mirror of
https://github.com/Karaka-Management/cOMS.git
synced 2026-01-27 18:08:40 +00:00
328 lines
13 KiB
C
Executable File
328 lines
13 KiB
C
Executable File
#ifndef HASH_SHA_256_H
|
|
#define HASH_SHA_256_H
|
|
|
|
#include <stdint.h>
|
|
#include <string.h>
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
// Licensing Information
|
|
//
|
|
// Except as otherwise noted (below and/or in individual files), this project is licensed under the Unlicense
|
|
// (https://opensource.org/licenses/unlicense) or the Zero Clause BSD license (https://opensource.org/licenses/0bsd), at
|
|
// your option. The Unlicense
|
|
//
|
|
// This is free and unencumbered software released into the public domain.
|
|
//
|
|
// Anyone is free to copy, modify, publish, use, compile, sell, or distribute this software, either in source code form
|
|
// or as a compiled binary, for any purpose, commercial or non-commercial, and by any means.
|
|
//
|
|
// In jurisdictions that recognize copyright laws, the author or authors of this software dedicate any and all copyright
|
|
// interest in the software to the public domain. We make this dedication for the benefit of the public at large and to
|
|
// the detriment of our heirs and successors. We intend this dedication to be an overt act of relinquishment in
|
|
// perpetuity of all present and future rights to this software under copyright law.
|
|
//
|
|
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
|
|
// WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS BE
|
|
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|
//
|
|
// For more information, please refer to http://unlicense.org
|
|
// Zero Clause BSD License
|
|
//
|
|
// © 2021 Alain Mosnier
|
|
//
|
|
// Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby
|
|
// granted.
|
|
//
|
|
// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
|
|
// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
|
|
// INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
|
|
// AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
|
|
// PERFORMANCE OF THIS SOFTWARE.
|
|
|
|
/*
|
|
* @brief Size of the SHA-256 sum. This times eight is 256 bits.
|
|
*/
|
|
#define SIZE_OF_SHA_256_HASH 32
|
|
|
|
/*
|
|
* @brief Size of the chunks used for the calculations.
|
|
*
|
|
* @note This should mostly be ignored by the user, although when using the streaming API, it has an impact for
|
|
* performance. Add chunks whose size is a multiple of this, and you will avoid a lot of superfluous copying in RAM!
|
|
*/
|
|
#define SIZE_OF_SHA_256_CHUNK 64
|
|
|
|
#define TOTAL_LEN_LEN 8
|
|
|
|
/*
|
|
* @brief The opaque SHA-256 type, that should be instantiated when using the streaming API.
|
|
*
|
|
* @note Although the details are exposed here, in order to make instantiation easy, you should refrain from directly
|
|
* accessing the fields, as they may change in the future.
|
|
*/
|
|
struct Sha_256 {
|
|
uint8_t *hash;
|
|
uint8_t chunk[SIZE_OF_SHA_256_CHUNK];
|
|
uint8_t *chunk_pos;
|
|
size_t space_left;
|
|
size_t total_len;
|
|
uint32_t h[8];
|
|
};
|
|
|
|
static inline uint32_t right_rot(uint32_t value, unsigned int count)
|
|
{
|
|
/*
|
|
* Defined behaviour in standard C for all count where 0 < count < 32, which is what we need here.
|
|
*/
|
|
return value >> count | value << (32 - count);
|
|
}
|
|
|
|
static inline void consume_chunk(uint32_t *h, const uint8_t *p)
|
|
{
|
|
unsigned i, j;
|
|
uint32_t ah[8];
|
|
|
|
/* Initialize working variables to current hash value: */
|
|
for (i = 0; i < 8; i++)
|
|
ah[i] = h[i];
|
|
|
|
/*
|
|
* The w-array is really w[64], but since we only need 16 of them at a time, we save stack by
|
|
* calculating 16 at a time.
|
|
*
|
|
* This optimization was not there initially and the rest of the comments about w[64] are kept in their
|
|
* initial state.
|
|
*/
|
|
|
|
/*
|
|
* create a 64-entry message schedule array w[0..63] of 32-bit words (The initial values in w[0..63]
|
|
* don't matter, so many implementations zero them here) copy chunk into first 16 words w[0..15] of the
|
|
* message schedule array
|
|
*/
|
|
uint32_t w[16];
|
|
|
|
/* Compression function main loop: */
|
|
for (i = 0; i < 4; i++) {
|
|
for (j = 0; j < 16; j++) {
|
|
if (i == 0) {
|
|
w[j] = (uint32_t) p[0] << 24 | (uint32_t) p[1] << 16 | (uint32_t) p[2] << 8 | (uint32_t) p[3];
|
|
p += 4;
|
|
} else {
|
|
/* Extend the first 16 words into the remaining 48 words w[16..63] of the
|
|
* message schedule array: */
|
|
const uint32_t s0 =
|
|
right_rot(w[(j + 1) & 0xf], 7) ^ right_rot(w[(j + 1) & 0xf], 18) ^ (w[(j + 1) & 0xf] >> 3);
|
|
const uint32_t s1 =
|
|
right_rot(w[(j + 14) & 0xf], 17) ^ right_rot(w[(j + 14) & 0xf], 19) ^ (w[(j + 14) & 0xf] >> 10);
|
|
w[j] = w[j] + s0 + w[(j + 9) & 0xf] + s1;
|
|
}
|
|
const uint32_t s1 = right_rot(ah[4], 6) ^ right_rot(ah[4], 11) ^ right_rot(ah[4], 25);
|
|
const uint32_t ch = (ah[4] & ah[5]) ^ (~ah[4] & ah[6]);
|
|
|
|
/*
|
|
* Initialize array of round constants:
|
|
* (first 32 bits of the fractional parts of the cube roots of the first 64 primes 2..311):
|
|
*/
|
|
static const uint32_t k[] = {
|
|
0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
|
|
0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
|
|
0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
|
|
0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
|
|
0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
|
|
0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
|
|
0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
|
|
0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2};
|
|
|
|
const uint32_t temp1 = ah[7] + s1 + ch + k[i << 4 | j] + w[j];
|
|
const uint32_t s0 = right_rot(ah[0], 2) ^ right_rot(ah[0], 13) ^ right_rot(ah[0], 22);
|
|
const uint32_t maj = (ah[0] & ah[1]) ^ (ah[0] & ah[2]) ^ (ah[1] & ah[2]);
|
|
const uint32_t temp2 = s0 + maj;
|
|
|
|
ah[7] = ah[6];
|
|
ah[6] = ah[5];
|
|
ah[5] = ah[4];
|
|
ah[4] = ah[3] + temp1;
|
|
ah[3] = ah[2];
|
|
ah[2] = ah[1];
|
|
ah[1] = ah[0];
|
|
ah[0] = temp1 + temp2;
|
|
}
|
|
}
|
|
|
|
/* Add the compressed chunk to the current hash value: */
|
|
for (i = 0; i < 8; i++)
|
|
h[i] += ah[i];
|
|
}
|
|
|
|
/*
|
|
* @brief Initialize a SHA-256 streaming calculation.
|
|
* @param sha_256 A pointer to a SHA-256 structure.
|
|
* @param hash Hash array, where the result will be delivered.
|
|
*
|
|
* @note If all of the data you are calculating the hash value on is not available in a contiguous buffer in memory,
|
|
* this is where you should start. Instantiate a SHA-256 structure, for instance by simply declaring it locally, make
|
|
* your hash buffer available, and invoke this function. Once a SHA-256 hash has been calculated (see further below) a
|
|
* SHA-256 structure can be initialized again for the next calculation.
|
|
*
|
|
* @note If either of the passed pointers is NULL, the results are unpredictable.
|
|
*/
|
|
void sha_256_init(struct Sha_256 *sha_256, uint8_t hash[SIZE_OF_SHA_256_HASH])
|
|
{
|
|
sha_256->hash = hash;
|
|
sha_256->chunk_pos = sha_256->chunk;
|
|
sha_256->space_left = SIZE_OF_SHA_256_CHUNK;
|
|
sha_256->total_len = 0;
|
|
/*
|
|
* Initialize hash values (first 32 bits of the fractional parts of the square roots of the first 8 primes
|
|
* 2..19):
|
|
*/
|
|
sha_256->h[0] = 0x6a09e667;
|
|
sha_256->h[1] = 0xbb67ae85;
|
|
sha_256->h[2] = 0x3c6ef372;
|
|
sha_256->h[3] = 0xa54ff53a;
|
|
sha_256->h[4] = 0x510e527f;
|
|
sha_256->h[5] = 0x9b05688c;
|
|
sha_256->h[6] = 0x1f83d9ab;
|
|
sha_256->h[7] = 0x5be0cd19;
|
|
}
|
|
|
|
/*
|
|
* @brief Stream more input data for an on-going SHA-256 calculation.
|
|
* @param sha_256 A pointer to a previously initialized SHA-256 structure.
|
|
* @param data Pointer to the data to be added to the calculation.
|
|
* @param len Length of the data to add, in byte.
|
|
*
|
|
* @note This function may be invoked an arbitrary number of times between initialization and closing, but the maximum
|
|
* data length is limited by the SHA-256 algorithm: the total number of bits (i.e. the total number of bytes times
|
|
* eight) must be representable by a 64-bit unsigned integer. While that is not a practical limitation, the results are
|
|
* unpredictable if that limit is exceeded.
|
|
*
|
|
* @note This function may be invoked on empty data (zero length), although that obviously will not add any data.
|
|
*
|
|
* @note If either of the passed pointers is NULL, the results are unpredictable.
|
|
*/
|
|
void sha_256_write(struct Sha_256 *sha_256, const void *data, size_t len)
|
|
{
|
|
sha_256->total_len += len;
|
|
|
|
const uint8_t *p = (uint8_t *) data;
|
|
|
|
while (len > 0) {
|
|
/*
|
|
* If the input chunks have sizes that are multiples of the calculation chunk size, no copies are
|
|
* necessary. We operate directly on the input data instead.
|
|
*/
|
|
if (sha_256->space_left == SIZE_OF_SHA_256_CHUNK && len >= SIZE_OF_SHA_256_CHUNK) {
|
|
consume_chunk(sha_256->h, p);
|
|
len -= SIZE_OF_SHA_256_CHUNK;
|
|
p += SIZE_OF_SHA_256_CHUNK;
|
|
continue;
|
|
}
|
|
/* General case, no particular optimization. */
|
|
const size_t consumed_len = len < sha_256->space_left ? len : sha_256->space_left;
|
|
memcpy(sha_256->chunk_pos, p, consumed_len);
|
|
sha_256->space_left -= consumed_len;
|
|
len -= consumed_len;
|
|
p += consumed_len;
|
|
if (sha_256->space_left == 0) {
|
|
consume_chunk(sha_256->h, sha_256->chunk);
|
|
sha_256->chunk_pos = sha_256->chunk;
|
|
sha_256->space_left = SIZE_OF_SHA_256_CHUNK;
|
|
} else {
|
|
sha_256->chunk_pos += consumed_len;
|
|
}
|
|
}
|
|
}
|
|
|
|
/*
|
|
* @brief Conclude a SHA-256 streaming calculation, making the hash value available.
|
|
* @param sha_256 A pointer to a previously initialized SHA-256 structure.
|
|
* @return Pointer to the hash array, where the result is delivered.
|
|
*
|
|
* @note After this function has been invoked, the result is available in the hash buffer that initially was provided. A
|
|
* pointer to the hash value is returned for convenience, but you should feel free to ignore it: it is simply a pointer
|
|
* to the first byte of your initially provided hash array.
|
|
*
|
|
* @note If the passed pointer is NULL, the results are unpredictable.
|
|
*
|
|
* @note Invoking this function for a calculation with no data (the writing function has never been invoked, or it only
|
|
* has been invoked with empty data) is legal. It will calculate the SHA-256 value of the empty string.
|
|
*/
|
|
uint8_t *sha_256_close(struct Sha_256 *sha_256)
|
|
{
|
|
uint8_t *pos = sha_256->chunk_pos;
|
|
size_t space_left = sha_256->space_left;
|
|
uint32_t *const h = sha_256->h;
|
|
|
|
/*
|
|
* The current chunk cannot be full. Otherwise, it would already have be consumed. I.e. there is space left for
|
|
* at least one byte. The next step in the calculation is to add a single one-bit to the data.
|
|
*/
|
|
*pos++ = 0x80;
|
|
--space_left;
|
|
|
|
/*
|
|
* Now, the last step is to add the total data length at the end of the last chunk, and zero padding before
|
|
* that. But we do not necessarily have enough space left. If not, we pad the current chunk with zeroes, and add
|
|
* an extra chunk at the end.
|
|
*/
|
|
if (space_left < TOTAL_LEN_LEN) {
|
|
memset(pos, 0x00, space_left);
|
|
consume_chunk(h, sha_256->chunk);
|
|
pos = sha_256->chunk;
|
|
space_left = SIZE_OF_SHA_256_CHUNK;
|
|
}
|
|
const size_t left = space_left - TOTAL_LEN_LEN;
|
|
memset(pos, 0x00, left);
|
|
pos += left;
|
|
size_t len = sha_256->total_len;
|
|
pos[7] = (uint8_t) (len << 3);
|
|
len >>= 5;
|
|
int i;
|
|
for (i = 6; i >= 0; --i) {
|
|
pos[i] = (uint8_t) len;
|
|
len >>= 8;
|
|
}
|
|
consume_chunk(h, sha_256->chunk);
|
|
/* Produce the final hash value (big-endian): */
|
|
int j;
|
|
uint8_t *const hash = sha_256->hash;
|
|
for (i = 0, j = 0; i < 8; i++) {
|
|
hash[j++] = (uint8_t) (h[i] >> 24);
|
|
hash[j++] = (uint8_t) (h[i] >> 16);
|
|
hash[j++] = (uint8_t) (h[i] >> 8);
|
|
hash[j++] = (uint8_t) h[i];
|
|
}
|
|
return sha_256->hash;
|
|
}
|
|
|
|
/*
|
|
* @brief The simple SHA-256 calculation function.
|
|
* @param hash Hash array, where the result is delivered.
|
|
* @param input Pointer to the data the hash shall be calculated on.
|
|
* @param len Length of the input data, in byte.
|
|
*
|
|
* @note If all of the data you are calculating the hash value on is available in a contiguous buffer in memory, this is
|
|
* the function you should use.
|
|
*
|
|
* @note If either of the passed pointers is NULL, the results are unpredictable.
|
|
*/
|
|
void calc_sha_256(uint8_t hash[SIZE_OF_SHA_256_HASH], const void *input, size_t len)
|
|
{
|
|
struct Sha_256 sha_256;
|
|
sha_256_init(&sha_256, hash);
|
|
sha_256_write(&sha_256, input, len);
|
|
(void) sha_256_close(&sha_256);
|
|
}
|
|
|
|
#undef TOTAL_LEN_LEN
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif |