From d611e002653f4538c3df8feb0fa6e5dd59238f45 Mon Sep 17 00:00:00 2001 From: Yehor Popovych Date: Thu, 20 May 2021 22:17:35 +0300 Subject: [PATCH] switched sha2 to UncommonCrypto version --- Package.swift | 7 +- Sources/CSr25519/src/sha2.c | 1249 -------------------- Sources/CSr25519/src/sha2.h | 89 -- Sources/CSr25519/src/sr25519-hash-custom.h | 30 + Sr25519.podspec | 6 +- 5 files changed, 39 insertions(+), 1342 deletions(-) delete mode 100644 Sources/CSr25519/src/sha2.c delete mode 100644 Sources/CSr25519/src/sha2.h diff --git a/Package.swift b/Package.swift index 5496097..b7359c0 100644 --- a/Package.swift +++ b/Package.swift @@ -13,7 +13,9 @@ let package = Package( name: "Ed25519", targets: ["Ed25519"]) ], - dependencies: [], + dependencies: [ + .package(url: "https://github.com/tesseract-one/UncommonCrypto.swift.git", from: "0.1.0") + ], targets: [ .target( name: "Sr25519", @@ -23,11 +25,12 @@ let package = Package( dependencies: ["CSr25519", "Sr25519Helpers"]), .target( name: "CSr25519", - dependencies: [], + dependencies: ["CUncommonCrypto"], cSettings: [ .define("ED25519_CUSTOMRANDOM"), .define("ED25519_CUSTOMHASH"), .define("ED25519_NO_INLINE_ASM"), + .define("SR25519_CUSTOMHASH"), .headerSearchPath("src"), .headerSearchPath("src/ed25519-donna") ] diff --git a/Sources/CSr25519/src/sha2.c b/Sources/CSr25519/src/sha2.c deleted file mode 100644 index 7857e27..0000000 --- a/Sources/CSr25519/src/sha2.c +++ /dev/null @@ -1,1249 +0,0 @@ -#include -#include -#include "sha2.h" -#include "memzero.h" - -/* - * ASSERT NOTE: - * Some sanity checking code is included using assert(). On my FreeBSD - * system, this additional code can be removed by compiling with NDEBUG - * defined. Check your own systems manpage on assert() to see how to - * compile WITHOUT the sanity checking code on your system. - * - * UNROLLED TRANSFORM LOOP NOTE: - * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform - * loop version for the hash transform rounds (defined using macros - * later in this file). Either define on the command line, for example: - * - * cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c - * - * or define below: - * - * #define SHA2_UNROLL_TRANSFORM - * - */ - -/*** SHA-256/384/512 Machine Architecture Definitions *****************/ -/* - * BYTE_ORDER NOTE: - * - * Please make sure that your system defines BYTE_ORDER. If your - * architecture is little-endian, make sure it also defines - * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are - * equivilent. - * - * If your system does not define the above, then you can do so by - * hand like this: - * - * #define LITTLE_ENDIAN 1234 - * #define BIG_ENDIAN 4321 - * - * And for little-endian machines, add: - * - * #define BYTE_ORDER LITTLE_ENDIAN - * - * Or for big-endian machines: - * - * #define BYTE_ORDER BIG_ENDIAN - * - * The FreeBSD machine this was written on defines BYTE_ORDER - * appropriately by including (which in turn includes - * where the appropriate definitions are actually - * made). - */ - -#if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN) -#error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN -#endif - -typedef uint8_t sha2_byte; /* Exactly 1 byte */ -typedef uint32_t sha2_word32; /* Exactly 4 bytes */ -typedef uint64_t sha2_word64; /* Exactly 8 bytes */ - -/*** SHA-256/384/512 Various Length Definitions ***********************/ -/* NOTE: Most of these are in sha2.h */ -#define SHA1_SHORT_BLOCK_LENGTH (SHA1_BLOCK_LENGTH - 8) -#define SHA256_SHORT_BLOCK_LENGTH (SHA256_BLOCK_LENGTH - 8) -#define SHA512_SHORT_BLOCK_LENGTH (SHA512_BLOCK_LENGTH - 16) - -/* - * Macro for incrementally adding the unsigned 64-bit integer n to the - * unsigned 128-bit integer (represented using a two-element array of - * 64-bit words): - */ -#define ADDINC128(w,n) { \ - (w)[0] += (sha2_word64)(n); \ - if ((w)[0] < (n)) { \ - (w)[1]++; \ - } \ -} - -#define MEMCPY_BCOPY(d,s,l) memcpy((d), (s), (l)) - -/*** THE SIX LOGICAL FUNCTIONS ****************************************/ -/* - * Bit shifting and rotation (used by the six SHA-XYZ logical functions: - * - * NOTE: In the original SHA-256/384/512 document, the shift-right - * function was named R and the rotate-right function was called S. - * (See: http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf on the - * web.) - * - * The newer NIST FIPS 180-2 document uses a much clearer naming - * scheme, SHR for shift-right, ROTR for rotate-right, and ROTL for - * rotate-left. (See: - * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf - * on the web.) - * - * WARNING: These macros must be used cautiously, since they reference - * supplied parameters sometimes more than once, and thus could have - * unexpected side-effects if used without taking this into account. - */ - -/* Shift-right (used in SHA-256, SHA-384, and SHA-512): */ -#define SHR(b,x) ((x) >> (b)) -/* 32-bit Rotate-right (used in SHA-256): */ -#define ROTR32(b,x) (((x) >> (b)) | ((x) << (32 - (b)))) -/* 64-bit Rotate-right (used in SHA-384 and SHA-512): */ -#define ROTR64(b,x) (((x) >> (b)) | ((x) << (64 - (b)))) -/* 32-bit Rotate-left (used in SHA-1): */ -#define ROTL32(b,x) (((x) << (b)) | ((x) >> (32 - (b)))) - -/* Two of six logical functions used in SHA-1, SHA-256, SHA-384, and SHA-512: */ -#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) -#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) - -/* Function used in SHA-1: */ -#define Parity(x,y,z) ((x) ^ (y) ^ (z)) - -/* Four of six logical functions used in SHA-256: */ -#define Sigma0_256(x) (ROTR32(2, (x)) ^ ROTR32(13, (x)) ^ ROTR32(22, (x))) -#define Sigma1_256(x) (ROTR32(6, (x)) ^ ROTR32(11, (x)) ^ ROTR32(25, (x))) -#define sigma0_256(x) (ROTR32(7, (x)) ^ ROTR32(18, (x)) ^ SHR(3 , (x))) -#define sigma1_256(x) (ROTR32(17, (x)) ^ ROTR32(19, (x)) ^ SHR(10, (x))) - -/* Four of six logical functions used in SHA-384 and SHA-512: */ -#define Sigma0_512(x) (ROTR64(28, (x)) ^ ROTR64(34, (x)) ^ ROTR64(39, (x))) -#define Sigma1_512(x) (ROTR64(14, (x)) ^ ROTR64(18, (x)) ^ ROTR64(41, (x))) -#define sigma0_512(x) (ROTR64( 1, (x)) ^ ROTR64( 8, (x)) ^ SHR( 7, (x))) -#define sigma1_512(x) (ROTR64(19, (x)) ^ ROTR64(61, (x)) ^ SHR( 6, (x))) - -/*** INTERNAL FUNCTION PROTOTYPES *************************************/ -/* NOTE: These should not be accessed directly from outside this - * library -- they are intended for private internal visibility/use - * only. - */ -static void sha512_Last(SHA512_CTX*); - -/*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/ - -/* Hash constant words K for SHA-1: */ -#define K1_0_TO_19 0x5a827999UL -#define K1_20_TO_39 0x6ed9eba1UL -#define K1_40_TO_59 0x8f1bbcdcUL -#define K1_60_TO_79 0xca62c1d6UL - -/* Initial hash value H for SHA-1: */ -const sha2_word32 sha1_initial_hash_value[SHA1_DIGEST_LENGTH / sizeof(sha2_word32)] = { - 0x67452301UL, - 0xefcdab89UL, - 0x98badcfeUL, - 0x10325476UL, - 0xc3d2e1f0UL -}; - -/* Hash constant words K for SHA-256: */ -static const sha2_word32 K256[64] = { - 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, - 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, - 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, - 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL, - 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, - 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, - 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, - 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL, - 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL, - 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, - 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, - 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, - 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL, - 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL, - 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, - 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL -}; - -/* Initial hash value H for SHA-256: */ -const sha2_word32 sha256_initial_hash_value[8] = { - 0x6a09e667UL, - 0xbb67ae85UL, - 0x3c6ef372UL, - 0xa54ff53aUL, - 0x510e527fUL, - 0x9b05688cUL, - 0x1f83d9abUL, - 0x5be0cd19UL -}; - -/* Hash constant words K for SHA-384 and SHA-512: */ -static const sha2_word64 K512[80] = { - 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, - 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, - 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, - 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, - 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, - 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, - 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, - 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, - 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, - 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, - 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, - 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, - 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, - 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, - 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, - 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, - 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, - 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, - 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, - 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, - 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, - 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, - 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, - 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, - 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, - 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, - 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, - 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, - 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, - 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, - 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, - 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, - 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, - 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, - 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, - 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, - 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, - 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, - 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, - 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL -}; - -/* Initial hash value H for SHA-512 */ -const sha2_word64 sha512_initial_hash_value[8] = { - 0x6a09e667f3bcc908ULL, - 0xbb67ae8584caa73bULL, - 0x3c6ef372fe94f82bULL, - 0xa54ff53a5f1d36f1ULL, - 0x510e527fade682d1ULL, - 0x9b05688c2b3e6c1fULL, - 0x1f83d9abfb41bd6bULL, - 0x5be0cd19137e2179ULL -}; - -/* - * Constant used by SHA256/384/512_End() functions for converting the - * digest to a readable hexadecimal character string: - */ -static const char *sha2_hex_digits = "0123456789abcdef"; - -/*** SHA-1: ***********************************************************/ -void sha1_Init(SHA1_CTX* context) { - MEMCPY_BCOPY(context->state, sha1_initial_hash_value, SHA1_DIGEST_LENGTH); - memzero(context->buffer, SHA1_BLOCK_LENGTH); - context->bitcount = 0; -} - -#ifdef SHA2_UNROLL_TRANSFORM - -/* Unrolled SHA-1 round macros: */ - -#define ROUND1_0_TO_15(a,b,c,d,e) \ - (e) = ROTL32(5, (a)) + Ch((b), (c), (d)) + (e) + \ - K1_0_TO_19 + ( W1[j] = *data++ ); \ - (b) = ROTL32(30, (b)); \ - j++; - -#define ROUND1_16_TO_19(a,b,c,d,e) \ - T1 = W1[(j+13)&0x0f] ^ W1[(j+8)&0x0f] ^ W1[(j+2)&0x0f] ^ W1[j&0x0f]; \ - (e) = ROTL32(5, a) + Ch(b,c,d) + e + K1_0_TO_19 + ( W1[j&0x0f] = ROTL32(1, T1) ); \ - (b) = ROTL32(30, b); \ - j++; - -#define ROUND1_20_TO_39(a,b,c,d,e) \ - T1 = W1[(j+13)&0x0f] ^ W1[(j+8)&0x0f] ^ W1[(j+2)&0x0f] ^ W1[j&0x0f]; \ - (e) = ROTL32(5, a) + Parity(b,c,d) + e + K1_20_TO_39 + ( W1[j&0x0f] = ROTL32(1, T1) ); \ - (b) = ROTL32(30, b); \ - j++; - -#define ROUND1_40_TO_59(a,b,c,d,e) \ - T1 = W1[(j+13)&0x0f] ^ W1[(j+8)&0x0f] ^ W1[(j+2)&0x0f] ^ W1[j&0x0f]; \ - (e) = ROTL32(5, a) + Maj(b,c,d) + e + K1_40_TO_59 + ( W1[j&0x0f] = ROTL32(1, T1) ); \ - (b) = ROTL32(30, b); \ - j++; - -#define ROUND1_60_TO_79(a,b,c,d,e) \ - T1 = W1[(j+13)&0x0f] ^ W1[(j+8)&0x0f] ^ W1[(j+2)&0x0f] ^ W1[j&0x0f]; \ - (e) = ROTL32(5, a) + Parity(b,c,d) + e + K1_60_TO_79 + ( W1[j&0x0f] = ROTL32(1, T1) ); \ - (b) = ROTL32(30, b); \ - j++; - -void sha1_Transform(const sha2_word32* state_in, const sha2_word32* data, sha2_word32* state_out) { - sha2_word32 a = 0, b = 0, c = 0, d = 0, e = 0; - sha2_word32 T1 = 0; - sha2_word32 W1[16] = {0}; - int j = 0; - - /* Initialize registers with the prev. intermediate value */ - a = state_in[0]; - b = state_in[1]; - c = state_in[2]; - d = state_in[3]; - e = state_in[4]; - - j = 0; - - /* Rounds 0 to 15 unrolled: */ - ROUND1_0_TO_15(a,b,c,d,e); - ROUND1_0_TO_15(e,a,b,c,d); - ROUND1_0_TO_15(d,e,a,b,c); - ROUND1_0_TO_15(c,d,e,a,b); - ROUND1_0_TO_15(b,c,d,e,a); - ROUND1_0_TO_15(a,b,c,d,e); - ROUND1_0_TO_15(e,a,b,c,d); - ROUND1_0_TO_15(d,e,a,b,c); - ROUND1_0_TO_15(c,d,e,a,b); - ROUND1_0_TO_15(b,c,d,e,a); - ROUND1_0_TO_15(a,b,c,d,e); - ROUND1_0_TO_15(e,a,b,c,d); - ROUND1_0_TO_15(d,e,a,b,c); - ROUND1_0_TO_15(c,d,e,a,b); - ROUND1_0_TO_15(b,c,d,e,a); - ROUND1_0_TO_15(a,b,c,d,e); - - /* Rounds 16 to 19 unrolled: */ - ROUND1_16_TO_19(e,a,b,c,d); - ROUND1_16_TO_19(d,e,a,b,c); - ROUND1_16_TO_19(c,d,e,a,b); - ROUND1_16_TO_19(b,c,d,e,a); - - /* Rounds 20 to 39 unrolled: */ - ROUND1_20_TO_39(a,b,c,d,e); - ROUND1_20_TO_39(e,a,b,c,d); - ROUND1_20_TO_39(d,e,a,b,c); - ROUND1_20_TO_39(c,d,e,a,b); - ROUND1_20_TO_39(b,c,d,e,a); - ROUND1_20_TO_39(a,b,c,d,e); - ROUND1_20_TO_39(e,a,b,c,d); - ROUND1_20_TO_39(d,e,a,b,c); - ROUND1_20_TO_39(c,d,e,a,b); - ROUND1_20_TO_39(b,c,d,e,a); - ROUND1_20_TO_39(a,b,c,d,e); - ROUND1_20_TO_39(e,a,b,c,d); - ROUND1_20_TO_39(d,e,a,b,c); - ROUND1_20_TO_39(c,d,e,a,b); - ROUND1_20_TO_39(b,c,d,e,a); - ROUND1_20_TO_39(a,b,c,d,e); - ROUND1_20_TO_39(e,a,b,c,d); - ROUND1_20_TO_39(d,e,a,b,c); - ROUND1_20_TO_39(c,d,e,a,b); - ROUND1_20_TO_39(b,c,d,e,a); - - /* Rounds 40 to 59 unrolled: */ - ROUND1_40_TO_59(a,b,c,d,e); - ROUND1_40_TO_59(e,a,b,c,d); - ROUND1_40_TO_59(d,e,a,b,c); - ROUND1_40_TO_59(c,d,e,a,b); - ROUND1_40_TO_59(b,c,d,e,a); - ROUND1_40_TO_59(a,b,c,d,e); - ROUND1_40_TO_59(e,a,b,c,d); - ROUND1_40_TO_59(d,e,a,b,c); - ROUND1_40_TO_59(c,d,e,a,b); - ROUND1_40_TO_59(b,c,d,e,a); - ROUND1_40_TO_59(a,b,c,d,e); - ROUND1_40_TO_59(e,a,b,c,d); - ROUND1_40_TO_59(d,e,a,b,c); - ROUND1_40_TO_59(c,d,e,a,b); - ROUND1_40_TO_59(b,c,d,e,a); - ROUND1_40_TO_59(a,b,c,d,e); - ROUND1_40_TO_59(e,a,b,c,d); - ROUND1_40_TO_59(d,e,a,b,c); - ROUND1_40_TO_59(c,d,e,a,b); - ROUND1_40_TO_59(b,c,d,e,a); - - /* Rounds 60 to 79 unrolled: */ - ROUND1_60_TO_79(a,b,c,d,e); - ROUND1_60_TO_79(e,a,b,c,d); - ROUND1_60_TO_79(d,e,a,b,c); - ROUND1_60_TO_79(c,d,e,a,b); - ROUND1_60_TO_79(b,c,d,e,a); - ROUND1_60_TO_79(a,b,c,d,e); - ROUND1_60_TO_79(e,a,b,c,d); - ROUND1_60_TO_79(d,e,a,b,c); - ROUND1_60_TO_79(c,d,e,a,b); - ROUND1_60_TO_79(b,c,d,e,a); - ROUND1_60_TO_79(a,b,c,d,e); - ROUND1_60_TO_79(e,a,b,c,d); - ROUND1_60_TO_79(d,e,a,b,c); - ROUND1_60_TO_79(c,d,e,a,b); - ROUND1_60_TO_79(b,c,d,e,a); - ROUND1_60_TO_79(a,b,c,d,e); - ROUND1_60_TO_79(e,a,b,c,d); - ROUND1_60_TO_79(d,e,a,b,c); - ROUND1_60_TO_79(c,d,e,a,b); - ROUND1_60_TO_79(b,c,d,e,a); - - /* Compute the current intermediate hash value */ - state_out[0] = state_in[0] + a; - state_out[1] = state_in[1] + b; - state_out[2] = state_in[2] + c; - state_out[3] = state_in[3] + d; - state_out[4] = state_in[4] + e; - - /* Clean up */ - a = b = c = d = e = T1 = 0; -} - -#else /* SHA2_UNROLL_TRANSFORM */ - -void sha1_Transform(const sha2_word32* state_in, const sha2_word32* data, sha2_word32* state_out) { - sha2_word32 a = 0, b = 0, c = 0, d = 0, e = 0; - sha2_word32 T1 = 0; - sha2_word32 W1[16] = {0}; - int j = 0; - - /* Initialize registers with the prev. intermediate value */ - a = state_in[0]; - b = state_in[1]; - c = state_in[2]; - d = state_in[3]; - e = state_in[4]; - j = 0; - do { - T1 = ROTL32(5, a) + Ch(b, c, d) + e + K1_0_TO_19 + (W1[j] = *data++); - e = d; - d = c; - c = ROTL32(30, b); - b = a; - a = T1; - j++; - } while (j < 16); - - do { - T1 = W1[(j+13)&0x0f] ^ W1[(j+8)&0x0f] ^ W1[(j+2)&0x0f] ^ W1[j&0x0f]; - T1 = ROTL32(5, a) + Ch(b,c,d) + e + K1_0_TO_19 + (W1[j&0x0f] = ROTL32(1, T1)); - e = d; - d = c; - c = ROTL32(30, b); - b = a; - a = T1; - j++; - } while (j < 20); - - do { - T1 = W1[(j+13)&0x0f] ^ W1[(j+8)&0x0f] ^ W1[(j+2)&0x0f] ^ W1[j&0x0f]; - T1 = ROTL32(5, a) + Parity(b,c,d) + e + K1_20_TO_39 + (W1[j&0x0f] = ROTL32(1, T1)); - e = d; - d = c; - c = ROTL32(30, b); - b = a; - a = T1; - j++; - } while (j < 40); - - do { - T1 = W1[(j+13)&0x0f] ^ W1[(j+8)&0x0f] ^ W1[(j+2)&0x0f] ^ W1[j&0x0f]; - T1 = ROTL32(5, a) + Maj(b,c,d) + e + K1_40_TO_59 + (W1[j&0x0f] = ROTL32(1, T1)); - e = d; - d = c; - c = ROTL32(30, b); - b = a; - a = T1; - j++; - } while (j < 60); - - do { - T1 = W1[(j+13)&0x0f] ^ W1[(j+8)&0x0f] ^ W1[(j+2)&0x0f] ^ W1[j&0x0f]; - T1 = ROTL32(5, a) + Parity(b,c,d) + e + K1_60_TO_79 + (W1[j&0x0f] = ROTL32(1, T1)); - e = d; - d = c; - c = ROTL32(30, b); - b = a; - a = T1; - j++; - } while (j < 80); - - /* Compute the current intermediate hash value */ - state_out[0] = state_in[0] + a; - state_out[1] = state_in[1] + b; - state_out[2] = state_in[2] + c; - state_out[3] = state_in[3] + d; - state_out[4] = state_in[4] + e; - - /* Clean up */ - a = b = c = d = e = T1 = 0; -} - -#endif /* SHA2_UNROLL_TRANSFORM */ - -void sha1_Update(SHA1_CTX* context, const sha2_byte *data, size_t len) { - unsigned int freespace = 0, usedspace = 0; - - if (len == 0) { - /* Calling with no data is valid - we do nothing */ - return; - } - - usedspace = (context->bitcount >> 3) % SHA1_BLOCK_LENGTH; - if (usedspace > 0) { - /* Calculate how much free space is available in the buffer */ - freespace = SHA1_BLOCK_LENGTH - usedspace; - - if (len >= freespace) { - /* Fill the buffer completely and process it */ - MEMCPY_BCOPY(((uint8_t*)context->buffer) + usedspace, data, freespace); - context->bitcount += freespace << 3; - len -= freespace; - data += freespace; -#if BYTE_ORDER == LITTLE_ENDIAN - /* Convert TO host byte order */ - for (int j = 0; j < 16; j++) { - REVERSE32(context->buffer[j],context->buffer[j]); - } -#endif - sha1_Transform(context->state, context->buffer, context->state); - } else { - /* The buffer is not yet full */ - MEMCPY_BCOPY(((uint8_t*)context->buffer) + usedspace, data, len); - context->bitcount += len << 3; - /* Clean up: */ - usedspace = freespace = 0; - return; - } - } - while (len >= SHA1_BLOCK_LENGTH) { - /* Process as many complete blocks as we can */ - MEMCPY_BCOPY(context->buffer, data, SHA1_BLOCK_LENGTH); -#if BYTE_ORDER == LITTLE_ENDIAN - /* Convert TO host byte order */ - for (int j = 0; j < 16; j++) { - REVERSE32(context->buffer[j],context->buffer[j]); - } -#endif - sha1_Transform(context->state, context->buffer, context->state); - context->bitcount += SHA1_BLOCK_LENGTH << 3; - len -= SHA1_BLOCK_LENGTH; - data += SHA1_BLOCK_LENGTH; - } - if (len > 0) { - /* There's left-overs, so save 'em */ - MEMCPY_BCOPY(context->buffer, data, len); - context->bitcount += len << 3; - } - /* Clean up: */ - usedspace = freespace = 0; -} - -void sha1_Final(SHA1_CTX* context, sha2_byte digest[]) { - unsigned int usedspace = 0; - - /* If no digest buffer is passed, we don't bother doing this: */ - if (digest != (sha2_byte*)0) { - usedspace = (context->bitcount >> 3) % SHA1_BLOCK_LENGTH; - /* Begin padding with a 1 bit: */ - ((uint8_t*)context->buffer)[usedspace++] = 0x80; - - if (usedspace > SHA1_SHORT_BLOCK_LENGTH) { - memzero(((uint8_t*)context->buffer) + usedspace, SHA1_BLOCK_LENGTH - usedspace); - -#if BYTE_ORDER == LITTLE_ENDIAN - /* Convert TO host byte order */ - for (int j = 0; j < 16; j++) { - REVERSE32(context->buffer[j],context->buffer[j]); - } -#endif - /* Do second-to-last transform: */ - sha1_Transform(context->state, context->buffer, context->state); - - /* And prepare the last transform: */ - usedspace = 0; - } - /* Set-up for the last transform: */ - memzero(((uint8_t*)context->buffer) + usedspace, SHA1_SHORT_BLOCK_LENGTH - usedspace); - -#if BYTE_ORDER == LITTLE_ENDIAN - /* Convert TO host byte order */ - for (int j = 0; j < 14; j++) { - REVERSE32(context->buffer[j],context->buffer[j]); - } -#endif - /* Set the bit count: */ - context->buffer[14] = context->bitcount >> 32; - context->buffer[15] = context->bitcount & 0xffffffff; - - /* Final transform: */ - sha1_Transform(context->state, context->buffer, context->state); - -#if BYTE_ORDER == LITTLE_ENDIAN - /* Convert FROM host byte order */ - for (int j = 0; j < 5; j++) { - REVERSE32(context->state[j],context->state[j]); - } -#endif - MEMCPY_BCOPY(digest, context->state, SHA1_DIGEST_LENGTH); - } - - /* Clean up state data: */ - memzero(context, sizeof(SHA1_CTX)); - usedspace = 0; -} - -char *sha1_End(SHA1_CTX* context, char buffer[]) { - sha2_byte digest[SHA1_DIGEST_LENGTH] = {0}, *d = digest; - int i = 0; - - if (buffer != (char*)0) { - sha1_Final(context, digest); - - for (i = 0; i < SHA1_DIGEST_LENGTH; i++) { - *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; - *buffer++ = sha2_hex_digits[*d & 0x0f]; - d++; - } - *buffer = (char)0; - } else { - memzero(context, sizeof(SHA1_CTX)); - } - memzero(digest, SHA1_DIGEST_LENGTH); - return buffer; -} - -void sha1_Raw(const sha2_byte* data, size_t len, uint8_t digest[SHA1_DIGEST_LENGTH]) { - SHA1_CTX context = {0}; - sha1_Init(&context); - sha1_Update(&context, data, len); - sha1_Final(&context, digest); -} - -char* sha1_Data(const sha2_byte* data, size_t len, char digest[SHA1_DIGEST_STRING_LENGTH]) { - SHA1_CTX context = {0}; - - sha1_Init(&context); - sha1_Update(&context, data, len); - return sha1_End(&context, digest); -} - -/*** SHA-256: *********************************************************/ -void sha256_Init(SHA256_CTX* context) { - if (context == (SHA256_CTX*)0) { - return; - } - MEMCPY_BCOPY(context->state, sha256_initial_hash_value, SHA256_DIGEST_LENGTH); - memzero(context->buffer, SHA256_BLOCK_LENGTH); - context->bitcount = 0; -} - -#ifdef SHA2_UNROLL_TRANSFORM - -/* Unrolled SHA-256 round macros: */ - -#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \ - T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \ - K256[j] + (W256[j] = *data++); \ - (d) += T1; \ - (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ - j++ - -#define ROUND256(a,b,c,d,e,f,g,h) \ - s0 = W256[(j+1)&0x0f]; \ - s0 = sigma0_256(s0); \ - s1 = W256[(j+14)&0x0f]; \ - s1 = sigma1_256(s1); \ - T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \ - (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \ - (d) += T1; \ - (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ - j++ - -void sha256_Transform(const sha2_word32* state_in, const sha2_word32* data, sha2_word32* state_out) { - sha2_word32 a = 0, b = 0, c = 0, d = 0, e = 0, f = 0, g = 0, h = 0, s0 = 0, s1 = 0; - sha2_word32 T1 = 0; - sha2_word32 W256[16] = {0}; - int j = 0; - - /* Initialize registers with the prev. intermediate value */ - a = state_in[0]; - b = state_in[1]; - c = state_in[2]; - d = state_in[3]; - e = state_in[4]; - f = state_in[5]; - g = state_in[6]; - h = state_in[7]; - - j = 0; - do { - /* Rounds 0 to 15 (unrolled): */ - ROUND256_0_TO_15(a,b,c,d,e,f,g,h); - ROUND256_0_TO_15(h,a,b,c,d,e,f,g); - ROUND256_0_TO_15(g,h,a,b,c,d,e,f); - ROUND256_0_TO_15(f,g,h,a,b,c,d,e); - ROUND256_0_TO_15(e,f,g,h,a,b,c,d); - ROUND256_0_TO_15(d,e,f,g,h,a,b,c); - ROUND256_0_TO_15(c,d,e,f,g,h,a,b); - ROUND256_0_TO_15(b,c,d,e,f,g,h,a); - } while (j < 16); - - /* Now for the remaining rounds to 64: */ - do { - ROUND256(a,b,c,d,e,f,g,h); - ROUND256(h,a,b,c,d,e,f,g); - ROUND256(g,h,a,b,c,d,e,f); - ROUND256(f,g,h,a,b,c,d,e); - ROUND256(e,f,g,h,a,b,c,d); - ROUND256(d,e,f,g,h,a,b,c); - ROUND256(c,d,e,f,g,h,a,b); - ROUND256(b,c,d,e,f,g,h,a); - } while (j < 64); - - /* Compute the current intermediate hash value */ - state_out[0] = state_in[0] + a; - state_out[1] = state_in[1] + b; - state_out[2] = state_in[2] + c; - state_out[3] = state_in[3] + d; - state_out[4] = state_in[4] + e; - state_out[5] = state_in[5] + f; - state_out[6] = state_in[6] + g; - state_out[7] = state_in[7] + h; - - /* Clean up */ - a = b = c = d = e = f = g = h = T1 = 0; -} - -#else /* SHA2_UNROLL_TRANSFORM */ - -void sha256_Transform(const sha2_word32* state_in, const sha2_word32* data, sha2_word32* state_out) { - sha2_word32 a = 0, b = 0, c = 0, d = 0, e = 0, f = 0, g = 0, h = 0, s0 = 0, s1 = 0; - sha2_word32 T1 = 0, T2 = 0 , W256[16] = {0}; - int j = 0; - - /* Initialize registers with the prev. intermediate value */ - a = state_in[0]; - b = state_in[1]; - c = state_in[2]; - d = state_in[3]; - e = state_in[4]; - f = state_in[5]; - g = state_in[6]; - h = state_in[7]; - - j = 0; - do { - /* Apply the SHA-256 compression function to update a..h with copy */ - T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++); - T2 = Sigma0_256(a) + Maj(a, b, c); - h = g; - g = f; - f = e; - e = d + T1; - d = c; - c = b; - b = a; - a = T1 + T2; - - j++; - } while (j < 16); - - do { - /* Part of the message block expansion: */ - s0 = W256[(j+1)&0x0f]; - s0 = sigma0_256(s0); - s1 = W256[(j+14)&0x0f]; - s1 = sigma1_256(s1); - - /* Apply the SHA-256 compression function to update a..h */ - T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + - (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); - T2 = Sigma0_256(a) + Maj(a, b, c); - h = g; - g = f; - f = e; - e = d + T1; - d = c; - c = b; - b = a; - a = T1 + T2; - - j++; - } while (j < 64); - - /* Compute the current intermediate hash value */ - state_out[0] = state_in[0] + a; - state_out[1] = state_in[1] + b; - state_out[2] = state_in[2] + c; - state_out[3] = state_in[3] + d; - state_out[4] = state_in[4] + e; - state_out[5] = state_in[5] + f; - state_out[6] = state_in[6] + g; - state_out[7] = state_in[7] + h; - - /* Clean up */ - a = b = c = d = e = f = g = h = T1 = T2 = 0; -} - -#endif /* SHA2_UNROLL_TRANSFORM */ - -void sha256_Update(SHA256_CTX* context, const sha2_byte *data, size_t len) { - unsigned int freespace = 0, usedspace = 0; - - if (len == 0) { - /* Calling with no data is valid - we do nothing */ - return; - } - - usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH; - if (usedspace > 0) { - /* Calculate how much free space is available in the buffer */ - freespace = SHA256_BLOCK_LENGTH - usedspace; - - if (len >= freespace) { - /* Fill the buffer completely and process it */ - MEMCPY_BCOPY(((uint8_t*)context->buffer) + usedspace, data, freespace); - context->bitcount += freespace << 3; - len -= freespace; - data += freespace; -#if BYTE_ORDER == LITTLE_ENDIAN - /* Convert TO host byte order */ - for (int j = 0; j < 16; j++) { - REVERSE32(context->buffer[j],context->buffer[j]); - } -#endif - sha256_Transform(context->state, context->buffer, context->state); - } else { - /* The buffer is not yet full */ - MEMCPY_BCOPY(((uint8_t*)context->buffer) + usedspace, data, len); - context->bitcount += len << 3; - /* Clean up: */ - usedspace = freespace = 0; - return; - } - } - while (len >= SHA256_BLOCK_LENGTH) { - /* Process as many complete blocks as we can */ - MEMCPY_BCOPY(context->buffer, data, SHA256_BLOCK_LENGTH); -#if BYTE_ORDER == LITTLE_ENDIAN - /* Convert TO host byte order */ - for (int j = 0; j < 16; j++) { - REVERSE32(context->buffer[j],context->buffer[j]); - } -#endif - sha256_Transform(context->state, context->buffer, context->state); - context->bitcount += SHA256_BLOCK_LENGTH << 3; - len -= SHA256_BLOCK_LENGTH; - data += SHA256_BLOCK_LENGTH; - } - if (len > 0) { - /* There's left-overs, so save 'em */ - MEMCPY_BCOPY(context->buffer, data, len); - context->bitcount += len << 3; - } - /* Clean up: */ - usedspace = freespace = 0; -} - -void sha256_Final(SHA256_CTX* context, sha2_byte digest[]) { - unsigned int usedspace = 0; - - /* If no digest buffer is passed, we don't bother doing this: */ - if (digest != (sha2_byte*)0) { - usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH; - /* Begin padding with a 1 bit: */ - ((uint8_t*)context->buffer)[usedspace++] = 0x80; - - if (usedspace > SHA256_SHORT_BLOCK_LENGTH) { - memzero(((uint8_t*)context->buffer) + usedspace, SHA256_BLOCK_LENGTH - usedspace); - -#if BYTE_ORDER == LITTLE_ENDIAN - /* Convert TO host byte order */ - for (int j = 0; j < 16; j++) { - REVERSE32(context->buffer[j],context->buffer[j]); - } -#endif - /* Do second-to-last transform: */ - sha256_Transform(context->state, context->buffer, context->state); - - /* And prepare the last transform: */ - usedspace = 0; - } - /* Set-up for the last transform: */ - memzero(((uint8_t*)context->buffer) + usedspace, SHA256_SHORT_BLOCK_LENGTH - usedspace); - -#if BYTE_ORDER == LITTLE_ENDIAN - /* Convert TO host byte order */ - for (int j = 0; j < 14; j++) { - REVERSE32(context->buffer[j],context->buffer[j]); - } -#endif - /* Set the bit count: */ - context->buffer[14] = context->bitcount >> 32; - context->buffer[15] = context->bitcount & 0xffffffff; - - /* Final transform: */ - sha256_Transform(context->state, context->buffer, context->state); - -#if BYTE_ORDER == LITTLE_ENDIAN - /* Convert FROM host byte order */ - for (int j = 0; j < 8; j++) { - REVERSE32(context->state[j],context->state[j]); - } -#endif - MEMCPY_BCOPY(digest, context->state, SHA256_DIGEST_LENGTH); - } - - /* Clean up state data: */ - memzero(context, sizeof(SHA256_CTX)); - usedspace = 0; -} - -char *sha256_End(SHA256_CTX* context, char buffer[]) { - sha2_byte digest[SHA256_DIGEST_LENGTH] = {0}, *d = digest; - int i = 0; - - if (buffer != (char*)0) { - sha256_Final(context, digest); - - for (i = 0; i < SHA256_DIGEST_LENGTH; i++) { - *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; - *buffer++ = sha2_hex_digits[*d & 0x0f]; - d++; - } - *buffer = (char)0; - } else { - memzero(context, sizeof(SHA256_CTX)); - } - memzero(digest, SHA256_DIGEST_LENGTH); - return buffer; -} - -void sha256_Raw(const sha2_byte* data, size_t len, uint8_t digest[SHA256_DIGEST_LENGTH]) { - SHA256_CTX context = {0}; - sha256_Init(&context); - sha256_Update(&context, data, len); - sha256_Final(&context, digest); -} - -char* sha256_Data(const sha2_byte* data, size_t len, char digest[SHA256_DIGEST_STRING_LENGTH]) { - SHA256_CTX context = {0}; - - sha256_Init(&context); - sha256_Update(&context, data, len); - return sha256_End(&context, digest); -} - - -/*** SHA-512: *********************************************************/ -void sha512_Init(SHA512_CTX* context) { - if (context == (SHA512_CTX*)0) { - return; - } - MEMCPY_BCOPY(context->state, sha512_initial_hash_value, SHA512_DIGEST_LENGTH); - memzero(context->buffer, SHA512_BLOCK_LENGTH); - context->bitcount[0] = context->bitcount[1] = 0; -} - -#ifdef SHA2_UNROLL_TRANSFORM - -/* Unrolled SHA-512 round macros: */ -#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \ - T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \ - K512[j] + (W512[j] = *data++); \ - (d) += T1; \ - (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \ - j++ - -#define ROUND512(a,b,c,d,e,f,g,h) \ - s0 = W512[(j+1)&0x0f]; \ - s0 = sigma0_512(s0); \ - s1 = W512[(j+14)&0x0f]; \ - s1 = sigma1_512(s1); \ - T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \ - (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \ - (d) += T1; \ - (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \ - j++ - -void sha512_Transform(const sha2_word64* state_in, const sha2_word64* data, sha2_word64* state_out) { - sha2_word64 a = 0, b = 0, c = 0, d = 0, e = 0, f = 0, g = 0, h = 0, s0 = 0, s1 = 0; - sha2_word64 T1 = 0, W512[16] = {0}; - int j = 0; - - /* Initialize registers with the prev. intermediate value */ - a = state_in[0]; - b = state_in[1]; - c = state_in[2]; - d = state_in[3]; - e = state_in[4]; - f = state_in[5]; - g = state_in[6]; - h = state_in[7]; - - j = 0; - do { - ROUND512_0_TO_15(a,b,c,d,e,f,g,h); - ROUND512_0_TO_15(h,a,b,c,d,e,f,g); - ROUND512_0_TO_15(g,h,a,b,c,d,e,f); - ROUND512_0_TO_15(f,g,h,a,b,c,d,e); - ROUND512_0_TO_15(e,f,g,h,a,b,c,d); - ROUND512_0_TO_15(d,e,f,g,h,a,b,c); - ROUND512_0_TO_15(c,d,e,f,g,h,a,b); - ROUND512_0_TO_15(b,c,d,e,f,g,h,a); - } while (j < 16); - - /* Now for the remaining rounds up to 79: */ - do { - ROUND512(a,b,c,d,e,f,g,h); - ROUND512(h,a,b,c,d,e,f,g); - ROUND512(g,h,a,b,c,d,e,f); - ROUND512(f,g,h,a,b,c,d,e); - ROUND512(e,f,g,h,a,b,c,d); - ROUND512(d,e,f,g,h,a,b,c); - ROUND512(c,d,e,f,g,h,a,b); - ROUND512(b,c,d,e,f,g,h,a); - } while (j < 80); - - /* Compute the current intermediate hash value */ - state_out[0] = state_in[0] + a; - state_out[1] = state_in[1] + b; - state_out[2] = state_in[2] + c; - state_out[3] = state_in[3] + d; - state_out[4] = state_in[4] + e; - state_out[5] = state_in[5] + f; - state_out[6] = state_in[6] + g; - state_out[7] = state_in[7] + h; - - /* Clean up */ - a = b = c = d = e = f = g = h = T1 = 0; -} - -#else /* SHA2_UNROLL_TRANSFORM */ - -void sha512_Transform(const sha2_word64* state_in, const sha2_word64* data, sha2_word64* state_out) { - sha2_word64 a = 0, b = 0, c = 0, d = 0, e = 0, f = 0, g = 0, h = 0, s0 = 0, s1 = 0; - sha2_word64 T1 = 0, T2 = 0, W512[16] = {0}; - int j = 0; - - /* Initialize registers with the prev. intermediate value */ - a = state_in[0]; - b = state_in[1]; - c = state_in[2]; - d = state_in[3]; - e = state_in[4]; - f = state_in[5]; - g = state_in[6]; - h = state_in[7]; - - j = 0; - do { - /* Apply the SHA-512 compression function to update a..h with copy */ - T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++); - T2 = Sigma0_512(a) + Maj(a, b, c); - h = g; - g = f; - f = e; - e = d + T1; - d = c; - c = b; - b = a; - a = T1 + T2; - - j++; - } while (j < 16); - - do { - /* Part of the message block expansion: */ - s0 = W512[(j+1)&0x0f]; - s0 = sigma0_512(s0); - s1 = W512[(j+14)&0x0f]; - s1 = sigma1_512(s1); - - /* Apply the SHA-512 compression function to update a..h */ - T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + - (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); - T2 = Sigma0_512(a) + Maj(a, b, c); - h = g; - g = f; - f = e; - e = d + T1; - d = c; - c = b; - b = a; - a = T1 + T2; - - j++; - } while (j < 80); - - /* Compute the current intermediate hash value */ - state_out[0] = state_in[0] + a; - state_out[1] = state_in[1] + b; - state_out[2] = state_in[2] + c; - state_out[3] = state_in[3] + d; - state_out[4] = state_in[4] + e; - state_out[5] = state_in[5] + f; - state_out[6] = state_in[6] + g; - state_out[7] = state_in[7] + h; - - /* Clean up */ - a = b = c = d = e = f = g = h = T1 = T2 = 0; -} - -#endif /* SHA2_UNROLL_TRANSFORM */ - -void sha512_Update(SHA512_CTX* context, const sha2_byte *data, size_t len) { - unsigned int freespace = 0, usedspace = 0; - - if (len == 0) { - /* Calling with no data is valid - we do nothing */ - return; - } - - usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH; - if (usedspace > 0) { - /* Calculate how much free space is available in the buffer */ - freespace = SHA512_BLOCK_LENGTH - usedspace; - - if (len >= freespace) { - /* Fill the buffer completely and process it */ - MEMCPY_BCOPY(((uint8_t*)context->buffer) + usedspace, data, freespace); - ADDINC128(context->bitcount, freespace << 3); - len -= freespace; - data += freespace; -#if BYTE_ORDER == LITTLE_ENDIAN - /* Convert TO host byte order */ - for (int j = 0; j < 16; j++) { - REVERSE64(context->buffer[j],context->buffer[j]); - } -#endif - sha512_Transform(context->state, context->buffer, context->state); - } else { - /* The buffer is not yet full */ - MEMCPY_BCOPY(((uint8_t*)context->buffer) + usedspace, data, len); - ADDINC128(context->bitcount, len << 3); - /* Clean up: */ - usedspace = freespace = 0; - return; - } - } - while (len >= SHA512_BLOCK_LENGTH) { - /* Process as many complete blocks as we can */ - MEMCPY_BCOPY(context->buffer, data, SHA512_BLOCK_LENGTH); -#if BYTE_ORDER == LITTLE_ENDIAN - /* Convert TO host byte order */ - for (int j = 0; j < 16; j++) { - REVERSE64(context->buffer[j],context->buffer[j]); - } -#endif - sha512_Transform(context->state, context->buffer, context->state); - ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3); - len -= SHA512_BLOCK_LENGTH; - data += SHA512_BLOCK_LENGTH; - } - if (len > 0) { - /* There's left-overs, so save 'em */ - MEMCPY_BCOPY(context->buffer, data, len); - ADDINC128(context->bitcount, len << 3); - } - /* Clean up: */ - usedspace = freespace = 0; -} - -static void sha512_Last(SHA512_CTX* context) { - unsigned int usedspace = 0; - - usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH; - /* Begin padding with a 1 bit: */ - ((uint8_t*)context->buffer)[usedspace++] = 0x80; - - if (usedspace > SHA512_SHORT_BLOCK_LENGTH) { - memzero(((uint8_t*)context->buffer) + usedspace, SHA512_BLOCK_LENGTH - usedspace); - -#if BYTE_ORDER == LITTLE_ENDIAN - /* Convert TO host byte order */ - for (int j = 0; j < 16; j++) { - REVERSE64(context->buffer[j],context->buffer[j]); - } -#endif - /* Do second-to-last transform: */ - sha512_Transform(context->state, context->buffer, context->state); - - /* And prepare the last transform: */ - usedspace = 0; - } - /* Set-up for the last transform: */ - memzero(((uint8_t*)context->buffer) + usedspace, SHA512_SHORT_BLOCK_LENGTH - usedspace); - -#if BYTE_ORDER == LITTLE_ENDIAN - /* Convert TO host byte order */ - for (int j = 0; j < 14; j++) { - REVERSE64(context->buffer[j],context->buffer[j]); - } -#endif - /* Store the length of input data (in bits): */ - context->buffer[14] = context->bitcount[1]; - context->buffer[15] = context->bitcount[0]; - - /* Final transform: */ - sha512_Transform(context->state, context->buffer, context->state); -} - -void sha512_Final(SHA512_CTX* context, sha2_byte digest[]) { - /* If no digest buffer is passed, we don't bother doing this: */ - if (digest != (sha2_byte*)0) { - sha512_Last(context); - - /* Save the hash data for output: */ -#if BYTE_ORDER == LITTLE_ENDIAN - /* Convert FROM host byte order */ - for (int j = 0; j < 8; j++) { - REVERSE64(context->state[j],context->state[j]); - } -#endif - MEMCPY_BCOPY(digest, context->state, SHA512_DIGEST_LENGTH); - } - - /* Zero out state data */ - memzero(context, sizeof(SHA512_CTX)); -} - -char *sha512_End(SHA512_CTX* context, char buffer[]) { - sha2_byte digest[SHA512_DIGEST_LENGTH] = {0}, *d = digest; - int i = 0; - - if (buffer != (char*)0) { - sha512_Final(context, digest); - - for (i = 0; i < SHA512_DIGEST_LENGTH; i++) { - *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; - *buffer++ = sha2_hex_digits[*d & 0x0f]; - d++; - } - *buffer = (char)0; - } else { - memzero(context, sizeof(SHA512_CTX)); - } - memzero(digest, SHA512_DIGEST_LENGTH); - return buffer; -} - -void sha512_Raw(const sha2_byte* data, size_t len, uint8_t digest[SHA512_DIGEST_LENGTH]) { - SHA512_CTX context = {0}; - sha512_Init(&context); - sha512_Update(&context, data, len); - sha512_Final(&context, digest); -} - -char* sha512_Data(const sha2_byte* data, size_t len, char digest[SHA512_DIGEST_STRING_LENGTH]) { - SHA512_CTX context = {0}; - - sha512_Init(&context); - sha512_Update(&context, data, len); - return sha512_End(&context, digest); -} diff --git a/Sources/CSr25519/src/sha2.h b/Sources/CSr25519/src/sha2.h deleted file mode 100644 index 628e6c5..0000000 --- a/Sources/CSr25519/src/sha2.h +++ /dev/null @@ -1,89 +0,0 @@ -#ifndef __SHA2_H__ -#define __SHA2_H__ - -#include -#include - -#define SHA1_BLOCK_LENGTH 64 -#define SHA1_DIGEST_LENGTH 20 -#define SHA1_DIGEST_STRING_LENGTH (SHA1_DIGEST_LENGTH * 2 + 1) -#define SHA256_BLOCK_LENGTH 64 -#define SHA256_DIGEST_LENGTH 32 -#define SHA256_DIGEST_STRING_LENGTH (SHA256_DIGEST_LENGTH * 2 + 1) -#define SHA512_BLOCK_LENGTH 128 -#define SHA512_DIGEST_LENGTH 64 -#define SHA512_DIGEST_STRING_LENGTH (SHA512_DIGEST_LENGTH * 2 + 1) - -typedef struct _SHA1_CTX { - uint32_t state[5]; - uint64_t bitcount; - uint32_t buffer[SHA1_BLOCK_LENGTH/sizeof(uint32_t)]; -} SHA1_CTX; - -typedef struct _SHA256_CTX { - uint32_t state[8]; - uint64_t bitcount; - uint32_t buffer[SHA256_BLOCK_LENGTH/sizeof(uint32_t)]; -} SHA256_CTX; - -typedef struct _SHA512_CTX { - uint64_t state[8]; - uint64_t bitcount[2]; - uint64_t buffer[SHA512_BLOCK_LENGTH/sizeof(uint64_t)]; -} SHA512_CTX; - -/*** ENDIAN REVERSAL MACROS *******************************************/ -#ifndef LITTLE_ENDIAN -#define LITTLE_ENDIAN 1234 -#define BIG_ENDIAN 4321 -#endif - -#ifndef BYTE_ORDER -#define BYTE_ORDER LITTLE_ENDIAN -#endif - -#if BYTE_ORDER == LITTLE_ENDIAN -#define REVERSE32(w,x) { \ - uint32_t tmp = (w); \ - tmp = (tmp >> 16) | (tmp << 16); \ - (x) = ((tmp & (uint32_t)0xff00ff00UL) >> 8) | ((tmp & (uint32_t)0x00ff00ffUL) << 8); \ -} - -#define REVERSE64(w,x) { \ - uint64_t tmp = (w); \ - tmp = (tmp >> 32) | (tmp << 32); \ - tmp = ((tmp & 0xff00ff00ff00ff00ULL) >> 8) | \ - ((tmp & 0x00ff00ff00ff00ffULL) << 8); \ - (x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) | \ - ((tmp & 0x0000ffff0000ffffULL) << 16); \ -} -#endif /* BYTE_ORDER == LITTLE_ENDIAN */ - -extern const uint32_t sha256_initial_hash_value[8]; -extern const uint64_t sha512_initial_hash_value[8]; - -void sha1_Transform(const uint32_t* state_in, const uint32_t* data, uint32_t* state_out); -void sha1_Init(SHA1_CTX *); -void sha1_Update(SHA1_CTX*, const uint8_t*, size_t); -void sha1_Final(SHA1_CTX*, uint8_t[SHA1_DIGEST_LENGTH]); -char* sha1_End(SHA1_CTX*, char[SHA1_DIGEST_STRING_LENGTH]); -void sha1_Raw(const uint8_t*, size_t, uint8_t[SHA1_DIGEST_LENGTH]); -char* sha1_Data(const uint8_t*, size_t, char[SHA1_DIGEST_STRING_LENGTH]); - -void sha256_Transform(const uint32_t* state_in, const uint32_t* data, uint32_t* state_out); -void sha256_Init(SHA256_CTX *); -void sha256_Update(SHA256_CTX*, const uint8_t*, size_t); -void sha256_Final(SHA256_CTX*, uint8_t[SHA256_DIGEST_LENGTH]); -char* sha256_End(SHA256_CTX*, char[SHA256_DIGEST_STRING_LENGTH]); -void sha256_Raw(const uint8_t*, size_t, uint8_t[SHA256_DIGEST_LENGTH]); -char* sha256_Data(const uint8_t*, size_t, char[SHA256_DIGEST_STRING_LENGTH]); - -void sha512_Transform(const uint64_t* state_in, const uint64_t* data, uint64_t* state_out); -void sha512_Init(SHA512_CTX*); -void sha512_Update(SHA512_CTX*, const uint8_t*, size_t); -void sha512_Final(SHA512_CTX*, uint8_t[SHA512_DIGEST_LENGTH]); -char* sha512_End(SHA512_CTX*, char[SHA512_DIGEST_STRING_LENGTH]); -void sha512_Raw(const uint8_t*, size_t, uint8_t[SHA512_DIGEST_LENGTH]); -char* sha512_Data(const uint8_t*, size_t, char[SHA512_DIGEST_STRING_LENGTH]); - -#endif diff --git a/Sources/CSr25519/src/sr25519-hash-custom.h b/Sources/CSr25519/src/sr25519-hash-custom.h index 9566952..7c5a2a7 100644 --- a/Sources/CSr25519/src/sr25519-hash-custom.h +++ b/Sources/CSr25519/src/sr25519-hash-custom.h @@ -8,3 +8,33 @@ void sr25519_hash_final(sr25519_hash_context *ctx, uint8_t *hash); void sr25519_hash(uint8_t *hash, const uint8_t *in, size_t inlen); */ + +#if __has_include() +#include +#elif __has_include() +#include +#else +#include +#endif + +typedef SHA512_CTX sr25519_hash_context; + +static void +sr25519_hash_init(sr25519_hash_context *ctx) { + sha512_Init(ctx); +} + +static void +sr25519_hash_update(sr25519_hash_context *ctx, const uint8_t *in, size_t inlen) { + sha512_Update(ctx, in, inlen); +} + +static void +sr25519_hash_final(sr25519_hash_context *ctx, uint8_t *hash) { + sha512_Final(ctx, hash); +} + +static void +sr25519_hash(uint8_t *hash, const uint8_t *in, size_t inlen) { + sha512_Raw(in, inlen, hash); +} diff --git a/Sr25519.podspec b/Sr25519.podspec index 658a871..c2c21b2 100644 --- a/Sr25519.podspec +++ b/Sr25519.podspec @@ -1,6 +1,6 @@ Pod::Spec.new do |s| s.name = 'Sr25519' - s.version = '0.1.2' + s.version = '0.1.3' s.summary = 'Swift wrapper for sr25519-donna C library' s.description = <<-DESC @@ -27,10 +27,12 @@ Swift wrapper for sr25519-donna C library. Provides Sr25519 and Ed25519 wrappers ss.public_header_files = 'Sources/CSr25519/src/sr25519.h', 'Sources/CSr25519/src/sr25519-random*.h', 'Sources/CSr25519/src/ed25519-donna/ed25519.h' ss.pod_target_xcconfig = { - 'GCC_PREPROCESSOR_DEFINITIONS' => '$(inherited) ED25519_CUSTOMRANDOM ED25519_CUSTOMHASH ED25519_NO_INLINE_ASM', + 'GCC_PREPROCESSOR_DEFINITIONS' => '$(inherited) ED25519_CUSTOMRANDOM ED25519_CUSTOMHASH ED25519_NO_INLINE_ASM SR25519_CUSTOMHASH', 'GCC_WARN_UNUSED_FUNCTION' => 'NO', 'GCC_WARN_UNUSED_VARIABLE' => 'NO' } + + ss.dependency 'UncommonCrypto', '~> 0.1.0' end s.subspec 'Helpers' do |ss|