diff options
Diffstat (limited to 'meta/recipes-devtools/shasum/files/sha256.c')
-rw-r--r-- | meta/recipes-devtools/shasum/files/sha256.c | 322 |
1 files changed, 0 insertions, 322 deletions
diff --git a/meta/recipes-devtools/shasum/files/sha256.c b/meta/recipes-devtools/shasum/files/sha256.c deleted file mode 100644 index e2ee2c6b4e..0000000000 --- a/meta/recipes-devtools/shasum/files/sha256.c +++ /dev/null | |||
@@ -1,322 +0,0 @@ | |||
1 | /* sha256.h | ||
2 | * | ||
3 | * The sha256 hash function. | ||
4 | */ | ||
5 | |||
6 | /* nettle, low-level cryptographics library | ||
7 | * | ||
8 | * Copyright (C) 2001 Niels Möller | ||
9 | * | ||
10 | * This program is free software; you can redistribute it and/or | ||
11 | * modify it under the terms of the GNU General Public License as | ||
12 | * published by the Free Software Foundation; either version 2 of the | ||
13 | * License, or (at your option) any later version. | ||
14 | * | ||
15 | * The nettle library is distributed in the hope that it will be useful, but | ||
16 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | ||
17 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public | ||
18 | * License for more details. | ||
19 | * | ||
20 | * You should have received a copy of the GNU Lesser General Public License | ||
21 | * along with the nettle library; see the file COPYING.LIB. If not, write to | ||
22 | * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, | ||
23 | * MA 02111-1307, USA. | ||
24 | */ | ||
25 | |||
26 | /* Modelled after the sha1.c code by Peter Gutmann. */ | ||
27 | |||
28 | #include "mhash_sha256.h" | ||
29 | #include <stdlib.h> | ||
30 | #include <string.h> | ||
31 | |||
32 | |||
33 | #ifndef EXTRACT_UCHAR | ||
34 | #define EXTRACT_UCHAR(p) (*(unsigned char *)(p)) | ||
35 | #endif | ||
36 | |||
37 | #define STRING2INT(s) ((((((EXTRACT_UCHAR(s) << 8) \ | ||
38 | | EXTRACT_UCHAR(s+1)) << 8) \ | ||
39 | | EXTRACT_UCHAR(s+2)) << 8) \ | ||
40 | | EXTRACT_UCHAR(s+3)) | ||
41 | |||
42 | /* This has been modified in order to fit in mhash. | ||
43 | * --nmav. | ||
44 | */ | ||
45 | |||
46 | /* A block, treated as a sequence of 32-bit words. */ | ||
47 | #define SHA256_DATA_LENGTH 16 | ||
48 | |||
49 | #define ROTR(n,x) ((x)>>(n) | ((x)<<(32-(n)))) | ||
50 | #define SHR(n,x) ((x)>>(n)) | ||
51 | |||
52 | /* The SHA256 functions. The Choice function is the same as the SHA1 | ||
53 | function f1, and the majority function is the same as the SHA1 f3 | ||
54 | function. They can be optimized to save one boolean operation each | ||
55 | - thanks to Rich Schroeppel, rcs@cs.arizona.edu for discovering | ||
56 | this */ | ||
57 | |||
58 | /* #define Choice(x,y,z) ( ( (x) & (y) ) | ( ~(x) & (z) ) ) */ | ||
59 | #define Choice(x,y,z) ( (z) ^ ( (x) & ( (y) ^ (z) ) ) ) | ||
60 | /* #define Majority(x,y,z) ( ((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)) ) */ | ||
61 | #define Majority(x,y,z) ( ((x) & (y)) ^ ((z) & ((x) ^ (y))) ) | ||
62 | |||
63 | #define S0(x) (ROTR(2,(x)) ^ ROTR(13,(x)) ^ ROTR(22,(x))) | ||
64 | #define S1(x) (ROTR(6,(x)) ^ ROTR(11,(x)) ^ ROTR(25,(x))) | ||
65 | |||
66 | #define s0(x) (ROTR(7,(x)) ^ ROTR(18,(x)) ^ SHR(3,(x))) | ||
67 | #define s1(x) (ROTR(17,(x)) ^ ROTR(19,(x)) ^ SHR(10,(x))) | ||
68 | |||
69 | /* Generated by the shadata program. */ | ||
70 | static const word32 K[64] = { | ||
71 | 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, | ||
72 | 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, | ||
73 | 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, | ||
74 | 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL, | ||
75 | 0xe49b69c1UL, 0xefbe4786UL, 0xfc19dc6UL, 0x240ca1ccUL, | ||
76 | 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, | ||
77 | 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, | ||
78 | 0xc6e00bf3UL, 0xd5a79147UL, 0x6ca6351UL, 0x14292967UL, | ||
79 | 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL, | ||
80 | 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, | ||
81 | 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, | ||
82 | 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, | ||
83 | 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL, | ||
84 | 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL, | ||
85 | 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, | ||
86 | 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL, | ||
87 | }; | ||
88 | |||
89 | /* The initial expanding function. The hash function is defined over an | ||
90 | 64-word expanded input array W, where the first 16 are copies of the input | ||
91 | data, and the remaining 64 are defined by | ||
92 | |||
93 | W[ t ] = s1(W[t-2] + W[t-7] + s0(W[i-15] + W[i-16] | ||
94 | |||
95 | This implementation generates these values on the fly in a circular | ||
96 | buffer - thanks to Colin Plumb, colin@nyx10.cs.du.edu for this | ||
97 | optimization. | ||
98 | */ | ||
99 | |||
100 | #define EXPAND(W,i) \ | ||
101 | ( W[(i) & 15 ] += (s1(W[((i)-2) & 15]) + W[((i)-7) & 15] + s0(W[((i)-15) & 15])) ) | ||
102 | |||
103 | /* The prototype SHA sub-round. The fundamental sub-round is: | ||
104 | |||
105 | T1 = h + S1(e) + Choice(e,f,g) + K[t] + W[t] | ||
106 | T2 = S0(a) + Majority(a,b,c) | ||
107 | a' = T1+T2 | ||
108 | b' = a | ||
109 | c' = b | ||
110 | d' = c | ||
111 | e' = d + T1 | ||
112 | f' = e | ||
113 | g' = f | ||
114 | h' = g | ||
115 | |||
116 | but this is implemented by unrolling the loop 8 times and renaming | ||
117 | the variables | ||
118 | ( h, a, b, c, d, e, f, g ) = ( a, b, c, d, e, f, g, h ) each | ||
119 | iteration. This code is then replicated 8, using the next 8 values | ||
120 | from the W[] array each time */ | ||
121 | |||
122 | /* FIXME: We can probably reorder this to optimize away at least one | ||
123 | * of T1 and T2. It's crucial that DATA is only used once, as that | ||
124 | * argument will have side effects. */ | ||
125 | #define ROUND(a,b,c,d,e,f,g,h,k,data) do { \ | ||
126 | word32 T1 = h + S1(e) + Choice(e,f,g) + k + data; \ | ||
127 | word32 T2 = S0(a) + Majority(a,b,c); \ | ||
128 | d += T1; \ | ||
129 | h = T1 + T2; \ | ||
130 | } while (0) | ||
131 | |||
132 | /* Initialize the SHA values */ | ||
133 | |||
134 | void sha256_init(struct sha256_ctx *ctx) | ||
135 | { | ||
136 | /* Initial values, also generated by the shadata program. */ | ||
137 | static const word32 H0[_SHA256_DIGEST_LENGTH] = { | ||
138 | 0x6a09e667UL, 0xbb67ae85UL, 0x3c6ef372UL, 0xa54ff53aUL, | ||
139 | 0x510e527fUL, 0x9b05688cUL, 0x1f83d9abUL, 0x5be0cd19UL, | ||
140 | }; | ||
141 | |||
142 | memcpy(ctx->state, H0, sizeof(H0)); | ||
143 | |||
144 | /* Initialize bit count */ | ||
145 | ctx->count_low = ctx->count_high = 0; | ||
146 | |||
147 | /* Initialize buffer */ | ||
148 | ctx->index = 0; | ||
149 | } | ||
150 | |||
151 | /* Perform the SHA transformation. Note that this code, like MD5, seems to | ||
152 | break some optimizing compilers due to the complexity of the expressions | ||
153 | and the size of the basic block. It may be necessary to split it into | ||
154 | sections, e.g. based on the four subrounds | ||
155 | |||
156 | Note that this function destroys the data area */ | ||
157 | |||
158 | static void sha256_transform(word32 * state, word32 * data) | ||
159 | { | ||
160 | word32 A, B, C, D, E, F, G, H; /* Local vars */ | ||
161 | unsigned i; | ||
162 | const word32 *k; | ||
163 | word32 *d; | ||
164 | |||
165 | /* Set up first buffer and local data buffer */ | ||
166 | A = state[0]; | ||
167 | B = state[1]; | ||
168 | C = state[2]; | ||
169 | D = state[3]; | ||
170 | E = state[4]; | ||
171 | F = state[5]; | ||
172 | G = state[6]; | ||
173 | H = state[7]; | ||
174 | |||
175 | /* Heavy mangling */ | ||
176 | /* First 16 subrounds that act on the original data */ | ||
177 | |||
178 | for (i = 0, k = K, d = data; i < 16; i += 8, k += 8, d += 8) { | ||
179 | ROUND(A, B, C, D, E, F, G, H, k[0], d[0]); | ||
180 | ROUND(H, A, B, C, D, E, F, G, k[1], d[1]); | ||
181 | ROUND(G, H, A, B, C, D, E, F, k[2], d[2]); | ||
182 | ROUND(F, G, H, A, B, C, D, E, k[3], d[3]); | ||
183 | ROUND(E, F, G, H, A, B, C, D, k[4], d[4]); | ||
184 | ROUND(D, E, F, G, H, A, B, C, k[5], d[5]); | ||
185 | ROUND(C, D, E, F, G, H, A, B, k[6], d[6]); | ||
186 | ROUND(B, C, D, E, F, G, H, A, k[7], d[7]); | ||
187 | } | ||
188 | |||
189 | for (; i < 64; i += 16, k += 16) { | ||
190 | ROUND(A, B, C, D, E, F, G, H, k[0], EXPAND(data, 0)); | ||
191 | ROUND(H, A, B, C, D, E, F, G, k[1], EXPAND(data, 1)); | ||
192 | ROUND(G, H, A, B, C, D, E, F, k[2], EXPAND(data, 2)); | ||
193 | ROUND(F, G, H, A, B, C, D, E, k[3], EXPAND(data, 3)); | ||
194 | ROUND(E, F, G, H, A, B, C, D, k[4], EXPAND(data, 4)); | ||
195 | ROUND(D, E, F, G, H, A, B, C, k[5], EXPAND(data, 5)); | ||
196 | ROUND(C, D, E, F, G, H, A, B, k[6], EXPAND(data, 6)); | ||
197 | ROUND(B, C, D, E, F, G, H, A, k[7], EXPAND(data, 7)); | ||
198 | ROUND(A, B, C, D, E, F, G, H, k[8], EXPAND(data, 8)); | ||
199 | ROUND(H, A, B, C, D, E, F, G, k[9], EXPAND(data, 9)); | ||
200 | ROUND(G, H, A, B, C, D, E, F, k[10], EXPAND(data, 10)); | ||
201 | ROUND(F, G, H, A, B, C, D, E, k[11], EXPAND(data, 11)); | ||
202 | ROUND(E, F, G, H, A, B, C, D, k[12], EXPAND(data, 12)); | ||
203 | ROUND(D, E, F, G, H, A, B, C, k[13], EXPAND(data, 13)); | ||
204 | ROUND(C, D, E, F, G, H, A, B, k[14], EXPAND(data, 14)); | ||
205 | ROUND(B, C, D, E, F, G, H, A, k[15], EXPAND(data, 15)); | ||
206 | } | ||
207 | |||
208 | /* Update state */ | ||
209 | state[0] += A; | ||
210 | state[1] += B; | ||
211 | state[2] += C; | ||
212 | state[3] += D; | ||
213 | state[4] += E; | ||
214 | state[5] += F; | ||
215 | state[6] += G; | ||
216 | state[7] += H; | ||
217 | } | ||
218 | |||
219 | static void sha256_block(struct sha256_ctx *ctx, const byte * block) | ||
220 | { | ||
221 | word32 data[SHA256_DATA_LENGTH]; | ||
222 | int i; | ||
223 | |||
224 | /* Update block count */ | ||
225 | if (!++ctx->count_low) | ||
226 | ++ctx->count_high; | ||
227 | |||
228 | /* Endian independent conversion */ | ||
229 | for (i = 0; i < SHA256_DATA_LENGTH; i++, block += 4) | ||
230 | data[i] = STRING2INT(block); | ||
231 | |||
232 | sha256_transform(ctx->state, data); | ||
233 | } | ||
234 | |||
235 | void | ||
236 | sha256_update(struct sha256_ctx *ctx, const byte * buffer, unsigned length) | ||
237 | { | ||
238 | if (ctx->index) { /* Try to fill partial block */ | ||
239 | unsigned left = SHA256_DATA_SIZE - ctx->index; | ||
240 | if (length < left) { | ||
241 | memcpy(ctx->block + ctx->index, buffer, length); | ||
242 | ctx->index += length; | ||
243 | return; /* Finished */ | ||
244 | } else { | ||
245 | memcpy(ctx->block + ctx->index, buffer, left); | ||
246 | sha256_block(ctx, ctx->block); | ||
247 | buffer += left; | ||
248 | length -= left; | ||
249 | } | ||
250 | } | ||
251 | while (length >= SHA256_DATA_SIZE) { | ||
252 | sha256_block(ctx, buffer); | ||
253 | buffer += SHA256_DATA_SIZE; | ||
254 | length -= SHA256_DATA_SIZE; | ||
255 | } | ||
256 | /* Buffer leftovers */ | ||
257 | /* NOTE: The corresponding sha1 code checks for the special case length == 0. | ||
258 | * That seems supoptimal, as I suspect it increases the number of branches. */ | ||
259 | |||
260 | memcpy(ctx->block, buffer, length); | ||
261 | ctx->index = length; | ||
262 | } | ||
263 | |||
264 | /* Final wrapup - pad to SHA1_DATA_SIZE-byte boundary with the bit pattern | ||
265 | 1 0* (64-bit count of bits processed, MSB-first) */ | ||
266 | |||
267 | void sha256_final(struct sha256_ctx *ctx) | ||
268 | { | ||
269 | word32 data[SHA256_DATA_LENGTH]; | ||
270 | int i; | ||
271 | int words; | ||
272 | |||
273 | i = ctx->index; | ||
274 | |||
275 | /* Set the first char of padding to 0x80. This is safe since there is | ||
276 | always at least one byte free */ | ||
277 | |||
278 | /* assert(i < SHA256_DATA_SIZE); | ||
279 | */ | ||
280 | ctx->block[i++] = 0x80; | ||
281 | |||
282 | /* Fill rest of word */ | ||
283 | for (; i & 3; i++) | ||
284 | ctx->block[i] = 0; | ||
285 | |||
286 | /* i is now a multiple of the word size 4 */ | ||
287 | words = i >> 2; | ||
288 | for (i = 0; i < words; i++) | ||
289 | data[i] = STRING2INT(ctx->block + 4 * i); | ||
290 | |||
291 | if (words > (SHA256_DATA_LENGTH - 2)) { /* No room for length in this block. Process it and | ||
292 | * pad with another one */ | ||
293 | for (i = words; i < SHA256_DATA_LENGTH; i++) | ||
294 | data[i] = 0; | ||
295 | sha256_transform(ctx->state, data); | ||
296 | for (i = 0; i < (SHA256_DATA_LENGTH - 2); i++) | ||
297 | data[i] = 0; | ||
298 | } else | ||
299 | for (i = words; i < SHA256_DATA_LENGTH - 2; i++) | ||
300 | data[i] = 0; | ||
301 | |||
302 | /* There are 512 = 2^9 bits in one block */ | ||
303 | data[SHA256_DATA_LENGTH - 2] = | ||
304 | (ctx->count_high << 9) | (ctx->count_low >> 23); | ||
305 | data[SHA256_DATA_LENGTH - 1] = | ||
306 | (ctx->count_low << 9) | (ctx->index << 3); | ||
307 | sha256_transform(ctx->state, data); | ||
308 | } | ||
309 | |||
310 | void sha256_digest(const struct sha256_ctx *ctx, byte * s) | ||
311 | { | ||
312 | int i; | ||
313 | |||
314 | if (s!=NULL) | ||
315 | for (i = 0; i < _SHA256_DIGEST_LENGTH; i++) { | ||
316 | *s++ = ctx->state[i] >> 24; | ||
317 | *s++ = 0xff & (ctx->state[i] >> 16); | ||
318 | *s++ = 0xff & (ctx->state[i] >> 8); | ||
319 | *s++ = 0xff & ctx->state[i]; | ||
320 | } | ||
321 | } | ||
322 | |||