| 1 |
2 |
marsgod |
/*
|
| 2 |
|
|
* Implementation of the Secure Hashing Algorithm (SHA-256)
|
| 3 |
|
|
*
|
| 4 |
|
|
* Generates a 256 bit message digest. It should be impossible to come
|
| 5 |
|
|
* come up with two messages that hash to the same value ("collision free").
|
| 6 |
|
|
*
|
| 7 |
|
|
* For use with byte-oriented messages only. Could/Should be speeded
|
| 8 |
|
|
* up by unwinding loops in shs_transform(), and assembly patches.
|
| 9 |
|
|
*/
|
| 10 |
|
|
|
| 11 |
|
|
#include <stdio.h>
|
| 12 |
|
|
#include "miracl.h"
|
| 13 |
|
|
|
| 14 |
|
|
#define H0 0x6A09E667L
|
| 15 |
|
|
#define H1 0xBB67AE85L
|
| 16 |
|
|
#define H2 0x3C6EF372L
|
| 17 |
|
|
#define H3 0xA54FF53AL
|
| 18 |
|
|
#define H4 0x510E527FL
|
| 19 |
|
|
#define H5 0x9B05688CL
|
| 20 |
|
|
#define H6 0x1F83D9ABL
|
| 21 |
|
|
#define H7 0x5BE0CD19L
|
| 22 |
|
|
|
| 23 |
|
|
static mr_unsign32 K[64]={
|
| 24 |
|
|
0x428a2f98L,0x71374491L,0xb5c0fbcfL,0xe9b5dba5L,0x3956c25bL,0x59f111f1L,0x923f82a4L,0xab1c5ed5L,
|
| 25 |
|
|
0xd807aa98L,0x12835b01L,0x243185beL,0x550c7dc3L,0x72be5d74L,0x80deb1feL,0x9bdc06a7L,0xc19bf174L,
|
| 26 |
|
|
0xe49b69c1L,0xefbe4786L,0x0fc19dc6L,0x240ca1ccL,0x2de92c6fL,0x4a7484aaL,0x5cb0a9dcL,0x76f988daL,
|
| 27 |
|
|
0x983e5152L,0xa831c66dL,0xb00327c8L,0xbf597fc7L,0xc6e00bf3L,0xd5a79147L,0x06ca6351L,0x14292967L,
|
| 28 |
|
|
0x27b70a85L,0x2e1b2138L,0x4d2c6dfcL,0x53380d13L,0x650a7354L,0x766a0abbL,0x81c2c92eL,0x92722c85L,
|
| 29 |
|
|
0xa2bfe8a1L,0xa81a664bL,0xc24b8b70L,0xc76c51a3L,0xd192e819L,0xd6990624L,0xf40e3585L,0x106aa070L,
|
| 30 |
|
|
0x19a4c116L,0x1e376c08L,0x2748774cL,0x34b0bcb5L,0x391c0cb3L,0x4ed8aa4aL,0x5b9cca4fL,0x682e6ff3L,
|
| 31 |
|
|
0x748f82eeL,0x78a5636fL,0x84c87814L,0x8cc70208L,0x90befffaL,0xa4506cebL,0xbef9a3f7L,0xc67178f2L};
|
| 32 |
|
|
|
| 33 |
|
|
#define PAD 0x80
|
| 34 |
|
|
#define ZERO 0
|
| 35 |
|
|
|
| 36 |
|
|
/* functions */
|
| 37 |
|
|
|
| 38 |
|
|
#define S(n,x) (((x)>>n) | ((x)<<(32-n)))
|
| 39 |
|
|
#define R(n,x) ((x)>>n)
|
| 40 |
|
|
|
| 41 |
|
|
#define Ch(x,y,z) ((x&y)^(~(x)&z))
|
| 42 |
|
|
#define Maj(x,y,z) ((x&y)^(x&z)^(y&z))
|
| 43 |
|
|
#define Sig0(x) (S(2,x)^S(13,x)^S(22,x))
|
| 44 |
|
|
#define Sig1(x) (S(6,x)^S(11,x)^S(25,x))
|
| 45 |
|
|
#define theta0(x) (S(7,x)^S(18,x)^R(3,x))
|
| 46 |
|
|
#define theta1(x) (S(17,x)^S(19,x)^R(10,x))
|
| 47 |
|
|
|
| 48 |
|
|
static void shs_transform(sha256 *sh)
|
| 49 |
|
|
{ /* basic transformation step */
|
| 50 |
|
|
mr_unsign32 a,b,c,d,e,f,g,h,t1,t2;
|
| 51 |
|
|
int j;
|
| 52 |
|
|
for (j=16;j<64;j++)
|
| 53 |
|
|
sh->w[j]=theta1(sh->w[j-2])+sh->w[j-7]+theta0(sh->w[j-15])+sh->w[j-16];
|
| 54 |
|
|
|
| 55 |
|
|
a=sh->h[0]; b=sh->h[1]; c=sh->h[2]; d=sh->h[3];
|
| 56 |
|
|
e=sh->h[4]; f=sh->h[5]; g=sh->h[6]; h=sh->h[7];
|
| 57 |
|
|
|
| 58 |
|
|
for (j=0;j<64;j++)
|
| 59 |
|
|
{ /* 64 times - mush it up */
|
| 60 |
|
|
t1=h+Sig1(e)+Ch(e,f,g)+K[j]+sh->w[j];
|
| 61 |
|
|
t2=Sig0(a)+Maj(a,b,c);
|
| 62 |
|
|
h=g; g=f; f=e;
|
| 63 |
|
|
e=d+t1;
|
| 64 |
|
|
d=c;
|
| 65 |
|
|
c=b;
|
| 66 |
|
|
b=a;
|
| 67 |
|
|
a=t1+t2;
|
| 68 |
|
|
}
|
| 69 |
|
|
sh->h[0]+=a; sh->h[1]+=b; sh->h[2]+=c; sh->h[3]+=d;
|
| 70 |
|
|
sh->h[4]+=e; sh->h[5]+=f; sh->h[6]+=g; sh->h[7]+=h;
|
| 71 |
|
|
}
|
| 72 |
|
|
|
| 73 |
|
|
void shs256_init(sha256 *sh)
|
| 74 |
|
|
{ /* re-initialise */
|
| 75 |
|
|
int i;
|
| 76 |
|
|
for (i=0;i<64;i++) sh->w[i]=0L;
|
| 77 |
|
|
sh->length[0]=sh->length[1]=0L;
|
| 78 |
|
|
sh->h[0]=H0;
|
| 79 |
|
|
sh->h[1]=H1;
|
| 80 |
|
|
sh->h[2]=H2;
|
| 81 |
|
|
sh->h[3]=H3;
|
| 82 |
|
|
sh->h[4]=H4;
|
| 83 |
|
|
sh->h[5]=H5;
|
| 84 |
|
|
sh->h[6]=H6;
|
| 85 |
|
|
sh->h[7]=H7;
|
| 86 |
|
|
}
|
| 87 |
|
|
|
| 88 |
|
|
void shs256_process(sha256 *sh,int byte)
|
| 89 |
|
|
{ /* process the next message byte */
|
| 90 |
|
|
int cnt;
|
| 91 |
|
|
|
| 92 |
|
|
cnt=(int)((sh->length[0]/32)%16);
|
| 93 |
|
|
|
| 94 |
|
|
sh->w[cnt]<<=8;
|
| 95 |
|
|
sh->w[cnt]|=(mr_unsign32)(byte&0xFF);
|
| 96 |
|
|
|
| 97 |
|
|
sh->length[0]+=8;
|
| 98 |
|
|
if (sh->length[0]==0L) { sh->length[1]++; sh->length[0]=0L; }
|
| 99 |
|
|
if ((sh->length[0]%512)==0) shs_transform(sh);
|
| 100 |
|
|
}
|
| 101 |
|
|
|
| 102 |
|
|
void shs256_hash(sha256 *sh,char hash[32])
|
| 103 |
|
|
{ /* pad message and finish - supply digest */
|
| 104 |
|
|
int i;
|
| 105 |
|
|
mr_unsign32 len0,len1;
|
| 106 |
|
|
len0=sh->length[0];
|
| 107 |
|
|
len1=sh->length[1];
|
| 108 |
|
|
shs256_process(sh,PAD);
|
| 109 |
|
|
while ((sh->length[0]%512)!=448) shs256_process(sh,ZERO);
|
| 110 |
|
|
sh->w[14]=len1;
|
| 111 |
|
|
sh->w[15]=len0;
|
| 112 |
|
|
shs_transform(sh);
|
| 113 |
|
|
for (i=0;i<32;i++)
|
| 114 |
|
|
{ /* convert to bytes */
|
| 115 |
|
|
hash[i]=((sh->h[i/4]>>(8*(3-i%4))) & 0xffL);
|
| 116 |
|
|
}
|
| 117 |
|
|
shs256_init(sh);
|
| 118 |
|
|
}
|
| 119 |
|
|
|
| 120 |
|
|
/* test program: should produce digest
|
| 121 |
|
|
|
| 122 |
|
|
248d6a61 d20638b8 e5c02693 0c3e6039 a33ce459 64ff2167 f6ecedd4 19db06c1
|
| 123 |
|
|
|
| 124 |
|
|
|
| 125 |
|
|
#include <stdio.h>
|
| 126 |
|
|
#include "miracl.h"
|
| 127 |
|
|
|
| 128 |
|
|
char test[]="abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
|
| 129 |
|
|
|
| 130 |
|
|
int main()
|
| 131 |
|
|
{
|
| 132 |
|
|
char hash[32];
|
| 133 |
|
|
int i;
|
| 134 |
|
|
sha256 sh;
|
| 135 |
|
|
shs256_init(&sh);
|
| 136 |
|
|
for (i=0;test[i]!=0;i++) shs256_process(&sh,test[i]);
|
| 137 |
|
|
shs256_hash(&sh,hash);
|
| 138 |
|
|
for (i=0;i<32;i++) printf("%02x",(unsigned char)hash[i]);
|
| 139 |
|
|
printf("\n");
|
| 140 |
|
|
return 0;
|
| 141 |
|
|
}
|
| 142 |
|
|
|
| 143 |
|
|
*/
|
| 144 |
|
|
|
