1 /* 2 * Copyright (C) 2017 - This file is part of libecc project 3 * 4 * Authors: 5 * Ryad BENADJILA <ryadbenadjila@gmail.com> 6 * Arnaud EBALARD <arnaud.ebalard@ssi.gouv.fr> 7 * Jean-Pierre FLORI <jean-pierre.flori@ssi.gouv.fr> 8 * 9 * Contributors: 10 * Nicolas VIVET <nicolas.vivet@ssi.gouv.fr> 11 * Karim KHALFALLAH <karim.khalfallah@ssi.gouv.fr> 12 * 13 * This software is licensed under a dual BSD and GPL v2 license. 14 * See LICENSE file at the root folder of the project. 15 */ 16 #ifndef __SHA2_H__ 17 #define __SHA2_H__ 18 19 #include <libecc/words/words.h> 20 21 /* Useful primitives for handling 128-bit */ 22 23 /* Add a 128-bit to a 64-bit element and store the result 24 * in the input 25 */ 26 #define ADD_UINT128_UINT64(low,high,toadd) do {\ 27 (low) += (toadd);\ 28 if((low) < (toadd)){\ 29 (high)++;\ 30 }\ 31 } while(0) 32 33 /* Store a 128-bit element in big endian format */ 34 #define PUT_UINT128_BE(low,high,b,i) do {\ 35 PUT_UINT64_BE((high), (b), (i));\ 36 PUT_UINT64_BE((low), (b), (i)+8);\ 37 } while(0) 38 39 /* Multiply a 128-bit element by 8 and store it in big endian 40 * format 41 */ 42 #define PUT_MUL8_UINT128_BE(low,high,b,i) do {\ 43 u64 reslow, reshigh;\ 44 reslow = (low) << 3;\ 45 reshigh = ((low) >> 61) ^ ((high) << 3);\ 46 PUT_UINT128_BE(reslow,reshigh,(b),(i));\ 47 } while(0) 48 49 /* 50 * 32-bit integer manipulation macros (big endian) 51 */ 52 #ifndef GET_UINT32_BE 53 #define GET_UINT32_BE(n, b, i) \ 54 do { \ 55 (n) = ( ((u32) (b)[(i) ]) << 24 ) \ 56 | ( ((u32) (b)[(i) + 1]) << 16 ) \ 57 | ( ((u32) (b)[(i) + 2]) << 8 ) \ 58 | ( ((u32) (b)[(i) + 3]) ); \ 59 } while( 0 ) 60 #endif 61 62 #ifndef PUT_UINT32_BE 63 #define PUT_UINT32_BE(n, b, i) \ 64 do { \ 65 (b)[(i) ] = (u8) ( (n) >> 24 ); \ 66 (b)[(i) + 1] = (u8) ( (n) >> 16 ); \ 67 (b)[(i) + 2] = (u8) ( (n) >> 8 ); \ 68 (b)[(i) + 3] = (u8) ( (n) ); \ 69 } while( 0 ) 70 #endif 71 72 /* 73 * 64-bit integer manipulation macros (big endian) 74 */ 75 #ifndef GET_UINT64_BE 76 #define GET_UINT64_BE(n,b,i) \ 77 do { \ 78 (n) = ( ((u64) (b)[(i) ]) << 56 ) \ 79 | ( ((u64) (b)[(i) + 1]) << 48 ) \ 80 | ( ((u64) (b)[(i) + 2]) << 40 ) \ 81 | ( ((u64) (b)[(i) + 3]) << 32 ) \ 82 | ( ((u64) (b)[(i) + 4]) << 24 ) \ 83 | ( ((u64) (b)[(i) + 5]) << 16 ) \ 84 | ( ((u64) (b)[(i) + 6]) << 8 ) \ 85 | ( ((u64) (b)[(i) + 7]) ); \ 86 } while( 0 ) 87 #endif /* GET_UINT64_BE */ 88 89 #ifndef PUT_UINT64_BE 90 #define PUT_UINT64_BE(n,b,i) \ 91 do { \ 92 (b)[(i) ] = (u8) ( (n) >> 56 ); \ 93 (b)[(i) + 1] = (u8) ( (n) >> 48 ); \ 94 (b)[(i) + 2] = (u8) ( (n) >> 40 ); \ 95 (b)[(i) + 3] = (u8) ( (n) >> 32 ); \ 96 (b)[(i) + 4] = (u8) ( (n) >> 24 ); \ 97 (b)[(i) + 5] = (u8) ( (n) >> 16 ); \ 98 (b)[(i) + 6] = (u8) ( (n) >> 8 ); \ 99 (b)[(i) + 7] = (u8) ( (n) ); \ 100 } while( 0 ) 101 #endif /* PUT_UINT64_BE */ 102 103 /* Useful macros for the SHA-2 core function */ 104 #define CH(x, y, z) (((x) & (y)) ^ ((~(x)) & (z))) 105 #define MAJ(x, y, z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) 106 107 #define UPDATEW(w, i, sha_type) ((w)[(i)] = SIGMA_MIN1_##sha_type((w)[(i)-2]) + (w)[(i)-7] + SIGMA_MIN0_##sha_type((w)[(i)-15]) + (w)[(i)-16]) 108 109 #define SHA2CORE(a, b, c, d, e, f, g, h, w, k, sha_word_type, sha_type) do {\ 110 sha_word_type t1, t2;\ 111 t1 = (h) + SIGMA_MAJ1_##sha_type((e)) + CH((e), (f), (g)) + (k) + (w);\ 112 t2 = SIGMA_MAJ0_##sha_type((a)) + MAJ((a), (b), (c));\ 113 (h) = (g);\ 114 (g) = (f);\ 115 (f) = (e);\ 116 (e) = (d) + t1;\ 117 (d) = (c);\ 118 (c) = (b);\ 119 (b) = (a);\ 120 (a) = t1 + t2;\ 121 } while(0) 122 123 #if (defined(WITH_HASH_SHA224) || defined(WITH_HASH_SHA256)) 124 125 /**********************************************/ 126 127 /* SHA-224 and SHA-256 */ 128 #define SHR_SHA256(x, n) (((u32)(x)) >> (n)) 129 #define ROTR_SHA256(x, n) ((((u32)(x)) >> (n)) | (((u32)(x)) << (32-(n)))) 130 #define SIGMA_MAJ0_SHA256(x) (ROTR_SHA256(x, 2) ^ ROTR_SHA256(x, 13) ^ ROTR_SHA256(x, 22)) 131 #define SIGMA_MAJ1_SHA256(x) (ROTR_SHA256(x, 6) ^ ROTR_SHA256(x, 11) ^ ROTR_SHA256(x, 25)) 132 #define SIGMA_MIN0_SHA256(x) (ROTR_SHA256(x, 7) ^ ROTR_SHA256(x, 18) ^ SHR_SHA256(x, 3)) 133 #define SIGMA_MIN1_SHA256(x) (ROTR_SHA256(x, 17) ^ ROTR_SHA256(x, 19) ^ SHR_SHA256(x, 10)) 134 #define SHA2CORE_SHA256(a, b, c, d, e, f, g, h, w, k) \ 135 SHA2CORE(a, b, c, d, e, f, g, h, w, k, u32, SHA256) 136 #define UPDATEW_SHA256(w, i) UPDATEW(w, i, SHA256) 137 static const u32 K_SHA256[] = { 138 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5, 139 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5, 140 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3, 141 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174, 142 0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC, 143 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA, 144 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7, 145 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967, 146 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13, 147 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85, 148 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3, 149 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070, 150 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5, 151 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3, 152 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208, 153 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2, 154 }; 155 156 /**********************************************/ 157 #endif 158 159 #if (defined(WITH_HASH_SHA384) || defined(WITH_HASH_SHA512)) 160 161 /**********************************************/ 162 163 /* SHA-384 and SHA-512 */ 164 #define SHR_SHA512(x, n) (((u64)(x)) >> (n)) 165 #define ROTR_SHA512(x, n) ((((u64)(x)) >> (n)) | (((u64)(x)) << (64-(n)))) 166 #define SIGMA_MAJ0_SHA512(x) (ROTR_SHA512(x, 28) ^ ROTR_SHA512(x, 34) ^ ROTR_SHA512(x, 39)) 167 #define SIGMA_MAJ1_SHA512(x) (ROTR_SHA512(x, 14) ^ ROTR_SHA512(x, 18) ^ ROTR_SHA512(x, 41)) 168 #define SIGMA_MIN0_SHA512(x) (ROTR_SHA512(x, 1) ^ ROTR_SHA512(x, 8) ^ SHR_SHA512(x, 7)) 169 #define SIGMA_MIN1_SHA512(x) (ROTR_SHA512(x, 19) ^ ROTR_SHA512(x, 61) ^ SHR_SHA512(x, 6)) 170 #define SHA2CORE_SHA512(a, b, c, d, e, f, g, h, w, k) \ 171 SHA2CORE(a, b, c, d, e, f, g, h, w, k, u64, SHA512) 172 #define UPDATEW_SHA512(w, i) UPDATEW(w, i, SHA512) 173 static const u64 K_SHA512[] = { 174 (u64)(0x428A2F98D728AE22), (u64)(0x7137449123EF65CD), 175 (u64)(0xB5C0FBCFEC4D3B2F), (u64)(0xE9B5DBA58189DBBC), 176 (u64)(0x3956C25BF348B538), (u64)(0x59F111F1B605D019), 177 (u64)(0x923F82A4AF194F9B), (u64)(0xAB1C5ED5DA6D8118), 178 (u64)(0xD807AA98A3030242), (u64)(0x12835B0145706FBE), 179 (u64)(0x243185BE4EE4B28C), (u64)(0x550C7DC3D5FFB4E2), 180 (u64)(0x72BE5D74F27B896F), (u64)(0x80DEB1FE3B1696B1), 181 (u64)(0x9BDC06A725C71235), (u64)(0xC19BF174CF692694), 182 (u64)(0xE49B69C19EF14AD2), (u64)(0xEFBE4786384F25E3), 183 (u64)(0x0FC19DC68B8CD5B5), (u64)(0x240CA1CC77AC9C65), 184 (u64)(0x2DE92C6F592B0275), (u64)(0x4A7484AA6EA6E483), 185 (u64)(0x5CB0A9DCBD41FBD4), (u64)(0x76F988DA831153B5), 186 (u64)(0x983E5152EE66DFAB), (u64)(0xA831C66D2DB43210), 187 (u64)(0xB00327C898FB213F), (u64)(0xBF597FC7BEEF0EE4), 188 (u64)(0xC6E00BF33DA88FC2), (u64)(0xD5A79147930AA725), 189 (u64)(0x06CA6351E003826F), (u64)(0x142929670A0E6E70), 190 (u64)(0x27B70A8546D22FFC), (u64)(0x2E1B21385C26C926), 191 (u64)(0x4D2C6DFC5AC42AED), (u64)(0x53380D139D95B3DF), 192 (u64)(0x650A73548BAF63DE), (u64)(0x766A0ABB3C77B2A8), 193 (u64)(0x81C2C92E47EDAEE6), (u64)(0x92722C851482353B), 194 (u64)(0xA2BFE8A14CF10364), (u64)(0xA81A664BBC423001), 195 (u64)(0xC24B8B70D0F89791), (u64)(0xC76C51A30654BE30), 196 (u64)(0xD192E819D6EF5218), (u64)(0xD69906245565A910), 197 (u64)(0xF40E35855771202A), (u64)(0x106AA07032BBD1B8), 198 (u64)(0x19A4C116B8D2D0C8), (u64)(0x1E376C085141AB53), 199 (u64)(0x2748774CDF8EEB99), (u64)(0x34B0BCB5E19B48A8), 200 (u64)(0x391C0CB3C5C95A63), (u64)(0x4ED8AA4AE3418ACB), 201 (u64)(0x5B9CCA4F7763E373), (u64)(0x682E6FF3D6B2B8A3), 202 (u64)(0x748F82EE5DEFB2FC), (u64)(0x78A5636F43172F60), 203 (u64)(0x84C87814A1F0AB72), (u64)(0x8CC702081A6439EC), 204 (u64)(0x90BEFFFA23631E28), (u64)(0xA4506CEBDE82BDE9), 205 (u64)(0xBEF9A3F7B2C67915), (u64)(0xC67178F2E372532B), 206 (u64)(0xCA273ECEEA26619C), (u64)(0xD186B8C721C0C207), 207 (u64)(0xEADA7DD6CDE0EB1E), (u64)(0xF57D4F7FEE6ED178), 208 (u64)(0x06F067AA72176FBA), (u64)(0x0A637DC5A2C898A6), 209 (u64)(0x113F9804BEF90DAE), (u64)(0x1B710B35131C471B), 210 (u64)(0x28DB77F523047D84), (u64)(0x32CAAB7B40C72493), 211 (u64)(0x3C9EBE0A15C9BEBC), (u64)(0x431D67C49C100D4C), 212 (u64)(0x4CC5D4BECB3E42B6), (u64)(0x597F299CFC657E2A), 213 (u64)(0x5FCB6FAB3AD6FAEC), (u64)(0x6C44198C4A475817) 214 }; 215 216 /**********************************************/ 217 #endif 218 219 #endif /* __SHA2_H__ */ 220