aboutsummaryrefslogtreecommitdiff
path: root/src/microhttpd/sha256.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/microhttpd/sha256.c')
-rw-r--r--src/microhttpd/sha256.c254
1 files changed, 137 insertions, 117 deletions
diff --git a/src/microhttpd/sha256.c b/src/microhttpd/sha256.c
index b47a773b..846a43b7 100644
--- a/src/microhttpd/sha256.c
+++ b/src/microhttpd/sha256.c
@@ -104,10 +104,12 @@ sha256_transform (uint32_t H[_SHA256_DIGEST_LENGTH],
104 104
105 /* Four 'Sigma' macro functions. 105 /* Four 'Sigma' macro functions.
106 See FIPS PUB 180-4 formulae 4.4, 4.5, 4.6, 4.7. */ 106 See FIPS PUB 180-4 formulae 4.4, 4.5, 4.6, 4.7. */
107#define SIG0(x) ( _MHD_ROTR32((x),2) ^ _MHD_ROTR32((x),13) ^ _MHD_ROTR32((x),22) ) 107#define SIG0(x) (_MHD_ROTR32 ((x),2) ^ _MHD_ROTR32 ((x),13) ^ _MHD_ROTR32 ((x), \
108#define SIG1(x) ( _MHD_ROTR32((x),6) ^ _MHD_ROTR32((x),11) ^ _MHD_ROTR32((x),25) ) 108 22) )
109#define sig0(x) ( _MHD_ROTR32((x),7) ^ _MHD_ROTR32((x),18) ^ ((x) >> 3) ) 109#define SIG1(x) (_MHD_ROTR32 ((x),6) ^ _MHD_ROTR32 ((x),11) ^ _MHD_ROTR32 ((x), \
110#define sig1(x) ( _MHD_ROTR32((x),17) ^ _MHD_ROTR32((x),19) ^ ((x) >> 10) ) 110 25) )
111#define sig0(x) (_MHD_ROTR32 ((x),7) ^ _MHD_ROTR32 ((x),18) ^ ((x) >> 3) )
112#define sig1(x) (_MHD_ROTR32 ((x),17) ^ _MHD_ROTR32 ((x),19) ^ ((x) >> 10) )
111 113
112 /* Single step of SHA-256 computation, 114 /* Single step of SHA-256 computation,
113 see FIPS PUB 180-4 paragraph 6.2.2 step 3. 115 see FIPS PUB 180-4 paragraph 6.2.2 step 3.
@@ -122,99 +124,115 @@ sha256_transform (uint32_t H[_SHA256_DIGEST_LENGTH],
122 * Note: 'wt' must be used exactly one time in this macro as it change other data as well 124 * Note: 'wt' must be used exactly one time in this macro as it change other data as well
123 every time when used. */ 125 every time when used. */
124#define SHA2STEP32(vA,vB,vC,vD,vE,vF,vG,vH,kt,wt) do { \ 126#define SHA2STEP32(vA,vB,vC,vD,vE,vF,vG,vH,kt,wt) do { \
125 (vD) += ((vH) += SIG1((vE)) + Ch((vE),(vF),(vG)) + (kt) + (wt)); \ 127 (vD) += ((vH) += SIG1 ((vE)) + Ch ((vE),(vF),(vG)) + (kt) + (wt)); \
126 (vH) += SIG0((vA)) + Maj((vA),(vB),(vC)); } while (0) 128 (vH) += SIG0 ((vA)) + Maj ((vA),(vB),(vC)); } while (0)
127 129
128 /* Get value of W(t) from input data buffer, 130 /* Get value of W(t) from input data buffer,
129 See FIPS PUB 180-4 paragraph 6.2. 131 See FIPS PUB 180-4 paragraph 6.2.
130 Input data must be read in big-endian bytes order, 132 Input data must be read in big-endian bytes order,
131 see FIPS PUB 180-4 paragraph 3.1.2. */ 133 see FIPS PUB 180-4 paragraph 3.1.2. */
132#define GET_W_FROM_DATA(buf,t) \ 134#define GET_W_FROM_DATA(buf,t) \
133 _MHD_GET_32BIT_BE(((const uint8_t*)(buf)) + (t) * SHA256_BYTES_IN_WORD) 135 _MHD_GET_32BIT_BE (((const uint8_t*) (buf)) + (t) * SHA256_BYTES_IN_WORD)
134 136
135 /* During first 16 steps, before making any calculations on each step, 137 /* During first 16 steps, before making any calculations on each step,
136 the W element is read from input data buffer as big-endian value and 138 the W element is read from input data buffer as big-endian value and
137 stored in array of W elements. */ 139 stored in array of W elements. */
138 /* Note: instead of using K constants as array, all K values are specified 140 /* Note: instead of using K constants as array, all K values are specified
139 individually for each step, see FIPS PUB 180-4 paragraph 4.2.2 for K values. */ 141 individually for each step, see FIPS PUB 180-4 paragraph 4.2.2 for K values. */
140 SHA2STEP32(a, b, c, d, e, f, g, h, 0x428a2f98UL, W[0] = GET_W_FROM_DATA(data,0)); 142 SHA2STEP32 (a, b, c, d, e, f, g, h, 0x428a2f98UL, W[0] = GET_W_FROM_DATA (
141 SHA2STEP32(h, a, b, c, d, e, f, g, 0x71374491UL, W[1] = GET_W_FROM_DATA(data,1)); 143 data,0));
142 SHA2STEP32(g, h, a, b, c, d, e, f, 0xb5c0fbcfUL, W[2] = GET_W_FROM_DATA(data,2)); 144 SHA2STEP32 (h, a, b, c, d, e, f, g, 0x71374491UL, W[1] = GET_W_FROM_DATA (
143 SHA2STEP32(f, g, h, a, b, c, d, e, 0xe9b5dba5UL, W[3] = GET_W_FROM_DATA(data,3)); 145 data,1));
144 SHA2STEP32(e, f, g, h, a, b, c, d, 0x3956c25bUL, W[4] = GET_W_FROM_DATA(data,4)); 146 SHA2STEP32 (g, h, a, b, c, d, e, f, 0xb5c0fbcfUL, W[2] = GET_W_FROM_DATA (
145 SHA2STEP32(d, e, f, g, h, a, b, c, 0x59f111f1UL, W[5] = GET_W_FROM_DATA(data,5)); 147 data,2));
146 SHA2STEP32(c, d, e, f, g, h, a, b, 0x923f82a4UL, W[6] = GET_W_FROM_DATA(data,6)); 148 SHA2STEP32 (f, g, h, a, b, c, d, e, 0xe9b5dba5UL, W[3] = GET_W_FROM_DATA (
147 SHA2STEP32(b, c, d, e, f, g, h, a, 0xab1c5ed5UL, W[7] = GET_W_FROM_DATA(data,7)); 149 data,3));
148 SHA2STEP32(a, b, c, d, e, f, g, h, 0xd807aa98UL, W[8] = GET_W_FROM_DATA(data,8)); 150 SHA2STEP32 (e, f, g, h, a, b, c, d, 0x3956c25bUL, W[4] = GET_W_FROM_DATA (
149 SHA2STEP32(h, a, b, c, d, e, f, g, 0x12835b01UL, W[9] = GET_W_FROM_DATA(data,9)); 151 data,4));
150 SHA2STEP32(g, h, a, b, c, d, e, f, 0x243185beUL, W[10] = GET_W_FROM_DATA(data,10)); 152 SHA2STEP32 (d, e, f, g, h, a, b, c, 0x59f111f1UL, W[5] = GET_W_FROM_DATA (
151 SHA2STEP32(f, g, h, a, b, c, d, e, 0x550c7dc3UL, W[11] = GET_W_FROM_DATA(data,11)); 153 data,5));
152 SHA2STEP32(e, f, g, h, a, b, c, d, 0x72be5d74UL, W[12] = GET_W_FROM_DATA(data,12)); 154 SHA2STEP32 (c, d, e, f, g, h, a, b, 0x923f82a4UL, W[6] = GET_W_FROM_DATA (
153 SHA2STEP32(d, e, f, g, h, a, b, c, 0x80deb1feUL, W[13] = GET_W_FROM_DATA(data,13)); 155 data,6));
154 SHA2STEP32(c, d, e, f, g, h, a, b, 0x9bdc06a7UL, W[14] = GET_W_FROM_DATA(data,14)); 156 SHA2STEP32 (b, c, d, e, f, g, h, a, 0xab1c5ed5UL, W[7] = GET_W_FROM_DATA (
155 SHA2STEP32(b, c, d, e, f, g, h, a, 0xc19bf174UL, W[15] = GET_W_FROM_DATA(data,15)); 157 data,7));
158 SHA2STEP32 (a, b, c, d, e, f, g, h, 0xd807aa98UL, W[8] = GET_W_FROM_DATA (
159 data,8));
160 SHA2STEP32 (h, a, b, c, d, e, f, g, 0x12835b01UL, W[9] = GET_W_FROM_DATA (
161 data,9));
162 SHA2STEP32 (g, h, a, b, c, d, e, f, 0x243185beUL, W[10] = GET_W_FROM_DATA (
163 data,10));
164 SHA2STEP32 (f, g, h, a, b, c, d, e, 0x550c7dc3UL, W[11] = GET_W_FROM_DATA (
165 data,11));
166 SHA2STEP32 (e, f, g, h, a, b, c, d, 0x72be5d74UL, W[12] = GET_W_FROM_DATA (
167 data,12));
168 SHA2STEP32 (d, e, f, g, h, a, b, c, 0x80deb1feUL, W[13] = GET_W_FROM_DATA (
169 data,13));
170 SHA2STEP32 (c, d, e, f, g, h, a, b, 0x9bdc06a7UL, W[14] = GET_W_FROM_DATA (
171 data,14));
172 SHA2STEP32 (b, c, d, e, f, g, h, a, 0xc19bf174UL, W[15] = GET_W_FROM_DATA (
173 data,15));
156 174
157 /* 'W' generation and assignment for 16 <= t <= 63. 175 /* 'W' generation and assignment for 16 <= t <= 63.
158 See FIPS PUB 180-4 paragraph 6.2.2. 176 See FIPS PUB 180-4 paragraph 6.2.2.
159 As only last 16 'W' are used in calculations, it is possible to 177 As only last 16 'W' are used in calculations, it is possible to
160 use 16 elements array of W as cyclic buffer. 178 use 16 elements array of W as cyclic buffer.
161 * Note: ((t-16)&0xf) have same value as (t&0xf) */ 179 * Note: ((t-16)&0xf) have same value as (t&0xf) */
162#define Wgen(w,t) ( (w)[(t-16)&0xf] + sig1((w)[((t)-2)&0xf]) + \ 180#define Wgen(w,t) ( (w)[(t - 16) & 0xf] + sig1 ((w)[((t) - 2) & 0xf]) \
163 (w)[((t)-7)&0xf] + sig0((w)[((t)-15)&0xf]) ) 181 + (w)[((t) - 7) & 0xf] + sig0 ((w)[((t) - 15) & 0xf]) )
164 182
165 /* During last 48 steps, before making any calculations on each step, 183 /* During last 48 steps, before making any calculations on each step,
166 W element is generated from W elements of cyclic buffer and generated value 184 W element is generated from W elements of cyclic buffer and generated value
167 stored back in cyclic buffer. */ 185 stored back in cyclic buffer. */
168 /* Note: instead of using K constants as array, all K values are specified 186 /* Note: instead of using K constants as array, all K values are specified
169 individually for each step, see FIPS PUB 180-4 paragraph 4.2.2 for K values. */ 187 individually for each step, see FIPS PUB 180-4 paragraph 4.2.2 for K values. */
170 SHA2STEP32(a, b, c, d, e, f, g, h, 0xe49b69c1UL, W[16&0xf] = Wgen(W,16)); 188 SHA2STEP32 (a, b, c, d, e, f, g, h, 0xe49b69c1UL, W[16 & 0xf] = Wgen (W,16));
171 SHA2STEP32(h, a, b, c, d, e, f, g, 0xefbe4786UL, W[17&0xf] = Wgen(W,17)); 189 SHA2STEP32 (h, a, b, c, d, e, f, g, 0xefbe4786UL, W[17 & 0xf] = Wgen (W,17));
172 SHA2STEP32(g, h, a, b, c, d, e, f, 0x0fc19dc6UL, W[18&0xf] = Wgen(W,18)); 190 SHA2STEP32 (g, h, a, b, c, d, e, f, 0x0fc19dc6UL, W[18 & 0xf] = Wgen (W,18));
173 SHA2STEP32(f, g, h, a, b, c, d, e, 0x240ca1ccUL, W[19&0xf] = Wgen(W,19)); 191 SHA2STEP32 (f, g, h, a, b, c, d, e, 0x240ca1ccUL, W[19 & 0xf] = Wgen (W,19));
174 SHA2STEP32(e, f, g, h, a, b, c, d, 0x2de92c6fUL, W[20&0xf] = Wgen(W,20)); 192 SHA2STEP32 (e, f, g, h, a, b, c, d, 0x2de92c6fUL, W[20 & 0xf] = Wgen (W,20));
175 SHA2STEP32(d, e, f, g, h, a, b, c, 0x4a7484aaUL, W[21&0xf] = Wgen(W,21)); 193 SHA2STEP32 (d, e, f, g, h, a, b, c, 0x4a7484aaUL, W[21 & 0xf] = Wgen (W,21));
176 SHA2STEP32(c, d, e, f, g, h, a, b, 0x5cb0a9dcUL, W[22&0xf] = Wgen(W,22)); 194 SHA2STEP32 (c, d, e, f, g, h, a, b, 0x5cb0a9dcUL, W[22 & 0xf] = Wgen (W,22));
177 SHA2STEP32(b, c, d, e, f, g, h, a, 0x76f988daUL, W[23&0xf] = Wgen(W,23)); 195 SHA2STEP32 (b, c, d, e, f, g, h, a, 0x76f988daUL, W[23 & 0xf] = Wgen (W,23));
178 SHA2STEP32(a, b, c, d, e, f, g, h, 0x983e5152UL, W[24&0xf] = Wgen(W,24)); 196 SHA2STEP32 (a, b, c, d, e, f, g, h, 0x983e5152UL, W[24 & 0xf] = Wgen (W,24));
179 SHA2STEP32(h, a, b, c, d, e, f, g, 0xa831c66dUL, W[25&0xf] = Wgen(W,25)); 197 SHA2STEP32 (h, a, b, c, d, e, f, g, 0xa831c66dUL, W[25 & 0xf] = Wgen (W,25));
180 SHA2STEP32(g, h, a, b, c, d, e, f, 0xb00327c8UL, W[26&0xf] = Wgen(W,26)); 198 SHA2STEP32 (g, h, a, b, c, d, e, f, 0xb00327c8UL, W[26 & 0xf] = Wgen (W,26));
181 SHA2STEP32(f, g, h, a, b, c, d, e, 0xbf597fc7UL, W[27&0xf] = Wgen(W,27)); 199 SHA2STEP32 (f, g, h, a, b, c, d, e, 0xbf597fc7UL, W[27 & 0xf] = Wgen (W,27));
182 SHA2STEP32(e, f, g, h, a, b, c, d, 0xc6e00bf3UL, W[28&0xf] = Wgen(W,28)); 200 SHA2STEP32 (e, f, g, h, a, b, c, d, 0xc6e00bf3UL, W[28 & 0xf] = Wgen (W,28));
183 SHA2STEP32(d, e, f, g, h, a, b, c, 0xd5a79147UL, W[29&0xf] = Wgen(W,29)); 201 SHA2STEP32 (d, e, f, g, h, a, b, c, 0xd5a79147UL, W[29 & 0xf] = Wgen (W,29));
184 SHA2STEP32(c, d, e, f, g, h, a, b, 0x06ca6351UL, W[30&0xf] = Wgen(W,30)); 202 SHA2STEP32 (c, d, e, f, g, h, a, b, 0x06ca6351UL, W[30 & 0xf] = Wgen (W,30));
185 SHA2STEP32(b, c, d, e, f, g, h, a, 0x14292967UL, W[31&0xf] = Wgen(W,31)); 203 SHA2STEP32 (b, c, d, e, f, g, h, a, 0x14292967UL, W[31 & 0xf] = Wgen (W,31));
186 SHA2STEP32(a, b, c, d, e, f, g, h, 0x27b70a85UL, W[32&0xf] = Wgen(W,32)); 204 SHA2STEP32 (a, b, c, d, e, f, g, h, 0x27b70a85UL, W[32 & 0xf] = Wgen (W,32));
187 SHA2STEP32(h, a, b, c, d, e, f, g, 0x2e1b2138UL, W[33&0xf] = Wgen(W,33)); 205 SHA2STEP32 (h, a, b, c, d, e, f, g, 0x2e1b2138UL, W[33 & 0xf] = Wgen (W,33));
188 SHA2STEP32(g, h, a, b, c, d, e, f, 0x4d2c6dfcUL, W[34&0xf] = Wgen(W,34)); 206 SHA2STEP32 (g, h, a, b, c, d, e, f, 0x4d2c6dfcUL, W[34 & 0xf] = Wgen (W,34));
189 SHA2STEP32(f, g, h, a, b, c, d, e, 0x53380d13UL, W[35&0xf] = Wgen(W,35)); 207 SHA2STEP32 (f, g, h, a, b, c, d, e, 0x53380d13UL, W[35 & 0xf] = Wgen (W,35));
190 SHA2STEP32(e, f, g, h, a, b, c, d, 0x650a7354UL, W[36&0xf] = Wgen(W,36)); 208 SHA2STEP32 (e, f, g, h, a, b, c, d, 0x650a7354UL, W[36 & 0xf] = Wgen (W,36));
191 SHA2STEP32(d, e, f, g, h, a, b, c, 0x766a0abbUL, W[37&0xf] = Wgen(W,37)); 209 SHA2STEP32 (d, e, f, g, h, a, b, c, 0x766a0abbUL, W[37 & 0xf] = Wgen (W,37));
192 SHA2STEP32(c, d, e, f, g, h, a, b, 0x81c2c92eUL, W[38&0xf] = Wgen(W,38)); 210 SHA2STEP32 (c, d, e, f, g, h, a, b, 0x81c2c92eUL, W[38 & 0xf] = Wgen (W,38));
193 SHA2STEP32(b, c, d, e, f, g, h, a, 0x92722c85UL, W[39&0xf] = Wgen(W,39)); 211 SHA2STEP32 (b, c, d, e, f, g, h, a, 0x92722c85UL, W[39 & 0xf] = Wgen (W,39));
194 SHA2STEP32(a, b, c, d, e, f, g, h, 0xa2bfe8a1UL, W[40&0xf] = Wgen(W,40)); 212 SHA2STEP32 (a, b, c, d, e, f, g, h, 0xa2bfe8a1UL, W[40 & 0xf] = Wgen (W,40));
195 SHA2STEP32(h, a, b, c, d, e, f, g, 0xa81a664bUL, W[41&0xf] = Wgen(W,41)); 213 SHA2STEP32 (h, a, b, c, d, e, f, g, 0xa81a664bUL, W[41 & 0xf] = Wgen (W,41));
196 SHA2STEP32(g, h, a, b, c, d, e, f, 0xc24b8b70UL, W[42&0xf] = Wgen(W,42)); 214 SHA2STEP32 (g, h, a, b, c, d, e, f, 0xc24b8b70UL, W[42 & 0xf] = Wgen (W,42));
197 SHA2STEP32(f, g, h, a, b, c, d, e, 0xc76c51a3UL, W[43&0xf] = Wgen(W,43)); 215 SHA2STEP32 (f, g, h, a, b, c, d, e, 0xc76c51a3UL, W[43 & 0xf] = Wgen (W,43));
198 SHA2STEP32(e, f, g, h, a, b, c, d, 0xd192e819UL, W[44&0xf] = Wgen(W,44)); 216 SHA2STEP32 (e, f, g, h, a, b, c, d, 0xd192e819UL, W[44 & 0xf] = Wgen (W,44));
199 SHA2STEP32(d, e, f, g, h, a, b, c, 0xd6990624UL, W[45&0xf] = Wgen(W,45)); 217 SHA2STEP32 (d, e, f, g, h, a, b, c, 0xd6990624UL, W[45 & 0xf] = Wgen (W,45));
200 SHA2STEP32(c, d, e, f, g, h, a, b, 0xf40e3585UL, W[46&0xf] = Wgen(W,46)); 218 SHA2STEP32 (c, d, e, f, g, h, a, b, 0xf40e3585UL, W[46 & 0xf] = Wgen (W,46));
201 SHA2STEP32(b, c, d, e, f, g, h, a, 0x106aa070UL, W[47&0xf] = Wgen(W,47)); 219 SHA2STEP32 (b, c, d, e, f, g, h, a, 0x106aa070UL, W[47 & 0xf] = Wgen (W,47));
202 SHA2STEP32(a, b, c, d, e, f, g, h, 0x19a4c116UL, W[48&0xf] = Wgen(W,48)); 220 SHA2STEP32 (a, b, c, d, e, f, g, h, 0x19a4c116UL, W[48 & 0xf] = Wgen (W,48));
203 SHA2STEP32(h, a, b, c, d, e, f, g, 0x1e376c08UL, W[49&0xf] = Wgen(W,49)); 221 SHA2STEP32 (h, a, b, c, d, e, f, g, 0x1e376c08UL, W[49 & 0xf] = Wgen (W,49));
204 SHA2STEP32(g, h, a, b, c, d, e, f, 0x2748774cUL, W[50&0xf] = Wgen(W,50)); 222 SHA2STEP32 (g, h, a, b, c, d, e, f, 0x2748774cUL, W[50 & 0xf] = Wgen (W,50));
205 SHA2STEP32(f, g, h, a, b, c, d, e, 0x34b0bcb5UL, W[51&0xf] = Wgen(W,51)); 223 SHA2STEP32 (f, g, h, a, b, c, d, e, 0x34b0bcb5UL, W[51 & 0xf] = Wgen (W,51));
206 SHA2STEP32(e, f, g, h, a, b, c, d, 0x391c0cb3UL, W[52&0xf] = Wgen(W,52)); 224 SHA2STEP32 (e, f, g, h, a, b, c, d, 0x391c0cb3UL, W[52 & 0xf] = Wgen (W,52));
207 SHA2STEP32(d, e, f, g, h, a, b, c, 0x4ed8aa4aUL, W[53&0xf] = Wgen(W,53)); 225 SHA2STEP32 (d, e, f, g, h, a, b, c, 0x4ed8aa4aUL, W[53 & 0xf] = Wgen (W,53));
208 SHA2STEP32(c, d, e, f, g, h, a, b, 0x5b9cca4fUL, W[54&0xf] = Wgen(W,54)); 226 SHA2STEP32 (c, d, e, f, g, h, a, b, 0x5b9cca4fUL, W[54 & 0xf] = Wgen (W,54));
209 SHA2STEP32(b, c, d, e, f, g, h, a, 0x682e6ff3UL, W[55&0xf] = Wgen(W,55)); 227 SHA2STEP32 (b, c, d, e, f, g, h, a, 0x682e6ff3UL, W[55 & 0xf] = Wgen (W,55));
210 SHA2STEP32(a, b, c, d, e, f, g, h, 0x748f82eeUL, W[56&0xf] = Wgen(W,56)); 228 SHA2STEP32 (a, b, c, d, e, f, g, h, 0x748f82eeUL, W[56 & 0xf] = Wgen (W,56));
211 SHA2STEP32(h, a, b, c, d, e, f, g, 0x78a5636fUL, W[57&0xf] = Wgen(W,57)); 229 SHA2STEP32 (h, a, b, c, d, e, f, g, 0x78a5636fUL, W[57 & 0xf] = Wgen (W,57));
212 SHA2STEP32(g, h, a, b, c, d, e, f, 0x84c87814UL, W[58&0xf] = Wgen(W,58)); 230 SHA2STEP32 (g, h, a, b, c, d, e, f, 0x84c87814UL, W[58 & 0xf] = Wgen (W,58));
213 SHA2STEP32(f, g, h, a, b, c, d, e, 0x8cc70208UL, W[59&0xf] = Wgen(W,59)); 231 SHA2STEP32 (f, g, h, a, b, c, d, e, 0x8cc70208UL, W[59 & 0xf] = Wgen (W,59));
214 SHA2STEP32(e, f, g, h, a, b, c, d, 0x90befffaUL, W[60&0xf] = Wgen(W,60)); 232 SHA2STEP32 (e, f, g, h, a, b, c, d, 0x90befffaUL, W[60 & 0xf] = Wgen (W,60));
215 SHA2STEP32(d, e, f, g, h, a, b, c, 0xa4506cebUL, W[61&0xf] = Wgen(W,61)); 233 SHA2STEP32 (d, e, f, g, h, a, b, c, 0xa4506cebUL, W[61 & 0xf] = Wgen (W,61));
216 SHA2STEP32(c, d, e, f, g, h, a, b, 0xbef9a3f7UL, W[62&0xf] = Wgen(W,62)); 234 SHA2STEP32 (c, d, e, f, g, h, a, b, 0xbef9a3f7UL, W[62 & 0xf] = Wgen (W,62));
217 SHA2STEP32(b, c, d, e, f, g, h, a, 0xc67178f2UL, W[63&0xf] = Wgen(W,63)); 235 SHA2STEP32 (b, c, d, e, f, g, h, a, 0xc67178f2UL, W[63 & 0xf] = Wgen (W,63));
218 236
219 /* Compute intermediate hash. 237 /* Compute intermediate hash.
220 See FIPS PUB 180-4 paragraph 4.2.2 step 4. */ 238 See FIPS PUB 180-4 paragraph 4.2.2 step 4. */
@@ -237,51 +255,51 @@ sha256_transform (uint32_t H[_SHA256_DIGEST_LENGTH],
237 */ 255 */
238void 256void
239MHD_SHA256_update (void *ctx_, 257MHD_SHA256_update (void *ctx_,
240 const uint8_t *data, 258 const uint8_t *data,
241 size_t length) 259 size_t length)
242{ 260{
243 struct sha256_ctx *const ctx = ctx_; 261 struct sha256_ctx *const ctx = ctx_;
244 unsigned bytes_have; /**< Number of bytes in buffer */ 262 unsigned bytes_have; /**< Number of bytes in buffer */
245 263
246 mhd_assert((data != NULL) || (length == 0)); 264 mhd_assert ((data != NULL) || (length == 0));
247 265
248 if (0 == length) 266 if (0 == length)
249 return; /* Do nothing */ 267 return; /* Do nothing */
250 268
251 /* Note: (count & (SHA256_BLOCK_SIZE-1)) 269 /* Note: (count & (SHA256_BLOCK_SIZE-1))
252 equal (count % SHA256_BLOCK_SIZE) for this block size. */ 270 equal (count % SHA256_BLOCK_SIZE) for this block size. */
253 bytes_have = (unsigned)(ctx->count & (SHA256_BLOCK_SIZE-1)); 271 bytes_have = (unsigned) (ctx->count & (SHA256_BLOCK_SIZE - 1));
254 ctx->count += length; 272 ctx->count += length;
255 273
256 if (0 != bytes_have) 274 if (0 != bytes_have)
257 { 275 {
258 unsigned bytes_left = SHA256_BLOCK_SIZE - bytes_have; 276 unsigned bytes_left = SHA256_BLOCK_SIZE - bytes_have;
259 if (length >= bytes_left) 277 if (length >= bytes_left)
260 { /* Combine new data with data in buffer and 278 { /* Combine new data with data in buffer and
261 process full block. */ 279 process full block. */
262 memcpy (ctx->buffer + bytes_have, 280 memcpy (ctx->buffer + bytes_have,
263 data, 281 data,
264 bytes_left); 282 bytes_left);
265 data += bytes_left; 283 data += bytes_left;
266 length -= bytes_left; 284 length -= bytes_left;
267 sha256_transform (ctx->H, ctx->buffer); 285 sha256_transform (ctx->H, ctx->buffer);
268 bytes_have = 0; 286 bytes_have = 0;
269 }
270 } 287 }
288 }
271 289
272 while (SHA256_BLOCK_SIZE <= length) 290 while (SHA256_BLOCK_SIZE <= length)
273 { /* Process any full blocks of new data directly, 291 { /* Process any full blocks of new data directly,
274 without copying to buffer. */ 292 without copying to buffer. */
275 sha256_transform (ctx->H, data); 293 sha256_transform (ctx->H, data);
276 data += SHA256_BLOCK_SIZE; 294 data += SHA256_BLOCK_SIZE;
277 length -= SHA256_BLOCK_SIZE; 295 length -= SHA256_BLOCK_SIZE;
278 } 296 }
279 297
280 if (0 != length) 298 if (0 != length)
281 { /* Copy incomplete block of new data (if any) 299 { /* Copy incomplete block of new data (if any)
282 to buffer. */ 300 to buffer. */
283 memcpy (ctx->buffer + bytes_have, data, length); 301 memcpy (ctx->buffer + bytes_have, data, length);
284 } 302 }
285} 303}
286 304
287 305
@@ -308,7 +326,7 @@ sha256_finish (void *ctx_,
308 num_bits = ctx->count << 3; 326 num_bits = ctx->count << 3;
309 /* Note: (count & (SHA256_BLOCK_SIZE-1)) 327 /* Note: (count & (SHA256_BLOCK_SIZE-1))
310 equal (count % SHA256_BLOCK_SIZE) for this block size. */ 328 equal (count % SHA256_BLOCK_SIZE) for this block size. */
311 bytes_have = (unsigned)(ctx->count & (SHA256_BLOCK_SIZE-1)); 329 bytes_have = (unsigned) (ctx->count & (SHA256_BLOCK_SIZE - 1));
312 330
313 /* Input data must be padded with bit "1" and with length of data in bits. 331 /* Input data must be padded with bit "1" and with length of data in bits.
314 See FIPS PUB 180-4 paragraph 5.1.1. */ 332 See FIPS PUB 180-4 paragraph 5.1.1. */
@@ -319,33 +337,35 @@ sha256_finish (void *ctx_,
319 ctx->buffer[bytes_have++] = 0x80; 337 ctx->buffer[bytes_have++] = 0x80;
320 338
321 if (SHA256_BLOCK_SIZE - bytes_have < SHA256_SIZE_OF_LEN_ADD) 339 if (SHA256_BLOCK_SIZE - bytes_have < SHA256_SIZE_OF_LEN_ADD)
322 { /* No space in current block to put total length of message. 340 { /* No space in current block to put total length of message.
323 Pad current block with zeros and process it. */ 341 Pad current block with zeros and process it. */
324 while (bytes_have < SHA256_BLOCK_SIZE) ctx->buffer[bytes_have++] = 0; 342 while (bytes_have < SHA256_BLOCK_SIZE)
325 /* Process full block. */ 343 ctx->buffer[bytes_have++] = 0;
326 sha256_transform (ctx->H, ctx->buffer); 344 /* Process full block. */
327 /* Start new block. */ 345 sha256_transform (ctx->H, ctx->buffer);
328 bytes_have = 0; 346 /* Start new block. */
329 } 347 bytes_have = 0;
348 }
330 349
331 /* Pad the rest of the buffer with zeros. */ 350 /* Pad the rest of the buffer with zeros. */
332 memset(ctx->buffer + bytes_have, 0, 351 memset (ctx->buffer + bytes_have, 0,
333 SHA256_BLOCK_SIZE - SHA256_SIZE_OF_LEN_ADD - bytes_have); 352 SHA256_BLOCK_SIZE - SHA256_SIZE_OF_LEN_ADD - bytes_have);
334 /* Put number of bits in processed message as big-endian value. */ 353 /* Put number of bits in processed message as big-endian value. */
335 _MHD_PUT_64BIT_BE(ctx->buffer + SHA256_BLOCK_SIZE - SHA256_SIZE_OF_LEN_ADD, num_bits); 354 _MHD_PUT_64BIT_BE (ctx->buffer + SHA256_BLOCK_SIZE - SHA256_SIZE_OF_LEN_ADD,
355 num_bits);
336 /* Process full final block. */ 356 /* Process full final block. */
337 sha256_transform (ctx->H, ctx->buffer); 357 sha256_transform (ctx->H, ctx->buffer);
338 358
339 /* Put final hash/digest in BE mode */ 359 /* Put final hash/digest in BE mode */
340 _MHD_PUT_32BIT_BE(digest + 0 * SHA256_BYTES_IN_WORD, ctx->H[0]); 360 _MHD_PUT_32BIT_BE (digest + 0 * SHA256_BYTES_IN_WORD, ctx->H[0]);
341 _MHD_PUT_32BIT_BE(digest + 1 * SHA256_BYTES_IN_WORD, ctx->H[1]); 361 _MHD_PUT_32BIT_BE (digest + 1 * SHA256_BYTES_IN_WORD, ctx->H[1]);
342 _MHD_PUT_32BIT_BE(digest + 2 * SHA256_BYTES_IN_WORD, ctx->H[2]); 362 _MHD_PUT_32BIT_BE (digest + 2 * SHA256_BYTES_IN_WORD, ctx->H[2]);
343 _MHD_PUT_32BIT_BE(digest + 3 * SHA256_BYTES_IN_WORD, ctx->H[3]); 363 _MHD_PUT_32BIT_BE (digest + 3 * SHA256_BYTES_IN_WORD, ctx->H[3]);
344 _MHD_PUT_32BIT_BE(digest + 4 * SHA256_BYTES_IN_WORD, ctx->H[4]); 364 _MHD_PUT_32BIT_BE (digest + 4 * SHA256_BYTES_IN_WORD, ctx->H[4]);
345 _MHD_PUT_32BIT_BE(digest + 5 * SHA256_BYTES_IN_WORD, ctx->H[5]); 365 _MHD_PUT_32BIT_BE (digest + 5 * SHA256_BYTES_IN_WORD, ctx->H[5]);
346 _MHD_PUT_32BIT_BE(digest + 6 * SHA256_BYTES_IN_WORD, ctx->H[6]); 366 _MHD_PUT_32BIT_BE (digest + 6 * SHA256_BYTES_IN_WORD, ctx->H[6]);
347 _MHD_PUT_32BIT_BE(digest + 7 * SHA256_BYTES_IN_WORD, ctx->H[7]); 367 _MHD_PUT_32BIT_BE (digest + 7 * SHA256_BYTES_IN_WORD, ctx->H[7]);
348 368
349 /* Erase potentially sensitive data. */ 369 /* Erase potentially sensitive data. */
350 memset(ctx, 0, sizeof(struct sha256_ctx)); 370 memset (ctx, 0, sizeof(struct sha256_ctx));
351} 371}