Cryptography Reference
In-Depth Information
required standard where secure hashing is concerned (you'll also need it later in
this chapter, to support elliptic-curve cryptography). At the time of this writing,
the NIST is evaluating proposals for a new SHA standard, which will almost
certainly have an even longer output.
Everything about SHA-256 is identical to SHA-1 except for the block process-
ing itself and the output length. The block size, padding, and so on are all the
same. You can reuse the digest_hash function from Listing 4-13 verbatim, if
you just change the block_operate function pointer.
SHA-256's block operation is similar; ch and maj reappear, but the parity func-
tion disappears and four new functions, which are identifi ed in the specifi cation
as
1 ,
0 ,
1 and
0 are introduced:
0 (x)
rotr( x, 2 ) ^ rotr( x, 13 ) ^ rotr( x, 22 )
1 (x)
rotr( x, 6 ) ^ rotr( x, 11 ) ^ rotr( x, 25 )
0 (x)
rotr( x, 7 ) ^ rotr( x, 18 ) ^ shr( x ^ 3 )
1 (x)
rotr( x, 17 ) ^ rotr( x, 19 )^ shr( x, 10 )
This choice of nomenclature doesn't translate very well into code, so call
sigma_rot (because the last operation is a rotr — “rotate right”) and
sigma_shr
(because the last operation is a shr — “shift right”). In code, this looks like
Listing 4-16.
Listing 4-16: “sha.c” SHA-256 sigma functions
unsigned int rotr( unsigned int x, unsigned int n )
{
return ( x >> n ) | ( ( x ) << ( 32 - n ) );
}
unsigned int shr( unsigned int x, unsigned int n )
{
return x >> n;
}
unsigned int sigma_rot( unsigned int x, int i )
{
return rotr( x, i ? 6 : 2 ) ^ rotr( x, i ? 11 : 13 ) ^ rotr( x, i ? 25 : 22 );
}
unsigned int sigma_shr( unsigned int x, int i )
{
return rotr( x, i ? 17 : 7 ) ^ rotr( x, i ? 19 : 18 ) ^ shr( x, i ? 10 : 3 );
}
The block operation itself should look familiar; instead of just a , b , c , d and e ,
you have a - h because there are eight 32-bit integers in the output now. There's a
64-int (instead of an 80-int) W that is precomputed, and a static k block. There's
 
Search WWH ::




Custom Search