2
* Copyright (c) 2001-2003 Allan Saddi <allan@saddi.com>
5
* Redistribution and use in source and binary forms, with or without
6
* modification, are permitted provided that the following conditions
8
* 1. Redistributions of source code must retain the above copyright
9
* notice, this list of conditions and the following disclaimer.
10
* 2. Redistributions in binary form must reproduce the above copyright
11
* notice, this list of conditions and the following disclaimer in the
12
* documentation and/or other materials provided with the distribution.
14
* THIS SOFTWARE IS PROVIDED BY ALLAN SADDI AND HIS CONTRIBUTORS ``AS IS''
15
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17
* ARE DISCLAIMED. IN NO EVENT SHALL ALLAN SADDI OR HIS CONTRIBUTORS BE
18
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
19
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
20
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
21
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
22
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
23
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
24
* POSSIBILITY OF SUCH DAMAGE.
26
* $Id: sha256.c 680 2003-07-25 21:57:49Z asaddi $
30
* Define WORDS_BIGENDIAN if compiling on a big-endian architecture.
32
* Define SHA256_TEST to test the implementation using the NIST's
33
* sample messages. The output should be:
35
* ba7816bf 8f01cfea 414140de 5dae2223 b00361a3 96177a9c b410ff61 f20015ad
36
* 248d6a61 d20638b8 e5c02693 0c3e6039 a33ce459 64ff2167 f6ecedd4 19db06c1
37
* cdc76e5c 9914fb92 81a1c7e2 84d73e67 f1809a48 a497200e 046d39cc c7112cd0
41
#include "clamav-config.h"
42
#endif /* HAVE_CONFIG_H */
45
# include <inttypes.h>
57
static const char rcsid[] =
58
"$Id: sha256.c 680 2003-07-25 21:57:49Z asaddi $";
61
#define ROTL(x, n) (((x) << (n)) | ((x) >> (32 - (n))))
62
#define ROTR(x, n) (((x) >> (n)) | ((x) << (32 - (n))))
64
#define Ch(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
65
#define Maj(x, y, z) (((x) & ((y) | (z))) | ((y) & (z)))
66
#define SIGMA0(x) (ROTR((x), 2) ^ ROTR((x), 13) ^ ROTR((x), 22))
67
#define SIGMA1(x) (ROTR((x), 6) ^ ROTR((x), 11) ^ ROTR((x), 25))
68
#define sigma0(x) (ROTR((x), 7) ^ ROTR((x), 18) ^ ((x) >> 3))
69
#define sigma1(x) (ROTR((x), 17) ^ ROTR((x), 19) ^ ((x) >> 10))
71
#define DO_ROUND() { \
72
t1 = h + SIGMA1(e) + Ch(e, f, g) + *(Kp++) + *(W++); \
73
t2 = SIGMA0(a) + Maj(a, b, c); \
84
static const uint32_t K[64] = {
85
0x428a2f98L, 0x71374491L, 0xb5c0fbcfL, 0xe9b5dba5L,
86
0x3956c25bL, 0x59f111f1L, 0x923f82a4L, 0xab1c5ed5L,
87
0xd807aa98L, 0x12835b01L, 0x243185beL, 0x550c7dc3L,
88
0x72be5d74L, 0x80deb1feL, 0x9bdc06a7L, 0xc19bf174L,
89
0xe49b69c1L, 0xefbe4786L, 0x0fc19dc6L, 0x240ca1ccL,
90
0x2de92c6fL, 0x4a7484aaL, 0x5cb0a9dcL, 0x76f988daL,
91
0x983e5152L, 0xa831c66dL, 0xb00327c8L, 0xbf597fc7L,
92
0xc6e00bf3L, 0xd5a79147L, 0x06ca6351L, 0x14292967L,
93
0x27b70a85L, 0x2e1b2138L, 0x4d2c6dfcL, 0x53380d13L,
94
0x650a7354L, 0x766a0abbL, 0x81c2c92eL, 0x92722c85L,
95
0xa2bfe8a1L, 0xa81a664bL, 0xc24b8b70L, 0xc76c51a3L,
96
0xd192e819L, 0xd6990624L, 0xf40e3585L, 0x106aa070L,
97
0x19a4c116L, 0x1e376c08L, 0x2748774cL, 0x34b0bcb5L,
98
0x391c0cb3L, 0x4ed8aa4aL, 0x5b9cca4fL, 0x682e6ff3L,
99
0x748f82eeL, 0x78a5636fL, 0x84c87814L, 0x8cc70208L,
100
0x90befffaL, 0xa4506cebL, 0xbef9a3f7L, 0xc67178f2L
103
#ifndef RUNTIME_ENDIAN
105
#if WORDS_BIGENDIAN == 1
107
#define BYTESWAP(x) (x)
108
#define BYTESWAP64(x) (x)
110
#else /* WORDS_BIGENDIAN */
112
#define BYTESWAP(x) ((ROTR((x), 8) & 0xff00ff00L) | \
113
(ROTL((x), 8) & 0x00ff00ffL))
114
#define BYTESWAP64(x) _byteswap64(x)
116
static inline uint64_t _byteswap64(uint64_t x)
118
uint32_t a = x >> 32;
119
uint32_t b = (uint32_t) x;
120
return ((uint64_t) BYTESWAP(b) << 32) | (uint64_t) BYTESWAP(a);
123
#endif /* WORDS_BIGENDIAN */
125
#else /* !RUNTIME_ENDIAN */
127
#define BYTESWAP(x) _byteswap(sc->littleEndian, x)
128
#define BYTESWAP64(x) _byteswap64(sc->littleEndian, x)
130
#define _BYTESWAP(x) ((ROTR((x), 8) & 0xff00ff00L) | \
131
(ROTL((x), 8) & 0x00ff00ffL))
132
#define _BYTESWAP64(x) __byteswap64(x)
134
static inline uint64_t __byteswap64(uint64_t x)
136
uint32_t a = x >> 32;
137
uint32_t b = (uint32_t) x;
138
return ((uint64_t) _BYTESWAP(b) << 32) | (uint64_t) _BYTESWAP(a);
141
static inline uint32_t _byteswap(int littleEndian, uint32_t x)
149
static inline uint64_t _byteswap64(int littleEndian, uint64_t x)
154
return _BYTESWAP64(x);
157
static inline void setEndian(int *littleEndianp)
165
*littleEndianp = endian.b[0] != 0;
168
#endif /* !RUNTIME_ENDIAN */
170
static const uint8_t padding[64] = {
171
0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
172
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
173
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
174
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
175
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
176
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
177
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
178
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
182
sha256_init (SHA256_CTX *sc)
184
#ifdef RUNTIME_ENDIAN
185
setEndian (&sc->littleEndian);
186
#endif /* RUNTIME_ENDIAN */
188
sc->totalLength = 0LL;
189
sc->hash[0] = 0x6a09e667L;
190
sc->hash[1] = 0xbb67ae85L;
191
sc->hash[2] = 0x3c6ef372L;
192
sc->hash[3] = 0xa54ff53aL;
193
sc->hash[4] = 0x510e527fL;
194
sc->hash[5] = 0x9b05688cL;
195
sc->hash[6] = 0x1f83d9abL;
196
sc->hash[7] = 0x5be0cd19L;
197
sc->bufferLength = 0L;
205
memset (buf, 0, sizeof (buf));
206
size -= sizeof (buf);
212
SHA256Guts (SHA256_CTX *sc, const uint32_t *cbuf)
215
uint32_t *W, *W2, *W7, *W15, *W16;
216
uint32_t a, b, c, d, e, f, g, h;
223
for (i = 15; i >= 0; i--) {
224
*(W++) = BYTESWAP(*cbuf);
233
for (i = 47; i >= 0; i--) {
234
*(W++) = sigma1(*W2) + *(W7++) + sigma0(*W15) + *(W16++);
251
#ifndef SHA256_UNROLL
252
#define SHA256_UNROLL 4
253
#endif /* !SHA256_UNROLL */
255
#if SHA256_UNROLL == 1
256
for (i = 63; i >= 0; i--)
258
#elif SHA256_UNROLL == 2
259
for (i = 31; i >= 0; i--) {
260
DO_ROUND(); DO_ROUND();
262
#elif SHA256_UNROLL == 4
263
for (i = 15; i >= 0; i--) {
264
DO_ROUND(); DO_ROUND(); DO_ROUND(); DO_ROUND();
266
#elif SHA256_UNROLL == 8
267
for (i = 7; i >= 0; i--) {
268
DO_ROUND(); DO_ROUND(); DO_ROUND(); DO_ROUND();
269
DO_ROUND(); DO_ROUND(); DO_ROUND(); DO_ROUND();
271
#elif SHA256_UNROLL == 16
272
for (i = 3; i >= 0; i--) {
273
DO_ROUND(); DO_ROUND(); DO_ROUND(); DO_ROUND();
274
DO_ROUND(); DO_ROUND(); DO_ROUND(); DO_ROUND();
275
DO_ROUND(); DO_ROUND(); DO_ROUND(); DO_ROUND();
276
DO_ROUND(); DO_ROUND(); DO_ROUND(); DO_ROUND();
278
#elif SHA256_UNROLL == 32
279
for (i = 1; i >= 0; i--) {
280
DO_ROUND(); DO_ROUND(); DO_ROUND(); DO_ROUND();
281
DO_ROUND(); DO_ROUND(); DO_ROUND(); DO_ROUND();
282
DO_ROUND(); DO_ROUND(); DO_ROUND(); DO_ROUND();
283
DO_ROUND(); DO_ROUND(); DO_ROUND(); DO_ROUND();
284
DO_ROUND(); DO_ROUND(); DO_ROUND(); DO_ROUND();
285
DO_ROUND(); DO_ROUND(); DO_ROUND(); DO_ROUND();
286
DO_ROUND(); DO_ROUND(); DO_ROUND(); DO_ROUND();
287
DO_ROUND(); DO_ROUND(); DO_ROUND(); DO_ROUND();
289
#elif SHA256_UNROLL == 64
290
DO_ROUND(); DO_ROUND(); DO_ROUND(); DO_ROUND();
291
DO_ROUND(); DO_ROUND(); DO_ROUND(); DO_ROUND();
292
DO_ROUND(); DO_ROUND(); DO_ROUND(); DO_ROUND();
293
DO_ROUND(); DO_ROUND(); DO_ROUND(); DO_ROUND();
294
DO_ROUND(); DO_ROUND(); DO_ROUND(); DO_ROUND();
295
DO_ROUND(); DO_ROUND(); DO_ROUND(); DO_ROUND();
296
DO_ROUND(); DO_ROUND(); DO_ROUND(); DO_ROUND();
297
DO_ROUND(); DO_ROUND(); DO_ROUND(); DO_ROUND();
298
DO_ROUND(); DO_ROUND(); DO_ROUND(); DO_ROUND();
299
DO_ROUND(); DO_ROUND(); DO_ROUND(); DO_ROUND();
300
DO_ROUND(); DO_ROUND(); DO_ROUND(); DO_ROUND();
301
DO_ROUND(); DO_ROUND(); DO_ROUND(); DO_ROUND();
302
DO_ROUND(); DO_ROUND(); DO_ROUND(); DO_ROUND();
303
DO_ROUND(); DO_ROUND(); DO_ROUND(); DO_ROUND();
304
DO_ROUND(); DO_ROUND(); DO_ROUND(); DO_ROUND();
305
DO_ROUND(); DO_ROUND(); DO_ROUND(); DO_ROUND();
307
#error "SHA256_UNROLL must be 1, 2, 4, 8, 16, 32, or 64!"
321
sha256_update (SHA256_CTX *sc, const void *vdata, uint32_t len)
323
const uint8_t *data = vdata;
324
uint32_t bufferBytesLeft;
325
uint32_t bytesToCopy;
327
#ifdef SHA256_FAST_COPY
328
if (sc->bufferLength) {
329
bufferBytesLeft = 64L - sc->bufferLength;
331
bytesToCopy = bufferBytesLeft;
332
if (bytesToCopy > len)
335
memcpy (&sc->buffer.bytes[sc->bufferLength], data, bytesToCopy);
337
sc->totalLength += bytesToCopy * 8L;
339
sc->bufferLength += bytesToCopy;
343
if (sc->bufferLength == 64L) {
344
SHA256Guts (sc, sc->buffer.words);
346
sc->bufferLength = 0L;
351
sc->totalLength += 512L;
353
SHA256Guts (sc, data);
361
memcpy (&sc->buffer.bytes[sc->bufferLength], data, len);
363
sc->totalLength += len * 8L;
365
sc->bufferLength += len;
367
#else /* SHA256_FAST_COPY */
369
bufferBytesLeft = 64L - sc->bufferLength;
371
bytesToCopy = bufferBytesLeft;
372
if (bytesToCopy > len)
375
memcpy (&sc->buffer.bytes[sc->bufferLength], data, bytesToCopy);
377
sc->totalLength += bytesToCopy * 8L;
379
sc->bufferLength += bytesToCopy;
383
if (sc->bufferLength == 64L) {
384
SHA256Guts (sc, sc->buffer.words);
386
sc->bufferLength = 0L;
389
#endif /* SHA256_FAST_COPY */
392
burnStack (sizeof (uint32_t[74]) + sizeof (uint32_t *[6]) + sizeof (int));
396
sha256_final (SHA256_CTX *sc, uint8_t hash[SHA256_HASH_SIZE])
402
bytesToPad = 120L - sc->bufferLength;
403
if (bytesToPad > 64L)
406
lengthPad = BYTESWAP64(sc->totalLength);
408
sha256_update (sc, padding, bytesToPad);
409
sha256_update (sc, &lengthPad, 8L);
412
for (i = 0; i < SHA256_HASH_WORDS; i++) {
413
#ifdef SHA256_FAST_COPY
414
*((uint32_t *) hash) = BYTESWAP(sc->hash[i]);
415
#else /* SHA256_FAST_COPY */
416
hash[0] = (uint8_t) (sc->hash[i] >> 24);
417
hash[1] = (uint8_t) (sc->hash[i] >> 16);
418
hash[2] = (uint8_t) (sc->hash[i] >> 8);
419
hash[3] = (uint8_t) sc->hash[i];
420
#endif /* SHA256_FAST_COPY */
433
main (int argc, char *argv[])
436
uint8_t hash[SHA256_HASH_SIZE];
441
sha256_update (&foo, "abc", 3);
442
sha256_final (&foo, hash);
444
for (i = 0; i < SHA256_HASH_SIZE;) {
445
printf ("%02x", hash[i++]);
453
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
455
sha256_final (&foo, hash);
457
for (i = 0; i < SHA256_HASH_SIZE;) {
458
printf ("%02x", hash[i++]);
465
memset (buf, 'a', sizeof (buf));
466
for (i = 0; i < 1000; i++)
467
sha256_update (&foo, buf, sizeof (buf));
468
sha256_final (&foo, hash);
470
for (i = 0; i < SHA256_HASH_SIZE;) {
471
printf ("%02x", hash[i++]);
480
#endif /* SHA256_TEST */