Three of Information Digest algorithm: Analysis and implementation of SHA256 algorithm

In the previous article we analyzed the principle of Sha, and took SHA1 as an example to implement the relevant algorithm, in this one we will further analyze SHA2 and realize it.

1 , SHA Brief Introduction

As we have already explained in the previous chapters, SHA actually includes a series of algorithms, namely SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512. What we call SHA2 is actually a general term in the following 4. The data for various SHA algorithms are compared in the following table, where the length units are bits:

It is not difficult to see from the above table that SHA-224 and SHA-256, SHA-384, and SHA-512 are consistent in terms of message length, packet length, calculation length, and calculation steps. In fact, SHA-224 is generally considered a reduced version of SHA-256, and SHA-384 is a reduced version of SHA-512. So in the ensuing discussion, we took SHA-224 and SHA-256 as a group, and we discussed SHA-384 and SHA-512 as another group. In this article we first analyze and implement the SHA-224 and SHA-256 algorithms.

2 , filling and parsing of messages

The hash function we discuss here is used to generate a summary of its corresponding information on the computer based on the input message or data file. A message or data file is usually used as a bit string. The length of the message is the number of bits in the message (the length of the empty message is 0). If the number of bits in the message is a multiple of 8, then we can use hexadecimal to represent the compactness of the message. The purpose of message padding is to have the length of the message in SHA-224 and SHA-256 exactly 512-bit integer times after the message is populated.

Next we explain how the message or data file will be populated. In general, add a "1" followed by more than "0", and then append a 64-bit message length information so that the completion of the fill message length is exactly the 512-bit integer multiple. The appended 64-bit message length information is the bit length of the original message, and the completed message is grouped into 512-bit messages.

For SHA-224 and SHA-256, the maximum length of the message is l<264, and the message needs to be populated before the message is hashed.

First, after the original information is populated with a "1", for example: if the original information is "01010000", after completing this fill is "010100001".

Next, after the last step is completed, after which a certain number of "0" is charged, the number is K, then the value of K must be the smallest non-negative integer value that satisfies the following expression.

(L + 1 + K) MoD 512 = 448

Finally, after filling the required message, append the 64-bit original message length, because the message will not be longer than 264 bits, so the value of its length data will not exceed 64 bits. When the padding is complete, all message groupings will be a 512-bit.

3 , iterative functions and constants

The computational process of this kind of hashing algorithm of SHA algorithm requires the use of logical functions and computational constants. However, the specific functions and constants used vary slightly depending on the specific algorithm. As we said in the previous chapter, MD5 and SHA1 have 4 logical functions, and 6 logic functions are used in SHA2 's series of algorithms. The logical functions and constants of SHA-224 and SHA-256 are described next.

SHA-224 and SHA-256 use 6 logical functions, each based on 32-bit word arithmetic, which we remember as X, Y, z, and the same calculation result for these functions is also a 32-bit word. These logical functions are represented as follows:

CH (x, y, Z) = (x and y) XOR ((not x) and Z)

MAJ (x, y, Z) = (x and y) xor (x and Z) xor (Y and Z)

BSIG0 (x) = rotr^2 (x) XOR rotr^13 (x) XOR rotr^22 (x)

BSIG1 (x) = Rotr^6 (x) XOR rotr^11 (x) XOR rotr^25 (x)

SSIG0 (x) = Rotr^7 (x) XOR rotr^18 (x) XOR shr^3 (x)

SSIG1 (x) = rotr^17 (x) XOR rotr^19 (x) XOR shr^10 (x)

SHA-224 and SHA-256 Use the same, 64 32-bit constant sequence. Usually recorded as: K0, K1 、......、 K63, the values of these constants are the first 32 bits of the first 64 prime number of the cube root of the decimal parts. These numbers are represented by a 16 binary:

428a2f98 71374491 b5c0fbcf e9b5dba5 3956c25b 59f111f1 923f82a4 ab1c5ed5

D807aa98 12835b01 243185be 550c7dc3 72be5d74 80deb1fe 9bdc06a7 c19bf174

E49B69C1 efbe4786 0fc19dc6 240ca1cc 2de92c6f 4a7484aa 5cb0a9dc 76f988da

983e5152 a831c66d b00327c8 bf597fc7 c6e00bf3 d5a79147 06ca6351 14292967

27b70a85 2e1b2138 4d2c6dfc 53380d13 650a7354 766a0abb 81c2c92e 92722c85

A2BFE8A1 a81a664b c24b8b70 c76c51a3 d192e819 d6990624 f40e3585 106aa070

19a4c116 1e376c08 2748774c 34b0bcb5 391c0cb3 4ed8aa4a 5b9cca4f 682e6ff3

748F82EE 78a5636f 84c87814 8cc70208 90befffa a4506ceb bef9a3f7 c67178f2

4 , calculation process

Earlier, we have introduced the preprocessing and hashing logic functions of the message, and then we will explain the summary calculation process.

The output of each secure hash function, when applied to a message divided into N groupings, is recorded as a hash of H (N). For SHA-224 and Sha-256,h (i) can be considered as 8 32-bit words, recorded as: H (i) 0, H (i) 1 、...、 H (i) 7.

The hash is initialized to a specific value, updated after each message packet is processed, and concatenated to produce output after the last block is processed. For SHA-256, all H (N) variables are concatenated, while the SHA-224 hash values are omitted from the last connection.

Next we explain the computational process of SHA-224 and SHA-256. First initialize the link variable. For SHA-224, the initial hash value H (0) consists of the following 8 hexadecimal digits of 32 digits:

H (0) 0 = C1059ed8

H (0) 1 = 367cd507

H (0) 2 = 3070dd17

H (0) 3 = f70e5939

H (0) 4 = ffc00b31

H (0) 5 = 68581511

H (0) 6 = 64f98fa7

H (0) 7 = befa4fa4

For SHA-256, the initial hash value H (0) consists of the following 8 hexadecimal digits of 32 digits. These words consist of 32 bits of money in the small portion of the square root of the first 8 prime numbers.

H (0) 0 = 6a09e667

H (0) 1 = Bb67ae85

H (0) 2 = 3c6ef372

H (0) 3 = a54ff53a

H (0) 4 = 510e527f

H (0) 5 = 9b05688c

H (0) 6 = 1f83d9ab

H (0) 7 = 5be0cd19

Next we describe the summary calculations, where SHA-224 and SHA-256 perform the same processing in message groupings, only in the process of initializing H (0) and how the final output is generated. SHA-224 and SHA-256 can be used to hash a message with an L-bit length, where 0 < l< = 264. The algorithm uses a 64 32-bit message list, 8 working variables 32 bits, and a hash value of 8 32-bit words.

The list of messages is divided into sub-groupings per 32 bits, marked as W0, W1 、...、 W63. The 8 working variables are a, B, C, D, E, F, G, and h,8 hash values are labeled H (i) 0, H (i) 1 、...、 H (i) 7, and retain the initial hash value H (0), replaced by each successive intermediate hash value (after processing each message packet) h (i), and with the final hash value H (N ) ends after all n blocks have been processed. They also use two temporary variables T1 and T2.

From the front we know that the message is divided into 512-bit message groupings after it has been filled. Each grouping is divided into 16 32-bit sub-groupings, recorded as: M (i) 0, M (i) 1 、...、 m (i) 15. Grouping n messages is done as follows.

a , - the generation of a message list

For t = 0 to 15

Wt = M (i) t

For t = 63

Wt = SSIG1 (w (t-2)) + W (t-7) + SSIG0 (W (t-15)) + W (t-16)

b , initializing work variables

A = H (i-1) 0

b = H (i-1) 1

c = H (i-1) 2

D = H (i-1) 3

E = H (i-1) 4

f = H (i-1) 5

g = H (i-1) 6

H = h (i-1) 7

C , perform hash calculations

For t = 0 to 63

T1 = h + BSIG1 (e) + CH (e,f,g) + Kt + Wt

T2 = BSIG0 (a) + MAJ (a,b,c)

h = g

g = f

F = E

E = d + T1

D = C

c = b

b = A

A = T1 + T2

D , calculating the intermediate hash value

H (i) 0 = a + H (i-1) 0

H (i) 1 = b + H (i-1) 1

H (i) 2 = c + H (i-1) 2

H (i) 3 = d + H (i-1) 3

H (i) 4 = e + H (i-1) 4

H (i) 5 = f + H (i-1) 5

H (i) 6 = g + H (i-1) 6

H (i) 7 = h + H (i-1) 7

After all the messages are grouped to complete the above calculation, the final output is computed. For SHA-256, it is the concatenation of all H (n) 0, H (n) 1 to H (N) 7. For SHA-224, the concatenation of H (n) 0, H (n) 1 until h (N) 6.

5 , code implementation

We have already explained the calculation of SHA-256 (SHA-224), and we will then code this process. The same first defines the structure of a context.

1 /** Defines the content information structure of the SHA-256 hash operation*/2typedefstructSha256context {3uint32_t intermediate_hash[sha256hashsize/4];/*Information Summary*/4uint32_t Length_high;/*bit-based information length high word*/5uint32_t Length_low;/*BITS-based information length low word*/6int_least16_t Message_block_index;/*Index of the information grouping array*/7uint8_t Message_block[sha256_message_block_size];/*512-bit information grouping*/8   intComputed;/*Summary Calculation Identification*/9   intcorrupted;/*Information Digest corruption identification*/Ten} Sha256context;

Next, we implement the initialization of the SHA256CONTEXT structure and prepare for the subsequent calculation process.

1 StaticShastatuscode Sha224_256reset (Sha256context *context, uint32_t *H0)2 {3   if(!context)returnShanull;4Context->length_high = Context->length_low =0;5Context->message_block_index =0;6context->intermediate_hash[0] = h0[0];7context->intermediate_hash[1] = h0[1];8context->intermediate_hash[2] = h0[2];9context->intermediate_hash[3] = h0[3];Tencontext->intermediate_hash[4] = h0[4]; Onecontext->intermediate_hash[5] = h0[5]; Acontext->intermediate_hash[6] = h0[6]; -context->intermediate_hash[7] = h0[7]; -context->computed =0; thecontext->corrupted =shasuccess; -   returnshasuccess; -}

Next, we implement the input of the information grouping, which accepts a byte array to be grouped as the next message for processing.

1Shastatuscode sha256input (Sha256context *context,Constuint8_t *message_array,unsignedintlength)2 {3   if(!context)returnShanull;4   if(!length)returnshasuccess;5   if(!message_array)returnShanull;6   if(context->computed)returncontext->corrupted =Shastateerror;7   if(context->corrupted)returnContext->corrupted;8    while(length--)9   {Tencontext->message_block[context->message_block_index++] =*Message_array; One     if(Sha224_256addlength (Context,8) = = shasuccess) && (Context->message_block_index = =sha256_message_block_size)) A Sha224_256processmessageblock (context); -message_array++; -   } the   returnContext->corrupted; -}

Of course, you also need a function for message processing and final digest output, which returns a 224-bit or 256-bit message digest to the caller's given message_digest array. Returns a summary of the information, the first element index is 0, the last element index is SHA-2244, or SHA-256.

1 StaticShastatuscode sha224_256resultn (Sha256context *context,uint8_t message_digest[],inthashsize)2 {3   inti;4   if(!context)returnShanull;5   if(! Message_digest)returnShanull;6   if(context->corrupted)returnContext->corrupted;7   if(!context->Computed)8Sha224_256finalize (Context,0x80);9    for(i =0; i < hashsize; ++i)TenMessage_digest[i] = (uint8_t) (context->intermediate_hash[i>>2] >>8* (3-(I &0x03 ) )); One   returnshasuccess; A}

At this point we have completed the SHA-256 (SHA-224) code, which we will verify later.

6 , conclusions

In the previous section we implemented the Code for SHA-256 (SHA-224), and we then validated the implementation. We enter the plaintext "ABCD" and output the result:

At the same time, we compare the SHA-256 of the "ABCD" generated by other tools with the following results:

Comparing these two results, we find that we are completely consistent, stating that our coding is not a problem.

Welcome attention:

Three of Information Digest algorithm: Analysis and implementation of SHA256 algorithm