dlls/bcrypt/sha256.c

   1 /*
   2  * Copyright 2016 Michael Müller
   3  *
   4  * This library is free software; you can redistribute it and/or
   5  * modify it under the terms of the GNU Lesser General Public
   6  * License as published by the Free Software Foundation; either
   7  * version 2.1 of the License, or (at your option) any later version.
   8  *
   9  * This library is distributed in the hope that it will be useful,
  10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  12  * Lesser General Public License for more details.
  13  *
  14  * You should have received a copy of the GNU Lesser General Public
  15  * License along with this library; if not, write to the Free Software
  16  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
  17  *
  18  */
  19
  20 /* Based on public domain implementation from
  21    https://git.musl-libc.org/cgit/musl/tree/src/crypt/crypt_sha256.c */
  22
  23 #include "bcrypt_internal.h"
  24
  25 static DWORD ror(DWORD n, int k) { return (n >> k) | (n << (32-k)); }
  26 #define Ch(x,y,z)  (z ^ (x & (y ^ z)))
  27 #define Maj(x,y,z) ((x & y) | (z & (x | y)))
  28 #define S0(x)      (ror(x,2) ^ ror(x,13) ^ ror(x,22))
  29 #define S1(x)      (ror(x,6) ^ ror(x,11) ^ ror(x,25))
  30 #define R0(x)      (ror(x,7) ^ ror(x,18) ^ (x>>3))
  31 #define R1(x)      (ror(x,17) ^ ror(x,19) ^ (x>>10))
  32
  33 static const DWORD K[64] =
  34 {
  35   0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
  36   0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
  37   0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
  38   0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
  39   0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
  40   0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
  41   0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
  42   0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
  43 };
  44
  45 static void processblock(SHA256_CTX *ctx, const UCHAR *buffer)
  46 {
  47     DWORD W[64], t1, t2, a, b, c, d, e, f, g, h;
  48     int i;
  49
  50     for (i = 0; i < 16; i++)
  51     {
  52         W[i]  = (DWORD)buffer[4*i]<<24;
  53         W[i] |= (DWORD)buffer[4*i+1]<<16;
  54         W[i] |= (DWORD)buffer[4*i+2]<<8;
  55         W[i] |= buffer[4*i+3];
  56     }
  57
  58     for (; i < 64; i++)
  59         W[i] = R1(W[i-2]) + W[i-7] + R0(W[i-15]) + W[i-16];
  60
  61     a = ctx->h[0];
  62     b = ctx->h[1];
  63     c = ctx->h[2];
  64     d = ctx->h[3];
  65     e = ctx->h[4];
  66     f = ctx->h[5];
  67     g = ctx->h[6];
  68     h = ctx->h[7];
  69
  70     for (i = 0; i < 64; i++)
  71     {
  72         t1 = h + S1(e) + Ch(e,f,g) + K[i] + W[i];
  73         t2 = S0(a) + Maj(a,b,c);
  74         h = g;
  75         g = f;
  76         f = e;
  77         e = d + t1;
  78         d = c;
  79         c = b;
  80         b = a;
  81         a = t1 + t2;
  82     }
  83
  84     ctx->h[0] += a;
  85     ctx->h[1] += b;
  86     ctx->h[2] += c;
  87     ctx->h[3] += d;
  88     ctx->h[4] += e;
  89     ctx->h[5] += f;
  90     ctx->h[6] += g;
  91     ctx->h[7] += h;
  92 }
  93
  94 static void pad(SHA256_CTX *ctx)
  95 {
  96     ULONG64 r = ctx->len % 64;
  97
  98     ctx->buf[r++] = 0x80;
  99
 100     if (r > 56)
 101     {
 102         memset(ctx->buf + r, 0, 64 - r);
 103         r = 0;
 104         processblock(ctx, ctx->buf);
 105     }
 106
 107     memset(ctx->buf + r, 0, 56 - r);
 108     ctx->len *= 8;
 109     ctx->buf[56] = ctx->len >> 56;
 110     ctx->buf[57] = ctx->len >> 48;
 111     ctx->buf[58] = ctx->len >> 40;
 112     ctx->buf[59] = ctx->len >> 32;
 113     ctx->buf[60] = ctx->len >> 24;
 114     ctx->buf[61] = ctx->len >> 16;
 115     ctx->buf[62] = ctx->len >> 8;
 116     ctx->buf[63] = ctx->len;
 117
 118     processblock(ctx, ctx->buf);
 119 }
 120
 121 void sha256_init(SHA256_CTX *ctx)
 122 {
 123     ctx->len = 0;
 124     ctx->h[0] = 0x6a09e667;
 125     ctx->h[1] = 0xbb67ae85;
 126     ctx->h[2] = 0x3c6ef372;
 127     ctx->h[3] = 0xa54ff53a;
 128     ctx->h[4] = 0x510e527f;
 129     ctx->h[5] = 0x9b05688c;
 130     ctx->h[6] = 0x1f83d9ab;
 131     ctx->h[7] = 0x5be0cd19;
 132 }
 133
 134 void sha256_update(SHA256_CTX *ctx, const UCHAR *buffer, ULONG len)
 135 {
 136     const UCHAR *p = buffer;
 137     ULONG64 r = ctx->len % 64;
 138
 139     ctx->len += len;
 140     if (r)
 141     {
 142         if (len < 64 - r)
 143         {
 144             memcpy(ctx->buf + r, p, len);
 145             return;
 146         }
 147         memcpy(ctx->buf + r, p, 64 - r);
 148         len -= 64 - r;
 149         p += 64 - r;
 150         processblock(ctx, ctx->buf);
 151     }
 152     for (; len >= 64; len -= 64, p += 64)
 153         processblock(ctx, p);
 154     memcpy(ctx->buf, p, len);
 155 }
 156
 157 void sha256_finalize(SHA256_CTX *ctx, UCHAR *buffer)
 158 {
 159     int i;
 160
 161     pad(ctx);
 162     for (i = 0; i < 8; i++)
 163     {
 164         buffer[4*i]   = ctx->h[i] >> 24;
 165         buffer[4*i+1] = ctx->h[i] >> 16;
 166         buffer[4*i+2] = ctx->h[i] >> 8;
 167         buffer[4*i+3] = ctx->h[i];
 168     }
 169 }