|
111
|
1 ------------------------------------------------------------------------------
|
|
|
2 -- --
|
|
|
3 -- GNAT LIBRARY COMPONENTS --
|
|
|
4 -- --
|
|
|
5 -- G N A T . S E C U R E _ H A S H E S . S H A 2 _ C O M M O N --
|
|
|
6 -- --
|
|
|
7 -- B o d y --
|
|
|
8 -- --
|
|
145
|
9 -- Copyright (C) 2009-2019, Free Software Foundation, Inc. --
|
|
111
|
10 -- --
|
|
|
11 -- GNAT is free software; you can redistribute it and/or modify it under --
|
|
|
12 -- terms of the GNU General Public License as published by the Free Soft- --
|
|
|
13 -- ware Foundation; either version 3, or (at your option) any later ver- --
|
|
|
14 -- sion. GNAT is distributed in the hope that it will be useful, but WITH- --
|
|
|
15 -- OUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY --
|
|
|
16 -- or FITNESS FOR A PARTICULAR PURPOSE. --
|
|
|
17 -- --
|
|
|
18 -- As a special exception under Section 7 of GPL version 3, you are granted --
|
|
|
19 -- additional permissions described in the GCC Runtime Library Exception, --
|
|
|
20 -- version 3.1, as published by the Free Software Foundation. --
|
|
|
21 -- --
|
|
|
22 -- You should have received a copy of the GNU General Public License and --
|
|
|
23 -- a copy of the GCC Runtime Library Exception along with this program; --
|
|
|
24 -- see the files COPYING3 and COPYING.RUNTIME respectively. If not, see --
|
|
|
25 -- <http://www.gnu.org/licenses/>. --
|
|
|
26 -- --
|
|
|
27 -- GNAT was originally developed by the GNAT team at New York University. --
|
|
|
28 -- Extensive contributions were provided by Ada Core Technologies Inc. --
|
|
|
29 -- --
|
|
|
30 ------------------------------------------------------------------------------
|
|
|
31
|
|
|
32 package body GNAT.Secure_Hashes.SHA2_Common is
|
|
|
33
|
|
|
34 ---------------
|
|
|
35 -- Transform --
|
|
|
36 ---------------
|
|
|
37
|
|
|
38 procedure Transform
|
|
|
39 (H_St : in out Hash_State.State;
|
|
|
40 M_St : in out Message_State)
|
|
|
41 is
|
|
|
42 use System;
|
|
|
43
|
|
|
44 subtype Word is Hash_State.Word;
|
|
|
45 use type Hash_State.Word;
|
|
|
46
|
|
|
47 function Ch (X, Y, Z : Word) return Word;
|
|
|
48 function Maj (X, Y, Z : Word) return Word;
|
|
|
49 pragma Inline (Ch, Maj);
|
|
|
50 -- Elementary functions from FIPS PUB 180-3
|
|
|
51
|
|
|
52 --------
|
|
|
53 -- Ch --
|
|
|
54 --------
|
|
|
55
|
|
|
56 function Ch (X, Y, Z : Word) return Word is
|
|
|
57 begin
|
|
|
58 return (X and Y) xor ((not X) and Z);
|
|
|
59 end Ch;
|
|
|
60
|
|
|
61 ---------
|
|
|
62 -- Maj --
|
|
|
63 ---------
|
|
|
64
|
|
|
65 function Maj (X, Y, Z : Word) return Word is
|
|
|
66 begin
|
|
|
67 return (X and Y) xor (X and Z) xor (Y and Z);
|
|
|
68 end Maj;
|
|
|
69
|
|
|
70 type Words is array (Natural range <>) of Word;
|
|
|
71
|
|
|
72 X : Words (0 .. 15);
|
|
|
73 for X'Address use M_St.Buffer'Address;
|
|
|
74 pragma Import (Ada, X);
|
|
|
75
|
|
|
76 W : Words (0 .. Rounds - 1);
|
|
|
77
|
|
|
78 A, B, C, D, E, F, G, H, T1, T2 : Word;
|
|
|
79
|
|
|
80 -- Start of processing for Transform
|
|
|
81
|
|
|
82 begin
|
|
|
83 if Default_Bit_Order /= High_Order_First then
|
|
|
84 for J in X'Range loop
|
|
|
85 Hash_State.Swap (X (J)'Address);
|
|
|
86 end loop;
|
|
|
87 end if;
|
|
|
88
|
|
|
89 -- 1. Prepare message schedule
|
|
|
90
|
|
|
91 W (0 .. 15) := X;
|
|
|
92
|
|
|
93 for T in 16 .. Rounds - 1 loop
|
|
|
94 W (T) := S1 (W (T - 2)) + W (T - 7) + S0 (W (T - 15)) + W (T - 16);
|
|
|
95 end loop;
|
|
|
96
|
|
|
97 -- 2. Initialize working variables
|
|
|
98
|
|
|
99 A := H_St (0);
|
|
|
100 B := H_St (1);
|
|
|
101 C := H_St (2);
|
|
|
102 D := H_St (3);
|
|
|
103 E := H_St (4);
|
|
|
104 F := H_St (5);
|
|
|
105 G := H_St (6);
|
|
|
106 H := H_St (7);
|
|
|
107
|
|
|
108 -- 3. Perform transformation rounds
|
|
|
109
|
|
|
110 for T in 0 .. Rounds - 1 loop
|
|
|
111 T1 := H + Sigma1 (E) + Ch (E, F, G) + K (T) + W (T);
|
|
|
112 T2 := Sigma0 (A) + Maj (A, B, C);
|
|
|
113 H := G;
|
|
|
114 G := F;
|
|
|
115 F := E;
|
|
|
116 E := D + T1;
|
|
|
117 D := C;
|
|
|
118 C := B;
|
|
|
119 B := A;
|
|
|
120 A := T1 + T2;
|
|
|
121 end loop;
|
|
|
122
|
|
|
123 -- 4. Update hash state
|
|
|
124
|
|
|
125 H_St (0) := A + H_St (0);
|
|
|
126 H_St (1) := B + H_St (1);
|
|
|
127 H_St (2) := C + H_St (2);
|
|
|
128 H_St (3) := D + H_St (3);
|
|
|
129 H_St (4) := E + H_St (4);
|
|
|
130 H_St (5) := F + H_St (5);
|
|
|
131 H_St (6) := G + H_St (6);
|
|
|
132 H_St (7) := H + H_St (7);
|
|
|
133 end Transform;
|
|
|
134
|
|
|
135 end GNAT.Secure_Hashes.SHA2_Common;
|
