大家都知道摘要算法在安全领域,也是一个特别重要的存在,而SHA224是其中比较常见的一种摘要算法,它的特点就是计算复杂度较低,不等长的数据原文输入,可以得出等长的摘要值,这个值是固定为28字节。正是由于这种特殊性,很多重要的数据完整性校验领域,都可以看到SHA24的影子,不过相对于SHA1/SHA256,SHA224还是用得相对少很多。
今天给大家带来SHA224的C源码版本实现,欢迎大家深入学习和讨论。
头文件定义如下,主要定义了SHA224的上下文结构体,以及导出的三个API:
#ifndef __SHA224_H__
#define __SHA224_H__
#include
#define SHA224_DIGEST_LEN 28 // SHA224 outputs a 28 byte digest
typedef struct _sha224_ctx_t {
uint32_t total[2]; /*!< The number of Bytes processed. */
uint32_t state[8]; /*!< The intermediate digest state. */
uint8_t buffer[64]; /*!< The data block being processed. */
int32_t is_224; /*!< Determines which function to use:
0: Use SHA-256, or 1: Use SHA-224. */
} sha224_ctx_t;
void crypto_sha224_init(sha224_ctx_t *ctx);
void crypto_sha224_update(sha224_ctx_t *ctx, const uint8_t *data, uint32_t len);
void crypto_sha224_final(sha224_ctx_t *ctx, uint8_t *digest);
#endif // __SHA224_H__
下面是SHA224的C语言版本实现,主要也是围绕导出的3个API:
#include
#include
#include "sha224.h"
#define CONFIG_SHA256_SMALLER 1
/*
* 32-bit int32_teger manipulation macros (big endian)
*/
#ifndef GET_UINT32_BE
#define GET_UINT32_BE(n,b,i) \
do { \
(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
| ( (uint32_t) (b)[(i) + 1] << 16 ) \
| ( (uint32_t) (b)[(i) + 2] << 8 ) \
| ( (uint32_t) (b)[(i) + 3] ); \
} while( 0 )
#endif
#ifndef PUT_UINT32_BE
#define PUT_UINT32_BE(n,b,i) \
do { \
(b)[(i) ] = (uint8_t) ( (n) >> 24 ); \
(b)[(i) + 1] = (uint8_t) ( (n) >> 16 ); \
(b)[(i) + 2] = (uint8_t) ( (n) >> 8 ); \
(b)[(i) + 3] = (uint8_t) ( (n) ); \
} while( 0 )
#endif
static const uint32_t K[] =
{
0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5,
0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3,
0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,
0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC,
0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7,
0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,
0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13,
0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,
0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3,
0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5,
0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,
0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208,
0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2,
};
#define SHR(x,n) (((x) & 0xFFFFFFFF) >> (n))
#define ROTR(x,n) (SHR(x,n) | ((x) << (32 - (n))))
#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
#define F0(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
#define F1(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
#define R(t) \
( \
local.W[t] = S1(local.W[(t) - 2]) + local.W[(t) - 7] + \
S0(local.W[(t) - 15]) + local.W[(t) - 16] \
)
#define P(a,b,c,d,e,f,g,h,x,K) \
do \
{ \
local.temp1 = (h) + S3(e) + F1((e),(f),(g)) + (K) + (x); \
local.temp2 = S2(a) + F0((a),(b),(c)); \
(d) += local.temp1; (h) = local.temp1 + local.temp2; \
} while( 0 )
/*
* SHA-224/256 context setup
*/
void crypto_sha224_sha256_init( sha224_ctx_t *ctx, int32_t is_224 )
{
ctx->total[0] = 0;
ctx->total[1] = 0;
if( is_224 == 0 ) {
/* SHA-256 */
ctx->state[0] = 0x6A09E667;
ctx->state[1] = 0xBB67AE85;
ctx->state[2] = 0x3C6EF372;
ctx->state[3] = 0xA54FF53A;
ctx->state[4] = 0x510E527F;
ctx->state[5] = 0x9B05688C;
ctx->state[6] = 0x1F83D9AB;
ctx->state[7] = 0x5BE0CD19;
} else {
/* SHA-224 */
ctx->state[0] = 0xC1059ED8;
ctx->state[1] = 0x367CD507;
ctx->state[2] = 0x3070DD17;
ctx->state[3] = 0xF70E5939;
ctx->state[4] = 0xFFC00B31;
ctx->state[5] = 0x68581511;
ctx->state[6] = 0x64F98FA7;
ctx->state[7] = 0xBEFA4FA4;
}
ctx->is_224 = is_224;
}
void crypto_sha224_init( sha224_ctx_t *ctx )
{
memset( ctx, 0, sizeof( sha224_ctx_t ) );
crypto_sha224_sha256_init(ctx, 1);
}
static int32_t local_sha224_process( sha224_ctx_t *ctx,
const uint8_t data[64] )
{
struct {
uint32_t temp1, temp2, W[64];
uint32_t A[8];
} local;
uint32_t i;
for( i = 0; i < 8; i++ ) {
local.A[i] = ctx->state[i];
}
#if defined(CONFIG_SHA256_SMALLER)
for( i = 0; i < 64; i++ ) {
if( i < 16 ) {
GET_UINT32_BE( local.W[i], data, 4 * i );
} else {
R( i );
}
P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
local.A[5], local.A[6], local.A[7], local.W[i], K[i] );
local.temp1 = local.A[7]; local.A[7] = local.A[6];
local.A[6] = local.A[5]; local.A[5] = local.A[4];
local.A[4] = local.A[3]; local.A[3] = local.A[2];
local.A[2] = local.A[1]; local.A[1] = local.A[0];
local.A[0] = local.temp1;
}
#else /* CONFIG_SHA256_SMALLER */
for( i = 0; i < 16; i++ ) {
GET_UINT32_BE( local.W[i], data, 4 * i );
}
for( i = 0; i < 16; i += 8 ) {
P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
local.A[5], local.A[6], local.A[7], local.W[i+0], K[i+0] );
P( local.A[7], local.A[0], local.A[1], local.A[2], local.A[3],
local.A[4], local.A[5], local.A[6], local.W[i+1], K[i+1] );
P( local.A[6], local.A[7], local.A[0], local.A[1], local.A[2],
local.A[3], local.A[4], local.A[5], local.W[i+2], K[i+2] );
P( local.A[5], local.A[6], local.A[7], local.A[0], local.A[1],
local.A[2], local.A[3], local.A[4], local.W[i+3], K[i+3] );
P( local.A[4], local.A[5], local.A[6], local.A[7], local.A[0],
local.A[1], local.A[2], local.A[3], local.W[i+4], K[i+4] );
P( local.A[3], local.A[4], local.A[5], local.A[6], local.A[7],
local.A[0], local.A[1], local.A[2], local.W[i+5], K[i+5] );
P( local.A[2], local.A[3], local.A[4], local.A[5], local.A[6],
local.A[7], local.A[0], local.A[1], local.W[i+6], K[i+6] );
P( local.A[1], local.A[2], local.A[3], local.A[4], local.A[5],
local.A[6], local.A[7], local.A[0], local.W[i+7], K[i+7] );
}
for( i = 16; i < 64; i += 8 ) {
P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
local.A[5], local.A[6], local.A[7], R(i+0), K[i+0] );
P( local.A[7], local.A[0], local.A[1], local.A[2], local.A[3],
local.A[4], local.A[5], local.A[6], R(i+1), K[i+1] );
P( local.A[6], local.A[7], local.A[0], local.A[1], local.A[2],
local.A[3], local.A[4], local.A[5], R(i+2), K[i+2] );
P( local.A[5], local.A[6], local.A[7], local.A[0], local.A[1],
local.A[2], local.A[3], local.A[4], R(i+3), K[i+3] );
P( local.A[4], local.A[5], local.A[6], local.A[7], local.A[0],
local.A[1], local.A[2], local.A[3], R(i+4), K[i+4] );
P( local.A[3], local.A[4], local.A[5], local.A[6], local.A[7],
local.A[0], local.A[1], local.A[2], R(i+5), K[i+5] );
P( local.A[2], local.A[3], local.A[4], local.A[5], local.A[6],
local.A[7], local.A[0], local.A[1], R(i+6), K[i+6] );
P( local.A[1], local.A[2], local.A[3], local.A[4], local.A[5],
local.A[6], local.A[7], local.A[0], R(i+7), K[i+7] );
}
#endif /* CONFIG_SHA256_SMALLER */
for( i = 0; i < 8; i++ ) {
ctx->state[i] += local.A[i];
}
return( 0 );
}
/*
* SHA-224 process buffer
*/
void crypto_sha224_update( sha224_ctx_t *ctx,
const uint8_t *data,
uint32_t ilen )
{
int32_t ret = -1;
uint32_t fill;
uint32_t left;
left = ctx->total[0] & 0x3F;
fill = 64 - left;
ctx->total[0] += (uint32_t) ilen;
ctx->total[0] &= 0xFFFFFFFF;
if( ctx->total[0] < (uint32_t) ilen ) {
ctx->total[1]++;
}
if( left && ilen >= fill ) {
memcpy( (void *) (ctx->buffer + left), data, fill );
if( ( ret = local_sha224_process( ctx, ctx->buffer ) ) != 0 ) {
/* error */
return;
}
data += fill;
ilen -= fill;
left = 0;
}
while( ilen >= 64 ) {
if( ( ret = local_sha224_process( ctx, data ) ) != 0 ) {
/* error */
return;
}
data += 64;
ilen -= 64;
}
if( ilen > 0 ) {
memcpy( (void *) (ctx->buffer + left), data, ilen );
}
}
/*
* SHA-224 final digest
*/
void crypto_sha224_final( sha224_ctx_t *ctx, uint8_t *digest )
{
int32_t ret = -1;
uint32_t used;
uint32_t high, low;
/*
* Add padding: 0x80 then 0x00 until 8 bytes remain for the length
*/
used = ctx->total[0] & 0x3F;
ctx->buffer[used++] = 0x80;
if( used <= 56 ) {
/* Enough room for padding + length in current block */
memset( ctx->buffer + used, 0, 56 - used );
} else {
/* We'll need an extra block */
memset( ctx->buffer + used, 0, 64 - used );
if( ( ret = local_sha224_process( ctx, ctx->buffer ) ) != 0 ) {
/* error */
return;
}
memset( ctx->buffer, 0, 56 );
}
/*
* Add message length
*/
high = ( ctx->total[0] >> 29 )
| ( ctx->total[1] << 3 );
low = ( ctx->total[0] << 3 );
PUT_UINT32_BE( high, ctx->buffer, 56 );
PUT_UINT32_BE( low, ctx->buffer, 60 );
if( ( ret = local_sha224_process( ctx, ctx->buffer ) ) != 0 ) {
/* error */
return;
}
/*
* Output final state
*/
PUT_UINT32_BE( ctx->state[0], digest, 0 );
PUT_UINT32_BE( ctx->state[1], digest, 4 );
PUT_UINT32_BE( ctx->state[2], digest, 8 );
PUT_UINT32_BE( ctx->state[3], digest, 12 );
PUT_UINT32_BE( ctx->state[4], digest, 16 );
PUT_UINT32_BE( ctx->state[5], digest, 20 );
PUT_UINT32_BE( ctx->state[6], digest, 24 );
if( ctx->is_224 == 0 ) {
PUT_UINT32_BE( ctx->state[7], digest, 28 );
}
}
针对SHA224导出的三个接口,我编写了以下测试用例:
#include
#include
#include "sha224.h"
#include "convert.h"
int log_hexdump(const char *title, const unsigned char *data, int len)
{
char str[160], octet[10];
int ofs, i, k, d;
const unsigned char *buf = (const unsigned char *)data;
const char dimm[] = "+------------------------------------------------------------------------------+";
printf("%s (%d bytes):\r\n", title, len);
printf("%s\r\n", dimm);
printf("| Offset : 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0123456789ABCDEF |\r\n");
printf("%s\r\n", dimm);
for (ofs = 0; ofs < (int)len; ofs += 16) {
d = snprintf( str, sizeof(str), "| %08X: ", ofs );
for (i = 0; i < 16; i++) {
if ((i + ofs) < (int)len) {
snprintf( octet, sizeof(octet), "%02X ", buf[ofs + i] );
} else {
snprintf( octet, sizeof(octet), " " );
}
d += snprintf( &str[d], sizeof(str) - d, "%s", octet );
}
d += snprintf( &str[d], sizeof(str) - d, " " );
k = d;
for (i = 0; i < 16; i++) {
if ((i + ofs) < (int)len) {
str[k++] = (0x20 <= (buf[ofs + i]) && (buf[ofs + i]) <= 0x7E) ? buf[ofs + i] : '.';
} else {
str[k++] = ' ';
}
}
str[k] = '\0';
printf("%s |\r\n", str);
}
printf("%s\r\n", dimm);
return 0;
}
int main(int argc, const char *argv[])
{
const char *data = "C1D0F8FB4958670DBA40AB1F3752EF0D";
const char *digest_exp_str = "0AC2C8BF595E3CA47BBFEFEAD8B2E6489536EDCF2C0D49A5BC290058";
uint8_t digest_calc[SHA224_DIGEST_LEN];
uint8_t digest_exp_hex[SHA224_DIGEST_LEN];
sha224_ctx_t ctx;
const char *p_calc = data;
uint8_t data_bytes[128];
uint16_t len_bytes;
char data_str[128];
if (argc > 1) {
p_calc = argv[1];
}
utils_hex_string_2_bytes(data, data_bytes, &len_bytes);
log_hexdump("data_bytes", data_bytes, len_bytes);
utils_bytes_2_hex_string(data_bytes, len_bytes, data_str);
printf("data_str: %s\n", data_str);
if (!strcmp(data, data_str)) {
printf("hex string - bytes convert OK\n");
} else {
printf("hex string - bytes convert FAIL\n");
}
crypto_sha224_init(&ctx);
crypto_sha224_update(&ctx, (uint8_t *)p_calc, strlen(p_calc));
crypto_sha224_final(&ctx, digest_calc);
utils_hex_string_2_bytes(digest_exp_str, digest_exp_hex, &len_bytes);
if (len_bytes == sizeof(digest_calc) && !memcmp(digest_calc, digest_exp_hex, sizeof(digest_calc))) {
printf("SHA224 digest test OK\n");
log_hexdump("digest_calc", digest_calc, sizeof(digest_calc));
} else {
log_hexdump("digest_calc", digest_calc, sizeof(digest_calc));
log_hexdump("digest_exp", digest_exp_hex, sizeof(digest_exp_hex));
printf("SHA224 digest test FAIL\n");
}
return 0;
}
测试用例比较简单,就是对字符串C1D0F8FB4958670DBA40AB1F3752EF0D进行SHA224运算,期望的摘要结果的hexstring是0AC2C8BF595E3CA47BBFEFEAD8B2E6489536EDCF2C0D49A5BC290058,这个期望值是用算法工具算出来的。
先用API接口算出摘要值,再与期望值比较,这里有个hexstringtobyte的转换,如果比较一致则表示API计算OK;反之,接口计算失败。
同时,也欢迎大家设计提供更多的测试案例代码。
以上代码和测试用例,及编译运行等,可以参考我的github仓库,有详细的流程介绍,欢迎大家交流讨论。如果有帮助到你的话,记得帮忙点亮一颗星哦。
[1] 【安全算法的github仓库】
[2] 【安全算法之概述】一文带你简要了解常见常用的安全算法
[3] 【安全算法之base64】base64加解密的C语言源码实现
[4] 【安全算法之MD5】MD5摘要运算的C语言源码实现
[5] 【安全算法之SHA1】SHA1摘要运算的C语言源码实现
[6] 【安全算法之SHA224】SHA224摘要运算的C语言源码实现
[7] 【安全算法之SHA256】SHA256摘要运算的C语言源码实现
[8] 【安全算法之SHA384】SHA384摘要运算的C语言源码实现
[9] 【安全算法之SHA512】SHA512摘要运算的C语言源码实现