]> git.proxmox.com Git - grub2.git/blob - grub-core/lib/libgcrypt/cipher/sha256.c
projects / grub2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Import grub2_2.02+dfsg1.orig.tar.xz
[grub2.git] / grub-core / lib / libgcrypt / cipher / sha256.c
1 /* sha256.c - SHA256 hash function
2 * Copyright (C) 2003, 2006, 2008, 2009 Free Software Foundation, Inc.
3 *
4 * This file is part of Libgcrypt.
5 *
6 * Libgcrypt is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU Lesser General Public License as
8 * published by the Free Software Foundation; either version 2.1 of
9 * the License, or (at your option) any later version.
10 *
11 * Libgcrypt is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this program; if not, see <http://www.gnu.org/licenses/>.
18 */
19
20
21 /* Test vectors:
22
23 "abc"
24 SHA224: 23097d22 3405d822 8642a477 bda255b3 2aadbce4 bda0b3f7 e36c9da7
25 SHA256: ba7816bf 8f01cfea 414140de 5dae2223 b00361a3 96177a9c b410ff61 f20015ad
26
27 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
28 SHA224: 75388b16 512776cc 5dba5da1 fd890150 b0c6455c b4f58b19 52522525
29 SHA256: 248d6a61 d20638b8 e5c02693 0c3e6039 a33ce459 64ff2167 f6ecedd4 19db06c1
30
31 "a" one million times
32 SHA224: 20794655 980c91d8 bbb4c1ea 97618a4b f03f4258 1948b2ee 4ee7ad67
33 SHA256: cdc76e5c 9914fb92 81a1c7e2 84d73e67 f1809a48 a497200e 046d39cc c7112cd0
34
35 */
36
37
38 #include <config.h>
39 #include <stdio.h>
40 #include <stdlib.h>
41 #include <string.h>
42
43 #include "g10lib.h"
44 #include "bithelp.h"
45 #include "cipher.h"
46 #include "hash-common.h"
47
48 typedef struct {
49 u32 h0,h1,h2,h3,h4,h5,h6,h7;
50 u32 nblocks;
51 byte buf[64];
52 int count;
53 } SHA256_CONTEXT;
54
55
56 static void
57 sha256_init (void *context)
58 {
59 SHA256_CONTEXT *hd = context;
60
61 hd->h0 = 0x6a09e667;
62 hd->h1 = 0xbb67ae85;
63 hd->h2 = 0x3c6ef372;
64 hd->h3 = 0xa54ff53a;
65 hd->h4 = 0x510e527f;
66 hd->h5 = 0x9b05688c;
67 hd->h6 = 0x1f83d9ab;
68 hd->h7 = 0x5be0cd19;
69
70 hd->nblocks = 0;
71 hd->count = 0;
72 }
73
74
75 static void
76 sha224_init (void *context)
77 {
78 SHA256_CONTEXT *hd = context;
79
80 hd->h0 = 0xc1059ed8;
81 hd->h1 = 0x367cd507;
82 hd->h2 = 0x3070dd17;
83 hd->h3 = 0xf70e5939;
84 hd->h4 = 0xffc00b31;
85 hd->h5 = 0x68581511;
86 hd->h6 = 0x64f98fa7;
87 hd->h7 = 0xbefa4fa4;
88
89 hd->nblocks = 0;
90 hd->count = 0;
91 }
92
93
94 /*
95 Transform the message X which consists of 16 32-bit-words. See FIPS
96 180-2 for details. */
97 #define S0(x) (ror ((x), 7) ^ ror ((x), 18) ^ ((x) >> 3)) /* (4.6) */
98 #define S1(x) (ror ((x), 17) ^ ror ((x), 19) ^ ((x) >> 10)) /* (4.7) */
99 #define R(a,b,c,d,e,f,g,h,k,w) do \
100 { \
101 t1 = (h) + Sum1((e)) + Cho((e),(f),(g)) + (k) + (w); \
102 t2 = Sum0((a)) + Maj((a),(b),(c)); \
103 h = g; \
104 g = f; \
105 f = e; \
106 e = d + t1; \
107 d = c; \
108 c = b; \
109 b = a; \
110 a = t1 + t2; \
111 } while (0)
112
113 /* (4.2) same as SHA-1's F1. */
114 static inline u32
115 Cho (u32 x, u32 y, u32 z)
116 {
117 return (z ^ (x & (y ^ z)));
118 }
119
120 /* (4.3) same as SHA-1's F3 */
121 static inline u32
122 Maj (u32 x, u32 y, u32 z)
123 {
124 return ((x & y) | (z & (x|y)));
125 }
126
127 /* (4.4) */
128 static inline u32
129 Sum0 (u32 x)
130 {
131 return (ror (x, 2) ^ ror (x, 13) ^ ror (x, 22));
132 }
133
134 /* (4.5) */
135 static inline u32
136 Sum1 (u32 x)
137 {
138 return (ror (x, 6) ^ ror (x, 11) ^ ror (x, 25));
139 }
140
141
142 static void
143 transform (SHA256_CONTEXT *hd, const unsigned char *data)
144 {
145 static const u32 K[64] = {
146 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
147 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
148 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
149 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
150 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
151 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
152 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
153 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
154 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
155 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
156 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
157 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
158 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
159 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
160 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
161 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
162 };
163
164 u32 a,b,c,d,e,f,g,h,t1,t2;
165 u32 x[16];
166 u32 w[64];
167 int i;
168
169 a = hd->h0;
170 b = hd->h1;
171 c = hd->h2;
172 d = hd->h3;
173 e = hd->h4;
174 f = hd->h5;
175 g = hd->h6;
176 h = hd->h7;
177
178 #ifdef WORDS_BIGENDIAN
179 memcpy (x, data, 64);
180 #else
181 {
182 byte *p2;
183
184 for (i=0, p2=(byte*)x; i < 16; i++, p2 += 4 )
185 {
186 p2[3] = *data++;
187 p2[2] = *data++;
188 p2[1] = *data++;
189 p2[0] = *data++;
190 }
191 }
192 #endif
193
194 for (i=0; i < 16; i++)
195 w[i] = x[i];
196 for (; i < 64; i++)
197 w[i] = S1(w[i-2]) + w[i-7] + S0(w[i-15]) + w[i-16];
198
199 for (i=0; i < 64;)
200 {
201 #if 0
202 R(a,b,c,d,e,f,g,h,K[i],w[i]);
203 i++;
204 #else
205 t1 = h + Sum1 (e) + Cho (e, f, g) + K[i] + w[i];
206 t2 = Sum0 (a) + Maj (a, b, c);
207 d += t1;
208 h = t1 + t2;
209
210 t1 = g + Sum1 (d) + Cho (d, e, f) + K[i+1] + w[i+1];
211 t2 = Sum0 (h) + Maj (h, a, b);
212 c += t1;
213 g = t1 + t2;
214
215 t1 = f + Sum1 (c) + Cho (c, d, e) + K[i+2] + w[i+2];
216 t2 = Sum0 (g) + Maj (g, h, a);
217 b += t1;
218 f = t1 + t2;
219
220 t1 = e + Sum1 (b) + Cho (b, c, d) + K[i+3] + w[i+3];
221 t2 = Sum0 (f) + Maj (f, g, h);
222 a += t1;
223 e = t1 + t2;
224
225 t1 = d + Sum1 (a) + Cho (a, b, c) + K[i+4] + w[i+4];
226 t2 = Sum0 (e) + Maj (e, f, g);
227 h += t1;
228 d = t1 + t2;
229
230 t1 = c + Sum1 (h) + Cho (h, a, b) + K[i+5] + w[i+5];
231 t2 = Sum0 (d) + Maj (d, e, f);
232 g += t1;
233 c = t1 + t2;
234
235 t1 = b + Sum1 (g) + Cho (g, h, a) + K[i+6] + w[i+6];
236 t2 = Sum0 (c) + Maj (c, d, e);
237 f += t1;
238 b = t1 + t2;
239
240 t1 = a + Sum1 (f) + Cho (f, g, h) + K[i+7] + w[i+7];
241 t2 = Sum0 (b) + Maj (b, c, d);
242 e += t1;
243 a = t1 + t2;
244
245 i += 8;
246 #endif
247 }
248
249 hd->h0 += a;
250 hd->h1 += b;
251 hd->h2 += c;
252 hd->h3 += d;
253 hd->h4 += e;
254 hd->h5 += f;
255 hd->h6 += g;
256 hd->h7 += h;
257 }
258 #undef S0
259 #undef S1
260 #undef R
261
262
263 /* Update the message digest with the contents of INBUF with length
264 INLEN. */
265 static void
266 sha256_write (void *context, const void *inbuf_arg, size_t inlen)
267 {
268 const unsigned char *inbuf = inbuf_arg;
269 SHA256_CONTEXT *hd = context;
270
271 if (hd->count == 64)
272 { /* flush the buffer */
273 transform (hd, hd->buf);
274 _gcry_burn_stack (74*4+32);
275 hd->count = 0;
276 hd->nblocks++;
277 }
278 if (!inbuf)
279 return;
280 if (hd->count)
281 {
282 for (; inlen && hd->count < 64; inlen--)
283 hd->buf[hd->count++] = *inbuf++;
284 sha256_write (hd, NULL, 0);
285 if (!inlen)
286 return;
287 }
288
289 while (inlen >= 64)
290 {
291 transform (hd, inbuf);
292 hd->count = 0;
293 hd->nblocks++;
294 inlen -= 64;
295 inbuf += 64;
296 }
297 _gcry_burn_stack (74*4+32);
298 for (; inlen && hd->count < 64; inlen--)
299 hd->buf[hd->count++] = *inbuf++;
300 }
301
302
303 /*
304 The routine finally terminates the computation and returns the
305 digest. The handle is prepared for a new cycle, but adding bytes
306 to the handle will the destroy the returned buffer. Returns: 32
307 bytes with the message the digest. */
308 static void
309 sha256_final(void *context)
310 {
311 SHA256_CONTEXT *hd = context;
312 u32 t, msb, lsb;
313 byte *p;
314
315 sha256_write (hd, NULL, 0); /* flush */;
316
317 t = hd->nblocks;
318 /* multiply by 64 to make a byte count */
319 lsb = t << 6;
320 msb = t >> 26;
321 /* add the count */
322 t = lsb;
323 if ((lsb += hd->count) < t)
324 msb++;
325 /* multiply by 8 to make a bit count */
326 t = lsb;
327 lsb <<= 3;
328 msb <<= 3;
329 msb |= t >> 29;
330
331 if (hd->count < 56)
332 { /* enough room */
333 hd->buf[hd->count++] = 0x80; /* pad */
334 while (hd->count < 56)
335 hd->buf[hd->count++] = 0; /* pad */
336 }
337 else
338 { /* need one extra block */
339 hd->buf[hd->count++] = 0x80; /* pad character */
340 while (hd->count < 64)
341 hd->buf[hd->count++] = 0;
342 sha256_write (hd, NULL, 0); /* flush */;
343 memset (hd->buf, 0, 56 ); /* fill next block with zeroes */
344 }
345 /* append the 64 bit count */
346 hd->buf[56] = msb >> 24;
347 hd->buf[57] = msb >> 16;
348 hd->buf[58] = msb >> 8;
349 hd->buf[59] = msb;
350 hd->buf[60] = lsb >> 24;
351 hd->buf[61] = lsb >> 16;
352 hd->buf[62] = lsb >> 8;
353 hd->buf[63] = lsb;
354 transform (hd, hd->buf);
355 _gcry_burn_stack (74*4+32);
356
357 p = hd->buf;
358 #ifdef WORDS_BIGENDIAN
359 #define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0)
360 #else /* little endian */
361 #define X(a) do { *p++ = hd->h##a >> 24; *p++ = hd->h##a >> 16; \
362 *p++ = hd->h##a >> 8; *p++ = hd->h##a; } while(0)
363 #endif
364 X(0);
365 X(1);
366 X(2);
367 X(3);
368 X(4);
369 X(5);
370 X(6);
371 X(7);
372 #undef X
373 }
374
375 static byte *
376 sha256_read (void *context)
377 {
378 SHA256_CONTEXT *hd = context;
379
380 return hd->buf;
381 }
382
383
384 \f
385 /*
386 Self-test section.
387 */
388
389
390 static gpg_err_code_t
391 selftests_sha224 (int extended, selftest_report_func_t report)
392 {
393 const char *what;
394 const char *errtxt;
395
396 what = "short string";
397 errtxt = _gcry_hash_selftest_check_one
398 (GCRY_MD_SHA224, 0,
399 "abc", 3,
400 "\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2\x55\xb3"
401 "\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7", 28);
402 if (errtxt)
403 goto failed;
404
405 if (extended)
406 {
407 what = "long string";
408 errtxt = _gcry_hash_selftest_check_one
409 (GCRY_MD_SHA224, 0,
410 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56,
411 "\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01\x50"
412 "\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25", 28);
413 if (errtxt)
414 goto failed;
415
416 what = "one million \"a\"";
417 errtxt = _gcry_hash_selftest_check_one
418 (GCRY_MD_SHA224, 1,
419 NULL, 0,
420 "\x20\x79\x46\x55\x98\x0c\x91\xd8\xbb\xb4\xc1\xea\x97\x61\x8a\x4b"
421 "\xf0\x3f\x42\x58\x19\x48\xb2\xee\x4e\xe7\xad\x67", 28);
422 if (errtxt)
423 goto failed;
424 }
425
426 return 0; /* Succeeded. */
427
428 failed:
429 if (report)
430 report ("digest", GCRY_MD_SHA224, what, errtxt);
431 return GPG_ERR_SELFTEST_FAILED;
432 }
433
434 static gpg_err_code_t
435 selftests_sha256 (int extended, selftest_report_func_t report)
436 {
437 const char *what;
438 const char *errtxt;
439
440 what = "short string";
441 errtxt = _gcry_hash_selftest_check_one
442 (GCRY_MD_SHA256, 0,
443 "abc", 3,
444 "\xba\x78\x16\xbf\x8f\x01\xcf\xea\x41\x41\x40\xde\x5d\xae\x22\x23"
445 "\xb0\x03\x61\xa3\x96\x17\x7a\x9c\xb4\x10\xff\x61\xf2\x00\x15\xad", 32);
446 if (errtxt)
447 goto failed;
448
449 if (extended)
450 {
451 what = "long string";
452 errtxt = _gcry_hash_selftest_check_one
453 (GCRY_MD_SHA256, 0,
454 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56,
455 "\x24\x8d\x6a\x61\xd2\x06\x38\xb8\xe5\xc0\x26\x93\x0c\x3e\x60\x39"
456 "\xa3\x3c\xe4\x59\x64\xff\x21\x67\xf6\xec\xed\xd4\x19\xdb\x06\xc1",
457 32);
458 if (errtxt)
459 goto failed;
460
461 what = "one million \"a\"";
462 errtxt = _gcry_hash_selftest_check_one
463 (GCRY_MD_SHA256, 1,
464 NULL, 0,
465 "\xcd\xc7\x6e\x5c\x99\x14\xfb\x92\x81\xa1\xc7\xe2\x84\xd7\x3e\x67"
466 "\xf1\x80\x9a\x48\xa4\x97\x20\x0e\x04\x6d\x39\xcc\xc7\x11\x2c\xd0",
467 32);
468 if (errtxt)
469 goto failed;
470 }
471
472 return 0; /* Succeeded. */
473
474 failed:
475 if (report)
476 report ("digest", GCRY_MD_SHA256, what, errtxt);
477 return GPG_ERR_SELFTEST_FAILED;
478 }
479
480
481 /* Run a full self-test for ALGO and return 0 on success. */
482 static gpg_err_code_t
483 run_selftests (int algo, int extended, selftest_report_func_t report)
484 {
485 gpg_err_code_t ec;
486
487 switch (algo)
488 {
489 case GCRY_MD_SHA224:
490 ec = selftests_sha224 (extended, report);
491 break;
492 case GCRY_MD_SHA256:
493 ec = selftests_sha256 (extended, report);
494 break;
495 default:
496 ec = GPG_ERR_DIGEST_ALGO;
497 break;
498
499 }
500 return ec;
501 }
502
503
504
505 \f
506 static byte asn224[19] = /* Object ID is 2.16.840.1.101.3.4.2.4 */
507 { 0x30, 0x2D, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48,
508 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, 0x00, 0x04,
509 0x1C
510 };
511
512 static gcry_md_oid_spec_t oid_spec_sha224[] =
513 {
514 /* From RFC3874, Section 4 */
515 { "2.16.840.1.101.3.4.2.4" },
516 { NULL },
517 };
518
519 static byte asn256[19] = /* Object ID is 2.16.840.1.101.3.4.2.1 */
520 { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
521 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
522 0x00, 0x04, 0x20 };
523
524 static gcry_md_oid_spec_t oid_spec_sha256[] =
525 {
526 /* According to the OpenPGP draft rfc2440-bis06 */
527 { "2.16.840.1.101.3.4.2.1" },
528 /* PKCS#1 sha256WithRSAEncryption */
529 { "1.2.840.113549.1.1.11" },
530
531 { NULL },
532 };
533
534 gcry_md_spec_t _gcry_digest_spec_sha224 =
535 {
536 "SHA224", asn224, DIM (asn224), oid_spec_sha224, 28,
537 sha224_init, sha256_write, sha256_final, sha256_read,
538 sizeof (SHA256_CONTEXT)
539 };
540 md_extra_spec_t _gcry_digest_extraspec_sha224 =
541 {
542 run_selftests
543 };
544
545 gcry_md_spec_t _gcry_digest_spec_sha256 =
546 {
547 "SHA256", asn256, DIM (asn256), oid_spec_sha256, 32,
548 sha256_init, sha256_write, sha256_final, sha256_read,
549 sizeof (SHA256_CONTEXT)
550 };
551 md_extra_spec_t _gcry_digest_extraspec_sha256 =
552 {
553 run_selftests
554 };
The GNU GRand Unified Bootloader for Proxmox projects