kris/pqc
1
1
Derivar 0
Código Questões Pedidos de integração Lançamentos Wiki Trabalho

Add SHA256

Ver a proveniência
Este cometimento está contido em:
Joost Rijneveld 2019-03-11 14:41:11 +01:00
ascendente 91c2fb59cf
cometimento 6d84aec3db
Não foi encontrada uma chave conhecida para esta assinatura, na base de dados
ID da chave GPG: A4FE39CF49CBC553
4 ficheiros modificados com 557 adições e 164 eliminações
Mostrar estatísticas Descarregar ficheiro patch Descarregar ficheiro diff Expandir todos os ficheiros Colapsar todos os ficheiros

596
common/sha2.c
Ver ficheiro

@ -7,14 +7,29 @@
#include "sha2.h"
static uint64_t load_bigendian(const unsigned char *x) {
return (uint64_t)(x[7]) | (((uint64_t)(x[6])) << 8) | (((uint64_t)(x[5])) << 16) |
(((uint64_t)(x[4])) << 24) | (((uint64_t)(x[3])) << 32) |
(((uint64_t)(x[2])) << 40) | (((uint64_t)(x[1])) << 48) |
(((uint64_t)(x[0])) << 56);
static uint32_t load_bigendian_32(const uint8_t *x) {
return (uint32_t)(x[3]) | (((uint32_t)(x[2])) << 8) |
(((uint32_t)(x[1])) << 16) | (((uint32_t)(x[0])) << 24);
}
static void store_bigendian(uint8_t *x, uint64_t u) {
static uint64_t load_bigendian_64(const uint8_t *x) {
return (uint64_t)(x[7]) | (((uint64_t)(x[6])) << 8) |
(((uint64_t)(x[5])) << 16) | (((uint64_t)(x[4])) << 24) |
(((uint64_t)(x[3])) << 32) | (((uint64_t)(x[2])) << 40) |
(((uint64_t)(x[1])) << 48) | (((uint64_t)(x[0])) << 56);
}
static void store_bigendian_32(uint8_t *x, uint64_t u) {
x[3] = (uint8_t) u;
u >>= 8;
x[2] = (uint8_t) u;
u >>= 8;
x[1] = (uint8_t) u;
u >>= 8;
x[0] = (uint8_t) u;
}
static void store_bigendian_64(uint8_t *x, uint64_t u) {
x[7] = (uint8_t) u;
u >>= 8;
x[6] = (uint8_t) u;
@ -33,50 +48,244 @@ static void store_bigendian(uint8_t *x, uint64_t u) {
}
#define SHR(x, c) ((x) >> (c))
#define ROTR(x, c) (((x) >> (c)) | ((x) << (64 - (c))))
#define ROTR_32(x, c) (((x) >> (c)) | ((x) << (32 - (c))))
#define ROTR_64(x, c) (((x) >> (c)) | ((x) << (64 - (c))))
#define Ch(x, y, z) (((x) & (y)) ^ (~(x) & (z)))
#define Maj(x, y, z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
#define Sigma0(x) (ROTR(x, 28) ^ ROTR(x, 34) ^ ROTR(x, 39))
#define Sigma1(x) (ROTR(x, 14) ^ ROTR(x, 18) ^ ROTR(x, 41))
#define sigma0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x, 7))
#define sigma1(x) (ROTR(x, 19) ^ ROTR(x, 61) ^ SHR(x, 6))
#define M(w0, w14, w9, w1) w0 = sigma1(w14) + (w9) + sigma0(w1) + (w0);
#define Sigma0_32(x) (ROTR_32(x, 2) ^ ROTR_32(x,13) ^ ROTR_32(x,22))
#define Sigma1_32(x) (ROTR_32(x, 6) ^ ROTR_32(x,11) ^ ROTR_32(x,25))
#define sigma0_32(x) (ROTR_32(x, 7) ^ ROTR_32(x,18) ^ SHR(x, 3))
#define sigma1_32(x) (ROTR_32(x,17) ^ ROTR_32(x,19) ^ SHR(x,10))
#define EXPAND \
M(w0, w14, w9, w1) \
M(w1, w15, w10, w2) \
M(w2, w0, w11, w3) \
M(w3, w1, w12, w4) \
M(w4, w2, w13, w5) \
M(w5, w3, w14, w6) \
M(w6, w4, w15, w7) \
M(w7, w5, w0, w8) \
M(w8, w6, w1, w9) \
M(w9, w7, w2, w10) \
M(w10, w8, w3, w11) \
M(w11, w9, w4, w12) \
M(w12, w10, w5, w13) \
M(w13, w11, w6, w14) \
M(w14, w12, w7, w15) \
M(w15, w13, w8, w0)
#define Sigma0_64(x) (ROTR_64(x, 28) ^ ROTR_64(x, 34) ^ ROTR_64(x, 39))
#define Sigma1_64(x) (ROTR_64(x, 14) ^ ROTR_64(x, 18) ^ ROTR_64(x, 41))
#define sigma0_64(x) (ROTR_64(x, 1) ^ ROTR_64(x, 8) ^ SHR(x, 7))
#define sigma1_64(x) (ROTR_64(x, 19) ^ ROTR_64(x, 61) ^ SHR(x, 6))
#define F(w, k) \
T1 = h + Sigma1(e) + Ch(e, f, g) + (k) + (w); \
T2 = Sigma0(a) + Maj(a, b, c); \
h = g; \
g = f; \
f = e; \
e = d + T1; \
d = c; \
c = b; \
b = a; \
#define M_32(w0, w14, w9, w1) w0 = sigma1_32(w14) + (w9) + sigma0_32(w1) + (w0);
#define M_64(w0, w14, w9, w1) w0 = sigma1_64(w14) + (w9) + sigma0_64(w1) + (w0);
#define EXPAND_32 \
M_32(w0, w14, w9, w1) \
M_32(w1, w15, w10, w2) \
M_32(w2, w0, w11, w3) \
M_32(w3, w1, w12, w4) \
M_32(w4, w2, w13, w5) \
M_32(w5, w3, w14, w6) \
M_32(w6, w4, w15, w7) \
M_32(w7, w5, w0, w8) \
M_32(w8, w6, w1, w9) \
M_32(w9, w7, w2, w10) \
M_32(w10, w8, w3, w11) \
M_32(w11, w9, w4, w12) \
M_32(w12, w10, w5, w13) \
M_32(w13, w11, w6, w14) \
M_32(w14, w12, w7, w15) \
M_32(w15, w13, w8, w0)
#define EXPAND_64 \
M_64(w0, w14, w9, w1) \
M_64(w1, w15, w10, w2) \
M_64(w2, w0, w11, w3) \
M_64(w3, w1, w12, w4) \
M_64(w4, w2, w13, w5) \
M_64(w5, w3, w14, w6) \
M_64(w6, w4, w15, w7) \
M_64(w7, w5, w0, w8) \
M_64(w8, w6, w1, w9) \
M_64(w9, w7, w2, w10) \
M_64(w10, w8, w3, w11) \
M_64(w11, w9, w4, w12) \
M_64(w12, w10, w5, w13) \
M_64(w13, w11, w6, w14) \
M_64(w14, w12, w7, w15) \
M_64(w15, w13, w8, w0)
#define F_32(w, k) \
T1 = h + Sigma1_32(e) + Ch(e, f, g) + (k) + (w); \
T2 = Sigma0_32(a) + Maj(a, b, c); \
h = g; \
g = f; \
f = e; \
e = d + T1; \
d = c; \
c = b; \
b = a; \
a = T1 + T2;
#define F_64(w, k) \
T1 = h + Sigma1_64(e) + Ch(e, f, g) + (k) + (w); \
T2 = Sigma0_64(a) + Maj(a, b, c); \
h = g; \
g = f; \
f = e; \
e = d + T1; \
d = c; \
c = b; \
b = a; \
a = T1 + T2;
static size_t crypto_hashblocks_sha256(uint8_t *statebytes,
const uint8_t *in, size_t inlen) {
uint32_t state[8];
uint32_t a;
uint32_t b;
uint32_t c;
uint32_t d;
uint32_t e;
uint32_t f;
uint32_t g;
uint32_t h;
uint32_t T1;
uint32_t T2;
a = load_bigendian_32(statebytes + 0);
state[0] = a;
b = load_bigendian_32(statebytes + 4);
state[1] = b;
c = load_bigendian_32(statebytes + 8);
state[2] = c;
d = load_bigendian_32(statebytes + 12);
state[3] = d;
e = load_bigendian_32(statebytes + 16);
state[4] = e;
f = load_bigendian_32(statebytes + 20);
state[5] = f;
g = load_bigendian_32(statebytes + 24);
state[6] = g;
h = load_bigendian_32(statebytes + 28);
state[7] = h;
while (inlen >= 64) {
uint32_t w0 = load_bigendian_32(in + 0);
uint32_t w1 = load_bigendian_32(in + 4);
uint32_t w2 = load_bigendian_32(in + 8);
uint32_t w3 = load_bigendian_32(in + 12);
uint32_t w4 = load_bigendian_32(in + 16);
uint32_t w5 = load_bigendian_32(in + 20);
uint32_t w6 = load_bigendian_32(in + 24);
uint32_t w7 = load_bigendian_32(in + 28);
uint32_t w8 = load_bigendian_32(in + 32);
uint32_t w9 = load_bigendian_32(in + 36);
uint32_t w10 = load_bigendian_32(in + 40);
uint32_t w11 = load_bigendian_32(in + 44);
uint32_t w12 = load_bigendian_32(in + 48);
uint32_t w13 = load_bigendian_32(in + 52);
uint32_t w14 = load_bigendian_32(in + 56);
uint32_t w15 = load_bigendian_32(in + 60);
F_32(w0, 0x428a2f98)
F_32(w1, 0x71374491)
F_32(w2, 0xb5c0fbcf)
F_32(w3, 0xe9b5dba5)
F_32(w4, 0x3956c25b)
F_32(w5, 0x59f111f1)
F_32(w6, 0x923f82a4)
F_32(w7, 0xab1c5ed5)
F_32(w8, 0xd807aa98)
F_32(w9, 0x12835b01)
F_32(w10, 0x243185be)
F_32(w11, 0x550c7dc3)
F_32(w12, 0x72be5d74)
F_32(w13, 0x80deb1fe)
F_32(w14, 0x9bdc06a7)
F_32(w15, 0xc19bf174)
EXPAND_32
F_32(w0, 0xe49b69c1)
F_32(w1, 0xefbe4786)
F_32(w2, 0x0fc19dc6)
F_32(w3, 0x240ca1cc)
F_32(w4, 0x2de92c6f)
F_32(w5, 0x4a7484aa)
F_32(w6, 0x5cb0a9dc)
F_32(w7, 0x76f988da)
F_32(w8, 0x983e5152)
F_32(w9, 0xa831c66d)
F_32(w10, 0xb00327c8)
F_32(w11, 0xbf597fc7)
F_32(w12, 0xc6e00bf3)
F_32(w13, 0xd5a79147)
F_32(w14, 0x06ca6351)
F_32(w15, 0x14292967)
EXPAND_32
F_32(w0, 0x27b70a85)
F_32(w1, 0x2e1b2138)
F_32(w2, 0x4d2c6dfc)
F_32(w3, 0x53380d13)
F_32(w4, 0x650a7354)
F_32(w5, 0x766a0abb)
F_32(w6, 0x81c2c92e)
F_32(w7, 0x92722c85)
F_32(w8, 0xa2bfe8a1)
F_32(w9, 0xa81a664b)
F_32(w10, 0xc24b8b70)
F_32(w11, 0xc76c51a3)
F_32(w12, 0xd192e819)
F_32(w13, 0xd6990624)
F_32(w14, 0xf40e3585)
F_32(w15, 0x106aa070)
EXPAND_32
F_32(w0, 0x19a4c116)
F_32(w1, 0x1e376c08)
F_32(w2, 0x2748774c)
F_32(w3, 0x34b0bcb5)
F_32(w4, 0x391c0cb3)
F_32(w5, 0x4ed8aa4a)
F_32(w6, 0x5b9cca4f)
F_32(w7, 0x682e6ff3)
F_32(w8, 0x748f82ee)
F_32(w9, 0x78a5636f)
F_32(w10, 0x84c87814)
F_32(w11, 0x8cc70208)
F_32(w12, 0x90befffa)
F_32(w13, 0xa4506ceb)
F_32(w14, 0xbef9a3f7)
F_32(w15, 0xc67178f2)
a += state[0];
b += state[1];
c += state[2];
d += state[3];
e += state[4];
f += state[5];
g += state[6];
h += state[7];
state[0] = a;
state[1] = b;
state[2] = c;
state[3] = d;
state[4] = e;
state[5] = f;
state[6] = g;
state[7] = h;
in += 64;
inlen -= 64;
}
store_bigendian_32(statebytes + 0, state[0]);
store_bigendian_32(statebytes + 4, state[1]);
store_bigendian_32(statebytes + 8, state[2]);
store_bigendian_32(statebytes + 12, state[3]);
store_bigendian_32(statebytes + 16, state[4]);
store_bigendian_32(statebytes + 20, state[5]);
store_bigendian_32(statebytes + 24, state[6]);
store_bigendian_32(statebytes + 28, state[7]);
return inlen;
}
static size_t crypto_hashblocks_sha512(uint8_t *statebytes,
const uint8_t *in,
size_t inlen) {
const uint8_t *in, size_t inlen) {
uint64_t state[8];
uint64_t a;
uint64_t b;
@ -89,133 +298,133 @@ static size_t crypto_hashblocks_sha512(uint8_t *statebytes,
uint64_t T1;
uint64_t T2;
a = load_bigendian(statebytes + 0);
a = load_bigendian_64(statebytes + 0);
state[0] = a;
b = load_bigendian(statebytes + 8);
b = load_bigendian_64(statebytes + 8);
state[1] = b;
c = load_bigendian(statebytes + 16);
c = load_bigendian_64(statebytes + 16);
state[2] = c;
d = load_bigendian(statebytes + 24);
d = load_bigendian_64(statebytes + 24);
state[3] = d;
e = load_bigendian(statebytes + 32);
e = load_bigendian_64(statebytes + 32);
state[4] = e;
f = load_bigendian(statebytes + 40);
f = load_bigendian_64(statebytes + 40);
state[5] = f;
g = load_bigendian(statebytes + 48);
g = load_bigendian_64(statebytes + 48);
state[6] = g;
h = load_bigendian(statebytes + 56);
h = load_bigendian_64(statebytes + 56);
state[7] = h;
while (inlen >= 128) {
uint64_t w0 = load_bigendian(in + 0);
uint64_t w1 = load_bigendian(in + 8);
uint64_t w2 = load_bigendian(in + 16);
uint64_t w3 = load_bigendian(in + 24);
uint64_t w4 = load_bigendian(in + 32);
uint64_t w5 = load_bigendian(in + 40);
uint64_t w6 = load_bigendian(in + 48);
uint64_t w7 = load_bigendian(in + 56);
uint64_t w8 = load_bigendian(in + 64);
uint64_t w9 = load_bigendian(in + 72);
uint64_t w10 = load_bigendian(in + 80);
uint64_t w11 = load_bigendian(in + 88);
uint64_t w12 = load_bigendian(in + 96);
uint64_t w13 = load_bigendian(in + 104);
uint64_t w14 = load_bigendian(in + 112);
uint64_t w15 = load_bigendian(in + 120);
uint64_t w0 = load_bigendian_64(in + 0);
uint64_t w1 = load_bigendian_64(in + 8);
uint64_t w2 = load_bigendian_64(in + 16);
uint64_t w3 = load_bigendian_64(in + 24);
uint64_t w4 = load_bigendian_64(in + 32);
uint64_t w5 = load_bigendian_64(in + 40);
uint64_t w6 = load_bigendian_64(in + 48);
uint64_t w7 = load_bigendian_64(in + 56);
uint64_t w8 = load_bigendian_64(in + 64);
uint64_t w9 = load_bigendian_64(in + 72);
uint64_t w10 = load_bigendian_64(in + 80);
uint64_t w11 = load_bigendian_64(in + 88);
uint64_t w12 = load_bigendian_64(in + 96);
uint64_t w13 = load_bigendian_64(in + 104);
uint64_t w14 = load_bigendian_64(in + 112);
uint64_t w15 = load_bigendian_64(in + 120);
F(w0, 0x428a2f98d728ae22ULL)
F(w1, 0x7137449123ef65cdULL)
F(w2, 0xb5c0fbcfec4d3b2fULL)
F(w3, 0xe9b5dba58189dbbcULL)
F(w4, 0x3956c25bf348b538ULL)
F(w5, 0x59f111f1b605d019ULL)
F(w6, 0x923f82a4af194f9bULL)
F(w7, 0xab1c5ed5da6d8118ULL)
F(w8, 0xd807aa98a3030242ULL)
F(w9, 0x12835b0145706fbeULL)
F(w10, 0x243185be4ee4b28cULL)
F(w11, 0x550c7dc3d5ffb4e2ULL)
F(w12, 0x72be5d74f27b896fULL)
F(w13, 0x80deb1fe3b1696b1ULL)
F(w14, 0x9bdc06a725c71235ULL)
F(w15, 0xc19bf174cf692694ULL)
F_64(w0, 0x428a2f98d728ae22ULL)
F_64(w1, 0x7137449123ef65cdULL)
F_64(w2, 0xb5c0fbcfec4d3b2fULL)
F_64(w3, 0xe9b5dba58189dbbcULL)
F_64(w4, 0x3956c25bf348b538ULL)
F_64(w5, 0x59f111f1b605d019ULL)
F_64(w6, 0x923f82a4af194f9bULL)
F_64(w7, 0xab1c5ed5da6d8118ULL)
F_64(w8, 0xd807aa98a3030242ULL)
F_64(w9, 0x12835b0145706fbeULL)
F_64(w10, 0x243185be4ee4b28cULL)
F_64(w11, 0x550c7dc3d5ffb4e2ULL)
F_64(w12, 0x72be5d74f27b896fULL)
F_64(w13, 0x80deb1fe3b1696b1ULL)
F_64(w14, 0x9bdc06a725c71235ULL)
F_64(w15, 0xc19bf174cf692694ULL)
EXPAND
EXPAND_64
F(w0, 0xe49b69c19ef14ad2ULL)
F(w1, 0xefbe4786384f25e3ULL)
F(w2, 0x0fc19dc68b8cd5b5ULL)
F(w3, 0x240ca1cc77ac9c65ULL)
F(w4, 0x2de92c6f592b0275ULL)
F(w5, 0x4a7484aa6ea6e483ULL)
F(w6, 0x5cb0a9dcbd41fbd4ULL)
F(w7, 0x76f988da831153b5ULL)
F(w8, 0x983e5152ee66dfabULL)
F(w9, 0xa831c66d2db43210ULL)
F(w10, 0xb00327c898fb213fULL)
F(w11, 0xbf597fc7beef0ee4ULL)
F(w12, 0xc6e00bf33da88fc2ULL)
F(w13, 0xd5a79147930aa725ULL)
F(w14, 0x06ca6351e003826fULL)
F(w15, 0x142929670a0e6e70ULL)
F_64(w0, 0xe49b69c19ef14ad2ULL)
F_64(w1, 0xefbe4786384f25e3ULL)
F_64(w2, 0x0fc19dc68b8cd5b5ULL)
F_64(w3, 0x240ca1cc77ac9c65ULL)
F_64(w4, 0x2de92c6f592b0275ULL)
F_64(w5, 0x4a7484aa6ea6e483ULL)
F_64(w6, 0x5cb0a9dcbd41fbd4ULL)
F_64(w7, 0x76f988da831153b5ULL)
F_64(w8, 0x983e5152ee66dfabULL)
F_64(w9, 0xa831c66d2db43210ULL)
F_64(w10, 0xb00327c898fb213fULL)
F_64(w11, 0xbf597fc7beef0ee4ULL)
F_64(w12, 0xc6e00bf33da88fc2ULL)
F_64(w13, 0xd5a79147930aa725ULL)
F_64(w14, 0x06ca6351e003826fULL)
F_64(w15, 0x142929670a0e6e70ULL)
EXPAND
EXPAND_64
F(w0, 0x27b70a8546d22ffcULL)
F(w1, 0x2e1b21385c26c926ULL)
F(w2, 0x4d2c6dfc5ac42aedULL)
F(w3, 0x53380d139d95b3dfULL)
F(w4, 0x650a73548baf63deULL)
F(w5, 0x766a0abb3c77b2a8ULL)
F(w6, 0x81c2c92e47edaee6ULL)
F(w7, 0x92722c851482353bULL)
F(w8, 0xa2bfe8a14cf10364ULL)
F(w9, 0xa81a664bbc423001ULL)
F(w10, 0xc24b8b70d0f89791ULL)
F(w11, 0xc76c51a30654be30ULL)
F(w12, 0xd192e819d6ef5218ULL)
F(w13, 0xd69906245565a910ULL)
F(w14, 0xf40e35855771202aULL)
F(w15, 0x106aa07032bbd1b8ULL)
F_64(w0, 0x27b70a8546d22ffcULL)
F_64(w1, 0x2e1b21385c26c926ULL)
F_64(w2, 0x4d2c6dfc5ac42aedULL)
F_64(w3, 0x53380d139d95b3dfULL)
F_64(w4, 0x650a73548baf63deULL)
F_64(w5, 0x766a0abb3c77b2a8ULL)
F_64(w6, 0x81c2c92e47edaee6ULL)
F_64(w7, 0x92722c851482353bULL)
F_64(w8, 0xa2bfe8a14cf10364ULL)
F_64(w9, 0xa81a664bbc423001ULL)
F_64(w10, 0xc24b8b70d0f89791ULL)
F_64(w11, 0xc76c51a30654be30ULL)
F_64(w12, 0xd192e819d6ef5218ULL)
F_64(w13, 0xd69906245565a910ULL)
F_64(w14, 0xf40e35855771202aULL)
F_64(w15, 0x106aa07032bbd1b8ULL)
EXPAND
EXPAND_64
F(w0, 0x19a4c116b8d2d0c8ULL)
F(w1, 0x1e376c085141ab53ULL)
F(w2, 0x2748774cdf8eeb99ULL)
F(w3, 0x34b0bcb5e19b48a8ULL)
F(w4, 0x391c0cb3c5c95a63ULL)
F(w5, 0x4ed8aa4ae3418acbULL)
F(w6, 0x5b9cca4f7763e373ULL)
F(w7, 0x682e6ff3d6b2b8a3ULL)
F(w8, 0x748f82ee5defb2fcULL)
F(w9, 0x78a5636f43172f60ULL)
F(w10, 0x84c87814a1f0ab72ULL)
F(w11, 0x8cc702081a6439ecULL)
F(w12, 0x90befffa23631e28ULL)
F(w13, 0xa4506cebde82bde9ULL)
F(w14, 0xbef9a3f7b2c67915ULL)
F(w15, 0xc67178f2e372532bULL)
F_64(w0, 0x19a4c116b8d2d0c8ULL)
F_64(w1, 0x1e376c085141ab53ULL)
F_64(w2, 0x2748774cdf8eeb99ULL)
F_64(w3, 0x34b0bcb5e19b48a8ULL)
F_64(w4, 0x391c0cb3c5c95a63ULL)
F_64(w5, 0x4ed8aa4ae3418acbULL)
F_64(w6, 0x5b9cca4f7763e373ULL)
F_64(w7, 0x682e6ff3d6b2b8a3ULL)
F_64(w8, 0x748f82ee5defb2fcULL)
F_64(w9, 0x78a5636f43172f60ULL)
F_64(w10, 0x84c87814a1f0ab72ULL)
F_64(w11, 0x8cc702081a6439ecULL)
F_64(w12, 0x90befffa23631e28ULL)
F_64(w13, 0xa4506cebde82bde9ULL)
F_64(w14, 0xbef9a3f7b2c67915ULL)
F_64(w15, 0xc67178f2e372532bULL)
EXPAND
EXPAND_64
F(w0, 0xca273eceea26619cULL)
F(w1, 0xd186b8c721c0c207ULL)
F(w2, 0xeada7dd6cde0eb1eULL)
F(w3, 0xf57d4f7fee6ed178ULL)
F(w4, 0x06f067aa72176fbaULL)
F(w5, 0x0a637dc5a2c898a6ULL)
F(w6, 0x113f9804bef90daeULL)
F(w7, 0x1b710b35131c471bULL)
F(w8, 0x28db77f523047d84ULL)
F(w9, 0x32caab7b40c72493ULL)
F(w10, 0x3c9ebe0a15c9bebcULL)
F(w11, 0x431d67c49c100d4cULL)
F(w12, 0x4cc5d4becb3e42b6ULL)
F(w13, 0x597f299cfc657e2aULL)
F(w14, 0x5fcb6fab3ad6faecULL)
F(w15, 0x6c44198c4a475817ULL)
F_64(w0, 0xca273eceea26619cULL)
F_64(w1, 0xd186b8c721c0c207ULL)
F_64(w2, 0xeada7dd6cde0eb1eULL)
F_64(w3, 0xf57d4f7fee6ed178ULL)
F_64(w4, 0x06f067aa72176fbaULL)
F_64(w5, 0x0a637dc5a2c898a6ULL)
F_64(w6, 0x113f9804bef90daeULL)
F_64(w7, 0x1b710b35131c471bULL)
F_64(w8, 0x28db77f523047d84ULL)
F_64(w9, 0x32caab7b40c72493ULL)
F_64(w10, 0x3c9ebe0a15c9bebcULL)
F_64(w11, 0x431d67c49c100d4cULL)
F_64(w12, 0x4cc5d4becb3e42b6ULL)
F_64(w13, 0x597f299cfc657e2aULL)
F_64(w14, 0x5fcb6fab3ad6faecULL)
F_64(w15, 0x6c44198c4a475817ULL)
a += state[0];
b += state[1];
@ -239,19 +448,24 @@ static size_t crypto_hashblocks_sha512(uint8_t *statebytes,
inlen -= 128;
}
store_bigendian(statebytes + 0, state[0]);
store_bigendian(statebytes + 8, state[1]);
store_bigendian(statebytes + 16, state[2]);
store_bigendian(statebytes + 24, state[3]);
store_bigendian(statebytes + 32, state[4]);
store_bigendian(statebytes + 40, state[5]);
store_bigendian(statebytes + 48, state[6]);
store_bigendian(statebytes + 56, state[7]);
store_bigendian_64(statebytes + 0, state[0]);
store_bigendian_64(statebytes + 8, state[1]);
store_bigendian_64(statebytes + 16, state[2]);
store_bigendian_64(statebytes + 24, state[3]);
store_bigendian_64(statebytes + 32, state[4]);
store_bigendian_64(statebytes + 40, state[5]);
store_bigendian_64(statebytes + 48, state[6]);
store_bigendian_64(statebytes + 56, state[7]);
return inlen;
}
#define blocks crypto_hashblocks_sha512
static const uint8_t iv_256[32] = {
0x6a, 0x09, 0xe6, 0x67, 0xbb, 0x67, 0xae, 0x85,
0x3c, 0x6e, 0xf3, 0x72, 0xa5, 0x4f, 0xf5, 0x3a,
0x51, 0x0e, 0x52, 0x7f, 0x9b, 0x05, 0x68, 0x8c,
0x1f, 0x83, 0xd9, 0xab, 0x5b, 0xe0, 0xcd, 0x19,
};
static const uint8_t iv_384[64] = {
0xcb, 0xbb, 0x9d, 0x5d, 0xc1, 0x05, 0x9e, 0xd8, 0x62, 0x9a, 0x29,
@ -271,6 +485,60 @@ static const uint8_t iv_512[64] = {
0x6b, 0x5b, 0xe0, 0xcd, 0x19, 0x13, 0x7e, 0x21, 0x79
};
int sha256(uint8_t *out, const uint8_t *in, size_t inlen) {
uint8_t h[32];
uint8_t padded[128];
uint64_t bytes = inlen;
for (size_t i = 0; i < 32; ++i) {
h[i] = iv_256[i];
}
crypto_hashblocks_sha256(h, in, inlen);
in += inlen;
inlen &= 63;
in -= inlen;
for (size_t i = 0; i < inlen; ++i) {
padded[i] = in[i];
}
padded[inlen] = 0x80;
if (inlen < 56) {
for (size_t i = inlen + 1; i < 56; ++i) {
padded[i] = 0;
}
padded[56] = (uint8_t) (bytes >> 53);
padded[57] = (uint8_t) (bytes >> 45);
padded[58] = (uint8_t) (bytes >> 37);
padded[59] = (uint8_t) (bytes >> 29);
padded[60] = (uint8_t) (bytes >> 21);
padded[61] = (uint8_t) (bytes >> 13);
padded[62] = (uint8_t) (bytes >> 5);
padded[63] = (uint8_t) (bytes << 3);
crypto_hashblocks_sha256(h, padded, 64);
} else {
for (size_t i = inlen + 1; i < 120; ++i) {
padded[i] = 0;
}
padded[120] = (uint8_t) (bytes >> 53);
padded[121] = (uint8_t) (bytes >> 45);
padded[122] = (uint8_t) (bytes >> 37);
padded[123] = (uint8_t) (bytes >> 29);
padded[124] = (uint8_t) (bytes >> 21);
padded[125] = (uint8_t) (bytes >> 13);
padded[126] = (uint8_t) (bytes >> 5);
padded[127] = (uint8_t) (bytes << 3);
crypto_hashblocks_sha256(h, padded, 128);
}
for (size_t i = 0; i < 32; ++i) {
out[i] = h[i];
}
return 0;
}
int sha384(uint8_t *out, const uint8_t *in, size_t inlen) {
uint8_t h[64];
uint8_t padded[256];
@ -280,7 +548,7 @@ int sha384(uint8_t *out, const uint8_t *in, size_t inlen) {
h[i] = iv_384[i];
}
blocks(h, in, inlen);
crypto_hashblocks_sha512(h, in, inlen);
in += inlen;
inlen &= 127;
in -= inlen;
@ -303,7 +571,7 @@ int sha384(uint8_t *out, const uint8_t *in, size_t inlen) {
padded[125] = (uint8_t) (bytes >> 13);
padded[126] = (uint8_t) (bytes >> 5);
padded[127] = (uint8_t) (bytes << 3);
blocks(h, padded, 128);
crypto_hashblocks_sha512(h, padded, 128);
} else {
for (size_t i = inlen + 1; i < 247; ++i) {
padded[i] = 0;
@ -317,7 +585,7 @@ int sha384(uint8_t *out, const uint8_t *in, size_t inlen) {
padded[253] = (uint8_t) (bytes >> 13);
padded[254] = (uint8_t) (bytes >> 5);
padded[255] = (uint8_t) (bytes << 3);
blocks(h, padded, 256);
crypto_hashblocks_sha512(h, padded, 256);
}
for (size_t i = 0; i < 48; ++i) {
@ -336,7 +604,7 @@ int sha512(uint8_t *out, const uint8_t *in, size_t inlen) {
h[i] = iv_512[i];
}
blocks(h, in, inlen);
crypto_hashblocks_sha512(h, in, inlen);
in += inlen;
inlen &= 127;
in -= inlen;
@ -359,7 +627,7 @@ int sha512(uint8_t *out, const uint8_t *in, size_t inlen) {
padded[125] = (uint8_t) (bytes >> 13);
padded[126] = (uint8_t) (bytes >> 5);
padded[127] = (uint8_t) (bytes << 3);
blocks(h, padded, 128);
crypto_hashblocks_sha512(h, padded, 128);
} else {
for (size_t i = inlen + 1; i < 247; ++i) {
padded[i] = 0;
@ -373,7 +641,7 @@ int sha512(uint8_t *out, const uint8_t *in, size_t inlen) {
padded[253] = (uint8_t) (bytes >> 13);
padded[254] = (uint8_t) (bytes >> 5);
padded[255] = (uint8_t) (bytes << 3);
blocks(h, padded, 256);
crypto_hashblocks_sha512(h, padded, 256);
}
for (size_t i = 0; i < 64; ++i) {

6
common/sha2.h
Ver ficheiro

@ -1,7 +1,13 @@
#ifndef SHA2_H
#define SHA2_H
#include <stddef.h>
#include <stdint.h>
int sha256(uint8_t *out, const uint8_t *in, size_t inlen);
int sha384(uint8_t *out, const uint8_t *in, size_t inlen);
int sha512(uint8_t *out, const uint8_t *in, size_t inlen);
#endif

5
test/Makefile
Ver ficheiro

@ -37,6 +37,10 @@ $(DEST_DIR)/test_fips202: common/fips202.c $(COMMON_FILES)
mkdir -p $(DEST_DIR)
$(CC) $(CFLAGS) $< $(COMMON_FILES) -o $@
$(DEST_DIR)/test_sha2: common/sha2.c $(COMMON_FILES)
mkdir -p $(DEST_DIR)
$(CC) $(CFLAGS) $< $(COMMON_FILES) -o $@
$(DEST_DIR)/functest_$(SCHEME)_$(IMPLEMENTATION): build-scheme crypto_$(TYPE)/functest.c $(COMMON_FILES) $(COMMON_DIR)/randombytes.c $(COMMON_HEADERS)
mkdir -p $(DEST_DIR)
$(CC) $(CFLAGS) -DPQCLEAN_NAMESPACE=PQCLEAN_$(SCHEME_UPPERCASE)_$(IMPLEMENTATION_UPPERCASE) -I$(SCHEME_DIR) crypto_$(TYPE)/functest.c $(COMMON_FILES) $(COMMON_DIR)/notrandombytes.c -o $@ -L$(SCHEME_DIR) -l$(SCHEME)_$(IMPLEMENTATION)
@ -50,3 +54,4 @@ clean:
$(RM) $(DEST_DIR)/functest_$(SCHEME)_$(IMPLEMENTATION)
$(RM) $(DEST_DIR)/testvectors_$(SCHEME)_$(IMPLEMENTATION)
$(RM) $(DEST_DIR)/test_fips202
$(RM) $(DEST_DIR)/test_sha2

114
test/common/sha2.c Ficheiro normal
Ver ficheiro

@ -0,0 +1,114 @@
#include "sha2.h"
#include <stdio.h>
#include <stdint.h>
#include <string.h>
#include <inttypes.h>
const unsigned char plaintext[44] = "The quick brown fox jumps over the lazy dog";
const unsigned char expected_256[32] = {
0xd7, 0xa8, 0xfb, 0xb3, 0x07, 0xd7, 0x80, 0x94, 0x69, 0xca, 0x9a, 0xbc,
0xb0, 0x08, 0x2e, 0x4f, 0x8d, 0x56, 0x51, 0xe4, 0x6d, 0x3c, 0xdb, 0x76,
0x2d, 0x02, 0xd0, 0xbf, 0x37, 0xc9, 0xe5, 0x92,
};
const unsigned char expected_384[48] = {
0xca, 0x73, 0x7f, 0x10, 0x14, 0xa4, 0x8f, 0x4c, 0x0b, 0x6d, 0xd4, 0x3c,
0xb1, 0x77, 0xb0, 0xaf, 0xd9, 0xe5, 0x16, 0x93, 0x67, 0x54, 0x4c, 0x49,
0x40, 0x11, 0xe3, 0x31, 0x7d, 0xbf, 0x9a, 0x50, 0x9c, 0xb1, 0xe5, 0xdc,
0x1e, 0x85, 0xa9, 0x41, 0xbb, 0xee, 0x3d, 0x7f, 0x2a, 0xfb, 0xc9, 0xb1,
};
const unsigned char expected_512[64] = {
0x07, 0xe5, 0x47, 0xd9, 0x58, 0x6f, 0x6a, 0x73, 0xf7, 0x3f, 0xba, 0xc0,
0x43, 0x5e, 0xd7, 0x69, 0x51, 0x21, 0x8f, 0xb7, 0xd0, 0xc8, 0xd7, 0x88,
0xa3, 0x09, 0xd7, 0x85, 0x43, 0x6b, 0xbb, 0x64, 0x2e, 0x93, 0xa2, 0x52,
0xa9, 0x54, 0xf2, 0x39, 0x12, 0x54, 0x7d, 0x1e, 0x8a, 0x3b, 0x5e, 0xd6,
0xe1, 0xbf, 0xd7, 0x09, 0x78, 0x21, 0x23, 0x3f, 0xa0, 0x53, 0x8f, 0x3d,
0xb8, 0x54, 0xfe, 0xe6,
};
static int test_sha256(void) {
unsigned char output[32];
int i = 0;
sha256(output, plaintext, 43);
if (memcmp(expected_256, output, 32)) {
printf("ERROR sha256 output did not match test vector.\n");
printf("Expected: ");
for (i = 0; i < 32; i++) {
printf("%02X", expected_256[i]);
}
printf("\n");
printf("Received: ");
for (i = 0; i < 32; i++) {
printf("%02X", output[i]);
}
printf("\n");
return 1;
}
return 0;
}
static int test_sha384(void) {
unsigned char output[48];
int i = 0;
sha384(output, plaintext, 43);
if (memcmp(expected_384, output, 48)) {
printf("ERROR sha384 output did not match test vector.\n");
printf("Expected: ");
for (i = 0; i < 48; i++) {
printf("%02X", expected_384[i]);
}
printf("\n");
printf("Received: ");
for (i = 0; i < 48; i++) {
printf("%02X", output[i]);
}
printf("\n");
return 1;
}
return 0;
}
static int test_sha512(void) {
unsigned char output[64];
int i = 0;
sha512(output, plaintext, 43);
if (memcmp(expected_512, output, 64)) {
printf("ERROR sha512 output did not match test vector.\n");
printf("Expected: ");
for (i = 0; i < 64; i++) {
printf("%02X", expected_512[i]);
}
printf("\n");
printf("Received: ");
for (i = 0; i < 64; i++) {
printf("%02X", output[i]);
}
printf("\n");
return 1;
}
return 0;
}
int main(void) {
int result = 0;
result += test_sha256();
result += test_sha384();
result += test_sha512();
if (result != 0) {
puts("Errors occurred");
}
return result;
}