Mercurial > dropbear
comparison libtomcrypt/src/hashes/sha2/sha256.c @ 1471:6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Fri, 09 Feb 2018 21:44:05 +0800 |
parents | f849a5ca2efc |
children |
comparison
equal
deleted
inserted
replaced
1470:8bba51a55704 | 1471:6dba84798cd5 |
---|---|
3 * LibTomCrypt is a library that provides various cryptographic | 3 * LibTomCrypt is a library that provides various cryptographic |
4 * algorithms in a highly modular and flexible manner. | 4 * algorithms in a highly modular and flexible manner. |
5 * | 5 * |
6 * The library is free for all purposes without any express | 6 * The library is free for all purposes without any express |
7 * guarantee it works. | 7 * guarantee it works. |
8 * | |
9 * Tom St Denis, [email protected], http://libtom.org | |
10 */ | 8 */ |
11 #include "tomcrypt.h" | 9 #include "tomcrypt.h" |
12 | 10 |
13 /** | 11 /** |
14 @file sha256.c | 12 @file sha256.c |
15 LTC_SHA256 by Tom St Denis | 13 LTC_SHA256 by Tom St Denis |
16 */ | 14 */ |
17 | 15 |
18 #ifdef LTC_SHA256 | 16 #ifdef LTC_SHA256 |
19 | 17 |
20 const struct ltc_hash_descriptor sha256_desc = | 18 const struct ltc_hash_descriptor sha256_desc = |
21 { | 19 { |
22 "sha256", | 20 "sha256", |
23 0, | 21 0, |
25 64, | 23 64, |
26 | 24 |
27 /* OID */ | 25 /* OID */ |
28 { 2, 16, 840, 1, 101, 3, 4, 2, 1, }, | 26 { 2, 16, 840, 1, 101, 3, 4, 2, 1, }, |
29 9, | 27 9, |
30 | 28 |
31 &sha256_init, | 29 &sha256_init, |
32 &sha256_process, | 30 &sha256_process, |
33 &sha256_done, | 31 &sha256_done, |
34 &sha256_test, | 32 &sha256_test, |
35 NULL | 33 NULL |
54 }; | 52 }; |
55 #endif | 53 #endif |
56 | 54 |
57 /* Various logical functions */ | 55 /* Various logical functions */ |
58 #define Ch(x,y,z) (z ^ (x & (y ^ z))) | 56 #define Ch(x,y,z) (z ^ (x & (y ^ z))) |
59 #define Maj(x,y,z) (((x | y) & z) | (x & y)) | 57 #define Maj(x,y,z) (((x | y) & z) | (x & y)) |
60 #define S(x, n) RORc((x),(n)) | 58 #define S(x, n) RORc((x),(n)) |
61 #define R(x, n) (((x)&0xFFFFFFFFUL)>>(n)) | 59 #define R(x, n) (((x)&0xFFFFFFFFUL)>>(n)) |
62 #define Sigma0(x) (S(x, 2) ^ S(x, 13) ^ S(x, 22)) | 60 #define Sigma0(x) (S(x, 2) ^ S(x, 13) ^ S(x, 22)) |
63 #define Sigma1(x) (S(x, 6) ^ S(x, 11) ^ S(x, 25)) | 61 #define Sigma1(x) (S(x, 6) ^ S(x, 11) ^ S(x, 25)) |
64 #define Gamma0(x) (S(x, 7) ^ S(x, 18) ^ R(x, 3)) | 62 #define Gamma0(x) (S(x, 7) ^ S(x, 18) ^ R(x, 3)) |
88 } | 86 } |
89 | 87 |
90 /* fill W[16..63] */ | 88 /* fill W[16..63] */ |
91 for (i = 16; i < 64; i++) { | 89 for (i = 16; i < 64; i++) { |
92 W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + W[i - 16]; | 90 W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + W[i - 16]; |
93 } | 91 } |
94 | 92 |
95 /* Compress */ | 93 /* Compress */ |
96 #ifdef LTC_SMALL_CODE | 94 #ifdef LTC_SMALL_CODE |
97 #define RND(a,b,c,d,e,f,g,h,i) \ | 95 #define RND(a,b,c,d,e,f,g,h,i) \ |
98 t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \ | 96 t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \ |
99 t1 = Sigma0(a) + Maj(a, b, c); \ | 97 t1 = Sigma0(a) + Maj(a, b, c); \ |
100 d += t0; \ | 98 d += t0; \ |
101 h = t0 + t1; | 99 h = t0 + t1; |
102 | 100 |
103 for (i = 0; i < 64; ++i) { | 101 for (i = 0; i < 64; ++i) { |
104 RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],i); | 102 RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],i); |
105 t = S[7]; S[7] = S[6]; S[6] = S[5]; S[5] = S[4]; | 103 t = S[7]; S[7] = S[6]; S[6] = S[5]; S[5] = S[4]; |
106 S[4] = S[3]; S[3] = S[2]; S[2] = S[1]; S[1] = S[0]; S[0] = t; | 104 S[4] = S[3]; S[3] = S[2]; S[2] = S[1]; S[1] = S[0]; S[0] = t; |
107 } | 105 } |
108 #else | 106 #else |
109 #define RND(a,b,c,d,e,f,g,h,i,ki) \ | 107 #define RND(a,b,c,d,e,f,g,h,i,ki) \ |
110 t0 = h + Sigma1(e) + Ch(e, f, g) + ki + W[i]; \ | 108 t0 = h + Sigma1(e) + Ch(e, f, g) + ki + W[i]; \ |
111 t1 = Sigma0(a) + Maj(a, b, c); \ | 109 t1 = Sigma0(a) + Maj(a, b, c); \ |
112 d += t0; \ | 110 d += t0; \ |
113 h = t0 + t1; | 111 h = t0 + t1; |
175 RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],60,0x90befffa); | 173 RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],60,0x90befffa); |
176 RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],61,0xa4506ceb); | 174 RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],61,0xa4506ceb); |
177 RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],62,0xbef9a3f7); | 175 RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],62,0xbef9a3f7); |
178 RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],63,0xc67178f2); | 176 RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],63,0xc67178f2); |
179 | 177 |
180 #undef RND | 178 #undef RND |
181 | 179 |
182 #endif | 180 #endif |
183 | 181 |
184 /* feedback */ | 182 /* feedback */ |
185 for (i = 0; i < 8; i++) { | 183 for (i = 0; i < 8; i++) { |
186 md->sha256.state[i] = md->sha256.state[i] + S[i]; | 184 md->sha256.state[i] = md->sha256.state[i] + S[i]; |
187 } | 185 } |
285 } | 283 } |
286 | 284 |
287 /** | 285 /** |
288 Self-test the hash | 286 Self-test the hash |
289 @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled | 287 @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled |
290 */ | 288 */ |
291 int sha256_test(void) | 289 int sha256_test(void) |
292 { | 290 { |
293 #ifndef LTC_TEST | 291 #ifndef LTC_TEST |
294 return CRYPT_NOP; | 292 return CRYPT_NOP; |
295 #else | 293 #else |
296 static const struct { | 294 static const struct { |
297 char *msg; | 295 const char *msg; |
298 unsigned char hash[32]; | 296 unsigned char hash[32]; |
299 } tests[] = { | 297 } tests[] = { |
300 { "abc", | 298 { "abc", |
301 { 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, | 299 { 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, |
302 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, | 300 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, |
303 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, | 301 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, |
304 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad } | 302 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad } |
305 }, | 303 }, |
306 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", | 304 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", |
307 { 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, | 305 { 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, |
308 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39, | 306 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39, |
309 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67, | 307 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67, |
310 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1 } | 308 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1 } |
311 }, | 309 }, |
312 }; | 310 }; |
313 | 311 |
314 int i; | 312 int i; |
317 | 315 |
318 for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) { | 316 for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) { |
319 sha256_init(&md); | 317 sha256_init(&md); |
320 sha256_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg)); | 318 sha256_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg)); |
321 sha256_done(&md, tmp); | 319 sha256_done(&md, tmp); |
322 if (XMEMCMP(tmp, tests[i].hash, 32) != 0) { | 320 if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "SHA256", i)) { |
323 return CRYPT_FAIL_TESTVECTOR; | 321 return CRYPT_FAIL_TESTVECTOR; |
324 } | 322 } |
325 } | 323 } |
326 return CRYPT_OK; | 324 return CRYPT_OK; |
327 #endif | 325 #endif |
328 } | 326 } |
329 | 327 |
330 #ifdef LTC_SHA224 | 328 #endif |
331 #include "sha224.c" | 329 |
332 #endif | 330 |
333 | 331 |
334 #endif | 332 /* ref: $Format:%D$ */ |
335 | 333 /* git commit: $Format:%H$ */ |
336 | 334 /* commit time: $Format:%ai$ */ |
337 | |
338 /* $Source$ */ | |
339 /* $Revision$ */ | |
340 /* $Date$ */ |