kris
/
pqc
1
1
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

SHA2 state constants in common

master
Thom Wiggers 5 years ago
parent
ed9ec18c63
commit
7c30aa73c9
No known key found for this signature in database GPG Key ID: 1BB0A7CE26E363
3 changed files with 91 additions and 75 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +54
    -54
      common/sha2.c
  2. +28
    -12
      common/sha2.h
  3. +9
    -9
      test/common/sha2.c

+ 54
- 54
common/sha2.c View File

@@ -492,73 +492,73 @@ static const uint8_t iv_512[64] = {
0x6b, 0x5b, 0xe0, 0xcd, 0x19, 0x13, 0x7e, 0x21, 0x79 0x6b, 0x5b, 0xe0, 0xcd, 0x19, 0x13, 0x7e, 0x21, 0x79
}; };


void sha224_inc_init(uint8_t *state) {
void sha224_inc_init(sha224ctx *state) {
for (size_t i = 0; i < 32; ++i) { for (size_t i = 0; i < 32; ++i) {
state[i] = iv_224[i];
state->ctx[i] = iv_224[i];
} }
for (size_t i = 32; i < 40; ++i) { for (size_t i = 32; i < 40; ++i) {
state[i] = 0;
state->ctx[i] = 0;
} }
} }


void sha256_inc_init(uint8_t *state) {
void sha256_inc_init(sha256ctx *state) {
for (size_t i = 0; i < 32; ++i) { for (size_t i = 0; i < 32; ++i) {
state[i] = iv_256[i];
state->ctx[i] = iv_256[i];
} }
for (size_t i = 32; i < 40; ++i) { for (size_t i = 32; i < 40; ++i) {
state[i] = 0;
state->ctx[i] = 0;
} }
} }


void sha384_inc_init(uint8_t *state) {
void sha384_inc_init(sha384ctx *state) {
for (size_t i = 0; i < 64; ++i) { for (size_t i = 0; i < 64; ++i) {
state[i] = iv_384[i];
state->ctx[i] = iv_384[i];
} }
for (size_t i = 64; i < 72; ++i) { for (size_t i = 64; i < 72; ++i) {
state[i] = 0;
state->ctx[i] = 0;
} }
} }


void sha512_inc_init(uint8_t *state) {
void sha512_inc_init(sha512ctx *state) {
for (size_t i = 0; i < 64; ++i) { for (size_t i = 0; i < 64; ++i) {
state[i] = iv_512[i];
state->ctx[i] = iv_512[i];
} }
for (size_t i = 64; i < 72; ++i) { for (size_t i = 64; i < 72; ++i) {
state[i] = 0;
state->ctx[i] = 0;
} }
} }


void sha256_inc_blocks(uint8_t *state, const uint8_t *in, size_t inblocks) {
uint64_t bytes = load_bigendian_64(state + 32);
void sha256_inc_blocks(sha256ctx *state, const uint8_t *in, size_t inblocks) {
uint64_t bytes = load_bigendian_64(state->ctx + 32);


crypto_hashblocks_sha256(state, in, 64 * inblocks);
crypto_hashblocks_sha256(state->ctx, in, 64 * inblocks);
bytes += 64 * inblocks; bytes += 64 * inblocks;


store_bigendian_64(state + 32, bytes);
store_bigendian_64(state->ctx + 32, bytes);
} }


void sha224_inc_blocks(uint8_t *state, const uint8_t *in, size_t inblocks) {
sha256_inc_blocks(state, in, inblocks);
void sha224_inc_blocks(sha224ctx *state, const uint8_t *in, size_t inblocks) {
sha256_inc_blocks((sha256ctx*) state, in, inblocks);
} }


void sha512_inc_blocks(uint8_t *state, const uint8_t *in, size_t inblocks) {
uint64_t bytes = load_bigendian_64(state + 64);
void sha512_inc_blocks(sha512ctx *state, const uint8_t *in, size_t inblocks) {
uint64_t bytes = load_bigendian_64(state->ctx + 64);


crypto_hashblocks_sha256(state, in, 128 * inblocks);
crypto_hashblocks_sha256(state->ctx, in, 128 * inblocks);
bytes += 128 * inblocks; bytes += 128 * inblocks;


store_bigendian_64(state + 64, bytes);
store_bigendian_64(state->ctx + 64, bytes);
} }


void sha384_inc_blocks(uint8_t *state, const uint8_t *in, size_t inblocks) {
sha512_inc_blocks(state, in, inblocks);
void sha384_inc_blocks(sha384ctx *state, const uint8_t *in, size_t inblocks) {
sha512_inc_blocks((sha512ctx*) state, in, inblocks);
} }


void sha256_inc_finalize(uint8_t *out, uint8_t *state, const uint8_t *in, size_t inlen) {
void sha256_inc_finalize(uint8_t *out, sha256ctx *state, const uint8_t *in, size_t inlen) {
uint8_t padded[128]; uint8_t padded[128];
uint64_t bytes = load_bigendian_64(state + 32) + inlen;
uint64_t bytes = load_bigendian_64(state->ctx + 32) + inlen;


crypto_hashblocks_sha256(state, in, inlen);
crypto_hashblocks_sha256(state->ctx, in, inlen);
in += inlen; in += inlen;
inlen &= 63; inlen &= 63;
in -= inlen; in -= inlen;
@@ -580,7 +580,7 @@ void sha256_inc_finalize(uint8_t *out, uint8_t *state, const uint8_t *in, size_t
padded[61] = (uint8_t) (bytes >> 13); padded[61] = (uint8_t) (bytes >> 13);
padded[62] = (uint8_t) (bytes >> 5); padded[62] = (uint8_t) (bytes >> 5);
padded[63] = (uint8_t) (bytes << 3); padded[63] = (uint8_t) (bytes << 3);
crypto_hashblocks_sha256(state, padded, 64);
crypto_hashblocks_sha256(state->ctx, padded, 64);
} else { } else {
for (size_t i = inlen + 1; i < 120; ++i) { for (size_t i = inlen + 1; i < 120; ++i) {
padded[i] = 0; padded[i] = 0;
@@ -593,27 +593,27 @@ void sha256_inc_finalize(uint8_t *out, uint8_t *state, const uint8_t *in, size_t
padded[125] = (uint8_t) (bytes >> 13); padded[125] = (uint8_t) (bytes >> 13);
padded[126] = (uint8_t) (bytes >> 5); padded[126] = (uint8_t) (bytes >> 5);
padded[127] = (uint8_t) (bytes << 3); padded[127] = (uint8_t) (bytes << 3);
crypto_hashblocks_sha256(state, padded, 128);
crypto_hashblocks_sha256(state->ctx, padded, 128);
} }


for (size_t i = 0; i < 32; ++i) { for (size_t i = 0; i < 32; ++i) {
out[i] = state[i];
out[i] = state->ctx[i];
} }
} }


void sha224_inc_finalize(uint8_t *out, uint8_t *state, const uint8_t *in, size_t inlen) {
sha256_inc_finalize(state, state, in, inlen);
void sha224_inc_finalize(uint8_t *out, sha224ctx *state, const uint8_t *in, size_t inlen) {
sha256_inc_finalize(state->ctx, (sha256ctx*)state, in, inlen);


for (size_t i = 0; i < 28; ++i) { for (size_t i = 0; i < 28; ++i) {
out[i] = state[i];
out[i] = state->ctx[i];
} }
} }


void sha512_inc_finalize(uint8_t *out, uint8_t *state, const uint8_t *in, size_t inlen) {
void sha512_inc_finalize(uint8_t *out, sha512ctx *state, const uint8_t *in, size_t inlen) {
uint8_t padded[256]; uint8_t padded[256];
uint64_t bytes = load_bigendian_64(state + 64) + inlen;
uint64_t bytes = load_bigendian_64(state->ctx + 64) + inlen;


crypto_hashblocks_sha512(state, in, inlen);
crypto_hashblocks_sha512(state->ctx, in, inlen);
in += inlen; in += inlen;
inlen &= 127; inlen &= 127;
in -= inlen; in -= inlen;
@@ -636,7 +636,7 @@ void sha512_inc_finalize(uint8_t *out, uint8_t *state, const uint8_t *in, size_t
padded[125] = (uint8_t) (bytes >> 13); padded[125] = (uint8_t) (bytes >> 13);
padded[126] = (uint8_t) (bytes >> 5); padded[126] = (uint8_t) (bytes >> 5);
padded[127] = (uint8_t) (bytes << 3); padded[127] = (uint8_t) (bytes << 3);
crypto_hashblocks_sha512(state, padded, 128);
crypto_hashblocks_sha512(state->ctx, padded, 128);
} else { } else {
for (size_t i = inlen + 1; i < 247; ++i) { for (size_t i = inlen + 1; i < 247; ++i) {
padded[i] = 0; padded[i] = 0;
@@ -650,46 +650,46 @@ void sha512_inc_finalize(uint8_t *out, uint8_t *state, const uint8_t *in, size_t
padded[253] = (uint8_t) (bytes >> 13); padded[253] = (uint8_t) (bytes >> 13);
padded[254] = (uint8_t) (bytes >> 5); padded[254] = (uint8_t) (bytes >> 5);
padded[255] = (uint8_t) (bytes << 3); padded[255] = (uint8_t) (bytes << 3);
crypto_hashblocks_sha512(state, padded, 256);
crypto_hashblocks_sha512(state->ctx, padded, 256);
} }


for (size_t i = 0; i < 64; ++i) { for (size_t i = 0; i < 64; ++i) {
out[i] = state[i];
out[i] = state->ctx[i];
} }
} }


void sha384_inc_finalize(uint8_t *out, uint8_t *state, const uint8_t *in, size_t inlen) {
sha512_inc_finalize(state, state, in, inlen);
void sha384_inc_finalize(uint8_t *out, sha384ctx *state, const uint8_t *in, size_t inlen) {
sha512_inc_finalize(state->ctx, (sha512ctx*)state, in, inlen);


for (size_t i = 0; i < 48; ++i) { for (size_t i = 0; i < 48; ++i) {
out[i] = state[i];
out[i] = state->ctx[i];
} }
} }


void sha224(uint8_t *out, const uint8_t *in, size_t inlen) { void sha224(uint8_t *out, const uint8_t *in, size_t inlen) {
uint8_t state[40];
sha224ctx state;


sha224_inc_init(state);
sha224_inc_finalize(out, state, in, inlen);
sha224_inc_init(&state);
sha224_inc_finalize(out, &state, in, inlen);
} }


void sha256(uint8_t *out, const uint8_t *in, size_t inlen) { void sha256(uint8_t *out, const uint8_t *in, size_t inlen) {
uint8_t state[40];
sha256ctx state;


sha256_inc_init(state);
sha256_inc_finalize(out, state, in, inlen);
sha256_inc_init(&state);
sha256_inc_finalize(out, &state, in, inlen);
} }


void sha384(uint8_t *out, const uint8_t *in, size_t inlen) { void sha384(uint8_t *out, const uint8_t *in, size_t inlen) {
uint8_t state[72];
sha384ctx state;


sha384_inc_init(state);
sha384_inc_finalize(out, state, in, inlen);
sha384_inc_init(&state);
sha384_inc_finalize(out, &state, in, inlen);
} }


void sha512(uint8_t *out, const uint8_t *in, size_t inlen) { void sha512(uint8_t *out, const uint8_t *in, size_t inlen) {
uint8_t state[72];
sha512ctx state;


sha512_inc_init(state);
sha512_inc_finalize(out, state, in, inlen);
sha512_inc_init(&state);
sha512_inc_finalize(out, &state, in, inlen);
} }

+ 28
- 12
common/sha2.h View File

@@ -8,24 +8,40 @@
must be exactly 64 bytes each. must be exactly 64 bytes each.
Use the 'finalize' functions for any remaining bytes (possibly over 64). */ Use the 'finalize' functions for any remaining bytes (possibly over 64). */


void sha224_inc_init(uint8_t *state);
void sha224_inc_blocks(uint8_t *state, const uint8_t *in, size_t inblocks);
void sha224_inc_finalize(uint8_t *out, uint8_t *state, const uint8_t *in, size_t inlen);
typedef struct {
uint8_t ctx[40];
} sha224ctx;

typedef struct {
uint8_t ctx[40];
} sha256ctx;

typedef struct {
uint8_t ctx[72];
} sha384ctx;

typedef struct {
uint8_t ctx[72];
} sha512ctx;

void sha224_inc_init(sha224ctx *state);
void sha224_inc_blocks(sha224ctx *state, const uint8_t *in, size_t inblocks);
void sha224_inc_finalize(uint8_t *out, sha224ctx *state, const uint8_t *in, size_t inlen);
void sha224(uint8_t *out, const uint8_t *in, size_t inlen); void sha224(uint8_t *out, const uint8_t *in, size_t inlen);


void sha256_inc_init(uint8_t *state);
void sha256_inc_blocks(uint8_t *state, const uint8_t *in, size_t inblocks);
void sha256_inc_finalize(uint8_t *out, uint8_t *state, const uint8_t *in, size_t inlen);
void sha256_inc_init(sha256ctx *state);
void sha256_inc_blocks(sha256ctx *state, const uint8_t *in, size_t inblocks);
void sha256_inc_finalize(uint8_t *out, sha256ctx *state, const uint8_t *in, size_t inlen);
void sha256(uint8_t *out, const uint8_t *in, size_t inlen); void sha256(uint8_t *out, const uint8_t *in, size_t inlen);


void sha384_inc_init(uint8_t *state);
void sha384_inc_blocks(uint8_t *state, const uint8_t *in, size_t inblocks);
void sha384_inc_finalize(uint8_t *out, uint8_t *state, const uint8_t *in, size_t inlen);
void sha384_inc_init(sha384ctx *state);
void sha384_inc_blocks(sha384ctx *state, const uint8_t *in, size_t inblocks);
void sha384_inc_finalize(uint8_t *out, sha384ctx *state, const uint8_t *in, size_t inlen);
void sha384(uint8_t *out, const uint8_t *in, size_t inlen); void sha384(uint8_t *out, const uint8_t *in, size_t inlen);


void sha512_inc_init(uint8_t *state);
void sha512_inc_blocks(uint8_t *state, const uint8_t *in, size_t inblocks);
void sha512_inc_finalize(uint8_t *out, uint8_t *state, const uint8_t *in, size_t inlen);
void sha512_inc_init(sha512ctx *state);
void sha512_inc_blocks(sha512ctx *state, const uint8_t *in, size_t inblocks);
void sha512_inc_finalize(uint8_t *out, sha512ctx *state, const uint8_t *in, size_t inlen);
void sha512(uint8_t *out, const uint8_t *in, size_t inlen); void sha512(uint8_t *out, const uint8_t *in, size_t inlen);


#endif #endif

+ 9
- 9
test/common/sha2.c View File

@@ -37,14 +37,14 @@ const unsigned char expected_512[64] = {


static int test_sha256_incremental(void) { static int test_sha256_incremental(void) {
unsigned char output[32]; unsigned char output[32];
uint8_t state[40];
sha256ctx state;
int i = 0; int i = 0;


sha256_inc_init(state);
sha256_inc_blocks(state, plaintext, 1);
sha256_inc_finalize(output, state, plaintext + 64, 112 - 64);
sha256_inc_init(&state);
sha256_inc_blocks(&state, plaintext, 1);
sha256_inc_finalize(output, &state, plaintext + 64, 112 - 64);


if (memcmp(expected_256, output, 32)) {
if (memcmp(expected_256, output, 32) != 0) {
printf("ERROR sha256 incremental did not match sha256.\n"); printf("ERROR sha256 incremental did not match sha256.\n");
printf(" Expected: "); printf(" Expected: ");
for (i = 0; i < 32; i++) { for (i = 0; i < 32; i++) {
@@ -68,7 +68,7 @@ static int test_sha224(void) {


sha224(output, plaintext, 112); sha224(output, plaintext, 112);


if (memcmp(expected_224, output, 28)) {
if (memcmp(expected_224, output, 28) != 0) {
printf("ERROR sha224 output did not match test vector.\n"); printf("ERROR sha224 output did not match test vector.\n");
printf("Expected: "); printf("Expected: ");
for (i = 0; i < 28; i++) { for (i = 0; i < 28; i++) {
@@ -92,7 +92,7 @@ static int test_sha256(void) {


sha256(output, plaintext, 112); sha256(output, plaintext, 112);


if (memcmp(expected_256, output, 32)) {
if (memcmp(expected_256, output, 32) != 0) {
printf("ERROR sha256 output did not match test vector.\n"); printf("ERROR sha256 output did not match test vector.\n");
printf("Expected: "); printf("Expected: ");
for (i = 0; i < 32; i++) { for (i = 0; i < 32; i++) {
@@ -116,7 +116,7 @@ static int test_sha384(void) {


sha384(output, plaintext, 112); sha384(output, plaintext, 112);


if (memcmp(expected_384, output, 48)) {
if (memcmp(expected_384, output, 48) != 0) {
printf("ERROR sha384 output did not match test vector.\n"); printf("ERROR sha384 output did not match test vector.\n");
printf("Expected: "); printf("Expected: ");
for (i = 0; i < 48; i++) { for (i = 0; i < 48; i++) {
@@ -140,7 +140,7 @@ static int test_sha512(void) {


sha512(output, plaintext, 112); sha512(output, plaintext, 112);


if (memcmp(expected_512, output, 64)) {
if (memcmp(expected_512, output, 64) != 0) {
printf("ERROR sha512 output did not match test vector.\n"); printf("ERROR sha512 output did not match test vector.\n");
printf("Expected: "); printf("Expected: ");
for (i = 0; i < 64; i++) { for (i = 0; i < 64; i++) {


Write Preview
Loading…
Cancel
Save