1 /*
2 * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #ifndef OPENSSL_HEADER_DIGEST_MD32_COMMON_H
11 #define OPENSSL_HEADER_DIGEST_MD32_COMMON_H
12
13 #include <openssl/base.h>
14
15 #include <assert.h>
16
17 #include "../../internal.h"
18
19 #if defined(__cplusplus)
20 extern "C" {
21 #endif
22
23
24 // This is a generic 32-bit "collector" for message digest algorithms. It
25 // collects input character stream into chunks of 32-bit values and invokes the
26 // block function that performs the actual hash calculations.
27 //
28 // To make use of this mechanism, the hash context should be defined with the
29 // following parameters.
30 //
31 // typedef struct <name>_state_st {
32 // uint32_t h[<chaining length> / sizeof(uint32_t)];
33 // uint32_t Nl, Nh;
34 // uint8_t data[<block size>];
35 // unsigned num;
36 // ...
37 // } <NAME>_CTX;
38 //
39 // <chaining length> is the output length of the hash in bytes, before
40 // any truncation (e.g. 64 for SHA-224 and SHA-256, 128 for SHA-384 and
41 // SHA-512).
42 //
43 // |h| is the hash state and is updated by a function of type
44 // |crypto_md32_block_func|. |data| is the partial unprocessed block and has
45 // |num| bytes. |Nl| and |Nh| maintain the number of bits processed so far.
46
47 // A crypto_md32_block_func should incorporate |num_blocks| of input from |data|
48 // into |state|. It is assumed the caller has sized |state| and |data| for the
49 // hash function.
50 typedef void (*crypto_md32_block_func)(uint32_t *state, const uint8_t *data,
51 size_t num_blocks);
52
53 // crypto_md32_update adds |len| bytes from |in| to the digest. |data| must be a
54 // buffer of length |block_size| with the first |*num| bytes containing a
55 // partial block. This function combines the partial block with |in| and
56 // incorporates any complete blocks into the digest state |h|. It then updates
57 // |data| and |*num| with the new partial block and updates |*Nh| and |*Nl| with
58 // the data consumed.
crypto_md32_update(crypto_md32_block_func block_func,uint32_t * h,uint8_t * data,size_t block_size,unsigned * num,uint32_t * Nh,uint32_t * Nl,const uint8_t * in,size_t len)59 static inline void crypto_md32_update(crypto_md32_block_func block_func,
60 uint32_t *h, uint8_t *data,
61 size_t block_size, unsigned *num,
62 uint32_t *Nh, uint32_t *Nl,
63 const uint8_t *in, size_t len) {
64 if (len == 0) {
65 return;
66 }
67
68 uint32_t l = *Nl + (((uint32_t)len) << 3);
69 if (l < *Nl) {
70 // Handle carries.
71 (*Nh)++;
72 }
73 *Nh += (uint32_t)(len >> 29);
74 *Nl = l;
75
76 size_t n = *num;
77 if (n != 0) {
78 if (len >= block_size || len + n >= block_size) {
79 OPENSSL_memcpy(data + n, in, block_size - n);
80 block_func(h, data, 1);
81 n = block_size - n;
82 in += n;
83 len -= n;
84 *num = 0;
85 // Keep |data| zeroed when unused.
86 OPENSSL_memset(data, 0, block_size);
87 } else {
88 OPENSSL_memcpy(data + n, in, len);
89 *num += (unsigned)len;
90 return;
91 }
92 }
93
94 n = len / block_size;
95 if (n > 0) {
96 block_func(h, in, n);
97 n *= block_size;
98 in += n;
99 len -= n;
100 }
101
102 if (len != 0) {
103 *num = (unsigned)len;
104 OPENSSL_memcpy(data, in, len);
105 }
106 }
107
108 // crypto_md32_final incorporates the partial block and trailing length into the
109 // digest state |h|. The trailing length is encoded in little-endian if
110 // |is_big_endian| is zero and big-endian otherwise. |data| must be a buffer of
111 // length |block_size| with the first |*num| bytes containing a partial block.
112 // |Nh| and |Nl| contain the total number of bits processed. On return, this
113 // function clears the partial block in |data| and
114 // |*num|.
115 //
116 // This function does not serialize |h| into a final digest. This is the
117 // responsibility of the caller.
crypto_md32_final(crypto_md32_block_func block_func,uint32_t * h,uint8_t * data,size_t block_size,unsigned * num,uint32_t Nh,uint32_t Nl,int is_big_endian)118 static inline void crypto_md32_final(crypto_md32_block_func block_func,
119 uint32_t *h, uint8_t *data,
120 size_t block_size, unsigned *num,
121 uint32_t Nh, uint32_t Nl,
122 int is_big_endian) {
123 // |data| always has room for at least one byte. A full block would have
124 // been consumed.
125 size_t n = *num;
126 assert(n < block_size);
127 data[n] = 0x80;
128 n++;
129
130 // Fill the block with zeros if there isn't room for a 64-bit length.
131 if (n > block_size - 8) {
132 OPENSSL_memset(data + n, 0, block_size - n);
133 n = 0;
134 block_func(h, data, 1);
135 }
136 OPENSSL_memset(data + n, 0, block_size - 8 - n);
137
138 // Append a 64-bit length to the block and process it.
139 if (is_big_endian) {
140 CRYPTO_store_u32_be(data + block_size - 8, Nh);
141 CRYPTO_store_u32_be(data + block_size - 4, Nl);
142 } else {
143 CRYPTO_store_u32_le(data + block_size - 8, Nl);
144 CRYPTO_store_u32_le(data + block_size - 4, Nh);
145 }
146 block_func(h, data, 1);
147 *num = 0;
148 OPENSSL_memset(data, 0, block_size);
149 }
150
151
152 #if defined(__cplusplus)
153 } // extern C
154 #endif
155
156 #endif // OPENSSL_HEADER_DIGEST_MD32_COMMON_H
157