sha256 / block / sha256.con commit Merge branch 'rm/gpg-program-doc-fix' into maint (2b31284)
   1#include "git-compat-util.h"
   2#include "./sha256.h"
   3
   4#undef RND
   5#undef BLKSIZE
   6
   7#define BLKSIZE blk_SHA256_BLKSIZE
   8
   9void blk_SHA256_Init(blk_SHA256_CTX *ctx)
  10{
  11        ctx->offset = 0;
  12        ctx->size = 0;
  13        ctx->state[0] = 0x6a09e667ul;
  14        ctx->state[1] = 0xbb67ae85ul;
  15        ctx->state[2] = 0x3c6ef372ul;
  16        ctx->state[3] = 0xa54ff53aul;
  17        ctx->state[4] = 0x510e527ful;
  18        ctx->state[5] = 0x9b05688cul;
  19        ctx->state[6] = 0x1f83d9abul;
  20        ctx->state[7] = 0x5be0cd19ul;
  21}
  22
  23static inline uint32_t ror(uint32_t x, unsigned n)
  24{
  25        return (x >> n) | (x << (32 - n));
  26}
  27
  28static inline uint32_t ch(uint32_t x, uint32_t y, uint32_t z)
  29{
  30        return z ^ (x & (y ^ z));
  31}
  32
  33static inline uint32_t maj(uint32_t x, uint32_t y, uint32_t z)
  34{
  35        return ((x | y) & z) | (x & y);
  36}
  37
  38static inline uint32_t sigma0(uint32_t x)
  39{
  40        return ror(x, 2) ^ ror(x, 13) ^ ror(x, 22);
  41}
  42
  43static inline uint32_t sigma1(uint32_t x)
  44{
  45        return ror(x, 6) ^ ror(x, 11) ^ ror(x, 25);
  46}
  47
  48static inline uint32_t gamma0(uint32_t x)
  49{
  50        return ror(x, 7) ^ ror(x, 18) ^ (x >> 3);
  51}
  52
  53static inline uint32_t gamma1(uint32_t x)
  54{
  55        return ror(x, 17) ^ ror(x, 19) ^ (x >> 10);
  56}
  57
  58static void blk_SHA256_Transform(blk_SHA256_CTX *ctx, const unsigned char *buf)
  59{
  60
  61        uint32_t S[8], W[64], t0, t1;
  62        int i;
  63
  64        /* copy state into S */
  65        for (i = 0; i < 8; i++)
  66                S[i] = ctx->state[i];
  67
  68        /* copy the state into 512-bits into W[0..15] */
  69        for (i = 0; i < 16; i++, buf += sizeof(uint32_t))
  70                W[i] = get_be32(buf);
  71
  72        /* fill W[16..63] */
  73        for (i = 16; i < 64; i++)
  74                W[i] = gamma1(W[i - 2]) + W[i - 7] + gamma0(W[i - 15]) + W[i - 16];
  75
  76#define RND(a,b,c,d,e,f,g,h,i,ki)                    \
  77        t0 = h + sigma1(e) + ch(e, f, g) + ki + W[i];   \
  78        t1 = sigma0(a) + maj(a, b, c);                  \
  79        d += t0;                                        \
  80        h  = t0 + t1;
  81
  82        RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],0,0x428a2f98);
  83        RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],1,0x71374491);
  84        RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],2,0xb5c0fbcf);
  85        RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],3,0xe9b5dba5);
  86        RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],4,0x3956c25b);
  87        RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],5,0x59f111f1);
  88        RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],6,0x923f82a4);
  89        RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],7,0xab1c5ed5);
  90        RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],8,0xd807aa98);
  91        RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],9,0x12835b01);
  92        RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],10,0x243185be);
  93        RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],11,0x550c7dc3);
  94        RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],12,0x72be5d74);
  95        RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],13,0x80deb1fe);
  96        RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],14,0x9bdc06a7);
  97        RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],15,0xc19bf174);
  98        RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],16,0xe49b69c1);
  99        RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],17,0xefbe4786);
 100        RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],18,0x0fc19dc6);
 101        RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],19,0x240ca1cc);
 102        RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],20,0x2de92c6f);
 103        RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],21,0x4a7484aa);
 104        RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],22,0x5cb0a9dc);
 105        RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],23,0x76f988da);
 106        RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],24,0x983e5152);
 107        RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],25,0xa831c66d);
 108        RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],26,0xb00327c8);
 109        RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],27,0xbf597fc7);
 110        RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],28,0xc6e00bf3);
 111        RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],29,0xd5a79147);
 112        RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],30,0x06ca6351);
 113        RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],31,0x14292967);
 114        RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],32,0x27b70a85);
 115        RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],33,0x2e1b2138);
 116        RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],34,0x4d2c6dfc);
 117        RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],35,0x53380d13);
 118        RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],36,0x650a7354);
 119        RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],37,0x766a0abb);
 120        RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],38,0x81c2c92e);
 121        RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],39,0x92722c85);
 122        RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],40,0xa2bfe8a1);
 123        RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],41,0xa81a664b);
 124        RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],42,0xc24b8b70);
 125        RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],43,0xc76c51a3);
 126        RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],44,0xd192e819);
 127        RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],45,0xd6990624);
 128        RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],46,0xf40e3585);
 129        RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],47,0x106aa070);
 130        RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],48,0x19a4c116);
 131        RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],49,0x1e376c08);
 132        RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],50,0x2748774c);
 133        RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],51,0x34b0bcb5);
 134        RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],52,0x391c0cb3);
 135        RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],53,0x4ed8aa4a);
 136        RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],54,0x5b9cca4f);
 137        RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],55,0x682e6ff3);
 138        RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],56,0x748f82ee);
 139        RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],57,0x78a5636f);
 140        RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],58,0x84c87814);
 141        RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],59,0x8cc70208);
 142        RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],60,0x90befffa);
 143        RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],61,0xa4506ceb);
 144        RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],62,0xbef9a3f7);
 145        RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],63,0xc67178f2);
 146
 147        for (i = 0; i < 8; i++)
 148                ctx->state[i] += S[i];
 149}
 150
 151void blk_SHA256_Update(blk_SHA256_CTX *ctx, const void *data, size_t len)
 152{
 153        unsigned int len_buf = ctx->size & 63;
 154
 155        ctx->size += len;
 156
 157        /* Read the data into buf and process blocks as they get full */
 158        if (len_buf) {
 159                unsigned int left = 64 - len_buf;
 160                if (len < left)
 161                        left = len;
 162                memcpy(len_buf + ctx->buf, data, left);
 163                len_buf = (len_buf + left) & 63;
 164                len -= left;
 165                data = ((const char *)data + left);
 166                if (len_buf)
 167                        return;
 168                blk_SHA256_Transform(ctx, ctx->buf);
 169        }
 170        while (len >= 64) {
 171                blk_SHA256_Transform(ctx, data);
 172                data = ((const char *)data + 64);
 173                len -= 64;
 174        }
 175        if (len)
 176                memcpy(ctx->buf, data, len);
 177}
 178
 179void blk_SHA256_Final(unsigned char *digest, blk_SHA256_CTX *ctx)
 180{
 181        static const unsigned char pad[64] = { 0x80 };
 182        unsigned int padlen[2];
 183        int i;
 184
 185        /* Pad with a binary 1 (ie 0x80), then zeroes, then length */
 186        padlen[0] = htonl((uint32_t)(ctx->size >> 29));
 187        padlen[1] = htonl((uint32_t)(ctx->size << 3));
 188
 189        i = ctx->size & 63;
 190        blk_SHA256_Update(ctx, pad, 1 + (63 & (55 - i)));
 191        blk_SHA256_Update(ctx, padlen, 8);
 192
 193        /* copy output */
 194        for (i = 0; i < 8; i++, digest += sizeof(uint32_t))
 195                put_be32(digest, ctx->state[i]);
 196}