crypto/sha256: new module.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

ccan/crypto/sha256/LICENSE

+../../../licenses/BSD-MIT
\ No newline at end of file

ccan/crypto/sha256/_info

+#include "config.h"
+#include <stdio.h>
+#include <string.h>
+
+/**
+ * crypto/sha256 - implementation of SHA-2 with 256 bit digest.
+ *
+ * This code is either a wrapper for openssl (if CCAN_CRYPTO_SHA256_USE_OPENSSL
+ * is defined) or an open-coded implementation based on Bitcoin's.
+ *
+ * License: BSD-MIT
+ * Maintainer: Rusty Russell <rusty@rustcorp.com.au>
+ *
+ * Example:
+ *	#include <ccan/crypto/sha256/sha256.h>
+ *	#include <err.h>
+ *	#include <stdio.h>
+ *	#include <string.h>
+ *
+ *	// Simple demonstration: idential strings will have the same hash, but
+ *	// two different strings will not.
+ *	int main(int argc, char *argv[])
+ *	{
+ *		struct sha256 hash1, hash2;
+ *
+ *		if (argc != 3)
+ *			errx(1, "Usage: %s <string1> <string2>", argv[0]);
+ *
+ *		sha256(&hash1, argv[1], strlen(argv[1]));
+ *		sha256(&hash2, argv[2], strlen(argv[2]));
+ *		printf("Hash is %s\n", memcmp(&hash1, &hash2, sizeof(hash1))
+ *			? "different" : "same");
+ *		return 0;
+ *	}
+ */
+int main(int argc, char *argv[])
+{
+	/* Expect exactly one argument */
+	if (argc != 2)
+		return 1;
+
+	if (strcmp(argv[1], "depends") == 0) {
+		printf("ccan/endian\n");
+		return 0;
+	}
+
+	if (strcmp(argv[1], "libs") == 0) {
+#ifdef CCAN_CRYPTO_SHA256_USE_OPENSSL
+		printf("crypto\n");
+#endif
+		return 0;
+	}
+
+	return 1;
+}

ccan/crypto/sha256/sha256.c

+/* MIT (BSD) license - see LICENSE file for details */
+/* SHA256 core code translated from the Bitcoin project's C++:
+ *
+ * src/crypto/sha256.cpp commit 417532c8acb93c36c2b6fd052b7c11b6a2906aa2
+ * Copyright (c) 2014 The Bitcoin Core developers
+ * Distributed under the MIT software license, see the accompanying
+ * file COPYING or http://www.opensource.org/licenses/mit-license.php.
+ */
+#include <ccan/crypto/sha256/sha256.h>
+#include <ccan/endian/endian.h>
+#include <stdbool.h>
+#include <assert.h>
+#include <string.h>
+
+static void invalidate_sha256(struct sha256_ctx *ctx)
+{
+#ifdef CCAN_CRYPTO_SHA256_USE_OPENSSL
+	ctx->c.md_len = 0;
+#else
+	ctx->bytes = -1ULL;
+#endif
+}
+
+static void check_sha256(struct sha256_ctx *ctx)
+{
+#ifdef CCAN_CRYPTO_SHA256_USE_OPENSSL
+	assert(ctx->c.md_len != 0);
+#else
+	assert(ctx->bytes != -1ULL);
+#endif
+}
+
+#ifdef CCAN_CRYPTO_SHA256_USE_OPENSSL
+void sha256_init(struct sha256_ctx *ctx)
+{
+	SHA256_Init(&ctx->c);
+}
+
+void sha256_update_arr(struct sha256_ctx *ctx, const void *p,
+		       size_t num, size_t size)
+{
+	size_t total = num * size;
+
+	/* Don't overflow. */
+	assert(size == 0 || total / size == num);
+	check_sha256(ctx);
+	SHA256_Update(&ctx->c, p, total);
+}
+
+void sha256_done(struct sha256_ctx *ctx, struct sha256 *res)
+{
+	SHA256_Final(res->u.u8, &ctx->c);
+	invalidate_sha256(ctx);
+}
+#else
+static uint32_t Ch(uint32_t x, uint32_t y, uint32_t z)
+{
+	return z ^ (x & (y ^ z));
+}
+static uint32_t Maj(uint32_t x, uint32_t y, uint32_t z)
+{
+	return (x & y) | (z & (x | y));
+}
+static uint32_t Sigma0(uint32_t x)
+{
+	return (x >> 2 | x << 30) ^ (x >> 13 | x << 19) ^ (x >> 22 | x << 10);
+}
+static uint32_t Sigma1(uint32_t x)
+{
+	return (x >> 6 | x << 26) ^ (x >> 11 | x << 21) ^ (x >> 25 | x << 7);
+}
+static uint32_t sigma0(uint32_t x)
+{
+	return (x >> 7 | x << 25) ^ (x >> 18 | x << 14) ^ (x >> 3);
+}
+static uint32_t sigma1(uint32_t x)
+{
+	return (x >> 17 | x << 15) ^ (x >> 19 | x << 13) ^ (x >> 10);
+}
+
+/** One round of SHA-256. */
+static void Round(uint32_t a, uint32_t b, uint32_t c, uint32_t *d, uint32_t e, uint32_t f, uint32_t g, uint32_t *h, uint32_t k, uint32_t w)
+{
+	uint32_t t1 = *h + Sigma1(e) + Ch(e, f, g) + k + w;
+	uint32_t t2 = Sigma0(a) + Maj(a, b, c);
+	*d += t1;
+	*h = t1 + t2;
+}
+
+/** Perform one SHA-256 transformation, processing a 64-byte chunk. */
+static void Transform(uint32_t *s, const uint32_t *chunk)
+{
+	uint32_t a = s[0], b = s[1], c = s[2], d = s[3], e = s[4], f = s[5], g = s[6], h = s[7];
+	uint32_t w0, w1, w2, w3, w4, w5, w6, w7, w8, w9, w10, w11, w12, w13, w14, w15;
+
+	Round(a, b, c, &d, e, f, g, &h, 0x428a2f98, w0 = be32_to_cpu(chunk[0]));
+	Round(h, a, b, &c, d, e, f, &g, 0x71374491, w1 = be32_to_cpu(chunk[1]));
+	Round(g, h, a, &b, c, d, e, &f, 0xb5c0fbcf, w2 = be32_to_cpu(chunk[2]));
+	Round(f, g, h, &a, b, c, d, &e, 0xe9b5dba5, w3 = be32_to_cpu(chunk[3]));
+	Round(e, f, g, &h, a, b, c, &d, 0x3956c25b, w4 = be32_to_cpu(chunk[4]));
+	Round(d, e, f, &g, h, a, b, &c, 0x59f111f1, w5 = be32_to_cpu(chunk[5]));
+	Round(c, d, e, &f, g, h, a, &b, 0x923f82a4, w6 = be32_to_cpu(chunk[6]));
+	Round(b, c, d, &e, f, g, h, &a, 0xab1c5ed5, w7 = be32_to_cpu(chunk[7]));
+	Round(a, b, c, &d, e, f, g, &h, 0xd807aa98, w8 = be32_to_cpu(chunk[8]));
+	Round(h, a, b, &c, d, e, f, &g, 0x12835b01, w9 = be32_to_cpu(chunk[9]));
+	Round(g, h, a, &b, c, d, e, &f, 0x243185be, w10 = be32_to_cpu(chunk[10]));
+	Round(f, g, h, &a, b, c, d, &e, 0x550c7dc3, w11 = be32_to_cpu(chunk[11]));
+	Round(e, f, g, &h, a, b, c, &d, 0x72be5d74, w12 = be32_to_cpu(chunk[12]));
+	Round(d, e, f, &g, h, a, b, &c, 0x80deb1fe, w13 = be32_to_cpu(chunk[13]));
+	Round(c, d, e, &f, g, h, a, &b, 0x9bdc06a7, w14 = be32_to_cpu(chunk[14]));
+	Round(b, c, d, &e, f, g, h, &a, 0xc19bf174, w15 = be32_to_cpu(chunk[15]));
+
+	Round(a, b, c, &d, e, f, g, &h, 0xe49b69c1, w0 += sigma1(w14) + w9 + sigma0(w1));
+	Round(h, a, b, &c, d, e, f, &g, 0xefbe4786, w1 += sigma1(w15) + w10 + sigma0(w2));
+	Round(g, h, a, &b, c, d, e, &f, 0x0fc19dc6, w2 += sigma1(w0) + w11 + sigma0(w3));
+	Round(f, g, h, &a, b, c, d, &e, 0x240ca1cc, w3 += sigma1(w1) + w12 + sigma0(w4));
+	Round(e, f, g, &h, a, b, c, &d, 0x2de92c6f, w4 += sigma1(w2) + w13 + sigma0(w5));
+	Round(d, e, f, &g, h, a, b, &c, 0x4a7484aa, w5 += sigma1(w3) + w14 + sigma0(w6));
+	Round(c, d, e, &f, g, h, a, &b, 0x5cb0a9dc, w6 += sigma1(w4) + w15 + sigma0(w7));
+	Round(b, c, d, &e, f, g, h, &a, 0x76f988da, w7 += sigma1(w5) + w0 + sigma0(w8));
+	Round(a, b, c, &d, e, f, g, &h, 0x983e5152, w8 += sigma1(w6) + w1 + sigma0(w9));
+	Round(h, a, b, &c, d, e, f, &g, 0xa831c66d, w9 += sigma1(w7) + w2 + sigma0(w10));
+	Round(g, h, a, &b, c, d, e, &f, 0xb00327c8, w10 += sigma1(w8) + w3 + sigma0(w11));
+	Round(f, g, h, &a, b, c, d, &e, 0xbf597fc7, w11 += sigma1(w9) + w4 + sigma0(w12));
+	Round(e, f, g, &h, a, b, c, &d, 0xc6e00bf3, w12 += sigma1(w10) + w5 + sigma0(w13));
+	Round(d, e, f, &g, h, a, b, &c, 0xd5a79147, w13 += sigma1(w11) + w6 + sigma0(w14));
+	Round(c, d, e, &f, g, h, a, &b, 0x06ca6351, w14 += sigma1(w12) + w7 + sigma0(w15));
+	Round(b, c, d, &e, f, g, h, &a, 0x14292967, w15 += sigma1(w13) + w8 + sigma0(w0));
+
+	Round(a, b, c, &d, e, f, g, &h, 0x27b70a85, w0 += sigma1(w14) + w9 + sigma0(w1));
+	Round(h, a, b, &c, d, e, f, &g, 0x2e1b2138, w1 += sigma1(w15) + w10 + sigma0(w2));
+	Round(g, h, a, &b, c, d, e, &f, 0x4d2c6dfc, w2 += sigma1(w0) + w11 + sigma0(w3));
+	Round(f, g, h, &a, b, c, d, &e, 0x53380d13, w3 += sigma1(w1) + w12 + sigma0(w4));
+	Round(e, f, g, &h, a, b, c, &d, 0x650a7354, w4 += sigma1(w2) + w13 + sigma0(w5));
+	Round(d, e, f, &g, h, a, b, &c, 0x766a0abb, w5 += sigma1(w3) + w14 + sigma0(w6));
+	Round(c, d, e, &f, g, h, a, &b, 0x81c2c92e, w6 += sigma1(w4) + w15 + sigma0(w7));
+	Round(b, c, d, &e, f, g, h, &a, 0x92722c85, w7 += sigma1(w5) + w0 + sigma0(w8));
+	Round(a, b, c, &d, e, f, g, &h, 0xa2bfe8a1, w8 += sigma1(w6) + w1 + sigma0(w9));
+	Round(h, a, b, &c, d, e, f, &g, 0xa81a664b, w9 += sigma1(w7) + w2 + sigma0(w10));
+	Round(g, h, a, &b, c, d, e, &f, 0xc24b8b70, w10 += sigma1(w8) + w3 + sigma0(w11));
+	Round(f, g, h, &a, b, c, d, &e, 0xc76c51a3, w11 += sigma1(w9) + w4 + sigma0(w12));
+	Round(e, f, g, &h, a, b, c, &d, 0xd192e819, w12 += sigma1(w10) + w5 + sigma0(w13));
+	Round(d, e, f, &g, h, a, b, &c, 0xd6990624, w13 += sigma1(w11) + w6 + sigma0(w14));
+	Round(c, d, e, &f, g, h, a, &b, 0xf40e3585, w14 += sigma1(w12) + w7 + sigma0(w15));
+	Round(b, c, d, &e, f, g, h, &a, 0x106aa070, w15 += sigma1(w13) + w8 + sigma0(w0));
+
+	Round(a, b, c, &d, e, f, g, &h, 0x19a4c116, w0 += sigma1(w14) + w9 + sigma0(w1));
+	Round(h, a, b, &c, d, e, f, &g, 0x1e376c08, w1 += sigma1(w15) + w10 + sigma0(w2));
+	Round(g, h, a, &b, c, d, e, &f, 0x2748774c, w2 += sigma1(w0) + w11 + sigma0(w3));
+	Round(f, g, h, &a, b, c, d, &e, 0x34b0bcb5, w3 += sigma1(w1) + w12 + sigma0(w4));
+	Round(e, f, g, &h, a, b, c, &d, 0x391c0cb3, w4 += sigma1(w2) + w13 + sigma0(w5));
+	Round(d, e, f, &g, h, a, b, &c, 0x4ed8aa4a, w5 += sigma1(w3) + w14 + sigma0(w6));
+	Round(c, d, e, &f, g, h, a, &b, 0x5b9cca4f, w6 += sigma1(w4) + w15 + sigma0(w7));
+	Round(b, c, d, &e, f, g, h, &a, 0x682e6ff3, w7 += sigma1(w5) + w0 + sigma0(w8));
+	Round(a, b, c, &d, e, f, g, &h, 0x748f82ee, w8 += sigma1(w6) + w1 + sigma0(w9));
+	Round(h, a, b, &c, d, e, f, &g, 0x78a5636f, w9 += sigma1(w7) + w2 + sigma0(w10));
+	Round(g, h, a, &b, c, d, e, &f, 0x84c87814, w10 += sigma1(w8) + w3 + sigma0(w11));
+	Round(f, g, h, &a, b, c, d, &e, 0x8cc70208, w11 += sigma1(w9) + w4 + sigma0(w12));
+	Round(e, f, g, &h, a, b, c, &d, 0x90befffa, w12 += sigma1(w10) + w5 + sigma0(w13));
+	Round(d, e, f, &g, h, a, b, &c, 0xa4506ceb, w13 += sigma1(w11) + w6 + sigma0(w14));
+	Round(c, d, e, &f, g, h, a, &b, 0xbef9a3f7, w14 + sigma1(w12) + w7 + sigma0(w15));
+	Round(b, c, d, &e, f, g, h, &a, 0xc67178f2, w15 + sigma1(w13) + w8 + sigma0(w0));
+
+	s[0] += a;
+	s[1] += b;
+	s[2] += c;
+	s[3] += d;
+	s[4] += e;
+	s[5] += f;
+	s[6] += g;
+	s[7] += h;
+}
+
+static bool alignment_ok(const void *p, size_t n)
+{
+#if HAVE_UNALIGNED_ACCESS
+	return true;
+#else
+	return ((size_t)p % n == 0);
+#endif
+}
+
+static void add(struct sha256_ctx *ctx, const void *p, size_t len)
+{
+	const unsigned char *data = p;
+	size_t bufsize = ctx->bytes % 64;
+
+	if (bufsize + len >= 64) {
+		// Fill the buffer, and process it.
+		memcpy(ctx->buf.u8 + bufsize, data, 64 - bufsize);
+		ctx->bytes += 64 - bufsize;
+		data += 64 - bufsize;
+		len -= 64 - bufsize;
+		Transform(ctx->s, ctx->buf.u32);
+		bufsize = 0;
+	}
+
+	while (len >= 64) {
+		// Process full chunks directly from the source.
+		if (alignment_ok(data, sizeof(uint32_t)))
+			Transform(ctx->s, (const uint32_t *)data);
+		else {
+			memcpy(ctx->buf.u8, data, sizeof(ctx->buf));
+			Transform(ctx->s, ctx->buf.u32);
+		}
+		ctx->bytes += 64;
+		data += 64;
+		len -= 64;
+	}
+	    
+	if (len) {
+		// Fill the buffer with what remains.
+		memcpy(ctx->buf.u8 + bufsize, data, len);
+		ctx->bytes += len;
+	}
+}
+
+void sha256_init(struct sha256_ctx *ctx)
+{
+	struct sha256_ctx init = SHA256_INIT;
+	*ctx = init;
+}
+
+void sha256_update_arr(struct sha256_ctx *ctx, const void *p,
+		       size_t num, size_t size)
+{
+	size_t total = num * size;
+
+	/* Don't overflow. */
+	assert(size == 0 || total / size == num);
+	check_sha256(ctx);
+	add(ctx, p, total);
+}
+
+void sha256_done(struct sha256_ctx *ctx, struct sha256 *res)
+{
+	static const unsigned char pad[64] = {0x80};
+	uint64_t sizedesc;
+	size_t i;
+
+	sizedesc = cpu_to_be64(ctx->bytes << 3);
+	/* Add '1' bit to terminate, then all 0 bits, up to next block - 8. */
+	add(ctx, pad, 1 + ((119 - (ctx->bytes % 64)) % 64));
+	/* Add number of bits of data (big endian) */
+	add(ctx, &sizedesc, 8);
+	for (i = 0; i < sizeof(ctx->s) / sizeof(ctx->s[0]); i++)
+		res->u.u32[i] = cpu_to_be32(ctx->s[i]);
+	invalidate_sha256(ctx);
+}
+#endif
+
+void sha256_arr(struct sha256 *sha, const void *p, size_t num, size_t size)
+{
+	struct sha256_ctx ctx;
+
+	sha256_init(&ctx);
+	sha256_update_arr(&ctx, p, num, size);
+	sha256_done(&ctx, sha);
+}
+	
+void sha256_u8(struct sha256_ctx *ctx, uint8_t v)
+{
+	sha256_update_arr(ctx, &v, sizeof(v), 1);
+}
+
+void sha256_u16(struct sha256_ctx *ctx, uint16_t v)
+{
+	sha256_update_arr(ctx, &v, sizeof(v), 1);
+}
+
+void sha256_u32(struct sha256_ctx *ctx, uint32_t v)
+{
+	sha256_update_arr(ctx, &v, sizeof(v), 1);
+}
+
+void sha256_u64(struct sha256_ctx *ctx, uint64_t v)
+{
+	sha256_update_arr(ctx, &v, sizeof(v), 1);
+}
+
+/* Add as little-endian */
+void sha256_le16(struct sha256_ctx *ctx, uint16_t v)
+{
+	leint16_t lev = cpu_to_le16(v);
+	sha256_update_arr(ctx, &lev, sizeof(lev), 1);
+}
+	
+void sha256_le32(struct sha256_ctx *ctx, uint32_t v)
+{
+	leint32_t lev = cpu_to_le32(v);
+	sha256_update_arr(ctx, &lev, sizeof(lev), 1);
+}
+	
+void sha256_le64(struct sha256_ctx *ctx, uint64_t v)
+{
+	leint64_t lev = cpu_to_le64(v);
+	sha256_update_arr(ctx, &lev, sizeof(lev), 1);
+}
+
+/* Add as big-endian */
+void sha256_be16(struct sha256_ctx *ctx, uint16_t v)
+{
+	beint16_t bev = cpu_to_be16(v);
+	sha256_update_arr(ctx, &bev, sizeof(bev), 1);
+}
+	
+void sha256_be32(struct sha256_ctx *ctx, uint32_t v)
+{
+	beint32_t bev = cpu_to_be32(v);
+	sha256_update_arr(ctx, &bev, sizeof(bev), 1);
+}
+	
+void sha256_be64(struct sha256_ctx *ctx, uint64_t v)
+{
+	beint64_t bev = cpu_to_be64(v);
+	sha256_update_arr(ctx, &bev, sizeof(bev), 1);
+}

ccan/crypto/sha256/sha256.h

+#ifndef CCAN_CRYPTO_SHA256_H
+#define CCAN_CRYPTO_SHA256_H
+/* BSD-MIT - see LICENSE file for details */
+#include "config.h"
+#include <stdint.h>
+#include <stdlib.h>
+
+/* Uncomment this to use openssl's SHA256 routines (and link with -lcrypto) */
+//#define CCAN_CRYPTO_SHA256_USE_OPENSSL 1
+
+#ifdef CCAN_CRYPTO_SHA256_USE_OPENSSL
+#include <openssl/sha.h>
+#endif
+
+/**
+ * struct sha256 - structure representing a completed SHA256.
+ * @u.u8: an unsigned char array.
+ * @u.u32: a 32-bit integer array.
+ *
+ * Other fields may be added to the union in future.
+ */
+struct sha256 {
+	union {
+		/* Array of chars */
+		unsigned char u8[32];
+		/* Array of uint32_t */
+		uint32_t u32[8];
+	} u;
+};
+
+/**
+ * sha256 - return sha256 of an array of bytes.
+ * @sha256: the sha256 to fill in
+ * @p: array or pointer to first element
+ * @num: the number of elements to hash
+ *
+ * The bytes pointed to by @p is SHA256 hashes into @sha256.  This is
+ * equivalent to sha256_init(), sha256_update() then sha256_done().
+ */
+#define sha256(sha256, p, num) sha256_arr((sha256), (p), (num), sizeof(*(p)))
+
+/**
+ * struct sha256_ctx - structure to store running context for sha256
+ */
+struct sha256_ctx {
+#ifdef CCAN_CRYPTO_SHA256_USE_OPENSSL
+	SHA256_CTX c;
+#else
+	uint32_t s[8];
+	uint64_t bytes;
+	union {
+		uint32_t u32[8];
+		unsigned char u8[64];
+	} buf;
+#endif
+};
+
+/**
+ * sha256_init - initialize an SHA256 context.
+ * @ctx: the sha256_ctx to initialize
+ *
+ * This must be called before sha256_update or sha256_done, or
+ * alternately you can assign SHA256_INIT.
+ *
+ * If it was already initialized, this forgets anything which was
+ * hashed before.
+ *
+ * Example:
+ * static void hash_all(const char **arr, struct sha256 *hash)
+ * {
+ *	size_t i;
+ *	struct sha256_ctx ctx;
+ *
+ *	sha256_init(&ctx);
+ *	for (i = 0; arr[i]; i++)
+ *		sha256_update(&ctx, arr[i], strlen(arr[i]));
+ *	sha256_done(&ctx, hash);
+ * }
+ */
+void sha256_init(struct sha256_ctx *ctx);
+
+/**
+ * SHA256_INIT - initializer for an SHA256 context.
+ *
+ * This can be used to staticly initialize an SHA256 context (instead
+ * of sha256_init()).
+ *
+ * Example:
+ * static void hash_all(const char **arr, struct sha256 *hash)
+ * {
+ *	size_t i;
+ *	struct sha256_ctx ctx = SHA256_INIT;
+ *
+ *	for (i = 0; arr[i]; i++)
+ *		sha256_update(&ctx, arr[i], strlen(arr[i]));
+ *	sha256_done(&ctx, hash);
+ * }
+ */
+#ifdef CCAN_CRYPTO_SHA256_USE_OPENSSL
+#define SHA256_INIT							\
+	{ { { 0x6a09e667ul, 0xbb67ae85ul, 0x3c6ef372ul, 0xa54ff53aul,	\
+	      0x510e527ful, 0x9b05688cul, 0x1f83d9abul, 0x5be0cd19ul }, \
+		0x0, 0x0,						\
+		{ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 },	\
+			0x0, 0x20 } }
+#else
+#define SHA256_INIT							\
+	{ { 0x6a09e667ul, 0xbb67ae85ul, 0x3c6ef372ul, 0xa54ff53aul,	\
+	    0x510e527ful, 0x9b05688cul, 0x1f83d9abul, 0x5be0cd19ul }, 0 }
+#endif
+
+/**
+ * sha256_update - include an array of data in the hash.
+ * @ctx: the sha256_ctx to use
+ * @p: array or pointer to first element
+ * @num: the number of elements to hash
+ *
+ * You can call this multiple times to hash more data, before calling
+ * sha256_done().
+ */
+#define sha256_update(ctx, p, num) \
+	sha256_update_arr((ctx), (p), (num), sizeof(*(p)))
+
+/**
+ * sha256_done - finish SHA256 and return the hash
+ * @ctx: the sha256_ctx to complete
+ * @res: the hash to return.
+ *
+ * Note that @ctx is *destroyed* by this, and must be reinitialized.
+ * To avoid that, pass a copy instead.
+ */
+void sha256_done(struct sha256_ctx *sha256, struct sha256 *res);
+
+/* Add various types to an SHA256 hash */
+void sha256_u8(struct sha256_ctx *ctx, uint8_t v);
+void sha256_u16(struct sha256_ctx *ctx, uint16_t v);
+void sha256_u32(struct sha256_ctx *ctx, uint32_t v);
+void sha256_u64(struct sha256_ctx *ctx, uint64_t v);
+
+/* Add as little-endian */
+void sha256_le16(struct sha256_ctx *ctx, uint16_t v);
+void sha256_le32(struct sha256_ctx *ctx, uint32_t v);
+void sha256_le64(struct sha256_ctx *ctx, uint64_t v);
+
+/* Add as big-endian */
+void sha256_be16(struct sha256_ctx *ctx, uint16_t v);
+void sha256_be32(struct sha256_ctx *ctx, uint32_t v);
+void sha256_be64(struct sha256_ctx *ctx, uint64_t v);
+
+void sha256_update_arr(struct sha256_ctx *ctx, const void *p,
+		       size_t num, size_t size);
+void sha256_arr(struct sha256 *sha, const void *p, size_t num, size_t size);
+#endif /* CCAN_CRYPTO_SHA256_H */

ccan/crypto/sha256/test/run-33-bit-test.c

+#include <ccan/crypto/sha256/sha256.h>
+/* Include the C files directly. */
+#include <ccan/crypto/sha256/sha256.c>
+#include <ccan/tap/tap.h>
+#include <stdio.h>
+
+/* This is the test introduced for SHA-3, which checks for 33-bit overflow:
+   "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmno"
+   16777216 times.
+*/
+static uint32_t expected[] = {
+	CPU_TO_BE32(0x50e72a0e), CPU_TO_BE32(0x26442fe2),
+	CPU_TO_BE32(0x552dc393), CPU_TO_BE32(0x8ac58658),
+	CPU_TO_BE32(0x228c0cbf), CPU_TO_BE32(0xb1d2ca87),
+	CPU_TO_BE32(0x2ae43526), CPU_TO_BE32(0x6fcd055e)
+};
+
+/* Produced by actually running the code on x86. */
+static const struct sha256_ctx after_16M_by_64 = {
+#ifdef CCAN_CRYPTO_SHA256_USE_OPENSSL
+	{ { LE32_TO_CPU(0x515e3215), LE32_TO_CPU(0x592f4ae0),
+	    LE32_TO_CPU(0xd407a8fc), LE32_TO_CPU(0x1fad409b),
+	    LE32_TO_CPU(0x51fa46cc), LE32_TO_CPU(0xea528ae5),
+	    LE32_TO_CPU(0x5fa58ebb), LE32_TO_CPU(0x8be97931) },
+	  0x0, 0x2,
+	  { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 },
+	  0x0, 0x20 }
+#else
+	{ LE32_TO_CPU(0x515e3215), LE32_TO_CPU(0x592f4ae0),
+	  LE32_TO_CPU(0xd407a8fc), LE32_TO_CPU(0x1fad409b),
+	  LE32_TO_CPU(0x51fa46cc), LE32_TO_CPU(0xea528ae5),
+	  LE32_TO_CPU(0x5fa58ebb), LE32_TO_CPU(0x8be97931) },
+	1073741824,
+	{ .u32 = { 0x64636261, 0x68676665, 0x65646362, 0x69686766,
+		   0x66656463, 0x6a696867, 0x67666564, 0x6b6a6968 } }
+#endif
+};
+
+int main(void)
+{
+	struct sha256 h;
+	struct sha256_ctx ctx;
+
+	/* This is how many tests you plan to run */
+	plan_tests(1);
+
+	ctx = after_16M_by_64;
+	sha256_done(&ctx, &h);
+
+	ok1(memcmp(&h.u, expected, sizeof(expected)) == 0);
+
+	/* This exits depending on whether all tests passed */
+	return exit_status();
+}

ccan/crypto/sha256/test/run-lotsa-data.c

+#include <ccan/crypto/sha256/sha256.h>
+/* Include the C files directly. */
+#include <ccan/crypto/sha256/sha256.c>
+#include <ccan/tap/tap.h>
+
+int main(void)
+{
+	struct sha256 h, expected;
+	static const char zeroes[1000];
+	size_t i;
+
+	plan_tests(63);
+
+	/* Test different alignments. */
+	sha256(&expected, zeroes, sizeof(zeroes) - 64);
+	for (i = 1; i < 64; i++) {
+		sha256(&h, zeroes + i, sizeof(zeroes) - 64);
+		ok1(memcmp(&h, &expected, sizeof(h)) == 0);
+	}
+
+	/* This exits depending on whether all tests passed */
+	return exit_status();
+}

ccan/crypto/sha256/test/run-test-vectors.c

+#include <ccan/crypto/sha256/sha256.h>
+/* Include the C files directly. */
+#include <ccan/crypto/sha256/sha256.c>
+#include <ccan/tap/tap.h>
+
+/* Test vectors. */
+struct test {
+	const char *test;
+	size_t repetitions;
+	beint32_t result[8];
+};
+
+static struct test tests[] = {
+	{ "", 1,
+	  { CPU_TO_BE32(0xe3b0c442), CPU_TO_BE32(0x98fc1c14),
+	    CPU_TO_BE32(0x9afbf4c8), CPU_TO_BE32(0x996fb924),
+	    CPU_TO_BE32(0x27ae41e4), CPU_TO_BE32(0x649b934c),
+	    CPU_TO_BE32(0xa495991b), CPU_TO_BE32(0x7852b855) } },
+	{ "abc", 1,
+	  { CPU_TO_BE32(0xba7816bf), CPU_TO_BE32(0x8f01cfea),
+	    CPU_TO_BE32(0x414140de), CPU_TO_BE32(0x5dae2223),
+	    CPU_TO_BE32(0xb00361a3), CPU_TO_BE32(0x96177a9c),
+	    CPU_TO_BE32(0xb410ff61), CPU_TO_BE32(0xf20015ad) } },
+	{ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1,
+	  { CPU_TO_BE32(0x248d6a61), CPU_TO_BE32(0xd20638b8),
+	    CPU_TO_BE32(0xe5c02693), CPU_TO_BE32(0x0c3e6039),
+	    CPU_TO_BE32(0xa33ce459), CPU_TO_BE32(0x64ff2167),
+	    CPU_TO_BE32(0xf6ecedd4), CPU_TO_BE32(0x19db06c1) } },
+	{ "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", 1,
+	  { CPU_TO_BE32(0xcf5b16a7), CPU_TO_BE32(0x78af8380),
+	    CPU_TO_BE32(0x036ce59e), CPU_TO_BE32(0x7b049237),
+	    CPU_TO_BE32(0x0b249b11), CPU_TO_BE32(0xe8f07a51),
+	    CPU_TO_BE32(0xafac4503), CPU_TO_BE32(0x7afee9d1) } },
+	{ "a", 1000000,
+	  { CPU_TO_BE32(0xcdc76e5c), CPU_TO_BE32(0x9914fb92),
+	    CPU_TO_BE32(0x81a1c7e2), CPU_TO_BE32(0x84d73e67),
+	    CPU_TO_BE32(0xf1809a48), CPU_TO_BE32(0xa497200e),
+	    CPU_TO_BE32(0x046d39cc), CPU_TO_BE32(0xc7112cd0) } }
+#if 0 /* Good test, but takes ages! */
+	, { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmno", 16777216,
+	    { CPU_TO_BE32(0x50e72a0e), CPU_TO_BE32(0x26442fe2),
+	      CPU_TO_BE32(0x552dc393), CPU_TO_BE32(0x8ac58658),
+	      CPU_TO_BE32(0x228c0cbf), CPU_TO_BE32(0xb1d2ca87),
+	      CPU_TO_BE32(0x2ae43526), CPU_TO_BE32(0x6fcd055e) } }
+#endif
+};
+
+static bool do_test(const struct test *t, bool single)
+{
+	struct sha256 h;
+
+	if (single) {
+		if (t->repetitions != 1)
+			return true;
+		sha256(&h, t->test, strlen(t->test));
+	} else {
+		struct sha256_ctx ctx = SHA256_INIT;
+		size_t i;
+
+		for (i = 0; i < t->repetitions; i++)
+			sha256_update(&ctx, t->test, strlen(t->test));
+		sha256_done(&ctx, &h);
+	}
+
+	return memcmp(&h.u, t->result, sizeof(t->result)) == 0;
+}
+
+int main(void)
+{
+	size_t i;
+
+	/* This is how many tests you plan to run */
+	plan_tests(sizeof(tests) / sizeof(struct test) * 2);
+
+	for (i = 0; i < sizeof(tests) / sizeof(struct test); i++)
+		ok1(do_test(&tests[i], false));
+
+	for (i = 0; i < sizeof(tests) / sizeof(struct test); i++)
+		ok1(do_test(&tests[i], true));
+
+	/* This exits depending on whether all tests passed */
+	return exit_status();
+}

ccan/crypto/sha256/test/run-types.c

+#include <ccan/crypto/sha256/sha256.h>
+/* Include the C files directly. */
+#include <ccan/crypto/sha256/sha256.c>
+#include <ccan/tap/tap.h>
+
+static unsigned char arr[] = {
+	0x12,
+#if HAVE_BIG_ENDIAN
+	/* u16 */
+	0x12, 0x34,
+	/* u32 */
+	0x12, 0x34, 0x56, 0x78,
+	/* u64 */
+	0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+#else
+	/* u16 */
+	0x34, 0x12,
+	/* u32 */
+	0x78, 0x56, 0x34, 0x12,
+	/* u64 */
+	0xf0, 0xde, 0xbc, 0x9a, 0x78, 0x56, 0x34, 0x12,
+#endif
+	/* le16 */
+	0x34, 0x12,
+	/* le32 */
+	0x78, 0x56, 0x34, 0x12,
+	/* le64 */
+	0xf0, 0xde, 0xbc, 0x9a, 0x78, 0x56, 0x34, 0x12,
+	/* be16 */
+	0x12, 0x34,
+	/* be32 */
+	0x12, 0x34, 0x56, 0x78,
+	/* be64 */
+	0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0
+};
+
+int main(void)
+{
+	struct sha256 h, expected;
+	struct sha256_ctx ctx;
+
+	/* This is how many tests you plan to run */
+	plan_tests(1);
+
+	sha256_init(&ctx);
+	sha256_u8(&ctx, 0x12);
+	sha256_u16(&ctx, 0x1234);
+	sha256_u32(&ctx, 0x12345678);
+	sha256_u64(&ctx, 0x123456789abcdef0ULL);
+	sha256_le16(&ctx, 0x1234);
+	sha256_le32(&ctx, 0x12345678);
+	sha256_le64(&ctx, 0x123456789abcdef0ULL);
+	sha256_be16(&ctx, 0x1234);
+	sha256_be32(&ctx, 0x12345678);
+	sha256_be64(&ctx, 0x123456789abcdef0ULL);
+	sha256_done(&ctx, &h);
+
+	sha256(&expected, arr, sizeof(arr));
+	ok1(memcmp(&h, &expected, sizeof(h)) == 0);
+
+	/* This exits depending on whether all tests passed */
+	return exit_status();
+}