search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
- fix Building without Nagra not possible at Nagra_Merlin https://trac.streamboard...
[oscam.git] / cscrypt / sha256.c
blob68ba3b581112c6dc2f0842f870090fa24a17124a
1 /*
2 * FIPS-180-2 compliant SHA-256 implementation
3 *
4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 *
19 * This file is part of mbed TLS (https://tls.mbed.org)
20 */
21 /*
22 * The SHA-256 Secure Hash Standard was published by NIST in 2002.
23 *
24 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
25 */
26
27 #include "sha256.h"
28 #include <string.h>
29
30 /* Implementation that should never be optimized out by the compiler */
31 static void mbedtls_zeroize( void *v, size_t n )
32 {
33 volatile unsigned char *p = v;
34 while( n-- ) *p++ = 0;
35 }
36
37 /*
38 * 32-bit integer manipulation macros (big endian)
39 */
40 #ifndef GET_UINT32_BE
41 #define GET_UINT32_BE(n,b,i) \
42 do { \
43 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
44 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
45 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
46 | ( (uint32_t) (b)[(i) + 3] ); \
47 } while( 0 )
48 #endif
49
50 #ifndef PUT_UINT32_BE
51 #define PUT_UINT32_BE(n,b,i) \
52 do { \
53 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
54 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
55 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
56 (b)[(i) + 3] = (unsigned char) ( (n) ); \
57 } while( 0 )
58 #endif
59
60 void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
61 {
62 memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
63 }
64
65 void mbedtls_sha256_free( mbedtls_sha256_context *ctx )
66 {
67 if( ctx == NULL )
68 return;
69
70 mbedtls_zeroize( ctx, sizeof( mbedtls_sha256_context ) );
71 }
72
73 void mbedtls_sha256_clone( mbedtls_sha256_context *dst, const mbedtls_sha256_context *src )
74 {
75 *dst = *src;
76 }
77
78 /*
79 * SHA-256 context setup
80 */
81 void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 )
82 {
83 ctx->total[0] = 0;
84 ctx->total[1] = 0;
85
86 if( is224 == 0 )
87 {
88 /* SHA-256 */
89 ctx->state[0] = 0x6A09E667;
90 ctx->state[1] = 0xBB67AE85;
91 ctx->state[2] = 0x3C6EF372;
92 ctx->state[3] = 0xA54FF53A;
93 ctx->state[4] = 0x510E527F;
94 ctx->state[5] = 0x9B05688C;
95 ctx->state[6] = 0x1F83D9AB;
96 ctx->state[7] = 0x5BE0CD19;
97 }
98 else
99 {
100 /* SHA-224 */
101 ctx->state[0] = 0xC1059ED8;
102 ctx->state[1] = 0x367CD507;
103 ctx->state[2] = 0x3070DD17;
104 ctx->state[3] = 0xF70E5939;
105 ctx->state[4] = 0xFFC00B31;
106 ctx->state[5] = 0x68581511;
107 ctx->state[6] = 0x64F98FA7;
108 ctx->state[7] = 0xBEFA4FA4;
109 }
110
111 ctx->is224 = is224;
112 }
113
114 #if !defined(MBEDTLS_SHA256_PROCESS_ALT)
115 static const uint32_t K[] =
116 {
117 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5,
118 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
119 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3,
120 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,
121 0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC,
122 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
123 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7,
124 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,
125 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13,
126 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,
127 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3,
128 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
129 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5,
130 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,
131 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208,
132 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2,
133 };
134
135 #define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
136 #define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
137
138 #define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
139 #define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
140
141 #define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
142 #define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
143
144 #define F0(x,y,z) ((x & y) | (z & (x | y)))
145 #define F1(x,y,z) (z ^ (x & (y ^ z)))
146
147 #define R(t) \
148 ( \
149 W[t] = S1(W[t - 2]) + W[t - 7] + \
150 S0(W[t - 15]) + W[t - 16] \
151 )
152
153 #define P(a,b,c,d,e,f,g,h,x,K) \
154 { \
155 temp1 = h + S3(e) + F1(e,f,g) + K + x; \
156 temp2 = S2(a) + F0(a,b,c); \
157 d += temp1; h = temp1 + temp2; \
158 }
159
160 void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] )
161 {
162 uint32_t temp1, temp2, W[64];
163 uint32_t A[8];
164 unsigned int i;
165
166 for( i = 0; i < 8; i++ )
167 A[i] = ctx->state[i];
168
169 #if defined(MBEDTLS_SHA256_SMALLER)
170 for( i = 0; i < 64; i++ )
171 {
172 if( i < 16 )
173 GET_UINT32_BE( W[i], data, 4 * i );
174 else
175 R( i );
176
177 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i], K[i] );
178
179 temp1 = A[7];
180 A[7] = A[6];
181 A[6] = A[5];
182 A[5] = A[4];
183 A[4] = A[3];
184 A[3] = A[2];
185 A[2] = A[1];
186 A[1] = A[0];
187 A[0] = temp1;
188 }
189 #else /* MBEDTLS_SHA256_SMALLER */
190 for( i = 0; i < 16; i++ )
191 GET_UINT32_BE( W[i], data, 4 * i );
192
193 for( i = 0; i < 16; i += 8 )
194 {
195 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i+0], K[i+0] );
196 P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], W[i+1], K[i+1] );
197 P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], W[i+2], K[i+2] );
198 P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], W[i+3], K[i+3] );
199 P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], W[i+4], K[i+4] );
200 P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], W[i+5], K[i+5] );
201 P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], W[i+6], K[i+6] );
202 P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], W[i+7], K[i+7] );
203 }
204
205 for( i = 16; i < 64; i += 8 )
206 {
207 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], R(i+0), K[i+0] );
208 P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], R(i+1), K[i+1] );
209 P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], R(i+2), K[i+2] );
210 P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], R(i+3), K[i+3] );
211 P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], R(i+4), K[i+4] );
212 P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], R(i+5), K[i+5] );
213 P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], R(i+6), K[i+6] );
214 P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], R(i+7), K[i+7] );
215 }
216 #endif /* MBEDTLS_SHA256_SMALLER */
217
218 for( i = 0; i < 8; i++ )
219 ctx->state[i] += A[i];
220 }
221 #endif /* !MBEDTLS_SHA256_PROCESS_ALT */
222
223 /*
224 * SHA-256 process buffer
225 */
226 void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input, size_t ilen )
227 {
228 size_t fill;
229 uint32_t left;
230
231 if( ilen == 0 )
232 return;
233
234 left = ctx->total[0] & 0x3F;
235 fill = 64 - left;
236
237 ctx->total[0] += (uint32_t) ilen;
238 ctx->total[0] &= 0xFFFFFFFF;
239
240 if( ctx->total[0] < (uint32_t) ilen )
241 ctx->total[1]++;
242
243 if( left && ilen >= fill )
244 {
245 memcpy( (void *) (ctx->buffer + left), input, fill );
246 mbedtls_sha256_process( ctx, ctx->buffer );
247 input += fill;
248 ilen -= fill;
249 left = 0;
250 }
251
252 while( ilen >= 64 )
253 {
254 mbedtls_sha256_process( ctx, input );
255 input += 64;
256 ilen -= 64;
257 }
258
259 if( ilen > 0 )
260 memcpy( (void *) (ctx->buffer + left), input, ilen );
261 }
262
263 static const unsigned char sha256_padding[64] =
264 {
265 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
266 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
267 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
268 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
269 };
270
271 /*
272 * SHA-256 final digest
273 */
274 void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] )
275 {
276 uint32_t last, padn;
277 uint32_t high, low;
278 unsigned char msglen[8];
279
280 high = ( ctx->total[0] >> 29 )
281 | ( ctx->total[1] << 3 );
282 low = ( ctx->total[0] << 3 );
283
284 PUT_UINT32_BE( high, msglen, 0 );
285 PUT_UINT32_BE( low, msglen, 4 );
286
287 last = ctx->total[0] & 0x3F;
288 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
289
290 mbedtls_sha256_update( ctx, sha256_padding, padn );
291 mbedtls_sha256_update( ctx, msglen, 8 );
292
293 PUT_UINT32_BE( ctx->state[0], output, 0 );
294 PUT_UINT32_BE( ctx->state[1], output, 4 );
295 PUT_UINT32_BE( ctx->state[2], output, 8 );
296 PUT_UINT32_BE( ctx->state[3], output, 12 );
297 PUT_UINT32_BE( ctx->state[4], output, 16 );
298 PUT_UINT32_BE( ctx->state[5], output, 20 );
299 PUT_UINT32_BE( ctx->state[6], output, 24 );
300
301 if( ctx->is224 == 0 )
302 PUT_UINT32_BE( ctx->state[7], output, 28 );
303 }
304
305 /*
306 * output = SHA-256( input buffer )
307 */
308 void mbedtls_sha256( const unsigned char *input, size_t ilen, unsigned char output[32], int is224 )
309 {
310 mbedtls_sha256_context ctx;
311
312 mbedtls_sha256_init( &ctx );
313 mbedtls_sha256_starts( &ctx, is224 );
314 mbedtls_sha256_update( &ctx, input, ilen );
315 mbedtls_sha256_finish( &ctx, output );
316 mbedtls_sha256_free( &ctx );
317 }
Open Source Conditional Access Modul