]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/sha/sha_locl.h
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Reorganize private crypto header files
[thirdparty/openssl.git] / crypto / sha / sha_locl.h
1 /*
2 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdlib.h>
11 #include <string.h>
12
13 #include <openssl/opensslconf.h>
14 #include <openssl/sha.h>
15
16 #define DATA_ORDER_IS_BIG_ENDIAN
17
18 #define HASH_LONG SHA_LONG
19 #define HASH_CTX SHA_CTX
20 #define HASH_CBLOCK SHA_CBLOCK
21 #define HASH_MAKE_STRING(c,s) do { \
22 unsigned long ll; \
23 ll=(c)->h0; (void)HOST_l2c(ll,(s)); \
24 ll=(c)->h1; (void)HOST_l2c(ll,(s)); \
25 ll=(c)->h2; (void)HOST_l2c(ll,(s)); \
26 ll=(c)->h3; (void)HOST_l2c(ll,(s)); \
27 ll=(c)->h4; (void)HOST_l2c(ll,(s)); \
28 } while (0)
29
30 #define HASH_UPDATE SHA1_Update
31 #define HASH_TRANSFORM SHA1_Transform
32 #define HASH_FINAL SHA1_Final
33 #define HASH_INIT SHA1_Init
34 #define HASH_BLOCK_DATA_ORDER sha1_block_data_order
35 #define Xupdate(a,ix,ia,ib,ic,id) ( (a)=(ia^ib^ic^id), \
36 ix=(a)=ROTATE((a),1) \
37 )
38
39 #ifndef SHA1_ASM
40 static void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num);
41 #else
42 void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num);
43 #endif
44
45 #include "crypto/md32_common.h"
46
47 #define INIT_DATA_h0 0x67452301UL
48 #define INIT_DATA_h1 0xefcdab89UL
49 #define INIT_DATA_h2 0x98badcfeUL
50 #define INIT_DATA_h3 0x10325476UL
51 #define INIT_DATA_h4 0xc3d2e1f0UL
52
53 int HASH_INIT(SHA_CTX *c)
54 {
55 memset(c, 0, sizeof(*c));
56 c->h0 = INIT_DATA_h0;
57 c->h1 = INIT_DATA_h1;
58 c->h2 = INIT_DATA_h2;
59 c->h3 = INIT_DATA_h3;
60 c->h4 = INIT_DATA_h4;
61 return 1;
62 }
63
64 #define K_00_19 0x5a827999UL
65 #define K_20_39 0x6ed9eba1UL
66 #define K_40_59 0x8f1bbcdcUL
67 #define K_60_79 0xca62c1d6UL
68
69 /*
70 * As pointed out by Wei Dai, F() below can be simplified to the code in
71 * F_00_19. Wei attributes these optimizations to Peter Gutmann's SHS code,
72 * and he attributes it to Rich Schroeppel.
73 * #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z)))
74 * I've just become aware of another tweak to be made, again from Wei Dai,
75 * in F_40_59, (x&a)|(y&a) -> (x|y)&a
76 */
77 #define F_00_19(b,c,d) ((((c) ^ (d)) & (b)) ^ (d))
78 #define F_20_39(b,c,d) ((b) ^ (c) ^ (d))
79 #define F_40_59(b,c,d) (((b) & (c)) | (((b)|(c)) & (d)))
80 #define F_60_79(b,c,d) F_20_39(b,c,d)
81
82 #ifndef OPENSSL_SMALL_FOOTPRINT
83
84 # define BODY_00_15(i,a,b,c,d,e,f,xi) \
85 (f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
86 (b)=ROTATE((b),30);
87
88 # define BODY_16_19(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \
89 Xupdate(f,xi,xa,xb,xc,xd); \
90 (f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
91 (b)=ROTATE((b),30);
92
93 # define BODY_20_31(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \
94 Xupdate(f,xi,xa,xb,xc,xd); \
95 (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
96 (b)=ROTATE((b),30);
97
98 # define BODY_32_39(i,a,b,c,d,e,f,xa,xb,xc,xd) \
99 Xupdate(f,xa,xa,xb,xc,xd); \
100 (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
101 (b)=ROTATE((b),30);
102
103 # define BODY_40_59(i,a,b,c,d,e,f,xa,xb,xc,xd) \
104 Xupdate(f,xa,xa,xb,xc,xd); \
105 (f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \
106 (b)=ROTATE((b),30);
107
108 # define BODY_60_79(i,a,b,c,d,e,f,xa,xb,xc,xd) \
109 Xupdate(f,xa,xa,xb,xc,xd); \
110 (f)=xa+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \
111 (b)=ROTATE((b),30);
112
113 # ifdef X
114 # undef X
115 # endif
116 # ifndef MD32_XARRAY
117 /*
118 * Originally X was an array. As it's automatic it's natural
119 * to expect RISC compiler to accommodate at least part of it in
120 * the register bank, isn't it? Unfortunately not all compilers
121 * "find" this expectation reasonable:-( On order to make such
122 * compilers generate better code I replace X[] with a bunch of
123 * X0, X1, etc. See the function body below...
124 */
125 # define X(i) XX##i
126 # else
127 /*
128 * However! Some compilers (most notably HP C) get overwhelmed by
129 * that many local variables so that we have to have the way to
130 * fall down to the original behavior.
131 */
132 # define X(i) XX[i]
133 # endif
134
135 # if !defined(SHA1_ASM)
136 static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num)
137 {
138 const unsigned char *data = p;
139 register unsigned MD32_REG_T A, B, C, D, E, T, l;
140 # ifndef MD32_XARRAY
141 unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
142 XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15;
143 # else
144 SHA_LONG XX[16];
145 # endif
146
147 A = c->h0;
148 B = c->h1;
149 C = c->h2;
150 D = c->h3;
151 E = c->h4;
152
153 for (;;) {
154 const union {
155 long one;
156 char little;
157 } is_endian = {
158 1
159 };
160
161 if (!is_endian.little && sizeof(SHA_LONG) == 4
162 && ((size_t)p % 4) == 0) {
163 const SHA_LONG *W = (const SHA_LONG *)data;
164
165 X(0) = W[0];
166 X(1) = W[1];
167 BODY_00_15(0, A, B, C, D, E, T, X(0));
168 X(2) = W[2];
169 BODY_00_15(1, T, A, B, C, D, E, X(1));
170 X(3) = W[3];
171 BODY_00_15(2, E, T, A, B, C, D, X(2));
172 X(4) = W[4];
173 BODY_00_15(3, D, E, T, A, B, C, X(3));
174 X(5) = W[5];
175 BODY_00_15(4, C, D, E, T, A, B, X(4));
176 X(6) = W[6];
177 BODY_00_15(5, B, C, D, E, T, A, X(5));
178 X(7) = W[7];
179 BODY_00_15(6, A, B, C, D, E, T, X(6));
180 X(8) = W[8];
181 BODY_00_15(7, T, A, B, C, D, E, X(7));
182 X(9) = W[9];
183 BODY_00_15(8, E, T, A, B, C, D, X(8));
184 X(10) = W[10];
185 BODY_00_15(9, D, E, T, A, B, C, X(9));
186 X(11) = W[11];
187 BODY_00_15(10, C, D, E, T, A, B, X(10));
188 X(12) = W[12];
189 BODY_00_15(11, B, C, D, E, T, A, X(11));
190 X(13) = W[13];
191 BODY_00_15(12, A, B, C, D, E, T, X(12));
192 X(14) = W[14];
193 BODY_00_15(13, T, A, B, C, D, E, X(13));
194 X(15) = W[15];
195 BODY_00_15(14, E, T, A, B, C, D, X(14));
196 BODY_00_15(15, D, E, T, A, B, C, X(15));
197
198 data += SHA_CBLOCK;
199 } else {
200 (void)HOST_c2l(data, l);
201 X(0) = l;
202 (void)HOST_c2l(data, l);
203 X(1) = l;
204 BODY_00_15(0, A, B, C, D, E, T, X(0));
205 (void)HOST_c2l(data, l);
206 X(2) = l;
207 BODY_00_15(1, T, A, B, C, D, E, X(1));
208 (void)HOST_c2l(data, l);
209 X(3) = l;
210 BODY_00_15(2, E, T, A, B, C, D, X(2));
211 (void)HOST_c2l(data, l);
212 X(4) = l;
213 BODY_00_15(3, D, E, T, A, B, C, X(3));
214 (void)HOST_c2l(data, l);
215 X(5) = l;
216 BODY_00_15(4, C, D, E, T, A, B, X(4));
217 (void)HOST_c2l(data, l);
218 X(6) = l;
219 BODY_00_15(5, B, C, D, E, T, A, X(5));
220 (void)HOST_c2l(data, l);
221 X(7) = l;
222 BODY_00_15(6, A, B, C, D, E, T, X(6));
223 (void)HOST_c2l(data, l);
224 X(8) = l;
225 BODY_00_15(7, T, A, B, C, D, E, X(7));
226 (void)HOST_c2l(data, l);
227 X(9) = l;
228 BODY_00_15(8, E, T, A, B, C, D, X(8));
229 (void)HOST_c2l(data, l);
230 X(10) = l;
231 BODY_00_15(9, D, E, T, A, B, C, X(9));
232 (void)HOST_c2l(data, l);
233 X(11) = l;
234 BODY_00_15(10, C, D, E, T, A, B, X(10));
235 (void)HOST_c2l(data, l);
236 X(12) = l;
237 BODY_00_15(11, B, C, D, E, T, A, X(11));
238 (void)HOST_c2l(data, l);
239 X(13) = l;
240 BODY_00_15(12, A, B, C, D, E, T, X(12));
241 (void)HOST_c2l(data, l);
242 X(14) = l;
243 BODY_00_15(13, T, A, B, C, D, E, X(13));
244 (void)HOST_c2l(data, l);
245 X(15) = l;
246 BODY_00_15(14, E, T, A, B, C, D, X(14));
247 BODY_00_15(15, D, E, T, A, B, C, X(15));
248 }
249
250 BODY_16_19(16, C, D, E, T, A, B, X(0), X(0), X(2), X(8), X(13));
251 BODY_16_19(17, B, C, D, E, T, A, X(1), X(1), X(3), X(9), X(14));
252 BODY_16_19(18, A, B, C, D, E, T, X(2), X(2), X(4), X(10), X(15));
253 BODY_16_19(19, T, A, B, C, D, E, X(3), X(3), X(5), X(11), X(0));
254
255 BODY_20_31(20, E, T, A, B, C, D, X(4), X(4), X(6), X(12), X(1));
256 BODY_20_31(21, D, E, T, A, B, C, X(5), X(5), X(7), X(13), X(2));
257 BODY_20_31(22, C, D, E, T, A, B, X(6), X(6), X(8), X(14), X(3));
258 BODY_20_31(23, B, C, D, E, T, A, X(7), X(7), X(9), X(15), X(4));
259 BODY_20_31(24, A, B, C, D, E, T, X(8), X(8), X(10), X(0), X(5));
260 BODY_20_31(25, T, A, B, C, D, E, X(9), X(9), X(11), X(1), X(6));
261 BODY_20_31(26, E, T, A, B, C, D, X(10), X(10), X(12), X(2), X(7));
262 BODY_20_31(27, D, E, T, A, B, C, X(11), X(11), X(13), X(3), X(8));
263 BODY_20_31(28, C, D, E, T, A, B, X(12), X(12), X(14), X(4), X(9));
264 BODY_20_31(29, B, C, D, E, T, A, X(13), X(13), X(15), X(5), X(10));
265 BODY_20_31(30, A, B, C, D, E, T, X(14), X(14), X(0), X(6), X(11));
266 BODY_20_31(31, T, A, B, C, D, E, X(15), X(15), X(1), X(7), X(12));
267
268 BODY_32_39(32, E, T, A, B, C, D, X(0), X(2), X(8), X(13));
269 BODY_32_39(33, D, E, T, A, B, C, X(1), X(3), X(9), X(14));
270 BODY_32_39(34, C, D, E, T, A, B, X(2), X(4), X(10), X(15));
271 BODY_32_39(35, B, C, D, E, T, A, X(3), X(5), X(11), X(0));
272 BODY_32_39(36, A, B, C, D, E, T, X(4), X(6), X(12), X(1));
273 BODY_32_39(37, T, A, B, C, D, E, X(5), X(7), X(13), X(2));
274 BODY_32_39(38, E, T, A, B, C, D, X(6), X(8), X(14), X(3));
275 BODY_32_39(39, D, E, T, A, B, C, X(7), X(9), X(15), X(4));
276
277 BODY_40_59(40, C, D, E, T, A, B, X(8), X(10), X(0), X(5));
278 BODY_40_59(41, B, C, D, E, T, A, X(9), X(11), X(1), X(6));
279 BODY_40_59(42, A, B, C, D, E, T, X(10), X(12), X(2), X(7));
280 BODY_40_59(43, T, A, B, C, D, E, X(11), X(13), X(3), X(8));
281 BODY_40_59(44, E, T, A, B, C, D, X(12), X(14), X(4), X(9));
282 BODY_40_59(45, D, E, T, A, B, C, X(13), X(15), X(5), X(10));
283 BODY_40_59(46, C, D, E, T, A, B, X(14), X(0), X(6), X(11));
284 BODY_40_59(47, B, C, D, E, T, A, X(15), X(1), X(7), X(12));
285 BODY_40_59(48, A, B, C, D, E, T, X(0), X(2), X(8), X(13));
286 BODY_40_59(49, T, A, B, C, D, E, X(1), X(3), X(9), X(14));
287 BODY_40_59(50, E, T, A, B, C, D, X(2), X(4), X(10), X(15));
288 BODY_40_59(51, D, E, T, A, B, C, X(3), X(5), X(11), X(0));
289 BODY_40_59(52, C, D, E, T, A, B, X(4), X(6), X(12), X(1));
290 BODY_40_59(53, B, C, D, E, T, A, X(5), X(7), X(13), X(2));
291 BODY_40_59(54, A, B, C, D, E, T, X(6), X(8), X(14), X(3));
292 BODY_40_59(55, T, A, B, C, D, E, X(7), X(9), X(15), X(4));
293 BODY_40_59(56, E, T, A, B, C, D, X(8), X(10), X(0), X(5));
294 BODY_40_59(57, D, E, T, A, B, C, X(9), X(11), X(1), X(6));
295 BODY_40_59(58, C, D, E, T, A, B, X(10), X(12), X(2), X(7));
296 BODY_40_59(59, B, C, D, E, T, A, X(11), X(13), X(3), X(8));
297
298 BODY_60_79(60, A, B, C, D, E, T, X(12), X(14), X(4), X(9));
299 BODY_60_79(61, T, A, B, C, D, E, X(13), X(15), X(5), X(10));
300 BODY_60_79(62, E, T, A, B, C, D, X(14), X(0), X(6), X(11));
301 BODY_60_79(63, D, E, T, A, B, C, X(15), X(1), X(7), X(12));
302 BODY_60_79(64, C, D, E, T, A, B, X(0), X(2), X(8), X(13));
303 BODY_60_79(65, B, C, D, E, T, A, X(1), X(3), X(9), X(14));
304 BODY_60_79(66, A, B, C, D, E, T, X(2), X(4), X(10), X(15));
305 BODY_60_79(67, T, A, B, C, D, E, X(3), X(5), X(11), X(0));
306 BODY_60_79(68, E, T, A, B, C, D, X(4), X(6), X(12), X(1));
307 BODY_60_79(69, D, E, T, A, B, C, X(5), X(7), X(13), X(2));
308 BODY_60_79(70, C, D, E, T, A, B, X(6), X(8), X(14), X(3));
309 BODY_60_79(71, B, C, D, E, T, A, X(7), X(9), X(15), X(4));
310 BODY_60_79(72, A, B, C, D, E, T, X(8), X(10), X(0), X(5));
311 BODY_60_79(73, T, A, B, C, D, E, X(9), X(11), X(1), X(6));
312 BODY_60_79(74, E, T, A, B, C, D, X(10), X(12), X(2), X(7));
313 BODY_60_79(75, D, E, T, A, B, C, X(11), X(13), X(3), X(8));
314 BODY_60_79(76, C, D, E, T, A, B, X(12), X(14), X(4), X(9));
315 BODY_60_79(77, B, C, D, E, T, A, X(13), X(15), X(5), X(10));
316 BODY_60_79(78, A, B, C, D, E, T, X(14), X(0), X(6), X(11));
317 BODY_60_79(79, T, A, B, C, D, E, X(15), X(1), X(7), X(12));
318
319 c->h0 = (c->h0 + E) & 0xffffffffL;
320 c->h1 = (c->h1 + T) & 0xffffffffL;
321 c->h2 = (c->h2 + A) & 0xffffffffL;
322 c->h3 = (c->h3 + B) & 0xffffffffL;
323 c->h4 = (c->h4 + C) & 0xffffffffL;
324
325 if (--num == 0)
326 break;
327
328 A = c->h0;
329 B = c->h1;
330 C = c->h2;
331 D = c->h3;
332 E = c->h4;
333
334 }
335 }
336 # endif
337
338 #else /* OPENSSL_SMALL_FOOTPRINT */
339
340 # define BODY_00_15(xi) do { \
341 T=E+K_00_19+F_00_19(B,C,D); \
342 E=D, D=C, C=ROTATE(B,30), B=A; \
343 A=ROTATE(A,5)+T+xi; } while(0)
344
345 # define BODY_16_19(xa,xb,xc,xd) do { \
346 Xupdate(T,xa,xa,xb,xc,xd); \
347 T+=E+K_00_19+F_00_19(B,C,D); \
348 E=D, D=C, C=ROTATE(B,30), B=A; \
349 A=ROTATE(A,5)+T; } while(0)
350
351 # define BODY_20_39(xa,xb,xc,xd) do { \
352 Xupdate(T,xa,xa,xb,xc,xd); \
353 T+=E+K_20_39+F_20_39(B,C,D); \
354 E=D, D=C, C=ROTATE(B,30), B=A; \
355 A=ROTATE(A,5)+T; } while(0)
356
357 # define BODY_40_59(xa,xb,xc,xd) do { \
358 Xupdate(T,xa,xa,xb,xc,xd); \
359 T+=E+K_40_59+F_40_59(B,C,D); \
360 E=D, D=C, C=ROTATE(B,30), B=A; \
361 A=ROTATE(A,5)+T; } while(0)
362
363 # define BODY_60_79(xa,xb,xc,xd) do { \
364 Xupdate(T,xa,xa,xb,xc,xd); \
365 T=E+K_60_79+F_60_79(B,C,D); \
366 E=D, D=C, C=ROTATE(B,30), B=A; \
367 A=ROTATE(A,5)+T+xa; } while(0)
368
369 # if !defined(SHA1_ASM)
370 static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num)
371 {
372 const unsigned char *data = p;
373 register unsigned MD32_REG_T A, B, C, D, E, T, l;
374 int i;
375 SHA_LONG X[16];
376
377 A = c->h0;
378 B = c->h1;
379 C = c->h2;
380 D = c->h3;
381 E = c->h4;
382
383 for (;;) {
384 for (i = 0; i < 16; i++) {
385 (void)HOST_c2l(data, l);
386 X[i] = l;
387 BODY_00_15(X[i]);
388 }
389 for (i = 0; i < 4; i++) {
390 BODY_16_19(X[i], X[i + 2], X[i + 8], X[(i + 13) & 15]);
391 }
392 for (; i < 24; i++) {
393 BODY_20_39(X[i & 15], X[(i + 2) & 15], X[(i + 8) & 15],
394 X[(i + 13) & 15]);
395 }
396 for (i = 0; i < 20; i++) {
397 BODY_40_59(X[(i + 8) & 15], X[(i + 10) & 15], X[i & 15],
398 X[(i + 5) & 15]);
399 }
400 for (i = 4; i < 24; i++) {
401 BODY_60_79(X[(i + 8) & 15], X[(i + 10) & 15], X[i & 15],
402 X[(i + 5) & 15]);
403 }
404
405 c->h0 = (c->h0 + A) & 0xffffffffL;
406 c->h1 = (c->h1 + B) & 0xffffffffL;
407 c->h2 = (c->h2 + C) & 0xffffffffL;
408 c->h3 = (c->h3 + D) & 0xffffffffL;
409 c->h4 = (c->h4 + E) & 0xffffffffL;
410
411 if (--num == 0)
412 break;
413
414 A = c->h0;
415 B = c->h1;
416 C = c->h2;
417 D = c->h3;
418 E = c->h4;
419
420 }
421 }
422 # endif
423
424 #endif
A mirror of the official openssl repository