Home Verkennen Help
Inloggen
RT-Thread-packages
/
libsodium-legacy
spiegel van https://github-proxy.rt-thread.io/RT-Thread-packages/libsodium-legacy.git
2
0
Vork 0
Bestanden Issues 0 Wiki
Aftakking: master
Aftakkingen Labels
libsodium-legac...
/
libsodium
/
crypto_core
/
ed25519
/
core_h2c.c

core_h2c.c 4.9 KB
Permalink Geschiedenis Ruwe

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133 
  1. #include <assert.h>
    2. 

  2. #include <errno.h>
    3. 

  3. #include <stdlib.h>
    4. 

  4. #include <string.h>
    5. 

  5. 

  6. #include "core_h2c.h"
    7. 

  7. #include "crypto_hash_sha256.h"
    8. 

  8. #include "crypto_hash_sha512.h"
    9. 

  9. #include "private/common.h"
    10. 

  10. 

  11. #define HASH_BYTES      crypto_hash_sha256_BYTES
    12. 

  12. #define HASH_BLOCKBYTES 64U
    13. 

  13. 

  14. static int
    15. 

  15. core_h2c_string_to_hash_sha256(unsigned char *h, const size_t h_len, const char *ctx,
    16. 

  16.                                const unsigned char *msg, size_t msg_len)
    17. 

  17. {
    18. 

  18.     crypto_hash_sha256_state st;
    19. 

  19.     const unsigned char      empty_block[HASH_BLOCKBYTES] = { 0 };
    20. 

  20.     unsigned char            u0[HASH_BYTES];
    21. 

  21.     unsigned char            ux[HASH_BYTES] = { 0 };
    22. 

  22.     unsigned char            t[3] = { 0U, (unsigned char) h_len, 0U};
    23. 

  23.     unsigned char            ctx_len_u8;
    24. 

  24.     size_t                   ctx_len = ctx != NULL ? strlen(ctx) : 0U;
    25. 

  25.     size_t                   i, j;
    26. 

  26. 

  27.     assert(h_len <= 0xff);
    28. 

  28.     if (ctx_len > (size_t) 0xff) {
    29. 

  29.         crypto_hash_sha256_init(&st);
    30. 

  30.         crypto_hash_sha256_update(&st,
    31. 

  31.                                   (const unsigned char *) "H2C-OVERSIZE-DST-",
    32. 

  32.                                   sizeof "H2C-OVERSIZE-DST-" - 1U);
    33. 

  33.         crypto_hash_sha256_update(&st, (const unsigned char *) ctx, ctx_len);
    34. 

  34.         crypto_hash_sha256_final(&st, u0);
    35. 

  35.         ctx = (const char *) u0;
    36. 

  36.         ctx_len = HASH_BYTES;
    37. 

  37.         COMPILER_ASSERT(HASH_BYTES <= (size_t) 0xff);
    38. 

  38.     }
    39. 

  39.     ctx_len_u8 = (unsigned char) ctx_len;
    40. 

  40.     crypto_hash_sha256_init(&st);
    41. 

  41.     crypto_hash_sha256_update(&st, empty_block, sizeof empty_block);
    42. 

  42.     crypto_hash_sha256_update(&st, msg, msg_len);
    43. 

  43.     crypto_hash_sha256_update(&st, t, 3U);
    44. 

  44.     crypto_hash_sha256_update(&st, (const unsigned char *) ctx, ctx_len);
    45. 

  45.     crypto_hash_sha256_update(&st, &ctx_len_u8, 1U);
    46. 

  46.     crypto_hash_sha256_final(&st, u0);
    47. 

  47. 

  48.     for (i = 0U; i < h_len; i += HASH_BYTES) {
    49. 

  49.         for (j = 0U; j < HASH_BYTES; j++) {
    50. 

  50.             ux[j] ^= u0[j];
    51. 

  51.         }
    52. 

  52.         t[2]++;
    53. 

  53.         crypto_hash_sha256_init(&st);
    54. 

  54.         crypto_hash_sha256_update(&st, ux, HASH_BYTES);
    55. 

  55.         crypto_hash_sha256_update(&st, &t[2], 1U);
    56. 

  56.         crypto_hash_sha256_update(&st, (const unsigned char *) ctx, ctx_len);
    57. 

  57.         crypto_hash_sha256_update(&st, &ctx_len_u8, 1U);
    58. 

  58.         crypto_hash_sha256_final(&st, ux);
    59. 

  59.         memcpy(&h[i], ux, h_len - i >= (sizeof ux) ? (sizeof ux) : h_len - i);
    60. 

  60.     }
    61. 

  61.     return 0;
    62. 

  62. }
    63. 

  63. 

  64. #undef  HASH_BYTES
    65. 

  65. #undef  HASH_BLOCKBYTES
    66. 

  66. 

  67. #define HASH_BYTES      crypto_hash_sha512_BYTES
    68. 

  68. #define HASH_BLOCKBYTES 128U
    69. 

  69. 

  70. static int
    71. 

  71. core_h2c_string_to_hash_sha512(unsigned char *h, const size_t h_len, const char *ctx,
    72. 

  72.                                const unsigned char *msg, size_t msg_len)
    73. 

  73. {
    74. 

  74.     crypto_hash_sha512_state st;
    75. 

  75.     const unsigned char      empty_block[HASH_BLOCKBYTES] = { 0 };
    76. 

  76.     unsigned char            u0[HASH_BYTES];
    77. 

  77.     unsigned char            ux[HASH_BYTES] = { 0 };
    78. 

  78.     unsigned char            t[3] = { 0U, (unsigned char) h_len, 0U};
    79. 

  79.     unsigned char            ctx_len_u8;
    80. 

  80.     size_t                   ctx_len = ctx != NULL ? strlen(ctx) : 0U;
    81. 

  81.     size_t                   i, j;
    82. 

  82. 

  83.     assert(h_len <= 0xff);
    84. 

  84.     if (ctx_len > (size_t) 0xff) {
    85. 

  85.         crypto_hash_sha512_init(&st);
    86. 

  86.         crypto_hash_sha512_update(&st,
    87. 

  87.                                   (const unsigned char *) "H2C-OVERSIZE-DST-",
    88. 

  88.                                   sizeof "H2C-OVERSIZE-DST-" - 1U);
    89. 

  89.         crypto_hash_sha512_update(&st, (const unsigned char *) ctx, ctx_len);
    90. 

  90.         crypto_hash_sha512_final(&st, u0);
    91. 

  91.         ctx = (const char *) u0;
    92. 

  92.         ctx_len = HASH_BYTES;
    93. 

  93.         COMPILER_ASSERT(HASH_BYTES <= (size_t) 0xff);
    94. 

  94.     }
    95. 

  95.     ctx_len_u8 = (unsigned char) ctx_len;
    96. 

  96.     crypto_hash_sha512_init(&st);
    97. 

  97.     crypto_hash_sha512_update(&st, empty_block, sizeof empty_block);
    98. 

  98.     crypto_hash_sha512_update(&st, msg, msg_len);
    99. 

  99.     crypto_hash_sha512_update(&st, t, 3U);
    100. 

  100.     crypto_hash_sha512_update(&st, (const unsigned char *) ctx, ctx_len);
    101. 

  101.     crypto_hash_sha512_update(&st, &ctx_len_u8, 1U);
    102. 

  102.     crypto_hash_sha512_final(&st, u0);
    103. 

  103. 

  104.     for (i = 0U; i < h_len; i += HASH_BYTES) {
    105. 

  105.         for (j = 0U; j < HASH_BYTES; j++) {
    106. 

  106.             ux[j] ^= u0[j];
    107. 

  107.         }
    108. 

  108.         t[2]++;
    109. 

  109.         crypto_hash_sha512_init(&st);
    110. 

  110.         crypto_hash_sha512_update(&st, ux, HASH_BYTES);
    111. 

  111.         crypto_hash_sha512_update(&st, &t[2], 1U);
    112. 

  112.         crypto_hash_sha512_update(&st, (const unsigned char *) ctx, ctx_len);
    113. 

  113.         crypto_hash_sha512_update(&st, &ctx_len_u8, 1U);
    114. 

  114.         crypto_hash_sha512_final(&st, ux);
    115. 

  115.         memcpy(&h[i], ux, h_len - i >= (sizeof ux) ? (sizeof ux) : h_len - i);
    116. 

  116.     }
    117. 

  117.     return 0;
    118. 

  118. }
    119. 

  119. 

  120. int
    121. 

  121. core_h2c_string_to_hash(unsigned char *h, const size_t h_len, const char *ctx,
    122. 

  122.                         const unsigned char *msg, size_t msg_len, int hash_alg)
    123. 

  123. {
    124. 

  124.     switch (hash_alg) {
    125. 

  125.     case CORE_H2C_SHA256:
    126. 

  126.         return core_h2c_string_to_hash_sha256(h, h_len, ctx, msg, msg_len);
    127. 

  127.     case CORE_H2C_SHA512:
    128. 

  128.         return core_h2c_string_to_hash_sha512(h, h_len, ctx, msg, msg_len);
    129. 

  129.     default:
    130. 

  130.         errno = EINVAL;
    131. 

  131.         return -1;
    132. 

  132.     }
    133. 

  133. }
    134.