iPXE
sha256.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
3  *
4  * This program is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU General Public License as
6  * published by the Free Software Foundation; either version 2 of the
7  * License, or any later version.
8  *
9  * This program is distributed in the hope that it will be useful, but
10  * WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  * General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17  * 02110-1301, USA.
18  *
19  * You can also choose to distribute this program under the terms of
20  * the Unmodified Binary Distribution Licence (as given in the file
21  * COPYING.UBDL), provided that you have satisfied its requirements.
22  */
23 
24 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
25 
26 /** @file
27  *
28  * SHA-256 algorithm
29  *
30  */
31 
32 #include <stdint.h>
33 #include <string.h>
34 #include <byteswap.h>
35 #include <assert.h>
36 #include <ipxe/rotate.h>
37 #include <ipxe/crypto.h>
38 #include <ipxe/sha256.h>
39 
40 /** SHA-256 variables */
41 struct sha256_variables {
42  /* This layout matches that of struct sha256_digest_data,
43  * allowing for efficient endianness-conversion,
44  */
45  uint32_t a;
46  uint32_t b;
47  uint32_t c;
48  uint32_t d;
49  uint32_t e;
50  uint32_t f;
51  uint32_t g;
52  uint32_t h;
53  uint32_t w[SHA256_ROUNDS];
54 } __attribute__ (( packed ));
55 
56 /** SHA-256 constants */
57 static const uint32_t k[SHA256_ROUNDS] = {
58  0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1,
59  0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
60  0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786,
61  0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
62  0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147,
63  0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
64  0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b,
65  0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
66  0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a,
67  0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
68  0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
69 };
70 
71 /** SHA-256 initial digest values */
72 static const struct sha256_digest sha256_init_digest = {
73  .h = {
74  cpu_to_be32 ( 0x6a09e667 ),
75  cpu_to_be32 ( 0xbb67ae85 ),
76  cpu_to_be32 ( 0x3c6ef372 ),
77  cpu_to_be32 ( 0xa54ff53a ),
78  cpu_to_be32 ( 0x510e527f ),
79  cpu_to_be32 ( 0x9b05688c ),
80  cpu_to_be32 ( 0x1f83d9ab ),
81  cpu_to_be32 ( 0x5be0cd19 ),
82  },
83 };
84 
85 /**
86  * Initialise SHA-256 family algorithm
87  *
88  * @v context SHA-256 context
89  * @v init Initial digest values
90  * @v digestsize Digest size
91  */
92 void sha256_family_init ( struct sha256_context *context,
93  const struct sha256_digest *init,
94  size_t digestsize ) {
95 
96  context->len = 0;
97  context->digestsize = digestsize;
98  memcpy ( &context->ddd.dd.digest, init,
99  sizeof ( context->ddd.dd.digest ) );
100 }
101 
102 /**
103  * Initialise SHA-256 algorithm
104  *
105  * @v ctx SHA-256 context
106  */
107 static void sha256_init ( void *ctx ) {
108  struct sha256_context *context = ctx;
109 
110  sha256_family_init ( context, &sha256_init_digest,
111  sizeof ( struct sha256_digest ) );
112 }
113 
114 /**
115  * Calculate SHA-256 digest of accumulated data
116  *
117  * @v context SHA-256 context
118  */
119 static void sha256_digest ( struct sha256_context *context ) {
120  union {
121  union sha256_digest_data_dwords ddd;
122  struct sha256_variables v;
123  } u;
124  uint32_t *a = &u.v.a;
125  uint32_t *b = &u.v.b;
126  uint32_t *c = &u.v.c;
127  uint32_t *d = &u.v.d;
128  uint32_t *e = &u.v.e;
129  uint32_t *f = &u.v.f;
130  uint32_t *g = &u.v.g;
131  uint32_t *h = &u.v.h;
132  uint32_t *w = u.v.w;
133  uint32_t s0;
134  uint32_t s1;
135  uint32_t maj;
136  uint32_t t1;
137  uint32_t t2;
138  uint32_t ch;
139  unsigned int i;
140 
141  /* Sanity checks */
142  assert ( ( context->len % sizeof ( context->ddd.dd.data ) ) == 0 );
143  build_assert ( &u.ddd.dd.digest.h[0] == a );
144  build_assert ( &u.ddd.dd.digest.h[1] == b );
145  build_assert ( &u.ddd.dd.digest.h[2] == c );
146  build_assert ( &u.ddd.dd.digest.h[3] == d );
147  build_assert ( &u.ddd.dd.digest.h[4] == e );
148  build_assert ( &u.ddd.dd.digest.h[5] == f );
149  build_assert ( &u.ddd.dd.digest.h[6] == g );
150  build_assert ( &u.ddd.dd.digest.h[7] == h );
151  build_assert ( &u.ddd.dd.data.dword[0] == w );
152 
153  DBGC ( context, "SHA256 digesting:\n" );
154  DBGC_HDA ( context, 0, &context->ddd.dd.digest,
155  sizeof ( context->ddd.dd.digest ) );
156  DBGC_HDA ( context, context->len, &context->ddd.dd.data,
157  sizeof ( context->ddd.dd.data ) );
158 
159  /* Convert h[0..7] to host-endian, and initialise a, b, c, d,
160  * e, f, g, h, and w[0..15]
161  */
162  for ( i = 0 ; i < ( sizeof ( u.ddd.dword ) /
163  sizeof ( u.ddd.dword[0] ) ) ; i++ ) {
164  be32_to_cpus ( &context->ddd.dword[i] );
165  u.ddd.dword[i] = context->ddd.dword[i];
166  }
167 
168  /* Initialise w[16..63] */
169  for ( i = 16 ; i < SHA256_ROUNDS ; i++ ) {
170  s0 = ( ror32 ( w[i-15], 7 ) ^ ror32 ( w[i-15], 18 ) ^
171  ( w[i-15] >> 3 ) );
172  s1 = ( ror32 ( w[i-2], 17 ) ^ ror32 ( w[i-2], 19 ) ^
173  ( w[i-2] >> 10 ) );
174  w[i] = ( w[i-16] + s0 + w[i-7] + s1 );
175  }
176 
177  /* Main loop */
178  for ( i = 0 ; i < SHA256_ROUNDS ; i++ ) {
179  s0 = ( ror32 ( *a, 2 ) ^ ror32 ( *a, 13 ) ^ ror32 ( *a, 22 ) );
180  maj = ( ( *a & *b ) ^ ( *a & *c ) ^ ( *b & *c ) );
181  t2 = ( s0 + maj );
182  s1 = ( ror32 ( *e, 6 ) ^ ror32 ( *e, 11 ) ^ ror32 ( *e, 25 ) );
183  ch = ( ( *e & *f ) ^ ( (~*e) & *g ) );
184  t1 = ( *h + s1 + ch + k[i] + w[i] );
185  *h = *g;
186  *g = *f;
187  *f = *e;
188  *e = ( *d + t1 );
189  *d = *c;
190  *c = *b;
191  *b = *a;
192  *a = ( t1 + t2 );
193  DBGC2 ( context, "%2d : %08x %08x %08x %08x %08x %08x %08x "
194  "%08x\n", i, *a, *b, *c, *d, *e, *f, *g, *h );
195  }
196 
197  /* Add chunk to hash and convert back to big-endian */
198  for ( i = 0 ; i < 8 ; i++ ) {
199  context->ddd.dd.digest.h[i] =
200  cpu_to_be32 ( context->ddd.dd.digest.h[i] +
201  u.ddd.dd.digest.h[i] );
202  }
203 
204  DBGC ( context, "SHA256 digested:\n" );
205  DBGC_HDA ( context, 0, &context->ddd.dd.digest,
206  sizeof ( context->ddd.dd.digest ) );
207 }
208 
209 /**
210  * Accumulate data with SHA-256 algorithm
211  *
212  * @v ctx SHA-256 context
213  * @v data Data
214  * @v len Length of data
215  */
216 void sha256_update ( void *ctx, const void *data, size_t len ) {
217  struct sha256_context *context = ctx;
218  const uint8_t *byte = data;
219  size_t offset;
220 
221  /* Accumulate data a byte at a time, performing the digest
222  * whenever we fill the data buffer
223  */
224  while ( len-- ) {
225  offset = ( context->len % sizeof ( context->ddd.dd.data ) );
226  context->ddd.dd.data.byte[offset] = *(byte++);
227  context->len++;
228  if ( ( context->len % sizeof ( context->ddd.dd.data ) ) == 0 )
229  sha256_digest ( context );
230  }
231 }
232 
233 /**
234  * Generate SHA-256 digest
235  *
236  * @v ctx SHA-256 context
237  * @v out Output buffer
238  */
239 void sha256_final ( void *ctx, void *out ) {
240  struct sha256_context *context = ctx;
241  uint64_t len_bits;
242  uint8_t pad;
243 
244  /* Record length before pre-processing */
245  len_bits = cpu_to_be64 ( ( ( uint64_t ) context->len ) * 8 );
246 
247  /* Pad with a single "1" bit followed by as many "0" bits as required */
248  pad = 0x80;
249  do {
250  sha256_update ( ctx, &pad, sizeof ( pad ) );
251  pad = 0x00;
252  } while ( ( context->len % sizeof ( context->ddd.dd.data ) ) !=
253  offsetof ( typeof ( context->ddd.dd.data ), final.len ) );
254 
255  /* Append length (in bits) */
256  sha256_update ( ctx, &len_bits, sizeof ( len_bits ) );
257  assert ( ( context->len % sizeof ( context->ddd.dd.data ) ) == 0 );
258 
259  /* Copy out final digest */
260  memcpy ( out, &context->ddd.dd.digest, context->digestsize );
261 }
262 
263 /** SHA-256 algorithm */
264 struct digest_algorithm sha256_algorithm = {
265  .name = "sha256",
266  .ctxsize = sizeof ( struct sha256_context ),
267  .blocksize = sizeof ( union sha256_block ),
268  .digestsize = sizeof ( struct sha256_digest ),
269  .init = sha256_init,
270  .update = sha256_update,
271  .final = sha256_final,
272 };
sha256_init
static void sha256_init(void *ctx)
Initialise SHA-256 algorithm.
Definition: sha256.c:107
d
uint32_t d
Definition: sha256.c:31
sha256_init_digest
static const struct sha256_digest sha256_init_digest
SHA-256 initial digest values.
Definition: sha256.c:72
k
static const uint32_t k[SHA256_ROUNDS]
SHA-256 constants.
Definition: sha256.c:57
sha256_variables
SHA-256 variables.
Definition: sha256.c:41
sha256_variables::a
uint32_t a
Definition: sha256.c:45
c
uint32_t c
Definition: sha256.c:30
g
uint32_t g
Definition: sha256.c:34
sha256_variables::f
uint32_t f
Definition: sha256.c:50
DBGC
#define DBGC(...)
Definition: compiler.h:505
sha256_digest_data::digest
struct sha256_digest digest
Digest of data already processed.
Definition: sha256.h:46
uint64_t
unsigned long long uint64_t
Definition: stdint.h:13
crypto.h
Cryptographic API.
sha256_variables::e
uint32_t e
Definition: sha256.c:49
sha256_context::digestsize
size_t digestsize
Digest size.
Definition: sha256.h:65
offsetof
#define offsetof(type, field)
Get offset of a field within a structure.
Definition: stddef.h:24
pad
u32 pad[9]
Padding.
Definition: ar9003_mac.h:90
ror32
static u32 ror32(u32 v, int bits)
Rotate 32-bit value right.
Definition: wpa_tkip.c:161
sha256_digest_data_dwords
SHA-256 digest and data block.
Definition: sha256.h:52
out
__be32 out[4]
Definition: CIB_PRM.h:36
sha256_variables::b
uint32_t b
Definition: sha256.c:46
sha256_digest::h
uint32_t h[8]
Hash output.
Definition: sha256.h:21
ch
uint8_t ch
Definition: registers.h:83
memcpy
void * memcpy(void *dest, const void *src, size_t len) __nonnull
w
uint32_t w[SHA256_ROUNDS]
Definition: sha256.c:36
assert.h
Assertions.
assert
assert((readw(&hdr->flags) &(GTF_reading|GTF_writing))==0)
h
uint32_t h
Definition: sha256.c:35
DBGC_HDA
#define DBGC_HDA(...)
Definition: compiler.h:506
sha256_update
void sha256_update(void *ctx, const void *data, size_t len)
Accumulate data with SHA-256 algorithm.
Definition: sha256.c:216
build_assert
#define build_assert(condition)
Assert a condition at build time (after dead code elimination)
Definition: assert.h:76
offset
static userptr_t size_t offset
Offset of the first segment within the content.
Definition: deflate.h:259
sha256_block
An SHA-256 data block.
Definition: sha256.h:25
sha256_digest_data_dwords::dd
struct sha256_digest_data dd
Digest and data block.
Definition: sha256.h:54
b
uint32_t b
Definition: sha256.c:29
sha256_variables::w
uint32_t w[SHA256_ROUNDS]
Definition: sha256.c:53
a
uint32_t a
Definition: sha256.c:28
sha256_context::len
size_t len
Amount of accumulated data.
Definition: sha256.h:63
__attribute__
struct sha256_variables __attribute__((packed))
ctx
struct golan_eq_context ctx
Definition: CIB_PRM.h:28
uint8_t
unsigned char uint8_t
Definition: stdint.h:10
uint32_t
unsigned int uint32_t
Definition: stdint.h:12
sha256_digest_data::data
union sha256_block data
Accumulated data.
Definition: sha256.h:48
sha256_digest_data_dwords::dword
uint32_t dword[sizeof(struct sha256_digest_data)/sizeof(uint32_t)]
Raw dwords.
Definition: sha256.h:57
cpu_to_be32
#define cpu_to_be32(value)
Definition: byteswap.h:110
sha256_algorithm
struct digest_algorithm sha256_algorithm
SHA-256 algorithm.
Definition: sha256.c:264
be32_to_cpus
#define be32_to_cpus(ptr)
Definition: byteswap.h:128
len
uint32_t len
Length.
Definition: ena.h:14
DBGC2
#define DBGC2(...)
Definition: compiler.h:522
e
uint32_t e
Definition: sha256.c:32
digest_algorithm::name
const char * name
Algorithm name.
Definition: crypto.h:19
sha256_variables::c
uint32_t c
Definition: sha256.c:47
digest_algorithm
A message digest algorithm.
Definition: crypto.h:17
u
union @17 u
sha256_variables::d
uint32_t d
Definition: sha256.c:48
cpu_to_be64
#define cpu_to_be64(value)
Definition: byteswap.h:111
data
uint8_t data[48]
Additional event data.
Definition: ena.h:22
sha256_variables::g
uint32_t g
Definition: sha256.c:51
sha256_variables::h
uint32_t h
Definition: sha256.c:52
f
uint32_t f
Definition: sha256.c:33
sha256_family_init
void sha256_family_init(struct sha256_context *context, const struct sha256_digest *init, size_t digestsize)
Initialise SHA-256 family algorithm.
Definition: sha256.c:92
sha256_context::ddd
union sha256_digest_data_dwords ddd
Digest and accumulated data.
Definition: sha256.h:67
SHA256_ROUNDS
#define SHA256_ROUNDS
SHA-256 number of rounds.
Definition: sha256.h:16
FILE_LICENCE
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)
typeof
typeof(acpi_finder=acpi_find)
ACPI table finder.
Definition: acpi.c:45
digestsize
uint32_t digestsize
Digest size (i.e.
Definition: pccrr.h:14
sha256_context
An SHA-256 context.
Definition: sha256.h:61
sha256_block::byte
uint8_t byte[64]
Raw bytes.
Definition: sha256.h:27
sha256.h
SHA-256 algorithm.
sha256_digest
An SHA-256 digest.
Definition: sha256.h:19
string.h
String functions.
rotate.h
Bit operations.
sha256_digest
static void sha256_digest(struct sha256_context *context)
Calculate SHA-256 digest of accumulated data.
Definition: sha256.c:119
sha256_final
void sha256_final(void *ctx, void *out)
Generate SHA-256 digest.
Definition: sha256.c:239
Generated by   doxygen 1.8.15