unleashed-firmware/lib/toolbox/sha256.c
あく 389ff92cc1
Naming and coding style convention, new linter tool. (#945)
* Makefile, Scripts: new linter
* About: remove ID from IC
* Firmware: remove double define for DIVC/DIVR
* Scripts: check folder names too. Docker: replace syntax check with make lint.
* Reformat Sources and Migrate to new file naming convention
* Docker: symlink clang-format-12 to clang-format
* Add coding style guide
2022-01-05 19:10:18 +03:00

222 lines
7.1 KiB
C

/*
* sha256.c -- Compute SHA-256 hash
*
* Just for little endian architecture.
*
* Code taken from:
* http://gladman.plushost.co.uk/oldsite/cryptography_technology/sha/index.php
*
* File names are sha2.c, sha2.h, brg_types.h, brg_endian.h
* in the archive sha2-07-01-07.zip.
*
* Code is modified in the style of PolarSSL API.
*
* See original copyright notice below.
*/
/*
---------------------------------------------------------------------------
Copyright (c) 2002, Dr Brian Gladman, Worcester, UK. All rights reserved.
LICENSE TERMS
The free distribution and use of this software in both source and binary
form is allowed (with or without changes) provided that:
1. distributions of this source code include the above copyright
notice, this list of conditions and the following disclaimer;
2. distributions in binary form include the above copyright
notice, this list of conditions and the following disclaimer
in the documentation and/or other associated materials;
3. the copyright holder's name is not used to endorse products
built using this software without specific written permission.
ALTERNATIVELY, provided that this notice is retained in full, this product
may be distributed under the terms of the GNU General Public License (GPL),
in which case the provisions of the GPL apply INSTEAD OF those given above.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties
in respect of its properties, including, but not limited to, correctness
and/or fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 01/08/2005
*/
#include <string.h>
#include <stdint.h>
#include <stdlib.h>
#include "sha256.h"
#define SHA256_MASK (SHA256_BLOCK_SIZE - 1)
static void memcpy_output_bswap32(unsigned char* dst, const uint32_t* p) {
int i;
uint32_t q = 0;
for(i = 0; i < 32; i++) {
if((i & 3) == 0) q = __builtin_bswap32(p[i >> 2]); /* bswap32 is GCC extention */
dst[i] = q >> ((i & 3) * 8);
}
}
#define rotr32(x, n) (((x) >> n) | ((x) << (32 - n)))
#define ch(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
#define maj(x, y, z) (((x) & (y)) | ((z) & ((x) ^ (y))))
/* round transforms for SHA256 compression functions */
#define vf(n, i) v[(n - i) & 7]
#define hf(i) (p[i & 15] += g_1(p[(i + 14) & 15]) + p[(i + 9) & 15] + g_0(p[(i + 1) & 15]))
#define v_cycle0(i) \
p[i] = __builtin_bswap32(p[i]); \
vf(7, i) += p[i] + k_0[i] + s_1(vf(4, i)) + ch(vf(4, i), vf(5, i), vf(6, i)); \
vf(3, i) += vf(7, i); \
vf(7, i) += s_0(vf(0, i)) + maj(vf(0, i), vf(1, i), vf(2, i))
#define v_cycle(i, j) \
vf(7, i) += hf(i) + k_0[i + j] + s_1(vf(4, i)) + ch(vf(4, i), vf(5, i), vf(6, i)); \
vf(3, i) += vf(7, i); \
vf(7, i) += s_0(vf(0, i)) + maj(vf(0, i), vf(1, i), vf(2, i))
#define s_0(x) (rotr32((x), 2) ^ rotr32((x), 13) ^ rotr32((x), 22))
#define s_1(x) (rotr32((x), 6) ^ rotr32((x), 11) ^ rotr32((x), 25))
#define g_0(x) (rotr32((x), 7) ^ rotr32((x), 18) ^ ((x) >> 3))
#define g_1(x) (rotr32((x), 17) ^ rotr32((x), 19) ^ ((x) >> 10))
#define k_0 k256
static const uint32_t k256[64] = {
0X428A2F98, 0X71374491, 0XB5C0FBCF, 0XE9B5DBA5, 0X3956C25B, 0X59F111F1, 0X923F82A4, 0XAB1C5ED5,
0XD807AA98, 0X12835B01, 0X243185BE, 0X550C7DC3, 0X72BE5D74, 0X80DEB1FE, 0X9BDC06A7, 0XC19BF174,
0XE49B69C1, 0XEFBE4786, 0X0FC19DC6, 0X240CA1CC, 0X2DE92C6F, 0X4A7484AA, 0X5CB0A9DC, 0X76F988DA,
0X983E5152, 0XA831C66D, 0XB00327C8, 0XBF597FC7, 0XC6E00BF3, 0XD5A79147, 0X06CA6351, 0X14292967,
0X27B70A85, 0X2E1B2138, 0X4D2C6DFC, 0X53380D13, 0X650A7354, 0X766A0ABB, 0X81C2C92E, 0X92722C85,
0XA2BFE8A1, 0XA81A664B, 0XC24B8B70, 0XC76C51A3, 0XD192E819, 0XD6990624, 0XF40E3585, 0X106AA070,
0X19A4C116, 0X1E376C08, 0X2748774C, 0X34B0BCB5, 0X391C0CB3, 0X4ED8AA4A, 0X5B9CCA4F, 0X682E6FF3,
0X748F82EE, 0X78A5636F, 0X84C87814, 0X8CC70208, 0X90BEFFFA, 0XA4506CEB, 0XBEF9A3F7, 0XC67178F2,
};
void sha256_process(sha256_context* ctx) {
uint32_t i;
uint32_t* p = ctx->wbuf;
uint32_t v[8];
memcpy(v, ctx->state, 8 * sizeof(uint32_t));
v_cycle0(0);
v_cycle0(1);
v_cycle0(2);
v_cycle0(3);
v_cycle0(4);
v_cycle0(5);
v_cycle0(6);
v_cycle0(7);
v_cycle0(8);
v_cycle0(9);
v_cycle0(10);
v_cycle0(11);
v_cycle0(12);
v_cycle0(13);
v_cycle0(14);
v_cycle0(15);
for(i = 16; i < 64; i += 16) {
v_cycle(0, i);
v_cycle(1, i);
v_cycle(2, i);
v_cycle(3, i);
v_cycle(4, i);
v_cycle(5, i);
v_cycle(6, i);
v_cycle(7, i);
v_cycle(8, i);
v_cycle(9, i);
v_cycle(10, i);
v_cycle(11, i);
v_cycle(12, i);
v_cycle(13, i);
v_cycle(14, i);
v_cycle(15, i);
}
ctx->state[0] += v[0];
ctx->state[1] += v[1];
ctx->state[2] += v[2];
ctx->state[3] += v[3];
ctx->state[4] += v[4];
ctx->state[5] += v[5];
ctx->state[6] += v[6];
ctx->state[7] += v[7];
}
void sha256_update(sha256_context* ctx, const unsigned char* input, unsigned int ilen) {
uint32_t left = (ctx->total[0] & SHA256_MASK);
uint32_t fill = SHA256_BLOCK_SIZE - left;
ctx->total[0] += ilen;
if(ctx->total[0] < ilen) ctx->total[1]++;
while(ilen >= fill) {
memcpy(((unsigned char*)ctx->wbuf) + left, input, fill);
sha256_process(ctx);
input += fill;
ilen -= fill;
left = 0;
fill = SHA256_BLOCK_SIZE;
}
memcpy(((unsigned char*)ctx->wbuf) + left, input, ilen);
}
void sha256_finish(sha256_context* ctx, unsigned char output[32]) {
uint32_t last = (ctx->total[0] & SHA256_MASK);
ctx->wbuf[last >> 2] = __builtin_bswap32(ctx->wbuf[last >> 2]);
ctx->wbuf[last >> 2] &= 0xffffff80 << (8 * (~last & 3));
ctx->wbuf[last >> 2] |= 0x00000080 << (8 * (~last & 3));
ctx->wbuf[last >> 2] = __builtin_bswap32(ctx->wbuf[last >> 2]);
if(last > SHA256_BLOCK_SIZE - 9) {
if(last < 60) ctx->wbuf[15] = 0;
sha256_process(ctx);
last = 0;
} else
last = (last >> 2) + 1;
while(last < 14) ctx->wbuf[last++] = 0;
ctx->wbuf[14] = __builtin_bswap32((ctx->total[0] >> 29) | (ctx->total[1] << 3));
ctx->wbuf[15] = __builtin_bswap32(ctx->total[0] << 3);
sha256_process(ctx);
memcpy_output_bswap32(output, ctx->state);
memset(ctx, 0, sizeof(sha256_context));
}
static const uint32_t initial_state[8] = {
0x6a09e667,
0xbb67ae85,
0x3c6ef372,
0xa54ff53a,
0x510e527f,
0x9b05688c,
0x1f83d9ab,
0x5be0cd19};
void sha256_start(sha256_context* ctx) {
ctx->total[0] = ctx->total[1] = 0;
memcpy(ctx->state, initial_state, 8 * sizeof(uint32_t));
}
void sha256(const unsigned char* input, unsigned int ilen, unsigned char output[32]) {
sha256_context ctx;
sha256_start(&ctx);
sha256_update(&ctx, input, ilen);
sha256_finish(&ctx, output);
}