[thirdparty/openssl.git] / crypto / include / internal / md32_common.h

/*
 * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*-
 * This is a generic 32 bit "collector" for message digest algorithms.
 * Whenever needed it collects input character stream into chunks of
 * 32 bit values and invokes a block function that performs actual hash
 * calculations.
 *
 * Porting guide.
 *
 * Obligatory macros:
 *
 * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN
 *      this macro defines byte order of input stream.
 * HASH_CBLOCK
 *      size of a unit chunk HASH_BLOCK operates on.
 * HASH_LONG
 *      has to be at least 32 bit wide.
 * HASH_CTX
 *      context structure that at least contains following
 *      members:
 *              typedef struct {
 *                      ...
 *                      HASH_LONG       Nl,Nh;
 *                      either {
 *                      HASH_LONG       data[HASH_LBLOCK];
 *                      unsigned char   data[HASH_CBLOCK];
 *                      };
 *                      unsigned int    num;
 *                      ...
 *                      } HASH_CTX;
 *      data[] vector is expected to be zeroed upon first call to
 *      HASH_UPDATE.
 * HASH_UPDATE
 *      name of "Update" function, implemented here.
 * HASH_TRANSFORM
 *      name of "Transform" function, implemented here.
 * HASH_FINAL
 *      name of "Final" function, implemented here.
 * HASH_BLOCK_DATA_ORDER
 *      name of "block" function capable of treating *unaligned* input
 *      message in original (data) byte order, implemented externally.
 * HASH_MAKE_STRING
 *      macro converting context variables to an ASCII hash string.
 *
 * MD5 example:
 *
 *      #define DATA_ORDER_IS_LITTLE_ENDIAN
 *
 *      #define HASH_LONG               MD5_LONG
 *      #define HASH_CTX                MD5_CTX
 *      #define HASH_CBLOCK             MD5_CBLOCK
 *      #define HASH_UPDATE             MD5_Update
 *      #define HASH_TRANSFORM          MD5_Transform
 *      #define HASH_FINAL              MD5_Final
 *      #define HASH_BLOCK_DATA_ORDER   md5_block_data_order
 */

#include <openssl/crypto.h>

#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
# error "DATA_ORDER must be defined!"
#endif

#ifndef HASH_CBLOCK
# error "HASH_CBLOCK must be defined!"
#endif
#ifndef HASH_LONG
# error "HASH_LONG must be defined!"
#endif
#ifndef HASH_CTX
# error "HASH_CTX must be defined!"
#endif

#ifndef HASH_UPDATE
# error "HASH_UPDATE must be defined!"
#endif
#ifndef HASH_TRANSFORM
# error "HASH_TRANSFORM must be defined!"
#endif
#ifndef HASH_FINAL
# error "HASH_FINAL must be defined!"
#endif

#ifndef HASH_BLOCK_DATA_ORDER
# error "HASH_BLOCK_DATA_ORDER must be defined!"
#endif

#define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))

#if defined(DATA_ORDER_IS_BIG_ENDIAN)

# define HOST_c2l(c,l)  (l =(((unsigned long)(*((c)++)))<<24),          \
                         l|=(((unsigned long)(*((c)++)))<<16),          \
                         l|=(((unsigned long)(*((c)++)))<< 8),          \
                         l|=(((unsigned long)(*((c)++)))    )           )
# define HOST_l2c(l,c)  (*((c)++)=(unsigned char)(((l)>>24)&0xff),      \
                         *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
                         *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
                         *((c)++)=(unsigned char)(((l)    )&0xff),      \
                         l)

#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)

# define HOST_c2l(c,l)  (l =(((unsigned long)(*((c)++)))    ),          \
                         l|=(((unsigned long)(*((c)++)))<< 8),          \
                         l|=(((unsigned long)(*((c)++)))<<16),          \
                         l|=(((unsigned long)(*((c)++)))<<24)           )
# define HOST_l2c(l,c)  (*((c)++)=(unsigned char)(((l)    )&0xff),      \
                         *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
                         *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
                         *((c)++)=(unsigned char)(((l)>>24)&0xff),      \
                         l)

#endif

/*
 * Time for some action :-)
 */

int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len)
{
    const unsigned char *data = data_;
    unsigned char *p;
    HASH_LONG l;
    size_t n;

    if (len == 0)
        return 1;

    l = (c->Nl + (((HASH_LONG) len) << 3)) & 0xffffffffUL;
    if (l < c->Nl)              /* overflow */
        c->Nh++;
    c->Nh += (HASH_LONG) (len >> 29); /* might cause compiler warning on
                                       * 16-bit */
    c->Nl = l;

    n = c->num;
    if (n != 0) {
        p = (unsigned char *)c->data;

        if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) {
            memcpy(p + n, data, HASH_CBLOCK - n);
            HASH_BLOCK_DATA_ORDER(c, p, 1);
            n = HASH_CBLOCK - n;
            data += n;
            len -= n;
            c->num = 0;
            /*
             * We use memset rather than OPENSSL_cleanse() here deliberately.
             * Using OPENSSL_cleanse() here could be a performance issue. It
             * will get properly cleansed on finalisation so this isn't a
             * security problem.
             */
            memset(p, 0, HASH_CBLOCK); /* keep it zeroed */
        } else {
            memcpy(p + n, data, len);
            c->num += (unsigned int)len;
            return 1;
        }
    }

    n = len / HASH_CBLOCK;
    if (n > 0) {
        HASH_BLOCK_DATA_ORDER(c, data, n);
        n *= HASH_CBLOCK;
        data += n;
        len -= n;
    }

    if (len != 0) {
        p = (unsigned char *)c->data;
        c->num = (unsigned int)len;
        memcpy(p, data, len);
    }
    return 1;
}

void HASH_TRANSFORM(HASH_CTX *c, const unsigned char *data)
{
    HASH_BLOCK_DATA_ORDER(c, data, 1);
}

int HASH_FINAL(unsigned char *md, HASH_CTX *c)
{
    unsigned char *p = (unsigned char *)c->data;
    size_t n = c->num;

    p[n] = 0x80;                /* there is always room for one */
    n++;

    if (n > (HASH_CBLOCK - 8)) {
        memset(p + n, 0, HASH_CBLOCK - n);
        n = 0;
        HASH_BLOCK_DATA_ORDER(c, p, 1);
    }
    memset(p + n, 0, HASH_CBLOCK - 8 - n);

    p += HASH_CBLOCK - 8;
#if   defined(DATA_ORDER_IS_BIG_ENDIAN)
    (void)HOST_l2c(c->Nh, p);
    (void)HOST_l2c(c->Nl, p);
#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
    (void)HOST_l2c(c->Nl, p);
    (void)HOST_l2c(c->Nh, p);
#endif
    p -= HASH_CBLOCK;
    HASH_BLOCK_DATA_ORDER(c, p, 1);
    c->num = 0;
    OPENSSL_cleanse(p, HASH_CBLOCK);

#ifndef HASH_MAKE_STRING
# error "HASH_MAKE_STRING must be defined!"
#else
    HASH_MAKE_STRING(c, md);
#endif

    return 1;
}

#ifndef MD32_REG_T
# if defined(__alpha) || defined(__sparcv9) || defined(__mips)
#  define MD32_REG_T long
/*
 * This comment was originally written for MD5, which is why it
 * discusses A-D. But it basically applies to all 32-bit digests,
 * which is why it was moved to common header file.
 *
 * In case you wonder why A-D are declared as long and not
 * as MD5_LONG. Doing so results in slight performance
 * boost on LP64 architectures. The catch is we don't
 * really care if 32 MSBs of a 64-bit register get polluted
 * with eventual overflows as we *save* only 32 LSBs in
 * *either* case. Now declaring 'em long excuses the compiler
 * from keeping 32 MSBs zeroed resulting in 13% performance
 * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
 * Well, to be honest it should say that this *prevents*
 * performance degradation.
 */
# else
/*
 * Above is not absolute and there are LP64 compilers that
 * generate better code if MD32_REG_T is defined int. The above
 * pre-processor condition reflects the circumstances under which
 * the conclusion was made and is subject to further extension.
 */
#  define MD32_REG_T int
# endif
#endif
Commit	Line	Data
aa6bb135	1	/*
1212818e	2	* Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
bd3576d2	3	*
48f4ad77	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
aa6bb135 RS	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
bd3576d2 UM	8	*/
bd3576d2 UM	9
1d97c843	10	/*-
bd3576d2 UM	11	* This is a generic 32 bit "collector" for message digest algorithms.
	12	* Whenever needed it collects input character stream into chunks of
	13	* 32 bit values and invokes a block function that performs actual hash
	14	* calculations.
	15	*
	16	* Porting guide.
	17	*
	18	* Obligatory macros:
	19	*
	20	* DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN
0f113f3e	21	* this macro defines byte order of input stream.
bd3576d2	22	* HASH_CBLOCK
0f113f3e	23	* size of a unit chunk HASH_BLOCK operates on.
bd3576d2	24	* HASH_LONG
19f05ebc	25	* has to be at least 32 bit wide.
bd3576d2	26	* HASH_CTX
0f113f3e MC	27	* context structure that at least contains following
	28	* members:
	29	* typedef struct {
	30	* ...
	31	* HASH_LONG Nl,Nh;
	32	* either {
	33	* HASH_LONG data[HASH_LBLOCK];
	34	* unsigned char data[HASH_CBLOCK];
	35	* };
	36	* unsigned int num;
	37	* ...
	38	* } HASH_CTX;
	39	* data[] vector is expected to be zeroed upon first call to
	40	* HASH_UPDATE.
bd3576d2	41	* HASH_UPDATE
0f113f3e	42	* name of "Update" function, implemented here.
bd3576d2	43	* HASH_TRANSFORM
0f113f3e	44	* name of "Transform" function, implemented here.
bd3576d2	45	* HASH_FINAL
0f113f3e	46	* name of "Final" function, implemented here.
bd3576d2	47	* HASH_BLOCK_DATA_ORDER
0f113f3e MC	48	* name of "block" function capable of treating unaligned input
0f113f3e MC	49	* message in original (data) byte order, implemented externally.
1cbde6e4	50	* HASH_MAKE_STRING
19f05ebc	51	* macro converting context variables to an ASCII hash string.
bd3576d2	52	*
bd3576d2 UM	53	* MD5 example:
bd3576d2 UM	54	*
0f113f3e	55	* #define DATA_ORDER_IS_LITTLE_ENDIAN
bd3576d2	56	*
0f113f3e	57	* #define HASH_LONG MD5_LONG
0f113f3e MC	58	* #define HASH_CTX MD5_CTX
	59	* #define HASH_CBLOCK MD5_CBLOCK
	60	* #define HASH_UPDATE MD5_Update
	61	* #define HASH_TRANSFORM MD5_Transform
	62	* #define HASH_FINAL MD5_Final
	63	* #define HASH_BLOCK_DATA_ORDER md5_block_data_order
bd3576d2 UM	64	*/
bd3576d2 UM	65
3ce2fdab MC	66	#include <openssl/crypto.h>
3ce2fdab MC	67
bd3576d2	68	#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
0f113f3e	69	# error "DATA_ORDER must be defined!"
bd3576d2 UM	70	#endif
	71
	72	#ifndef HASH_CBLOCK
0f113f3e	73	# error "HASH_CBLOCK must be defined!"
bd3576d2 UM	74	#endif
bd3576d2 UM	75	#ifndef HASH_LONG
0f113f3e	76	# error "HASH_LONG must be defined!"
bd3576d2 UM	77	#endif
bd3576d2 UM	78	#ifndef HASH_CTX
0f113f3e	79	# error "HASH_CTX must be defined!"
bd3576d2 UM	80	#endif
	81
	82	#ifndef HASH_UPDATE
0f113f3e	83	# error "HASH_UPDATE must be defined!"
bd3576d2 UM	84	#endif
bd3576d2 UM	85	#ifndef HASH_TRANSFORM
0f113f3e	86	# error "HASH_TRANSFORM must be defined!"
bd3576d2 UM	87	#endif
bd3576d2 UM	88	#ifndef HASH_FINAL
0f113f3e	89	# error "HASH_FINAL must be defined!"
bd3576d2 UM	90	#endif
bd3576d2 UM	91
bd3576d2	92	#ifndef HASH_BLOCK_DATA_ORDER
0f113f3e	93	# error "HASH_BLOCK_DATA_ORDER must be defined!"
bd3576d2	94	#endif
bd3576d2	95
9be083ad	96	#define ROTATE(a,n) (((a)<<(n))\|(((a)&0xffffffff)>>(32-(n))))
bd3576d2	97
bd3576d2 UM	98	#if defined(DATA_ORDER_IS_BIG_ENDIAN)
bd3576d2 UM	99
9be083ad	100	# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \
0f113f3e MC	101	l\|=(((unsigned long)(*((c)++)))<<16), \
	102	l\|=(((unsigned long)(*((c)++)))<< 8), \
	103	l\|=(((unsigned long)(*((c)++))) ) )
9be083ad	104	# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
0f113f3e MC	105	*((c)++)=(unsigned char)(((l)>>16)&0xff), \
	106	*((c)++)=(unsigned char)(((l)>> 8)&0xff), \
	107	*((c)++)=(unsigned char)(((l) )&0xff), \
	108	l)
bd3576d2 UM	109
	110	#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
	111
9be083ad	112	# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \
0f113f3e MC	113	l\|=(((unsigned long)(*((c)++)))<< 8), \
	114	l\|=(((unsigned long)(*((c)++)))<<16), \
	115	l\|=(((unsigned long)(*((c)++)))<<24) )
9be083ad	116	# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
0f113f3e MC	117	*((c)++)=(unsigned char)(((l)>> 8)&0xff), \
	118	*((c)++)=(unsigned char)(((l)>>16)&0xff), \
	119	*((c)++)=(unsigned char)(((l)>>24)&0xff), \
	120	l)
bd3576d2 UM	121
	122	#endif
	123
	124	/*
19f05ebc	125	* Time for some action :-)
bd3576d2 UM	126	*/
bd3576d2 UM	127
0f113f3e MC	128	int HASH_UPDATE(HASH_CTX c, const void data_, size_t len)
	129	{
	130	const unsigned char *data = data_;
	131	unsigned char *p;
	132	HASH_LONG l;
	133	size_t n;
bd3576d2	134
0f113f3e MC	135	if (len == 0)
0f113f3e MC	136	return 1;
bd3576d2	137
0f113f3e	138	l = (c->Nl + (((HASH_LONG) len) << 3)) & 0xffffffffUL;
0f113f3e MC	139	if (l < c->Nl) /* overflow */
	140	c->Nh++;
	141	c->Nh += (HASH_LONG) (len >> 29); /* might cause compiler warning on
	142	* 16-bit */
	143	c->Nl = l;
	144
	145	n = c->num;
	146	if (n != 0) {
	147	p = (unsigned char *)c->data;
	148
	149	if (len >= HASH_CBLOCK \|\| len + n >= HASH_CBLOCK) {
	150	memcpy(p + n, data, HASH_CBLOCK - n);
	151	HASH_BLOCK_DATA_ORDER(c, p, 1);
	152	n = HASH_CBLOCK - n;
	153	data += n;
	154	len -= n;
	155	c->num = 0;
3ce2fdab MC	156	/*
	157	* We use memset rather than OPENSSL_cleanse() here deliberately.
	158	* Using OPENSSL_cleanse() here could be a performance issue. It
	159	* will get properly cleansed on finalisation so this isn't a
	160	* security problem.
	161	*/
0f113f3e MC	162	memset(p, 0, HASH_CBLOCK); /* keep it zeroed */
	163	} else {
	164	memcpy(p + n, data, len);
	165	c->num += (unsigned int)len;
	166	return 1;
	167	}
	168	}
	169
	170	n = len / HASH_CBLOCK;
	171	if (n > 0) {
	172	HASH_BLOCK_DATA_ORDER(c, data, n);
	173	n *= HASH_CBLOCK;
	174	data += n;
	175	len -= n;
	176	}
	177
	178	if (len != 0) {
	179	p = (unsigned char *)c->data;
	180	c->num = (unsigned int)len;
	181	memcpy(p, data, len);
	182	}
	183	return 1;
	184	}
	185
	186	void HASH_TRANSFORM(HASH_CTX c, const unsigned char data)
	187	{
	188	HASH_BLOCK_DATA_ORDER(c, data, 1);
	189	}
	190
	191	int HASH_FINAL(unsigned char md, HASH_CTX c)
	192	{
	193	unsigned char p = (unsigned char )c->data;
	194	size_t n = c->num;
	195
	196	p[n] = 0x80; /* there is always room for one */
	197	n++;
	198
	199	if (n > (HASH_CBLOCK - 8)) {
	200	memset(p + n, 0, HASH_CBLOCK - n);
	201	n = 0;
	202	HASH_BLOCK_DATA_ORDER(c, p, 1);
	203	}
	204	memset(p + n, 0, HASH_CBLOCK - 8 - n);
	205
	206	p += HASH_CBLOCK - 8;
bd3576d2	207	#if defined(DATA_ORDER_IS_BIG_ENDIAN)
0f113f3e MC	208	(void)HOST_l2c(c->Nh, p);
0f113f3e MC	209	(void)HOST_l2c(c->Nl, p);
bd3576d2	210	#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
0f113f3e MC	211	(void)HOST_l2c(c->Nl, p);
0f113f3e MC	212	(void)HOST_l2c(c->Nh, p);
bd3576d2	213	#endif
0f113f3e MC	214	p -= HASH_CBLOCK;
	215	HASH_BLOCK_DATA_ORDER(c, p, 1);
	216	c->num = 0;
3ce2fdab	217	OPENSSL_cleanse(p, HASH_CBLOCK);
bd3576d2	218
1cbde6e4	219	#ifndef HASH_MAKE_STRING
0f113f3e	220	# error "HASH_MAKE_STRING must be defined!"
1cbde6e4	221	#else
0f113f3e	222	HASH_MAKE_STRING(c, md);
1cbde6e4	223	#endif
bd3576d2	224
0f113f3e MC	225	return 1;
0f113f3e MC	226	}
2f98abbc AP	227
2f98abbc AP	228	#ifndef MD32_REG_T
0f113f3e MC	229	# if defined(__alpha) \|\| defined(__sparcv9) \|\| defined(__mips)
0f113f3e MC	230	# define MD32_REG_T long
2f98abbc	231	/*
8483a003	232	* This comment was originally written for MD5, which is why it
2f98abbc AP	233	* discusses A-D. But it basically applies to all 32-bit digests,
	234	* which is why it was moved to common header file.
	235	*
	236	* In case you wonder why A-D are declared as long and not
	237	* as MD5_LONG. Doing so results in slight performance
	238	* boost on LP64 architectures. The catch is we don't
	239	* really care if 32 MSBs of a 64-bit register get polluted
	240	* with eventual overflows as we save only 32 LSBs in
	241	* either case. Now declaring 'em long excuses the compiler
	242	* from keeping 32 MSBs zeroed resulting in 13% performance
	243	* improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
0f113f3e	244	* Well, to be honest it should say that this prevents
2f98abbc	245	* performance degradation.
30ab7af2	246	*/
0f113f3e	247	# else
30ab7af2 AP	248	/*
	249	* Above is not absolute and there are LP64 compilers that
	250	* generate better code if MD32_REG_T is defined int. The above
	251	* pre-processor condition reflects the circumstances under which
	252	* the conclusion was made and is subject to further extension.
2f98abbc	253	*/
0f113f3e MC	254	# define MD32_REG_T int
0f113f3e MC	255	# endif
2f98abbc	256	#endif