"Fossies" - the Fresh Open Source Software Archive 
Member "littleutils-1.2.5/littleutils/sha256.c" (29 Oct 2021, 17716 Bytes) of package /linux/privat/littleutils-1.2.5.tar.lz:
As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style:
standard) with prefixed line numbers and
code folding option.
Alternatively you can here
view or
download the uninterpreted source code file.
For more information about "sha256.c" see the
Fossies "Dox" file reference documentation and the latest
Fossies "Diffs" side-by-side code changes report:
1.2.4_vs_1.2.5.
1 /* sha256.c - Functions to compute SHA256 and SHA224 message digest of files or
2 memory blocks according to the NIST specification FIPS-180-2.
3
4 Copyright (C) 2005-2006, 2008-2018 Free Software Foundation, Inc.
5
6 This program is free software: you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation, either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <https://www.gnu.org/licenses/>. */
18
19 /* Written by David Madore, considerably copypasting from Scott G. Miller's
20 sha1.c. Modifications for portability and partial file reads by Brian
21 Lindholm, 2007-2021. */
22
23 #include <config.h>
24
25 #ifdef HAVE_STDALIGN_H
26 # include <stdalign.h>
27 #endif
28 #ifdef HAVE_STDINT_H
29 # include <stdint.h>
30 #endif
31 #ifdef HAVE_STDLIB_H
32 # include <stdlib.h>
33 #endif
34 #ifdef HAVE_STRING_H
35 # include <string.h>
36 #endif
37 #ifdef HAVE_SYS_TYPES_H
38 # include <sys/types.h>
39 #endif
40
41 #include "sha256.h"
42
43 #ifdef WORDS_BIGENDIAN
44 # define SWAP(n) (n)
45 #else
46 # ifdef HAVE_BYTESWAP_H
47 # include <byteswap.h>
48 # define SWAP(n) bswap_32 (n)
49 # else
50 # define SWAP(n) (((n) << 24) | (((n) & 0xff00) << 8) | (((n) >> 8) & 0xff00) | ((n) >> 24))
51 # endif
52 #endif
53
54 #define BLOCKSIZE 32768
55 #if BLOCKSIZE % 64 != 0
56 # error "invalid BLOCKSIZE"
57 #endif
58
59 /* This array contains the bytes used to pad the buffer to the next
60 64-byte boundary. */
61 static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ };
62
63
64 /*
65 Takes a pointer to a 256 bit block of data (eight 32 bit ints) and
66 initializes it to the start constants of the SHA256 algorithm. This
67 must be called before using hash in the call to sha256_hash
68 */
69 void
70 sha256_init_ctx (struct sha256_ctx *ctx)
71 {
72 ctx->state[0] = 0x6a09e667UL;
73 ctx->state[1] = 0xbb67ae85UL;
74 ctx->state[2] = 0x3c6ef372UL;
75 ctx->state[3] = 0xa54ff53aUL;
76 ctx->state[4] = 0x510e527fUL;
77 ctx->state[5] = 0x9b05688cUL;
78 ctx->state[6] = 0x1f83d9abUL;
79 ctx->state[7] = 0x5be0cd19UL;
80
81 ctx->total[0] = ctx->total[1] = 0;
82 ctx->buflen = 0;
83 }
84
85 void
86 sha224_init_ctx (struct sha256_ctx *ctx)
87 {
88 ctx->state[0] = 0xc1059ed8UL;
89 ctx->state[1] = 0x367cd507UL;
90 ctx->state[2] = 0x3070dd17UL;
91 ctx->state[3] = 0xf70e5939UL;
92 ctx->state[4] = 0xffc00b31UL;
93 ctx->state[5] = 0x68581511UL;
94 ctx->state[6] = 0x64f98fa7UL;
95 ctx->state[7] = 0xbefa4fa4UL;
96
97 ctx->total[0] = ctx->total[1] = 0;
98 ctx->buflen = 0;
99 }
100
101 /* Copy the value from v into the memory location pointed to by *CP,
102 If your architecture allows unaligned access, this is equivalent to
103 * (__typeof__ (v) *) cp = v */
104 static void
105 set_uint32 (char *cp, uint32_t v)
106 {
107 memcpy (cp, &v, sizeof v);
108 }
109
110 /* Put result from CTX in first 32 bytes following RESBUF.
111 The result must be in little endian byte order. */
112 void *
113 sha256_read_ctx (const struct sha256_ctx *ctx, void *resbuf)
114 {
115 int i;
116 char *r = resbuf;
117
118 for (i = 0; i < 8; i++)
119 set_uint32 (r + i * sizeof ctx->state[0], SWAP (ctx->state[i]));
120
121 return resbuf;
122 }
123
124 void *
125 sha224_read_ctx (const struct sha256_ctx *ctx, void *resbuf)
126 {
127 int i;
128 char *r = resbuf;
129
130 for (i = 0; i < 7; i++)
131 set_uint32 (r + i * sizeof ctx->state[0], SWAP (ctx->state[i]));
132
133 return resbuf;
134 }
135
136 /* Process the remaining bytes in the internal buffer and the usual
137 prolog according to the standard and write the result to RESBUF. */
138 static void
139 sha256_conclude_ctx (struct sha256_ctx *ctx)
140 {
141 /* Take yet unprocessed bytes into account. */
142 size_t bytes = ctx->buflen;
143 size_t size = (bytes < 56) ? 64 / 4 : 64 * 2 / 4;
144
145 /* Now count remaining bytes. */
146 ctx->total[0] += bytes;
147 if (ctx->total[0] < bytes)
148 ++ctx->total[1];
149
150 /* Put the 64-bit file length in *bits* at the end of the buffer.
151 Use set_uint32 rather than a simple assignment, to avoid risk of
152 unaligned access. */
153 set_uint32 ((char *) &ctx->buffer[size - 2],
154 SWAP ((ctx->total[1] << 3) | (ctx->total[0] >> 29)));
155 set_uint32 ((char *) &ctx->buffer[size - 1],
156 SWAP (ctx->total[0] << 3));
157
158 memcpy (&((char *) ctx->buffer)[bytes], fillbuf, (size - 2) * 4 - bytes);
159
160 /* Process last bytes. */
161 sha256_process_block (ctx->buffer, size * 4, ctx);
162 }
163
164 void *
165 sha256_finish_ctx (struct sha256_ctx *ctx, void *resbuf)
166 {
167 sha256_conclude_ctx (ctx);
168 return sha256_read_ctx (ctx, resbuf);
169 }
170
171 void *
172 sha224_finish_ctx (struct sha256_ctx *ctx, void *resbuf)
173 {
174 sha256_conclude_ctx (ctx);
175 return sha224_read_ctx (ctx, resbuf);
176 }
177
178 /* Compute message digest for bytes read from STREAM using algorithm ALG.
179 Write the message digest into RESBLOCK, which contains HASHLEN bytes. The
180 initial and finishing operations are INIT_CTX and FINISH_CTX. Return zero
181 if and only if successful. Readbytes == -1 implies whole file. */
182 static int
183 shaxxx_stream (FILE *stream, char const *alg, void *resblock, off_t readbytes,
184 ssize_t hashlen, void (*init_ctx) (struct sha256_ctx *),
185 void *(*finish_ctx) (struct sha256_ctx *, void *))
186 {
187 char *buffer = malloc (BLOCKSIZE + 72);
188 if (!buffer)
189 return 1;
190
191 /* Initialize the computation context. */
192 struct sha256_ctx ctx;
193 init_ctx (&ctx);
194 size_t sum, target;
195 off_t total = 0;
196
197 /* Jump to end for readbytes == 0. */
198 if (readbytes == 0)
199 {
200 sum = 0;
201 goto process_partial_block;
202 }
203
204 /* Iterate over full file contents. */
205 while (1)
206 {
207 /* We read the file in blocks of BLOCKSIZE bytes. One call of the
208 computation function processes the whole buffer so that with the
209 next round of the loop another block can be read. */
210 size_t n;
211 if ((readbytes < 0) || ((readbytes - total) > (off_t) BLOCKSIZE))
212 target = (size_t) BLOCKSIZE;
213 else
214 target = (size_t) (readbytes - total);
215 sum = 0;
216
217 /* Read block. Take care for partial reads. */
218 while (1)
219 {
220 /* Either process a partial fread() from this loop,
221 or the fread() in afalg_stream may have gotten EOF.
222 We need to avoid a subsequent fread() as EOF may
223 not be sticky. For details of such systems, see:
224 https://sourceware.org/bugzilla/show_bug.cgi?id=1190 */
225 if (((off_t) sum >= target) || feof (stream))
226 goto process_partial_block;
227
228 n = fread (buffer + sum, 1, target - sum, stream);
229 sum += n;
230
231 if (sum == BLOCKSIZE)
232 break;
233
234 if (n == 0)
235 {
236 /* Check for the error flag IFF N == 0, so that we don't
237 exit the loop after a partial read due to e.g., EAGAIN
238 or EWOULDBLOCK. */
239 if (ferror (stream))
240 {
241 free (buffer);
242 return 1;
243 }
244 goto process_partial_block;
245 }
246 }
247 total += (off_t) sum;
248
249 /* Process buffer with BLOCKSIZE bytes. Note that
250 BLOCKSIZE % 64 == 0
251 */
252 sha256_process_block (buffer, BLOCKSIZE, &ctx);
253 }
254
255 process_partial_block:;
256
257 /* Process any remaining bytes. */
258 if (sum > 0)
259 sha256_process_bytes (buffer, sum, &ctx);
260
261 /* Construct result in desired memory. */
262 finish_ctx (&ctx, resblock);
263 free (buffer);
264 return 0;
265 }
266
267 int
268 sha256_stream (FILE *stream, void *resblock, off_t readbytes)
269 {
270 return shaxxx_stream (stream, "sha256", resblock, readbytes,
271 SHA256_DIGEST_SIZE, sha256_init_ctx,
272 sha256_finish_ctx);
273 }
274
275 int
276 sha224_stream (FILE *stream, void *resblock, off_t readbytes)
277 {
278 return shaxxx_stream (stream, "sha224", resblock, readbytes,
279 SHA224_DIGEST_SIZE, sha224_init_ctx,
280 sha224_finish_ctx);
281 }
282
283 /* Compute SHA256 message digest for LEN bytes beginning at BUFFER. The
284 result is always in little endian byte order, so that a byte-wise
285 output yields to the wanted ASCII representation of the message
286 digest. */
287 void *
288 sha256_buffer (const char *buffer, size_t len, void *resblock)
289 {
290 struct sha256_ctx ctx;
291
292 /* Initialize the computation context. */
293 sha256_init_ctx (&ctx);
294
295 /* Process whole buffer but last len % 64 bytes. */
296 sha256_process_bytes (buffer, len, &ctx);
297
298 /* Put result in desired memory area. */
299 return sha256_finish_ctx (&ctx, resblock);
300 }
301
302 void *
303 sha224_buffer (const char *buffer, size_t len, void *resblock)
304 {
305 struct sha256_ctx ctx;
306
307 /* Initialize the computation context. */
308 sha224_init_ctx (&ctx);
309
310 /* Process whole buffer but last len % 64 bytes. */
311 sha256_process_bytes (buffer, len, &ctx);
312
313 /* Put result in desired memory area. */
314 return sha224_finish_ctx (&ctx, resblock);
315 }
316
317 void
318 sha256_process_bytes (const void *buffer, size_t len, struct sha256_ctx *ctx)
319 {
320 /* When we already have some bits in our internal buffer concatenate
321 both inputs first. */
322 if (ctx->buflen != 0)
323 {
324 size_t left_over = ctx->buflen;
325 size_t add = 128 - left_over > len ? len : 128 - left_over;
326
327 memcpy (&((char *) ctx->buffer)[left_over], buffer, add);
328 ctx->buflen += add;
329
330 if (ctx->buflen > 64)
331 {
332 sha256_process_block (ctx->buffer, ctx->buflen & ~63, ctx);
333
334 ctx->buflen &= 63;
335 /* The regions in the following copy operation cannot overlap,
336 because ctx->buflen < 64 ≤ (left_over + add) & ~63. */
337 memcpy (ctx->buffer,
338 &((char *) ctx->buffer)[(left_over + add) & ~63],
339 ctx->buflen);
340 }
341
342 buffer = (const char *) buffer + add;
343 len -= add;
344 }
345
346 /* Process available complete blocks. */
347 if (len >= 64)
348 {
349 #if !(_STRING_ARCH_unaligned || _STRING_INLINE_unaligned)
350 # define UNALIGNED_P(p) ((uintptr_t) (p) % alignof (uint32_t) != 0)
351 if (UNALIGNED_P (buffer))
352 while (len > 64)
353 {
354 sha256_process_block (memcpy (ctx->buffer, buffer, 64), 64, ctx);
355 buffer = (const char *) buffer + 64;
356 len -= 64;
357 }
358 else
359 #endif
360 {
361 sha256_process_block (buffer, len & ~63, ctx);
362 buffer = (const char *) buffer + (len & ~63);
363 len &= 63;
364 }
365 }
366
367 /* Move remaining bytes in internal buffer. */
368 if (len > 0)
369 {
370 size_t left_over = ctx->buflen;
371
372 memcpy (&((char *) ctx->buffer)[left_over], buffer, len);
373 left_over += len;
374 if (left_over >= 64)
375 {
376 sha256_process_block (ctx->buffer, 64, ctx);
377 left_over -= 64;
378 /* The regions in the following copy operation cannot overlap,
379 because left_over ≤ 64. */
380 memcpy (ctx->buffer, &ctx->buffer[16], left_over);
381 }
382 ctx->buflen = left_over;
383 }
384 }
385
386 /* --- Code below is the primary difference between sha1.c and sha256.c --- */
387
388 /* SHA256 round constants */
389 #define K(I) sha256_round_constants[I]
390 static const uint32_t sha256_round_constants[64] = {
391 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
392 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
393 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
394 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
395 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
396 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
397 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
398 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
399 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
400 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
401 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
402 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
403 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
404 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
405 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
406 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL,
407 };
408
409 /* Round functions. */
410 #define F2(A,B,C) ( ( A & B ) | ( C & ( A | B ) ) )
411 #define F1(E,F,G) ( G ^ ( E & ( F ^ G ) ) )
412
413 /* Process LEN bytes of BUFFER, accumulating context into CTX.
414 It is assumed that LEN % 64 == 0.
415 Most of this code comes from GnuPG's cipher/sha1.c. */
416
417 void
418 sha256_process_block (const void *buffer, size_t len, struct sha256_ctx *ctx)
419 {
420 const uint32_t *words = buffer;
421 size_t nwords = len / sizeof (uint32_t);
422 const uint32_t *endp = words + nwords;
423 uint32_t x[16];
424 uint32_t a = ctx->state[0];
425 uint32_t b = ctx->state[1];
426 uint32_t c = ctx->state[2];
427 uint32_t d = ctx->state[3];
428 uint32_t e = ctx->state[4];
429 uint32_t f = ctx->state[5];
430 uint32_t g = ctx->state[6];
431 uint32_t h = ctx->state[7];
432 uint32_t lolen = len;
433
434 /* First increment the byte count. FIPS PUB 180-2 specifies the possible
435 length of the file up to 2^64 bits. Here we only compute the
436 number of bytes. Do a double word increment. */
437 ctx->total[0] += lolen;
438 ctx->total[1] += (len >> 31 >> 1) + (ctx->total[0] < lolen);
439
440 #define rol(x, n) (((x) << (n)) | ((x) >> (32 - (n))))
441 #define S0(x) (rol(x,25)^rol(x,14)^(x>>3))
442 #define S1(x) (rol(x,15)^rol(x,13)^(x>>10))
443 #define SS0(x) (rol(x,30)^rol(x,19)^rol(x,10))
444 #define SS1(x) (rol(x,26)^rol(x,21)^rol(x,7))
445
446 #define M(I) ( tm = S1(x[(I-2)&0x0f]) + x[(I-7)&0x0f] \
447 + S0(x[(I-15)&0x0f]) + x[I&0x0f] \
448 , x[I&0x0f] = tm )
449
450 #define R(A,B,C,D,E,F,G,H,K,M) do { t0 = SS0(A) + F2(A,B,C); \
451 t1 = H + SS1(E) \
452 + F1(E,F,G) \
453 + K \
454 + M; \
455 D += t1; H = t0 + t1; \
456 } while(0)
457
458 while (words < endp)
459 {
460 uint32_t tm;
461 uint32_t t0, t1;
462 int t;
463 /* FIXME: see sha1.c for a better implementation. */
464 for (t = 0; t < 16; t++)
465 {
466 x[t] = SWAP (*words);
467 words++;
468 }
469
470 R( a, b, c, d, e, f, g, h, K( 0), x[ 0] );
471 R( h, a, b, c, d, e, f, g, K( 1), x[ 1] );
472 R( g, h, a, b, c, d, e, f, K( 2), x[ 2] );
473 R( f, g, h, a, b, c, d, e, K( 3), x[ 3] );
474 R( e, f, g, h, a, b, c, d, K( 4), x[ 4] );
475 R( d, e, f, g, h, a, b, c, K( 5), x[ 5] );
476 R( c, d, e, f, g, h, a, b, K( 6), x[ 6] );
477 R( b, c, d, e, f, g, h, a, K( 7), x[ 7] );
478 R( a, b, c, d, e, f, g, h, K( 8), x[ 8] );
479 R( h, a, b, c, d, e, f, g, K( 9), x[ 9] );
480 R( g, h, a, b, c, d, e, f, K(10), x[10] );
481 R( f, g, h, a, b, c, d, e, K(11), x[11] );
482 R( e, f, g, h, a, b, c, d, K(12), x[12] );
483 R( d, e, f, g, h, a, b, c, K(13), x[13] );
484 R( c, d, e, f, g, h, a, b, K(14), x[14] );
485 R( b, c, d, e, f, g, h, a, K(15), x[15] );
486 R( a, b, c, d, e, f, g, h, K(16), M(16) );
487 R( h, a, b, c, d, e, f, g, K(17), M(17) );
488 R( g, h, a, b, c, d, e, f, K(18), M(18) );
489 R( f, g, h, a, b, c, d, e, K(19), M(19) );
490 R( e, f, g, h, a, b, c, d, K(20), M(20) );
491 R( d, e, f, g, h, a, b, c, K(21), M(21) );
492 R( c, d, e, f, g, h, a, b, K(22), M(22) );
493 R( b, c, d, e, f, g, h, a, K(23), M(23) );
494 R( a, b, c, d, e, f, g, h, K(24), M(24) );
495 R( h, a, b, c, d, e, f, g, K(25), M(25) );
496 R( g, h, a, b, c, d, e, f, K(26), M(26) );
497 R( f, g, h, a, b, c, d, e, K(27), M(27) );
498 R( e, f, g, h, a, b, c, d, K(28), M(28) );
499 R( d, e, f, g, h, a, b, c, K(29), M(29) );
500 R( c, d, e, f, g, h, a, b, K(30), M(30) );
501 R( b, c, d, e, f, g, h, a, K(31), M(31) );
502 R( a, b, c, d, e, f, g, h, K(32), M(32) );
503 R( h, a, b, c, d, e, f, g, K(33), M(33) );
504 R( g, h, a, b, c, d, e, f, K(34), M(34) );
505 R( f, g, h, a, b, c, d, e, K(35), M(35) );
506 R( e, f, g, h, a, b, c, d, K(36), M(36) );
507 R( d, e, f, g, h, a, b, c, K(37), M(37) );
508 R( c, d, e, f, g, h, a, b, K(38), M(38) );
509 R( b, c, d, e, f, g, h, a, K(39), M(39) );
510 R( a, b, c, d, e, f, g, h, K(40), M(40) );
511 R( h, a, b, c, d, e, f, g, K(41), M(41) );
512 R( g, h, a, b, c, d, e, f, K(42), M(42) );
513 R( f, g, h, a, b, c, d, e, K(43), M(43) );
514 R( e, f, g, h, a, b, c, d, K(44), M(44) );
515 R( d, e, f, g, h, a, b, c, K(45), M(45) );
516 R( c, d, e, f, g, h, a, b, K(46), M(46) );
517 R( b, c, d, e, f, g, h, a, K(47), M(47) );
518 R( a, b, c, d, e, f, g, h, K(48), M(48) );
519 R( h, a, b, c, d, e, f, g, K(49), M(49) );
520 R( g, h, a, b, c, d, e, f, K(50), M(50) );
521 R( f, g, h, a, b, c, d, e, K(51), M(51) );
522 R( e, f, g, h, a, b, c, d, K(52), M(52) );
523 R( d, e, f, g, h, a, b, c, K(53), M(53) );
524 R( c, d, e, f, g, h, a, b, K(54), M(54) );
525 R( b, c, d, e, f, g, h, a, K(55), M(55) );
526 R( a, b, c, d, e, f, g, h, K(56), M(56) );
527 R( h, a, b, c, d, e, f, g, K(57), M(57) );
528 R( g, h, a, b, c, d, e, f, K(58), M(58) );
529 R( f, g, h, a, b, c, d, e, K(59), M(59) );
530 R( e, f, g, h, a, b, c, d, K(60), M(60) );
531 R( d, e, f, g, h, a, b, c, K(61), M(61) );
532 R( c, d, e, f, g, h, a, b, K(62), M(62) );
533 R( b, c, d, e, f, g, h, a, K(63), M(63) );
534
535 a = ctx->state[0] += a;
536 b = ctx->state[1] += b;
537 c = ctx->state[2] += c;
538 d = ctx->state[3] += d;
539 e = ctx->state[4] += e;
540 f = ctx->state[5] += f;
541 g = ctx->state[6] += g;
542 h = ctx->state[7] += h;
543 }
544 }