xref: /plan9/sys/src/libsec/port/sha2block64.c (revision 3468a4915d661daa200976acc4f80f51aae144b2) 
1 /*
2  * sha2_256 block cipher
3  *
4  * Implementation straight from Federal Information Processing Standards
5  * publication 180-2 (+Change Notice to include SHA-224) August 1, 2002
6  *   note: the following upper and lower case macro names are distinct
7  *	   and reflect the functions defined in FIPS pub. 180-2.
8  */
9 
10 #include <u.h>
11 #include <libc.h>
12 
13 #define ROTR(x,n)	(((x) >> (n)) | ((x) << (32-(n))))
14 #define sigma0(x)	(ROTR((x),7) ^ ROTR((x),18) ^ ((x) >> 3))
15 #define sigma1(x)	(ROTR((x),17) ^ ROTR((x),19) ^ ((x) >> 10))
16 #define SIGMA0(x)	(ROTR((x),2) ^ ROTR((x),13) ^ ROTR((x),22))
17 #define SIGMA1(x)	(ROTR((x),6) ^ ROTR((x),11) ^ ROTR((x),25))
18 #define Ch(x,y,z)	(((x) & (y)) ^ ((~(x)) & (z)))
19 #define Maj(x,y,z)	(((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
20 
21 /*
22  * first 32 bits of the fractional parts of cube roots of
23  * first 64 primes (2..311).
24  */
25 static u32int K256[64] = {
26 	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5,
27 	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5,
28 	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3,
29 	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174,
30 	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc,
31 	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da,
32 	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7,
33 	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967,
34 	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13,
35 	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85,
36 	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3,
37 	0xd192e819,0xd6990624,0xf40e3585,0x106aa070,
38 	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5,
39 	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3,
40 	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208,
41 	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2,
42 };
43 
44 void
45 _sha2block64(uchar *p, ulong len, u32int *s)
46 {
47 	u32int a, b, c, d, e, f, g, h, t1, t2;
48 	u32int *kp, *wp;
49 	u32int w[64];
50 	uchar *end;
51 
52 	/* at this point, we have a multiple of 64 bytes */
53 	for(end = p+len; p < end;){
54 		a = s[0];
55 		b = s[1];
56 		c = s[2];
57 		d = s[3];
58 		e = s[4];
59 		f = s[5];
60 		g = s[6];
61 		h = s[7];
62 
63 		for(wp = w; wp < &w[16]; wp++, p += 4)
64 			wp[0] = p[0] << 24 | p[1] << 16 | p[2] << 8 | p[3];
65 		for(; wp < &w[64]; wp++)
66 			wp[0] = sigma1(wp[-2]) + wp[-7] +
67 				sigma0(wp[-15]) + wp[-16];
68 
69 		for(kp = K256, wp = w; wp < &w[64]; ) {
70 			t1 = h + SIGMA1(e) + Ch(e,f,g) + *kp++ + *wp++;
71 			t2 = SIGMA0(a) + Maj(a,b,c);
72 			h = g;
73 			g = f;
74 			f = e;
75 			e = d + t1;
76 			d = c;
77 			c = b;
78 			b = a;
79 			a = t1 + t2;
80 		}
81 
82 		/* save state */
83 		s[0] += a;
84 		s[1] += b;
85 		s[2] += c;
86 		s[3] += d;
87 		s[4] += e;
88 		s[5] += f;
89 		s[6] += g;
90 		s[7] += h;
91 	}
92 }
93