| blob | c518517077ca869334c00aa5f2c1f3783ec776d8 |
1 /* sha256.c - Functions to compute SHA256 and SHA224 message digest of files or
2 memory blocks according to the NIST specification FIPS-180-2.
4 Copyright (C) 2005-2006, 2008-2018 Free Software Foundation, Inc.
6 This program is free software: you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation, either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <https://www.gnu.org/licenses/>. */
19 /* Written by David Madore, considerably copypasting from
20 Scott G. Miller's sha1.c
21 */
23 #include <config.h>
25 #if HAVE_OPENSSL_SHA256
26 # define GL_OPENSSL_INLINE _GL_EXTERN_INLINE
27 #endif
30 #include <stdalign.h>
31 #include <stdint.h>
32 #include <stdlib.h>
33 #include <string.h>
35 #if USE_UNLOCKED_IO
37 #endif
39 #include <byteswap.h>
40 #ifdef WORDS_BIGENDIAN
41 # define SWAP(n) (n)
42 #else
43 # define SWAP(n) bswap_32 (n)
44 #endif
46 #define BLOCKSIZE 32768
47 #if BLOCKSIZE % 64 != 0
49 #endif
51 #if ! HAVE_OPENSSL_SHA256
52 /* This array contains the bytes used to pad the buffer to the next
53 64-byte boundary. */
57 /*
58 Takes a pointer to a 256 bit block of data (eight 32 bit ints) and
59 initializes it to the start constants of the SHA256 algorithm. This
60 must be called before using hash in the call to sha256_hash
61 */
62 void
64 {
76 }
78 void
80 {
92 }
94 /* Copy the value from v into the memory location pointed to by *CP,
95 If your architecture allows unaligned access, this is equivalent to
96 * (__typeof__ (v) *) cp = v */
97 static void
99 {
101 }
103 /* Put result from CTX in first 32 bytes following RESBUF.
104 The result must be in little endian byte order. */
107 {
115 }
119 {
127 }
129 /* Process the remaining bytes in the internal buffer and the usual
130 prolog according to the standard and write the result to RESBUF. */
131 static void
133 {
134 /* Take yet unprocessed bytes into account. */
138 /* Now count remaining bytes. */
143 /* Put the 64-bit file length in *bits* at the end of the buffer.
144 Use set_uint32 rather than a simple assignment, to avoid risk of
145 unaligned access. */
153 /* Process last bytes. */
155 }
159 {
162 }
166 {
169 }
170 #endif
172 #ifdef GL_COMPILE_CRYPTO_STREAM
176 /* Compute message digest for bytes read from STREAM using algorithm ALG.
177 Write the message digest into RESBLOCK, which contains HASHLEN bytes.
178 The initial and finishing operations are INIT_CTX and FINISH_CTX.
179 Return zero if and only if successful. */
180 static int
184 {
186 {
189 }
199 /* Iterate over full file contents. */
201 {
202 /* We read the file in blocks of BLOCKSIZE bytes. One call of the
203 computation function processes the whole buffer so that with the
204 next round of the loop another block can be read. */
208 /* Read block. Take care for partial reads. */
210 {
211 /* Either process a partial fread() from this loop,
212 or the fread() in afalg_stream may have gotten EOF.
213 We need to avoid a subsequent fread() as EOF may
214 not be sticky. For details of such systems, see:
215 https://sourceware.org/bugzilla/show_bug.cgi?id=1190 */
227 {
228 /* Check for the error flag IFF N == 0, so that we don't
229 exit the loop after a partial read due to e.g., EAGAIN
230 or EWOULDBLOCK. */
232 {
235 }
237 }
238 }
240 /* Process buffer with BLOCKSIZE bytes. Note that
241 BLOCKSIZE % 64 == 0
242 */
244 }
246 process_partial_block:;
248 /* Process any remaining bytes. */
252 /* Construct result in desired memory. */
256 }
258 int
260 {
263 }
265 int
267 {
270 }
271 #endif
273 #if ! HAVE_OPENSSL_SHA256
274 /* Compute SHA256 message digest for LEN bytes beginning at BUFFER. The
275 result is always in little endian byte order, so that a byte-wise
276 output yields to the wanted ASCII representation of the message
277 digest. */
280 {
283 /* Initialize the computation context. */
286 /* Process whole buffer but last len % 64 bytes. */
289 /* Put result in desired memory area. */
291 }
295 {
298 /* Initialize the computation context. */
301 /* Process whole buffer but last len % 64 bytes. */
304 /* Put result in desired memory area. */
306 }
308 void
310 {
311 /* When we already have some bits in our internal buffer concatenate
312 both inputs first. */
314 {
322 {
326 /* The regions in the following copy operation cannot overlap,
327 because ctx->buflen < 64 ≤ (left_over + add) & ~63. */
331 }
335 }
337 /* Process available complete blocks. */
339 {
340 #if !(_STRING_ARCH_unaligned || _STRING_INLINE_unaligned)
341 # define UNALIGNED_P(p) ((uintptr_t) (p) % alignof (uint32_t) != 0)
344 {
348 }
349 else
350 #endif
351 {
355 }
356 }
358 /* Move remaining bytes in internal buffer. */
360 {
366 {
369 /* The regions in the following copy operation cannot overlap,
370 because left_over ≤ 64. */
372 }
374 }
375 }
377 /* --- Code below is the primary difference between sha1.c and sha256.c --- */
379 /* SHA256 round constants */
380 #define K(I) sha256_round_constants[I]
398 };
400 /* Round functions. */
401 #define F2(A,B,C) ( ( A & B ) | ( C & ( A | B ) ) )
402 #define F1(E,F,G) ( G ^ ( E & ( F ^ G ) ) )
404 /* Process LEN bytes of BUFFER, accumulating context into CTX.
405 It is assumed that LEN % 64 == 0.
406 Most of this code comes from GnuPG's cipher/sha1.c. */
408 void
410 {
425 /* First increment the byte count. FIPS PUB 180-2 specifies the possible
426 length of the file up to 2^64 bits. Here we only compute the
427 number of bytes. Do a double word increment. */
431 #define rol(x, n) (((x) << (n)) | ((x) >> (32 - (n))))
432 #define S0(x) (rol(x,25)^rol(x,14)^(x>>3))
433 #define S1(x) (rol(x,15)^rol(x,13)^(x>>10))
434 #define SS0(x) (rol(x,30)^rol(x,19)^rol(x,10))
435 #define SS1(x) (rol(x,26)^rol(x,21)^rol(x,7))
437 #define M(I) ( tm = S1(x[(I-2)&0x0f]) + x[(I-7)&0x0f] \
438 + S0(x[(I-15)&0x0f]) + x[I&0x0f] \
439 , x[I&0x0f] = tm )
441 #define R(A,B,C,D,E,F,G,H,K,M) do { t0 = SS0(A) + F2(A,B,C); \
442 t1 = H + SS1(E) \
443 + F1(E,F,G) \
444 + K \
445 + M; \
446 D += t1; H = t0 + t1; \
447 } while(0)
450 {
454 /* FIXME: see sha1.c for a better implementation. */
456 {
458 words++;
459 }
534 }
535 }
536 #endif
538 /*
539 * Hey Emacs!
540 * Local Variables:
541 * coding: utf-8
542 * End:
543 */