]>
Commit | Line | Data |
---|---|---|
aa6bb135 | 1 | /* |
fecb3aae | 2 | * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. |
bd3576d2 | 3 | * |
48f4ad77 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
aa6bb135 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
bd3576d2 UM |
8 | */ |
9 | ||
1d97c843 | 10 | /*- |
bd3576d2 UM |
11 | * This is a generic 32 bit "collector" for message digest algorithms. |
12 | * Whenever needed it collects input character stream into chunks of | |
13 | * 32 bit values and invokes a block function that performs actual hash | |
14 | * calculations. | |
15 | * | |
16 | * Porting guide. | |
17 | * | |
18 | * Obligatory macros: | |
19 | * | |
20 | * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN | |
0f113f3e | 21 | * this macro defines byte order of input stream. |
bd3576d2 | 22 | * HASH_CBLOCK |
0f113f3e | 23 | * size of a unit chunk HASH_BLOCK operates on. |
bd3576d2 | 24 | * HASH_LONG |
19f05ebc | 25 | * has to be at least 32 bit wide. |
bd3576d2 | 26 | * HASH_CTX |
0f113f3e MC |
27 | * context structure that at least contains following |
28 | * members: | |
29 | * typedef struct { | |
30 | * ... | |
31 | * HASH_LONG Nl,Nh; | |
32 | * either { | |
33 | * HASH_LONG data[HASH_LBLOCK]; | |
34 | * unsigned char data[HASH_CBLOCK]; | |
35 | * }; | |
36 | * unsigned int num; | |
37 | * ... | |
38 | * } HASH_CTX; | |
39 | * data[] vector is expected to be zeroed upon first call to | |
40 | * HASH_UPDATE. | |
bd3576d2 | 41 | * HASH_UPDATE |
0f113f3e | 42 | * name of "Update" function, implemented here. |
bd3576d2 | 43 | * HASH_TRANSFORM |
0f113f3e | 44 | * name of "Transform" function, implemented here. |
bd3576d2 | 45 | * HASH_FINAL |
0f113f3e | 46 | * name of "Final" function, implemented here. |
bd3576d2 | 47 | * HASH_BLOCK_DATA_ORDER |
0f113f3e MC |
48 | * name of "block" function capable of treating *unaligned* input |
49 | * message in original (data) byte order, implemented externally. | |
1cbde6e4 | 50 | * HASH_MAKE_STRING |
19f05ebc | 51 | * macro converting context variables to an ASCII hash string. |
bd3576d2 | 52 | * |
bd3576d2 UM |
53 | * MD5 example: |
54 | * | |
0f113f3e | 55 | * #define DATA_ORDER_IS_LITTLE_ENDIAN |
bd3576d2 | 56 | * |
0f113f3e | 57 | * #define HASH_LONG MD5_LONG |
0f113f3e MC |
58 | * #define HASH_CTX MD5_CTX |
59 | * #define HASH_CBLOCK MD5_CBLOCK | |
60 | * #define HASH_UPDATE MD5_Update | |
61 | * #define HASH_TRANSFORM MD5_Transform | |
62 | * #define HASH_FINAL MD5_Final | |
63 | * #define HASH_BLOCK_DATA_ORDER md5_block_data_order | |
bd3576d2 UM |
64 | */ |
65 | ||
3d27ac8d WL |
66 | #ifndef OSSL_CRYPTO_MD32_COMMON_H |
67 | # define OSSL_CRYPTO_MD32_COMMON_H | |
68 | # pragma once | |
3ce2fdab | 69 | |
3d27ac8d | 70 | # include <openssl/crypto.h> |
bd3576d2 | 71 | |
3d27ac8d WL |
72 | # if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN) |
73 | # error "DATA_ORDER must be defined!" | |
74 | # endif | |
bd3576d2 | 75 | |
3d27ac8d WL |
76 | # ifndef HASH_CBLOCK |
77 | # error "HASH_CBLOCK must be defined!" | |
78 | # endif | |
79 | # ifndef HASH_LONG | |
80 | # error "HASH_LONG must be defined!" | |
81 | # endif | |
82 | # ifndef HASH_CTX | |
83 | # error "HASH_CTX must be defined!" | |
84 | # endif | |
bd3576d2 | 85 | |
3d27ac8d WL |
86 | # ifndef HASH_UPDATE |
87 | # error "HASH_UPDATE must be defined!" | |
88 | # endif | |
89 | # ifndef HASH_TRANSFORM | |
90 | # error "HASH_TRANSFORM must be defined!" | |
91 | # endif | |
92 | # ifndef HASH_FINAL | |
93 | # error "HASH_FINAL must be defined!" | |
94 | # endif | |
95 | ||
96 | # ifndef HASH_BLOCK_DATA_ORDER | |
97 | # error "HASH_BLOCK_DATA_ORDER must be defined!" | |
98 | # endif | |
bd3576d2 | 99 | |
3d27ac8d | 100 | # define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n)))) |
bd3576d2 | 101 | |
eea820f3 HZZ |
102 | #ifndef PEDANTIC |
103 | # if defined(__GNUC__) && __GNUC__>=2 && \ | |
104 | !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) | |
105 | # if defined(__riscv_zbb) || defined(__riscv_zbkb) | |
106 | # if __riscv_xlen == 64 | |
107 | # undef ROTATE | |
108 | # define ROTATE(x, n) ({ MD32_REG_T ret; \ | |
109 | asm ("roriw %0, %1, %2" \ | |
110 | : "=r"(ret) \ | |
111 | : "r"(x), "i"(32 - (n))); ret;}) | |
112 | # endif | |
113 | # if __riscv_xlen == 32 | |
114 | # undef ROTATE | |
115 | # define ROTATE(x, n) ({ MD32_REG_T ret; \ | |
116 | asm ("rori %0, %1, %2" \ | |
117 | : "=r"(ret) \ | |
118 | : "r"(x), "i"(32 - (n))); ret;}) | |
119 | # endif | |
120 | # endif | |
121 | # endif | |
122 | #endif | |
123 | ||
3d27ac8d | 124 | # if defined(DATA_ORDER_IS_BIG_ENDIAN) |
bd3576d2 | 125 | |
3d27ac8d | 126 | # define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \ |
0f113f3e MC |
127 | l|=(((unsigned long)(*((c)++)))<<16), \ |
128 | l|=(((unsigned long)(*((c)++)))<< 8), \ | |
129 | l|=(((unsigned long)(*((c)++))) ) ) | |
3d27ac8d | 130 | # define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ |
0f113f3e MC |
131 | *((c)++)=(unsigned char)(((l)>>16)&0xff), \ |
132 | *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ | |
133 | *((c)++)=(unsigned char)(((l) )&0xff), \ | |
134 | l) | |
bd3576d2 | 135 | |
3d27ac8d | 136 | # elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) |
bd3576d2 | 137 | |
3d27ac8d | 138 | # define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \ |
0f113f3e MC |
139 | l|=(((unsigned long)(*((c)++)))<< 8), \ |
140 | l|=(((unsigned long)(*((c)++)))<<16), \ | |
141 | l|=(((unsigned long)(*((c)++)))<<24) ) | |
3d27ac8d | 142 | # define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ |
0f113f3e MC |
143 | *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ |
144 | *((c)++)=(unsigned char)(((l)>>16)&0xff), \ | |
145 | *((c)++)=(unsigned char)(((l)>>24)&0xff), \ | |
146 | l) | |
bd3576d2 | 147 | |
3d27ac8d | 148 | # endif |
bd3576d2 UM |
149 | |
150 | /* | |
19f05ebc | 151 | * Time for some action :-) |
bd3576d2 UM |
152 | */ |
153 | ||
0f113f3e MC |
154 | int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len) |
155 | { | |
156 | const unsigned char *data = data_; | |
157 | unsigned char *p; | |
158 | HASH_LONG l; | |
159 | size_t n; | |
bd3576d2 | 160 | |
0f113f3e MC |
161 | if (len == 0) |
162 | return 1; | |
bd3576d2 | 163 | |
0f113f3e | 164 | l = (c->Nl + (((HASH_LONG) len) << 3)) & 0xffffffffUL; |
0f113f3e MC |
165 | if (l < c->Nl) /* overflow */ |
166 | c->Nh++; | |
167 | c->Nh += (HASH_LONG) (len >> 29); /* might cause compiler warning on | |
168 | * 16-bit */ | |
169 | c->Nl = l; | |
170 | ||
171 | n = c->num; | |
172 | if (n != 0) { | |
173 | p = (unsigned char *)c->data; | |
174 | ||
175 | if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) { | |
176 | memcpy(p + n, data, HASH_CBLOCK - n); | |
177 | HASH_BLOCK_DATA_ORDER(c, p, 1); | |
178 | n = HASH_CBLOCK - n; | |
179 | data += n; | |
180 | len -= n; | |
181 | c->num = 0; | |
3ce2fdab MC |
182 | /* |
183 | * We use memset rather than OPENSSL_cleanse() here deliberately. | |
184 | * Using OPENSSL_cleanse() here could be a performance issue. It | |
185 | * will get properly cleansed on finalisation so this isn't a | |
186 | * security problem. | |
187 | */ | |
0f113f3e MC |
188 | memset(p, 0, HASH_CBLOCK); /* keep it zeroed */ |
189 | } else { | |
190 | memcpy(p + n, data, len); | |
191 | c->num += (unsigned int)len; | |
192 | return 1; | |
193 | } | |
194 | } | |
195 | ||
196 | n = len / HASH_CBLOCK; | |
197 | if (n > 0) { | |
198 | HASH_BLOCK_DATA_ORDER(c, data, n); | |
199 | n *= HASH_CBLOCK; | |
200 | data += n; | |
201 | len -= n; | |
202 | } | |
203 | ||
204 | if (len != 0) { | |
205 | p = (unsigned char *)c->data; | |
206 | c->num = (unsigned int)len; | |
207 | memcpy(p, data, len); | |
208 | } | |
209 | return 1; | |
210 | } | |
211 | ||
212 | void HASH_TRANSFORM(HASH_CTX *c, const unsigned char *data) | |
213 | { | |
214 | HASH_BLOCK_DATA_ORDER(c, data, 1); | |
215 | } | |
216 | ||
217 | int HASH_FINAL(unsigned char *md, HASH_CTX *c) | |
218 | { | |
219 | unsigned char *p = (unsigned char *)c->data; | |
220 | size_t n = c->num; | |
221 | ||
222 | p[n] = 0x80; /* there is always room for one */ | |
223 | n++; | |
224 | ||
225 | if (n > (HASH_CBLOCK - 8)) { | |
226 | memset(p + n, 0, HASH_CBLOCK - n); | |
227 | n = 0; | |
228 | HASH_BLOCK_DATA_ORDER(c, p, 1); | |
229 | } | |
230 | memset(p + n, 0, HASH_CBLOCK - 8 - n); | |
231 | ||
232 | p += HASH_CBLOCK - 8; | |
3d27ac8d | 233 | # if defined(DATA_ORDER_IS_BIG_ENDIAN) |
0f113f3e MC |
234 | (void)HOST_l2c(c->Nh, p); |
235 | (void)HOST_l2c(c->Nl, p); | |
3d27ac8d | 236 | # elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) |
0f113f3e MC |
237 | (void)HOST_l2c(c->Nl, p); |
238 | (void)HOST_l2c(c->Nh, p); | |
3d27ac8d | 239 | # endif |
0f113f3e MC |
240 | p -= HASH_CBLOCK; |
241 | HASH_BLOCK_DATA_ORDER(c, p, 1); | |
242 | c->num = 0; | |
3ce2fdab | 243 | OPENSSL_cleanse(p, HASH_CBLOCK); |
bd3576d2 | 244 | |
3d27ac8d WL |
245 | # ifndef HASH_MAKE_STRING |
246 | # error "HASH_MAKE_STRING must be defined!" | |
247 | # else | |
0f113f3e | 248 | HASH_MAKE_STRING(c, md); |
3d27ac8d | 249 | # endif |
bd3576d2 | 250 | |
0f113f3e MC |
251 | return 1; |
252 | } | |
2f98abbc | 253 | |
3d27ac8d WL |
254 | # ifndef MD32_REG_T |
255 | # if defined(__alpha) || defined(__sparcv9) || defined(__mips) | |
256 | # define MD32_REG_T long | |
2f98abbc | 257 | /* |
8483a003 | 258 | * This comment was originally written for MD5, which is why it |
2f98abbc AP |
259 | * discusses A-D. But it basically applies to all 32-bit digests, |
260 | * which is why it was moved to common header file. | |
261 | * | |
262 | * In case you wonder why A-D are declared as long and not | |
263 | * as MD5_LONG. Doing so results in slight performance | |
264 | * boost on LP64 architectures. The catch is we don't | |
265 | * really care if 32 MSBs of a 64-bit register get polluted | |
266 | * with eventual overflows as we *save* only 32 LSBs in | |
267 | * *either* case. Now declaring 'em long excuses the compiler | |
268 | * from keeping 32 MSBs zeroed resulting in 13% performance | |
269 | * improvement under SPARC Solaris7/64 and 5% under AlphaLinux. | |
0f113f3e | 270 | * Well, to be honest it should say that this *prevents* |
2f98abbc | 271 | * performance degradation. |
30ab7af2 | 272 | */ |
3d27ac8d | 273 | # else |
30ab7af2 AP |
274 | /* |
275 | * Above is not absolute and there are LP64 compilers that | |
276 | * generate better code if MD32_REG_T is defined int. The above | |
277 | * pre-processor condition reflects the circumstances under which | |
278 | * the conclusion was made and is subject to further extension. | |
2f98abbc | 279 | */ |
3d27ac8d WL |
280 | # define MD32_REG_T int |
281 | # endif | |
0f113f3e | 282 | # endif |
3d27ac8d | 283 | |
2f98abbc | 284 | #endif |