diff options
Diffstat (limited to 'src/microhttpd/sha256.c')
-rw-r--r-- | src/microhttpd/sha256.c | 254 |
1 files changed, 137 insertions, 117 deletions
diff --git a/src/microhttpd/sha256.c b/src/microhttpd/sha256.c index b47a773b..846a43b7 100644 --- a/src/microhttpd/sha256.c +++ b/src/microhttpd/sha256.c | |||
@@ -104,10 +104,12 @@ sha256_transform (uint32_t H[_SHA256_DIGEST_LENGTH], | |||
104 | 104 | ||
105 | /* Four 'Sigma' macro functions. | 105 | /* Four 'Sigma' macro functions. |
106 | See FIPS PUB 180-4 formulae 4.4, 4.5, 4.6, 4.7. */ | 106 | See FIPS PUB 180-4 formulae 4.4, 4.5, 4.6, 4.7. */ |
107 | #define SIG0(x) ( _MHD_ROTR32((x),2) ^ _MHD_ROTR32((x),13) ^ _MHD_ROTR32((x),22) ) | 107 | #define SIG0(x) (_MHD_ROTR32 ((x),2) ^ _MHD_ROTR32 ((x),13) ^ _MHD_ROTR32 ((x), \ |
108 | #define SIG1(x) ( _MHD_ROTR32((x),6) ^ _MHD_ROTR32((x),11) ^ _MHD_ROTR32((x),25) ) | 108 | 22) ) |
109 | #define sig0(x) ( _MHD_ROTR32((x),7) ^ _MHD_ROTR32((x),18) ^ ((x) >> 3) ) | 109 | #define SIG1(x) (_MHD_ROTR32 ((x),6) ^ _MHD_ROTR32 ((x),11) ^ _MHD_ROTR32 ((x), \ |
110 | #define sig1(x) ( _MHD_ROTR32((x),17) ^ _MHD_ROTR32((x),19) ^ ((x) >> 10) ) | 110 | 25) ) |
111 | #define sig0(x) (_MHD_ROTR32 ((x),7) ^ _MHD_ROTR32 ((x),18) ^ ((x) >> 3) ) | ||
112 | #define sig1(x) (_MHD_ROTR32 ((x),17) ^ _MHD_ROTR32 ((x),19) ^ ((x) >> 10) ) | ||
111 | 113 | ||
112 | /* Single step of SHA-256 computation, | 114 | /* Single step of SHA-256 computation, |
113 | see FIPS PUB 180-4 paragraph 6.2.2 step 3. | 115 | see FIPS PUB 180-4 paragraph 6.2.2 step 3. |
@@ -122,99 +124,115 @@ sha256_transform (uint32_t H[_SHA256_DIGEST_LENGTH], | |||
122 | * Note: 'wt' must be used exactly one time in this macro as it change other data as well | 124 | * Note: 'wt' must be used exactly one time in this macro as it change other data as well |
123 | every time when used. */ | 125 | every time when used. */ |
124 | #define SHA2STEP32(vA,vB,vC,vD,vE,vF,vG,vH,kt,wt) do { \ | 126 | #define SHA2STEP32(vA,vB,vC,vD,vE,vF,vG,vH,kt,wt) do { \ |
125 | (vD) += ((vH) += SIG1((vE)) + Ch((vE),(vF),(vG)) + (kt) + (wt)); \ | 127 | (vD) += ((vH) += SIG1 ((vE)) + Ch ((vE),(vF),(vG)) + (kt) + (wt)); \ |
126 | (vH) += SIG0((vA)) + Maj((vA),(vB),(vC)); } while (0) | 128 | (vH) += SIG0 ((vA)) + Maj ((vA),(vB),(vC)); } while (0) |
127 | 129 | ||
128 | /* Get value of W(t) from input data buffer, | 130 | /* Get value of W(t) from input data buffer, |
129 | See FIPS PUB 180-4 paragraph 6.2. | 131 | See FIPS PUB 180-4 paragraph 6.2. |
130 | Input data must be read in big-endian bytes order, | 132 | Input data must be read in big-endian bytes order, |
131 | see FIPS PUB 180-4 paragraph 3.1.2. */ | 133 | see FIPS PUB 180-4 paragraph 3.1.2. */ |
132 | #define GET_W_FROM_DATA(buf,t) \ | 134 | #define GET_W_FROM_DATA(buf,t) \ |
133 | _MHD_GET_32BIT_BE(((const uint8_t*)(buf)) + (t) * SHA256_BYTES_IN_WORD) | 135 | _MHD_GET_32BIT_BE (((const uint8_t*) (buf)) + (t) * SHA256_BYTES_IN_WORD) |
134 | 136 | ||
135 | /* During first 16 steps, before making any calculations on each step, | 137 | /* During first 16 steps, before making any calculations on each step, |
136 | the W element is read from input data buffer as big-endian value and | 138 | the W element is read from input data buffer as big-endian value and |
137 | stored in array of W elements. */ | 139 | stored in array of W elements. */ |
138 | /* Note: instead of using K constants as array, all K values are specified | 140 | /* Note: instead of using K constants as array, all K values are specified |
139 | individually for each step, see FIPS PUB 180-4 paragraph 4.2.2 for K values. */ | 141 | individually for each step, see FIPS PUB 180-4 paragraph 4.2.2 for K values. */ |
140 | SHA2STEP32(a, b, c, d, e, f, g, h, 0x428a2f98UL, W[0] = GET_W_FROM_DATA(data,0)); | 142 | SHA2STEP32 (a, b, c, d, e, f, g, h, 0x428a2f98UL, W[0] = GET_W_FROM_DATA ( |
141 | SHA2STEP32(h, a, b, c, d, e, f, g, 0x71374491UL, W[1] = GET_W_FROM_DATA(data,1)); | 143 | data,0)); |
142 | SHA2STEP32(g, h, a, b, c, d, e, f, 0xb5c0fbcfUL, W[2] = GET_W_FROM_DATA(data,2)); | 144 | SHA2STEP32 (h, a, b, c, d, e, f, g, 0x71374491UL, W[1] = GET_W_FROM_DATA ( |
143 | SHA2STEP32(f, g, h, a, b, c, d, e, 0xe9b5dba5UL, W[3] = GET_W_FROM_DATA(data,3)); | 145 | data,1)); |
144 | SHA2STEP32(e, f, g, h, a, b, c, d, 0x3956c25bUL, W[4] = GET_W_FROM_DATA(data,4)); | 146 | SHA2STEP32 (g, h, a, b, c, d, e, f, 0xb5c0fbcfUL, W[2] = GET_W_FROM_DATA ( |
145 | SHA2STEP32(d, e, f, g, h, a, b, c, 0x59f111f1UL, W[5] = GET_W_FROM_DATA(data,5)); | 147 | data,2)); |
146 | SHA2STEP32(c, d, e, f, g, h, a, b, 0x923f82a4UL, W[6] = GET_W_FROM_DATA(data,6)); | 148 | SHA2STEP32 (f, g, h, a, b, c, d, e, 0xe9b5dba5UL, W[3] = GET_W_FROM_DATA ( |
147 | SHA2STEP32(b, c, d, e, f, g, h, a, 0xab1c5ed5UL, W[7] = GET_W_FROM_DATA(data,7)); | 149 | data,3)); |
148 | SHA2STEP32(a, b, c, d, e, f, g, h, 0xd807aa98UL, W[8] = GET_W_FROM_DATA(data,8)); | 150 | SHA2STEP32 (e, f, g, h, a, b, c, d, 0x3956c25bUL, W[4] = GET_W_FROM_DATA ( |
149 | SHA2STEP32(h, a, b, c, d, e, f, g, 0x12835b01UL, W[9] = GET_W_FROM_DATA(data,9)); | 151 | data,4)); |
150 | SHA2STEP32(g, h, a, b, c, d, e, f, 0x243185beUL, W[10] = GET_W_FROM_DATA(data,10)); | 152 | SHA2STEP32 (d, e, f, g, h, a, b, c, 0x59f111f1UL, W[5] = GET_W_FROM_DATA ( |
151 | SHA2STEP32(f, g, h, a, b, c, d, e, 0x550c7dc3UL, W[11] = GET_W_FROM_DATA(data,11)); | 153 | data,5)); |
152 | SHA2STEP32(e, f, g, h, a, b, c, d, 0x72be5d74UL, W[12] = GET_W_FROM_DATA(data,12)); | 154 | SHA2STEP32 (c, d, e, f, g, h, a, b, 0x923f82a4UL, W[6] = GET_W_FROM_DATA ( |
153 | SHA2STEP32(d, e, f, g, h, a, b, c, 0x80deb1feUL, W[13] = GET_W_FROM_DATA(data,13)); | 155 | data,6)); |
154 | SHA2STEP32(c, d, e, f, g, h, a, b, 0x9bdc06a7UL, W[14] = GET_W_FROM_DATA(data,14)); | 156 | SHA2STEP32 (b, c, d, e, f, g, h, a, 0xab1c5ed5UL, W[7] = GET_W_FROM_DATA ( |
155 | SHA2STEP32(b, c, d, e, f, g, h, a, 0xc19bf174UL, W[15] = GET_W_FROM_DATA(data,15)); | 157 | data,7)); |
158 | SHA2STEP32 (a, b, c, d, e, f, g, h, 0xd807aa98UL, W[8] = GET_W_FROM_DATA ( | ||
159 | data,8)); | ||
160 | SHA2STEP32 (h, a, b, c, d, e, f, g, 0x12835b01UL, W[9] = GET_W_FROM_DATA ( | ||
161 | data,9)); | ||
162 | SHA2STEP32 (g, h, a, b, c, d, e, f, 0x243185beUL, W[10] = GET_W_FROM_DATA ( | ||
163 | data,10)); | ||
164 | SHA2STEP32 (f, g, h, a, b, c, d, e, 0x550c7dc3UL, W[11] = GET_W_FROM_DATA ( | ||
165 | data,11)); | ||
166 | SHA2STEP32 (e, f, g, h, a, b, c, d, 0x72be5d74UL, W[12] = GET_W_FROM_DATA ( | ||
167 | data,12)); | ||
168 | SHA2STEP32 (d, e, f, g, h, a, b, c, 0x80deb1feUL, W[13] = GET_W_FROM_DATA ( | ||
169 | data,13)); | ||
170 | SHA2STEP32 (c, d, e, f, g, h, a, b, 0x9bdc06a7UL, W[14] = GET_W_FROM_DATA ( | ||
171 | data,14)); | ||
172 | SHA2STEP32 (b, c, d, e, f, g, h, a, 0xc19bf174UL, W[15] = GET_W_FROM_DATA ( | ||
173 | data,15)); | ||
156 | 174 | ||
157 | /* 'W' generation and assignment for 16 <= t <= 63. | 175 | /* 'W' generation and assignment for 16 <= t <= 63. |
158 | See FIPS PUB 180-4 paragraph 6.2.2. | 176 | See FIPS PUB 180-4 paragraph 6.2.2. |
159 | As only last 16 'W' are used in calculations, it is possible to | 177 | As only last 16 'W' are used in calculations, it is possible to |
160 | use 16 elements array of W as cyclic buffer. | 178 | use 16 elements array of W as cyclic buffer. |
161 | * Note: ((t-16)&0xf) have same value as (t&0xf) */ | 179 | * Note: ((t-16)&0xf) have same value as (t&0xf) */ |
162 | #define Wgen(w,t) ( (w)[(t-16)&0xf] + sig1((w)[((t)-2)&0xf]) + \ | 180 | #define Wgen(w,t) ( (w)[(t - 16) & 0xf] + sig1 ((w)[((t) - 2) & 0xf]) \ |
163 | (w)[((t)-7)&0xf] + sig0((w)[((t)-15)&0xf]) ) | 181 | + (w)[((t) - 7) & 0xf] + sig0 ((w)[((t) - 15) & 0xf]) ) |
164 | 182 | ||
165 | /* During last 48 steps, before making any calculations on each step, | 183 | /* During last 48 steps, before making any calculations on each step, |
166 | W element is generated from W elements of cyclic buffer and generated value | 184 | W element is generated from W elements of cyclic buffer and generated value |
167 | stored back in cyclic buffer. */ | 185 | stored back in cyclic buffer. */ |
168 | /* Note: instead of using K constants as array, all K values are specified | 186 | /* Note: instead of using K constants as array, all K values are specified |
169 | individually for each step, see FIPS PUB 180-4 paragraph 4.2.2 for K values. */ | 187 | individually for each step, see FIPS PUB 180-4 paragraph 4.2.2 for K values. */ |
170 | SHA2STEP32(a, b, c, d, e, f, g, h, 0xe49b69c1UL, W[16&0xf] = Wgen(W,16)); | 188 | SHA2STEP32 (a, b, c, d, e, f, g, h, 0xe49b69c1UL, W[16 & 0xf] = Wgen (W,16)); |
171 | SHA2STEP32(h, a, b, c, d, e, f, g, 0xefbe4786UL, W[17&0xf] = Wgen(W,17)); | 189 | SHA2STEP32 (h, a, b, c, d, e, f, g, 0xefbe4786UL, W[17 & 0xf] = Wgen (W,17)); |
172 | SHA2STEP32(g, h, a, b, c, d, e, f, 0x0fc19dc6UL, W[18&0xf] = Wgen(W,18)); | 190 | SHA2STEP32 (g, h, a, b, c, d, e, f, 0x0fc19dc6UL, W[18 & 0xf] = Wgen (W,18)); |
173 | SHA2STEP32(f, g, h, a, b, c, d, e, 0x240ca1ccUL, W[19&0xf] = Wgen(W,19)); | 191 | SHA2STEP32 (f, g, h, a, b, c, d, e, 0x240ca1ccUL, W[19 & 0xf] = Wgen (W,19)); |
174 | SHA2STEP32(e, f, g, h, a, b, c, d, 0x2de92c6fUL, W[20&0xf] = Wgen(W,20)); | 192 | SHA2STEP32 (e, f, g, h, a, b, c, d, 0x2de92c6fUL, W[20 & 0xf] = Wgen (W,20)); |
175 | SHA2STEP32(d, e, f, g, h, a, b, c, 0x4a7484aaUL, W[21&0xf] = Wgen(W,21)); | 193 | SHA2STEP32 (d, e, f, g, h, a, b, c, 0x4a7484aaUL, W[21 & 0xf] = Wgen (W,21)); |
176 | SHA2STEP32(c, d, e, f, g, h, a, b, 0x5cb0a9dcUL, W[22&0xf] = Wgen(W,22)); | 194 | SHA2STEP32 (c, d, e, f, g, h, a, b, 0x5cb0a9dcUL, W[22 & 0xf] = Wgen (W,22)); |
177 | SHA2STEP32(b, c, d, e, f, g, h, a, 0x76f988daUL, W[23&0xf] = Wgen(W,23)); | 195 | SHA2STEP32 (b, c, d, e, f, g, h, a, 0x76f988daUL, W[23 & 0xf] = Wgen (W,23)); |
178 | SHA2STEP32(a, b, c, d, e, f, g, h, 0x983e5152UL, W[24&0xf] = Wgen(W,24)); | 196 | SHA2STEP32 (a, b, c, d, e, f, g, h, 0x983e5152UL, W[24 & 0xf] = Wgen (W,24)); |
179 | SHA2STEP32(h, a, b, c, d, e, f, g, 0xa831c66dUL, W[25&0xf] = Wgen(W,25)); | 197 | SHA2STEP32 (h, a, b, c, d, e, f, g, 0xa831c66dUL, W[25 & 0xf] = Wgen (W,25)); |
180 | SHA2STEP32(g, h, a, b, c, d, e, f, 0xb00327c8UL, W[26&0xf] = Wgen(W,26)); | 198 | SHA2STEP32 (g, h, a, b, c, d, e, f, 0xb00327c8UL, W[26 & 0xf] = Wgen (W,26)); |
181 | SHA2STEP32(f, g, h, a, b, c, d, e, 0xbf597fc7UL, W[27&0xf] = Wgen(W,27)); | 199 | SHA2STEP32 (f, g, h, a, b, c, d, e, 0xbf597fc7UL, W[27 & 0xf] = Wgen (W,27)); |
182 | SHA2STEP32(e, f, g, h, a, b, c, d, 0xc6e00bf3UL, W[28&0xf] = Wgen(W,28)); | 200 | SHA2STEP32 (e, f, g, h, a, b, c, d, 0xc6e00bf3UL, W[28 & 0xf] = Wgen (W,28)); |
183 | SHA2STEP32(d, e, f, g, h, a, b, c, 0xd5a79147UL, W[29&0xf] = Wgen(W,29)); | 201 | SHA2STEP32 (d, e, f, g, h, a, b, c, 0xd5a79147UL, W[29 & 0xf] = Wgen (W,29)); |
184 | SHA2STEP32(c, d, e, f, g, h, a, b, 0x06ca6351UL, W[30&0xf] = Wgen(W,30)); | 202 | SHA2STEP32 (c, d, e, f, g, h, a, b, 0x06ca6351UL, W[30 & 0xf] = Wgen (W,30)); |
185 | SHA2STEP32(b, c, d, e, f, g, h, a, 0x14292967UL, W[31&0xf] = Wgen(W,31)); | 203 | SHA2STEP32 (b, c, d, e, f, g, h, a, 0x14292967UL, W[31 & 0xf] = Wgen (W,31)); |
186 | SHA2STEP32(a, b, c, d, e, f, g, h, 0x27b70a85UL, W[32&0xf] = Wgen(W,32)); | 204 | SHA2STEP32 (a, b, c, d, e, f, g, h, 0x27b70a85UL, W[32 & 0xf] = Wgen (W,32)); |
187 | SHA2STEP32(h, a, b, c, d, e, f, g, 0x2e1b2138UL, W[33&0xf] = Wgen(W,33)); | 205 | SHA2STEP32 (h, a, b, c, d, e, f, g, 0x2e1b2138UL, W[33 & 0xf] = Wgen (W,33)); |
188 | SHA2STEP32(g, h, a, b, c, d, e, f, 0x4d2c6dfcUL, W[34&0xf] = Wgen(W,34)); | 206 | SHA2STEP32 (g, h, a, b, c, d, e, f, 0x4d2c6dfcUL, W[34 & 0xf] = Wgen (W,34)); |
189 | SHA2STEP32(f, g, h, a, b, c, d, e, 0x53380d13UL, W[35&0xf] = Wgen(W,35)); | 207 | SHA2STEP32 (f, g, h, a, b, c, d, e, 0x53380d13UL, W[35 & 0xf] = Wgen (W,35)); |
190 | SHA2STEP32(e, f, g, h, a, b, c, d, 0x650a7354UL, W[36&0xf] = Wgen(W,36)); | 208 | SHA2STEP32 (e, f, g, h, a, b, c, d, 0x650a7354UL, W[36 & 0xf] = Wgen (W,36)); |
191 | SHA2STEP32(d, e, f, g, h, a, b, c, 0x766a0abbUL, W[37&0xf] = Wgen(W,37)); | 209 | SHA2STEP32 (d, e, f, g, h, a, b, c, 0x766a0abbUL, W[37 & 0xf] = Wgen (W,37)); |
192 | SHA2STEP32(c, d, e, f, g, h, a, b, 0x81c2c92eUL, W[38&0xf] = Wgen(W,38)); | 210 | SHA2STEP32 (c, d, e, f, g, h, a, b, 0x81c2c92eUL, W[38 & 0xf] = Wgen (W,38)); |
193 | SHA2STEP32(b, c, d, e, f, g, h, a, 0x92722c85UL, W[39&0xf] = Wgen(W,39)); | 211 | SHA2STEP32 (b, c, d, e, f, g, h, a, 0x92722c85UL, W[39 & 0xf] = Wgen (W,39)); |
194 | SHA2STEP32(a, b, c, d, e, f, g, h, 0xa2bfe8a1UL, W[40&0xf] = Wgen(W,40)); | 212 | SHA2STEP32 (a, b, c, d, e, f, g, h, 0xa2bfe8a1UL, W[40 & 0xf] = Wgen (W,40)); |
195 | SHA2STEP32(h, a, b, c, d, e, f, g, 0xa81a664bUL, W[41&0xf] = Wgen(W,41)); | 213 | SHA2STEP32 (h, a, b, c, d, e, f, g, 0xa81a664bUL, W[41 & 0xf] = Wgen (W,41)); |
196 | SHA2STEP32(g, h, a, b, c, d, e, f, 0xc24b8b70UL, W[42&0xf] = Wgen(W,42)); | 214 | SHA2STEP32 (g, h, a, b, c, d, e, f, 0xc24b8b70UL, W[42 & 0xf] = Wgen (W,42)); |
197 | SHA2STEP32(f, g, h, a, b, c, d, e, 0xc76c51a3UL, W[43&0xf] = Wgen(W,43)); | 215 | SHA2STEP32 (f, g, h, a, b, c, d, e, 0xc76c51a3UL, W[43 & 0xf] = Wgen (W,43)); |
198 | SHA2STEP32(e, f, g, h, a, b, c, d, 0xd192e819UL, W[44&0xf] = Wgen(W,44)); | 216 | SHA2STEP32 (e, f, g, h, a, b, c, d, 0xd192e819UL, W[44 & 0xf] = Wgen (W,44)); |
199 | SHA2STEP32(d, e, f, g, h, a, b, c, 0xd6990624UL, W[45&0xf] = Wgen(W,45)); | 217 | SHA2STEP32 (d, e, f, g, h, a, b, c, 0xd6990624UL, W[45 & 0xf] = Wgen (W,45)); |
200 | SHA2STEP32(c, d, e, f, g, h, a, b, 0xf40e3585UL, W[46&0xf] = Wgen(W,46)); | 218 | SHA2STEP32 (c, d, e, f, g, h, a, b, 0xf40e3585UL, W[46 & 0xf] = Wgen (W,46)); |
201 | SHA2STEP32(b, c, d, e, f, g, h, a, 0x106aa070UL, W[47&0xf] = Wgen(W,47)); | 219 | SHA2STEP32 (b, c, d, e, f, g, h, a, 0x106aa070UL, W[47 & 0xf] = Wgen (W,47)); |
202 | SHA2STEP32(a, b, c, d, e, f, g, h, 0x19a4c116UL, W[48&0xf] = Wgen(W,48)); | 220 | SHA2STEP32 (a, b, c, d, e, f, g, h, 0x19a4c116UL, W[48 & 0xf] = Wgen (W,48)); |
203 | SHA2STEP32(h, a, b, c, d, e, f, g, 0x1e376c08UL, W[49&0xf] = Wgen(W,49)); | 221 | SHA2STEP32 (h, a, b, c, d, e, f, g, 0x1e376c08UL, W[49 & 0xf] = Wgen (W,49)); |
204 | SHA2STEP32(g, h, a, b, c, d, e, f, 0x2748774cUL, W[50&0xf] = Wgen(W,50)); | 222 | SHA2STEP32 (g, h, a, b, c, d, e, f, 0x2748774cUL, W[50 & 0xf] = Wgen (W,50)); |
205 | SHA2STEP32(f, g, h, a, b, c, d, e, 0x34b0bcb5UL, W[51&0xf] = Wgen(W,51)); | 223 | SHA2STEP32 (f, g, h, a, b, c, d, e, 0x34b0bcb5UL, W[51 & 0xf] = Wgen (W,51)); |
206 | SHA2STEP32(e, f, g, h, a, b, c, d, 0x391c0cb3UL, W[52&0xf] = Wgen(W,52)); | 224 | SHA2STEP32 (e, f, g, h, a, b, c, d, 0x391c0cb3UL, W[52 & 0xf] = Wgen (W,52)); |
207 | SHA2STEP32(d, e, f, g, h, a, b, c, 0x4ed8aa4aUL, W[53&0xf] = Wgen(W,53)); | 225 | SHA2STEP32 (d, e, f, g, h, a, b, c, 0x4ed8aa4aUL, W[53 & 0xf] = Wgen (W,53)); |
208 | SHA2STEP32(c, d, e, f, g, h, a, b, 0x5b9cca4fUL, W[54&0xf] = Wgen(W,54)); | 226 | SHA2STEP32 (c, d, e, f, g, h, a, b, 0x5b9cca4fUL, W[54 & 0xf] = Wgen (W,54)); |
209 | SHA2STEP32(b, c, d, e, f, g, h, a, 0x682e6ff3UL, W[55&0xf] = Wgen(W,55)); | 227 | SHA2STEP32 (b, c, d, e, f, g, h, a, 0x682e6ff3UL, W[55 & 0xf] = Wgen (W,55)); |
210 | SHA2STEP32(a, b, c, d, e, f, g, h, 0x748f82eeUL, W[56&0xf] = Wgen(W,56)); | 228 | SHA2STEP32 (a, b, c, d, e, f, g, h, 0x748f82eeUL, W[56 & 0xf] = Wgen (W,56)); |
211 | SHA2STEP32(h, a, b, c, d, e, f, g, 0x78a5636fUL, W[57&0xf] = Wgen(W,57)); | 229 | SHA2STEP32 (h, a, b, c, d, e, f, g, 0x78a5636fUL, W[57 & 0xf] = Wgen (W,57)); |
212 | SHA2STEP32(g, h, a, b, c, d, e, f, 0x84c87814UL, W[58&0xf] = Wgen(W,58)); | 230 | SHA2STEP32 (g, h, a, b, c, d, e, f, 0x84c87814UL, W[58 & 0xf] = Wgen (W,58)); |
213 | SHA2STEP32(f, g, h, a, b, c, d, e, 0x8cc70208UL, W[59&0xf] = Wgen(W,59)); | 231 | SHA2STEP32 (f, g, h, a, b, c, d, e, 0x8cc70208UL, W[59 & 0xf] = Wgen (W,59)); |
214 | SHA2STEP32(e, f, g, h, a, b, c, d, 0x90befffaUL, W[60&0xf] = Wgen(W,60)); | 232 | SHA2STEP32 (e, f, g, h, a, b, c, d, 0x90befffaUL, W[60 & 0xf] = Wgen (W,60)); |
215 | SHA2STEP32(d, e, f, g, h, a, b, c, 0xa4506cebUL, W[61&0xf] = Wgen(W,61)); | 233 | SHA2STEP32 (d, e, f, g, h, a, b, c, 0xa4506cebUL, W[61 & 0xf] = Wgen (W,61)); |
216 | SHA2STEP32(c, d, e, f, g, h, a, b, 0xbef9a3f7UL, W[62&0xf] = Wgen(W,62)); | 234 | SHA2STEP32 (c, d, e, f, g, h, a, b, 0xbef9a3f7UL, W[62 & 0xf] = Wgen (W,62)); |
217 | SHA2STEP32(b, c, d, e, f, g, h, a, 0xc67178f2UL, W[63&0xf] = Wgen(W,63)); | 235 | SHA2STEP32 (b, c, d, e, f, g, h, a, 0xc67178f2UL, W[63 & 0xf] = Wgen (W,63)); |
218 | 236 | ||
219 | /* Compute intermediate hash. | 237 | /* Compute intermediate hash. |
220 | See FIPS PUB 180-4 paragraph 4.2.2 step 4. */ | 238 | See FIPS PUB 180-4 paragraph 4.2.2 step 4. */ |
@@ -237,51 +255,51 @@ sha256_transform (uint32_t H[_SHA256_DIGEST_LENGTH], | |||
237 | */ | 255 | */ |
238 | void | 256 | void |
239 | MHD_SHA256_update (void *ctx_, | 257 | MHD_SHA256_update (void *ctx_, |
240 | const uint8_t *data, | 258 | const uint8_t *data, |
241 | size_t length) | 259 | size_t length) |
242 | { | 260 | { |
243 | struct sha256_ctx *const ctx = ctx_; | 261 | struct sha256_ctx *const ctx = ctx_; |
244 | unsigned bytes_have; /**< Number of bytes in buffer */ | 262 | unsigned bytes_have; /**< Number of bytes in buffer */ |
245 | 263 | ||
246 | mhd_assert((data != NULL) || (length == 0)); | 264 | mhd_assert ((data != NULL) || (length == 0)); |
247 | 265 | ||
248 | if (0 == length) | 266 | if (0 == length) |
249 | return; /* Do nothing */ | 267 | return; /* Do nothing */ |
250 | 268 | ||
251 | /* Note: (count & (SHA256_BLOCK_SIZE-1)) | 269 | /* Note: (count & (SHA256_BLOCK_SIZE-1)) |
252 | equal (count % SHA256_BLOCK_SIZE) for this block size. */ | 270 | equal (count % SHA256_BLOCK_SIZE) for this block size. */ |
253 | bytes_have = (unsigned)(ctx->count & (SHA256_BLOCK_SIZE-1)); | 271 | bytes_have = (unsigned) (ctx->count & (SHA256_BLOCK_SIZE - 1)); |
254 | ctx->count += length; | 272 | ctx->count += length; |
255 | 273 | ||
256 | if (0 != bytes_have) | 274 | if (0 != bytes_have) |
257 | { | 275 | { |
258 | unsigned bytes_left = SHA256_BLOCK_SIZE - bytes_have; | 276 | unsigned bytes_left = SHA256_BLOCK_SIZE - bytes_have; |
259 | if (length >= bytes_left) | 277 | if (length >= bytes_left) |
260 | { /* Combine new data with data in buffer and | 278 | { /* Combine new data with data in buffer and |
261 | process full block. */ | 279 | process full block. */ |
262 | memcpy (ctx->buffer + bytes_have, | 280 | memcpy (ctx->buffer + bytes_have, |
263 | data, | 281 | data, |
264 | bytes_left); | 282 | bytes_left); |
265 | data += bytes_left; | 283 | data += bytes_left; |
266 | length -= bytes_left; | 284 | length -= bytes_left; |
267 | sha256_transform (ctx->H, ctx->buffer); | 285 | sha256_transform (ctx->H, ctx->buffer); |
268 | bytes_have = 0; | 286 | bytes_have = 0; |
269 | } | ||
270 | } | 287 | } |
288 | } | ||
271 | 289 | ||
272 | while (SHA256_BLOCK_SIZE <= length) | 290 | while (SHA256_BLOCK_SIZE <= length) |
273 | { /* Process any full blocks of new data directly, | 291 | { /* Process any full blocks of new data directly, |
274 | without copying to buffer. */ | 292 | without copying to buffer. */ |
275 | sha256_transform (ctx->H, data); | 293 | sha256_transform (ctx->H, data); |
276 | data += SHA256_BLOCK_SIZE; | 294 | data += SHA256_BLOCK_SIZE; |
277 | length -= SHA256_BLOCK_SIZE; | 295 | length -= SHA256_BLOCK_SIZE; |
278 | } | 296 | } |
279 | 297 | ||
280 | if (0 != length) | 298 | if (0 != length) |
281 | { /* Copy incomplete block of new data (if any) | 299 | { /* Copy incomplete block of new data (if any) |
282 | to buffer. */ | 300 | to buffer. */ |
283 | memcpy (ctx->buffer + bytes_have, data, length); | 301 | memcpy (ctx->buffer + bytes_have, data, length); |
284 | } | 302 | } |
285 | } | 303 | } |
286 | 304 | ||
287 | 305 | ||
@@ -308,7 +326,7 @@ sha256_finish (void *ctx_, | |||
308 | num_bits = ctx->count << 3; | 326 | num_bits = ctx->count << 3; |
309 | /* Note: (count & (SHA256_BLOCK_SIZE-1)) | 327 | /* Note: (count & (SHA256_BLOCK_SIZE-1)) |
310 | equal (count % SHA256_BLOCK_SIZE) for this block size. */ | 328 | equal (count % SHA256_BLOCK_SIZE) for this block size. */ |
311 | bytes_have = (unsigned)(ctx->count & (SHA256_BLOCK_SIZE-1)); | 329 | bytes_have = (unsigned) (ctx->count & (SHA256_BLOCK_SIZE - 1)); |
312 | 330 | ||
313 | /* Input data must be padded with bit "1" and with length of data in bits. | 331 | /* Input data must be padded with bit "1" and with length of data in bits. |
314 | See FIPS PUB 180-4 paragraph 5.1.1. */ | 332 | See FIPS PUB 180-4 paragraph 5.1.1. */ |
@@ -319,33 +337,35 @@ sha256_finish (void *ctx_, | |||
319 | ctx->buffer[bytes_have++] = 0x80; | 337 | ctx->buffer[bytes_have++] = 0x80; |
320 | 338 | ||
321 | if (SHA256_BLOCK_SIZE - bytes_have < SHA256_SIZE_OF_LEN_ADD) | 339 | if (SHA256_BLOCK_SIZE - bytes_have < SHA256_SIZE_OF_LEN_ADD) |
322 | { /* No space in current block to put total length of message. | 340 | { /* No space in current block to put total length of message. |
323 | Pad current block with zeros and process it. */ | 341 | Pad current block with zeros and process it. */ |
324 | while (bytes_have < SHA256_BLOCK_SIZE) ctx->buffer[bytes_have++] = 0; | 342 | while (bytes_have < SHA256_BLOCK_SIZE) |
325 | /* Process full block. */ | 343 | ctx->buffer[bytes_have++] = 0; |
326 | sha256_transform (ctx->H, ctx->buffer); | 344 | /* Process full block. */ |
327 | /* Start new block. */ | 345 | sha256_transform (ctx->H, ctx->buffer); |
328 | bytes_have = 0; | 346 | /* Start new block. */ |
329 | } | 347 | bytes_have = 0; |
348 | } | ||
330 | 349 | ||
331 | /* Pad the rest of the buffer with zeros. */ | 350 | /* Pad the rest of the buffer with zeros. */ |
332 | memset(ctx->buffer + bytes_have, 0, | 351 | memset (ctx->buffer + bytes_have, 0, |
333 | SHA256_BLOCK_SIZE - SHA256_SIZE_OF_LEN_ADD - bytes_have); | 352 | SHA256_BLOCK_SIZE - SHA256_SIZE_OF_LEN_ADD - bytes_have); |
334 | /* Put number of bits in processed message as big-endian value. */ | 353 | /* Put number of bits in processed message as big-endian value. */ |
335 | _MHD_PUT_64BIT_BE(ctx->buffer + SHA256_BLOCK_SIZE - SHA256_SIZE_OF_LEN_ADD, num_bits); | 354 | _MHD_PUT_64BIT_BE (ctx->buffer + SHA256_BLOCK_SIZE - SHA256_SIZE_OF_LEN_ADD, |
355 | num_bits); | ||
336 | /* Process full final block. */ | 356 | /* Process full final block. */ |
337 | sha256_transform (ctx->H, ctx->buffer); | 357 | sha256_transform (ctx->H, ctx->buffer); |
338 | 358 | ||
339 | /* Put final hash/digest in BE mode */ | 359 | /* Put final hash/digest in BE mode */ |
340 | _MHD_PUT_32BIT_BE(digest + 0 * SHA256_BYTES_IN_WORD, ctx->H[0]); | 360 | _MHD_PUT_32BIT_BE (digest + 0 * SHA256_BYTES_IN_WORD, ctx->H[0]); |
341 | _MHD_PUT_32BIT_BE(digest + 1 * SHA256_BYTES_IN_WORD, ctx->H[1]); | 361 | _MHD_PUT_32BIT_BE (digest + 1 * SHA256_BYTES_IN_WORD, ctx->H[1]); |
342 | _MHD_PUT_32BIT_BE(digest + 2 * SHA256_BYTES_IN_WORD, ctx->H[2]); | 362 | _MHD_PUT_32BIT_BE (digest + 2 * SHA256_BYTES_IN_WORD, ctx->H[2]); |
343 | _MHD_PUT_32BIT_BE(digest + 3 * SHA256_BYTES_IN_WORD, ctx->H[3]); | 363 | _MHD_PUT_32BIT_BE (digest + 3 * SHA256_BYTES_IN_WORD, ctx->H[3]); |
344 | _MHD_PUT_32BIT_BE(digest + 4 * SHA256_BYTES_IN_WORD, ctx->H[4]); | 364 | _MHD_PUT_32BIT_BE (digest + 4 * SHA256_BYTES_IN_WORD, ctx->H[4]); |
345 | _MHD_PUT_32BIT_BE(digest + 5 * SHA256_BYTES_IN_WORD, ctx->H[5]); | 365 | _MHD_PUT_32BIT_BE (digest + 5 * SHA256_BYTES_IN_WORD, ctx->H[5]); |
346 | _MHD_PUT_32BIT_BE(digest + 6 * SHA256_BYTES_IN_WORD, ctx->H[6]); | 366 | _MHD_PUT_32BIT_BE (digest + 6 * SHA256_BYTES_IN_WORD, ctx->H[6]); |
347 | _MHD_PUT_32BIT_BE(digest + 7 * SHA256_BYTES_IN_WORD, ctx->H[7]); | 367 | _MHD_PUT_32BIT_BE (digest + 7 * SHA256_BYTES_IN_WORD, ctx->H[7]); |
348 | 368 | ||
349 | /* Erase potentially sensitive data. */ | 369 | /* Erase potentially sensitive data. */ |
350 | memset(ctx, 0, sizeof(struct sha256_ctx)); | 370 | memset (ctx, 0, sizeof(struct sha256_ctx)); |
351 | } | 371 | } |