152
    P( A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1 );
153
    P( H, A, B, C, D, E, F, G, R(41), 0xA81A664B );
154
    P( G, H, A, B, C, D, E, F, R(42), 0xC24B8B70 );
155
    P( F, G, H, A, B, C, D, E, R(43), 0xC76C51A3 );
156
    P( E, F, G, H, A, B, C, D, R(44), 0xD192E819 );
157
    P( D, E, F, G, H, A, B, C, R(45), 0xD6990624 );
158
    P( C, D, E, F, G, H, A, B, R(46), 0xF40E3585 );
159
    P( B, C, D, E, F, G, H, A, R(47), 0x106AA070 );
160
    P( A, B, C, D, E, F, G, H, R(48), 0x19A4C116 );
161
    P( H, A, B, C, D, E, F, G, R(49), 0x1E376C08 );
162
    P( G, H, A, B, C, D, E, F, R(50), 0x2748774C );
163
    P( F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5 );
164
    P( E, F, G, H, A, B, C, D, R(52), 0x391C0CB3 );
165
    P( D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A );
166
    P( C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F );
167
    P( B, C, D, E, F, G, H, A, R(55), 0x682E6FF3 );
168
    P( A, B, C, D, E, F, G, H, R(56), 0x748F82EE );
169
    P( H, A, B, C, D, E, F, G, R(57), 0x78A5636F );
170
    P( G, H, A, B, C, D, E, F, R(58), 0x84C87814 );
171
    P( F, G, H, A, B, C, D, E, R(59), 0x8CC70208 );
172
    P( E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA );
173
    P( D, E, F, G, H, A, B, C, R(61), 0xA4506CEB );
174
    P( C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7 );
175
    P( B, C, D, E, F, G, H, A, R(63), 0xC67178F2 );
176

177
    ctx->state[0] += A;
178
    ctx->state[1] += B;
179
    ctx->state[2] += C;
180
    ctx->state[3] += D;
181
    ctx->state[4] += E;
182
    ctx->state[5] += F;
183
    ctx->state[6] += G;
184
    ctx->state[7] += H;
185
}
186

187
void sha256_update( sha256_context *ctx, const uint8_t *input, uint32_t length )
188
{
189
    uint32_t left, fill;
190

191
    if( ! length ) return;
192

193
    left = ctx->total[0] & 0x3F;
194
    fill = 64 - left;
195

196
    ctx->total[0] += length;
197
    ctx->total[0] &= 0xFFFFFFFF;
198

199
    if( ctx->total[0] < length )
200
        ctx->total[1]++;
201

202
    if( left && length >= fill )
203
    {
204
        memcpy( (void *) (ctx->buffer + left),
205
                (void *) input, fill );
206
        sha256_process( ctx, ctx->buffer );
207
        length -= fill;
208
        input  += fill;
209
        left = 0;
210
    }
211

212
    while( length >= 64 )
213
    {
214
        sha256_process( ctx, input );
215
        length -= 64;
216
        input  += 64;
217
    }
218

219
    if( length )
220
    {
221
        memcpy( (void *) (ctx->buffer + left),
222
                (void *) input, length );
223
    }
224
}
225

226
static const uint8_t sha256_padding[64] =
227
{
228
 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
229
    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
230
    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
231
    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
232
};
233

234
void sha256_finish( sha256_context *ctx, uint8_t digest[32] )
235
{
236
    uint32_t last, padn;
237
    uint32_t high, low;
238
    uint8_t msglen[8];
239

240
    high = ( ctx->total[0] >> 29 )
241
         | ( ctx->total[1] <<  3 );
242
    low  = ( ctx->total[0] <<  3 );
243

244
    PUT_uint32_t( high, msglen, 0 );
245
    PUT_uint32_t( low,  msglen, 4 );
246

247
    last = ctx->total[0] & 0x3F;
248
    padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
249

250
    sha256_update( ctx, sha256_padding, padn );
251
    sha256_update( ctx, msglen, 8 );
252

253
    PUT_uint32_t( ctx->state[0], digest,  0 );
254
    PUT_uint32_t( ctx->state[1], digest,  4 );
255
    PUT_uint32_t( ctx->state[2], digest,  8 );
256
    PUT_uint32_t( ctx->state[3], digest, 12 );
257
    PUT_uint32_t( ctx->state[4], digest, 16 );
258
    PUT_uint32_t( ctx->state[5], digest, 20 );
259
    PUT_uint32_t( ctx->state[6], digest, 24 );
260
    PUT_uint32_t( ctx->state[7], digest, 28 );
261
}
262

263

264