Coverage Report

Created: 2024-11-25 06:29

/src/nettle/sha256.c
Line
Count
Source (jump to first uncovered line)
1
/* sha256.c
2
3
   The sha256 hash function.
4
   See http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
5
6
   Copyright (C) 2001 Niels Möller
7
8
   This file is part of GNU Nettle.
9
10
   GNU Nettle is free software: you can redistribute it and/or
11
   modify it under the terms of either:
12
13
     * the GNU Lesser General Public License as published by the Free
14
       Software Foundation; either version 3 of the License, or (at your
15
       option) any later version.
16
17
   or
18
19
     * the GNU General Public License as published by the Free
20
       Software Foundation; either version 2 of the License, or (at your
21
       option) any later version.
22
23
   or both in parallel, as here.
24
25
   GNU Nettle is distributed in the hope that it will be useful,
26
   but WITHOUT ANY WARRANTY; without even the implied warranty of
27
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
28
   General Public License for more details.
29
30
   You should have received copies of the GNU General Public License and
31
   the GNU Lesser General Public License along with this program.  If
32
   not, see http://www.gnu.org/licenses/.
33
*/
34
35
/* Modelled after the sha1.c code by Peter Gutmann. */
36
37
#if HAVE_CONFIG_H
38
# include "config.h"
39
#endif
40
41
#include <assert.h>
42
#include <stdlib.h>
43
#include <string.h>
44
45
#include "sha2.h"
46
#include "sha2-internal.h"
47
48
#include "macros.h"
49
#include "md-internal.h"
50
#include "nettle-write.h"
51
52
/* Generated by the shadata program. */
53
static const uint32_t
54
K[64] =
55
{
56
  0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 
57
  0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 
58
  0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, 
59
  0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL, 
60
  0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, 
61
  0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 
62
  0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 
63
  0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL, 
64
  0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL, 
65
  0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, 
66
  0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 
67
  0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 
68
  0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL, 
69
  0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL, 
70
  0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, 
71
  0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL, 
72
};
73
74
void
75
sha256_compress(uint32_t *state, const uint8_t *input)
76
27.8k
{
77
27.8k
  _nettle_sha256_compress_n(state, K, 1, input);
78
27.8k
}
79
80
377
#define COMPRESS(ctx, data) (sha256_compress((ctx)->state, (data)))
81
82
/* Initialize the SHA values */
83
84
void
85
sha256_init(struct sha256_ctx *ctx)
86
48.3k
{
87
  /* Initial values, also generated by the shadata program. */
88
48.3k
  static const uint32_t H0[_SHA256_DIGEST_LENGTH] =
89
48.3k
  {
90
48.3k
    0x6a09e667UL, 0xbb67ae85UL, 0x3c6ef372UL, 0xa54ff53aUL, 
91
48.3k
    0x510e527fUL, 0x9b05688cUL, 0x1f83d9abUL, 0x5be0cd19UL, 
92
48.3k
  };
93
94
48.3k
  memcpy(ctx->state, H0, sizeof(H0));
95
96
  /* Initialize bit count */
97
48.3k
  ctx->count = 0;
98
  
99
  /* Initialize buffer */
100
48.3k
  ctx->index = 0;
101
48.3k
}
102
103
void
104
sha256_update(struct sha256_ctx *ctx,
105
        size_t length, const uint8_t *data)
106
35.7k
{
107
35.7k
  size_t blocks;
108
35.7k
  if (!length)
109
0
    return;
110
111
35.7k
  if (ctx->index > 0)
112
4.73k
    {
113
      /* Try to fill partial block */
114
4.73k
      MD_FILL_OR_RETURN (ctx, length, data);
115
1.48k
      sha256_compress (ctx->state, ctx->block);
116
1.48k
      ctx->count++;
117
1.48k
    }
118
119
32.5k
  blocks = length >> 6;
120
32.5k
  data = _nettle_sha256_compress_n (ctx->state, K, blocks, data);
121
32.5k
  ctx->count += blocks;
122
32.5k
  length &= 63;
123
124
32.5k
  memcpy (ctx->block, data, length);
125
32.5k
  ctx->index = length;
126
32.5k
}
127
128
static void
129
sha256_write_digest(struct sha256_ctx *ctx,
130
        size_t length,
131
        uint8_t *digest)
132
26.0k
{
133
26.0k
  uint64_t bit_count;
134
135
26.0k
  assert(length <= SHA256_DIGEST_SIZE);
136
137
26.0k
  MD_PAD(ctx, 8, COMPRESS);
138
139
  /* There are 512 = 2^9 bits in one block */  
140
26.0k
  bit_count = (ctx->count << 9) | (ctx->index << 3);
141
142
  /* This is slightly inefficient, as the numbers are converted to
143
     big-endian format, and will be converted back by the compression
144
     function. It's probably not worth the effort to fix this. */
145
26.0k
  WRITE_UINT64(ctx->block + (SHA256_BLOCK_SIZE - 8), bit_count);
146
26.0k
  sha256_compress(ctx->state, ctx->block);
147
148
26.0k
  _nettle_write_be32(length, digest, ctx->state);
149
26.0k
}
150
151
void
152
sha256_digest(struct sha256_ctx *ctx,
153
        size_t length,
154
        uint8_t *digest)
155
26.0k
{
156
26.0k
  sha256_write_digest(ctx, length, digest);
157
26.0k
  sha256_init(ctx);
158
26.0k
}
159
160
/* sha224 variant. */
161
162
void
163
sha224_init(struct sha256_ctx *ctx)
164
0
{
165
  /* Initial values. Low 32 bits of the initial values for sha384. */
166
0
  static const uint32_t H0[_SHA256_DIGEST_LENGTH] =
167
0
  {
168
0
    0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939,
169
0
    0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4,
170
0
  };
171
172
0
  memcpy(ctx->state, H0, sizeof(H0));
173
174
  /* Initialize bit count */
175
0
  ctx->count = 0;
176
  
177
  /* Initialize buffer */
178
0
  ctx->index = 0;
179
0
}
180
181
void
182
sha224_digest(struct sha256_ctx *ctx,
183
        size_t length,
184
        uint8_t *digest)
185
0
{
186
0
  sha256_write_digest(ctx, length, digest);
187
0
  sha224_init(ctx);
188
0
}