kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
ef793f4b6f
boringssl/crypto/digest/md32_common.h
Brian Smith ac9404c3a8 Improve crypto/digest/md32_common.h mechanism. 
The documentation in md32_common.h is now (more) correct with respect
to the most important details of the layout of |HASH_CTX|. The
documentation explaining why sha512.c doesn't use md32_common.h is now
more accurate as well.

Before, the C implementations of HASH_BLOCK_DATA_ORDER took a pointer
to the |HASH_CTX| and the assembly language implementations took a
pointer to the hash state |h| member of |HASH_CTX|. (This worked
because |h| is always the first member of |HASH_CTX|.) Now, the C
implementations take a pointer directly to |h| too.

The definitions of |MD4_CTX|, |MD5_CTX|, and |SHA1_CTX| were changed to
be consistent with |SHA256_CTX| and |SHA512_CTX| in storing the hash
state in an array. This will break source compatibility with any
external code that accesses the hash state directly, but will not
affect binary compatibility.

The second parameter of |HASH_BLOCK_DATA_ORDER| is now of type
|const uint8_t *|; previously it was |void *| and all implementations
had a |uint8_t *data| variable to access it as an array of bytes.

This change paves the way for future refactorings such as automatically
generating the |*_Init| functions and/or sharing one I-U-F
implementation across all digest algorithms.

Change-Id: I6e9dd09ff057c67941021d324a4fa1d39f58b0db
Reviewed-on: https://boringssl-review.googlesource.com/6405
Reviewed-by: Adam Langley <agl@google.com>
2015-11-04 00:01:09 +00:00

353 lines
11 KiB
C
Raw Blame History

/* ====================================================================
* Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ==================================================================== */
#ifndef OPENSSL_HEADER_MD32_COMMON_H
#define OPENSSL_HEADER_MD32_COMMON_H
#include <openssl/base.h>
#if defined(__cplusplus)
extern "C" {
#endif
#define asm __asm__
/* This is a generic 32-bit "collector" for message digest algorithms. It
* collects input character stream into chunks of 32-bit values and invokes the
* block function that performs the actual hash calculations. To make use of
* this mechanism, the following macros must be defined before including
* md32_common.h.
*
* One of |DATA_ORDER_IS_BIG_ENDIAN| or |DATA_ORDER_IS_LITTLE_ENDIAN| must be
* defined to specify the byte order of the input stream.
*
* |HASH_CBLOCK| must be defined as the integer block size, in bytes.
*
* |HASH_CTX| must be defined as the name of the context structure, which must
* have at least the following members:
*
* typedef struct <name>_state_st {
* uint32_t h[<chaining length> / sizeof(uint32_t)];
* uint32_t Nl,Nh;
* uint32_t data[HASH_CBLOCK / sizeof(uint32_t)];
* unsigned int num
* ...
* } <NAME>_CTX;
*
* <chaining length> is the output length of the hash in bytes, before
* any truncation (e.g. 64 for SHA-224 and SHA-256, 128 for SHA-384 and SHA-512).
*
* |HASH_UPDATE| must be defined as the name of the "Update" function to
* generate.
*
* |HASH_TRANSFORM| must be defined as the the name of the "Transform"
* function to generate.
*
* |HASH_FINAL| must be defined as the name of "Final" function to generate.
*
* |HASH_BLOCK_DATA_ORDER| must be defined as the name of the "Block" function.
* That function must be implemented manually. It must be capable of operating
* on *unaligned* input data in its original (data) byte order. It must have
* this signature:
*
* void HASH_BLOCK_DATA_ORDER(uint32_t *state, const uint8_t *data,
* size_t num);
*
* It must update the hash state |state| with |num| blocks of data from |data|,
* where each block is |HASH_CBLOCK| bytes; i.e. |data| points to a array of
* |HASH_CBLOCK * num| bytes. |state| points to the |h| member of a |HASH_CTX|,
* and so will have |<chaining length> / sizeof(uint32_t)| elements.
*
* |HASH_MAKE_STRING(c, s)| must be defined as a block statement that converts
* the hash state |c->h| into the output byte order, storing the result in |s|.
*/
#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
#error "DATA_ORDER must be defined!"
#endif
#ifndef HASH_CBLOCK
#error "HASH_CBLOCK must be defined!"
#endif
#ifndef HASH_CTX
#error "HASH_CTX must be defined!"
#endif
#ifndef HASH_UPDATE
#error "HASH_UPDATE must be defined!"
#endif
#ifndef HASH_TRANSFORM
#error "HASH_TRANSFORM must be defined!"
#endif
#ifndef HASH_FINAL
#error "HASH_FINAL must be defined!"
#endif
#ifndef HASH_BLOCK_DATA_ORDER
#error "HASH_BLOCK_DATA_ORDER must be defined!"
#endif
/*
* Engage compiler specific rotate intrinsic function if available.
*/
#undef ROTATE
# if defined(_MSC_VER)
# define ROTATE(a,n) _lrotl(a,n)
# elif defined(__ICC)
# define ROTATE(a,n) _rotl(a,n)
# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM)
/*
* Some GNU C inline assembler templates. Note that these are
* rotates by *constant* number of bits! But that's exactly
* what we need here...
* <appro@fy.chalmers.se>
*/
# if defined(OPENSSL_X86) || defined(OPENSSL_X86_64)
# define ROTATE(a,n) ({ register uint32_t ret; \
asm ( \
"roll %1,%0" \
: "=r"(ret) \
: "I"(n), "0"((uint32_t)(a)) \
: "cc"); \
ret; \
})
# endif /* OPENSSL_X86 || OPENSSL_X86_64 */
# endif /* COMPILER */
#ifndef ROTATE
#define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
#endif
#if defined(DATA_ORDER_IS_BIG_ENDIAN)
#ifndef PEDANTIC
# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM)
# if defined(OPENSSL_X86) || defined(OPENSSL_X86_64)
/*
* This gives ~30-40% performance improvement in SHA-256 compiled
* with gcc [on P4]. Well, first macro to be frank. We can pull
* this trick on x86* platforms only, because these CPUs can fetch
* unaligned data without raising an exception.
*/
# define HOST_c2l(c,l) ({ uint32_t r=*((const uint32_t *)(c)); \
asm ("bswapl %0":"=r"(r):"0"(r)); \
(c)+=4; (l)=r; })
# define HOST_l2c(l,c) ({ uint32_t r=(l); \
asm ("bswapl %0":"=r"(r):"0"(r)); \
*((uint32_t *)(c))=r; (c)+=4; r; })
# elif defined(__aarch64__)
# if defined(__BYTE_ORDER__)
# if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
# define HOST_c2l(c,l) ({ uint32_t r; \
asm ("rev %w0,%w1" \
:"=r"(r) \
:"r"(*((const uint32_t *)(c))));\
(c)+=4; (l)=r; })
# define HOST_l2c(l,c) ({ uint32_t r; \
asm ("rev %w0,%w1" \
:"=r"(r) \
:"r"((uint32_t)(l))); \
*((uint32_t *)(c))=r; (c)+=4; r; })
# elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
# define HOST_c2l(c,l) (void)((l)=*((const uint32_t *)(c)), (c)+=4)
# define HOST_l2c(l,c) (*((uint32_t *)(c))=(l), (c)+=4, (l))
# endif
# endif
# endif
# endif
#endif
#ifndef HOST_c2l
#define HOST_c2l(c,l) (void)(l =(((uint32_t)(*((c)++)))<<24), \
l|=(((uint32_t)(*((c)++)))<<16), \
l|=(((uint32_t)(*((c)++)))<< 8), \
l|=(((uint32_t)(*((c)++))) ))
#endif
#ifndef HOST_l2c
#define HOST_l2c(l,c) (*((c)++)=(uint8_t)(((l)>>24)&0xff), \
*((c)++)=(uint8_t)(((l)>>16)&0xff), \
*((c)++)=(uint8_t)(((l)>> 8)&0xff), \
*((c)++)=(uint8_t)(((l) )&0xff), \
l)
#endif
#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
#if defined(OPENSSL_X86) || defined(OPENSSL_X86_64)
/* See comment in DATA_ORDER_IS_BIG_ENDIAN section. */
# define HOST_c2l(c,l) (void)((l)=*((const uint32_t *)(c)), (c)+=4)
# define HOST_l2c(l,c) (*((uint32_t *)(c))=(l), (c)+=4, l)
#endif
#ifndef HOST_c2l
#define HOST_c2l(c,l) (void)(l =(((uint32_t)(*((c)++))) ), \
l|=(((uint32_t)(*((c)++)))<< 8), \
l|=(((uint32_t)(*((c)++)))<<16), \
l|=(((uint32_t)(*((c)++)))<<24))
#endif
#ifndef HOST_l2c
#define HOST_l2c(l,c) (*((c)++)=(uint8_t)(((l) )&0xff), \
*((c)++)=(uint8_t)(((l)>> 8)&0xff), \
*((c)++)=(uint8_t)(((l)>>16)&0xff), \
*((c)++)=(uint8_t)(((l)>>24)&0xff), \
l)
#endif
#endif
int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len)
{
const uint8_t *data=data_;
uint8_t *p;
uint32_t l;
size_t n;
if (len==0) return 1;
l=(c->Nl+(((uint32_t)len)<<3))&0xffffffffUL;
/* 95-05-24 eay Fixed a bug with the overflow handling, thanks to
* Wei Dai <weidai@eskimo.com> for pointing it out. */
if (l < c->Nl) /* overflow */
c->Nh++;
c->Nh+=(uint32_t)(len>>29); /* might cause compiler warning on 16-bit */
c->Nl=l;
n = c->num;
if (n != 0)
{
p=(uint8_t *)c->data;
if (len >= HASH_CBLOCK || len+n >= HASH_CBLOCK)
{
memcpy (p+n,data,HASH_CBLOCK-n);
HASH_BLOCK_DATA_ORDER (c->h,p,1);
n = HASH_CBLOCK-n;
data += n;
len -= n;
c->num = 0;
memset (p,0,HASH_CBLOCK); /* keep it zeroed */
}
else
{
memcpy (p+n,data,len);
c->num += (unsigned int)len;
return 1;
}
}
n = len/HASH_CBLOCK;
if (n > 0)
{
HASH_BLOCK_DATA_ORDER (c->h,data,n);
n *= HASH_CBLOCK;
data += n;
len -= n;
}
if (len != 0)
{
p = (uint8_t *)c->data;
c->num = (unsigned int)len;
memcpy (p,data,len);
}
return 1;
}
void HASH_TRANSFORM (HASH_CTX *c, const uint8_t *data)
{
HASH_BLOCK_DATA_ORDER (c->h,data,1);
}
int HASH_FINAL (uint8_t *md, HASH_CTX *c)
{
uint8_t *p = (uint8_t *)c->data;
size_t n = c->num;
p[n] = 0x80; /* there is always room for one */
n++;
if (n > (HASH_CBLOCK-8))
{
memset (p+n,0,HASH_CBLOCK-n);
n=0;
HASH_BLOCK_DATA_ORDER (c->h,p,1);
}
memset (p+n,0,HASH_CBLOCK-8-n);
p += HASH_CBLOCK-8;
#if defined(DATA_ORDER_IS_BIG_ENDIAN)
(void)HOST_l2c(c->Nh,p);
(void)HOST_l2c(c->Nl,p);
#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
(void)HOST_l2c(c->Nl,p);
(void)HOST_l2c(c->Nh,p);
#endif
p -= HASH_CBLOCK;
HASH_BLOCK_DATA_ORDER (c->h,p,1);
c->num=0;
memset (p,0,HASH_CBLOCK);
#ifndef HASH_MAKE_STRING
#error "HASH_MAKE_STRING must be defined!"
#else
HASH_MAKE_STRING(c,md);
#endif
return 1;
}
#if defined(__cplusplus)
} /* extern C */
#endif
#endif /* OPENSSL_HEADER_MD32_COMMON_H */
Reference in New Issue View Git Blame Copy Permalink