1/* sha256.c 2** 3** Copyright 2013, The Android Open Source Project 4** 5** Redistribution and use in source and binary forms, with or without 6** modification, are permitted provided that the following conditions are met: 7** * Redistributions of source code must retain the above copyright 8** notice, this list of conditions and the following disclaimer. 9** * Redistributions in binary form must reproduce the above copyright 10** notice, this list of conditions and the following disclaimer in the 11** documentation and/or other materials provided with the distribution. 12** * Neither the name of Google Inc. nor the names of its contributors may 13** be used to endorse or promote products derived from this software 14** without specific prior written permission. 15** 16** THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR 17** IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 18** MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO 19** EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 20** SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 21** PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 22** OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 23** WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 24** OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 25** ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26*/ 27 28// Optimized for minimal code size. 29 30#include "mincrypt/sha256.h" 31 32#include <stdio.h> 33#include <string.h> 34#include <stdint.h> 35 36#define ror(value, bits) (((value) >> (bits)) | ((value) << (32 - (bits)))) 37#define shr(value, bits) ((value) >> (bits)) 38 39static const uint32_t K[64] = { 40 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 41 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 42 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 43 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 44 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 45 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 46 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 47 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, 48 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 49 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 50 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 51 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, 52 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 53 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, 54 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 55 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 }; 56 57static void SHA256_Transform(SHA256_CTX* ctx) { 58 uint32_t W[64]; 59 uint32_t A, B, C, D, E, F, G, H; 60 uint8_t* p = ctx->buf; 61 int t; 62 63 for(t = 0; t < 16; ++t) { 64 uint32_t tmp = *p++ << 24; 65 tmp |= *p++ << 16; 66 tmp |= *p++ << 8; 67 tmp |= *p++; 68 W[t] = tmp; 69 } 70 71 for(; t < 64; t++) { 72 uint32_t s0 = ror(W[t-15], 7) ^ ror(W[t-15], 18) ^ shr(W[t-15], 3); 73 uint32_t s1 = ror(W[t-2], 17) ^ ror(W[t-2], 19) ^ shr(W[t-2], 10); 74 W[t] = W[t-16] + s0 + W[t-7] + s1; 75 } 76 77 A = ctx->state[0]; 78 B = ctx->state[1]; 79 C = ctx->state[2]; 80 D = ctx->state[3]; 81 E = ctx->state[4]; 82 F = ctx->state[5]; 83 G = ctx->state[6]; 84 H = ctx->state[7]; 85 86 for(t = 0; t < 64; t++) { 87 uint32_t s0 = ror(A, 2) ^ ror(A, 13) ^ ror(A, 22); 88 uint32_t maj = (A & B) ^ (A & C) ^ (B & C); 89 uint32_t t2 = s0 + maj; 90 uint32_t s1 = ror(E, 6) ^ ror(E, 11) ^ ror(E, 25); 91 uint32_t ch = (E & F) ^ ((~E) & G); 92 uint32_t t1 = H + s1 + ch + K[t] + W[t]; 93 94 H = G; 95 G = F; 96 F = E; 97 E = D + t1; 98 D = C; 99 C = B; 100 B = A; 101 A = t1 + t2; 102 } 103 104 ctx->state[0] += A; 105 ctx->state[1] += B; 106 ctx->state[2] += C; 107 ctx->state[3] += D; 108 ctx->state[4] += E; 109 ctx->state[5] += F; 110 ctx->state[6] += G; 111 ctx->state[7] += H; 112} 113 114static const HASH_VTAB SHA256_VTAB = { 115 SHA256_init, 116 SHA256_update, 117 SHA256_final, 118 SHA256_hash, 119 SHA256_DIGEST_SIZE 120}; 121 122void SHA256_init(SHA256_CTX* ctx) { 123 ctx->f = &SHA256_VTAB; 124 ctx->state[0] = 0x6a09e667; 125 ctx->state[1] = 0xbb67ae85; 126 ctx->state[2] = 0x3c6ef372; 127 ctx->state[3] = 0xa54ff53a; 128 ctx->state[4] = 0x510e527f; 129 ctx->state[5] = 0x9b05688c; 130 ctx->state[6] = 0x1f83d9ab; 131 ctx->state[7] = 0x5be0cd19; 132 ctx->count = 0; 133} 134 135 136void SHA256_update(SHA256_CTX* ctx, const void* data, int len) { 137 int i = (int) (ctx->count & 63); 138 const uint8_t* p = (const uint8_t*)data; 139 140 ctx->count += len; 141 142 while (len--) { 143 ctx->buf[i++] = *p++; 144 if (i == 64) { 145 SHA256_Transform(ctx); 146 i = 0; 147 } 148 } 149} 150 151 152const uint8_t* SHA256_final(SHA256_CTX* ctx) { 153 uint8_t *p = ctx->buf; 154 uint64_t cnt = ctx->count * 8; 155 int i; 156 157 SHA256_update(ctx, (uint8_t*)"\x80", 1); 158 while ((ctx->count & 63) != 56) { 159 SHA256_update(ctx, (uint8_t*)"\0", 1); 160 } 161 for (i = 0; i < 8; ++i) { 162 uint8_t tmp = (uint8_t) (cnt >> ((7 - i) * 8)); 163 SHA256_update(ctx, &tmp, 1); 164 } 165 166 for (i = 0; i < 8; i++) { 167 uint32_t tmp = ctx->state[i]; 168 *p++ = tmp >> 24; 169 *p++ = tmp >> 16; 170 *p++ = tmp >> 8; 171 *p++ = tmp >> 0; 172 } 173 174 return ctx->buf; 175} 176 177/* Convenience function */ 178const uint8_t* SHA256_hash(const void* data, int len, uint8_t* digest) { 179 SHA256_CTX ctx; 180 SHA256_init(&ctx); 181 SHA256_update(&ctx, data, len); 182 memcpy(digest, SHA256_final(&ctx), SHA256_DIGEST_SIZE); 183 return digest; 184} 185