sha256.c

1. /*
2.    This code is hereby released to the public domain.
3.    ~aaaaaa123456789, 2014-10-25
4.    updated 2014-11-15
5. */
6. #include <stdio.h>
7. #include <stdlib.h>
8. #include <string.h>
9. #include <stdint.h>
10.  
11. enum sha256_opcodes {
12.   // inputs
13.   SHA256_IN_BLOCK = 0,
14.   SHA256_IN_BUFFER = 1,
15.   SHA256_IN_FILE = 2,
16.   SHA256_IN_FILENAME = 3,
17.   // outputs
18.   SHA256_OUT_WORDS = 0, // 32 bits
19.   SHA256_OUT_BYTES = 4,
20.   SHA256_OUT_LONGS = 8, // 64 bits
21.   SHA256_OUT_STRING = 12,
22.   // flags
23.   SHA256_LENGTH_BITS = 16, // length is in bits
24.   SHA256_REVERSE_WORDS = 32, // reverse word order
25.   SHA256_UPPERCASE_HEX = 64, // hex digits A-F are uppercase in string outputs
26.   SHA256_REVERSE_ENDIAN = 64, // when not returning 32-bit words
27. };
28.  
29. enum sha256_errors {
30.   SHA256_INVALID_OPCODE = 1,
31.   SHA256_FILE_NOT_FOUND = 2,
32.   SHA256_INVALID_ARGUMENT = 3,
33.   SHA256_IO_ERROR = 4,
34.   SHA256_PREMATURE_EOF = 5,
35. };
36.  
37. int sha256(int, void *, void *, long long, long long);
38.  
39. static void sha256_format_output(int, void *, uint32_t *);
40. static void sha256_hash_buffer(const void *, unsigned long long, uint32_t *);
41. static int sha256_hash_file(FILE *, unsigned long long, uint32_t *);
42. static void sha256_pad_block(void *, unsigned short);
43. static void sha256_hash_block(const void *, uint32_t *);
44. static void sha256_make_result_string(const uint32_t *, char *, int);
45. static void sha256_convert_number_to_bytes(uint32_t, char *, int);
46.  
47. // SHA-256 says these are "the fractional parts of the square roots of the first eight primes".
48. // They are, rounded to zero.
49. #define sha256_init ((uint32_t []) {0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19})
50.  
51. // SHA-256 says these are "the first 32 bits of the fractional parts of the cube roots of the first
52. // 64 primes". Not putting this one to test. Copy/paste is a wonderful invention.
53. #define sha256_constants ((uint32_t []) {                                                            \
54.   0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,    \
55.   0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,    \
56.   0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,    \
57.   0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,    \
58.   0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,    \
59.   0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,    \
60.   0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,    \
61.   0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2     \
62. })
63.  
64. #define sha256_choose_function(one, two, three)    (((one) & (two)) ^ ((~(one)) & (three)))
65. #define sha256_majority_function(one, two, three)  (((one) & (two)) ^ ((one) & (three)) ^ ((two) & (three)))
66.  
67. #define sha256_circular_shift(number, amount) ((((uint32_t) (number)) >> (amount)) | (((uint32_t) (number)) << (32 - (amount))))
68.  
69. #define sha256_shift_A(number) (sha256_circular_shift(number,  2) ^ sha256_circular_shift(number, 13) ^ sha256_circular_shift(number, 22))
70. #define sha256_shift_B(number) (sha256_circular_shift(number,  6) ^ sha256_circular_shift(number, 11) ^ sha256_circular_shift(number, 25))
71. #define sha256_shift_C(number) (sha256_circular_shift(number,  7) ^ sha256_circular_shift(number, 18) ^ ((number) >>  3))
72. #define sha256_shift_D(number) (sha256_circular_shift(number, 17) ^ sha256_circular_shift(number, 19) ^ ((number) >> 10))
73.  
74. #define sha256_make_word_from_pointer(pointer) (                      \
75.     (((uint32_t) (0[(const unsigned char *) (pointer)])) << 24) |     \
76.     (((uint32_t) (1[(const unsigned char *) (pointer)])) << 16) |     \
77.     (((uint32_t) (2[(const unsigned char *) (pointer)])) <<  8) |     \
78.      ((uint32_t) (3[(const unsigned char *) (pointer)]))              \
79. )
80.  
81. int sha256 (int op, void * in, void * out, long long skip, long long length) {
82.   if (op & ~127) return SHA256_INVALID_OPCODE;
83.   if (!out) return SHA256_INVALID_ARGUMENT;
84.   if (!((op & SHA256_LENGTH_BITS) || ((op & 3) == SHA256_IN_BLOCK))) length *= 8;
85.   uint32_t hash[8];
86.   int status = 0;
87.   switch (op & 3) {
88.     case SHA256_IN_FILENAME: {
89.       if (!in) return SHA256_INVALID_ARGUMENT;
90.       FILE * file = fopen(in, "rb");
91.       if (!file) return SHA256_FILE_NOT_FOUND;
92.       if (skip) {
93.         status = fseek(file, skip, SEEK_SET);
94.         if (status) {
95.           fclose(file);
96.           return SHA256_IO_ERROR;
97.         }
98.       }
99.       status = sha256_hash_file(file, length, hash);
100.       fclose(file);
101.     } break;
102.     case SHA256_IN_FILE:
103.       if (!in) return SHA256_INVALID_ARGUMENT;
104.       if (skip) {
105.         status = fseek(in, skip, SEEK_CUR);
106.         if (status) return SHA256_IO_ERROR;
107.       }
108.       status = sha256_hash_file(in, length, hash);
109.       break;
110.     case SHA256_IN_BUFFER:
111.       if (length && (!in)) return SHA256_INVALID_ARGUMENT;
112.       if (length)
113.         sha256_hash_buffer(((const char *) in) + skip, length, hash);
114.       else
115.         sha256_hash_buffer(NULL, 0, hash);
116.       break;
117.     case SHA256_IN_BLOCK: {
118.       void * block;
119.       void * prevhash;
120.       if (in) {
121.         block = ((char *) in) + skip;
122.         prevhash = ((char *) in) + length;
123.       } else {
124.         block = (void *) (intptr_t) skip;
125.         prevhash = (void *) (intptr_t) length;
126.       }
127.       if (length == skip) prevhash = NULL;
128.       if (!block) return SHA256_INVALID_ARGUMENT;
129.       memcpy(hash, prevhash ? prevhash : sha256_init, sizeof hash);
130.       sha256_hash_block(block, hash);
131.     }
132.   }
133.   if (status) return status;
134.   sha256_format_output(op & ~3, out, hash);
135.   return 0;
136. }
137.  
138. static void sha256_format_output (int outformat, void * out, uint32_t * hash) {
139.   unsigned char p;
140.   if (outformat & SHA256_REVERSE_WORDS) {
141.     uint32_t reversed[8];
142.     for (p = 0; p < 8; p ++) reversed[p] = hash[7 - p];
143.     memcpy(hash, reversed, sizeof reversed);
144.   }
145.   switch (outformat & 12) {
146.     case SHA256_OUT_STRING:
147.       sha256_make_result_string(hash, out, outformat & SHA256_UPPERCASE_HEX);
148.       return;
149.     case SHA256_OUT_WORDS:
150.       memcpy(out, hash, 32);
151.       return;
152.     case SHA256_OUT_BYTES:
153.       for (p = 0; p < 7; p ++) sha256_convert_number_to_bytes(hash[p], (char *) out + 4 * p, outformat & SHA256_REVERSE_ENDIAN);
154.       return;
155.     case SHA256_OUT_LONGS: {
156.       uint64_t * result64 = out;
157.       for (p = 0; p < 4; p ++)
158.         if (outformat & SHA256_REVERSE_ENDIAN)
159.           result64[p] = (uint64_t) (hash[2 * p]) | (((uint64_t) (hash[2 * p + 1])) << 32);
160.         else
161.           result64[p] = (uint64_t) (hash[2 * p + 1]) | (((uint64_t) (hash[2 * p])) << 32);
162.     }
163.   }
164. }
165.  
166. static void sha256_hash_buffer (const void * buffer, unsigned long long length, uint32_t * result) {
167.   unsigned long long remaining = length;
168.   const char * p = buffer;
169.   memcpy(result, sha256_init, sizeof sha256_init);
170.   while (remaining >= 512) {
171.     sha256_hash_block(p, result);
172.     remaining -= 512;
173.     p += 64;
174.   }
175.   unsigned char block[64];
176.   if (remaining) memcpy(block, p, (remaining + 7) / 8);
177.   sha256_pad_block(block, remaining);
178.   if (remaining >= 448) {
179.     sha256_hash_block(block, result);
180.     memset(block, 0, 64);
181.   }
182.   unsigned char pos;
183.   for (pos = 63; length; pos --) {
184.     block[pos] = length & 0xff;
185.     length >>= 8;
186.   }
187.   sha256_hash_block(block, result);
188. }
189.  
190. static int sha256_hash_file (FILE * file, unsigned long long length, uint32_t * result) {
191.   unsigned char block[64];
192.   memcpy(result, sha256_init, sizeof sha256_init);
193.   unsigned long long remaining = length;
194.   int record_length = !length;
195.   short read_size, read_result = 0;
196.   while ((remaining || record_length) && !(feof(file) || ferror(file))) {
197.     if (!record_length && (remaining < 505))
198.       read_size = (remaining + 7) / 8;
199.     else
200.       read_size = 64;
201.     read_result = fread(block, 1, read_size, file);
202.     if (ferror(file)) return SHA256_IO_ERROR;
203.     if ((read_result < read_size) && !record_length) return SHA256_PREMATURE_EOF;
204.     if (record_length) {
205.       read_result <<= 3;
206.       length += read_result;
207.     } else {
208.       read_result = (remaining > 512) ? 512 : remaining;
209.       remaining -= read_result;
210.     }
211.     if (read_result < 512) break;
212.     sha256_hash_block(block, result);
213.   }
214.   if (read_result == 512) read_result = 0;
215.   sha256_pad_block(block, read_result);
216.   if (read_result >= 448) {
217.     sha256_hash_block(block, result);
218.     memset(block, 0, 64);
219.   }
220.   for (read_result = 63; length; read_result --) {
221.     block[read_result] = length & 0xff;
222.     length >>= 8;
223.   }
224.   sha256_hash_block(block, result);
225.   return 0;
226. }
227.  
228. static void sha256_pad_block (void * block, unsigned short start_bit) {
229.   char * p = block;
230.   p[start_bit / 8] |= 1 << (7 - (start_bit % 8));
231.   p[start_bit / 8] &= -(1 << (7 - (start_bit % 8)));
232.   start_bit += 8 - (start_bit % 8);
233.   if (start_bit < 512) memset(p + start_bit / 8, 0, 64 - start_bit / 8);
234. }
235.  
236. static void sha256_hash_block (const void * block, uint32_t * partial) {
237.   uint32_t words[64];
238.   uint32_t status[8];
239.   uint32_t x, y;
240.   unsigned char p;
241.   // here be dragons
242.   for (p = 0; p < 16; p ++) {
243.     words[p] = sha256_make_word_from_pointer(block);
244.     block = (char *) block + 4;
245.   }
246.   for (; p < 64; p ++) words[p] = sha256_shift_D(words[p - 2]) + words[p - 7] + sha256_shift_C(words[p - 15]) + words[p - 16];
247.   memcpy(status, partial, sizeof status);
248.   for (p = 0; p < 64; p ++) {
249.     x = status[7] + sha256_shift_B(status[4]) + sha256_choose_function(status[4], status[5], status[6]) + sha256_constants[p] + words[p];
250.     y = sha256_shift_A(*status) + sha256_majority_function(*status, status[1], status[2]);
251.     memmove(status + 1, status, 28);
252.     status[4] += x;
253.     *status = x + y;
254.   }
255.   for (p = 0; p < 8; p ++) partial[p] += status[p];
256. }
257.  
258. static void sha256_make_result_string (const uint32_t * hash_result, char * string, int capitalize) {
259.   string[64] = 0;
260.   signed char n, b;
261.   uint32_t current;
262.   const char * digits = capitalize ? "0123456789ABCDEF" : "0123456789abcdef";
263.   for (n = 0; n < 8; n ++) {
264.     current = hash_result[n];
265.     for (b = 7; b >= 0; b --) {
266.       string[n * 8 + b] = digits[current & 0xf];
267.       current >>= 4;
268.     }
269.   }
270. }
271.  
272. static void sha256_convert_number_to_bytes (uint32_t number, char * bytes, int little_endian) {
273.   unsigned char p;
274.   for (p = 0; p < 4; p ++) {
275.     bytes[little_endian ? p : (3 - p)] = number & 0xff;
276.     number >>= 8;
277.   }
278. }