From 3992face1ede1ac8da081dfff4f2aa14ab1facce Mon Sep 17 00:00:00 2001 From: Santo Cariotti Date: Tue, 12 Jan 2021 13:37:15 +0100 Subject: feat: add sha256 algorithm --- include/sha256.h | 103 ++++++++++++++++++++++++++++++++++ src/main.cc | 10 ++++ src/sha256.cc | 165 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 278 insertions(+) create mode 100644 include/sha256.h create mode 100644 src/main.cc create mode 100644 src/sha256.cc diff --git a/include/sha256.h b/include/sha256.h new file mode 100644 index 0000000..18fba6a --- /dev/null +++ b/include/sha256.h @@ -0,0 +1,103 @@ +// This file is part of a crypto library, exam for the Algorithms class. +// All of these files are under MIT license. +// +// SHA declaration document: +// https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf + +#ifndef HMACSHA256_SHA256_H_ +#define HMACSHA256_SHA256_H_ + +#include +#include + +namespace hmacsha256 { +class SHA256 { +public: + // create a new SHA256 thanks an array of bytes + SHA256(const uint8_t*, uint32_t); + + SHA256(const std::string&); + + // get digest as array of bytes + uint8_t* digest(); + + std::string hexdigest(); +private: + uint8_t* digest_; + + // work variables: a, b, c, d, e, f, g, h + uint32_t vars_[8]; + + // data message, in bytes + // M, "message to be hashed" + uint8_t message_[64]; + + // length L of the original message + uint32_t message_l_; + + // lengh of bits + uint64_t bit_len_; + + // first 80 costansts 64bit words, paragraph 4.2.2 + std::array K = { + 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5, + 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5, + 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3, + 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174, + 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc, + 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da, + 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7, + 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967, + 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13, + 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85, + 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3, + 0xd192e819,0xd6990624,0xf40e3585,0x106aa070, + 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5, + 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3, + 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208, + 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 + }; + + // the constructor + void init(const uint8_t* data, uint32_t length); + + // Ch(x, y, z) = (x | y) ^ (~x & z) + static uint32_t ch(uint32_t, uint32_t, uint32_t); + + // Maj(x, y, z) = (x | y) ^ (x & z) ^ (y & z) + static uint32_t maj(uint32_t, uint32_t, uint32_t); + + // circular right shift. Takes two params: `x` a w-bit word and `n` an int + // with 0 <= n < w. + // w, in our case is 32 + // + // rots is also defined in the NIST document as + // rotr(x) = (x >> n) or (x << w - n) + static uint32_t rotr(uint32_t, uint32_t); + + // function defined in 4.4 + static uint32_t big_sigma0(uint32_t); + + // function defined in 4.5 + static uint32_t big_sigma1(uint32_t); + + // function defined in 4.6 + static uint32_t sigma0(uint32_t); + + // function defined in 4.7 + static uint32_t sigma1(uint32_t); + + // padding + void pad(); + + // main function + void transform(); + + // transform bytes in big-endian, because SHA256 wants big endian ordering + // Takes 1 parameter, the array of bytes that we want to reorder + void bigendian(uint8_t*); +}; + +} // namespace hmacsha256 + +#endif // HMACSHA256_SHA256_H_ diff --git a/src/main.cc b/src/main.cc new file mode 100644 index 0000000..9f01c14 --- /dev/null +++ b/src/main.cc @@ -0,0 +1,10 @@ +#include +#include "sha256.h" + +int main(int argc, char** argv) { + auto sha = hmacsha256::SHA256(argv[1]); + sha.digest(); + std::cout << sha.hexdigest(); + + return 0; +} diff --git a/src/sha256.cc b/src/sha256.cc new file mode 100644 index 0000000..7790f8a --- /dev/null +++ b/src/sha256.cc @@ -0,0 +1,165 @@ +#include "sha256.h" +#include // used for memset +#include // used for stringstream +#include // used for setfill and setw + +hmacsha256::SHA256::SHA256(const uint8_t* data, uint32_t length) { + init(data, length); +} + +void hmacsha256::SHA256::init(const uint8_t* data, uint32_t length) { + message_l_ = bit_len_ = 0; + vars_[0] = 0x6a09e667; + vars_[1] = 0xbb67ae85; + vars_[2] = 0x3c6ef372; + vars_[3] = 0xa54ff53a; + vars_[4] = 0x510e527f; + vars_[5] = 0x9b05688c; + vars_[6] = 0x1f83d9ab; + vars_[7] = 0x5be0cd19; + + for(size_t i = 0; i < length; ++i) { + message_[message_l_++] = data[i]; + if(message_l_ == 64) { + transform(); + + bit_len_ += 512; + message_l_ = 0; + } + } +} + +hmacsha256::SHA256::SHA256(const std::string& data) { + init(reinterpret_cast (data.c_str()), data.size()); +} + +uint8_t* hmacsha256::SHA256::digest() { + uint8_t* hash = new uint8_t[32]; + + pad(); + bigendian(hash); + + for(uint32_t i = 0; i < 32; ++i) { + digest_[i] = hash[i]; + } + + return hash; +} + +std::string hmacsha256::SHA256::hexdigest() { + std::stringstream s; + s << std::setfill('0') << std::hex; + + for(uint8_t i = 0 ; i < 32 ; i++) { + s << std::setw(2) << (unsigned int) digest_[i]; + } + + return s.str(); +} + +uint32_t hmacsha256::SHA256::ch(uint32_t x, uint32_t y, uint32_t z) { + return (x & y) ^ (~x & z); +} + +uint32_t hmacsha256::SHA256::maj(uint32_t x, uint32_t y, uint32_t z) { + return (x & (y | z)) | (y & z); +} + +uint32_t hmacsha256::SHA256::rotr(uint32_t x, uint32_t n) { + return (x >> n) | (x << (32-n)); +} + +uint32_t hmacsha256::SHA256::big_sigma0(uint32_t x) { + return SHA256::rotr(x, 2) ^ SHA256::rotr(x, 13) ^ SHA256::rotr(x, 22); +} + +uint32_t hmacsha256::SHA256::big_sigma1(uint32_t x) { + return SHA256::rotr(x, 6) ^ SHA256::rotr(x, 11) ^ SHA256::rotr(x, 25); +} + +uint32_t hmacsha256::SHA256::sigma0(uint32_t x) { + return SHA256::rotr(x, 7) ^ SHA256::rotr(x, 18) ^ (x >> 3); +} + +uint32_t hmacsha256::SHA256::sigma1(uint32_t x) { + return SHA256::rotr(x, 17) ^ SHA256::rotr(x, 19) ^ (x >> 10); +} + +void hmacsha256::SHA256::transform() { + uint32_t m[64]; + uint32_t h[8]; + + for(uint8_t i = 0, j = 0; i < 16; ++i, j += 4) { + m[i] = (message_[j] << 24) | (message_[j + 1] << 16) | (message_[j + 2] << 8) | (message_[j + 3]); + } + + for(uint8_t i = 16; i < 64; ++i) { + m[i] = SHA256::sigma1(m[i - 2]) + m[i - 7] + SHA256::sigma0(m[i - 15]) + m[i - 16]; + } + + for(uint8_t i = 0; i < 8; ++i) + h[i] = vars_[i]; + + for(uint8_t i = 0; i < 64; ++i) { + auto S1 = SHA256::big_sigma1(h[4]); + auto S0 = SHA256::big_sigma0(h[0]); + auto t1 = h[7] + S1 + SHA256::ch(h[4], h[5], h[6]) + K[i] + m[i]; + auto t2 = S0 + SHA256::maj(h[0], h[1], h[2]); + h[7] = h[6]; + h[6] = h[5]; + h[5] = h[4]; + h[4] = h[3] + t1; + h[3] = h[2]; + h[2] = h[1]; + h[1] = h[0]; + h[0] = t1 + t2; + } + + for(uint8_t i = 0; i < 8; ++i) { + vars_[i]+=h[i]; + } + +} + +void hmacsha256::SHA256::pad() { + // start of scanning + uint64_t i = message_l_; + + // end of scanning + uint8_t j = (i < 56) ? 56 : 64; + + // append '1' bit at the end of the block + message_[i++] = 0x80; + + // append '0' bit, j times + while(i < j) message_[i++] = 0x00; + + if(message_l_ >= 56) { + transform(); + memset(message_, 0, 56); + } + + bit_len_ += message_l_ * 8; + message_[63] = bit_len_; + message_[62] = bit_len_ >> 8; + message_[61] = bit_len_ >> 16; + message_[60] = bit_len_ >> 24; + message_[59] = bit_len_ >> 32; + message_[58] = bit_len_ >> 40; + message_[57] = bit_len_ >> 48; + message_[56] = bit_len_ >> 56; + transform(); +} + +void hmacsha256::SHA256::bigendian(uint8_t* hash) { + for (uint32_t i = 0; i < 4; ++i) { + hash[i] = (vars_[0] >> (24 - i * 8)) & 0x000000ff; + hash[i + 4] = (vars_[1] >> (24 - i * 8)) & 0x000000ff; + hash[i + 8] = (vars_[2] >> (24 - i * 8)) & 0x000000ff; + hash[i + 12] = (vars_[3] >> (24 - i * 8)) & 0x000000ff; + hash[i + 16] = (vars_[4] >> (24 - i * 8)) & 0x000000ff; + hash[i + 20] = (vars_[5] >> (24 - i * 8)) & 0x000000ff; + hash[i + 24] = (vars_[6] >> (24 - i * 8)) & 0x000000ff; + hash[i + 28] = (vars_[7] >> (24 - i * 8)) & 0x000000ff; + } +} -- cgit v1.2.3-18-g5258