/src/util-linux/lib/sha256.c

Source (jump to first uncovered line)
/*
 * No copyright is claimed.  This code is in the public domain; do with
 * it what you wish.
 *
 * public domain sha256 crypt implementation
 *
 * original sha crypt design: http://people.redhat.com/drepper/SHA-crypt.txt
 * in this implementation at least 32bit int is assumed,
 * key length is limited, the $5$ prefix is mandatory, '\n' and ':' is rejected
 * in the salt and rounds= setting must contain a valid iteration count,
 * on error "*" is returned.
 */
#include <ctype.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <stdint.h>

#include "sha256.h"

/* public domain sha256 implementation based on fips180-3 */

struct sha256 {
  uint64_t len;    /* processed message length */
  uint32_t h[8];   /* hash state */
  uint8_t buf[64]; /* message block buffer */
};

static uint32_t ror(uint32_t n, int k) { return (n >> k) | (n << (32-k)); }
#define Ch(x,y,z)  (z ^ (x & (y ^ z)))
#define Maj(x,y,z) ((x & y) | (z & (x | y)))
#define S0(x)      (ror(x,2) ^ ror(x,13) ^ ror(x,22))
#define S1(x)      (ror(x,6) ^ ror(x,11) ^ ror(x,25))
#define R0(x)      (ror(x,7) ^ ror(x,18) ^ (x>>3))
#define R1(x)      (ror(x,17) ^ ror(x,19) ^ (x>>10))

static const uint32_t K[64] = {
0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
};

static void processblock(struct sha256 *s, const uint8_t *buf)
{
  uint32_t W[64], t1, t2, a, b, c, d, e, f, g, h;
  int i;

  for (i = 0; i < 16; i++) {
    W[i] = (uint32_t)buf[4*i]<<24;
    W[i] |= (uint32_t)buf[4*i+1]<<16;
    W[i] |= (uint32_t)buf[4*i+2]<<8;
    W[i] |= buf[4*i+3];
  }
  for (; i < 64; i++)
    W[i] = R1(W[i-2]) + W[i-7] + R0(W[i-15]) + W[i-16];
  a = s->h[0];
  b = s->h[1];
  c = s->h[2];
  d = s->h[3];
  e = s->h[4];
  f = s->h[5];
  g = s->h[6];
  h = s->h[7];
  for (i = 0; i < 64; i++) {
    t1 = h + S1(e) + Ch(e,f,g) + K[i] + W[i];
    t2 = S0(a) + Maj(a,b,c);
    h = g;
    g = f;
    f = e;
    e = d + t1;
    d = c;
    c = b;
    b = a;
    a = t1 + t2;
  }
  s->h[0] += a;
  s->h[1] += b;
  s->h[2] += c;
  s->h[3] += d;
  s->h[4] += e;
  s->h[5] += f;
  s->h[6] += g;
  s->h[7] += h;
}

static void pad(struct sha256 *s)
{
  unsigned r = s->len % 64;

  s->buf[r++] = 0x80;
  if (r > 56) {
    memset(s->buf + r, 0, 64 - r);
    r = 0;
    processblock(s, s->buf);
  }
  memset(s->buf + r, 0, 56 - r);
  s->len *= 8;
  s->buf[56] = s->len >> 56;
  s->buf[57] = s->len >> 48;
  s->buf[58] = s->len >> 40;
  s->buf[59] = s->len >> 32;
  s->buf[60] = s->len >> 24;
  s->buf[61] = s->len >> 16;
  s->buf[62] = s->len >> 8;
  s->buf[63] = s->len;
  processblock(s, s->buf);
}

static void sha256_init(struct sha256 *s)
{
  s->len = 0;
  s->h[0] = 0x6a09e667;
  s->h[1] = 0xbb67ae85;
  s->h[2] = 0x3c6ef372;
  s->h[3] = 0xa54ff53a;
  s->h[4] = 0x510e527f;
  s->h[5] = 0x9b05688c;
  s->h[6] = 0x1f83d9ab;
  s->h[7] = 0x5be0cd19;
}

static void sha256_sum(struct sha256 *s, uint8_t *md)
{
  int i;

  pad(s);
  for (i = 0; i < 8; i++) {
    md[4*i] = s->h[i] >> 24;
    md[4*i+1] = s->h[i] >> 16;
    md[4*i+2] = s->h[i] >> 8;
    md[4*i+3] = s->h[i];
  }
}

static void sha256_update(struct sha256 *s, const void *m, unsigned long len)
{
  const uint8_t *p = m;
  unsigned r = s->len % 64;

  s->len += len;
  if (r) {
    if (len < 64 - r) {
      memcpy(s->buf + r, p, len);
      return;
    }
    memcpy(s->buf + r, p, 64 - r);
    len -= 64 - r;
    p += 64 - r;
    processblock(s, s->buf);
  }
  for (; len >= 64; len -= 64, p += 64)
    processblock(s, p);
  memcpy(s->buf, p, len);
}

void ul_SHA256(unsigned char hash_out[UL_SHA256LENGTH], const unsigned char *str, size_t len) {
  struct sha256 state = {};
  sha256_init(&state);
  sha256_update(&state, str, len);
  sha256_sum(&state, hash_out);
}

Coverage Report

Created: 2025-06-13 06:36

Line	Count	Source (jump to first uncovered line)
1		/*
2		* No copyright is claimed. This code is in the public domain; do with
3		* it what you wish.
4		*
5		* public domain sha256 crypt implementation
6		*
7		* original sha crypt design: http://people.redhat.com/drepper/SHA-crypt.txt
8		* in this implementation at least 32bit int is assumed,
9		* key length is limited, the $5$ prefix is mandatory, '\n' and ':' is rejected
10		* in the salt and rounds= setting must contain a valid iteration count,
11		* on error "*" is returned.
12		*/
13		#include <ctype.h>
14		#include <stdlib.h>
15		#include <stdio.h>
16		#include <string.h>
17		#include <stdint.h>
18
19		#include "sha256.h"
20
21		/* public domain sha256 implementation based on fips180-3 */
22
23		struct sha256 {
24		uint64_t len; /* processed message length */
25		uint32_t h[8]; /* hash state */
26		uint8_t buf[64]; /* message block buffer */
27		};
28
29	0	static uint32_t ror(uint32_t n, int k) { return (n >> k) \| (n << (32-k)); }
30	0	#define Ch(x,y,z) (z ^ (x & (y ^ z)))
31	0	#define Maj(x,y,z) ((x & y) \| (z & (x \| y)))
32	0	#define S0(x) (ror(x,2) ^ ror(x,13) ^ ror(x,22))
33	0	#define S1(x) (ror(x,6) ^ ror(x,11) ^ ror(x,25))
34	0	#define R0(x) (ror(x,7) ^ ror(x,18) ^ (x>>3))
35	0	#define R1(x) (ror(x,17) ^ ror(x,19) ^ (x>>10))
36
37		static const uint32_t K[64] = {
38		0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
39		0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
40		0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
41		0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
42		0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
43		0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
44		0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
45		0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
46		};
47
48		static void processblock(struct sha256 s, const uint8_t buf)
49	0	{
50	0	uint32_t W[64], t1, t2, a, b, c, d, e, f, g, h;
51	0	int i;
52
53	0	for (i = 0; i < 16; i++) {
54	0	W[i] = (uint32_t)buf[4*i]<<24;
55	0	W[i] \|= (uint32_t)buf[4*i+1]<<16;
56	0	W[i] \|= (uint32_t)buf[4*i+2]<<8;
57	0	W[i] \|= buf[4*i+3];
58	0	}
59	0	for (; i < 64; i++)
60	0	W[i] = R1(W[i-2]) + W[i-7] + R0(W[i-15]) + W[i-16];
61	0	a = s->h[0];
62	0	b = s->h[1];
63	0	c = s->h[2];
64	0	d = s->h[3];
65	0	e = s->h[4];
66	0	f = s->h[5];
67	0	g = s->h[6];
68	0	h = s->h[7];
69	0	for (i = 0; i < 64; i++) {
70	0	t1 = h + S1(e) + Ch(e,f,g) + K[i] + W[i];
71	0	t2 = S0(a) + Maj(a,b,c);
72	0	h = g;
73	0	g = f;
74	0	f = e;
75	0	e = d + t1;
76	0	d = c;
77	0	c = b;
78	0	b = a;
79	0	a = t1 + t2;
80	0	}
81	0	s->h[0] += a;
82	0	s->h[1] += b;
83	0	s->h[2] += c;
84	0	s->h[3] += d;
85	0	s->h[4] += e;
86	0	s->h[5] += f;
87	0	s->h[6] += g;
88	0	s->h[7] += h;
89	0	}
90
91		static void pad(struct sha256 *s)
92	0	{
93	0	unsigned r = s->len % 64;
94
95	0	s->buf[r++] = 0x80;
96	0	if (r > 56) {
97	0	memset(s->buf + r, 0, 64 - r);
98	0	r = 0;
99	0	processblock(s, s->buf);
100	0	}
101	0	memset(s->buf + r, 0, 56 - r);
102	0	s->len *= 8;
103	0	s->buf[56] = s->len >> 56;
104	0	s->buf[57] = s->len >> 48;
105	0	s->buf[58] = s->len >> 40;
106	0	s->buf[59] = s->len >> 32;
107	0	s->buf[60] = s->len >> 24;
108	0	s->buf[61] = s->len >> 16;
109	0	s->buf[62] = s->len >> 8;
110	0	s->buf[63] = s->len;
111	0	processblock(s, s->buf);
112	0	}
113
114		static void sha256_init(struct sha256 *s)
115	0	{
116	0	s->len = 0;
117	0	s->h[0] = 0x6a09e667;
118	0	s->h[1] = 0xbb67ae85;
119	0	s->h[2] = 0x3c6ef372;
120	0	s->h[3] = 0xa54ff53a;
121	0	s->h[4] = 0x510e527f;
122	0	s->h[5] = 0x9b05688c;
123	0	s->h[6] = 0x1f83d9ab;
124	0	s->h[7] = 0x5be0cd19;
125	0	}
126
127		static void sha256_sum(struct sha256 s, uint8_t md)
128	0	{
129	0	int i;
130
131	0	pad(s);
132	0	for (i = 0; i < 8; i++) {
133	0	md[4*i] = s->h[i] >> 24;
134	0	md[4*i+1] = s->h[i] >> 16;
135	0	md[4*i+2] = s->h[i] >> 8;
136	0	md[4*i+3] = s->h[i];
137	0	}
138	0	}
139
140		static void sha256_update(struct sha256 s, const void m, unsigned long len)
141	0	{
142	0	const uint8_t *p = m;
143	0	unsigned r = s->len % 64;
144
145	0	s->len += len;
146	0	if (r) {
147	0	if (len < 64 - r) {
148	0	memcpy(s->buf + r, p, len);
149	0	return;
150	0	}
151	0	memcpy(s->buf + r, p, 64 - r);
152	0	len -= 64 - r;
153	0	p += 64 - r;
154	0	processblock(s, s->buf);
155	0	}
156	0	for (; len >= 64; len -= 64, p += 64)
157	0	processblock(s, p);
158	0	memcpy(s->buf, p, len);
159	0	}
160
161	0	void ul_SHA256(unsigned char hash_out[UL_SHA256LENGTH], const unsigned char *str, size_t len) {
162	0	struct sha256 state = {};
163	0	sha256_init(&state);
164	0	sha256_update(&state, str, len);
165	0	sha256_sum(&state, hash_out);
166	0	}