summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSanto Cariotti <santo@dcariotti.me>2021-01-12 13:37:15 +0100
committerSanto Cariotti <santo@dcariotti.me>2021-01-12 13:41:17 +0100
commit3992face1ede1ac8da081dfff4f2aa14ab1facce (patch)
tree48aa698ddba1b4d6815bc1551a0907bfc17449d8
parentefe3267e26566c4e0286263e9ee563ada26b8c2d (diff)
feat: add sha256 algorithm
-rw-r--r--include/sha256.h103
-rw-r--r--src/main.cc10
-rw-r--r--src/sha256.cc165
3 files changed, 278 insertions, 0 deletions
diff --git a/include/sha256.h b/include/sha256.h
new file mode 100644
index 0000000..18fba6a
--- /dev/null
+++ b/include/sha256.h
@@ -0,0 +1,103 @@
+// This file is part of a crypto library, exam for the Algorithms class.
+// All of these files are under MIT license.
+//
+// SHA declaration document:
+// https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
+
+#ifndef HMACSHA256_SHA256_H_
+#define HMACSHA256_SHA256_H_
+
+#include<cstdint>
+#include<array>
+
+namespace hmacsha256 {
+class SHA256 {
+public:
+ // create a new SHA256 thanks an array of bytes
+ SHA256(const uint8_t*, uint32_t);
+
+ SHA256(const std::string&);
+
+ // get digest as array of bytes
+ uint8_t* digest();
+
+ std::string hexdigest();
+private:
+ uint8_t* digest_;
+
+ // work variables: a, b, c, d, e, f, g, h
+ uint32_t vars_[8];
+
+ // data message, in bytes
+ // M, "message to be hashed"
+ uint8_t message_[64];
+
+ // length L of the original message
+ uint32_t message_l_;
+
+ // lengh of bits
+ uint64_t bit_len_;
+
+ // first 80 costansts 64bit words, paragraph 4.2.2
+ std::array<uint32_t, 64> K = {
+ 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5,
+ 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5,
+ 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3,
+ 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174,
+ 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc,
+ 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da,
+ 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7,
+ 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967,
+ 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13,
+ 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85,
+ 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3,
+ 0xd192e819,0xd6990624,0xf40e3585,0x106aa070,
+ 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5,
+ 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3,
+ 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208,
+ 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+ };
+
+ // the constructor
+ void init(const uint8_t* data, uint32_t length);
+
+ // Ch(x, y, z) = (x | y) ^ (~x & z)
+ static uint32_t ch(uint32_t, uint32_t, uint32_t);
+
+ // Maj(x, y, z) = (x | y) ^ (x & z) ^ (y & z)
+ static uint32_t maj(uint32_t, uint32_t, uint32_t);
+
+ // circular right shift. Takes two params: `x` a w-bit word and `n` an int
+ // with 0 <= n < w.
+ // w, in our case is 32
+ //
+ // rots is also defined in the NIST document as
+ // rotr(x) = (x >> n) or (x << w - n)
+ static uint32_t rotr(uint32_t, uint32_t);
+
+ // function defined in 4.4
+ static uint32_t big_sigma0(uint32_t);
+
+ // function defined in 4.5
+ static uint32_t big_sigma1(uint32_t);
+
+ // function defined in 4.6
+ static uint32_t sigma0(uint32_t);
+
+ // function defined in 4.7
+ static uint32_t sigma1(uint32_t);
+
+ // padding
+ void pad();
+
+ // main function
+ void transform();
+
+ // transform bytes in big-endian, because SHA256 wants big endian ordering
+ // Takes 1 parameter, the array of bytes that we want to reorder
+ void bigendian(uint8_t*);
+};
+
+} // namespace hmacsha256
+
+#endif // HMACSHA256_SHA256_H_
diff --git a/src/main.cc b/src/main.cc
new file mode 100644
index 0000000..9f01c14
--- /dev/null
+++ b/src/main.cc
@@ -0,0 +1,10 @@
+#include<iostream>
+#include "sha256.h"
+
+int main(int argc, char** argv) {
+ auto sha = hmacsha256::SHA256(argv[1]);
+ sha.digest();
+ std::cout << sha.hexdigest();
+
+ return 0;
+}
diff --git a/src/sha256.cc b/src/sha256.cc
new file mode 100644
index 0000000..7790f8a
--- /dev/null
+++ b/src/sha256.cc
@@ -0,0 +1,165 @@
+#include "sha256.h"
+#include<cstring> // used for memset
+#include<sstream> // used for stringstream
+#include<iomanip> // used for setfill and setw
+
+hmacsha256::SHA256::SHA256(const uint8_t* data, uint32_t length) {
+ init(data, length);
+}
+
+void hmacsha256::SHA256::init(const uint8_t* data, uint32_t length) {
+ message_l_ = bit_len_ = 0;
+ vars_[0] = 0x6a09e667;
+ vars_[1] = 0xbb67ae85;
+ vars_[2] = 0x3c6ef372;
+ vars_[3] = 0xa54ff53a;
+ vars_[4] = 0x510e527f;
+ vars_[5] = 0x9b05688c;
+ vars_[6] = 0x1f83d9ab;
+ vars_[7] = 0x5be0cd19;
+
+ for(size_t i = 0; i < length; ++i) {
+ message_[message_l_++] = data[i];
+ if(message_l_ == 64) {
+ transform();
+
+ bit_len_ += 512;
+ message_l_ = 0;
+ }
+ }
+}
+
+hmacsha256::SHA256::SHA256(const std::string& data) {
+ init(reinterpret_cast<const uint8_t*> (data.c_str()), data.size());
+}
+
+uint8_t* hmacsha256::SHA256::digest() {
+ uint8_t* hash = new uint8_t[32];
+
+ pad();
+ bigendian(hash);
+
+ for(uint32_t i = 0; i < 32; ++i) {
+ digest_[i] = hash[i];
+ }
+
+ return hash;
+}
+
+std::string hmacsha256::SHA256::hexdigest() {
+ std::stringstream s;
+ s << std::setfill('0') << std::hex;
+
+ for(uint8_t i = 0 ; i < 32 ; i++) {
+ s << std::setw(2) << (unsigned int) digest_[i];
+ }
+
+ return s.str();
+}
+
+uint32_t hmacsha256::SHA256::ch(uint32_t x, uint32_t y, uint32_t z) {
+ return (x & y) ^ (~x & z);
+}
+
+uint32_t hmacsha256::SHA256::maj(uint32_t x, uint32_t y, uint32_t z) {
+ return (x & (y | z)) | (y & z);
+}
+
+uint32_t hmacsha256::SHA256::rotr(uint32_t x, uint32_t n) {
+ return (x >> n) | (x << (32-n));
+}
+
+uint32_t hmacsha256::SHA256::big_sigma0(uint32_t x) {
+ return SHA256::rotr(x, 2) ^ SHA256::rotr(x, 13) ^ SHA256::rotr(x, 22);
+}
+
+uint32_t hmacsha256::SHA256::big_sigma1(uint32_t x) {
+ return SHA256::rotr(x, 6) ^ SHA256::rotr(x, 11) ^ SHA256::rotr(x, 25);
+}
+
+uint32_t hmacsha256::SHA256::sigma0(uint32_t x) {
+ return SHA256::rotr(x, 7) ^ SHA256::rotr(x, 18) ^ (x >> 3);
+}
+
+uint32_t hmacsha256::SHA256::sigma1(uint32_t x) {
+ return SHA256::rotr(x, 17) ^ SHA256::rotr(x, 19) ^ (x >> 10);
+}
+
+void hmacsha256::SHA256::transform() {
+ uint32_t m[64];
+ uint32_t h[8];
+
+ for(uint8_t i = 0, j = 0; i < 16; ++i, j += 4) {
+ m[i] = (message_[j] << 24) | (message_[j + 1] << 16) | (message_[j + 2] << 8) | (message_[j + 3]);
+ }
+
+ for(uint8_t i = 16; i < 64; ++i) {
+ m[i] = SHA256::sigma1(m[i - 2]) + m[i - 7] + SHA256::sigma0(m[i - 15]) + m[i - 16];
+ }
+
+ for(uint8_t i = 0; i < 8; ++i)
+ h[i] = vars_[i];
+
+ for(uint8_t i = 0; i < 64; ++i) {
+ auto S1 = SHA256::big_sigma1(h[4]);
+ auto S0 = SHA256::big_sigma0(h[0]);
+ auto t1 = h[7] + S1 + SHA256::ch(h[4], h[5], h[6]) + K[i] + m[i];
+ auto t2 = S0 + SHA256::maj(h[0], h[1], h[2]);
+ h[7] = h[6];
+ h[6] = h[5];
+ h[5] = h[4];
+ h[4] = h[3] + t1;
+ h[3] = h[2];
+ h[2] = h[1];
+ h[1] = h[0];
+ h[0] = t1 + t2;
+ }
+
+ for(uint8_t i = 0; i < 8; ++i) {
+ vars_[i]+=h[i];
+ }
+
+}
+
+void hmacsha256::SHA256::pad() {
+ // start of scanning
+ uint64_t i = message_l_;
+
+ // end of scanning
+ uint8_t j = (i < 56) ? 56 : 64;
+
+ // append '1' bit at the end of the block
+ message_[i++] = 0x80;
+
+ // append '0' bit, j times
+ while(i < j) message_[i++] = 0x00;
+
+ if(message_l_ >= 56) {
+ transform();
+ memset(message_, 0, 56);
+ }
+
+ bit_len_ += message_l_ * 8;
+ message_[63] = bit_len_;
+ message_[62] = bit_len_ >> 8;
+ message_[61] = bit_len_ >> 16;
+ message_[60] = bit_len_ >> 24;
+ message_[59] = bit_len_ >> 32;
+ message_[58] = bit_len_ >> 40;
+ message_[57] = bit_len_ >> 48;
+ message_[56] = bit_len_ >> 56;
+ transform();
+}
+
+void hmacsha256::SHA256::bigendian(uint8_t* hash) {
+ for (uint32_t i = 0; i < 4; ++i) {
+ hash[i] = (vars_[0] >> (24 - i * 8)) & 0x000000ff;
+ hash[i + 4] = (vars_[1] >> (24 - i * 8)) & 0x000000ff;
+ hash[i + 8] = (vars_[2] >> (24 - i * 8)) & 0x000000ff;
+ hash[i + 12] = (vars_[3] >> (24 - i * 8)) & 0x000000ff;
+ hash[i + 16] = (vars_[4] >> (24 - i * 8)) & 0x000000ff;
+ hash[i + 20] = (vars_[5] >> (24 - i * 8)) & 0x000000ff;
+ hash[i + 24] = (vars_[6] >> (24 - i * 8)) & 0x000000ff;
+ hash[i + 28] = (vars_[7] >> (24 - i * 8)) & 0x000000ff;
+ }
+}