From 7c30aa73c90ed569b9a64ba5cf178239a7e304ea Mon Sep 17 00:00:00 2001 From: Thom Wiggers Date: Mon, 20 May 2019 09:20:12 +0200 Subject: [PATCH] SHA2 state constants in common --- common/sha2.c | 108 ++++++++++++++++++++++----------------------- common/sha2.h | 40 ++++++++++++----- test/common/sha2.c | 18 ++++---- 3 files changed, 91 insertions(+), 75 deletions(-) diff --git a/common/sha2.c b/common/sha2.c index 12ba35be..cc42f760 100644 --- a/common/sha2.c +++ b/common/sha2.c @@ -492,73 +492,73 @@ static const uint8_t iv_512[64] = { 0x6b, 0x5b, 0xe0, 0xcd, 0x19, 0x13, 0x7e, 0x21, 0x79 }; -void sha224_inc_init(uint8_t *state) { +void sha224_inc_init(sha224ctx *state) { for (size_t i = 0; i < 32; ++i) { - state[i] = iv_224[i]; + state->ctx[i] = iv_224[i]; } for (size_t i = 32; i < 40; ++i) { - state[i] = 0; + state->ctx[i] = 0; } } -void sha256_inc_init(uint8_t *state) { +void sha256_inc_init(sha256ctx *state) { for (size_t i = 0; i < 32; ++i) { - state[i] = iv_256[i]; + state->ctx[i] = iv_256[i]; } for (size_t i = 32; i < 40; ++i) { - state[i] = 0; + state->ctx[i] = 0; } } -void sha384_inc_init(uint8_t *state) { +void sha384_inc_init(sha384ctx *state) { for (size_t i = 0; i < 64; ++i) { - state[i] = iv_384[i]; + state->ctx[i] = iv_384[i]; } for (size_t i = 64; i < 72; ++i) { - state[i] = 0; + state->ctx[i] = 0; } } -void sha512_inc_init(uint8_t *state) { +void sha512_inc_init(sha512ctx *state) { for (size_t i = 0; i < 64; ++i) { - state[i] = iv_512[i]; + state->ctx[i] = iv_512[i]; } for (size_t i = 64; i < 72; ++i) { - state[i] = 0; + state->ctx[i] = 0; } } -void sha256_inc_blocks(uint8_t *state, const uint8_t *in, size_t inblocks) { - uint64_t bytes = load_bigendian_64(state + 32); +void sha256_inc_blocks(sha256ctx *state, const uint8_t *in, size_t inblocks) { + uint64_t bytes = load_bigendian_64(state->ctx + 32); - crypto_hashblocks_sha256(state, in, 64 * inblocks); + crypto_hashblocks_sha256(state->ctx, in, 64 * inblocks); bytes += 64 * inblocks; - store_bigendian_64(state + 32, bytes); + store_bigendian_64(state->ctx + 32, bytes); } -void sha224_inc_blocks(uint8_t *state, const uint8_t *in, size_t inblocks) { - sha256_inc_blocks(state, in, inblocks); +void sha224_inc_blocks(sha224ctx *state, const uint8_t *in, size_t inblocks) { + sha256_inc_blocks((sha256ctx*) state, in, inblocks); } -void sha512_inc_blocks(uint8_t *state, const uint8_t *in, size_t inblocks) { - uint64_t bytes = load_bigendian_64(state + 64); +void sha512_inc_blocks(sha512ctx *state, const uint8_t *in, size_t inblocks) { + uint64_t bytes = load_bigendian_64(state->ctx + 64); - crypto_hashblocks_sha256(state, in, 128 * inblocks); + crypto_hashblocks_sha256(state->ctx, in, 128 * inblocks); bytes += 128 * inblocks; - store_bigendian_64(state + 64, bytes); + store_bigendian_64(state->ctx + 64, bytes); } -void sha384_inc_blocks(uint8_t *state, const uint8_t *in, size_t inblocks) { - sha512_inc_blocks(state, in, inblocks); +void sha384_inc_blocks(sha384ctx *state, const uint8_t *in, size_t inblocks) { + sha512_inc_blocks((sha512ctx*) state, in, inblocks); } -void sha256_inc_finalize(uint8_t *out, uint8_t *state, const uint8_t *in, size_t inlen) { +void sha256_inc_finalize(uint8_t *out, sha256ctx *state, const uint8_t *in, size_t inlen) { uint8_t padded[128]; - uint64_t bytes = load_bigendian_64(state + 32) + inlen; + uint64_t bytes = load_bigendian_64(state->ctx + 32) + inlen; - crypto_hashblocks_sha256(state, in, inlen); + crypto_hashblocks_sha256(state->ctx, in, inlen); in += inlen; inlen &= 63; in -= inlen; @@ -580,7 +580,7 @@ void sha256_inc_finalize(uint8_t *out, uint8_t *state, const uint8_t *in, size_t padded[61] = (uint8_t) (bytes >> 13); padded[62] = (uint8_t) (bytes >> 5); padded[63] = (uint8_t) (bytes << 3); - crypto_hashblocks_sha256(state, padded, 64); + crypto_hashblocks_sha256(state->ctx, padded, 64); } else { for (size_t i = inlen + 1; i < 120; ++i) { padded[i] = 0; @@ -593,27 +593,27 @@ void sha256_inc_finalize(uint8_t *out, uint8_t *state, const uint8_t *in, size_t padded[125] = (uint8_t) (bytes >> 13); padded[126] = (uint8_t) (bytes >> 5); padded[127] = (uint8_t) (bytes << 3); - crypto_hashblocks_sha256(state, padded, 128); + crypto_hashblocks_sha256(state->ctx, padded, 128); } for (size_t i = 0; i < 32; ++i) { - out[i] = state[i]; + out[i] = state->ctx[i]; } } -void sha224_inc_finalize(uint8_t *out, uint8_t *state, const uint8_t *in, size_t inlen) { - sha256_inc_finalize(state, state, in, inlen); +void sha224_inc_finalize(uint8_t *out, sha224ctx *state, const uint8_t *in, size_t inlen) { + sha256_inc_finalize(state->ctx, (sha256ctx*)state, in, inlen); for (size_t i = 0; i < 28; ++i) { - out[i] = state[i]; + out[i] = state->ctx[i]; } } -void sha512_inc_finalize(uint8_t *out, uint8_t *state, const uint8_t *in, size_t inlen) { +void sha512_inc_finalize(uint8_t *out, sha512ctx *state, const uint8_t *in, size_t inlen) { uint8_t padded[256]; - uint64_t bytes = load_bigendian_64(state + 64) + inlen; + uint64_t bytes = load_bigendian_64(state->ctx + 64) + inlen; - crypto_hashblocks_sha512(state, in, inlen); + crypto_hashblocks_sha512(state->ctx, in, inlen); in += inlen; inlen &= 127; in -= inlen; @@ -636,7 +636,7 @@ void sha512_inc_finalize(uint8_t *out, uint8_t *state, const uint8_t *in, size_t padded[125] = (uint8_t) (bytes >> 13); padded[126] = (uint8_t) (bytes >> 5); padded[127] = (uint8_t) (bytes << 3); - crypto_hashblocks_sha512(state, padded, 128); + crypto_hashblocks_sha512(state->ctx, padded, 128); } else { for (size_t i = inlen + 1; i < 247; ++i) { padded[i] = 0; @@ -650,46 +650,46 @@ void sha512_inc_finalize(uint8_t *out, uint8_t *state, const uint8_t *in, size_t padded[253] = (uint8_t) (bytes >> 13); padded[254] = (uint8_t) (bytes >> 5); padded[255] = (uint8_t) (bytes << 3); - crypto_hashblocks_sha512(state, padded, 256); + crypto_hashblocks_sha512(state->ctx, padded, 256); } for (size_t i = 0; i < 64; ++i) { - out[i] = state[i]; + out[i] = state->ctx[i]; } } -void sha384_inc_finalize(uint8_t *out, uint8_t *state, const uint8_t *in, size_t inlen) { - sha512_inc_finalize(state, state, in, inlen); +void sha384_inc_finalize(uint8_t *out, sha384ctx *state, const uint8_t *in, size_t inlen) { + sha512_inc_finalize(state->ctx, (sha512ctx*)state, in, inlen); for (size_t i = 0; i < 48; ++i) { - out[i] = state[i]; + out[i] = state->ctx[i]; } } void sha224(uint8_t *out, const uint8_t *in, size_t inlen) { - uint8_t state[40]; + sha224ctx state; - sha224_inc_init(state); - sha224_inc_finalize(out, state, in, inlen); + sha224_inc_init(&state); + sha224_inc_finalize(out, &state, in, inlen); } void sha256(uint8_t *out, const uint8_t *in, size_t inlen) { - uint8_t state[40]; + sha256ctx state; - sha256_inc_init(state); - sha256_inc_finalize(out, state, in, inlen); + sha256_inc_init(&state); + sha256_inc_finalize(out, &state, in, inlen); } void sha384(uint8_t *out, const uint8_t *in, size_t inlen) { - uint8_t state[72]; + sha384ctx state; - sha384_inc_init(state); - sha384_inc_finalize(out, state, in, inlen); + sha384_inc_init(&state); + sha384_inc_finalize(out, &state, in, inlen); } void sha512(uint8_t *out, const uint8_t *in, size_t inlen) { - uint8_t state[72]; + sha512ctx state; - sha512_inc_init(state); - sha512_inc_finalize(out, state, in, inlen); + sha512_inc_init(&state); + sha512_inc_finalize(out, &state, in, inlen); } diff --git a/common/sha2.h b/common/sha2.h index ce6a8aff..618683ef 100644 --- a/common/sha2.h +++ b/common/sha2.h @@ -8,24 +8,40 @@ must be exactly 64 bytes each. Use the 'finalize' functions for any remaining bytes (possibly over 64). */ -void sha224_inc_init(uint8_t *state); -void sha224_inc_blocks(uint8_t *state, const uint8_t *in, size_t inblocks); -void sha224_inc_finalize(uint8_t *out, uint8_t *state, const uint8_t *in, size_t inlen); +typedef struct { + uint8_t ctx[40]; +} sha224ctx; + +typedef struct { + uint8_t ctx[40]; +} sha256ctx; + +typedef struct { + uint8_t ctx[72]; +} sha384ctx; + +typedef struct { + uint8_t ctx[72]; +} sha512ctx; + +void sha224_inc_init(sha224ctx *state); +void sha224_inc_blocks(sha224ctx *state, const uint8_t *in, size_t inblocks); +void sha224_inc_finalize(uint8_t *out, sha224ctx *state, const uint8_t *in, size_t inlen); void sha224(uint8_t *out, const uint8_t *in, size_t inlen); -void sha256_inc_init(uint8_t *state); -void sha256_inc_blocks(uint8_t *state, const uint8_t *in, size_t inblocks); -void sha256_inc_finalize(uint8_t *out, uint8_t *state, const uint8_t *in, size_t inlen); +void sha256_inc_init(sha256ctx *state); +void sha256_inc_blocks(sha256ctx *state, const uint8_t *in, size_t inblocks); +void sha256_inc_finalize(uint8_t *out, sha256ctx *state, const uint8_t *in, size_t inlen); void sha256(uint8_t *out, const uint8_t *in, size_t inlen); -void sha384_inc_init(uint8_t *state); -void sha384_inc_blocks(uint8_t *state, const uint8_t *in, size_t inblocks); -void sha384_inc_finalize(uint8_t *out, uint8_t *state, const uint8_t *in, size_t inlen); +void sha384_inc_init(sha384ctx *state); +void sha384_inc_blocks(sha384ctx *state, const uint8_t *in, size_t inblocks); +void sha384_inc_finalize(uint8_t *out, sha384ctx *state, const uint8_t *in, size_t inlen); void sha384(uint8_t *out, const uint8_t *in, size_t inlen); -void sha512_inc_init(uint8_t *state); -void sha512_inc_blocks(uint8_t *state, const uint8_t *in, size_t inblocks); -void sha512_inc_finalize(uint8_t *out, uint8_t *state, const uint8_t *in, size_t inlen); +void sha512_inc_init(sha512ctx *state); +void sha512_inc_blocks(sha512ctx *state, const uint8_t *in, size_t inblocks); +void sha512_inc_finalize(uint8_t *out, sha512ctx *state, const uint8_t *in, size_t inlen); void sha512(uint8_t *out, const uint8_t *in, size_t inlen); #endif diff --git a/test/common/sha2.c b/test/common/sha2.c index f08eb06b..b04f59a2 100644 --- a/test/common/sha2.c +++ b/test/common/sha2.c @@ -37,14 +37,14 @@ const unsigned char expected_512[64] = { static int test_sha256_incremental(void) { unsigned char output[32]; - uint8_t state[40]; + sha256ctx state; int i = 0; - sha256_inc_init(state); - sha256_inc_blocks(state, plaintext, 1); - sha256_inc_finalize(output, state, plaintext + 64, 112 - 64); + sha256_inc_init(&state); + sha256_inc_blocks(&state, plaintext, 1); + sha256_inc_finalize(output, &state, plaintext + 64, 112 - 64); - if (memcmp(expected_256, output, 32)) { + if (memcmp(expected_256, output, 32) != 0) { printf("ERROR sha256 incremental did not match sha256.\n"); printf(" Expected: "); for (i = 0; i < 32; i++) { @@ -68,7 +68,7 @@ static int test_sha224(void) { sha224(output, plaintext, 112); - if (memcmp(expected_224, output, 28)) { + if (memcmp(expected_224, output, 28) != 0) { printf("ERROR sha224 output did not match test vector.\n"); printf("Expected: "); for (i = 0; i < 28; i++) { @@ -92,7 +92,7 @@ static int test_sha256(void) { sha256(output, plaintext, 112); - if (memcmp(expected_256, output, 32)) { + if (memcmp(expected_256, output, 32) != 0) { printf("ERROR sha256 output did not match test vector.\n"); printf("Expected: "); for (i = 0; i < 32; i++) { @@ -116,7 +116,7 @@ static int test_sha384(void) { sha384(output, plaintext, 112); - if (memcmp(expected_384, output, 48)) { + if (memcmp(expected_384, output, 48) != 0) { printf("ERROR sha384 output did not match test vector.\n"); printf("Expected: "); for (i = 0; i < 48; i++) { @@ -140,7 +140,7 @@ static int test_sha512(void) { sha512(output, plaintext, 112); - if (memcmp(expected_512, output, 64)) { + if (memcmp(expected_512, output, 64) != 0) { printf("ERROR sha512 output did not match test vector.\n"); printf("Expected: "); for (i = 0; i < 64; i++) {