Process Hacker
sha256.c
Go to the documentation of this file.
1 /*
2  * FIPS-180-2 compliant SHA-256 implementation
3  *
4  * Copyright (C) 2001-2003 Christophe Devine
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; either version 2 of the License, or
9  * (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program; if not, write to the Free Software
18  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19  */
20 
21 #include <string.h>
22 
23 #include "sha256.h"
24 
25 #define GET_UINT32(n,b,i) \
26 { \
27  (n) = ( (uint32) (b)[(i) ] << 24 ) \
28  | ( (uint32) (b)[(i) + 1] << 16 ) \
29  | ( (uint32) (b)[(i) + 2] << 8 ) \
30  | ( (uint32) (b)[(i) + 3] ); \
31 }
32 
33 #define PUT_UINT32(n,b,i) \
34 { \
35  (b)[(i) ] = (uint8) ( (n) >> 24 ); \
36  (b)[(i) + 1] = (uint8) ( (n) >> 16 ); \
37  (b)[(i) + 2] = (uint8) ( (n) >> 8 ); \
38  (b)[(i) + 3] = (uint8) ( (n) ); \
39 }
40 
41 void sha256_starts( sha256_context *ctx )
42 {
43  ctx->total[0] = 0;
44  ctx->total[1] = 0;
45 
46  ctx->state[0] = 0x6A09E667;
47  ctx->state[1] = 0xBB67AE85;
48  ctx->state[2] = 0x3C6EF372;
49  ctx->state[3] = 0xA54FF53A;
50  ctx->state[4] = 0x510E527F;
51  ctx->state[5] = 0x9B05688C;
52  ctx->state[6] = 0x1F83D9AB;
53  ctx->state[7] = 0x5BE0CD19;
54 }
55 
56 void sha256_process( sha256_context *ctx, uint8 data[64] )
57 {
58  uint32 temp1, temp2, W[64];
59  uint32 A, B, C, D, E, F, G, H;
60 
61  GET_UINT32( W[0], data, 0 );
62  GET_UINT32( W[1], data, 4 );
63  GET_UINT32( W[2], data, 8 );
64  GET_UINT32( W[3], data, 12 );
65  GET_UINT32( W[4], data, 16 );
66  GET_UINT32( W[5], data, 20 );
67  GET_UINT32( W[6], data, 24 );
68  GET_UINT32( W[7], data, 28 );
69  GET_UINT32( W[8], data, 32 );
70  GET_UINT32( W[9], data, 36 );
71  GET_UINT32( W[10], data, 40 );
72  GET_UINT32( W[11], data, 44 );
73  GET_UINT32( W[12], data, 48 );
74  GET_UINT32( W[13], data, 52 );
75  GET_UINT32( W[14], data, 56 );
76  GET_UINT32( W[15], data, 60 );
77 
78 #define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
79 #define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
80 
81 #define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
82 #define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
83 
84 #define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
85 #define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
86 
87 #define F0(x,y,z) ((x & y) | (z & (x | y)))
88 #define F1(x,y,z) (z ^ (x & (y ^ z)))
89 
90 #define R(t) \
91 ( \
92  W[t] = S1(W[t - 2]) + W[t - 7] + \
93  S0(W[t - 15]) + W[t - 16] \
94 )
95 
96 #define P(a,b,c,d,e,f,g,h,x,K) \
97 { \
98  temp1 = h + S3(e) + F1(e,f,g) + K + x; \
99  temp2 = S2(a) + F0(a,b,c); \
100  d += temp1; h = temp1 + temp2; \
101 }
102 
103  A = ctx->state[0];
104  B = ctx->state[1];
105  C = ctx->state[2];
106  D = ctx->state[3];
107  E = ctx->state[4];
108  F = ctx->state[5];
109  G = ctx->state[6];
110  H = ctx->state[7];
111 
112  P( A, B, C, D, E, F, G, H, W[ 0], 0x428A2F98 );
113  P( H, A, B, C, D, E, F, G, W[ 1], 0x71374491 );
114  P( G, H, A, B, C, D, E, F, W[ 2], 0xB5C0FBCF );
115  P( F, G, H, A, B, C, D, E, W[ 3], 0xE9B5DBA5 );
116  P( E, F, G, H, A, B, C, D, W[ 4], 0x3956C25B );
117  P( D, E, F, G, H, A, B, C, W[ 5], 0x59F111F1 );
118  P( C, D, E, F, G, H, A, B, W[ 6], 0x923F82A4 );
119  P( B, C, D, E, F, G, H, A, W[ 7], 0xAB1C5ED5 );
120  P( A, B, C, D, E, F, G, H, W[ 8], 0xD807AA98 );
121  P( H, A, B, C, D, E, F, G, W[ 9], 0x12835B01 );
122  P( G, H, A, B, C, D, E, F, W[10], 0x243185BE );
123  P( F, G, H, A, B, C, D, E, W[11], 0x550C7DC3 );
124  P( E, F, G, H, A, B, C, D, W[12], 0x72BE5D74 );
125  P( D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE );
126  P( C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7 );
127  P( B, C, D, E, F, G, H, A, W[15], 0xC19BF174 );
128  P( A, B, C, D, E, F, G, H, R(16), 0xE49B69C1 );
129  P( H, A, B, C, D, E, F, G, R(17), 0xEFBE4786 );
130  P( G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6 );
131  P( F, G, H, A, B, C, D, E, R(19), 0x240CA1CC );
132  P( E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F );
133  P( D, E, F, G, H, A, B, C, R(21), 0x4A7484AA );
134  P( C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC );
135  P( B, C, D, E, F, G, H, A, R(23), 0x76F988DA );
136  P( A, B, C, D, E, F, G, H, R(24), 0x983E5152 );
137  P( H, A, B, C, D, E, F, G, R(25), 0xA831C66D );
138  P( G, H, A, B, C, D, E, F, R(26), 0xB00327C8 );
139  P( F, G, H, A, B, C, D, E, R(27), 0xBF597FC7 );
140  P( E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3 );
141  P( D, E, F, G, H, A, B, C, R(29), 0xD5A79147 );
142  P( C, D, E, F, G, H, A, B, R(30), 0x06CA6351 );
143  P( B, C, D, E, F, G, H, A, R(31), 0x14292967 );
144  P( A, B, C, D, E, F, G, H, R(32), 0x27B70A85 );
145  P( H, A, B, C, D, E, F, G, R(33), 0x2E1B2138 );
146  P( G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC );
147  P( F, G, H, A, B, C, D, E, R(35), 0x53380D13 );
148  P( E, F, G, H, A, B, C, D, R(36), 0x650A7354 );
149  P( D, E, F, G, H, A, B, C, R(37), 0x766A0ABB );
150  P( C, D, E, F, G, H, A, B, R(38), 0x81C2C92E );
151  P( B, C, D, E, F, G, H, A, R(39), 0x92722C85 );
152  P( A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1 );
153  P( H, A, B, C, D, E, F, G, R(41), 0xA81A664B );
154  P( G, H, A, B, C, D, E, F, R(42), 0xC24B8B70 );
155  P( F, G, H, A, B, C, D, E, R(43), 0xC76C51A3 );
156  P( E, F, G, H, A, B, C, D, R(44), 0xD192E819 );
157  P( D, E, F, G, H, A, B, C, R(45), 0xD6990624 );
158  P( C, D, E, F, G, H, A, B, R(46), 0xF40E3585 );
159  P( B, C, D, E, F, G, H, A, R(47), 0x106AA070 );
160  P( A, B, C, D, E, F, G, H, R(48), 0x19A4C116 );
161  P( H, A, B, C, D, E, F, G, R(49), 0x1E376C08 );
162  P( G, H, A, B, C, D, E, F, R(50), 0x2748774C );
163  P( F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5 );
164  P( E, F, G, H, A, B, C, D, R(52), 0x391C0CB3 );
165  P( D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A );
166  P( C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F );
167  P( B, C, D, E, F, G, H, A, R(55), 0x682E6FF3 );
168  P( A, B, C, D, E, F, G, H, R(56), 0x748F82EE );
169  P( H, A, B, C, D, E, F, G, R(57), 0x78A5636F );
170  P( G, H, A, B, C, D, E, F, R(58), 0x84C87814 );
171  P( F, G, H, A, B, C, D, E, R(59), 0x8CC70208 );
172  P( E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA );
173  P( D, E, F, G, H, A, B, C, R(61), 0xA4506CEB );
174  P( C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7 );
175  P( B, C, D, E, F, G, H, A, R(63), 0xC67178F2 );
176 
177  ctx->state[0] += A;
178  ctx->state[1] += B;
179  ctx->state[2] += C;
180  ctx->state[3] += D;
181  ctx->state[4] += E;
182  ctx->state[5] += F;
183  ctx->state[6] += G;
184  ctx->state[7] += H;
185 }
186 
187 void sha256_update( sha256_context *ctx, uint8 *input, uint32 length )
188 {
189  uint32 left, fill;
190 
191  if( ! length ) return;
192 
193  left = ctx->total[0] & 0x3F;
194  fill = 64 - left;
195 
196  ctx->total[0] += length;
197  ctx->total[0] &= 0xFFFFFFFF;
198 
199  if( ctx->total[0] < length )
200  ctx->total[1]++;
201 
202  if( left && length >= fill )
203  {
204  memcpy( (void *) (ctx->buffer + left),
205  (void *) input, fill );
206  sha256_process( ctx, ctx->buffer );
207  length -= fill;
208  input += fill;
209  left = 0;
210  }
211 
212  while( length >= 64 )
213  {
214  sha256_process( ctx, input );
215  length -= 64;
216  input += 64;
217  }
218 
219  if( length )
220  {
221  memcpy( (void *) (ctx->buffer + left),
222  (void *) input, length );
223  }
224 }
225 
226 static uint8 sha256_padding[64] =
227 {
228  0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
229  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
230  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
231  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
232 };
233 
234 void sha256_finish( sha256_context *ctx, uint8 digest[32] )
235 {
236  uint32 last, padn;
237  uint32 high, low;
238  uint8 msglen[8];
239 
240  high = ( ctx->total[0] >> 29 )
241  | ( ctx->total[1] << 3 );
242  low = ( ctx->total[0] << 3 );
243 
244  PUT_UINT32( high, msglen, 0 );
245  PUT_UINT32( low, msglen, 4 );
246 
247  last = ctx->total[0] & 0x3F;
248  padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
249 
250  sha256_update( ctx, sha256_padding, padn );
251  sha256_update( ctx, msglen, 8 );
252 
253  PUT_UINT32( ctx->state[0], digest, 0 );
254  PUT_UINT32( ctx->state[1], digest, 4 );
255  PUT_UINT32( ctx->state[2], digest, 8 );
256  PUT_UINT32( ctx->state[3], digest, 12 );
257  PUT_UINT32( ctx->state[4], digest, 16 );
258  PUT_UINT32( ctx->state[5], digest, 20 );
259  PUT_UINT32( ctx->state[6], digest, 24 );
260  PUT_UINT32( ctx->state[7], digest, 28 );
261 }
262 
263 #ifdef TEST
264 
265 #include <stdlib.h>
266 #include <stdio.h>
267 
268 /*
269  * those are the standard FIPS-180-2 test vectors
270  */
271 
272 static char *msg[] =
273 {
274  "abc",
275  "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
276  NULL
277 };
278 
279 static char *val[] =
280 {
281  "ba7816bf8f01cfea414140de5dae2223" \
282  "b00361a396177a9cb410ff61f20015ad",
283  "248d6a61d20638b8e5c026930c3e6039" \
284  "a33ce45964ff2167f6ecedd419db06c1",
285  "cdc76e5c9914fb9281a1c7e284d73e67" \
286  "f1809a48a497200e046d39ccc7112cd0"
287 };
288 
289 int main( int argc, char *argv[] )
290 {
291  FILE *f;
292  int i, j;
293  char output[65];
294  sha256_context ctx;
295  unsigned char buf[1000];
296  unsigned char sha256sum[32];
297 
298  if( argc < 2 )
299  {
300  printf( "\n SHA-256 Validation Tests:\n\n" );
301 
302  for( i = 0; i < 3; i++ )
303  {
304  printf( " Test %d ", i + 1 );
305 
306  sha256_starts( &ctx );
307 
308  if( i < 2 )
309  {
310  sha256_update( &ctx, (uint8 *) msg[i],
311  strlen( msg[i] ) );
312  }
313  else
314  {
315  memset( buf, 'a', 1000 );
316 
317  for( j = 0; j < 1000; j++ )
318  {
319  sha256_update( &ctx, (uint8 *) buf, 1000 );
320  }
321  }
322 
323  sha256_finish( &ctx, sha256sum );
324 
325  for( j = 0; j < 32; j++ )
326  {
327  sprintf( output + j * 2, "%02x", sha256sum[j] );
328  }
329 
330  if( memcmp( output, val[i], 64 ) )
331  {
332  printf( "failed!\n" );
333  return( 1 );
334  }
335 
336  printf( "passed.\n" );
337  }
338 
339  printf( "\n" );
340  }
341  else
342  {
343  if( ! ( f = fopen( argv[1], "rb" ) ) )
344  {
345  perror( "fopen" );
346  return( 1 );
347  }
348 
349  sha256_starts( &ctx );
350 
351  while( ( i = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
352  {
353  sha256_update( &ctx, buf, i );
354  }
355 
356  sha256_finish( &ctx, sha256sum );
357 
358  for( j = 0; j < 32; j++ )
359  {
360  printf( "%02x", sha256sum[j] );
361  }
362 
363  printf( " %s\n", argv[1] );
364  }
365 
366  return( 0 );
367 }
368 
369 #endif