Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
7
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Open sidebar
labs
BIRD Internet Routing Daemon
Commits
12d752ef
Commit
12d752ef
authored
Nov 23, 2015
by
Ondřej Zajíček
Browse files
Options
Browse Files
Download
Plain Diff
Merge commit 'origin/crypto-hash^'
parents
1e4891e4
f312a837
Changes
8
Hide whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
1678 additions
and
0 deletions
+1678
-0
lib/Modules
lib/Modules
+6
-0
lib/sha1.c
lib/sha1.c
+342
-0
lib/sha1.h
lib/sha1.h
+86
-0
lib/sha256.c
lib/sha256.c
+467
-0
lib/sha256.h
lib/sha256.h
+71
-0
lib/sha512.c
lib/sha512.c
+614
-0
lib/sha512.h
lib/sha512.h
+73
-0
lib/unaligned.h
lib/unaligned.h
+19
-0
No files found.
lib/Modules
View file @
12d752ef
sha256.c
sha256.h
sha512.c
sha512.h
sha1.c
sha1.h
birdlib.h
bitops.c
bitops.h
...
...
lib/sha1.c
0 → 100644
View file @
12d752ef
/*
* BIRD Library -- SHA-1 Hash Function (FIPS 180-1, RFC 3174) and HMAC-SHA-1
*
* (c) 2015 CZ.NIC z.s.p.o.
*
* Based on the code from libucw-6.4
* (c) 2008--2009 Martin Mares <mj@ucw.cz>
*
* Based on the code from libgcrypt-1.2.3, which is
* (c) 1998, 2001, 2002, 2003 Free Software Foundation, Inc.
*
* Can be freely distributed and used under the terms of the GNU GPL.
*/
#include "lib/sha1.h"
#include "lib/unaligned.h"
void
sha1_init
(
struct
sha1_context
*
hd
)
{
hd
->
h0
=
0x67452301
;
hd
->
h1
=
0xefcdab89
;
hd
->
h2
=
0x98badcfe
;
hd
->
h3
=
0x10325476
;
hd
->
h4
=
0xc3d2e1f0
;
hd
->
nblocks
=
0
;
hd
->
count
=
0
;
}
/*
* Transform the message X which consists of 16 32-bit-words
*/
static
void
sha1_transform
(
struct
sha1_context
*
hd
,
const
byte
*
data
)
{
u32
a
,
b
,
c
,
d
,
e
,
tm
;
u32
x
[
16
];
/* Get values from the chaining vars. */
a
=
hd
->
h0
;
b
=
hd
->
h1
;
c
=
hd
->
h2
;
d
=
hd
->
h3
;
e
=
hd
->
h4
;
#ifdef CPU_BIG_ENDIAN
memcpy
(
x
,
data
,
64
);
#else
int
i
;
for
(
i
=
0
;
i
<
16
;
i
++
)
x
[
i
]
=
get_u32
(
data
+
4
*
i
);
#endif
#define K1 0x5A827999L
#define K2 0x6ED9EBA1L
#define K3 0x8F1BBCDCL
#define K4 0xCA62C1D6L
#define F1(x,y,z) ( z ^ ( x & ( y ^ z ) ) )
#define F2(x,y,z) ( x ^ y ^ z )
#define F3(x,y,z) ( ( x & y ) | ( z & ( x | y ) ) )
#define F4(x,y,z) ( x ^ y ^ z )
#define M(i) (tm = x[i&0x0f] ^ x[(i-14)&0x0f] ^ x[(i-8)&0x0f] ^ x[(i-3)&0x0f], (x[i&0x0f] = ROL(tm, 1)))
/* Bitwise rotation of an unsigned int to the left **/
#define ROL(x, bits) (((x) << (bits)) | ((uint)(x) >> (sizeof(uint)*8 - (bits))))
#define R(a, b, c, d, e, f, k, m) \
do \
{ \
e += ROL(a, 5) + f(b, c, d) + k + m; \
b = ROL( b, 30 ); \
} while(0)
R
(
a
,
b
,
c
,
d
,
e
,
F1
,
K1
,
x
[
0
]
);
R
(
e
,
a
,
b
,
c
,
d
,
F1
,
K1
,
x
[
1
]
);
R
(
d
,
e
,
a
,
b
,
c
,
F1
,
K1
,
x
[
2
]
);
R
(
c
,
d
,
e
,
a
,
b
,
F1
,
K1
,
x
[
3
]
);
R
(
b
,
c
,
d
,
e
,
a
,
F1
,
K1
,
x
[
4
]
);
R
(
a
,
b
,
c
,
d
,
e
,
F1
,
K1
,
x
[
5
]
);
R
(
e
,
a
,
b
,
c
,
d
,
F1
,
K1
,
x
[
6
]
);
R
(
d
,
e
,
a
,
b
,
c
,
F1
,
K1
,
x
[
7
]
);
R
(
c
,
d
,
e
,
a
,
b
,
F1
,
K1
,
x
[
8
]
);
R
(
b
,
c
,
d
,
e
,
a
,
F1
,
K1
,
x
[
9
]
);
R
(
a
,
b
,
c
,
d
,
e
,
F1
,
K1
,
x
[
10
]
);
R
(
e
,
a
,
b
,
c
,
d
,
F1
,
K1
,
x
[
11
]
);
R
(
d
,
e
,
a
,
b
,
c
,
F1
,
K1
,
x
[
12
]
);
R
(
c
,
d
,
e
,
a
,
b
,
F1
,
K1
,
x
[
13
]
);
R
(
b
,
c
,
d
,
e
,
a
,
F1
,
K1
,
x
[
14
]
);
R
(
a
,
b
,
c
,
d
,
e
,
F1
,
K1
,
x
[
15
]
);
R
(
e
,
a
,
b
,
c
,
d
,
F1
,
K1
,
M
(
16
)
);
R
(
d
,
e
,
a
,
b
,
c
,
F1
,
K1
,
M
(
17
)
);
R
(
c
,
d
,
e
,
a
,
b
,
F1
,
K1
,
M
(
18
)
);
R
(
b
,
c
,
d
,
e
,
a
,
F1
,
K1
,
M
(
19
)
);
R
(
a
,
b
,
c
,
d
,
e
,
F2
,
K2
,
M
(
20
)
);
R
(
e
,
a
,
b
,
c
,
d
,
F2
,
K2
,
M
(
21
)
);
R
(
d
,
e
,
a
,
b
,
c
,
F2
,
K2
,
M
(
22
)
);
R
(
c
,
d
,
e
,
a
,
b
,
F2
,
K2
,
M
(
23
)
);
R
(
b
,
c
,
d
,
e
,
a
,
F2
,
K2
,
M
(
24
)
);
R
(
a
,
b
,
c
,
d
,
e
,
F2
,
K2
,
M
(
25
)
);
R
(
e
,
a
,
b
,
c
,
d
,
F2
,
K2
,
M
(
26
)
);
R
(
d
,
e
,
a
,
b
,
c
,
F2
,
K2
,
M
(
27
)
);
R
(
c
,
d
,
e
,
a
,
b
,
F2
,
K2
,
M
(
28
)
);
R
(
b
,
c
,
d
,
e
,
a
,
F2
,
K2
,
M
(
29
)
);
R
(
a
,
b
,
c
,
d
,
e
,
F2
,
K2
,
M
(
30
)
);
R
(
e
,
a
,
b
,
c
,
d
,
F2
,
K2
,
M
(
31
)
);
R
(
d
,
e
,
a
,
b
,
c
,
F2
,
K2
,
M
(
32
)
);
R
(
c
,
d
,
e
,
a
,
b
,
F2
,
K2
,
M
(
33
)
);
R
(
b
,
c
,
d
,
e
,
a
,
F2
,
K2
,
M
(
34
)
);
R
(
a
,
b
,
c
,
d
,
e
,
F2
,
K2
,
M
(
35
)
);
R
(
e
,
a
,
b
,
c
,
d
,
F2
,
K2
,
M
(
36
)
);
R
(
d
,
e
,
a
,
b
,
c
,
F2
,
K2
,
M
(
37
)
);
R
(
c
,
d
,
e
,
a
,
b
,
F2
,
K2
,
M
(
38
)
);
R
(
b
,
c
,
d
,
e
,
a
,
F2
,
K2
,
M
(
39
)
);
R
(
a
,
b
,
c
,
d
,
e
,
F3
,
K3
,
M
(
40
)
);
R
(
e
,
a
,
b
,
c
,
d
,
F3
,
K3
,
M
(
41
)
);
R
(
d
,
e
,
a
,
b
,
c
,
F3
,
K3
,
M
(
42
)
);
R
(
c
,
d
,
e
,
a
,
b
,
F3
,
K3
,
M
(
43
)
);
R
(
b
,
c
,
d
,
e
,
a
,
F3
,
K3
,
M
(
44
)
);
R
(
a
,
b
,
c
,
d
,
e
,
F3
,
K3
,
M
(
45
)
);
R
(
e
,
a
,
b
,
c
,
d
,
F3
,
K3
,
M
(
46
)
);
R
(
d
,
e
,
a
,
b
,
c
,
F3
,
K3
,
M
(
47
)
);
R
(
c
,
d
,
e
,
a
,
b
,
F3
,
K3
,
M
(
48
)
);
R
(
b
,
c
,
d
,
e
,
a
,
F3
,
K3
,
M
(
49
)
);
R
(
a
,
b
,
c
,
d
,
e
,
F3
,
K3
,
M
(
50
)
);
R
(
e
,
a
,
b
,
c
,
d
,
F3
,
K3
,
M
(
51
)
);
R
(
d
,
e
,
a
,
b
,
c
,
F3
,
K3
,
M
(
52
)
);
R
(
c
,
d
,
e
,
a
,
b
,
F3
,
K3
,
M
(
53
)
);
R
(
b
,
c
,
d
,
e
,
a
,
F3
,
K3
,
M
(
54
)
);
R
(
a
,
b
,
c
,
d
,
e
,
F3
,
K3
,
M
(
55
)
);
R
(
e
,
a
,
b
,
c
,
d
,
F3
,
K3
,
M
(
56
)
);
R
(
d
,
e
,
a
,
b
,
c
,
F3
,
K3
,
M
(
57
)
);
R
(
c
,
d
,
e
,
a
,
b
,
F3
,
K3
,
M
(
58
)
);
R
(
b
,
c
,
d
,
e
,
a
,
F3
,
K3
,
M
(
59
)
);
R
(
a
,
b
,
c
,
d
,
e
,
F4
,
K4
,
M
(
60
)
);
R
(
e
,
a
,
b
,
c
,
d
,
F4
,
K4
,
M
(
61
)
);
R
(
d
,
e
,
a
,
b
,
c
,
F4
,
K4
,
M
(
62
)
);
R
(
c
,
d
,
e
,
a
,
b
,
F4
,
K4
,
M
(
63
)
);
R
(
b
,
c
,
d
,
e
,
a
,
F4
,
K4
,
M
(
64
)
);
R
(
a
,
b
,
c
,
d
,
e
,
F4
,
K4
,
M
(
65
)
);
R
(
e
,
a
,
b
,
c
,
d
,
F4
,
K4
,
M
(
66
)
);
R
(
d
,
e
,
a
,
b
,
c
,
F4
,
K4
,
M
(
67
)
);
R
(
c
,
d
,
e
,
a
,
b
,
F4
,
K4
,
M
(
68
)
);
R
(
b
,
c
,
d
,
e
,
a
,
F4
,
K4
,
M
(
69
)
);
R
(
a
,
b
,
c
,
d
,
e
,
F4
,
K4
,
M
(
70
)
);
R
(
e
,
a
,
b
,
c
,
d
,
F4
,
K4
,
M
(
71
)
);
R
(
d
,
e
,
a
,
b
,
c
,
F4
,
K4
,
M
(
72
)
);
R
(
c
,
d
,
e
,
a
,
b
,
F4
,
K4
,
M
(
73
)
);
R
(
b
,
c
,
d
,
e
,
a
,
F4
,
K4
,
M
(
74
)
);
R
(
a
,
b
,
c
,
d
,
e
,
F4
,
K4
,
M
(
75
)
);
R
(
e
,
a
,
b
,
c
,
d
,
F4
,
K4
,
M
(
76
)
);
R
(
d
,
e
,
a
,
b
,
c
,
F4
,
K4
,
M
(
77
)
);
R
(
c
,
d
,
e
,
a
,
b
,
F4
,
K4
,
M
(
78
)
);
R
(
b
,
c
,
d
,
e
,
a
,
F4
,
K4
,
M
(
79
)
);
/* Update chaining vars. */
hd
->
h0
+=
a
;
hd
->
h1
+=
b
;
hd
->
h2
+=
c
;
hd
->
h3
+=
d
;
hd
->
h4
+=
e
;
}
/*
* Update the message digest with the contents
* of INBUF with length INLEN.
*/
void
sha1_update
(
struct
sha1_context
*
hd
,
const
byte
*
inbuf
,
uint
inlen
)
{
if
(
hd
->
count
==
64
)
/* flush the buffer */
{
sha1_transform
(
hd
,
hd
->
buf
);
hd
->
count
=
0
;
hd
->
nblocks
++
;
}
if
(
!
inbuf
)
return
;
if
(
hd
->
count
)
{
for
(;
inlen
&&
hd
->
count
<
64
;
inlen
--
)
hd
->
buf
[
hd
->
count
++
]
=
*
inbuf
++
;
sha1_update
(
hd
,
NULL
,
0
);
if
(
!
inlen
)
return
;
}
while
(
inlen
>=
64
)
{
sha1_transform
(
hd
,
inbuf
);
hd
->
count
=
0
;
hd
->
nblocks
++
;
inlen
-=
64
;
inbuf
+=
64
;
}
for
(;
inlen
&&
hd
->
count
<
64
;
inlen
--
)
hd
->
buf
[
hd
->
count
++
]
=
*
inbuf
++
;
}
/*
* The routine final terminates the computation and
* returns the digest.
* The handle is prepared for a new cycle, but adding bytes to the
* handle will the destroy the returned buffer.
* Returns: 20 bytes representing the digest.
*/
byte
*
sha1_final
(
struct
sha1_context
*
hd
)
{
u32
t
,
msb
,
lsb
;
u32
*
p
;
sha1_update
(
hd
,
NULL
,
0
);
/* flush */
;
t
=
hd
->
nblocks
;
/* multiply by 64 to make a byte count */
lsb
=
t
<<
6
;
msb
=
t
>>
26
;
/* add the count */
t
=
lsb
;
if
((
lsb
+=
hd
->
count
)
<
t
)
msb
++
;
/* multiply by 8 to make a bit count */
t
=
lsb
;
lsb
<<=
3
;
msb
<<=
3
;
msb
|=
t
>>
29
;
if
(
hd
->
count
<
56
)
/* enough room */
{
hd
->
buf
[
hd
->
count
++
]
=
0x80
;
/* pad */
while
(
hd
->
count
<
56
)
hd
->
buf
[
hd
->
count
++
]
=
0
;
/* pad */
}
else
/* need one extra block */
{
hd
->
buf
[
hd
->
count
++
]
=
0x80
;
/* pad character */
while
(
hd
->
count
<
64
)
hd
->
buf
[
hd
->
count
++
]
=
0
;
sha1_update
(
hd
,
NULL
,
0
);
/* flush */
;
memset
(
hd
->
buf
,
0
,
56
);
/* fill next block with zeroes */
}
/* append the 64 bit count */
hd
->
buf
[
56
]
=
msb
>>
24
;
hd
->
buf
[
57
]
=
msb
>>
16
;
hd
->
buf
[
58
]
=
msb
>>
8
;
hd
->
buf
[
59
]
=
msb
;
hd
->
buf
[
60
]
=
lsb
>>
24
;
hd
->
buf
[
61
]
=
lsb
>>
16
;
hd
->
buf
[
62
]
=
lsb
>>
8
;
hd
->
buf
[
63
]
=
lsb
;
sha1_transform
(
hd
,
hd
->
buf
);
p
=
(
u32
*
)
hd
->
buf
;
#define X(a) do { put_u32(p, hd->h##a); p++; } while(0)
X
(
0
);
X
(
1
);
X
(
2
);
X
(
3
);
X
(
4
);
#undef X
return
hd
->
buf
;
}
/*
* SHA1-HMAC
*/
/*
* Shortcut function which puts the hash value of the supplied buffer
* into outbuf which must have a size of 20 bytes.
*/
void
sha1_hash_buffer
(
byte
*
outbuf
,
const
byte
*
buffer
,
uint
length
)
{
struct
sha1_context
ctx
;
sha1_init
(
&
ctx
);
sha1_update
(
&
ctx
,
buffer
,
length
);
memcpy
(
outbuf
,
sha1_final
(
&
ctx
),
SHA1_SIZE
);
}
void
sha1_hmac_init
(
struct
sha1_hmac_context
*
ctx
,
const
byte
*
key
,
uint
keylen
)
{
byte
keybuf
[
SHA1_BLOCK_SIZE
],
buf
[
SHA1_BLOCK_SIZE
];
/* Hash the key if necessary */
if
(
keylen
<=
SHA1_BLOCK_SIZE
)
{
memcpy
(
keybuf
,
key
,
keylen
);
bzero
(
keybuf
+
keylen
,
SHA1_BLOCK_SIZE
-
keylen
);
}
else
{
sha1_hash_buffer
(
keybuf
,
key
,
keylen
);
bzero
(
keybuf
+
SHA1_SIZE
,
SHA1_BLOCK_SIZE
-
SHA1_SIZE
);
}
/* Initialize the inner digest */
sha1_init
(
&
ctx
->
ictx
);
int
i
;
for
(
i
=
0
;
i
<
SHA1_BLOCK_SIZE
;
i
++
)
buf
[
i
]
=
keybuf
[
i
]
^
0x36
;
sha1_update
(
&
ctx
->
ictx
,
buf
,
SHA1_BLOCK_SIZE
);
/* Initialize the outer digest */
sha1_init
(
&
ctx
->
octx
);
for
(
i
=
0
;
i
<
SHA1_BLOCK_SIZE
;
i
++
)
buf
[
i
]
=
keybuf
[
i
]
^
0x5c
;
sha1_update
(
&
ctx
->
octx
,
buf
,
SHA1_BLOCK_SIZE
);
}
void
sha1_hmac_update
(
struct
sha1_hmac_context
*
ctx
,
const
byte
*
data
,
uint
datalen
)
{
/* Just update the inner digest */
sha1_update
(
&
ctx
->
ictx
,
data
,
datalen
);
}
byte
*
sha1_hmac_final
(
struct
sha1_hmac_context
*
ctx
)
{
/* Finish the inner digest */
byte
*
isha
=
sha1_final
(
&
ctx
->
ictx
);
/* Finish the outer digest */
sha1_update
(
&
ctx
->
octx
,
isha
,
SHA1_SIZE
);
return
sha1_final
(
&
ctx
->
octx
);
}
void
sha1_hmac
(
byte
*
outbuf
,
const
byte
*
key
,
uint
keylen
,
const
byte
*
data
,
uint
datalen
)
{
struct
sha1_hmac_context
hd
;
sha1_hmac_init
(
&
hd
,
key
,
keylen
);
sha1_hmac_update
(
&
hd
,
data
,
datalen
);
byte
*
osha
=
sha1_hmac_final
(
&
hd
);
memcpy
(
outbuf
,
osha
,
SHA1_SIZE
);
}
lib/sha1.h
0 → 100644
View file @
12d752ef
/*
* BIRD Library -- SHA-1 Hash Function (FIPS 180-1, RFC 3174) and HMAC-SHA-1
*
* (c) 2015 CZ.NIC z.s.p.o.
*
* Based on the code from libucw-6.4
* (c) 2008--2009 Martin Mares <mj@ucw.cz>
*
* Based on the code from libgcrypt-1.2.3, which is
* (c) 1998, 2001, 2002, 2003 Free Software Foundation, Inc.
*
* Can be freely distributed and used under the terms of the GNU GPL.
*/
#ifndef _BIRD_SHA1_H_
#define _BIRD_SHA1_H_
#include "nest/bird.h"
/*
* Internal SHA1 state.
* You should use it just as an opaque handle only.
*/
struct
sha1_context
{
u32
h0
,
h1
,
h2
,
h3
,
h4
;
u32
nblocks
;
byte
buf
[
64
];
int
count
;
}
;
void
sha1_init
(
struct
sha1_context
*
hd
);
/* Initialize new algorithm run in the @hd context. **/
/*
* Push another @inlen bytes of data pointed to by @inbuf onto the
* SHA1 hash currently in @hd. You can call this any times you want on
* the same hash (and you do not need to reinitialize it by
* @sha1_init()). It has the same effect as concatenating all the data
* together and passing them at once.
*/
void
sha1_update
(
struct
sha1_context
*
hd
,
const
byte
*
inbuf
,
uint
inlen
);
/*
* No more @sha1_update() calls will be done. This terminates the hash
* and returns a pointer to it.
*
* Note that the pointer points into data in the @hd context. If it ceases
* to exist, the pointer becomes invalid.
*
* To convert the hash to its usual hexadecimal representation, see
* <<string:mem_to_hex()>>.
*/
byte
*
sha1_final
(
struct
sha1_context
*
hd
);
/*
* A convenience one-shot function for SHA1 hash.
* It is equivalent to this snippet of code:
*
* sha1_context hd;
* sha1_init(&hd);
* sha1_update(&hd, buffer, length);
* memcpy(outbuf, sha1_final(&hd), SHA1_SIZE);
*/
void
sha1_hash_buffer
(
byte
*
outbuf
,
const
byte
*
buffer
,
uint
length
);
/*
* SHA1 HMAC message authentication. If you provide @key and @data,
* the result will be stored in @outbuf.
*/
void
sha1_hmac
(
byte
*
outbuf
,
const
byte
*
key
,
uint
keylen
,
const
byte
*
data
,
uint
datalen
);
/*
* The HMAC also exists in a stream version in a way analogous to the
* plain SHA1. Pass this as a context.
*/
struct
sha1_hmac_context
{
struct
sha1_context
ictx
;
struct
sha1_context
octx
;
};
void
sha1_hmac_init
(
struct
sha1_hmac_context
*
hd
,
const
byte
*
key
,
uint
keylen
);
/* Initialize HMAC with context @hd and the given key. See sha1_init(). */
void
sha1_hmac_update
(
struct
sha1_hmac_context
*
hd
,
const
byte
*
data
,
uint
datalen
);
/* Hash another @datalen bytes of data. See sha1_update(). */
byte
*
sha1_hmac_final
(
struct
sha1_hmac_context
*
hd
);
/* Terminate the HMAC and return a pointer to the allocated hash. See sha1_final(). */
#define SHA1_SIZE 20
/* Size of the SHA1 hash in its binary representation **/
#define SHA1_HEX_SIZE 41
/* Buffer length for a string containing SHA1 in hexadecimal format. **/
#define SHA1_BLOCK_SIZE 64
/* SHA1 splits input to blocks of this size. **/
#endif
/* _BIRD_SHA1_H_ */
lib/sha256.c
0 → 100644
View file @
12d752ef
/*
* BIRD Library -- SHA-256 and SHA-224 Hash Functions,
* HMAC-SHA-256 and HMAC-SHA-224 Functions
*
* (c) 2015 CZ.NIC z.s.p.o.
*
* Based on the code from libgcrypt-1.6.0, which is
* (c) 2003, 2006, 2008, 2009 Free Software Foundation, Inc.
*
* Can be freely distributed and used under the terms of the GNU GPL.
*/
#include "lib/sha256.h"
#include "lib/unaligned.h"
static
uint
sha256_transform
(
void
*
ctx
,
const
byte
*
data
,
size_t
nblks
);
void
sha256_init
(
struct
sha256_context
*
ctx
)
{
ctx
->
h0
=
0x6a09e667
;
ctx
->
h1
=
0xbb67ae85
;
ctx
->
h2
=
0x3c6ef372
;
ctx
->
h3
=
0xa54ff53a
;
ctx
->
h4
=
0x510e527f
;
ctx
->
h5
=
0x9b05688c
;
ctx
->
h6
=
0x1f83d9ab
;
ctx
->
h7
=
0x5be0cd19
;
ctx
->
nblocks
=
0
;
ctx
->
nblocks_high
=
0
;
ctx
->
count
=
0
;
ctx
->
blocksize
=
64
;
ctx
->
transform
=
sha256_transform
;
}
void
sha224_init
(
struct
sha224_context
*
ctx
)
{
ctx
->
h0
=
0xc1059ed8
;
ctx
->
h1
=
0x367cd507
;
ctx
->
h2
=
0x3070dd17
;
ctx
->
h3
=
0xf70e5939
;
ctx
->
h4
=
0xffc00b31
;
ctx
->
h5
=
0x68581511
;
ctx
->
h6
=
0x64f98fa7
;
ctx
->
h7
=
0xbefa4fa4
;
ctx
->
nblocks
=
0
;
ctx
->
nblocks_high
=
0
;
ctx
->
count
=
0
;
ctx
->
blocksize
=
64
;
ctx
->
transform
=
sha256_transform
;
}
/* (4.2) same as SHA-1's F1. */
static
inline
u32
f1
(
u32
x
,
u32
y
,
u32
z
)
{
return
(
z
^
(
x
&
(
y
^
z
)));
}
/* (4.3) same as SHA-1's F3 */
static
inline
u32
f3
(
u32
x
,
u32
y
,
u32
z
)
{
return
((
x
&
y
)
|
(
z
&
(
x
|
y
)));
}
/* Bitwise rotation of an uint to the right */
static
inline
u32
ror
(
u32
x
,
int
n
)
{
return
(
(
x
>>
(
n
&
(
32
-
1
)))
|
(
x
<<
((
32
-
n
)
&
(
32
-
1
)))
);
}
/* (4.4) */
static
inline
u32
sum0
(
u32
x
)
{
return
(
ror
(
x
,
2
)
^
ror
(
x
,
13
)
^
ror
(
x
,
22
));
}
/* (4.5) */
static
inline
u32
sum1
(
u32
x
)
{
return
(
ror
(
x
,
6
)
^
ror
(
x
,
11
)
^
ror
(
x
,
25
));
}
/*
Transform the message X which consists of 16 32-bit-words. See FIPS
180-2 for details. */
#define S0(x) (ror((x), 7) ^ ror((x), 18) ^ ((x) >> 3))
/* (4.6) */
#define S1(x) (ror((x), 17) ^ ror((x), 19) ^ ((x) >> 10))
/* (4.7) */
#define R(a,b,c,d,e,f,g,h,k,w) \
do \
{ \
t1 = (h) + sum1((e)) + f1((e),(f),(g)) + (k) + (w); \
t2 = sum0((a)) + f3((a),(b),(c)); \
h = g; \
g = f; \
f = e; \
e = d + t1; \
d = c; \
c = b; \
b = a; \
a = t1 + t2; \
} while (0)
/*
The SHA-256 core: Transform the message X which consists of 16
32-bit-words. See FIPS 180-2 for details.
*/
static
uint
sha256_transform_block
(
struct
sha256_context
*
ctx
,
const
byte
*
data
)
{
static
const
u32
K
[
64
]
=
{
0x428a2f98
,
0x71374491
,
0xb5c0fbcf
,
0xe9b5dba5
,
0x3956c25b
,
0x59f111f1
,
0x923f82a4
,
0xab1c5ed5
,
0xd807aa98
,
0x12835b01
,
0x243185be
,
0x550c7dc3
,
0x72be5d74
,
0x80deb1fe
,
0x9bdc06a7
,
0xc19bf174
,
0xe49b69c1
,
0xefbe4786
,
0x0fc19dc6
,
0x240ca1cc
,
0x2de92c6f
,
0x4a7484aa
,
0x5cb0a9dc
,
0x76f988da
,
0x983e5152
,
0xa831c66d
,
0xb00327c8
,
0xbf597fc7
,
0xc6e00bf3
,
0xd5a79147
,
0x06ca6351
,
0x14292967
,
0x27b70a85
,
0x2e1b2138
,
0x4d2c6dfc
,
0x53380d13
,
0x650a7354
,
0x766a0abb
,
0x81c2c92e
,
0x92722c85
,
0xa2bfe8a1
,
0xa81a664b
,
0xc24b8b70
,
0xc76c51a3
,
0xd192e819
,
0xd6990624
,
0xf40e3585
,
0x106aa070
,
0x19a4c116
,
0x1e376c08
,
0x2748774c
,
0x34b0bcb5
,
0x391c0cb3
,
0x4ed8aa4a
,
0x5b9cca4f
,
0x682e6ff3
,
0x748f82ee
,
0x78a5636f
,
0x84c87814
,
0x8cc70208
,
0x90befffa
,
0xa4506ceb
,
0xbef9a3f7
,
0xc67178f2
};
u32
a
,
b
,
c
,
d
,
e
,
f
,
g
,
h
,
t1
,
t2
;
u32
w
[
64
];
int
i
;
a
=
ctx
->
h0
;
b
=
ctx
->
h1
;
c
=
ctx
->
h2
;
d
=
ctx
->
h3
;
e
=
ctx
->
h4
;
f
=
ctx
->
h5
;
g
=
ctx
->
h6
;
h
=
ctx
->
h7
;
for
(
i
=
0
;
i
<
16
;
i
++
)
w
[
i
]
=
get_u32
(
data
+
i
*
4
);
for
(;
i
<
64
;
i
++
)
w
[
i
]
=
S1
(
w
[
i
-
2
])
+
w
[
i
-
7
]
+
S0
(
w
[
i
-
15
])
+
w
[
i
-
16
];
for
(
i
=
0
;
i
<
64
;)
{
t1
=
h
+
sum1
(
e
)
+
f1
(
e
,
f
,
g
)
+
K
[
i
]
+
w
[
i
];
t2
=
sum0
(
a
)
+
f3
(
a
,
b
,
c
);
d
+=
t1
;
h
=
t1
+
t2
;
t1
=
g
+
sum1
(
d
)
+
f1
(
d
,
e
,
f
)
+
K
[
i
+
1
]
+
w
[
i
+
1
];
t2
=
sum0
(
h
)
+
f3
(
h
,
a
,
b
);
c
+=
t1
;
g
=
t1
+
t2
;
t1
=
f
+
sum1
(
c
)
+
f1
(
c
,
d
,
e
)
+
K
[
i
+
2
]
+
w
[
i
+
2
];
t2
=
sum0
(
g
)
+
f3
(
g
,
h
,
a
);
b
+=
t1
;
f
=
t1
+
t2
;
t1
=
e
+
sum1
(
b
)
+
f1
(
b
,
c
,
d
)
+
K
[
i
+
3
]
+
w
[
i
+
3
];
t2
=
sum0
(
f
)
+
f3
(
f
,
g
,
h
);