Revert "Merge branch 'upstream' into tizen"

[platform/upstream/nettle.git] / sha256-compress.c

diff --git a/sha256-compress.c b/sha256-compress.c
index ad03039..30e75ea 100644 (file)
--- a/sha256-compress.c
+++ b/sha256-compress.c
@@ -5,7 +5,7 @@
 
 /* nettle, low-level cryptographics library
  *
- * Copyright (C) 2001, 2010 Niels Möller
+ * Copyright (C) 2001, 2010 Niels Möller
  *  
  * The nettle library is free software; you can redistribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as published by
@@ -19,28 +19,38 @@
  * 
  * You should have received a copy of the GNU Lesser General Public License
  * along with the nettle library; see the file COPYING.LIB.  If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
  */
 
 #if HAVE_CONFIG_H
 # include "config.h"
 #endif
 
+#ifndef SHA256_DEBUG
+# define SHA256_DEBUG 0
+#endif
+
+#if SHA256_DEBUG
+# include <stdio.h>
+# define DEBUG(i) \
+  fprintf(stderr, "%2d: %8x %8x %8x %8x %8x %8x %8x %8x\n", \
+         i, A, B, C, D ,E, F, G, H)
+#else
+# define DEBUG(i)
+#endif
+
 #include <assert.h>
 #include <stdlib.h>
 #include <string.h>
 
-#include "sha.h"
+#include "sha2.h"
 
 #include "macros.h"
 
 /* A block, treated as a sequence of 32-bit words. */
 #define SHA256_DATA_LENGTH 16
 
-#define ROTR(n,x) ((x)>>(n) | ((x)<<(32-(n))))
-#define SHR(n,x) ((x)>>(n))
-
 /* The SHA256 functions. The Choice function is the same as the SHA1
    function f1, and the majority function is the same as the SHA1 f3
    function. They can be optimized to save one boolean operation each
@@ -52,11 +62,11 @@
 /* #define Majority(x,y,z) ( ((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)) ) */
 #define Majority(x,y,z) ( ((x) & (y)) ^ ((z) & ((x) ^ (y))) )
 
-#define S0(x) (ROTR(2,(x)) ^ ROTR(13,(x)) ^ ROTR(22,(x))) 
-#define S1(x) (ROTR(6,(x)) ^ ROTR(11,(x)) ^ ROTR(25,(x)))
+#define S0(x) (ROTL32(30,(x)) ^ ROTL32(19,(x)) ^ ROTL32(10,(x))) 
+#define S1(x) (ROTL32(26,(x)) ^ ROTL32(21,(x)) ^ ROTL32(7,(x)))
 
-#define s0(x) (ROTR(7,(x)) ^ ROTR(18,(x)) ^ SHR(3,(x)))
-#define s1(x) (ROTR(17,(x)) ^ ROTR(19,(x)) ^ SHR(10,(x)))
+#define s0(x) (ROTL32(25,(x)) ^ ROTL32(14,(x)) ^ ((x) >> 3))
+#define s1(x) (ROTL32(15,(x)) ^ ROTL32(13,(x)) ^ ((x) >> 10))
 
 /* The initial expanding function.  The hash function is defined over an
    64-word expanded input array W, where the first 16 are copies of the input
@@ -92,11 +102,11 @@
 
 /* It's crucial that DATA is only used once, as that argument will
  * have side effects. */
-#define ROUND(a,b,c,d,e,f,g,h,k,data) do {             \
-  uint32_t T = h + S1(e) + Choice(e,f,g) + k + data;   \
-  d += T;                                              \
-  h = T + S0(a) + Majority(a,b,c);                     \
-} while (0)
+#define ROUND(a,b,c,d,e,f,g,h,k,data) do {     \
+    h += S1(e) + Choice(e,f,g) + k + data;     \
+    d += h;                                    \
+    h += S0(a) + Majority(a,b,c);              \
+  } while (0)
 
 void
 _nettle_sha256_compress(uint32_t *state, const uint8_t *input, const uint32_t *k)
@@ -124,36 +134,37 @@ _nettle_sha256_compress(uint32_t *state, const uint8_t *input, const uint32_t *k
   /* Heavy mangling */
   /* First 16 subrounds that act on the original data */
 
+  DEBUG(-1);
   for (i = 0, d = data; i<16; i+=8, k += 8, d+= 8)
     {
-      ROUND(A, B, C, D, E, F, G, H, k[0], d[0]);
-      ROUND(H, A, B, C, D, E, F, G, k[1], d[1]);
+      ROUND(A, B, C, D, E, F, G, H, k[0], d[0]); DEBUG(i);
+      ROUND(H, A, B, C, D, E, F, G, k[1], d[1]); DEBUG(i+1);
       ROUND(G, H, A, B, C, D, E, F, k[2], d[2]);
       ROUND(F, G, H, A, B, C, D, E, k[3], d[3]);
       ROUND(E, F, G, H, A, B, C, D, k[4], d[4]);
       ROUND(D, E, F, G, H, A, B, C, k[5], d[5]);
-      ROUND(C, D, E, F, G, H, A, B, k[6], d[6]);
-      ROUND(B, C, D, E, F, G, H, A, k[7], d[7]);
+      ROUND(C, D, E, F, G, H, A, B, k[6], d[6]); DEBUG(i+6);
+      ROUND(B, C, D, E, F, G, H, A, k[7], d[7]); DEBUG(i+7);
     }
   
   for (; i<64; i += 16, k+= 16)
     {
-      ROUND(A, B, C, D, E, F, G, H, k[ 0], EXPAND(data,  0));
-      ROUND(H, A, B, C, D, E, F, G, k[ 1], EXPAND(data,  1));
-      ROUND(G, H, A, B, C, D, E, F, k[ 2], EXPAND(data,  2));
-      ROUND(F, G, H, A, B, C, D, E, k[ 3], EXPAND(data,  3));
-      ROUND(E, F, G, H, A, B, C, D, k[ 4], EXPAND(data,  4));
-      ROUND(D, E, F, G, H, A, B, C, k[ 5], EXPAND(data,  5));
-      ROUND(C, D, E, F, G, H, A, B, k[ 6], EXPAND(data,  6));
-      ROUND(B, C, D, E, F, G, H, A, k[ 7], EXPAND(data,  7));
-      ROUND(A, B, C, D, E, F, G, H, k[ 8], EXPAND(data,  8));
-      ROUND(H, A, B, C, D, E, F, G, k[ 9], EXPAND(data,  9));
-      ROUND(G, H, A, B, C, D, E, F, k[10], EXPAND(data, 10));
-      ROUND(F, G, H, A, B, C, D, E, k[11], EXPAND(data, 11));
-      ROUND(E, F, G, H, A, B, C, D, k[12], EXPAND(data, 12));
-      ROUND(D, E, F, G, H, A, B, C, k[13], EXPAND(data, 13));
-      ROUND(C, D, E, F, G, H, A, B, k[14], EXPAND(data, 14));
-      ROUND(B, C, D, E, F, G, H, A, k[15], EXPAND(data, 15));
+      ROUND(A, B, C, D, E, F, G, H, k[ 0], EXPAND(data,  0)); DEBUG(i);
+      ROUND(H, A, B, C, D, E, F, G, k[ 1], EXPAND(data,  1)); DEBUG(i+1);
+      ROUND(G, H, A, B, C, D, E, F, k[ 2], EXPAND(data,  2)); DEBUG(i+2);
+      ROUND(F, G, H, A, B, C, D, E, k[ 3], EXPAND(data,  3)); DEBUG(i+3);
+      ROUND(E, F, G, H, A, B, C, D, k[ 4], EXPAND(data,  4)); DEBUG(i+4);
+      ROUND(D, E, F, G, H, A, B, C, k[ 5], EXPAND(data,  5)); DEBUG(i+5);
+      ROUND(C, D, E, F, G, H, A, B, k[ 6], EXPAND(data,  6)); DEBUG(i+6);
+      ROUND(B, C, D, E, F, G, H, A, k[ 7], EXPAND(data,  7)); DEBUG(i+7);
+      ROUND(A, B, C, D, E, F, G, H, k[ 8], EXPAND(data,  8)); DEBUG(i+8);
+      ROUND(H, A, B, C, D, E, F, G, k[ 9], EXPAND(data,  9)); DEBUG(i+9);
+      ROUND(G, H, A, B, C, D, E, F, k[10], EXPAND(data, 10)); DEBUG(i+10);
+      ROUND(F, G, H, A, B, C, D, E, k[11], EXPAND(data, 11)); DEBUG(i+11);
+      ROUND(E, F, G, H, A, B, C, D, k[12], EXPAND(data, 12)); DEBUG(i+12);
+      ROUND(D, E, F, G, H, A, B, C, k[13], EXPAND(data, 13)); DEBUG(i+13);
+      ROUND(C, D, E, F, G, H, A, B, k[14], EXPAND(data, 14)); DEBUG(i+14);
+      ROUND(B, C, D, E, F, G, H, A, k[15], EXPAND(data, 15)); DEBUG(i+15);
     }
 
   /* Update state */
@@ -165,4 +176,9 @@ _nettle_sha256_compress(uint32_t *state, const uint8_t *input, const uint32_t *k
   state[5] += F;
   state[6] += G;
   state[7] += H;
+#if SHA256_DEBUG
+  fprintf(stderr, "99: %8x %8x %8x %8x %8x %8x %8x %8x\n",
+         state[0], state[1], state[2], state[3],
+         state[4], state[5], state[6], state[7]);
+#endif
 }