1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-01-05 13:01:12 +00:00

sha2: NIST FIPS 180-2 naming conventions

This commit is contained in:
Saleem Rashid 2016-09-29 17:12:55 +01:00 committed by Pavol Rusnak
parent a91e005633
commit 1b79c93bbc

54
sha2.c
View File

@ -114,33 +114,49 @@ typedef uint64_t sha2_word64; /* Exactly 8 bytes */
/* /*
* Bit shifting and rotation (used by the six SHA-XYZ logical functions: * Bit shifting and rotation (used by the six SHA-XYZ logical functions:
* *
* NOTE: The naming of R and S appears backwards here (R is a SHIFT and * NOTE: In the original SHA-256/384/512 document, the shift-right
* S is a ROTATION) because the SHA-256/384/512 description document * function was named R and the rotate-right function was called S.
* (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this * (See: http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf on the
* same "backwards" definition. * web.)
*
* The newer NIST FIPS 180-2 document uses a much clearer naming
* scheme, SHR for shift-right, ROTR for rotate-right, and ROTL for
* rotate-left. (See:
* http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
* on the web.)
*
* WARNING: These macros must be used cautiously, since they reference
* supplied parameters sometimes more than once, and thus could have
* unexpected side-effects if used without taking this into account.
*/ */
/* Shift-right (used in SHA-256, SHA-384, and SHA-512): */
#define R(b,x) ((x) >> (b))
/* 32-bit Rotate-right (used in SHA-256): */
#define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b))))
/* 64-bit Rotate-right (used in SHA-384 and SHA-512): */
#define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b))))
/* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */ /* Shift-right (used in SHA-256, SHA-384, and SHA-512): */
#define SHR(b,x) ((x) >> (b))
/* 32-bit Rotate-right (used in SHA-256): */
#define ROTR32(b,x) (((x) >> (b)) | ((x) << (32 - (b))))
/* 64-bit Rotate-right (used in SHA-384 and SHA-512): */
#define ROTR64(b,x) (((x) >> (b)) | ((x) << (64 - (b))))
/* 32-bit Rotate-left (used in SHA-1): */
#define ROTL32(b,x) (((x) << (b)) | ((x) >> (32 - (b))))
/* Two of six logical functions used in SHA-1, SHA-256, SHA-384, and SHA-512: */
#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) #define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
/* Function used in SHA-1: */
#define Parity(x,y,z) ((x) ^ (y) ^ (z))
/* Four of six logical functions used in SHA-256: */ /* Four of six logical functions used in SHA-256: */
#define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x))) #define Sigma0_256(x) (ROTR32(2, (x)) ^ ROTR32(13, (x)) ^ ROTR32(22, (x)))
#define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x))) #define Sigma1_256(x) (ROTR32(6, (x)) ^ ROTR32(11, (x)) ^ ROTR32(25, (x)))
#define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x))) #define sigma0_256(x) (ROTR32(7, (x)) ^ ROTR32(18, (x)) ^ SHR(3 , (x)))
#define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x))) #define sigma1_256(x) (ROTR32(17, (x)) ^ ROTR32(19, (x)) ^ SHR(10, (x)))
/* Four of six logical functions used in SHA-384 and SHA-512: */ /* Four of six logical functions used in SHA-384 and SHA-512: */
#define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x))) #define Sigma0_512(x) (ROTR64(28, (x)) ^ ROTR64(34, (x)) ^ ROTR64(39, (x)))
#define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x))) #define Sigma1_512(x) (ROTR64(14, (x)) ^ ROTR64(18, (x)) ^ ROTR64(41, (x)))
#define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x))) #define sigma0_512(x) (ROTR64( 1, (x)) ^ ROTR64( 8, (x)) ^ SHR( 7, (x)))
#define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x))) #define sigma1_512(x) (ROTR64(19, (x)) ^ ROTR64(61, (x)) ^ SHR( 6, (x)))
/*** INTERNAL FUNCTION PROTOTYPES *************************************/ /*** INTERNAL FUNCTION PROTOTYPES *************************************/
/* NOTE: These should not be accessed directly from outside this /* NOTE: These should not be accessed directly from outside this