1 // Copyright 2015-2019 Brian Smith.
15 //! SHA-2 and the legacy SHA-1 digest algorithm.
42     // Note that SHA-512 has a 128-bit input bit counter, but this
43     // implementation only supports up to 2^64-1 input bits for all algorithms,
44     // so a 64-bit counter is more than sufficient.
47     /// The context's algorithm.
48     pub algorithm: &'static Algorithm,  field
54     pub(crate) fn new(algorithm: &'static Algorithm) -> Self {  in new()
56             state: algorithm.initial_state,  in new()
58             algorithm,  in new()
65         let num_blocks = input.len() / self.algorithm.block_len;  in update()
66         assert_eq!(num_blocks * self.algorithm.block_len, input.len());  in update()
71                 (self.algorithm.block_data_order)(&mut self.state, input.as_ptr(), num_blocks);  in update()
80     pub(crate) fn finish(mut self, pending: &mut [u8], num_pending: usize) -> Digest {  in finish()
81         let block_len = self.algorithm.block_len;  in finish()
89         if padding_pos > block_len - self.algorithm.len_len {  in finish()
92                 (self.algorithm.block_data_order)(&mut self.state, pending.as_ptr(), 1);  in finish()
99         polyfill::slice::fill(&mut pending[padding_pos..(block_len - 8)], 0);  in finish()
110         pending[(block_len - 8)..block_len].copy_from_slice(&u64::to_be_bytes(completed_data_bits));  in finish()
113             (self.algorithm.block_data_order)(&mut self.state, pending.as_ptr(), 1);  in finish()
117             algorithm: self.algorithm,  in finish()
118             value: (self.algorithm.format_output)(self.state),  in finish()
123 /// A context for multi-step (Init-Update-Finish) digest calculations.
143     // TODO: More explicitly force 64-bit alignment for |pending|.
150     pub fn new(algorithm: &'static Algorithm) -> Self {  in new()
152             block: BlockContext::new(algorithm),  in new()
158     pub(crate) fn clone_from(block: &BlockContext) -> Self {  in clone_from()
170         let block_len = self.block.algorithm.block_len;  in update()
171         if data.len() < block_len - self.num_pending {  in update()
179             let to_copy = block_len - self.num_pending;  in update()
191                 .copy_from_slice(&remaining[(remaining.len() - num_to_save_for_later)..]);  in update()
197     /// consumes the context so it cannot be (mis-)used after `finish` has been
199     pub fn finish(mut self) -> Digest {  in finish()
200         let block_len = self.block.algorithm.block_len;  in finish()
205     /// The algorithm that this context is using.
207     pub fn algorithm(&self) -> &'static Algorithm {  in algorithm()  argument
208         self.block.algorithm  in algorithm()
212 /// Returns the digest of `data` using the given digest algorithm.
227 pub fn digest(algorithm: &'static Algorithm, data: &[u8]) -> Digest {  in digest()  argument
228     let mut ctx = Context::new(algorithm);  in digest()
239     algorithm: &'static Algorithm,  field
243     /// The algorithm that was used to calculate the digest value.
245     pub fn algorithm(&self) -> &'static Algorithm {  in algorithm()  argument
246         self.algorithm  in algorithm()
252     fn as_ref(&self) -> &[u8] {  in as_ref()
254         &as64.as_byte_array()[..self.algorithm.output_len]  in as_ref()
259     fn fmt(&self, fmt: &mut core::fmt::Formatter) -> core::fmt::Result {  in fmt()
260         write!(fmt, "{:?}:", self.algorithm)?;  in fmt()
265 /// A digest algorithm.
266 pub struct Algorithm {  struct
271     /// non-truncated algorithms (SHA-1, SHA-256, SHA-512), this is equal to
272     /// `output_len`. For truncated algorithms (e.g. SHA-384, SHA-512/256),
275     /// digest algorithm.
285     format_output: fn(input: State) -> Output,
301 impl PartialEq for Algorithm {  argument
302     fn eq(&self, other: &Self) -> bool {  in eq()
307 impl Eq for Algorithm {}  implementation
309 derive_debug_via_id!(Algorithm);
311 /// SHA-1 as specified in [FIPS 180-4]. Deprecated.
313 /// [FIPS 180-4]: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
314 pub static SHA1_FOR_LEGACY_USE_ONLY: Algorithm = Algorithm {
336 /// SHA-256 as specified in [FIPS 180-4].
338 /// [FIPS 180-4]: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
339 pub static SHA256: Algorithm = Algorithm {
361 /// SHA-384 as specified in [FIPS 180-4].
363 /// [FIPS 180-4]: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
364 pub static SHA384: Algorithm = Algorithm {
386 /// SHA-512 as specified in [FIPS 180-4].
388 /// [FIPS 180-4]: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
389 pub static SHA512: Algorithm = Algorithm {
411 /// SHA-512/256 as specified in [FIPS 180-4].
413 /// This is *not* the same as just truncating the output of SHA-512, as
414 /// SHA-512/256 has its own initial state distinct from SHA-512's initial
417 /// [FIPS 180-4]: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
418 pub static SHA512_256: Algorithm = Algorithm {
454 /// The maximum block length (`Algorithm::block_len`) of all the algorithms in
458 /// The maximum output length (`Algorithm::output_len`) of all the algorithms
462 /// The maximum chaining length (`Algorithm::chaining_len`) of all the
466 fn sha256_format_output(input: State) -> Output {  in sha256_format_output()
473 fn sha512_format_output(input: State) -> Output {  in sha512_format_output()
480 /// The length of the output of SHA-1, in bytes.
483 /// The length of the output of SHA-256, in bytes.
486 /// The length of the output of SHA-384, in bytes.
489 /// The length of the output of SHA-512, in bytes.
492 /// The length of the output of SHA-512/256, in bytes.
495 /// The length of a block for SHA-512-based algorithms, in bytes.
498 /// The length of the length field for SHA-512-based algorithms, in bytes.
534         fn max_input_test(alg: &'static digest::Algorithm) {  in max_input_test()  argument
536             let next_input = vec![0u8; alg.block_len - 1];  in max_input_test()
541         fn too_long_input_test_block(alg: &'static digest::Algorithm) {  in too_long_input_test_block()  argument
548         fn too_long_input_test_byte(alg: &'static digest::Algorithm) {  in too_long_input_test_byte()  argument
550             let next_input = vec![0u8; alg.block_len - 1];  in too_long_input_test_byte()
556         fn nearly_full_context(alg: &'static digest::Algorithm) -> digest::Context {  in nearly_full_context()
557             // All implementations currently support up to 2^64-1 bits  in nearly_full_context()
558             // of input; according to the spec, SHA-384 and SHA-512  in nearly_full_context()
559             // support up to 2^128-1, but that's not implemented yet.  in nearly_full_context()
560             let max_bytes = 1u64 << (64 - 3);  in nearly_full_context()
565                     completed_data_blocks: max_blocks - 1,  in nearly_full_context()
566                     algorithm: alg,  in nearly_full_context()