summaryrefslogtreecommitdiff
path: root/nacl/crypto_hashblocks/sha256/inplace/blocks.c
diff options
context:
space:
mode:
Diffstat (limited to 'nacl/crypto_hashblocks/sha256/inplace/blocks.c')
-rw-r--r--nacl/crypto_hashblocks/sha256/inplace/blocks.c228
1 files changed, 228 insertions, 0 deletions
diff --git a/nacl/crypto_hashblocks/sha256/inplace/blocks.c b/nacl/crypto_hashblocks/sha256/inplace/blocks.c
new file mode 100644
index 00000000..4a191501
--- /dev/null
+++ b/nacl/crypto_hashblocks/sha256/inplace/blocks.c
@@ -0,0 +1,228 @@
1#include "crypto_hashblocks.h"
2
3typedef unsigned int uint32;
4
5static uint32 load_bigendian(const unsigned char *x)
6{
7 return
8 (uint32) (x[3]) \
9 | (((uint32) (x[2])) << 8) \
10 | (((uint32) (x[1])) << 16) \
11 | (((uint32) (x[0])) << 24)
12 ;
13}
14
15static void store_bigendian(unsigned char *x,uint32 u)
16{
17 x[3] = u; u >>= 8;
18 x[2] = u; u >>= 8;
19 x[1] = u; u >>= 8;
20 x[0] = u;
21}
22
23#define SHR(x,c) ((x) >> (c))
24#define ROTR(x,c) (((x) >> (c)) | ((x) << (32 - (c))))
25
26#define Ch(x,y,z) ((x & y) ^ (~x & z))
27#define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z))
28#define Sigma0(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
29#define Sigma1(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
30#define sigma0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
31#define sigma1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
32
33#define M(w0,w14,w9,w1) w0 += sigma1(w14) + w9 + sigma0(w1);
34
35#define EXPAND \
36 M(w0 ,w14,w9 ,w1 ) \
37 M(w1 ,w15,w10,w2 ) \
38 M(w2 ,w0 ,w11,w3 ) \
39 M(w3 ,w1 ,w12,w4 ) \
40 M(w4 ,w2 ,w13,w5 ) \
41 M(w5 ,w3 ,w14,w6 ) \
42 M(w6 ,w4 ,w15,w7 ) \
43 M(w7 ,w5 ,w0 ,w8 ) \
44 M(w8 ,w6 ,w1 ,w9 ) \
45 M(w9 ,w7 ,w2 ,w10) \
46 M(w10,w8 ,w3 ,w11) \
47 M(w11,w9 ,w4 ,w12) \
48 M(w12,w10,w5 ,w13) \
49 M(w13,w11,w6 ,w14) \
50 M(w14,w12,w7 ,w15) \
51 M(w15,w13,w8 ,w0 )
52
53#define F(r0,r1,r2,r3,r4,r5,r6,r7,w,k) \
54 r7 += Sigma1(r4) + Ch(r4,r5,r6) + k + w; \
55 r3 += r7; \
56 r7 += Sigma0(r0) + Maj(r0,r1,r2);
57
58#define G(r0,r1,r2,r3,r4,r5,r6,r7,i) \
59 F(r0,r1,r2,r3,r4,r5,r6,r7,w0 ,round[i + 0]) \
60 F(r7,r0,r1,r2,r3,r4,r5,r6,w1 ,round[i + 1]) \
61 F(r6,r7,r0,r1,r2,r3,r4,r5,w2 ,round[i + 2]) \
62 F(r5,r6,r7,r0,r1,r2,r3,r4,w3 ,round[i + 3]) \
63 F(r4,r5,r6,r7,r0,r1,r2,r3,w4 ,round[i + 4]) \
64 F(r3,r4,r5,r6,r7,r0,r1,r2,w5 ,round[i + 5]) \
65 F(r2,r3,r4,r5,r6,r7,r0,r1,w6 ,round[i + 6]) \
66 F(r1,r2,r3,r4,r5,r6,r7,r0,w7 ,round[i + 7]) \
67 F(r0,r1,r2,r3,r4,r5,r6,r7,w8 ,round[i + 8]) \
68 F(r7,r0,r1,r2,r3,r4,r5,r6,w9 ,round[i + 9]) \
69 F(r6,r7,r0,r1,r2,r3,r4,r5,w10,round[i + 10]) \
70 F(r5,r6,r7,r0,r1,r2,r3,r4,w11,round[i + 11]) \
71 F(r4,r5,r6,r7,r0,r1,r2,r3,w12,round[i + 12]) \
72 F(r3,r4,r5,r6,r7,r0,r1,r2,w13,round[i + 13]) \
73 F(r2,r3,r4,r5,r6,r7,r0,r1,w14,round[i + 14]) \
74 F(r1,r2,r3,r4,r5,r6,r7,r0,w15,round[i + 15])
75
76static const uint32 round[64] = {
77 0x428a2f98
78, 0x71374491
79, 0xb5c0fbcf
80, 0xe9b5dba5
81, 0x3956c25b
82, 0x59f111f1
83, 0x923f82a4
84, 0xab1c5ed5
85, 0xd807aa98
86, 0x12835b01
87, 0x243185be
88, 0x550c7dc3
89, 0x72be5d74
90, 0x80deb1fe
91, 0x9bdc06a7
92, 0xc19bf174
93, 0xe49b69c1
94, 0xefbe4786
95, 0x0fc19dc6
96, 0x240ca1cc
97, 0x2de92c6f
98, 0x4a7484aa
99, 0x5cb0a9dc
100, 0x76f988da
101, 0x983e5152
102, 0xa831c66d
103, 0xb00327c8
104, 0xbf597fc7
105, 0xc6e00bf3
106, 0xd5a79147
107, 0x06ca6351
108, 0x14292967
109, 0x27b70a85
110, 0x2e1b2138
111, 0x4d2c6dfc
112, 0x53380d13
113, 0x650a7354
114, 0x766a0abb
115, 0x81c2c92e
116, 0x92722c85
117, 0xa2bfe8a1
118, 0xa81a664b
119, 0xc24b8b70
120, 0xc76c51a3
121, 0xd192e819
122, 0xd6990624
123, 0xf40e3585
124, 0x106aa070
125, 0x19a4c116
126, 0x1e376c08
127, 0x2748774c
128, 0x34b0bcb5
129, 0x391c0cb3
130, 0x4ed8aa4a
131, 0x5b9cca4f
132, 0x682e6ff3
133, 0x748f82ee
134, 0x78a5636f
135, 0x84c87814
136, 0x8cc70208
137, 0x90befffa
138, 0xa4506ceb
139, 0xbef9a3f7
140, 0xc67178f2
141} ;
142
143int crypto_hashblocks(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen)
144{
145 uint32 state[8];
146 uint32 r0;
147 uint32 r1;
148 uint32 r2;
149 uint32 r3;
150 uint32 r4;
151 uint32 r5;
152 uint32 r6;
153 uint32 r7;
154
155 r0 = load_bigendian(statebytes + 0); state[0] = r0;
156 r1 = load_bigendian(statebytes + 4); state[1] = r1;
157 r2 = load_bigendian(statebytes + 8); state[2] = r2;
158 r3 = load_bigendian(statebytes + 12); state[3] = r3;
159 r4 = load_bigendian(statebytes + 16); state[4] = r4;
160 r5 = load_bigendian(statebytes + 20); state[5] = r5;
161 r6 = load_bigendian(statebytes + 24); state[6] = r6;
162 r7 = load_bigendian(statebytes + 28); state[7] = r7;
163
164 while (inlen >= 64) {
165 uint32 w0 = load_bigendian(in + 0);
166 uint32 w1 = load_bigendian(in + 4);
167 uint32 w2 = load_bigendian(in + 8);
168 uint32 w3 = load_bigendian(in + 12);
169 uint32 w4 = load_bigendian(in + 16);
170 uint32 w5 = load_bigendian(in + 20);
171 uint32 w6 = load_bigendian(in + 24);
172 uint32 w7 = load_bigendian(in + 28);
173 uint32 w8 = load_bigendian(in + 32);
174 uint32 w9 = load_bigendian(in + 36);
175 uint32 w10 = load_bigendian(in + 40);
176 uint32 w11 = load_bigendian(in + 44);
177 uint32 w12 = load_bigendian(in + 48);
178 uint32 w13 = load_bigendian(in + 52);
179 uint32 w14 = load_bigendian(in + 56);
180 uint32 w15 = load_bigendian(in + 60);
181
182 G(r0,r1,r2,r3,r4,r5,r6,r7,0)
183
184 EXPAND
185
186 G(r0,r1,r2,r3,r4,r5,r6,r7,16)
187
188 EXPAND
189
190 G(r0,r1,r2,r3,r4,r5,r6,r7,32)
191
192 EXPAND
193
194 G(r0,r1,r2,r3,r4,r5,r6,r7,48)
195
196 r0 += state[0];
197 r1 += state[1];
198 r2 += state[2];
199 r3 += state[3];
200 r4 += state[4];
201 r5 += state[5];
202 r6 += state[6];
203 r7 += state[7];
204
205 state[0] = r0;
206 state[1] = r1;
207 state[2] = r2;
208 state[3] = r3;
209 state[4] = r4;
210 state[5] = r5;
211 state[6] = r6;
212 state[7] = r7;
213
214 in += 64;
215 inlen -= 64;
216 }
217
218 store_bigendian(statebytes + 0,state[0]);
219 store_bigendian(statebytes + 4,state[1]);
220 store_bigendian(statebytes + 8,state[2]);
221 store_bigendian(statebytes + 12,state[3]);
222 store_bigendian(statebytes + 16,state[4]);
223 store_bigendian(statebytes + 20,state[5]);
224 store_bigendian(statebytes + 24,state[6]);
225 store_bigendian(statebytes + 28,state[7]);
226
227 return 0;
228}