crypto/fipsmodule/digest/md32_common.h - boringssl - Git at Google

 /* ====================================================================
  * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
  *    the documentation and/or other materials provided with the
  *    distribution.
  *
  * 3. All advertising materials mentioning features or use of this
  *    software must display the following acknowledgment:
  *    "This product includes software developed by the OpenSSL Project
  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  *
  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  *    endorse or promote products derived from this software without
  *    prior written permission. For written permission, please contact
  *    licensing@OpenSSL.org.
  *
  * 5. Products derived from this software may not be called "OpenSSL"
  *    nor may "OpenSSL" appear in their names without prior written
  *    permission of the OpenSSL Project.
  *
  * 6. Redistributions of any form whatsoever must retain the following
  *    acknowledgment:
  *    "This product includes software developed by the OpenSSL Project
  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  *
  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  * OF THE POSSIBILITY OF SUCH DAMAGE.
  * ==================================================================== */

 #include <openssl/base.h>

 #include <assert.h>

 #include "../../internal.h"

 #if defined(__cplusplus)
 extern "C" {
 #endif


 // This is a generic 32-bit "collector" for message digest algorithms. It
 // collects input character stream into chunks of 32-bit values and invokes the
 // block function that performs the actual hash calculations. To make use of
 // this mechanism, the following macros must be defined before including
 // md32_common.h.
 //
 // One of |DATA_ORDER_IS_BIG_ENDIAN| or |DATA_ORDER_IS_LITTLE_ENDIAN| must be
 // defined to specify the byte order of the input stream.
 //
 // |HASH_CBLOCK| must be defined as the integer block size, in bytes.
 //
 // |HASH_CTX| must be defined as the name of the context structure, which must
 // have at least the following members:
 //
 //     typedef struct <name>_state_st {
 //       uint32_t h[<chaining length> / sizeof(uint32_t)];
 //       uint32_t Nl, Nh;
 //       uint8_t data[HASH_CBLOCK];
 //       unsigned num;
 //       ...
 //     } <NAME>_CTX;
 //
 // <chaining length> is the output length of the hash in bytes, before
 // any truncation (e.g. 64 for SHA-224 and SHA-256, 128 for SHA-384 and
 // SHA-512).
 //
 // |HASH_UPDATE| must be defined as the name of the "Update" function to
 // generate.
 //
 // |HASH_TRANSFORM| must be defined as the  the name of the "Transform"
 // function to generate.
 //
 // |HASH_FINAL| must be defined as the name of "Final" function to generate.
 //
 // |HASH_BLOCK_DATA_ORDER| must be defined as the name of the "Block" function.
 // That function must be implemented manually. It must be capable of operating
 // on *unaligned* input data in its original (data) byte order. It must have
 // this signature:
 //
 //     void HASH_BLOCK_DATA_ORDER(uint32_t *state, const uint8_t *data,
 //                                size_t num);
 //
 // It must update the hash state |state| with |num| blocks of data from |data|,
 // where each block is |HASH_CBLOCK| bytes; i.e. |data| points to a array of
 // |HASH_CBLOCK * num| bytes. |state| points to the |h| member of a |HASH_CTX|,
 // and so will have |<chaining length> / sizeof(uint32_t)| elements.
 //
 // |HASH_MAKE_STRING(c, s)| must be defined as a block statement that converts
 // the hash state |c->h| into the output byte order, storing the result in |s|.

 #if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
 #error "DATA_ORDER must be defined!"
 #endif

 #ifndef HASH_CBLOCK
 #error "HASH_CBLOCK must be defined!"
 #endif
 #ifndef HASH_CTX
 #error "HASH_CTX must be defined!"
 #endif

 #ifndef HASH_UPDATE
 #error "HASH_UPDATE must be defined!"
 #endif
 #ifndef HASH_TRANSFORM
 #error "HASH_TRANSFORM must be defined!"
 #endif
 #ifndef HASH_FINAL
 #error "HASH_FINAL must be defined!"
 #endif

 #ifndef HASH_BLOCK_DATA_ORDER
 #error "HASH_BLOCK_DATA_ORDER must be defined!"
 #endif

 #ifndef HASH_MAKE_STRING
 #error "HASH_MAKE_STRING must be defined!"
 #endif

 #if defined(DATA_ORDER_IS_BIG_ENDIAN)

 #define HOST_c2l(c, l)                     \
   do {                                     \
     (l) = (((uint32_t)(*((c)++))) << 24);  \
     (l) |= (((uint32_t)(*((c)++))) << 16); \
     (l) |= (((uint32_t)(*((c)++))) << 8);  \
     (l) |= (((uint32_t)(*((c)++))));       \
   } while (0)

 #define HOST_l2c(l, c)                        \
   do {                                        \
     *((c)++) = (uint8_t)(((l) >> 24) & 0xff); \
     *((c)++) = (uint8_t)(((l) >> 16) & 0xff); \
     *((c)++) = (uint8_t)(((l) >> 8) & 0xff);  \
     *((c)++) = (uint8_t)(((l)) & 0xff);       \
   } while (0)

 #elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)

 #define HOST_c2l(c, l)                     \
   do {                                     \
     (l) = (((uint32_t)(*((c)++))));        \
     (l) |= (((uint32_t)(*((c)++))) << 8);  \
     (l) |= (((uint32_t)(*((c)++))) << 16); \
     (l) |= (((uint32_t)(*((c)++))) << 24); \
   } while (0)

 #define HOST_l2c(l, c)                        \
   do {                                        \
     *((c)++) = (uint8_t)(((l)) & 0xff);       \
     *((c)++) = (uint8_t)(((l) >> 8) & 0xff);  \
     *((c)++) = (uint8_t)(((l) >> 16) & 0xff); \
     *((c)++) = (uint8_t)(((l) >> 24) & 0xff); \
   } while (0)

 #endif  // DATA_ORDER

 int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len) {
   const uint8_t *data = data_;

   if (len == 0) {
     return 1;
   }

   uint32_t l = c->Nl + (((uint32_t)len) << 3);
   if (l < c->Nl) {
     // Handle carries.
     c->Nh++;
   }
   c->Nh += (uint32_t)(len >> 29);
   c->Nl = l;

   size_t n = c->num;
   if (n != 0) {
     if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) {
       OPENSSL_memcpy(c->data + n, data, HASH_CBLOCK - n);
       HASH_BLOCK_DATA_ORDER(c->h, c->data, 1);
       n = HASH_CBLOCK - n;
       data += n;
       len -= n;
       c->num = 0;
       // Keep |c->data| zeroed when unused.
       OPENSSL_memset(c->data, 0, HASH_CBLOCK);
     } else {
       OPENSSL_memcpy(c->data + n, data, len);
       c->num += (unsigned)len;
       return 1;
     }
   }

   n = len / HASH_CBLOCK;
   if (n > 0) {
     HASH_BLOCK_DATA_ORDER(c->h, data, n);
     n *= HASH_CBLOCK;
     data += n;
     len -= n;
   }

   if (len != 0) {
     c->num = (unsigned)len;
     OPENSSL_memcpy(c->data, data, len);
   }
   return 1;
 }


 void HASH_TRANSFORM(HASH_CTX *c, const uint8_t data[HASH_CBLOCK]) {
   HASH_BLOCK_DATA_ORDER(c->h, data, 1);
 }


 int HASH_FINAL(uint8_t out[HASH_DIGEST_LENGTH], HASH_CTX *c) {
   // |c->data| always has room for at least one byte. A full block would have
   // been consumed.
   size_t n = c->num;
   assert(n < HASH_CBLOCK);
   c->data[n] = 0x80;
   n++;

   // Fill the block with zeros if there isn't room for a 64-bit length.
   if (n > (HASH_CBLOCK - 8)) {
     OPENSSL_memset(c->data + n, 0, HASH_CBLOCK - n);
     n = 0;
     HASH_BLOCK_DATA_ORDER(c->h, c->data, 1);
   }
   OPENSSL_memset(c->data + n, 0, HASH_CBLOCK - 8 - n);

   // Append a 64-bit length to the block and process it.
   uint8_t *p = c->data + HASH_CBLOCK - 8;
 #if defined(DATA_ORDER_IS_BIG_ENDIAN)
   HOST_l2c(c->Nh, p);
   HOST_l2c(c->Nl, p);
 #elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
   HOST_l2c(c->Nl, p);
   HOST_l2c(c->Nh, p);
 #endif
   assert(p == c->data + HASH_CBLOCK);
   HASH_BLOCK_DATA_ORDER(c->h, c->data, 1);
   c->num = 0;
   OPENSSL_memset(c->data, 0, HASH_CBLOCK);

   HASH_MAKE_STRING(c, out);
   return 1;
 }


 #if defined(__cplusplus)
 }  // extern C
 #endif
	/* ====================================================================
	* Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
	*
	* Redistribution and use in source and binary forms, with or without
	* modification, are permitted provided that the following conditions
	* are met:
	*
	* 1. Redistributions of source code must retain the above copyright
	* notice, this list of conditions and the following disclaimer.
	*
	* 2. Redistributions in binary form must reproduce the above copyright
	* notice, this list of conditions and the following disclaimer in
	* the documentation and/or other materials provided with the
	* distribution.
	*
	* 3. All advertising materials mentioning features or use of this
	* software must display the following acknowledgment:
	* "This product includes software developed by the OpenSSL Project
	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
	*
	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	* endorse or promote products derived from this software without
	* prior written permission. For written permission, please contact
	* licensing@OpenSSL.org.
	*
	* 5. Products derived from this software may not be called "OpenSSL"
	* nor may "OpenSSL" appear in their names without prior written
	* permission of the OpenSSL Project.
	*
	* 6. Redistributions of any form whatsoever must retain the following
	* acknowledgment:
	* "This product includes software developed by the OpenSSL Project
	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
	*
	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	* OF THE POSSIBILITY OF SUCH DAMAGE.
	* ==================================================================== */

	#include <openssl/base.h>

	#include <assert.h>

	#include "../../internal.h"

	#if defined(__cplusplus)
	extern "C" {
	#endif


	// This is a generic 32-bit "collector" for message digest algorithms. It
	// collects input character stream into chunks of 32-bit values and invokes the
	// block function that performs the actual hash calculations. To make use of
	// this mechanism, the following macros must be defined before including
	// md32_common.h.
	//
	// One of \|DATA_ORDER_IS_BIG_ENDIAN\| or \|DATA_ORDER_IS_LITTLE_ENDIAN\| must be
	// defined to specify the byte order of the input stream.
	//
	// \|HASH_CBLOCK\| must be defined as the integer block size, in bytes.
	//
	// \|HASH_CTX\| must be defined as the name of the context structure, which must
	// have at least the following members:
	//
	// typedef struct <name>_state_st {
	// uint32_t h[<chaining length> / sizeof(uint32_t)];
	// uint32_t Nl, Nh;
	// uint8_t data[HASH_CBLOCK];
	// unsigned num;
	// ...
	// } <NAME>_CTX;
	//
	// <chaining length> is the output length of the hash in bytes, before
	// any truncation (e.g. 64 for SHA-224 and SHA-256, 128 for SHA-384 and
	// SHA-512).
	//
	// \|HASH_UPDATE\| must be defined as the name of the "Update" function to
	// generate.
	//
	// \|HASH_TRANSFORM\| must be defined as the the name of the "Transform"
	// function to generate.
	//
	// \|HASH_FINAL\| must be defined as the name of "Final" function to generate.
	//
	// \|HASH_BLOCK_DATA_ORDER\| must be defined as the name of the "Block" function.
	// That function must be implemented manually. It must be capable of operating
	// on unaligned input data in its original (data) byte order. It must have
	// this signature:
	//
	// void HASH_BLOCK_DATA_ORDER(uint32_t state, const uint8_t data,
	// size_t num);
	//
	// It must update the hash state \|state\| with \|num\| blocks of data from \|data\|,
	// where each block is \|HASH_CBLOCK\| bytes; i.e. \|data\| points to a array of
	// \|HASH_CBLOCK * num\| bytes. \|state\| points to the \|h\| member of a \|HASH_CTX\|,
	// and so will have \|<chaining length> / sizeof(uint32_t)\| elements.
	//
	// \|HASH_MAKE_STRING(c, s)\| must be defined as a block statement that converts
	// the hash state \|c->h\| into the output byte order, storing the result in \|s\|.

	#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
	#error "DATA_ORDER must be defined!"
	#endif

	#ifndef HASH_CBLOCK
	#error "HASH_CBLOCK must be defined!"
	#endif
	#ifndef HASH_CTX
	#error "HASH_CTX must be defined!"
	#endif

	#ifndef HASH_UPDATE
	#error "HASH_UPDATE must be defined!"
	#endif
	#ifndef HASH_TRANSFORM
	#error "HASH_TRANSFORM must be defined!"
	#endif
	#ifndef HASH_FINAL
	#error "HASH_FINAL must be defined!"
	#endif

	#ifndef HASH_BLOCK_DATA_ORDER
	#error "HASH_BLOCK_DATA_ORDER must be defined!"
	#endif

	#ifndef HASH_MAKE_STRING
	#error "HASH_MAKE_STRING must be defined!"
	#endif

	#if defined(DATA_ORDER_IS_BIG_ENDIAN)

	#define HOST_c2l(c, l) \
	do { \
	(l) = (((uint32_t)(*((c)++))) << 24); \
	(l) \|= (((uint32_t)(*((c)++))) << 16); \
	(l) \|= (((uint32_t)(*((c)++))) << 8); \
	(l) \|= (((uint32_t)(*((c)++)))); \
	} while (0)

	#define HOST_l2c(l, c) \
	do { \
	*((c)++) = (uint8_t)(((l) >> 24) & 0xff); \
	*((c)++) = (uint8_t)(((l) >> 16) & 0xff); \
	*((c)++) = (uint8_t)(((l) >> 8) & 0xff); \
	*((c)++) = (uint8_t)(((l)) & 0xff); \
	} while (0)

	#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)

	#define HOST_c2l(c, l) \
	do { \
	(l) = (((uint32_t)(*((c)++)))); \
	(l) \|= (((uint32_t)(*((c)++))) << 8); \
	(l) \|= (((uint32_t)(*((c)++))) << 16); \
	(l) \|= (((uint32_t)(*((c)++))) << 24); \
	} while (0)

	#define HOST_l2c(l, c) \
	do { \
	*((c)++) = (uint8_t)(((l)) & 0xff); \
	*((c)++) = (uint8_t)(((l) >> 8) & 0xff); \
	*((c)++) = (uint8_t)(((l) >> 16) & 0xff); \
	*((c)++) = (uint8_t)(((l) >> 24) & 0xff); \
	} while (0)

	#endif // DATA_ORDER

	int HASH_UPDATE(HASH_CTX c, const void data_, size_t len) {
	const uint8_t *data = data_;

	if (len == 0) {
	return 1;
	}

	uint32_t l = c->Nl + (((uint32_t)len) << 3);
	if (l < c->Nl) {
	// Handle carries.
	c->Nh++;
	}
	c->Nh += (uint32_t)(len >> 29);
	c->Nl = l;

	size_t n = c->num;
	if (n != 0) {
	if (len >= HASH_CBLOCK \|\| len + n >= HASH_CBLOCK) {
	OPENSSL_memcpy(c->data + n, data, HASH_CBLOCK - n);
	HASH_BLOCK_DATA_ORDER(c->h, c->data, 1);
	n = HASH_CBLOCK - n;
	data += n;
	len -= n;
	c->num = 0;
	// Keep \|c->data\| zeroed when unused.
	OPENSSL_memset(c->data, 0, HASH_CBLOCK);
	} else {
	OPENSSL_memcpy(c->data + n, data, len);
	c->num += (unsigned)len;
	return 1;
	}
	}

	n = len / HASH_CBLOCK;
	if (n > 0) {
	HASH_BLOCK_DATA_ORDER(c->h, data, n);
	n *= HASH_CBLOCK;
	data += n;
	len -= n;
	}

	if (len != 0) {
	c->num = (unsigned)len;
	OPENSSL_memcpy(c->data, data, len);
	}
	return 1;
	}


	void HASH_TRANSFORM(HASH_CTX *c, const uint8_t data[HASH_CBLOCK]) {
	HASH_BLOCK_DATA_ORDER(c->h, data, 1);
	}


	int HASH_FINAL(uint8_t out[HASH_DIGEST_LENGTH], HASH_CTX *c) {
	// \|c->data\| always has room for at least one byte. A full block would have
	// been consumed.
	size_t n = c->num;
	assert(n < HASH_CBLOCK);
	c->data[n] = 0x80;
	n++;

	// Fill the block with zeros if there isn't room for a 64-bit length.
	if (n > (HASH_CBLOCK - 8)) {
	OPENSSL_memset(c->data + n, 0, HASH_CBLOCK - n);
	n = 0;
	HASH_BLOCK_DATA_ORDER(c->h, c->data, 1);
	}
	OPENSSL_memset(c->data + n, 0, HASH_CBLOCK - 8 - n);

	// Append a 64-bit length to the block and process it.
	uint8_t *p = c->data + HASH_CBLOCK - 8;
	#if defined(DATA_ORDER_IS_BIG_ENDIAN)
	HOST_l2c(c->Nh, p);
	HOST_l2c(c->Nl, p);
	#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
	HOST_l2c(c->Nl, p);
	HOST_l2c(c->Nh, p);
	#endif
	assert(p == c->data + HASH_CBLOCK);
	HASH_BLOCK_DATA_ORDER(c->h, c->data, 1);
	c->num = 0;
	OPENSSL_memset(c->data, 0, HASH_CBLOCK);

	HASH_MAKE_STRING(c, out);
	return 1;
	}


	#if defined(__cplusplus)
	} // extern C
	#endif