51 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
52 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
53 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
54 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
55 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
56 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
57 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
58 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
59 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
60 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
61 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
62 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
63 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
64 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
65 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
66 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL,
71 #define SHA256_DATA_LENGTH 16 80 #define Choice(x,y,z) ( (z) ^ ( (x) & ( (y) ^ (z) ) ) ) 82 #define Majority(x,y,z) ( ((x) & (y)) ^ ((z) & ((x) ^ (y))) ) 84 #define S0(x) (ROTL32(30,(x)) ^ ROTL32(19,(x)) ^ ROTL32(10,(x))) 85 #define S1(x) (ROTL32(26,(x)) ^ ROTL32(21,(x)) ^ ROTL32(7,(x))) 87 #define s0(x) (ROTL32(25,(x)) ^ ROTL32(14,(x)) ^ ((x) >> 3)) 88 #define s1(x) (ROTL32(15,(x)) ^ ROTL32(13,(x)) ^ ((x) >> 10)) 101 #define EXPAND(W,i) \ 102 ( W[(i) & 15 ] += (s1(W[((i)-2) & 15]) + W[((i)-7) & 15] + s0(W[((i)-15) & 15])) ) 124 #define ROUND(a,b,c,d,e,f,g,h,k,data) do { \ 125 h += S1(e) + Choice(e,f,g) + k + data; \ 127 h += S0(a) + Majority(a,b,c); \ 132 #define READ_UINT32(p) \ 133 ( (((uint32_t) (p)[0]) << 24) \ 134 | (((uint32_t) (p)[1]) << 16) \ 135 | (((uint32_t) (p)[2]) << 8) \ 136 | ((uint32_t) (p)[3])) 138 #define WRITE_UINT32(p, i) \ 140 (p)[0] = ((i) >> 24) & 0xff; \ 141 (p)[1] = ((i) >> 16) & 0xff; \ 142 (p)[2] = ((i) >> 8) & 0xff; \ 143 (p)[3] = (i) & 0xff; \ 146 #define WRITE_UINT64(p, i) \ 148 (p)[0] = ((i) >> 56) & 0xff; \ 149 (p)[1] = ((i) >> 48) & 0xff; \ 150 (p)[2] = ((i) >> 40) & 0xff; \ 151 (p)[3] = ((i) >> 32) & 0xff; \ 152 (p)[4] = ((i) >> 24) & 0xff; \ 153 (p)[5] = ((i) >> 16) & 0xff; \ 154 (p)[6] = ((i) >> 8) & 0xff; \ 155 (p)[7] = (i) & 0xff; \ 161 #define ROTL32(n,x) (((x)<<(n)) | ((x)>>((-(n)&31)))) 167 uint32_t A, B, C, D, E, F, G, H;
189 for (i = 0, d =
data; i<16; i+=8, k += 8, d+= 8)
191 ROUND(A, B, C, D, E, F, G, H, k[0], d[0]);
192 ROUND(H, A, B, C, D, E, F, G, k[1], d[1]);
193 ROUND(G, H, A, B, C, D, E, F, k[2], d[2]);
194 ROUND(F, G, H, A, B, C, D, E, k[3], d[3]);
195 ROUND(E, F, G, H, A, B, C, D, k[4], d[4]);
196 ROUND(D, E, F, G, H, A, B, C, k[5], d[5]);
197 ROUND(C, D, E, F, G, H, A, B, k[6], d[6]);
198 ROUND(B, C, D, E, F, G, H, A, k[7], d[7]);
201 for (; i<64; i += 16, k+= 16)
203 ROUND(A, B, C, D, E, F, G, H, k[ 0],
EXPAND(
data, 0));
204 ROUND(H, A, B, C, D, E, F, G, k[ 1],
EXPAND(
data, 1));
205 ROUND(G, H, A, B, C, D, E, F, k[ 2],
EXPAND(
data, 2));
206 ROUND(F, G, H, A, B, C, D, E, k[ 3],
EXPAND(
data, 3));
207 ROUND(E, F, G, H, A, B, C, D, k[ 4],
EXPAND(
data, 4));
208 ROUND(D, E, F, G, H, A, B, C, k[ 5],
EXPAND(
data, 5));
209 ROUND(C, D, E, F, G, H, A, B, k[ 6],
EXPAND(
data, 6));
210 ROUND(B, C, D, E, F, G, H, A, k[ 7],
EXPAND(
data, 7));
211 ROUND(A, B, C, D, E, F, G, H, k[ 8],
EXPAND(
data, 8));
212 ROUND(H, A, B, C, D, E, F, G, k[ 9],
EXPAND(
data, 9));
213 ROUND(G, H, A, B, C, D, E, F, k[10],
EXPAND(
data, 10));
214 ROUND(F, G, H, A, B, C, D, E, k[11],
EXPAND(
data, 11));
215 ROUND(E, F, G, H, A, B, C, D, k[12],
EXPAND(
data, 12));
216 ROUND(D, E, F, G, H, A, B, C, k[13],
EXPAND(
data, 13));
217 ROUND(C, D, E, F, G, H, A, B, k[14],
EXPAND(
data, 14));
218 ROUND(B, C, D, E, F, G, H, A, k[15],
EXPAND(
data, 15));
233 #define COMPRESS(ctx, data) (_nettle_sha256_compress((ctx)->state, (data), K)) 243 0x6a09e667UL, 0xbb67ae85UL, 0x3c6ef372UL, 0xa54ff53aUL,
244 0x510e527fUL, 0x9b05688cUL, 0x1f83d9abUL, 0x5be0cd19UL,
248 memcpy(ctx->
state, H0,
sizeof(H0));
260 #define MD_UPDATE(ctx, length, data, f, incr) \ 265 unsigned __md_left = sizeof((ctx)->block) - (ctx)->index; \ 266 if ((length) < __md_left) \ 268 memcpy((ctx)->block + (ctx)->index, (data), (length)); \ 269 (ctx)->index += (length); \ 274 memcpy((ctx)->block + (ctx)->index, (data), __md_left); \ 276 f((ctx), (ctx)->block); \ 279 (data) += __md_left; \ 280 (length) -= __md_left; \ 283 while ((length) >= sizeof((ctx)->block)) \ 288 (data) += sizeof((ctx)->block); \ 289 (length) -= sizeof((ctx)->block); \ 291 memcpy ((ctx)->block, (data), (length)); \ 292 (ctx)->index = (length); \ 300 #define MD_PAD(ctx, size, f) \ 303 __md_i = (ctx)->index; \ 308 assert(__md_i < sizeof((ctx)->block)); \ 309 (ctx)->block[__md_i++] = 0x80; \ 311 if (__md_i > (sizeof((ctx)->block) - (size))) \ 314 memset((ctx)->block + __md_i, 0, sizeof((ctx)->block) - __md_i); \ 316 f((ctx), (ctx)->block); \ 319 memset((ctx)->block + __md_i, 0, \ 320 sizeof((ctx)->block) - (size) - __md_i); \ 345 leftover = length % 4;
347 for (i = 0; i < words; i++, dst += 4)
353 unsigned j = leftover;
362 dst[--j] = (word >> 8) & 0xff;
365 dst[--j] = (word >> 16) & 0xff;
368 dst[--j] = (word >> 24) & 0xff;
386 bit_count = (ctx->
count << 9) | (ctx->
index << 3);
static void sha256_write_digest(struct sha256_ctx *ctx, size_t length, uint8_t *digest)
#define ROUND(a, b, c, d, e, f, g, h, k, data)
uint8_t block[SHA256_BLOCK_SIZE]
#define MD_PAD(ctx, size, f)
#define SHA256_DIGEST_SIZE
void sha256_update(void *ctx_, const uint8_t *data, size_t length)
void sha256_digest(void *ctx_, uint8_t *digest)
static void _nettle_sha256_compress(uint32_t *state, const uint8_t *input, const uint32_t *k)
void _nettle_write_be32(size_t length, uint8_t *dst, const uint32_t *src)
#define COMPRESS(ctx, data)
#define SHA256_DATA_LENGTH
#define MD_UPDATE(ctx, length, data, f, incr)
static const uint32_t K[64]
#define WRITE_UINT64(p, i)
void sha256_init(void *ctx_)
#define SHA256_BLOCK_SIZE
#define _SHA256_DIGEST_LENGTH
uint32_t state[_SHA256_DIGEST_LENGTH]
#define WRITE_UINT32(p, i)