Cryptography Reference
In-Depth Information
required standard where secure hashing is concerned (you'll also need it later in
this chapter, to support elliptic-curve cryptography). At the time of this writing,
the NIST is evaluating proposals for a new SHA standard, which will almost
certainly have an even longer output.
Everything about SHA-256 is identical to SHA-1 except for the block process-
ing itself and the output length. The block size, padding, and so on are all the
same. You can reuse the
digest_hash
function from Listing 4-13 verbatim, if
you just change the
block_operate
function pointer.
SHA-256's block operation is similar;
ch
and
maj
reappear, but the parity func-
tion disappears and four new functions, which are identifi ed in the specifi cation
as
1
,
0
,
1
and
0
are introduced:
0
(x)
rotr( x, 2 ) ^ rotr( x, 13 ) ^ rotr( x, 22 )
1
(x)
rotr( x, 6 ) ^ rotr( x, 11 ) ^ rotr( x, 25 )
0
(x)
rotr( x, 7 ) ^ rotr( x, 18 ) ^ shr( x ^ 3 )
1
(x)
rotr( x, 17 ) ^ rotr( x, 19 )^ shr( x, 10 )
This choice of nomenclature doesn't translate very well into code, so call
sigma_rot (because the last operation is a rotr — “rotate right”) and
sigma_shr
(because the last operation is a shr — “shift right”). In code, this looks like
Listing 4-16.
Listing 4-16:
“sha.c” SHA-256 sigma functions
unsigned int rotr( unsigned int x, unsigned int n )
{
return ( x >> n ) | ( ( x ) << ( 32 - n ) );
}
unsigned int shr( unsigned int x, unsigned int n )
{
return x >> n;
}
unsigned int sigma_rot( unsigned int x, int i )
{
return rotr( x, i ? 6 : 2 ) ^ rotr( x, i ? 11 : 13 ) ^ rotr( x, i ? 25 : 22 );
}
unsigned int sigma_shr( unsigned int x, int i )
{
return rotr( x, i ? 17 : 7 ) ^ rotr( x, i ? 19 : 18 ) ^ shr( x, i ? 10 : 3 );
}
The block operation itself should look familiar; instead of just
a
,
b
,
c
,
d
and
e
,
you have
a
-
h
because there are eight 32-bit integers in the output now. There's a
64-int (instead of an 80-int)
W
that is precomputed, and a static
k
block. There's
Search WWH ::
Custom Search