diff --git a/Makefile.inc b/Makefile.inc index ca960c4..2d7d972 100644 --- a/Makefile.inc +++ b/Makefile.inc @@ -1,7 +1,8 @@ LC_SRCS+= aead.c aead_chacha20_poly1305.c LC_SRCS+= auth.c auth_poly1305.c LC_SRCS+= cipher.c cipher_chacha20.c -LC_SRCS+= impl_chacha20.c impl_poly1305.c +LC_SRCS+= hash.c hash_sha384_sha512.c +LC_SRCS+= impl_chacha20.c impl_poly1305.c impl_sha512.c LC_SRCS+= ct.c util.c WARNINGS= Yes diff --git a/README b/README index ffd5975..1b7e3dc 100644 --- a/README +++ b/README @@ -19,11 +19,16 @@ Utilities case might leak information. Would be better to return `0xffffffff` if match, `0` otherwise. +Hash +---- + +- [x] SHA-384 +- [x] SHA-512 (needed for Ed25519) + Authentication -------------- - [x] Poly1305 -- [ ] SHA-512 (needed for Ed25519) Ciphers ------- @@ -54,6 +59,12 @@ Utilities - [ ] NaCl interface - [ ] signify interface +Hash +---- + +- [ ] SHA-256 & SHA-224 (the latter is a truncated form of the former) +- [ ] SHA-512/224 & SHA-512/256 (most of the work done) + Authentication -------------- diff --git a/hash.c b/hash.c new file mode 100644 index 0000000..5226069 --- /dev/null +++ b/hash.c @@ -0,0 +1,79 @@ +/* + * Copyright (c) 2024 Lucas Gabriel Vuotto + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include "lilcrypto.h" +#include "hash.h" + + +int +lc_hash_init(struct lc_hash_ctx *ctx) +{ + return ctx->impl->init(ctx->arg); +} + +int +lc_hash_update(struct lc_hash_ctx *ctx, const uint8_t *in, size_t inlen) +{ + return ctx->impl->update(ctx->arg, in, inlen); +} + +int +lc_hash_final(struct lc_hash_ctx *ctx, uint8_t *out, size_t *outlen) +{ + return ctx->impl->final(ctx->arg, out, outlen); +} + +int +lc_hash(const struct lc_hash_impl *impl, uint8_t *out, size_t *outlen, + const uint8_t *in, size_t inlen) +{ + return impl->hash(out, outlen, in, inlen); +} + +struct lc_hash_ctx * +lc_hash_ctx_new(const struct lc_hash_impl *impl) +{ + struct lc_hash_ctx *ctx; + + ctx = malloc(sizeof(*ctx)); + if (ctx == NULL) + return NULL; + if (impl->ctx_new != NULL) { + ctx->arg = impl->ctx_new(); + if (ctx->arg == NULL) { + free(ctx); + return NULL; + } + } else + ctx->arg = NULL; + ctx->impl = impl; + + return ctx; +} + +void +lc_hash_ctx_free(struct lc_hash_ctx *ctx) +{ + if (ctx != NULL) { + if (ctx->impl != NULL && ctx->impl->ctx_free != NULL) + ctx->impl->ctx_free(ctx->arg); + free(ctx->arg); + } + free(ctx); +} diff --git a/hash.h b/hash.h new file mode 100644 index 0000000..8c5a514 --- /dev/null +++ b/hash.h @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2024 Lucas Gabriel Vuotto + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + + +struct lc_hash_impl { + int (*init)(void *); + int (*update)(void *, const uint8_t *, size_t); + int (*final)(void *, uint8_t *, size_t *); + int (*hash)(uint8_t *, size_t *, const uint8_t *, size_t); + + void *(*ctx_new)(void); + void (*ctx_free)(void *); +}; + +struct lc_hash_ctx { + const struct lc_hash_impl *impl; + void *arg; +}; diff --git a/hash_sha384_sha512.c b/hash_sha384_sha512.c new file mode 100644 index 0000000..e8e7467 --- /dev/null +++ b/hash_sha384_sha512.c @@ -0,0 +1,298 @@ +/* + * Copyright (c) 2024 Lucas Gabriel Vuotto + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include "lilcrypto.h" +#include "hash.h" +#include "hash_sha384_sha512.h" +#include "impl_sha512.h" + +#include "util.h" + + +/* + * SHA-384 and SHA-512 implementations. + * + * This implementation doesn't support arbitrary amounts of bits, but only full + * bytes sizes. In particular, size is stored in bytes until the length has to + * be appended to the input. This is done to simplify overflow checks for input + * length. + */ + + +#define SHA512_SZHI_MAX UINT64_C(0x1fffffffffffffff) /* 2^125 - 1 */ +#define SHA512_SZLO_MAX UINT64_MAX + +#define SHA384_H0_0 UINT64_C(0xcbbb9d5dc1059ed8) +#define SHA384_H0_1 UINT64_C(0x629a292a367cd507) +#define SHA384_H0_2 UINT64_C(0x9159015a3070dd17) +#define SHA384_H0_3 UINT64_C(0x152fecd8f70e5939) +#define SHA384_H0_4 UINT64_C(0x67332667ffc00b31) +#define SHA384_H0_5 UINT64_C(0x8eb44a8768581511) +#define SHA384_H0_6 UINT64_C(0xdb0c2e0d64f98fa7) +#define SHA384_H0_7 UINT64_C(0x47b5481dbefa4fa4) + +#define SHA512_H0_0 UINT64_C(0x6a09e667f3bcc908) +#define SHA512_H0_1 UINT64_C(0xbb67ae8584caa73b) +#define SHA512_H0_2 UINT64_C(0x3c6ef372fe94f82b) +#define SHA512_H0_3 UINT64_C(0xa54ff53a5f1d36f1) +#define SHA512_H0_4 UINT64_C(0x510e527fade682d1) +#define SHA512_H0_5 UINT64_C(0x9b05688c2b3e6c1f) +#define SHA512_H0_6 UINT64_C(0x1f83d9abfb41bd6b) +#define SHA512_H0_7 UINT64_C(0x5be0cd19137e2179) + + +int +sha384_init(void *arg) +{ + struct sha512_ctx *ctx = arg; + size_t i; + + ctx->h0 = SHA384_H0_0; + ctx->h1 = SHA384_H0_1; + ctx->h2 = SHA384_H0_2; + ctx->h3 = SHA384_H0_3; + ctx->h4 = SHA384_H0_4; + ctx->h5 = SHA384_H0_5; + ctx->h6 = SHA384_H0_6; + ctx->h7 = SHA384_H0_7; + + ctx->szhi = ctx->szlo = 0; + + ctx->mlen = 0; + for (i = 0; i < SHA512_CHUNK; i++) + ctx->m[i] = 0; + + return 1; +} + +int +sha512_init(void *arg) +{ + struct sha512_ctx *ctx = arg; + size_t i; + + ctx->h0 = SHA512_H0_0; + ctx->h1 = SHA512_H0_1; + ctx->h2 = SHA512_H0_2; + ctx->h3 = SHA512_H0_3; + ctx->h4 = SHA512_H0_4; + ctx->h5 = SHA512_H0_5; + ctx->h6 = SHA512_H0_6; + ctx->h7 = SHA512_H0_7; + + ctx->szhi = ctx->szlo = 0; + + ctx->mlen = 0; + for (i = 0; i < SHA512_CHUNK; i++) + ctx->m[i] = 0; + + return 1; +} + +static int +sha384_sha512_update(void *arg, const uint8_t *in, size_t inlen) +{ + struct sha512_ctx *ctx = arg; + size_t i; + + if (inlen > SHA512_SZLO_MAX - ctx->szlo) { + if (ctx->szhi == SHA512_SZHI_MAX) + return 0; + ctx->szlo += inlen; + ctx->szhi++; + } else + ctx->szlo += inlen; + + for (i = 0; i + ctx->mlen < SHA512_CHUNK && i < inlen; i++) + ctx->m[i + ctx->mlen] = in[i]; + ctx->mlen += i; + in += i; + inlen -= i; + + if (ctx->mlen == SHA512_CHUNK) { + sha512_block(ctx); + ctx->mlen = 0; + } + + if (inlen == 0) + return 1; + + while (inlen >= SHA512_CHUNK) { + for (i = 0; i < SHA512_CHUNK; i++) + ctx->m[i] = in[i]; + in += i; + inlen -= i; + + sha512_block(ctx); + } + + for (i = 0; i < inlen; i++) + ctx->m[i] = in[i]; + ctx->mlen = inlen; + + return 1; +} + +int +sha384_update(void *arg, const uint8_t *in, size_t inlen) +{ + return sha384_sha512_update(arg, in, inlen); +} + +int +sha512_update(void *arg, const uint8_t *in, size_t inlen) +{ + return sha384_sha512_update(arg, in, inlen); +} + +static void +sha384_sha512_final(struct sha512_ctx *ctx) +{ + size_t i, mlen; + + mlen = ctx->mlen; + ctx->m[mlen++] = 0x80; + + if (mlen >= SHA512_CHUNK - 2 * sizeof(uint64_t)) { + for (i = mlen; i < SHA512_CHUNK; i++) + ctx->m[i] = 0; + sha512_block(ctx); + mlen = 0; + } + + for (i = mlen; i < SHA512_CHUNK - 2 * sizeof(uint64_t); i++) + ctx->m[i] = 0; + store64be(&ctx->m[i], (ctx->szhi << 3) | (ctx->szlo >> 63)); + store64be(&ctx->m[i + sizeof(uint64_t)], ctx->szlo << 3); + sha512_block(ctx); +} + +int +sha384_final(void *arg, uint8_t *out, size_t *outlen) +{ + struct sha512_ctx *ctx = arg; + + *outlen = LC_SHA384_HASHLEN; + if (out == NULL) + return 1; + + sha384_sha512_final(ctx); + store64be(out, ctx->h0); + store64be(out + 8, ctx->h1); + store64be(out + 16, ctx->h2); + store64be(out + 24, ctx->h3); + store64be(out + 32, ctx->h4); + store64be(out + 40, ctx->h5); + + lc_scrub(ctx, sizeof(*ctx)); + + return 1; +} + +int +sha512_final(void *arg, uint8_t *out, size_t *outlen) +{ + struct sha512_ctx *ctx = arg; + + *outlen = LC_SHA512_HASHLEN; + if (out == NULL) + return 1; + + sha384_sha512_final(ctx); + store64be(out, ctx->h0); + store64be(out + 8, ctx->h1); + store64be(out + 16, ctx->h2); + store64be(out + 24, ctx->h3); + store64be(out + 32, ctx->h4); + store64be(out + 40, ctx->h5); + store64be(out + 48, ctx->h6); + store64be(out + 56, ctx->h7); + + lc_scrub(ctx, sizeof(*ctx)); + + return 1; +} + +static int +sha384_hash(uint8_t *out, size_t *outlen, const uint8_t *in, size_t inlen) +{ + struct sha512_ctx ctx; + + if (out == NULL) { + *outlen = LC_SHA384_HASHLEN; + return 1; + } + + return sha384_init(&ctx) && + sha384_update(&ctx, in, inlen) && + sha384_final(&ctx, out, outlen); +} + +static int +sha512_hash(uint8_t *out, size_t *outlen, const uint8_t *in, size_t inlen) +{ + struct sha512_ctx ctx; + + if (out == NULL) { + *outlen = LC_SHA512_HASHLEN; + return 1; + } + + return sha512_init(&ctx) && + sha512_update(&ctx, in, inlen) && + sha512_final(&ctx, out, outlen); +} + +static void * +sha384_sha512_ctx_new(void) +{ + return malloc(sizeof(struct sha512_ctx)); +} + + +static struct lc_hash_impl sha384_impl = { + .init = &sha384_init, + .update = &sha384_update, + .final = &sha384_final, + .hash = &sha384_hash, + + .ctx_new = &sha384_sha512_ctx_new, + .ctx_free = NULL, +}; + +static struct lc_hash_impl sha512_impl = { + .init = &sha512_init, + .update = &sha512_update, + .final = &sha512_final, + .hash = &sha512_hash, + + .ctx_new = &sha384_sha512_ctx_new, + .ctx_free = NULL, +}; + +const struct lc_hash_impl * +lc_hash_impl_sha384(void) +{ + return &sha384_impl; +} + +const struct lc_hash_impl * +lc_hash_impl_sha512(void) +{ + return &sha512_impl; +} diff --git a/hash_sha384_sha512.h b/hash_sha384_sha512.h new file mode 100644 index 0000000..bc27323 --- /dev/null +++ b/hash_sha384_sha512.h @@ -0,0 +1,27 @@ +/* + * Copyright (c) 2024 Lucas Gabriel Vuotto + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + + +int sha384_init(void *); +int sha384_update(void *, const uint8_t *, size_t); +int sha384_final(void *, uint8_t *, size_t *); + +int sha512_init(void *); +int sha512_update(void *, const uint8_t *, size_t); +int sha512_final(void *, uint8_t *, size_t *); diff --git a/impl_sha512.c b/impl_sha512.c new file mode 100644 index 0000000..dc83c50 --- /dev/null +++ b/impl_sha512.c @@ -0,0 +1,117 @@ +/* + * Copyright (c) 2024 Lucas Gabriel Vuotto + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include "impl_sha512.h" +#include "util.h" + + +static const uint64_t K[SHA512_ROUNDS] = { + 0x428a2f98d728ae22, 0x7137449123ef65cd, + 0xb5c0fbcfec4d3b2f, 0xe9b5dba58189dbbc, + 0x3956c25bf348b538, 0x59f111f1b605d019, + 0x923f82a4af194f9b, 0xab1c5ed5da6d8118, + 0xd807aa98a3030242, 0x12835b0145706fbe, + 0x243185be4ee4b28c, 0x550c7dc3d5ffb4e2, + 0x72be5d74f27b896f, 0x80deb1fe3b1696b1, + 0x9bdc06a725c71235, 0xc19bf174cf692694, + 0xe49b69c19ef14ad2, 0xefbe4786384f25e3, + 0x0fc19dc68b8cd5b5, 0x240ca1cc77ac9c65, + 0x2de92c6f592b0275, 0x4a7484aa6ea6e483, + 0x5cb0a9dcbd41fbd4, 0x76f988da831153b5, + 0x983e5152ee66dfab, 0xa831c66d2db43210, + 0xb00327c898fb213f, 0xbf597fc7beef0ee4, + 0xc6e00bf33da88fc2, 0xd5a79147930aa725, + 0x06ca6351e003826f, 0x142929670a0e6e70, + 0x27b70a8546d22ffc, 0x2e1b21385c26c926, + 0x4d2c6dfc5ac42aed, 0x53380d139d95b3df, + 0x650a73548baf63de, 0x766a0abb3c77b2a8, + 0x81c2c92e47edaee6, 0x92722c851482353b, + 0xa2bfe8a14cf10364, 0xa81a664bbc423001, + 0xc24b8b70d0f89791, 0xc76c51a30654be30, + 0xd192e819d6ef5218, 0xd69906245565a910, + 0xf40e35855771202a, 0x106aa07032bbd1b8, + 0x19a4c116b8d2d0c8, 0x1e376c085141ab53, + 0x2748774cdf8eeb99, 0x34b0bcb5e19b48a8, + 0x391c0cb3c5c95a63, 0x4ed8aa4ae3418acb, + 0x5b9cca4f7763e373, 0x682e6ff3d6b2b8a3, + 0x748f82ee5defb2fc, 0x78a5636f43172f60, + 0x84c87814a1f0ab72, 0x8cc702081a6439ec, + 0x90befffa23631e28, 0xa4506cebde82bde9, + 0xbef9a3f7b2c67915, 0xc67178f2e372532b, + 0xca273eceea26619c, 0xd186b8c721c0c207, + 0xeada7dd6cde0eb1e, 0xf57d4f7fee6ed178, + 0x06f067aa72176fba, 0x0a637dc5a2c898a6, + 0x113f9804bef90dae, 0x1b710b35131c471b, + 0x28db77f523047d84, 0x32caab7b40c72493, + 0x3c9ebe0a15c9bebc, 0x431d67c49c100d4c, + 0x4cc5d4becb3e42b6, 0x597f299cfc657e2a, + 0x5fcb6fab3ad6faec, 0x6c44198c4a475817, +}; + +#define CH(x, y, z) ((x & y) ^ (~x & z)) +#define MAJ(x, y, z) ((x & y) ^ (x & z) ^ (y & z)) +#define BSIG0(x) (rotr64(x, 28) ^ rotr64(x, 34) ^ rotr64(x, 39)) +#define BSIG1(x) (rotr64(x, 14) ^ rotr64(x, 18) ^ rotr64(x, 41)) +#define SSIG0(x) (rotr64(x, 1) ^ rotr64(x, 8) ^ (x >> 7)) +#define SSIG1(x) (rotr64(x, 19) ^ rotr64(x, 61) ^ (x >> 6)) + +void +sha512_block(struct sha512_ctx *ctx) +{ + uint64_t m[SHA512_CHUNK_WORDS], W[SHA512_ROUNDS]; + uint64_t a, b, c, d, e, f, g, h, T1, T2; + size_t i; + + for (i = 0; i < SHA512_CHUNK_WORDS; i++) + W[i] = m[i] = load64be(&ctx->m[i * 8]); + for (; i < SHA512_ROUNDS; i++) + W[i] = SSIG1(W[i - 2]) + W[i - 7] + SSIG0(W[i - 15]) + + W[i - 16]; + + a = ctx->h0; + b = ctx->h1; + c = ctx->h2; + d = ctx->h3; + e = ctx->h4; + f = ctx->h5; + g = ctx->h6; + h = ctx->h7; + + for (i = 0; i < SHA512_ROUNDS; i++) { + T1 = h + BSIG1(e) + CH(e, f, g) + K[i] + W[i]; + T2 = BSIG0(a) + MAJ(a, b, c); + h = g; + g = f; + f = e; + e = d + T1; + d = c; + c = b; + b = a; + a = T1 + T2; + } + + ctx->h0 += a; + ctx->h1 += b; + ctx->h2 += c; + ctx->h3 += d; + ctx->h4 += e; + ctx->h5 += f; + ctx->h6 += g; + ctx->h7 += h; +} diff --git a/impl_sha512.h b/impl_sha512.h new file mode 100644 index 0000000..ee40eaf --- /dev/null +++ b/impl_sha512.h @@ -0,0 +1,36 @@ +/* + * Copyright (c) 2024 Lucas Gabriel Vuotto + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include "lilcrypto.h" + + +#define SHA512_CHUNK 128 +#define SHA512_CHUNK_WORDS (SHA512_CHUNK / sizeof(uint64_t)) +#define SHA512_ROUNDS 80 + + +struct sha512_ctx { + uint64_t h0, h1, h2, h3, h4, h5, h6, h7; + uint64_t szhi, szlo; + size_t mlen; + uint8_t m[SHA512_CHUNK]; +}; + + +void sha512_block(struct sha512_ctx *); diff --git a/lilcrypto.h b/lilcrypto.h index 3e2fdb2..e8d1f5b 100644 --- a/lilcrypto.h +++ b/lilcrypto.h @@ -23,6 +23,10 @@ * Constants. */ +/* Hashes. */ +#define LC_SHA384_HASHLEN 48 +#define LC_SHA512_HASHLEN 64 + /* Authentitcation. */ #define LC_POLY1305_KEYLEN 32 #define LC_POLY1305_TAGLEN 16 @@ -40,7 +44,28 @@ uint32_t lc_ct_cmp(const uint8_t *, const uint8_t *, size_t); /* - * Message authentication code. + * Hashes. + */ + +struct lc_hash_ctx; +struct lc_hash_impl; + + +int lc_hash_init(struct lc_hash_ctx *); +int lc_hash_update(struct lc_hash_ctx *, const uint8_t *, size_t); +int lc_hash_final(struct lc_hash_ctx *, uint8_t *, size_t *); +int lc_hash(const struct lc_hash_impl *, uint8_t *, size_t *, + const uint8_t *, size_t); + +struct lc_hash_ctx *lc_hash_ctx_new(const struct lc_hash_impl *); +void lc_hash_ctx_free(struct lc_hash_ctx *); + +const struct lc_hash_impl *lc_hash_impl_sha384(void); +const struct lc_hash_impl *lc_hash_impl_sha512(void); + + +/* + * Authentication. */ struct lc_auth_ctx; diff --git a/util.h b/util.h index cb19b60..fd02774 100644 --- a/util.h +++ b/util.h @@ -72,6 +72,53 @@ store64le(uint8_t *x, uint64_t v) x[7] = v >> 56; } +static inline uint16_t +load16be(const uint8_t *x) +{ + return (x[0] << 8) | x[1]; +} + +static inline uint32_t +load32be(const uint8_t *x) +{ + return (x[0] << 24) | (x[1] << 16) | (x[2] << 8) | x[3]; +} + +static inline uint64_t +load64be(const uint8_t *x) +{ + return ((uint64_t)load32be(x) << 32) | load32be(x + 4); +} + +static inline void +store16be(uint8_t *x, uint64_t v) +{ + x[0] = v >> 8; + x[1] = v & 0xff; +} + +static inline void +store32be(uint8_t *x, uint32_t v) +{ + x[0] = v >> 24; + x[1] = (v >> 16) & 0xff; + x[2] = (v >> 8) & 0xff; + x[3] = v & 0xff; +} + +static inline void +store64be(uint8_t *x, uint64_t v) +{ + x[0] = v >> 56; + x[1] = (v >> 48) & 0xff; + x[2] = (v >> 40) & 0xff; + x[3] = (v >> 32) & 0xff; + x[4] = (v >> 24) & 0xff; + x[5] = (v >> 16) & 0xff; + x[6] = (v >> 8) & 0xff; + x[7] = v & 0xff; +} + /* * rotr and rotl. @@ -92,11 +139,11 @@ rotl64(uint64_t x, uint64_t r) static inline uint32_t rotr32(uint32_t x, uint32_t r) { - return rotl32(x, 32 - r); + return (x >> r) | (x << (32 - r)); } static inline uint64_t rotr64(uint64_t x, uint64_t r) { - return rotl64(x, 64 - r); + return (x >> r) | (x << (64 - r)); }