VirtualBox

source: vbox/trunk/src/libs/openssl-1.1.1k/crypto/sha/sha256.c@ 91789

最後變更 在這個檔案從91789是 90293,由 vboxsync 提交於 4 年 前

openssl-1.1.1k: Applied and adjusted our OpenSSL changes to 1.1.1k. bugref:10072
檔案大小: 12.1 KB
 
1/*
2 * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <openssl/opensslconf.h>
11
12#include <stdlib.h>
13#include <string.h>
14
15#include <openssl/crypto.h>
16#include <openssl/sha.h>
17#include <openssl/opensslv.h>
18
19int SHA224_Init(SHA256_CTX *c)
20{
21 memset(c, 0, sizeof(*c));
22 c->h[0] = 0xc1059ed8UL;
23 c->h[1] = 0x367cd507UL;
24 c->h[2] = 0x3070dd17UL;
25 c->h[3] = 0xf70e5939UL;
26 c->h[4] = 0xffc00b31UL;
27 c->h[5] = 0x68581511UL;
28 c->h[6] = 0x64f98fa7UL;
29 c->h[7] = 0xbefa4fa4UL;
30 c->md_len = SHA224_DIGEST_LENGTH;
31 return 1;
32}
33
34int SHA256_Init(SHA256_CTX *c)
35{
36 memset(c, 0, sizeof(*c));
37 c->h[0] = 0x6a09e667UL;
38 c->h[1] = 0xbb67ae85UL;
39 c->h[2] = 0x3c6ef372UL;
40 c->h[3] = 0xa54ff53aUL;
41 c->h[4] = 0x510e527fUL;
42 c->h[5] = 0x9b05688cUL;
43 c->h[6] = 0x1f83d9abUL;
44 c->h[7] = 0x5be0cd19UL;
45 c->md_len = SHA256_DIGEST_LENGTH;
46 return 1;
47}
48
49unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md)
50{
51 SHA256_CTX c;
52 static unsigned char m[SHA224_DIGEST_LENGTH];
53
54 if (md == NULL)
55 md = m;
56 SHA224_Init(&c);
57 SHA256_Update(&c, d, n);
58 SHA256_Final(md, &c);
59 OPENSSL_cleanse(&c, sizeof(c));
60 return md;
61}
62
63unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md)
64{
65 SHA256_CTX c;
66 static unsigned char m[SHA256_DIGEST_LENGTH];
67
68 if (md == NULL)
69 md = m;
70 SHA256_Init(&c);
71 SHA256_Update(&c, d, n);
72 SHA256_Final(md, &c);
73 OPENSSL_cleanse(&c, sizeof(c));
74 return md;
75}
76
77int SHA224_Update(SHA256_CTX *c, const void *data, size_t len)
78{
79 return SHA256_Update(c, data, len);
80}
81
82int SHA224_Final(unsigned char *md, SHA256_CTX *c)
83{
84 return SHA256_Final(md, c);
85}
86
87#define DATA_ORDER_IS_BIG_ENDIAN
88
89#define HASH_LONG SHA_LONG
90#define HASH_CTX SHA256_CTX
91#define HASH_CBLOCK SHA_CBLOCK
92
93/*
94 * Note that FIPS180-2 discusses "Truncation of the Hash Function Output."
95 * default: case below covers for it. It's not clear however if it's
96 * permitted to truncate to amount of bytes not divisible by 4. I bet not,
97 * but if it is, then default: case shall be extended. For reference.
98 * Idea behind separate cases for pre-defined lengths is to let the
99 * compiler decide if it's appropriate to unroll small loops.
100 */
101#define HASH_MAKE_STRING(c,s) do { \
102 unsigned long ll; \
103 unsigned int nn; \
104 switch ((c)->md_len) \
105 { case SHA224_DIGEST_LENGTH: \
106 for (nn=0;nn<SHA224_DIGEST_LENGTH/4;nn++) \
107 { ll=(c)->h[nn]; (void)HOST_l2c(ll,(s)); } \
108 break; \
109 case SHA256_DIGEST_LENGTH: \
110 for (nn=0;nn<SHA256_DIGEST_LENGTH/4;nn++) \
111 { ll=(c)->h[nn]; (void)HOST_l2c(ll,(s)); } \
112 break; \
113 default: \
114 if ((c)->md_len > SHA256_DIGEST_LENGTH) \
115 return 0; \
116 for (nn=0;nn<(c)->md_len/4;nn++) \
117 { ll=(c)->h[nn]; (void)HOST_l2c(ll,(s)); } \
118 break; \
119 } \
120 } while (0)
121
122#define HASH_UPDATE SHA256_Update
123#define HASH_TRANSFORM SHA256_Transform
124#define HASH_FINAL SHA256_Final
125#define HASH_BLOCK_DATA_ORDER sha256_block_data_order
126#ifndef SHA256_ASM
127static
128#endif
129void sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num);
130
131#include "crypto/md32_common.h"
132
133#ifndef SHA256_ASM
134static const SHA_LONG K256[64] = {
135 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
136 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
137 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
138 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
139 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
140 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
141 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
142 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
143 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
144 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
145 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
146 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
147 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
148 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
149 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
150 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
151};
152
153/*
154 * FIPS specification refers to right rotations, while our ROTATE macro
155 * is left one. This is why you might notice that rotation coefficients
156 * differ from those observed in FIPS document by 32-N...
157 */
158# define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10))
159# define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7))
160# define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3))
161# define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10))
162
163# define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
164# define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
165
166# ifdef OPENSSL_SMALL_FOOTPRINT
167
168static void sha256_block_data_order(SHA256_CTX *ctx, const void *in,
169 size_t num)
170{
171 unsigned MD32_REG_T a, b, c, d, e, f, g, h, s0, s1, T1, T2;
172 SHA_LONG X[16], l;
173 int i;
174 const unsigned char *data = in;
175
176 while (num--) {
177
178 a = ctx->h[0];
179 b = ctx->h[1];
180 c = ctx->h[2];
181 d = ctx->h[3];
182 e = ctx->h[4];
183 f = ctx->h[5];
184 g = ctx->h[6];
185 h = ctx->h[7];
186
187 for (i = 0; i < 16; i++) {
188 (void)HOST_c2l(data, l);
189 T1 = X[i] = l;
190 T1 += h + Sigma1(e) + Ch(e, f, g) + K256[i];
191 T2 = Sigma0(a) + Maj(a, b, c);
192 h = g;
193 g = f;
194 f = e;
195 e = d + T1;
196 d = c;
197 c = b;
198 b = a;
199 a = T1 + T2;
200 }
201
202 for (; i < 64; i++) {
203 s0 = X[(i + 1) & 0x0f];
204 s0 = sigma0(s0);
205 s1 = X[(i + 14) & 0x0f];
206 s1 = sigma1(s1);
207
208 T1 = X[i & 0xf] += s0 + s1 + X[(i + 9) & 0xf];
209 T1 += h + Sigma1(e) + Ch(e, f, g) + K256[i];
210 T2 = Sigma0(a) + Maj(a, b, c);
211 h = g;
212 g = f;
213 f = e;
214 e = d + T1;
215 d = c;
216 c = b;
217 b = a;
218 a = T1 + T2;
219 }
220
221 ctx->h[0] += a;
222 ctx->h[1] += b;
223 ctx->h[2] += c;
224 ctx->h[3] += d;
225 ctx->h[4] += e;
226 ctx->h[5] += f;
227 ctx->h[6] += g;
228 ctx->h[7] += h;
229
230 }
231}
232
233# else
234
235# define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \
236 T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; \
237 h = Sigma0(a) + Maj(a,b,c); \
238 d += T1; h += T1; } while (0)
239
240# define ROUND_16_63(i,a,b,c,d,e,f,g,h,X) do { \
241 s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \
242 s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \
243 T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \
244 ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0)
245
246static void sha256_block_data_order(SHA256_CTX *ctx, const void *in,
247 size_t num)
248{
249 unsigned MD32_REG_T a, b, c, d, e, f, g, h, s0, s1, T1;
250 SHA_LONG X[16];
251 int i;
252 const unsigned char *data = in;
253 const union {
254 long one;
255 char little;
256 } is_endian = {
257 1
258 };
259
260 while (num--) {
261
262 a = ctx->h[0];
263 b = ctx->h[1];
264 c = ctx->h[2];
265 d = ctx->h[3];
266 e = ctx->h[4];
267 f = ctx->h[5];
268 g = ctx->h[6];
269 h = ctx->h[7];
270
271 if (!is_endian.little && sizeof(SHA_LONG) == 4
272 && ((size_t)in % 4) == 0) {
273 const SHA_LONG *W = (const SHA_LONG *)data;
274
275 T1 = X[0] = W[0];
276 ROUND_00_15(0, a, b, c, d, e, f, g, h);
277 T1 = X[1] = W[1];
278 ROUND_00_15(1, h, a, b, c, d, e, f, g);
279 T1 = X[2] = W[2];
280 ROUND_00_15(2, g, h, a, b, c, d, e, f);
281 T1 = X[3] = W[3];
282 ROUND_00_15(3, f, g, h, a, b, c, d, e);
283 T1 = X[4] = W[4];
284 ROUND_00_15(4, e, f, g, h, a, b, c, d);
285 T1 = X[5] = W[5];
286 ROUND_00_15(5, d, e, f, g, h, a, b, c);
287 T1 = X[6] = W[6];
288 ROUND_00_15(6, c, d, e, f, g, h, a, b);
289 T1 = X[7] = W[7];
290 ROUND_00_15(7, b, c, d, e, f, g, h, a);
291 T1 = X[8] = W[8];
292 ROUND_00_15(8, a, b, c, d, e, f, g, h);
293 T1 = X[9] = W[9];
294 ROUND_00_15(9, h, a, b, c, d, e, f, g);
295 T1 = X[10] = W[10];
296 ROUND_00_15(10, g, h, a, b, c, d, e, f);
297 T1 = X[11] = W[11];
298 ROUND_00_15(11, f, g, h, a, b, c, d, e);
299 T1 = X[12] = W[12];
300 ROUND_00_15(12, e, f, g, h, a, b, c, d);
301 T1 = X[13] = W[13];
302 ROUND_00_15(13, d, e, f, g, h, a, b, c);
303 T1 = X[14] = W[14];
304 ROUND_00_15(14, c, d, e, f, g, h, a, b);
305 T1 = X[15] = W[15];
306 ROUND_00_15(15, b, c, d, e, f, g, h, a);
307
308 data += SHA256_CBLOCK;
309 } else {
310 SHA_LONG l;
311
312 (void)HOST_c2l(data, l);
313 T1 = X[0] = l;
314 ROUND_00_15(0, a, b, c, d, e, f, g, h);
315 (void)HOST_c2l(data, l);
316 T1 = X[1] = l;
317 ROUND_00_15(1, h, a, b, c, d, e, f, g);
318 (void)HOST_c2l(data, l);
319 T1 = X[2] = l;
320 ROUND_00_15(2, g, h, a, b, c, d, e, f);
321 (void)HOST_c2l(data, l);
322 T1 = X[3] = l;
323 ROUND_00_15(3, f, g, h, a, b, c, d, e);
324 (void)HOST_c2l(data, l);
325 T1 = X[4] = l;
326 ROUND_00_15(4, e, f, g, h, a, b, c, d);
327 (void)HOST_c2l(data, l);
328 T1 = X[5] = l;
329 ROUND_00_15(5, d, e, f, g, h, a, b, c);
330 (void)HOST_c2l(data, l);
331 T1 = X[6] = l;
332 ROUND_00_15(6, c, d, e, f, g, h, a, b);
333 (void)HOST_c2l(data, l);
334 T1 = X[7] = l;
335 ROUND_00_15(7, b, c, d, e, f, g, h, a);
336 (void)HOST_c2l(data, l);
337 T1 = X[8] = l;
338 ROUND_00_15(8, a, b, c, d, e, f, g, h);
339 (void)HOST_c2l(data, l);
340 T1 = X[9] = l;
341 ROUND_00_15(9, h, a, b, c, d, e, f, g);
342 (void)HOST_c2l(data, l);
343 T1 = X[10] = l;
344 ROUND_00_15(10, g, h, a, b, c, d, e, f);
345 (void)HOST_c2l(data, l);
346 T1 = X[11] = l;
347 ROUND_00_15(11, f, g, h, a, b, c, d, e);
348 (void)HOST_c2l(data, l);
349 T1 = X[12] = l;
350 ROUND_00_15(12, e, f, g, h, a, b, c, d);
351 (void)HOST_c2l(data, l);
352 T1 = X[13] = l;
353 ROUND_00_15(13, d, e, f, g, h, a, b, c);
354 (void)HOST_c2l(data, l);
355 T1 = X[14] = l;
356 ROUND_00_15(14, c, d, e, f, g, h, a, b);
357 (void)HOST_c2l(data, l);
358 T1 = X[15] = l;
359 ROUND_00_15(15, b, c, d, e, f, g, h, a);
360 }
361
362 for (i = 16; i < 64; i += 8) {
363 ROUND_16_63(i + 0, a, b, c, d, e, f, g, h, X);
364 ROUND_16_63(i + 1, h, a, b, c, d, e, f, g, X);
365 ROUND_16_63(i + 2, g, h, a, b, c, d, e, f, X);
366 ROUND_16_63(i + 3, f, g, h, a, b, c, d, e, X);
367 ROUND_16_63(i + 4, e, f, g, h, a, b, c, d, X);
368 ROUND_16_63(i + 5, d, e, f, g, h, a, b, c, X);
369 ROUND_16_63(i + 6, c, d, e, f, g, h, a, b, X);
370 ROUND_16_63(i + 7, b, c, d, e, f, g, h, a, X);
371 }
372
373 ctx->h[0] += a;
374 ctx->h[1] += b;
375 ctx->h[2] += c;
376 ctx->h[3] += d;
377 ctx->h[4] += e;
378 ctx->h[5] += f;
379 ctx->h[6] += g;
380 ctx->h[7] += h;
381
382 }
383}
384
385# endif
386#endif /* SHA256_ASM */
注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette