LCOV - code coverage report
Current view: top level - src - sha256.c (source / functions) Coverage Total Hit
Test: coverage.info Lines: 0.0 % 129 0
Test Date: 2024-07-22 12:36:40 Functions: 0.0 % 5 0

            Line data    Source code
       1              : /*
       2              :  * Code originally from LibTomCrypt -- Licensed under the Public Domain/WTFPL2.0
       3              :  */
       4              : 
       5              : #include "sha256.h"
       6              : #include "sha.h"
       7              : 
       8              : /* Various logical functions */
       9              : #define Ch(x, y, z) (z ^ (x & (y ^ z)))
      10              : #define Maj(x, y, z) (((x | y) & z) | (x & y))
      11              : #define S(x, n) RORc((x), (n))
      12              : #define R(x, n) (((x)&0xFFFFFFFFUL) >> (n))
      13              : #define Sigma0(x) (S(x, 2) ^ S(x, 13) ^ S(x, 22))
      14              : #define Sigma1(x) (S(x, 6) ^ S(x, 11) ^ S(x, 25))
      15              : #define Gamma0(x) (S(x, 7) ^ S(x, 18) ^ R(x, 3))
      16              : #define Gamma1(x) (S(x, 17) ^ S(x, 19) ^ R(x, 10))
      17              : 
      18            0 : static void sha256_compress(sha256_context *md, const uint8_t *buf)
      19              : {
      20            0 :     uint32_t S[8], W[64], t0, t1;
      21            0 :     int i;
      22              : 
      23              :     /* copy state into S */
      24            0 :     for (i = 0; i < 8; i++) {
      25            0 :         S[i] = md->state[i];
      26              :     }
      27              : 
      28              :     /* copy the state into 512-bits into W[0..15] */
      29            0 :     for (i = 0; i < 16; i++) {
      30            0 :         LOAD32H(W[i], buf + (4 * i));
      31              :     }
      32              : 
      33              :     /* fill W[16..63] */
      34            0 :     for (i = 16; i < 64; i++) {
      35            0 :         W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + W[i - 16];
      36              :     }
      37              : 
      38              :     /* Compress */
      39              : #define RND(a, b, c, d, e, f, g, h, i, ki)        \
      40              :     t0 = h + Sigma1(e) + Ch(e, f, g) + ki + W[i]; \
      41              :     t1 = Sigma0(a) + Maj(a, b, c);                \
      42              :     d += t0;                                      \
      43              :     h = t0 + t1;
      44              : 
      45            0 :     RND(S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7], 0, 0x428a2f98);
      46            0 :     RND(S[7], S[0], S[1], S[2], S[3], S[4], S[5], S[6], 1, 0x71374491);
      47            0 :     RND(S[6], S[7], S[0], S[1], S[2], S[3], S[4], S[5], 2, 0xb5c0fbcf);
      48            0 :     RND(S[5], S[6], S[7], S[0], S[1], S[2], S[3], S[4], 3, 0xe9b5dba5);
      49            0 :     RND(S[4], S[5], S[6], S[7], S[0], S[1], S[2], S[3], 4, 0x3956c25b);
      50            0 :     RND(S[3], S[4], S[5], S[6], S[7], S[0], S[1], S[2], 5, 0x59f111f1);
      51            0 :     RND(S[2], S[3], S[4], S[5], S[6], S[7], S[0], S[1], 6, 0x923f82a4);
      52            0 :     RND(S[1], S[2], S[3], S[4], S[5], S[6], S[7], S[0], 7, 0xab1c5ed5);
      53            0 :     RND(S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7], 8, 0xd807aa98);
      54            0 :     RND(S[7], S[0], S[1], S[2], S[3], S[4], S[5], S[6], 9, 0x12835b01);
      55            0 :     RND(S[6], S[7], S[0], S[1], S[2], S[3], S[4], S[5], 10, 0x243185be);
      56            0 :     RND(S[5], S[6], S[7], S[0], S[1], S[2], S[3], S[4], 11, 0x550c7dc3);
      57            0 :     RND(S[4], S[5], S[6], S[7], S[0], S[1], S[2], S[3], 12, 0x72be5d74);
      58            0 :     RND(S[3], S[4], S[5], S[6], S[7], S[0], S[1], S[2], 13, 0x80deb1fe);
      59            0 :     RND(S[2], S[3], S[4], S[5], S[6], S[7], S[0], S[1], 14, 0x9bdc06a7);
      60            0 :     RND(S[1], S[2], S[3], S[4], S[5], S[6], S[7], S[0], 15, 0xc19bf174);
      61            0 :     RND(S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7], 16, 0xe49b69c1);
      62            0 :     RND(S[7], S[0], S[1], S[2], S[3], S[4], S[5], S[6], 17, 0xefbe4786);
      63            0 :     RND(S[6], S[7], S[0], S[1], S[2], S[3], S[4], S[5], 18, 0x0fc19dc6);
      64            0 :     RND(S[5], S[6], S[7], S[0], S[1], S[2], S[3], S[4], 19, 0x240ca1cc);
      65            0 :     RND(S[4], S[5], S[6], S[7], S[0], S[1], S[2], S[3], 20, 0x2de92c6f);
      66            0 :     RND(S[3], S[4], S[5], S[6], S[7], S[0], S[1], S[2], 21, 0x4a7484aa);
      67            0 :     RND(S[2], S[3], S[4], S[5], S[6], S[7], S[0], S[1], 22, 0x5cb0a9dc);
      68            0 :     RND(S[1], S[2], S[3], S[4], S[5], S[6], S[7], S[0], 23, 0x76f988da);
      69            0 :     RND(S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7], 24, 0x983e5152);
      70            0 :     RND(S[7], S[0], S[1], S[2], S[3], S[4], S[5], S[6], 25, 0xa831c66d);
      71            0 :     RND(S[6], S[7], S[0], S[1], S[2], S[3], S[4], S[5], 26, 0xb00327c8);
      72            0 :     RND(S[5], S[6], S[7], S[0], S[1], S[2], S[3], S[4], 27, 0xbf597fc7);
      73            0 :     RND(S[4], S[5], S[6], S[7], S[0], S[1], S[2], S[3], 28, 0xc6e00bf3);
      74            0 :     RND(S[3], S[4], S[5], S[6], S[7], S[0], S[1], S[2], 29, 0xd5a79147);
      75            0 :     RND(S[2], S[3], S[4], S[5], S[6], S[7], S[0], S[1], 30, 0x06ca6351);
      76            0 :     RND(S[1], S[2], S[3], S[4], S[5], S[6], S[7], S[0], 31, 0x14292967);
      77            0 :     RND(S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7], 32, 0x27b70a85);
      78            0 :     RND(S[7], S[0], S[1], S[2], S[3], S[4], S[5], S[6], 33, 0x2e1b2138);
      79            0 :     RND(S[6], S[7], S[0], S[1], S[2], S[3], S[4], S[5], 34, 0x4d2c6dfc);
      80            0 :     RND(S[5], S[6], S[7], S[0], S[1], S[2], S[3], S[4], 35, 0x53380d13);
      81            0 :     RND(S[4], S[5], S[6], S[7], S[0], S[1], S[2], S[3], 36, 0x650a7354);
      82            0 :     RND(S[3], S[4], S[5], S[6], S[7], S[0], S[1], S[2], 37, 0x766a0abb);
      83            0 :     RND(S[2], S[3], S[4], S[5], S[6], S[7], S[0], S[1], 38, 0x81c2c92e);
      84            0 :     RND(S[1], S[2], S[3], S[4], S[5], S[6], S[7], S[0], 39, 0x92722c85);
      85            0 :     RND(S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7], 40, 0xa2bfe8a1);
      86            0 :     RND(S[7], S[0], S[1], S[2], S[3], S[4], S[5], S[6], 41, 0xa81a664b);
      87            0 :     RND(S[6], S[7], S[0], S[1], S[2], S[3], S[4], S[5], 42, 0xc24b8b70);
      88            0 :     RND(S[5], S[6], S[7], S[0], S[1], S[2], S[3], S[4], 43, 0xc76c51a3);
      89            0 :     RND(S[4], S[5], S[6], S[7], S[0], S[1], S[2], S[3], 44, 0xd192e819);
      90            0 :     RND(S[3], S[4], S[5], S[6], S[7], S[0], S[1], S[2], 45, 0xd6990624);
      91            0 :     RND(S[2], S[3], S[4], S[5], S[6], S[7], S[0], S[1], 46, 0xf40e3585);
      92            0 :     RND(S[1], S[2], S[3], S[4], S[5], S[6], S[7], S[0], 47, 0x106aa070);
      93            0 :     RND(S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7], 48, 0x19a4c116);
      94            0 :     RND(S[7], S[0], S[1], S[2], S[3], S[4], S[5], S[6], 49, 0x1e376c08);
      95            0 :     RND(S[6], S[7], S[0], S[1], S[2], S[3], S[4], S[5], 50, 0x2748774c);
      96            0 :     RND(S[5], S[6], S[7], S[0], S[1], S[2], S[3], S[4], 51, 0x34b0bcb5);
      97            0 :     RND(S[4], S[5], S[6], S[7], S[0], S[1], S[2], S[3], 52, 0x391c0cb3);
      98            0 :     RND(S[3], S[4], S[5], S[6], S[7], S[0], S[1], S[2], 53, 0x4ed8aa4a);
      99            0 :     RND(S[2], S[3], S[4], S[5], S[6], S[7], S[0], S[1], 54, 0x5b9cca4f);
     100            0 :     RND(S[1], S[2], S[3], S[4], S[5], S[6], S[7], S[0], 55, 0x682e6ff3);
     101            0 :     RND(S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7], 56, 0x748f82ee);
     102            0 :     RND(S[7], S[0], S[1], S[2], S[3], S[4], S[5], S[6], 57, 0x78a5636f);
     103            0 :     RND(S[6], S[7], S[0], S[1], S[2], S[3], S[4], S[5], 58, 0x84c87814);
     104            0 :     RND(S[5], S[6], S[7], S[0], S[1], S[2], S[3], S[4], 59, 0x8cc70208);
     105            0 :     RND(S[4], S[5], S[6], S[7], S[0], S[1], S[2], S[3], 60, 0x90befffa);
     106            0 :     RND(S[3], S[4], S[5], S[6], S[7], S[0], S[1], S[2], 61, 0xa4506ceb);
     107            0 :     RND(S[2], S[3], S[4], S[5], S[6], S[7], S[0], S[1], 62, 0xbef9a3f7);
     108            0 :     RND(S[1], S[2], S[3], S[4], S[5], S[6], S[7], S[0], 63, 0xc67178f2);
     109              : 
     110              : #undef RND
     111              : 
     112              :     /* feedback */
     113            0 :     for (i = 0; i < 8; i++) {
     114            0 :         md->state[i] = md->state[i] + S[i];
     115              :     }
     116            0 : }
     117              : 
     118            0 : void sha256_init(sha256_context *md)
     119              : {
     120            0 :     md->curlen = 0;
     121            0 :     md->length = 0;
     122            0 :     md->state[0] = 0x6A09E667UL;
     123            0 :     md->state[1] = 0xBB67AE85UL;
     124            0 :     md->state[2] = 0x3C6EF372UL;
     125            0 :     md->state[3] = 0xA54FF53AUL;
     126            0 :     md->state[4] = 0x510E527FUL;
     127            0 :     md->state[5] = 0x9B05688CUL;
     128            0 :     md->state[6] = 0x1F83D9ABUL;
     129            0 :     md->state[7] = 0x5BE0CD19UL;
     130            0 : }
     131              : 
     132            0 : void sha256_process(sha256_context *md, const uint8_t *in, size_t inlen)
     133              : {
     134            0 :     size_t n;
     135            0 :     if (md->curlen > sizeof(md->buf)) {
     136              :         return;
     137              :     }
     138            0 :     if ((md->length + inlen) < md->length) {
     139              :         return;
     140              :     }
     141            0 :     while (inlen > 0) {
     142            0 :         if (md->curlen == 0 && inlen >= 64) {
     143            0 :             sha256_compress(md, in);
     144            0 :             md->length += 64 * 8;
     145            0 :             in += 64;
     146            0 :             inlen -= 64;
     147              :         } else {
     148            0 :             n = (((inlen) < ((64 - md->curlen))) ? (inlen)
     149              :                                                  : ((64 - md->curlen)));
     150            0 :             memcpy(md->buf + md->curlen, in, (size_t)n);
     151            0 :             md->curlen += n;
     152            0 :             in += n;
     153            0 :             inlen -= n;
     154            0 :             if (md->curlen == 64) {
     155            0 :                 sha256_compress(md, md->buf);
     156            0 :                 md->length += 8 * 64;
     157            0 :                 md->curlen = 0;
     158              :             }
     159              :         }
     160              :     }
     161              : }
     162              : 
     163            0 : void sha256_done(sha256_context *md, uint8_t *out)
     164              : {
     165            0 :     int i;
     166              : 
     167            0 :     if (md->curlen >= sizeof(md->buf)) {
     168              :         return;
     169              :     }
     170              : 
     171              :     /* increase the length of the message */
     172            0 :     md->length += md->curlen * 8;
     173              : 
     174              :     /* append the '1' bit */
     175            0 :     md->buf[md->curlen++] = (uint8_t)0x80;
     176              : 
     177              :     /* if the length is currently above 56 bytes we append zeros
     178              :      * then compress.  Then we can fall back to padding zeros and length
     179              :      * encoding like normal.
     180              :      */
     181            0 :     if (md->curlen > 56) {
     182            0 :         while (md->curlen < 64) {
     183            0 :             md->buf[md->curlen++] = (uint8_t)0;
     184              :         }
     185            0 :         sha256_compress(md, md->buf);
     186            0 :         md->curlen = 0;
     187              :     }
     188              : 
     189              :     /* pad upto 56 bytes of zeroes */
     190            0 :     while (md->curlen < 56) {
     191            0 :         md->buf[md->curlen++] = (uint8_t)0;
     192              :     }
     193              : 
     194              :     /* store length */
     195            0 :     STORE64H(md->length, md->buf + 56);
     196            0 :     sha256_compress(md, md->buf);
     197              : 
     198              :     /* copy output */
     199            0 :     for (i = 0; i < 8; i++) {
     200            0 :         STORE32H(md->state[i], out + (4 * i));
     201              :     }
     202              : }
     203              : 
     204            0 : void sha256_hash(const uint8_t *data, size_t len, uint8_t *digest)
     205              : {
     206            0 :     sha256_context md;
     207            0 :     sha256_init(&md);
     208            0 :     sha256_process(&md, data, len);
     209            0 :     sha256_done(&md, digest);
     210            0 : }
        

Generated by: LCOV version 2.0-1