aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDenis Vlasenko <vda.linux@googlemail.com>2008-11-10 13:32:50 +0000
committerDenis Vlasenko <vda.linux@googlemail.com>2008-11-10 13:32:50 +0000
commit56dceb9b7722193ef53fb1afb981f1289eecb0b0 (patch)
tree105363bf752df3c53e3d1165c8668af1983d5742
parentc028ec280a71c45ba71bb4712db1968391a440cc (diff)
downloadbusybox-w32-56dceb9b7722193ef53fb1afb981f1289eecb0b0.tar.gz
busybox-w32-56dceb9b7722193ef53fb1afb981f1289eecb0b0.tar.bz2
busybox-w32-56dceb9b7722193ef53fb1afb981f1289eecb0b0.zip
sha256,sha512: new applets. +4.9kb
we will require sha256/512 code for new $5$ and $6$ style password hashes anyway, they are showing up already in people's /etc/passwd...
Diffstat
-rw-r--r--coreutils/Config.in12
-rw-r--r--coreutils/md5_sha1_sum.c35
-rw-r--r--include/applets.h2
-rw-r--r--include/libbb.h19
-rw-r--r--include/usage.h53
-rw-r--r--libbb/sha1.c566
6 files changed, 635 insertions, 52 deletions
diff --git a/coreutils/Config.in b/coreutils/Config.in
index 8cbc92f1e..b734f8e30 100644
--- a/coreutils/Config.in
+++ b/coreutils/Config.in
@@ -509,6 +509,18 @@ config SHA1SUM
509 help 509 help
510 Compute and check SHA1 message digest 510 Compute and check SHA1 message digest
511 511
512config SHA256SUM
513 bool "sha256sum"
514 default n
515 help
516 Compute and check SHA256 message digest
517
518config SHA512SUM
519 bool "sha512sum"
520 default n
521 help
522 Compute and check SHA512 message digest
523
512config SLEEP 524config SLEEP
513 bool "sleep" 525 bool "sleep"
514 default n 526 default n
diff --git a/coreutils/md5_sha1_sum.c b/coreutils/md5_sha1_sum.c
index a5681589b..a988b9cbf 100644
--- a/coreutils/md5_sha1_sum.c
+++ b/coreutils/md5_sha1_sum.c
@@ -8,7 +8,13 @@
8 8
9#include "libbb.h" 9#include "libbb.h"
10 10
11typedef enum { HASH_SHA1, HASH_MD5 } hash_algo_t; 11typedef enum {
12 /* 4th letter of applet_name is... */
13 HASH_MD5 = 's', /* "md5>s<um" */
14 HASH_SHA1 = '1',
15 HASH_SHA256 = '2',
16 HASH_SHA512 = '5',
17} hash_algo_t;
12 18
13#define FLAG_SILENT 1 19#define FLAG_SILENT 1
14#define FLAG_CHECK 2 20#define FLAG_CHECK 2
@@ -24,10 +30,12 @@ static unsigned char *hash_bin_to_hex(unsigned char *hash_value,
24 return (unsigned char *)hex_value; 30 return (unsigned char *)hex_value;
25} 31}
26 32
27static uint8_t *hash_file(const char *filename, hash_algo_t hash_algo) 33static uint8_t *hash_file(const char *filename /*, hash_algo_t hash_algo*/)
28{ 34{
29 int src_fd, hash_len, count; 35 int src_fd, hash_len, count;
30 union _ctx_ { 36 union _ctx_ {
37 sha512_ctx_t sha512;
38 sha256_ctx_t sha256;
31 sha1_ctx_t sha1; 39 sha1_ctx_t sha1;
32 md5_ctx_t md5; 40 md5_ctx_t md5;
33 } context; 41 } context;
@@ -35,6 +43,7 @@ static uint8_t *hash_file(const char *filename, hash_algo_t hash_algo)
35 RESERVE_CONFIG_UBUFFER(in_buf, 4096); 43 RESERVE_CONFIG_UBUFFER(in_buf, 4096);
36 void FAST_FUNC (*update)(const void*, size_t, void*); 44 void FAST_FUNC (*update)(const void*, size_t, void*);
37 void FAST_FUNC (*final)(void*, void*); 45 void FAST_FUNC (*final)(void*, void*);
46 hash_algo_t hash_algo = applet_name[3];
38 47
39 src_fd = open_or_warn_stdin(filename); 48 src_fd = open_or_warn_stdin(filename);
40 if (src_fd < 0) { 49 if (src_fd < 0) {
@@ -42,16 +51,26 @@ static uint8_t *hash_file(const char *filename, hash_algo_t hash_algo)
42 } 51 }
43 52
44 /* figure specific hash algorithims */ 53 /* figure specific hash algorithims */
45 if (ENABLE_MD5SUM && hash_algo==HASH_MD5) { 54 if (ENABLE_MD5SUM && hash_algo == HASH_MD5) {
46 md5_begin(&context.md5); 55 md5_begin(&context.md5);
47 update = (void*)md5_hash; 56 update = (void*)md5_hash;
48 final = (void*)md5_end; 57 final = (void*)md5_end;
49 hash_len = 16; 58 hash_len = 16;
50 } else if (ENABLE_SHA1SUM && hash_algo==HASH_SHA1) { 59 } else if (ENABLE_SHA1SUM && hash_algo == HASH_SHA1) {
51 sha1_begin(&context.sha1); 60 sha1_begin(&context.sha1);
52 update = (void*)sha1_hash; 61 update = (void*)sha1_hash;
53 final = (void*)sha1_end; 62 final = (void*)sha1_end;
54 hash_len = 20; 63 hash_len = 20;
64 } else if (ENABLE_SHA256SUM && hash_algo == HASH_SHA256) {
65 sha256_begin(&context.sha256);
66 update = (void*)sha256_hash;
67 final = (void*)sha256_end;
68 hash_len = 32;
69 } else if (ENABLE_SHA512SUM && hash_algo == HASH_SHA512) {
70 sha512_begin(&context.sha512);
71 update = (void*)sha512_hash;
72 final = (void*)sha512_end;
73 hash_len = 64;
55 } else { 74 } else {
56 bb_error_msg_and_die("algorithm not supported"); 75 bb_error_msg_and_die("algorithm not supported");
57 } 76 }
@@ -80,9 +99,7 @@ int md5_sha1_sum_main(int argc UNUSED_PARAM, char **argv)
80 int return_value = EXIT_SUCCESS; 99 int return_value = EXIT_SUCCESS;
81 uint8_t *hash_value; 100 uint8_t *hash_value;
82 unsigned flags; 101 unsigned flags;
83 hash_algo_t hash_algo = ENABLE_MD5SUM 102 /*hash_algo_t hash_algo = applet_name[3];*/
84 ? (ENABLE_SHA1SUM ? (applet_name[0] == 'm' ? HASH_MD5 : HASH_SHA1) : HASH_MD5)
85 : HASH_SHA1;
86 103
87 if (ENABLE_FEATURE_MD5_SHA1_SUM_CHECK) 104 if (ENABLE_FEATURE_MD5_SHA1_SUM_CHECK)
88 flags = getopt32(argv, "scw"); 105 flags = getopt32(argv, "scw");
@@ -136,7 +153,7 @@ int md5_sha1_sum_main(int argc UNUSED_PARAM, char **argv)
136 *filename_ptr = '\0'; 153 *filename_ptr = '\0';
137 filename_ptr += 2; 154 filename_ptr += 2;
138 155
139 hash_value = hash_file(filename_ptr, hash_algo); 156 hash_value = hash_file(filename_ptr /*, hash_algo*/);
140 157
141 if (hash_value && (strcmp((char*)hash_value, line) == 0)) { 158 if (hash_value && (strcmp((char*)hash_value, line) == 0)) {
142 if (!(flags & FLAG_SILENT)) 159 if (!(flags & FLAG_SILENT))
@@ -162,7 +179,7 @@ int md5_sha1_sum_main(int argc UNUSED_PARAM, char **argv)
162 */ 179 */
163 } else { 180 } else {
164 do { 181 do {
165 hash_value = hash_file(*argv, hash_algo); 182 hash_value = hash_file(*argv/*, hash_algo*/);
166 if (hash_value == NULL) { 183 if (hash_value == NULL) {
167 return_value = EXIT_FAILURE; 184 return_value = EXIT_FAILURE;
168 } else { 185 } else {
diff --git a/include/applets.h b/include/applets.h
index 0e4cbd5a3..286f71d1e 100644
--- a/include/applets.h
+++ b/include/applets.h
@@ -334,6 +334,8 @@ USE_FEATURE_SH_IS_ASH(APPLET_ODDNAME(sh, ash, _BB_DIR_BIN, _BB_SUID_NEVER, sh))
334USE_FEATURE_SH_IS_HUSH(APPLET_ODDNAME(sh, hush, _BB_DIR_BIN, _BB_SUID_NEVER, sh)) 334USE_FEATURE_SH_IS_HUSH(APPLET_ODDNAME(sh, hush, _BB_DIR_BIN, _BB_SUID_NEVER, sh))
335USE_FEATURE_SH_IS_MSH(APPLET_ODDNAME(sh, msh, _BB_DIR_BIN, _BB_SUID_NEVER, sh)) 335USE_FEATURE_SH_IS_MSH(APPLET_ODDNAME(sh, msh, _BB_DIR_BIN, _BB_SUID_NEVER, sh))
336USE_SHA1SUM(APPLET_ODDNAME(sha1sum, md5_sha1_sum, _BB_DIR_USR_BIN, _BB_SUID_NEVER, sha1sum)) 336USE_SHA1SUM(APPLET_ODDNAME(sha1sum, md5_sha1_sum, _BB_DIR_USR_BIN, _BB_SUID_NEVER, sha1sum))
337USE_SHA256SUM(APPLET_ODDNAME(sha256sum, md5_sha1_sum, _BB_DIR_USR_BIN, _BB_SUID_NEVER, sha256sum))
338USE_SHA512SUM(APPLET_ODDNAME(sha512sum, md5_sha1_sum, _BB_DIR_USR_BIN, _BB_SUID_NEVER, sha512sum))
337USE_SHOWKEY(APPLET(showkey, _BB_DIR_USR_BIN, _BB_SUID_NEVER)) 339USE_SHOWKEY(APPLET(showkey, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
338USE_SLATTACH(APPLET(slattach, _BB_DIR_SBIN, _BB_SUID_NEVER)) 340USE_SLATTACH(APPLET(slattach, _BB_DIR_SBIN, _BB_SUID_NEVER))
339USE_SLEEP(APPLET_NOFORK(sleep, sleep, _BB_DIR_BIN, _BB_SUID_NEVER, sleep)) 341USE_SLEEP(APPLET_NOFORK(sleep, sleep, _BB_DIR_BIN, _BB_SUID_NEVER, sleep))
diff --git a/include/libbb.h b/include/libbb.h
index b0f6eaee2..839a0de49 100644
--- a/include/libbb.h
+++ b/include/libbb.h
@@ -1310,7 +1310,24 @@ typedef struct sha1_ctx_t {
1310void sha1_begin(sha1_ctx_t *ctx) FAST_FUNC; 1310void sha1_begin(sha1_ctx_t *ctx) FAST_FUNC;
1311void sha1_hash(const void *data, size_t length, sha1_ctx_t *ctx) FAST_FUNC; 1311void sha1_hash(const void *data, size_t length, sha1_ctx_t *ctx) FAST_FUNC;
1312void *sha1_end(void *resbuf, sha1_ctx_t *ctx) FAST_FUNC; 1312void *sha1_end(void *resbuf, sha1_ctx_t *ctx) FAST_FUNC;
1313 1313typedef struct sha256_ctx_t {
1314 uint32_t H[8];
1315 uint32_t total[2]; /* rename to "count"? */
1316 uint32_t buflen;
1317 char buffer[128]; /* NB: always correctly aligned for uint32_t */
1318} sha256_ctx_t;
1319void sha256_begin(sha256_ctx_t *ctx) FAST_FUNC;
1320void sha256_hash(const void *buffer, size_t len, sha256_ctx_t *ctx) FAST_FUNC;
1321void* sha256_end(void *resbuf, sha256_ctx_t *ctx) FAST_FUNC;
1322typedef struct sha512_ctx_t {
1323 uint64_t H[8];
1324 uint64_t total[2];
1325 uint64_t buflen;
1326 char buffer[256]; /* NB: always correctly aligned for uint64_t */
1327} sha512_ctx_t;
1328void sha512_begin(sha512_ctx_t *ctx) FAST_FUNC;
1329void sha512_hash(const void *buffer, size_t len, sha512_ctx_t *ctx) FAST_FUNC;
1330void* sha512_end(void *resbuf, sha512_ctx_t *ctx) FAST_FUNC;
1314typedef struct md5_ctx_t { 1331typedef struct md5_ctx_t {
1315 uint32_t A; 1332 uint32_t A;
1316 uint32_t B; 1333 uint32_t B;
diff --git a/include/usage.h b/include/usage.h
index fcd488ea7..75b44a25b 100644
--- a/include/usage.h
+++ b/include/usage.h
@@ -2404,9 +2404,10 @@
2404 "Print" USE_FEATURE_MD5_SHA1_SUM_CHECK(" or check") " MD5 checksums" \ 2404 "Print" USE_FEATURE_MD5_SHA1_SUM_CHECK(" or check") " MD5 checksums" \
2405 USE_FEATURE_MD5_SHA1_SUM_CHECK( "\n" \ 2405 USE_FEATURE_MD5_SHA1_SUM_CHECK( "\n" \
2406 "\nOptions:" \ 2406 "\nOptions:" \
2407 "\n -c Check MD5 sums against given list" \ 2407 "\n -c Check sums against given list" \
2408 "\n -s Don't output anything, status code shows success" \ 2408 "\n -s Don't output anything, status code shows success" \
2409 "\n -w Warn about improperly formatted MD5 checksum lines") \ 2409 "\n -w Warn about improperly formatted checksum lines" \
2410 )
2410 2411
2411#define md5sum_example_usage \ 2412#define md5sum_example_usage \
2412 "$ md5sum < busybox\n" \ 2413 "$ md5sum < busybox\n" \
@@ -2418,6 +2419,42 @@
2418 "busybox: OK\n" \ 2419 "busybox: OK\n" \
2419 "^D\n" 2420 "^D\n"
2420 2421
2422#define sha1sum_trivial_usage \
2423 "[OPTION] [FILEs...]" \
2424 USE_FEATURE_MD5_SHA1_SUM_CHECK("\n or: sha1sum [OPTION] -c [FILE]")
2425#define sha1sum_full_usage "\n\n" \
2426 "Print" USE_FEATURE_MD5_SHA1_SUM_CHECK(" or check") " SHA1 checksums." \
2427 USE_FEATURE_MD5_SHA1_SUM_CHECK( "\n" \
2428 "\nOptions:" \
2429 "\n -c Check sums against given list" \
2430 "\n -s Don't output anything, status code shows success" \
2431 "\n -w Warn about improperly formatted checksum lines" \
2432 )
2433
2434#define sha256sum_trivial_usage \
2435 "[OPTION] [FILEs...]" \
2436 USE_FEATURE_MD5_SHA1_SUM_CHECK("\n or: sha256sum [OPTION] -c [FILE]")
2437#define sha256sum_full_usage "\n\n" \
2438 "Print" USE_FEATURE_MD5_SHA1_SUM_CHECK(" or check") " SHA1 checksums." \
2439 USE_FEATURE_MD5_SHA1_SUM_CHECK( "\n" \
2440 "\nOptions:" \
2441 "\n -c Check sums against given list" \
2442 "\n -s Don't output anything, status code shows success" \
2443 "\n -w Warn about improperly formatted checksum lines" \
2444 )
2445
2446#define sha512sum_trivial_usage \
2447 "[OPTION] [FILEs...]" \
2448 USE_FEATURE_MD5_SHA1_SUM_CHECK("\n or: sha512sum [OPTION] -c [FILE]")
2449#define sha512sum_full_usage "\n\n" \
2450 "Print" USE_FEATURE_MD5_SHA1_SUM_CHECK(" or check") " SHA1 checksums." \
2451 USE_FEATURE_MD5_SHA1_SUM_CHECK( "\n" \
2452 "\nOptions:" \
2453 "\n -c Check sums against given list" \
2454 "\n -s Don't output anything, status code shows success" \
2455 "\n -w Warn about improperly formatted checksum lines" \
2456 )
2457
2421#define mdev_trivial_usage \ 2458#define mdev_trivial_usage \
2422 "[-s]" 2459 "[-s]"
2423#define mdev_full_usage "\n\n" \ 2460#define mdev_full_usage "\n\n" \
@@ -3659,18 +3696,6 @@
3659 "\n -f file Read from file instead of /var/log/wtmp" \ 3696 "\n -f file Read from file instead of /var/log/wtmp" \
3660 ) 3697 )
3661 3698
3662#define sha1sum_trivial_usage \
3663 "[OPTION] [FILEs...]" \
3664 USE_FEATURE_MD5_SHA1_SUM_CHECK("\n or: sha1sum [OPTION] -c [FILE]")
3665#define sha1sum_full_usage "\n\n" \
3666 "Print" USE_FEATURE_MD5_SHA1_SUM_CHECK(" or check") " SHA1 checksums." \
3667 USE_FEATURE_MD5_SHA1_SUM_CHECK( "\n" \
3668 "\nOptions:" \
3669 "\n -c Check SHA1 sums against given list" \
3670 "\n -s Don't output anything, status code shows success" \
3671 "\n -w Warn about improperly formatted SHA1 checksum lines" \
3672 )
3673
3674#define showkey_trivial_usage \ 3699#define showkey_trivial_usage \
3675 "[-a | -k | -s]" 3700 "[-a | -k | -s]"
3676#define showkey_full_usage "\n\n" \ 3701#define showkey_full_usage "\n\n" \
diff --git a/libbb/sha1.c b/libbb/sha1.c
index ae72e4da7..fa468a295 100644
--- a/libbb/sha1.c
+++ b/libbb/sha1.c
@@ -1,43 +1,57 @@
1/* vi: set sw=4 ts=4: */ 1/* vi: set sw=4 ts=4: */
2/* 2/*
3 * Based on shasum from http://www.netsw.org/crypto/hash/ 3 * Based on shasum from http://www.netsw.org/crypto/hash/
4 * Majorly hacked up to use Dr Brian Gladman's sha1 code 4 * Majorly hacked up to use Dr Brian Gladman's sha1 code
5 * 5 *
6 * Copyright (C) 2002 Dr Brian Gladman <brg@gladman.me.uk>, Worcester, UK. 6 * Copyright (C) 2002 Dr Brian Gladman <brg@gladman.me.uk>, Worcester, UK.
7 * Copyright (C) 2003 Glenn L. McGrath 7 * Copyright (C) 2003 Glenn L. McGrath
8 * Copyright (C) 2003 Erik Andersen 8 * Copyright (C) 2003 Erik Andersen
9 * 9 *
10 * Licensed under GPLv2 or later, see file LICENSE in this tarball for details. 10 * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
11 * 11 *
12 * --------------------------------------------------------------------------- 12 * ---------------------------------------------------------------------------
13 * Issue Date: 10/11/2002 13 * Issue Date: 10/11/2002
14 * 14 *
15 * This is a byte oriented version of SHA1 that operates on arrays of bytes 15 * This is a byte oriented version of SHA1 that operates on arrays of bytes
16 * stored in memory. It runs at 22 cycles per byte on a Pentium P4 processor 16 * stored in memory. It runs at 22 cycles per byte on a Pentium P4 processor
17 *
18 * ---------------------------------------------------------------------------
19 *
20 * SHA256 and SHA512 parts are:
21 * Released into the Public Domain by Ulrich Drepper <drepper@redhat.com>.
22 * TODO: shrink them.
17 */ 23 */
18 24
19#include "libbb.h" 25#include "libbb.h"
20 26
27#define rotl32(x,n) (((x) << (n)) | ((x) >> (32 - (n))))
28#define rotr32(x,n) (((x) >> (n)) | ((x) << (32 - (n))))
29/* for sha512: */
30#define rotr64(x,n) (((x) >> (n)) | ((x) << (64 - (n))))
31#if BB_LITTLE_ENDIAN
32static inline uint64_t hton64(uint64_t v)
33{
34 return (((uint64_t)htonl(v)) << 32) | htonl(v >> 32);
35}
36#else
37#define hton64(v) (v)
38#endif
39#define ntoh64(v) hton64(v)
40
41/* To check alignment gcc has an appropriate operator. Other
42 compilers don't. */
43#if defined(__GNUC__) && __GNUC__ >= 2
44# define UNALIGNED_P(p,type) (((uintptr_t) p) % __alignof__(type) != 0)
45#else
46# define UNALIGNED_P(p,type) (((uintptr_t) p) % sizeof(type) != 0)
47#endif
48
49
21#define SHA1_BLOCK_SIZE 64 50#define SHA1_BLOCK_SIZE 64
22#define SHA1_DIGEST_SIZE 20 51#define SHA1_DIGEST_SIZE 20
23#define SHA1_HASH_SIZE SHA1_DIGEST_SIZE 52#define SHA1_HASH_SIZE SHA1_DIGEST_SIZE
24#define SHA1_MASK (SHA1_BLOCK_SIZE - 1) 53#define SHA1_MASK (SHA1_BLOCK_SIZE - 1)
25 54
26#define rotl32(x,n) (((x) << n) | ((x) >> (32 - n)))
27
28/* Reverse byte order in 32-bit words */
29#define ch(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
30#define parity(x,y,z) ((x) ^ (y) ^ (z))
31#define maj(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
32
33/* A normal version as set out in the FIPS. This version uses */
34/* partial loop unrolling and is optimised for the Pentium 4 */
35#define rnd(f,k) \
36 do { \
37 t = a; a = rotl32(a,5) + f(b,c,d) + e + k + w[i]; \
38 e = d; d = c; c = rotl32(b, 30); b = t; \
39 } while (0)
40
41static void sha1_compile(sha1_ctx_t *ctx) 55static void sha1_compile(sha1_ctx_t *ctx)
42{ 56{
43 uint32_t w[80], i, a, b, c, d, e, t; 57 uint32_t w[80], i, a, b, c, d, e, t;
@@ -46,10 +60,12 @@ static void sha1_compile(sha1_ctx_t *ctx)
46 /* words in big-endian order so an order reversal is needed */ 60 /* words in big-endian order so an order reversal is needed */
47 /* here on little endian machines */ 61 /* here on little endian machines */
48 for (i = 0; i < SHA1_BLOCK_SIZE / 4; ++i) 62 for (i = 0; i < SHA1_BLOCK_SIZE / 4; ++i)
49 w[i] = htonl(ctx->wbuf[i]); 63 w[i] = ntohl(ctx->wbuf[i]);
50 64
51 for (i = SHA1_BLOCK_SIZE / 4; i < 80; ++i) 65 for (/*i = SHA1_BLOCK_SIZE / 4*/; i < 80; ++i) {
52 w[i] = rotl32(w[i - 3] ^ w[i - 8] ^ w[i - 14] ^ w[i - 16], 1); 66 t = w[i - 3] ^ w[i - 8] ^ w[i - 14] ^ w[i - 16];
67 w[i] = rotl32(t, 1);
68 }
53 69
54 a = ctx->hash[0]; 70 a = ctx->hash[0];
55 b = ctx->hash[1]; 71 b = ctx->hash[1];
@@ -57,6 +73,18 @@ static void sha1_compile(sha1_ctx_t *ctx)
57 d = ctx->hash[3]; 73 d = ctx->hash[3];
58 e = ctx->hash[4]; 74 e = ctx->hash[4];
59 75
76/* Reverse byte order in 32-bit words */
77#define ch(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
78#define parity(x,y,z) ((x) ^ (y) ^ (z))
79#define maj(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
80/* A normal version as set out in the FIPS. This version uses */
81/* partial loop unrolling and is optimised for the Pentium 4 */
82#define rnd(f,k) \
83 do { \
84 t = a; a = rotl32(a,5) + f(b,c,d) + e + k + w[i]; \
85 e = d; d = c; c = rotl32(b, 30); b = t; \
86 } while (0)
87
60 for (i = 0; i < 20; ++i) 88 for (i = 0; i < 20; ++i)
61 rnd(ch, 0x5a827999); 89 rnd(ch, 0x5a827999);
62 90
@@ -68,6 +96,10 @@ static void sha1_compile(sha1_ctx_t *ctx)
68 96
69 for (i = 60; i < 80; ++i) 97 for (i = 60; i < 80; ++i)
70 rnd(parity, 0xca62c1d6); 98 rnd(parity, 0xca62c1d6);
99#undef ch
100#undef parity
101#undef maj
102#undef rnd
71 103
72 ctx->hash[0] += a; 104 ctx->hash[0] += a;
73 ctx->hash[1] += b; 105 ctx->hash[1] += b;
@@ -76,6 +108,261 @@ static void sha1_compile(sha1_ctx_t *ctx)
76 ctx->hash[4] += e; 108 ctx->hash[4] += e;
77} 109}
78 110
111/* Process LEN bytes of BUFFER, accumulating context into CTX.
112 It is assumed that LEN % 64 == 0. */
113static void sha256_process_block(const void *buffer, size_t len, sha256_ctx_t *ctx)
114{
115 /* Constants for SHA256 from FIPS 180-2:4.2.2. */
116 static const uint32_t K[64] = {
117 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
118 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
119 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
120 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
121 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
122 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
123 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
124 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
125 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
126 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
127 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
128 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
129 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
130 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
131 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
132 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
133 };
134 const uint32_t *words = buffer;
135 size_t nwords = len / sizeof(uint32_t);
136 uint32_t a = ctx->H[0];
137 uint32_t b = ctx->H[1];
138 uint32_t c = ctx->H[2];
139 uint32_t d = ctx->H[3];
140 uint32_t e = ctx->H[4];
141 uint32_t f = ctx->H[5];
142 uint32_t g = ctx->H[6];
143 uint32_t h = ctx->H[7];
144
145 /* First increment the byte count. FIPS 180-2 specifies the possible
146 length of the file up to 2^64 bits. Here we only compute the
147 number of bytes. Do a double word increment. */
148 ctx->total[0] += len;
149 if (ctx->total[0] < len)
150 ctx->total[1]++;
151
152 /* Process all bytes in the buffer with 64 bytes in each round of
153 the loop. */
154 while (nwords > 0) {
155 uint32_t W[64];
156 uint32_t a_save = a;
157 uint32_t b_save = b;
158 uint32_t c_save = c;
159 uint32_t d_save = d;
160 uint32_t e_save = e;
161 uint32_t f_save = f;
162 uint32_t g_save = g;
163 uint32_t h_save = h;
164
165 /* Operators defined in FIPS 180-2:4.1.2. */
166#define Ch(x, y, z) ((x & y) ^ (~x & z))
167#define Maj(x, y, z) ((x & y) ^ (x & z) ^ (y & z))
168#define S0(x) (rotr32(x, 2) ^ rotr32(x, 13) ^ rotr32(x, 22))
169#define S1(x) (rotr32(x, 6) ^ rotr32(x, 11) ^ rotr32(x, 25))
170#define R0(x) (rotr32(x, 7) ^ rotr32(x, 18) ^ (x >> 3))
171#define R1(x) (rotr32(x, 17) ^ rotr32(x, 19) ^ (x >> 10))
172
173 /* Compute the message schedule according to FIPS 180-2:6.2.2 step 2. */
174 for (unsigned t = 0; t < 16; ++t) {
175 W[t] = ntohl(*words);
176 ++words;
177 }
178 for (unsigned t = 16; t < 64; ++t)
179 W[t] = R1(W[t - 2]) + W[t - 7] + R0(W[t - 15]) + W[t - 16];
180
181 /* The actual computation according to FIPS 180-2:6.2.2 step 3. */
182 for (unsigned t = 0; t < 64; ++t) {
183 uint32_t T1 = h + S1(e) + Ch(e, f, g) + K[t] + W[t];
184 uint32_t T2 = S0(a) + Maj(a, b, c);
185 h = g;
186 g = f;
187 f = e;
188 e = d + T1;
189 d = c;
190 c = b;
191 b = a;
192 a = T1 + T2;
193 }
194#undef Ch
195#undef Maj
196#undef S0
197#undef S1
198#undef R0
199#undef R1
200 /* Add the starting values of the context according to FIPS 180-2:6.2.2
201 step 4. */
202 a += a_save;
203 b += b_save;
204 c += c_save;
205 d += d_save;
206 e += e_save;
207 f += f_save;
208 g += g_save;
209 h += h_save;
210
211 /* Prepare for the next round. */
212 nwords -= 16;
213 }
214
215 /* Put checksum in context given as argument. */
216 ctx->H[0] = a;
217 ctx->H[1] = b;
218 ctx->H[2] = c;
219 ctx->H[3] = d;
220 ctx->H[4] = e;
221 ctx->H[5] = f;
222 ctx->H[6] = g;
223 ctx->H[7] = h;
224}
225
226/* Process LEN bytes of BUFFER, accumulating context into CTX.
227 It is assumed that LEN % 128 == 0. */
228static void sha512_process_block(const void *buffer, size_t len, sha512_ctx_t *ctx)
229{
230 /* Constants for SHA512 from FIPS 180-2:4.2.3. */
231 static const uint64_t K[80] = {
232 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
233 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
234 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
235 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
236 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
237 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
238 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
239 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
240 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
241 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
242 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
243 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
244 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
245 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
246 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
247 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
248 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
249 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
250 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
251 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
252 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
253 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
254 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
255 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
256 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
257 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
258 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
259 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
260 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
261 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
262 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
263 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
264 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
265 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
266 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
267 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
268 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
269 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
270 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
271 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL,
272 };
273 const uint64_t *words = buffer;
274 size_t nwords = len / sizeof(uint64_t);
275 uint64_t a = ctx->H[0];
276 uint64_t b = ctx->H[1];
277 uint64_t c = ctx->H[2];
278 uint64_t d = ctx->H[3];
279 uint64_t e = ctx->H[4];
280 uint64_t f = ctx->H[5];
281 uint64_t g = ctx->H[6];
282 uint64_t h = ctx->H[7];
283
284 /* First increment the byte count. FIPS 180-2 specifies the possible
285 length of the file up to 2^128 bits. Here we only compute the
286 number of bytes. Do a double word increment. */
287 ctx->total[0] += len;
288 if (ctx->total[0] < len)
289 ctx->total[1]++;
290
291 /* Process all bytes in the buffer with 128 bytes in each round of
292 the loop. */
293 while (nwords > 0) {
294 uint64_t W[80];
295 uint64_t a_save = a;
296 uint64_t b_save = b;
297 uint64_t c_save = c;
298 uint64_t d_save = d;
299 uint64_t e_save = e;
300 uint64_t f_save = f;
301 uint64_t g_save = g;
302 uint64_t h_save = h;
303
304 /* Operators defined in FIPS 180-2:4.1.2. */
305#define Ch(x, y, z) ((x & y) ^ (~x & z))
306#define Maj(x, y, z) ((x & y) ^ (x & z) ^ (y & z))
307#define S0(x) (rotr64(x, 28) ^ rotr64(x, 34) ^ rotr64(x, 39))
308#define S1(x) (rotr64(x, 14) ^ rotr64(x, 18) ^ rotr64(x, 41))
309#define R0(x) (rotr64(x, 1) ^ rotr64(x, 8) ^ (x >> 7))
310#define R1(x) (rotr64(x, 19) ^ rotr64(x, 61) ^ (x >> 6))
311
312 /* Compute the message schedule according to FIPS 180-2:6.3.2 step 2. */
313 for (unsigned t = 0; t < 16; ++t) {
314 W[t] = ntoh64(*words);
315 ++words;
316 }
317 for (unsigned t = 16; t < 80; ++t)
318 W[t] = R1(W[t - 2]) + W[t - 7] + R0(W[t - 15]) + W[t - 16];
319
320 /* The actual computation according to FIPS 180-2:6.3.2 step 3. */
321 for (unsigned t = 0; t < 80; ++t) {
322 uint64_t T1 = h + S1(e) + Ch(e, f, g) + K[t] + W[t];
323 uint64_t T2 = S0(a) + Maj(a, b, c);
324 h = g;
325 g = f;
326 f = e;
327 e = d + T1;
328 d = c;
329 c = b;
330 b = a;
331 a = T1 + T2;
332 }
333#undef Ch
334#undef Maj
335#undef S0
336#undef S1
337#undef R0
338#undef R1
339 /* Add the starting values of the context according to FIPS 180-2:6.3.2
340 step 4. */
341 a += a_save;
342 b += b_save;
343 c += c_save;
344 d += d_save;
345 e += e_save;
346 f += f_save;
347 g += g_save;
348 h += h_save;
349
350 /* Prepare for the next round. */
351 nwords -= 16;
352 }
353
354 /* Put checksum in context given as argument. */
355 ctx->H[0] = a;
356 ctx->H[1] = b;
357 ctx->H[2] = c;
358 ctx->H[3] = d;
359 ctx->H[4] = e;
360 ctx->H[5] = f;
361 ctx->H[6] = g;
362 ctx->H[7] = h;
363}
364
365
79void FAST_FUNC sha1_begin(sha1_ctx_t *ctx) 366void FAST_FUNC sha1_begin(sha1_ctx_t *ctx)
80{ 367{
81 ctx->count[0] = ctx->count[1] = 0; 368 ctx->count[0] = ctx->count[1] = 0;
@@ -86,6 +373,39 @@ void FAST_FUNC sha1_begin(sha1_ctx_t *ctx)
86 ctx->hash[4] = 0xc3d2e1f0; 373 ctx->hash[4] = 0xc3d2e1f0;
87} 374}
88 375
376/* Initialize structure containing state of computation.
377 (FIPS 180-2:5.3.2) */
378void FAST_FUNC sha256_begin(sha256_ctx_t *ctx)
379{
380 ctx->H[0] = 0x6a09e667;
381 ctx->H[1] = 0xbb67ae85;
382 ctx->H[2] = 0x3c6ef372;
383 ctx->H[3] = 0xa54ff53a;
384 ctx->H[4] = 0x510e527f;
385 ctx->H[5] = 0x9b05688c;
386 ctx->H[6] = 0x1f83d9ab;
387 ctx->H[7] = 0x5be0cd19;
388 ctx->total[0] = ctx->total[1] = 0;
389 ctx->buflen = 0;
390}
391
392/* Initialize structure containing state of computation.
393 (FIPS 180-2:5.3.3) */
394void FAST_FUNC sha512_begin(sha512_ctx_t *ctx)
395{
396 ctx->H[0] = 0x6a09e667f3bcc908ULL;
397 ctx->H[1] = 0xbb67ae8584caa73bULL;
398 ctx->H[2] = 0x3c6ef372fe94f82bULL;
399 ctx->H[3] = 0xa54ff53a5f1d36f1ULL;
400 ctx->H[4] = 0x510e527fade682d1ULL;
401 ctx->H[5] = 0x9b05688c2b3e6c1fULL;
402 ctx->H[6] = 0x1f83d9abfb41bd6bULL;
403 ctx->H[7] = 0x5be0cd19137e2179ULL;
404 ctx->total[0] = ctx->total[1] = 0;
405 ctx->buflen = 0;
406}
407
408
89/* SHA1 hash data in an array of bytes into hash buffer and call the */ 409/* SHA1 hash data in an array of bytes into hash buffer and call the */
90/* hash_compile function as required. */ 410/* hash_compile function as required. */
91void FAST_FUNC sha1_hash(const void *data, size_t length, sha1_ctx_t *ctx) 411void FAST_FUNC sha1_hash(const void *data, size_t length, sha1_ctx_t *ctx)
@@ -94,7 +414,8 @@ void FAST_FUNC sha1_hash(const void *data, size_t length, sha1_ctx_t *ctx)
94 uint32_t freeb = SHA1_BLOCK_SIZE - pos; 414 uint32_t freeb = SHA1_BLOCK_SIZE - pos;
95 const unsigned char *sp = data; 415 const unsigned char *sp = data;
96 416
97 if ((ctx->count[0] += length) < length) 417 ctx->count[0] += length;
418 if (ctx->count[0] < length)
98 ctx->count[1]++; 419 ctx->count[1]++;
99 420
100 while (length >= freeb) { /* transfer whole blocks while possible */ 421 while (length >= freeb) { /* transfer whole blocks while possible */
@@ -109,6 +430,122 @@ void FAST_FUNC sha1_hash(const void *data, size_t length, sha1_ctx_t *ctx)
109 memcpy(((unsigned char *) ctx->wbuf) + pos, sp, length); 430 memcpy(((unsigned char *) ctx->wbuf) + pos, sp, length);
110} 431}
111 432
433void FAST_FUNC sha256_hash(const void *buffer, size_t len, sha256_ctx_t *ctx)
434{
435 /* When we already have some bits in our internal buffer concatenate
436 both inputs first. */
437 if (ctx->buflen != 0) {
438 size_t left_over = ctx->buflen;
439 size_t add = 128 - left_over > len ? len : 128 - left_over;
440
441 memcpy(&ctx->buffer[left_over], buffer, add);
442 ctx->buflen += add;
443
444 if (ctx->buflen > 64) {
445 sha256_process_block(ctx->buffer, ctx->buflen & ~63, ctx);
446
447 ctx->buflen &= 63;
448 /* The regions in the following copy operation cannot overlap. */
449 memcpy(ctx->buffer,
450 &ctx->buffer[(left_over + add) & ~63],
451 ctx->buflen);
452 }
453
454 buffer = (const char *)buffer + add;
455 len -= add;
456 }
457
458 /* Process available complete blocks. */
459 if (len >= 64) {
460 if (UNALIGNED_P(buffer, uint32_t)) {
461 while (len > 64) {
462 sha256_process_block(memcpy(ctx->buffer, buffer, 64),
463 64, ctx);
464 buffer = (const char *)buffer + 64;
465 len -= 64;
466 }
467 } else {
468 sha256_process_block(buffer, len & ~63, ctx);
469 buffer = (const char *)buffer + (len & ~63);
470 len &= 63;
471 }
472 }
473
474 /* Move remaining bytes into internal buffer. */
475 if (len > 0) {
476 size_t left_over = ctx->buflen;
477
478 memcpy(&ctx->buffer[left_over], buffer, len);
479 left_over += len;
480 if (left_over >= 64) {
481 sha256_process_block(ctx->buffer, 64, ctx);
482 left_over -= 64;
483 memcpy(ctx->buffer, &ctx->buffer[64], left_over);
484 }
485 ctx->buflen = left_over;
486 }
487}
488
489void FAST_FUNC sha512_hash(const void *buffer, size_t len, sha512_ctx_t *ctx)
490{
491 /* When we already have some bits in our internal buffer concatenate
492 both inputs first. */
493 if (ctx->buflen != 0) {
494 size_t left_over = ctx->buflen;
495 size_t add = 256 - left_over > len ? len : 256 - left_over;
496
497 memcpy(&ctx->buffer[left_over], buffer, add);
498 ctx->buflen += add;
499
500 if (ctx->buflen > 128) {
501 sha512_process_block(ctx->buffer, ctx->buflen & ~127, ctx);
502
503 ctx->buflen &= 127;
504 /* The regions in the following copy operation cannot overlap. */
505 memcpy(ctx->buffer,
506 &ctx->buffer[(left_over + add) & ~127],
507 ctx->buflen);
508 }
509
510 buffer = (const char *)buffer + add;
511 len -= add;
512 }
513
514 /* Process available complete blocks. */
515 if (len >= 128) {
516// #if BB_ARCH_REQUIRES_ALIGNMENT
517 if (UNALIGNED_P(buffer, uint64_t)) {
518 while (len > 128) {
519 sha512_process_block(memcpy(ctx->buffer, buffer, 128),
520 128, ctx);
521 buffer = (const char *)buffer + 128;
522 len -= 128;
523 }
524 } else
525// #endif
526 {
527 sha512_process_block(buffer, len & ~127, ctx);
528 buffer = (const char *)buffer + (len & ~127);
529 len &= 127;
530 }
531 }
532
533 /* Move remaining bytes into internal buffer. */
534 if (len > 0) {
535 size_t left_over = ctx->buflen;
536
537 memcpy(&ctx->buffer[left_over], buffer, len);
538 left_over += len;
539 if (left_over >= 128) {
540 sha512_process_block(ctx->buffer, 128, ctx);
541 left_over -= 128;
542 memcpy(ctx->buffer, &ctx->buffer[128], left_over);
543 }
544 ctx->buflen = left_over;
545 }
546}
547
548
112void* FAST_FUNC sha1_end(void *resbuf, sha1_ctx_t *ctx) 549void* FAST_FUNC sha1_end(void *resbuf, sha1_ctx_t *ctx)
113{ 550{
114 /* SHA1 Final padding and digest calculation */ 551 /* SHA1 Final padding and digest calculation */
@@ -159,3 +596,76 @@ void* FAST_FUNC sha1_end(void *resbuf, sha1_ctx_t *ctx)
159 596
160 return resbuf; 597 return resbuf;
161} 598}
599
600
601/* Process the remaining bytes in the internal buffer and the usual
602 prolog according to the standard and write the result to RESBUF.
603
604 IMPORTANT: On some systems it is required that RESBUF is correctly
605 aligned for a 32 bits value. */
606void* FAST_FUNC sha256_end(void *resbuf, sha256_ctx_t *ctx)
607{
608 /* Take yet unprocessed bytes into account. */
609 uint32_t bytes = ctx->buflen;
610 size_t pad;
611
612 /* Now count remaining bytes. */
613 ctx->total[0] += bytes;
614 if (ctx->total[0] < bytes)
615 ctx->total[1]++;
616
617 /* Pad the buffer to the next 64-byte boundary with 0x80,0,0,0...
618 (FIPS 180-2:5.1.1) */
619 pad = (bytes >= 56 ? 64 + 56 - bytes : 56 - bytes);
620 memset(&ctx->buffer[bytes], 0, pad);
621 ctx->buffer[bytes] = 0x80;
622
623 /* Put the 64-bit file length in *bits* at the end of the buffer. */
624 *(uint32_t *) &ctx->buffer[bytes + pad + 4] = ntohl(ctx->total[0] << 3);
625 *(uint32_t *) &ctx->buffer[bytes + pad] = ntohl((ctx->total[1] << 3) | (ctx->total[0] >> 29));
626
627 /* Process last bytes. */
628 sha256_process_block(ctx->buffer, bytes + pad + 8, ctx);
629
630 /* Put result from CTX in first 32 bytes following RESBUF. */
631 for (unsigned i = 0; i < 8; ++i)
632 ((uint32_t *) resbuf)[i] = ntohl(ctx->H[i]);
633
634 return resbuf;
635}
636
637/* Process the remaining bytes in the internal buffer and the usual
638 prolog according to the standard and write the result to RESBUF.
639
640 IMPORTANT: On some systems it is required that RESBUF is correctly
641 aligned for a 64 bits value. */
642void* FAST_FUNC sha512_end(void *resbuf, sha512_ctx_t *ctx)
643{
644 /* Take yet unprocessed bytes into account. */
645 uint64_t bytes = ctx->buflen;
646 size_t pad;
647
648 /* Now count remaining bytes. */
649 ctx->total[0] += bytes;
650 if (ctx->total[0] < bytes)
651 ctx->total[1]++;
652
653 /* Pad the buffer to the next 128-byte boundary with 0x80,0,0,0...
654 (FIPS 180-2:5.1.2) */
655 pad = bytes >= 112 ? 128 + 112 - bytes : 112 - bytes;
656 memset(&ctx->buffer[bytes], 0, pad);
657 ctx->buffer[bytes] = 0x80;
658
659 /* Put the 128-bit file length in *bits* at the end of the buffer. */
660 *(uint64_t *) &ctx->buffer[bytes + pad + 8] = hton64(ctx->total[0] << 3);
661 *(uint64_t *) &ctx->buffer[bytes + pad] = hton64((ctx->total[1] << 3) | (ctx->total[0] >> 61));
662
663 /* Process last bytes. */
664 sha512_process_block(ctx->buffer, bytes + pad + 16, ctx);
665
666 /* Put result from CTX in first 64 bytes following RESBUF. */
667 for (unsigned i = 0; i < 8; ++i)
668 ((uint64_t *) resbuf)[i] = hton64(ctx->H[i]);
669
670 return resbuf;
671}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 07:38:36 +0000