1 #include <stdio.h>
2 #include <stdlib.h>
3 #include <string.h>
4 #include <assert.h>
5 #include "aes_core.h"
6
7 #ifndef uint32_t
8 #define uint32_t unsigned int
9 #endif
10
11 /**
12 * \brief SHA-256 context structure
13 */
14 typedef struct
15 {
16 uint32_t total[2]; /*!< number of bytes processed */
17 uint32_t state[8]; /*!< intermediate digest state */
18 unsigned char buffer[64]; /*!< data block being processed */
19 int is224; /*!< 0 => SHA-256, else SHA-224 */
20 }
21 RK_SHA256_CTX;
22
23 /* Implementation that should never be optimized out by the compiler */
mbedtls_zeroize(void * v,size_t n)24 static void mbedtls_zeroize( void *v, size_t n ) {
25 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
26 }
27
28 /*
29 * 32-bit integer manipulation macros (big endian)
30 */
31 #ifndef GET_UINT32_BE
32 #define GET_UINT32_BE(n,b,i) \
33 do { \
34 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
35 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
36 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
37 | ( (uint32_t) (b)[(i) + 3] ); \
38 } while( 0 )
39 #endif
40
41 #ifndef PUT_UINT32_BE
42 #define PUT_UINT32_BE(n,b,i) \
43 do { \
44 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
45 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
46 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
47 (b)[(i) + 3] = (unsigned char) ( (n) ); \
48 } while( 0 )
49 #endif
50
mbedtls_sha256_init(RK_SHA256_CTX * ctx)51 void mbedtls_sha256_init( RK_SHA256_CTX *ctx )
52 {
53 memset( ctx, 0, sizeof( RK_SHA256_CTX ) );
54 }
55
mbedtls_sha256_free(RK_SHA256_CTX * ctx)56 void mbedtls_sha256_free( RK_SHA256_CTX *ctx )
57 {
58 if( ctx == NULL )
59 return;
60
61 mbedtls_zeroize( ctx, sizeof( RK_SHA256_CTX ) );
62 }
63
mbedtls_sha256_clone(RK_SHA256_CTX * dst,const RK_SHA256_CTX * src)64 void mbedtls_sha256_clone( RK_SHA256_CTX *dst,
65 const RK_SHA256_CTX *src )
66 {
67 *dst = *src;
68 }
69
70 /*
71 * SHA-256 context setup
72 */
mbedtls_sha256_starts(RK_SHA256_CTX * ctx,int is224)73 void mbedtls_sha256_starts( RK_SHA256_CTX *ctx, int is224 )
74 {
75 ctx->total[0] = 0;
76 ctx->total[1] = 0;
77
78 if( is224 == 0 )
79 {
80 /* SHA-256 */
81 ctx->state[0] = 0x6A09E667;
82 ctx->state[1] = 0xBB67AE85;
83 ctx->state[2] = 0x3C6EF372;
84 ctx->state[3] = 0xA54FF53A;
85 ctx->state[4] = 0x510E527F;
86 ctx->state[5] = 0x9B05688C;
87 ctx->state[6] = 0x1F83D9AB;
88 ctx->state[7] = 0x5BE0CD19;
89 }
90 else
91 {
92 /* SHA-224 */
93 ctx->state[0] = 0xC1059ED8;
94 ctx->state[1] = 0x367CD507;
95 ctx->state[2] = 0x3070DD17;
96 ctx->state[3] = 0xF70E5939;
97 ctx->state[4] = 0xFFC00B31;
98 ctx->state[5] = 0x68581511;
99 ctx->state[6] = 0x64F98FA7;
100 ctx->state[7] = 0xBEFA4FA4;
101 }
102
103 ctx->is224 = is224;
104 }
105
106 static const uint32_t K[] =
107 {
108 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5,
109 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
110 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3,
111 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,
112 0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC,
113 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
114 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7,
115 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,
116 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13,
117 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,
118 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3,
119 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
120 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5,
121 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,
122 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208,
123 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2,
124 };
125
126 #define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
127 #define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
128
129 #define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
130 #define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
131
132 #define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
133 #define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
134
135 #define F0(x,y,z) ((x & y) | (z & (x | y)))
136 #define F1(x,y,z) (z ^ (x & (y ^ z)))
137
138 #define R(t) \
139 ( \
140 W[t] = S1(W[t - 2]) + W[t - 7] + \
141 S0(W[t - 15]) + W[t - 16] \
142 )
143
144 #define P(a,b,c,d,e,f,g,h,x,K) \
145 { \
146 temp1 = h + S3(e) + F1(e,f,g) + K + x; \
147 temp2 = S2(a) + F0(a,b,c); \
148 d += temp1; h = temp1 + temp2; \
149 }
150
mbedtls_sha256_process(RK_SHA256_CTX * ctx,const unsigned char data[64])151 void mbedtls_sha256_process( RK_SHA256_CTX *ctx, const unsigned char data[64] )
152 {
153 uint32_t temp1, temp2, W[64];
154 uint32_t A[8];
155 unsigned int i;
156
157 for( i = 0; i < 8; i++ )
158 A[i] = ctx->state[i];
159
160 #if defined(MBEDTLS_SHA256_SMALLER)
161 for( i = 0; i < 64; i++ )
162 {
163 if( i < 16 )
164 GET_UINT32_BE( W[i], data, 4 * i );
165 else
166 R( i );
167
168 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i], K[i] );
169
170 temp1 = A[7]; A[7] = A[6]; A[6] = A[5]; A[5] = A[4]; A[4] = A[3];
171 A[3] = A[2]; A[2] = A[1]; A[1] = A[0]; A[0] = temp1;
172 }
173 #else /* MBEDTLS_SHA256_SMALLER */
174 for( i = 0; i < 16; i++ )
175 GET_UINT32_BE( W[i], data, 4 * i );
176
177 for( i = 0; i < 16; i += 8 )
178 {
179 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i+0], K[i+0] );
180 P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], W[i+1], K[i+1] );
181 P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], W[i+2], K[i+2] );
182 P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], W[i+3], K[i+3] );
183 P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], W[i+4], K[i+4] );
184 P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], W[i+5], K[i+5] );
185 P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], W[i+6], K[i+6] );
186 P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], W[i+7], K[i+7] );
187 }
188
189 for( i = 16; i < 64; i += 8 )
190 {
191 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], R(i+0), K[i+0] );
192 P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], R(i+1), K[i+1] );
193 P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], R(i+2), K[i+2] );
194 P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], R(i+3), K[i+3] );
195 P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], R(i+4), K[i+4] );
196 P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], R(i+5), K[i+5] );
197 P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], R(i+6), K[i+6] );
198 P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], R(i+7), K[i+7] );
199 }
200 #endif /* MBEDTLS_SHA256_SMALLER */
201
202 for( i = 0; i < 8; i++ )
203 ctx->state[i] += A[i];
204 }
205
206 /*
207 * SHA-256 process buffer
208 */
mbedtls_sha256_update(RK_SHA256_CTX * ctx,const unsigned char * input,size_t ilen)209 void mbedtls_sha256_update( RK_SHA256_CTX *ctx, const unsigned char *input,
210 size_t ilen )
211 {
212 size_t fill;
213 uint32_t left;
214
215 if( ilen == 0 )
216 return;
217
218 left = ctx->total[0] & 0x3F;
219 fill = 64 - left;
220
221 ctx->total[0] += (uint32_t) ilen;
222 ctx->total[0] &= 0xFFFFFFFF;
223
224 if( ctx->total[0] < (uint32_t) ilen )
225 ctx->total[1]++;
226
227 if( left && ilen >= fill )
228 {
229 memcpy( (void *) (ctx->buffer + left), input, fill );
230 mbedtls_sha256_process( ctx, ctx->buffer );
231 input += fill;
232 ilen -= fill;
233 left = 0;
234 }
235
236 while( ilen >= 64 )
237 {
238 mbedtls_sha256_process( ctx, input );
239 input += 64;
240 ilen -= 64;
241 }
242
243 if( ilen > 0 )
244 memcpy( (void *) (ctx->buffer + left), input, ilen );
245 }
246
247 static const unsigned char sha256_padding[64] =
248 {
249 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
250 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
251 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
252 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
253 };
254
255 /*
256 * SHA-256 final digest
257 */
mbedtls_sha256_finish(RK_SHA256_CTX * ctx,unsigned char output[32])258 void mbedtls_sha256_finish( RK_SHA256_CTX *ctx, unsigned char output[32] )
259 {
260 uint32_t last, padn;
261 uint32_t high, low;
262 unsigned char msglen[8];
263
264 high = ( ctx->total[0] >> 29 )
265 | ( ctx->total[1] << 3 );
266 low = ( ctx->total[0] << 3 );
267
268 PUT_UINT32_BE( high, msglen, 0 );
269 PUT_UINT32_BE( low, msglen, 4 );
270
271 last = ctx->total[0] & 0x3F;
272 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
273
274 mbedtls_sha256_update( ctx, sha256_padding, padn );
275 mbedtls_sha256_update( ctx, msglen, 8 );
276
277 PUT_UINT32_BE( ctx->state[0], output, 0 );
278 PUT_UINT32_BE( ctx->state[1], output, 4 );
279 PUT_UINT32_BE( ctx->state[2], output, 8 );
280 PUT_UINT32_BE( ctx->state[3], output, 12 );
281 PUT_UINT32_BE( ctx->state[4], output, 16 );
282 PUT_UINT32_BE( ctx->state[5], output, 20 );
283 PUT_UINT32_BE( ctx->state[6], output, 24 );
284
285 if( ctx->is224 == 0 )
286 PUT_UINT32_BE( ctx->state[7], output, 28 );
287 }
288
289 /*
290 * output = SHA-256( input buffer )
291 */
rk_hash_sha256(const unsigned char * in,unsigned int in_len,unsigned char * out,unsigned int * out_len)292 int rk_hash_sha256(const unsigned char *in, unsigned int in_len,
293 unsigned char *out, unsigned int *out_len)
294 {
295 RK_SHA256_CTX ctx;
296
297 if (in == NULL && in_len != 0)
298 return -1;
299
300 if(out == NULL || out_len == NULL)
301 return -1;
302
303 mbedtls_sha256_init( &ctx );
304 mbedtls_sha256_starts( &ctx, 0 );
305 mbedtls_sha256_update( &ctx, in, in_len );
306 mbedtls_sha256_finish( &ctx, out );
307 mbedtls_sha256_free( &ctx );
308 *out_len = 32;
309 return 0;
310 }
311
rk_hash_sha224(const unsigned char * in,unsigned int in_len,unsigned char * out,unsigned int * out_len)312 int rk_hash_sha224(const unsigned char *in, unsigned int in_len,
313 unsigned char *out, unsigned int *out_len)
314 {
315 RK_SHA256_CTX ctx;
316
317 if (in == NULL && in_len != 0)
318 return -1;
319
320 if(out == NULL || out_len == NULL)
321 return -1;
322
323 mbedtls_sha256_init( &ctx );
324 mbedtls_sha256_starts( &ctx, 1);
325 mbedtls_sha256_update( &ctx, in, in_len );
326 mbedtls_sha256_finish( &ctx, out );
327 mbedtls_sha256_free( &ctx );
328 *out_len = 28;
329 return 0;
330 }
331
332
333