Add hash interface and SHA-{384,512} implementations
This commit is contained in:
parent
f511cddf0d
commit
216ef8f940
@ -1,7 +1,8 @@
|
||||
LC_SRCS+= aead.c aead_chacha20_poly1305.c
|
||||
LC_SRCS+= auth.c auth_poly1305.c
|
||||
LC_SRCS+= cipher.c cipher_chacha20.c
|
||||
LC_SRCS+= impl_chacha20.c impl_poly1305.c
|
||||
LC_SRCS+= hash.c hash_sha384_sha512.c
|
||||
LC_SRCS+= impl_chacha20.c impl_poly1305.c impl_sha512.c
|
||||
LC_SRCS+= ct.c util.c
|
||||
|
||||
WARNINGS= Yes
|
||||
|
13
README
13
README
@ -19,11 +19,16 @@ Utilities
|
||||
case might leak information. Would be better to return `0xffffffff`
|
||||
if match, `0` otherwise.
|
||||
|
||||
Hash
|
||||
----
|
||||
|
||||
- [x] SHA-384
|
||||
- [x] SHA-512 (needed for Ed25519)
|
||||
|
||||
Authentication
|
||||
--------------
|
||||
|
||||
- [x] Poly1305
|
||||
- [ ] SHA-512 (needed for Ed25519)
|
||||
|
||||
Ciphers
|
||||
-------
|
||||
@ -54,6 +59,12 @@ Utilities
|
||||
- [ ] NaCl interface
|
||||
- [ ] signify interface
|
||||
|
||||
Hash
|
||||
----
|
||||
|
||||
- [ ] SHA-256 & SHA-224 (the latter is a truncated form of the former)
|
||||
- [ ] SHA-512/224 & SHA-512/256 (most of the work done)
|
||||
|
||||
Authentication
|
||||
--------------
|
||||
|
||||
|
79
hash.c
Normal file
79
hash.c
Normal file
@ -0,0 +1,79 @@
|
||||
/*
|
||||
* Copyright (c) 2024 Lucas Gabriel Vuotto <lucas@lgv5.net>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "lilcrypto.h"
|
||||
#include "hash.h"
|
||||
|
||||
|
||||
int
|
||||
lc_hash_init(struct lc_hash_ctx *ctx)
|
||||
{
|
||||
return ctx->impl->init(ctx->arg);
|
||||
}
|
||||
|
||||
int
|
||||
lc_hash_update(struct lc_hash_ctx *ctx, const uint8_t *in, size_t inlen)
|
||||
{
|
||||
return ctx->impl->update(ctx->arg, in, inlen);
|
||||
}
|
||||
|
||||
int
|
||||
lc_hash_final(struct lc_hash_ctx *ctx, uint8_t *out, size_t *outlen)
|
||||
{
|
||||
return ctx->impl->final(ctx->arg, out, outlen);
|
||||
}
|
||||
|
||||
int
|
||||
lc_hash(const struct lc_hash_impl *impl, uint8_t *out, size_t *outlen,
|
||||
const uint8_t *in, size_t inlen)
|
||||
{
|
||||
return impl->hash(out, outlen, in, inlen);
|
||||
}
|
||||
|
||||
struct lc_hash_ctx *
|
||||
lc_hash_ctx_new(const struct lc_hash_impl *impl)
|
||||
{
|
||||
struct lc_hash_ctx *ctx;
|
||||
|
||||
ctx = malloc(sizeof(*ctx));
|
||||
if (ctx == NULL)
|
||||
return NULL;
|
||||
if (impl->ctx_new != NULL) {
|
||||
ctx->arg = impl->ctx_new();
|
||||
if (ctx->arg == NULL) {
|
||||
free(ctx);
|
||||
return NULL;
|
||||
}
|
||||
} else
|
||||
ctx->arg = NULL;
|
||||
ctx->impl = impl;
|
||||
|
||||
return ctx;
|
||||
}
|
||||
|
||||
void
|
||||
lc_hash_ctx_free(struct lc_hash_ctx *ctx)
|
||||
{
|
||||
if (ctx != NULL) {
|
||||
if (ctx->impl != NULL && ctx->impl->ctx_free != NULL)
|
||||
ctx->impl->ctx_free(ctx->arg);
|
||||
free(ctx->arg);
|
||||
}
|
||||
free(ctx);
|
||||
}
|
34
hash.h
Normal file
34
hash.h
Normal file
@ -0,0 +1,34 @@
|
||||
/*
|
||||
* Copyright (c) 2024 Lucas Gabriel Vuotto <lucas@lgv5.net>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
|
||||
struct lc_hash_impl {
|
||||
int (*init)(void *);
|
||||
int (*update)(void *, const uint8_t *, size_t);
|
||||
int (*final)(void *, uint8_t *, size_t *);
|
||||
int (*hash)(uint8_t *, size_t *, const uint8_t *, size_t);
|
||||
|
||||
void *(*ctx_new)(void);
|
||||
void (*ctx_free)(void *);
|
||||
};
|
||||
|
||||
struct lc_hash_ctx {
|
||||
const struct lc_hash_impl *impl;
|
||||
void *arg;
|
||||
};
|
298
hash_sha384_sha512.c
Normal file
298
hash_sha384_sha512.c
Normal file
@ -0,0 +1,298 @@
|
||||
/*
|
||||
* Copyright (c) 2024 Lucas Gabriel Vuotto <lucas@lgv5.net>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
#include <stdlib.h>
|
||||
|
||||
#include "lilcrypto.h"
|
||||
#include "hash.h"
|
||||
#include "hash_sha384_sha512.h"
|
||||
#include "impl_sha512.h"
|
||||
|
||||
#include "util.h"
|
||||
|
||||
|
||||
/*
|
||||
* SHA-384 and SHA-512 implementations.
|
||||
*
|
||||
* This implementation doesn't support arbitrary amounts of bits, but only full
|
||||
* bytes sizes. In particular, size is stored in bytes until the length has to
|
||||
* be appended to the input. This is done to simplify overflow checks for input
|
||||
* length.
|
||||
*/
|
||||
|
||||
|
||||
#define SHA512_SZHI_MAX UINT64_C(0x1fffffffffffffff) /* 2^125 - 1 */
|
||||
#define SHA512_SZLO_MAX UINT64_MAX
|
||||
|
||||
#define SHA384_H0_0 UINT64_C(0xcbbb9d5dc1059ed8)
|
||||
#define SHA384_H0_1 UINT64_C(0x629a292a367cd507)
|
||||
#define SHA384_H0_2 UINT64_C(0x9159015a3070dd17)
|
||||
#define SHA384_H0_3 UINT64_C(0x152fecd8f70e5939)
|
||||
#define SHA384_H0_4 UINT64_C(0x67332667ffc00b31)
|
||||
#define SHA384_H0_5 UINT64_C(0x8eb44a8768581511)
|
||||
#define SHA384_H0_6 UINT64_C(0xdb0c2e0d64f98fa7)
|
||||
#define SHA384_H0_7 UINT64_C(0x47b5481dbefa4fa4)
|
||||
|
||||
#define SHA512_H0_0 UINT64_C(0x6a09e667f3bcc908)
|
||||
#define SHA512_H0_1 UINT64_C(0xbb67ae8584caa73b)
|
||||
#define SHA512_H0_2 UINT64_C(0x3c6ef372fe94f82b)
|
||||
#define SHA512_H0_3 UINT64_C(0xa54ff53a5f1d36f1)
|
||||
#define SHA512_H0_4 UINT64_C(0x510e527fade682d1)
|
||||
#define SHA512_H0_5 UINT64_C(0x9b05688c2b3e6c1f)
|
||||
#define SHA512_H0_6 UINT64_C(0x1f83d9abfb41bd6b)
|
||||
#define SHA512_H0_7 UINT64_C(0x5be0cd19137e2179)
|
||||
|
||||
|
||||
int
|
||||
sha384_init(void *arg)
|
||||
{
|
||||
struct sha512_ctx *ctx = arg;
|
||||
size_t i;
|
||||
|
||||
ctx->h0 = SHA384_H0_0;
|
||||
ctx->h1 = SHA384_H0_1;
|
||||
ctx->h2 = SHA384_H0_2;
|
||||
ctx->h3 = SHA384_H0_3;
|
||||
ctx->h4 = SHA384_H0_4;
|
||||
ctx->h5 = SHA384_H0_5;
|
||||
ctx->h6 = SHA384_H0_6;
|
||||
ctx->h7 = SHA384_H0_7;
|
||||
|
||||
ctx->szhi = ctx->szlo = 0;
|
||||
|
||||
ctx->mlen = 0;
|
||||
for (i = 0; i < SHA512_CHUNK; i++)
|
||||
ctx->m[i] = 0;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
int
|
||||
sha512_init(void *arg)
|
||||
{
|
||||
struct sha512_ctx *ctx = arg;
|
||||
size_t i;
|
||||
|
||||
ctx->h0 = SHA512_H0_0;
|
||||
ctx->h1 = SHA512_H0_1;
|
||||
ctx->h2 = SHA512_H0_2;
|
||||
ctx->h3 = SHA512_H0_3;
|
||||
ctx->h4 = SHA512_H0_4;
|
||||
ctx->h5 = SHA512_H0_5;
|
||||
ctx->h6 = SHA512_H0_6;
|
||||
ctx->h7 = SHA512_H0_7;
|
||||
|
||||
ctx->szhi = ctx->szlo = 0;
|
||||
|
||||
ctx->mlen = 0;
|
||||
for (i = 0; i < SHA512_CHUNK; i++)
|
||||
ctx->m[i] = 0;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int
|
||||
sha384_sha512_update(void *arg, const uint8_t *in, size_t inlen)
|
||||
{
|
||||
struct sha512_ctx *ctx = arg;
|
||||
size_t i;
|
||||
|
||||
if (inlen > SHA512_SZLO_MAX - ctx->szlo) {
|
||||
if (ctx->szhi == SHA512_SZHI_MAX)
|
||||
return 0;
|
||||
ctx->szlo += inlen;
|
||||
ctx->szhi++;
|
||||
} else
|
||||
ctx->szlo += inlen;
|
||||
|
||||
for (i = 0; i + ctx->mlen < SHA512_CHUNK && i < inlen; i++)
|
||||
ctx->m[i + ctx->mlen] = in[i];
|
||||
ctx->mlen += i;
|
||||
in += i;
|
||||
inlen -= i;
|
||||
|
||||
if (ctx->mlen == SHA512_CHUNK) {
|
||||
sha512_block(ctx);
|
||||
ctx->mlen = 0;
|
||||
}
|
||||
|
||||
if (inlen == 0)
|
||||
return 1;
|
||||
|
||||
while (inlen >= SHA512_CHUNK) {
|
||||
for (i = 0; i < SHA512_CHUNK; i++)
|
||||
ctx->m[i] = in[i];
|
||||
in += i;
|
||||
inlen -= i;
|
||||
|
||||
sha512_block(ctx);
|
||||
}
|
||||
|
||||
for (i = 0; i < inlen; i++)
|
||||
ctx->m[i] = in[i];
|
||||
ctx->mlen = inlen;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
int
|
||||
sha384_update(void *arg, const uint8_t *in, size_t inlen)
|
||||
{
|
||||
return sha384_sha512_update(arg, in, inlen);
|
||||
}
|
||||
|
||||
int
|
||||
sha512_update(void *arg, const uint8_t *in, size_t inlen)
|
||||
{
|
||||
return sha384_sha512_update(arg, in, inlen);
|
||||
}
|
||||
|
||||
static void
|
||||
sha384_sha512_final(struct sha512_ctx *ctx)
|
||||
{
|
||||
size_t i, mlen;
|
||||
|
||||
mlen = ctx->mlen;
|
||||
ctx->m[mlen++] = 0x80;
|
||||
|
||||
if (mlen >= SHA512_CHUNK - 2 * sizeof(uint64_t)) {
|
||||
for (i = mlen; i < SHA512_CHUNK; i++)
|
||||
ctx->m[i] = 0;
|
||||
sha512_block(ctx);
|
||||
mlen = 0;
|
||||
}
|
||||
|
||||
for (i = mlen; i < SHA512_CHUNK - 2 * sizeof(uint64_t); i++)
|
||||
ctx->m[i] = 0;
|
||||
store64be(&ctx->m[i], (ctx->szhi << 3) | (ctx->szlo >> 63));
|
||||
store64be(&ctx->m[i + sizeof(uint64_t)], ctx->szlo << 3);
|
||||
sha512_block(ctx);
|
||||
}
|
||||
|
||||
int
|
||||
sha384_final(void *arg, uint8_t *out, size_t *outlen)
|
||||
{
|
||||
struct sha512_ctx *ctx = arg;
|
||||
|
||||
*outlen = LC_SHA384_HASHLEN;
|
||||
if (out == NULL)
|
||||
return 1;
|
||||
|
||||
sha384_sha512_final(ctx);
|
||||
store64be(out, ctx->h0);
|
||||
store64be(out + 8, ctx->h1);
|
||||
store64be(out + 16, ctx->h2);
|
||||
store64be(out + 24, ctx->h3);
|
||||
store64be(out + 32, ctx->h4);
|
||||
store64be(out + 40, ctx->h5);
|
||||
|
||||
lc_scrub(ctx, sizeof(*ctx));
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
int
|
||||
sha512_final(void *arg, uint8_t *out, size_t *outlen)
|
||||
{
|
||||
struct sha512_ctx *ctx = arg;
|
||||
|
||||
*outlen = LC_SHA512_HASHLEN;
|
||||
if (out == NULL)
|
||||
return 1;
|
||||
|
||||
sha384_sha512_final(ctx);
|
||||
store64be(out, ctx->h0);
|
||||
store64be(out + 8, ctx->h1);
|
||||
store64be(out + 16, ctx->h2);
|
||||
store64be(out + 24, ctx->h3);
|
||||
store64be(out + 32, ctx->h4);
|
||||
store64be(out + 40, ctx->h5);
|
||||
store64be(out + 48, ctx->h6);
|
||||
store64be(out + 56, ctx->h7);
|
||||
|
||||
lc_scrub(ctx, sizeof(*ctx));
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int
|
||||
sha384_hash(uint8_t *out, size_t *outlen, const uint8_t *in, size_t inlen)
|
||||
{
|
||||
struct sha512_ctx ctx;
|
||||
|
||||
if (out == NULL) {
|
||||
*outlen = LC_SHA384_HASHLEN;
|
||||
return 1;
|
||||
}
|
||||
|
||||
return sha384_init(&ctx) &&
|
||||
sha384_update(&ctx, in, inlen) &&
|
||||
sha384_final(&ctx, out, outlen);
|
||||
}
|
||||
|
||||
static int
|
||||
sha512_hash(uint8_t *out, size_t *outlen, const uint8_t *in, size_t inlen)
|
||||
{
|
||||
struct sha512_ctx ctx;
|
||||
|
||||
if (out == NULL) {
|
||||
*outlen = LC_SHA512_HASHLEN;
|
||||
return 1;
|
||||
}
|
||||
|
||||
return sha512_init(&ctx) &&
|
||||
sha512_update(&ctx, in, inlen) &&
|
||||
sha512_final(&ctx, out, outlen);
|
||||
}
|
||||
|
||||
static void *
|
||||
sha384_sha512_ctx_new(void)
|
||||
{
|
||||
return malloc(sizeof(struct sha512_ctx));
|
||||
}
|
||||
|
||||
|
||||
static struct lc_hash_impl sha384_impl = {
|
||||
.init = &sha384_init,
|
||||
.update = &sha384_update,
|
||||
.final = &sha384_final,
|
||||
.hash = &sha384_hash,
|
||||
|
||||
.ctx_new = &sha384_sha512_ctx_new,
|
||||
.ctx_free = NULL,
|
||||
};
|
||||
|
||||
static struct lc_hash_impl sha512_impl = {
|
||||
.init = &sha512_init,
|
||||
.update = &sha512_update,
|
||||
.final = &sha512_final,
|
||||
.hash = &sha512_hash,
|
||||
|
||||
.ctx_new = &sha384_sha512_ctx_new,
|
||||
.ctx_free = NULL,
|
||||
};
|
||||
|
||||
const struct lc_hash_impl *
|
||||
lc_hash_impl_sha384(void)
|
||||
{
|
||||
return &sha384_impl;
|
||||
}
|
||||
|
||||
const struct lc_hash_impl *
|
||||
lc_hash_impl_sha512(void)
|
||||
{
|
||||
return &sha512_impl;
|
||||
}
|
27
hash_sha384_sha512.h
Normal file
27
hash_sha384_sha512.h
Normal file
@ -0,0 +1,27 @@
|
||||
/*
|
||||
* Copyright (c) 2024 Lucas Gabriel Vuotto <lucas@lgv5.net>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
|
||||
int sha384_init(void *);
|
||||
int sha384_update(void *, const uint8_t *, size_t);
|
||||
int sha384_final(void *, uint8_t *, size_t *);
|
||||
|
||||
int sha512_init(void *);
|
||||
int sha512_update(void *, const uint8_t *, size_t);
|
||||
int sha512_final(void *, uint8_t *, size_t *);
|
117
impl_sha512.c
Normal file
117
impl_sha512.c
Normal file
@ -0,0 +1,117 @@
|
||||
/*
|
||||
* Copyright (c) 2024 Lucas Gabriel Vuotto <lucas@lgv5.net>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#include "impl_sha512.h"
|
||||
#include "util.h"
|
||||
|
||||
|
||||
static const uint64_t K[SHA512_ROUNDS] = {
|
||||
0x428a2f98d728ae22, 0x7137449123ef65cd,
|
||||
0xb5c0fbcfec4d3b2f, 0xe9b5dba58189dbbc,
|
||||
0x3956c25bf348b538, 0x59f111f1b605d019,
|
||||
0x923f82a4af194f9b, 0xab1c5ed5da6d8118,
|
||||
0xd807aa98a3030242, 0x12835b0145706fbe,
|
||||
0x243185be4ee4b28c, 0x550c7dc3d5ffb4e2,
|
||||
0x72be5d74f27b896f, 0x80deb1fe3b1696b1,
|
||||
0x9bdc06a725c71235, 0xc19bf174cf692694,
|
||||
0xe49b69c19ef14ad2, 0xefbe4786384f25e3,
|
||||
0x0fc19dc68b8cd5b5, 0x240ca1cc77ac9c65,
|
||||
0x2de92c6f592b0275, 0x4a7484aa6ea6e483,
|
||||
0x5cb0a9dcbd41fbd4, 0x76f988da831153b5,
|
||||
0x983e5152ee66dfab, 0xa831c66d2db43210,
|
||||
0xb00327c898fb213f, 0xbf597fc7beef0ee4,
|
||||
0xc6e00bf33da88fc2, 0xd5a79147930aa725,
|
||||
0x06ca6351e003826f, 0x142929670a0e6e70,
|
||||
0x27b70a8546d22ffc, 0x2e1b21385c26c926,
|
||||
0x4d2c6dfc5ac42aed, 0x53380d139d95b3df,
|
||||
0x650a73548baf63de, 0x766a0abb3c77b2a8,
|
||||
0x81c2c92e47edaee6, 0x92722c851482353b,
|
||||
0xa2bfe8a14cf10364, 0xa81a664bbc423001,
|
||||
0xc24b8b70d0f89791, 0xc76c51a30654be30,
|
||||
0xd192e819d6ef5218, 0xd69906245565a910,
|
||||
0xf40e35855771202a, 0x106aa07032bbd1b8,
|
||||
0x19a4c116b8d2d0c8, 0x1e376c085141ab53,
|
||||
0x2748774cdf8eeb99, 0x34b0bcb5e19b48a8,
|
||||
0x391c0cb3c5c95a63, 0x4ed8aa4ae3418acb,
|
||||
0x5b9cca4f7763e373, 0x682e6ff3d6b2b8a3,
|
||||
0x748f82ee5defb2fc, 0x78a5636f43172f60,
|
||||
0x84c87814a1f0ab72, 0x8cc702081a6439ec,
|
||||
0x90befffa23631e28, 0xa4506cebde82bde9,
|
||||
0xbef9a3f7b2c67915, 0xc67178f2e372532b,
|
||||
0xca273eceea26619c, 0xd186b8c721c0c207,
|
||||
0xeada7dd6cde0eb1e, 0xf57d4f7fee6ed178,
|
||||
0x06f067aa72176fba, 0x0a637dc5a2c898a6,
|
||||
0x113f9804bef90dae, 0x1b710b35131c471b,
|
||||
0x28db77f523047d84, 0x32caab7b40c72493,
|
||||
0x3c9ebe0a15c9bebc, 0x431d67c49c100d4c,
|
||||
0x4cc5d4becb3e42b6, 0x597f299cfc657e2a,
|
||||
0x5fcb6fab3ad6faec, 0x6c44198c4a475817,
|
||||
};
|
||||
|
||||
#define CH(x, y, z) ((x & y) ^ (~x & z))
|
||||
#define MAJ(x, y, z) ((x & y) ^ (x & z) ^ (y & z))
|
||||
#define BSIG0(x) (rotr64(x, 28) ^ rotr64(x, 34) ^ rotr64(x, 39))
|
||||
#define BSIG1(x) (rotr64(x, 14) ^ rotr64(x, 18) ^ rotr64(x, 41))
|
||||
#define SSIG0(x) (rotr64(x, 1) ^ rotr64(x, 8) ^ (x >> 7))
|
||||
#define SSIG1(x) (rotr64(x, 19) ^ rotr64(x, 61) ^ (x >> 6))
|
||||
|
||||
void
|
||||
sha512_block(struct sha512_ctx *ctx)
|
||||
{
|
||||
uint64_t m[SHA512_CHUNK_WORDS], W[SHA512_ROUNDS];
|
||||
uint64_t a, b, c, d, e, f, g, h, T1, T2;
|
||||
size_t i;
|
||||
|
||||
for (i = 0; i < SHA512_CHUNK_WORDS; i++)
|
||||
W[i] = m[i] = load64be(&ctx->m[i * 8]);
|
||||
for (; i < SHA512_ROUNDS; i++)
|
||||
W[i] = SSIG1(W[i - 2]) + W[i - 7] + SSIG0(W[i - 15]) +
|
||||
W[i - 16];
|
||||
|
||||
a = ctx->h0;
|
||||
b = ctx->h1;
|
||||
c = ctx->h2;
|
||||
d = ctx->h3;
|
||||
e = ctx->h4;
|
||||
f = ctx->h5;
|
||||
g = ctx->h6;
|
||||
h = ctx->h7;
|
||||
|
||||
for (i = 0; i < SHA512_ROUNDS; i++) {
|
||||
T1 = h + BSIG1(e) + CH(e, f, g) + K[i] + W[i];
|
||||
T2 = BSIG0(a) + MAJ(a, b, c);
|
||||
h = g;
|
||||
g = f;
|
||||
f = e;
|
||||
e = d + T1;
|
||||
d = c;
|
||||
c = b;
|
||||
b = a;
|
||||
a = T1 + T2;
|
||||
}
|
||||
|
||||
ctx->h0 += a;
|
||||
ctx->h1 += b;
|
||||
ctx->h2 += c;
|
||||
ctx->h3 += d;
|
||||
ctx->h4 += e;
|
||||
ctx->h5 += f;
|
||||
ctx->h6 += g;
|
||||
ctx->h7 += h;
|
||||
}
|
36
impl_sha512.h
Normal file
36
impl_sha512.h
Normal file
@ -0,0 +1,36 @@
|
||||
/*
|
||||
* Copyright (c) 2024 Lucas Gabriel Vuotto <lucas@lgv5.net>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#include "lilcrypto.h"
|
||||
|
||||
|
||||
#define SHA512_CHUNK 128
|
||||
#define SHA512_CHUNK_WORDS (SHA512_CHUNK / sizeof(uint64_t))
|
||||
#define SHA512_ROUNDS 80
|
||||
|
||||
|
||||
struct sha512_ctx {
|
||||
uint64_t h0, h1, h2, h3, h4, h5, h6, h7;
|
||||
uint64_t szhi, szlo;
|
||||
size_t mlen;
|
||||
uint8_t m[SHA512_CHUNK];
|
||||
};
|
||||
|
||||
|
||||
void sha512_block(struct sha512_ctx *);
|
27
lilcrypto.h
27
lilcrypto.h
@ -23,6 +23,10 @@
|
||||
* Constants.
|
||||
*/
|
||||
|
||||
/* Hashes. */
|
||||
#define LC_SHA384_HASHLEN 48
|
||||
#define LC_SHA512_HASHLEN 64
|
||||
|
||||
/* Authentitcation. */
|
||||
#define LC_POLY1305_KEYLEN 32
|
||||
#define LC_POLY1305_TAGLEN 16
|
||||
@ -40,7 +44,28 @@ uint32_t lc_ct_cmp(const uint8_t *, const uint8_t *, size_t);
|
||||
|
||||
|
||||
/*
|
||||
* Message authentication code.
|
||||
* Hashes.
|
||||
*/
|
||||
|
||||
struct lc_hash_ctx;
|
||||
struct lc_hash_impl;
|
||||
|
||||
|
||||
int lc_hash_init(struct lc_hash_ctx *);
|
||||
int lc_hash_update(struct lc_hash_ctx *, const uint8_t *, size_t);
|
||||
int lc_hash_final(struct lc_hash_ctx *, uint8_t *, size_t *);
|
||||
int lc_hash(const struct lc_hash_impl *, uint8_t *, size_t *,
|
||||
const uint8_t *, size_t);
|
||||
|
||||
struct lc_hash_ctx *lc_hash_ctx_new(const struct lc_hash_impl *);
|
||||
void lc_hash_ctx_free(struct lc_hash_ctx *);
|
||||
|
||||
const struct lc_hash_impl *lc_hash_impl_sha384(void);
|
||||
const struct lc_hash_impl *lc_hash_impl_sha512(void);
|
||||
|
||||
|
||||
/*
|
||||
* Authentication.
|
||||
*/
|
||||
|
||||
struct lc_auth_ctx;
|
||||
|
51
util.h
51
util.h
@ -72,6 +72,53 @@ store64le(uint8_t *x, uint64_t v)
|
||||
x[7] = v >> 56;
|
||||
}
|
||||
|
||||
static inline uint16_t
|
||||
load16be(const uint8_t *x)
|
||||
{
|
||||
return (x[0] << 8) | x[1];
|
||||
}
|
||||
|
||||
static inline uint32_t
|
||||
load32be(const uint8_t *x)
|
||||
{
|
||||
return (x[0] << 24) | (x[1] << 16) | (x[2] << 8) | x[3];
|
||||
}
|
||||
|
||||
static inline uint64_t
|
||||
load64be(const uint8_t *x)
|
||||
{
|
||||
return ((uint64_t)load32be(x) << 32) | load32be(x + 4);
|
||||
}
|
||||
|
||||
static inline void
|
||||
store16be(uint8_t *x, uint64_t v)
|
||||
{
|
||||
x[0] = v >> 8;
|
||||
x[1] = v & 0xff;
|
||||
}
|
||||
|
||||
static inline void
|
||||
store32be(uint8_t *x, uint32_t v)
|
||||
{
|
||||
x[0] = v >> 24;
|
||||
x[1] = (v >> 16) & 0xff;
|
||||
x[2] = (v >> 8) & 0xff;
|
||||
x[3] = v & 0xff;
|
||||
}
|
||||
|
||||
static inline void
|
||||
store64be(uint8_t *x, uint64_t v)
|
||||
{
|
||||
x[0] = v >> 56;
|
||||
x[1] = (v >> 48) & 0xff;
|
||||
x[2] = (v >> 40) & 0xff;
|
||||
x[3] = (v >> 32) & 0xff;
|
||||
x[4] = (v >> 24) & 0xff;
|
||||
x[5] = (v >> 16) & 0xff;
|
||||
x[6] = (v >> 8) & 0xff;
|
||||
x[7] = v & 0xff;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* rotr and rotl.
|
||||
@ -92,11 +139,11 @@ rotl64(uint64_t x, uint64_t r)
|
||||
static inline uint32_t
|
||||
rotr32(uint32_t x, uint32_t r)
|
||||
{
|
||||
return rotl32(x, 32 - r);
|
||||
return (x >> r) | (x << (32 - r));
|
||||
}
|
||||
|
||||
static inline uint64_t
|
||||
rotr64(uint64_t x, uint64_t r)
|
||||
{
|
||||
return rotl64(x, 64 - r);
|
||||
return (x >> r) | (x << (64 - r));
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user