"Fossies" - the Fresh Open Source Software Archive

Member "xorriso-1.5.4/libjte/sha256.c" (30 Jan 2021, 8849 Bytes) of package /linux/misc/xorriso-1.5.4.pl02.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "sha256.c" see the Fossies "Dox" file reference documentation and the last Fossies "Diffs" side-by-side code changes report: 1.5.2_vs_1.5.4.

    1 /* Functions to compute SHA256 message digest of files or memory blocks.
    2    according to the definition of SHA256 in FIPS 180-2.
    3    Copyright (C) 2007 Free Software Foundation, Inc.
    4 
    5    Copied here from the GNU C Library version 2.7 on the 10 May 2009
    6    by Steve McIntyre <93sam@debian.org>. This code was under LGPL v2.1
    7    in glibc, and that license gives us the option to use and
    8    distribute the code under the terms of the GPL v2 instead. I'm
    9    taking that option.
   10 
   11    This program is free software; you can redistribute it and/or modify it
   12    under the terms of the GNU General Public License as published by the
   13    Free Software Foundation; either version 2, or (at your option) any
   14    later version.
   15 
   16    This program is distributed in the hope that it will be useful,
   17    but WITHOUT ANY WARRANTY; without even the implied warranty of
   18    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   19    GNU General Public License for more details.
   20 
   21    You should have received a copy of the GNU General Public License
   22    along with this program; if not, write to the Free Software Foundation,
   23    Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.  */
   24 
   25 /* Written by Ulrich Drepper <drepper@redhat.com>, 2007.  */
   26 
   27 #ifdef HAVE_CONFIG_H
   28 #include "../config.h"
   29 #endif
   30 
   31 #include <stdlib.h>
   32 #include <string.h>
   33 #include <sys/types.h>
   34 
   35 #include "sha256.h"
   36 
   37 #if __BYTE_ORDER == __LITTLE_ENDIAN
   38 # ifdef _LIBC
   39 #  include <byteswap.h>
   40 #  define SWAP(n) bswap_32 (n)
   41 # else
   42 #  define SWAP(n) \
   43     (((n) << 24) | (((n) & 0xff00) << 8) | (((n) >> 8) & 0xff00) | ((n) >> 24))
   44 # endif
   45 #else
   46 # define SWAP(n) (n)
   47 #endif
   48 
   49 
   50 /* This array contains the bytes used to pad the buffer to the next
   51    64-byte boundary.  (FIPS 180-2:5.1.1)  */
   52 static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ...  */ };
   53 
   54 
   55 /* Constants for SHA256 from FIPS 180-2:4.2.2.  */
   56 static const uint32_t K[64] =
   57   {
   58     0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
   59     0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
   60     0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
   61     0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
   62     0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
   63     0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
   64     0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
   65     0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
   66     0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
   67     0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
   68     0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
   69     0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
   70     0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
   71     0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
   72     0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
   73     0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
   74   };
   75 
   76 
   77 /* Process LEN bytes of BUFFER, accumulating context into CTX.
   78    It is assumed that LEN % 64 == 0.  */
   79 static void
   80 sha256_process_block (const void *buffer, size_t len, struct sha256_ctx *ctx)
   81 {
   82   const uint32_t *words = buffer;
   83   size_t nwords = len / sizeof (uint32_t);
   84   uint32_t a = ctx->H[0];
   85   uint32_t b = ctx->H[1];
   86   uint32_t c = ctx->H[2];
   87   uint32_t d = ctx->H[3];
   88   uint32_t e = ctx->H[4];
   89   uint32_t f = ctx->H[5];
   90   uint32_t g = ctx->H[6];
   91   uint32_t h = ctx->H[7];
   92 
   93   /* First increment the byte count.  FIPS 180-2 specifies the possible
   94      length of the file up to 2^64 bits.  Here we only compute the
   95      number of bytes.  Do a double word increment.  */
   96   ctx->total[0] += len;
   97   if (ctx->total[0] < len)
   98     ++ctx->total[1];
   99 
  100   /* Process all bytes in the buffer with 64 bytes in each round of
  101      the loop.  */
  102   while (nwords > 0)
  103     {
  104       uint32_t W[64];
  105       uint32_t a_save = a;
  106       uint32_t b_save = b;
  107       uint32_t c_save = c;
  108       uint32_t d_save = d;
  109       uint32_t e_save = e;
  110       uint32_t f_save = f;
  111       uint32_t g_save = g;
  112       uint32_t h_save = h;
  113 
  114       unsigned int t;
  115 
  116       /* Operators defined in FIPS 180-2:4.1.2.  */
  117 #define Ch(x, y, z) ((x & y) ^ (~x & z))
  118 #define Maj(x, y, z) ((x & y) ^ (x & z) ^ (y & z))
  119 #define S0(x) (CYCLIC (x, 2) ^ CYCLIC (x, 13) ^ CYCLIC (x, 22))
  120 #define S1(x) (CYCLIC (x, 6) ^ CYCLIC (x, 11) ^ CYCLIC (x, 25))
  121 #define R0(x) (CYCLIC (x, 7) ^ CYCLIC (x, 18) ^ (x >> 3))
  122 #define R1(x) (CYCLIC (x, 17) ^ CYCLIC (x, 19) ^ (x >> 10))
  123 
  124       /* It is unfortunate that C does not provide an operator for
  125      cyclic rotation.  Hope the C compiler is smart enough.  */
  126 #define CYCLIC(w, s) ((w >> s) | (w << (32 - s)))
  127 
  128       /* Compute the message schedule according to FIPS 180-2:6.2.2 step 2.  */
  129       for (t = 0; t < 16; ++t)
  130     {
  131       W[t] = SWAP (*words);
  132       ++words;
  133     }
  134       for (t = 16; t < 64; ++t)
  135     W[t] = R1 (W[t - 2]) + W[t - 7] + R0 (W[t - 15]) + W[t - 16];
  136 
  137       /* The actual computation according to FIPS 180-2:6.2.2 step 3.  */
  138       for (t = 0; t < 64; ++t)
  139     {
  140       uint32_t T1 = h + S1 (e) + Ch (e, f, g) + K[t] + W[t];
  141       uint32_t T2 = S0 (a) + Maj (a, b, c);
  142       h = g;
  143       g = f;
  144       f = e;
  145       e = d + T1;
  146       d = c;
  147       c = b;
  148       b = a;
  149       a = T1 + T2;
  150     }
  151 
  152       /* Add the starting values of the context according to FIPS 180-2:6.2.2
  153      step 4.  */
  154       a += a_save;
  155       b += b_save;
  156       c += c_save;
  157       d += d_save;
  158       e += e_save;
  159       f += f_save;
  160       g += g_save;
  161       h += h_save;
  162 
  163       /* Prepare for the next round.  */
  164       nwords -= 16;
  165     }
  166 
  167   /* Put checksum in context given as argument.  */
  168   ctx->H[0] = a;
  169   ctx->H[1] = b;
  170   ctx->H[2] = c;
  171   ctx->H[3] = d;
  172   ctx->H[4] = e;
  173   ctx->H[5] = f;
  174   ctx->H[6] = g;
  175   ctx->H[7] = h;
  176 }
  177 
  178 
  179 /* Initialize structure containing state of computation.
  180    (FIPS 180-2:5.3.2)  */
  181 void
  182 sha256_init_ctx (struct sha256_ctx *ctx)
  183 {
  184   ctx->H[0] = 0x6a09e667;
  185   ctx->H[1] = 0xbb67ae85;
  186   ctx->H[2] = 0x3c6ef372;
  187   ctx->H[3] = 0xa54ff53a;
  188   ctx->H[4] = 0x510e527f;
  189   ctx->H[5] = 0x9b05688c;
  190   ctx->H[6] = 0x1f83d9ab;
  191   ctx->H[7] = 0x5be0cd19;
  192 
  193   ctx->total[0] = ctx->total[1] = 0;
  194   ctx->buflen = 0;
  195 }
  196 
  197 
  198 /* Process the remaining bytes in the internal buffer and the usual
  199    prolog according to the standard and write the result to RESBUF.
  200 
  201    IMPORTANT: On some systems it is required that RESBUF is correctly
  202    aligned for a 32 bits value.  */
  203 void *
  204 sha256_finish_ctx (struct sha256_ctx *ctx, void *resbuf)
  205 {
  206   /* Take yet unprocessed bytes into account.  */
  207   uint32_t bytes = ctx->buflen;
  208   size_t pad;
  209   unsigned int i;
  210 
  211   /* Now count remaining bytes.  */
  212   ctx->total[0] += bytes;
  213   if (ctx->total[0] < bytes)
  214     ++ctx->total[1];
  215 
  216   pad = bytes >= 56 ? 64 + 56 - bytes : 56 - bytes;
  217   memcpy (&ctx->buffer[bytes], fillbuf, pad);
  218 
  219   /* Put the 64-bit file length in *bits* at the end of the buffer.  */
  220   *(uint32_t *) &ctx->buffer[bytes + pad + 4] = SWAP (ctx->total[0] << 3);
  221   *(uint32_t *) &ctx->buffer[bytes + pad] = SWAP ((ctx->total[1] << 3) |
  222                           (ctx->total[0] >> 29));
  223 
  224   /* Process last bytes.  */
  225   sha256_process_block (ctx->buffer, bytes + pad + 8, ctx);
  226 
  227   /* Put result from CTX in first 32 bytes following RESBUF.  */
  228   for (i = 0; i < 8; ++i)
  229     ((uint32_t *) resbuf)[i] = SWAP (ctx->H[i]);
  230 
  231   return resbuf;
  232 }
  233 
  234 
  235 void
  236 sha256_process_bytes (const void *buffer, size_t len, struct sha256_ctx *ctx)
  237 {
  238   /* When we already have some bits in our internal buffer concatenate
  239      both inputs first.  */
  240   if (ctx->buflen != 0)
  241     {
  242       size_t left_over = ctx->buflen;
  243       size_t add = 128 - left_over > len ? len : 128 - left_over;
  244 
  245       memcpy (&ctx->buffer[left_over], buffer, add);
  246       ctx->buflen += add;
  247 
  248       if (ctx->buflen > 64)
  249     {
  250       sha256_process_block (ctx->buffer, ctx->buflen & ~63, ctx);
  251 
  252       ctx->buflen &= 63;
  253       /* The regions in the following copy operation cannot overlap.  */
  254       memcpy (ctx->buffer, &ctx->buffer[(left_over + add) & ~63],
  255           ctx->buflen);
  256     }
  257 
  258       buffer = (const char *) buffer + add;
  259       len -= add;
  260     }
  261 
  262   /* Process available complete blocks.  */
  263   if (len >= 64)
  264     {
  265 #if !_STRING_ARCH_unaligned
  266 /* To check alignment gcc has an appropriate operator.  Other
  267    compilers don't.  */
  268 # if __GNUC__ >= 2
  269 #  define UNALIGNED_P(p) (((uintptr_t) p) % __alignof__ (uint32_t) != 0)
  270 # else
  271 #  define UNALIGNED_P(p) (((uintptr_t) p) % sizeof (uint32_t) != 0)
  272 # endif
  273       if (UNALIGNED_P (buffer))
  274     while (len > 64)
  275       {
  276         sha256_process_block (memcpy (ctx->buffer, buffer, 64), 64, ctx);
  277         buffer = (const char *) buffer + 64;
  278         len -= 64;
  279       }
  280       else
  281 #endif
  282     {
  283       sha256_process_block (buffer, len & ~63, ctx);
  284       buffer = (const char *) buffer + (len & ~63);
  285       len &= 63;
  286     }
  287     }
  288 
  289   /* Move remaining bytes into internal buffer.  */
  290   if (len > 0)
  291     {
  292       size_t left_over = ctx->buflen;
  293 
  294       memcpy (&ctx->buffer[left_over], buffer, len);
  295       left_over += len;
  296       if (left_over >= 64)
  297     {
  298       sha256_process_block (ctx->buffer, 64, ctx);
  299       left_over -= 64;
  300       memcpy (ctx->buffer, &ctx->buffer[64], left_over);
  301     }
  302       ctx->buflen = left_over;
  303     }
  304 }