GNU libmicrohttpd 1.0.1
Loading...
Searching...
No Matches
sha256.c
Go to the documentation of this file.
1/*
2 This file is part of libmicrohttpd
3 Copyright (C) 2019-2023 Evgeny Grin (Karlson2k)
4
5 libmicrohttpd is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
9
10 This library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
14
15 You should have received a copy of the GNU Lesser General Public
16 License along with this library.
17 If not, see <http://www.gnu.org/licenses/>.
18*/
19
26#include "sha256.h"
27
28#include <string.h>
29#ifdef HAVE_MEMORY_H
30#include <memory.h>
31#endif /* HAVE_MEMORY_H */
32#include "mhd_bithelpers.h"
33#include "mhd_assert.h"
34
40void
42{
43 /* Initial hash values, see FIPS PUB 180-4 paragraph 5.3.3 */
44 /* First thirty-two bits of the fractional parts of the square
45 * roots of the first eight prime numbers: 2, 3, 5, 7, 11, 13,
46 * 17, 19." */
47 ctx->H[0] = UINT32_C (0x6a09e667);
48 ctx->H[1] = UINT32_C (0xbb67ae85);
49 ctx->H[2] = UINT32_C (0x3c6ef372);
50 ctx->H[3] = UINT32_C (0xa54ff53a);
51 ctx->H[4] = UINT32_C (0x510e527f);
52 ctx->H[5] = UINT32_C (0x9b05688c);
53 ctx->H[6] = UINT32_C (0x1f83d9ab);
54 ctx->H[7] = UINT32_C (0x5be0cd19);
55
56 /* Initialise number of bytes. */
57 ctx->count = 0;
58}
59
60
62
69static void
71 const void *data)
72{
73 /* Working variables,
74 see FIPS PUB 180-4 paragraph 6.2. */
75 uint32_t a = H[0];
76 uint32_t b = H[1];
77 uint32_t c = H[2];
78 uint32_t d = H[3];
79 uint32_t e = H[4];
80 uint32_t f = H[5];
81 uint32_t g = H[6];
82 uint32_t h = H[7];
83
84 /* Data buffer, used as cyclic buffer.
85 See FIPS PUB 180-4 paragraphs 5.2.1, 6.2. */
86 uint32_t W[16];
87
88#ifndef _MHD_GET_32BIT_BE_UNALIGNED
89 if (0 != (((uintptr_t) data) % _MHD_UINT32_ALIGN))
90 {
91 /* Copy the unaligned input data to the aligned buffer */
93 /* The W[] buffer itself will be used as the source of the data,
94 * but data will be reloaded in correct bytes order during
95 * the next steps */
96 data = (const void *) W;
97 }
98#endif /* _MHD_GET_32BIT_BE_UNALIGNED */
99
100 /* 'Ch' and 'Maj' macro functions are defined with
101 widely-used optimization.
102 See FIPS PUB 180-4 formulae 4.2, 4.3. */
103#define Ch(x,y,z) ( (z) ^ ((x) & ((y) ^ (z))) )
104#define Maj(x,y,z) ( ((x) & (y)) ^ ((z) & ((x) ^ (y))) )
105 /* Unoptimized (original) versions: */
106/* #define Ch(x,y,z) ( ( (x) & (y) ) ^ ( ~(x) & (z) ) ) */
107/* #define Maj(x,y,z) ( ((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)) ) */
108
109 /* Four 'Sigma' macro functions.
110 See FIPS PUB 180-4 formulae 4.4, 4.5, 4.6, 4.7. */
111#define SIG0(x) (_MHD_ROTR32 ((x), 2) ^ _MHD_ROTR32 ((x), 13) ^ \
112 _MHD_ROTR32 ((x), 22) )
113#define SIG1(x) (_MHD_ROTR32 ((x), 6) ^ _MHD_ROTR32 ((x), 11) ^ \
114 _MHD_ROTR32 ((x), 25) )
115#define sig0(x) (_MHD_ROTR32 ((x), 7) ^ _MHD_ROTR32 ((x), 18) ^ \
116 ((x) >> 3) )
117#define sig1(x) (_MHD_ROTR32 ((x), 17) ^ _MHD_ROTR32 ((x),19) ^ \
118 ((x) >> 10) )
119
120 /* One step of SHA-256 computation,
121 see FIPS PUB 180-4 paragraph 6.2.2 step 3.
122 * Note: this macro updates working variables in-place, without rotation.
123 * Note: first (vH += SIG1(vE) + Ch(vE,vF,vG) + kt + wt) equals T1 in FIPS PUB 180-4 paragraph 6.2.2 step 3.
124 second (vH += SIG0(vA) + Maj(vE,vF,vC) equals T1 + T2 in FIPS PUB 180-4 paragraph 6.2.2 step 3.
125 * Note: 'wt' must be used exactly one time in this macro as it change other data as well
126 every time when used. */
127#define SHA2STEP32(vA,vB,vC,vD,vE,vF,vG,vH,kt,wt) do { \
128 (vD) += ((vH) += SIG1 ((vE)) + Ch ((vE),(vF),(vG)) + (kt) + (wt)); \
129 (vH) += SIG0 ((vA)) + Maj ((vA),(vB),(vC)); } while (0)
130
131 /* Get value of W(t) from input data buffer,
132 See FIPS PUB 180-4 paragraph 6.2.
133 Input data must be read in big-endian bytes order,
134 see FIPS PUB 180-4 paragraph 3.1.2. */
135 /* Use cast to (const void*) to mute compiler alignment warning,
136 * data was already aligned in previous step */
137#define GET_W_FROM_DATA(buf,t) \
138 _MHD_GET_32BIT_BE ((const void*)(((const uint8_t*) (buf)) + \
139 (t) * SHA256_BYTES_IN_WORD))
140
141 /* 'W' generation and assignment for 16 <= t <= 63.
142 See FIPS PUB 180-4 paragraph 6.2.2.
143 As only last 16 'W' are used in calculations, it is possible to
144 use 16 elements array of W as cyclic buffer.
145 * Note: ((t-16)&0xf) have same value as (t&0xf) */
146#define Wgen(w,t) ( (w)[(t - 16) & 0xf] + sig1 ((w)[((t) - 2) & 0xf]) \
147 + (w)[((t) - 7) & 0xf] + sig0 ((w)[((t) - 15) & 0xf]) )
148
149#ifndef MHD_FAVOR_SMALL_CODE
150
151 /* Note: instead of using K constants as array, all K values are specified
152 individually for each step, see FIPS PUB 180-4 paragraph 4.2.2 for
153 K values. */
154 /* Note: instead of reassigning all working variables on each step,
155 variables are rotated for each step:
156 SHA2STEP32(a, b, c, d, e, f, g, h, K[0], data[0]);
157 SHA2STEP32(h, a, b, c, d, e, f, g, K[1], data[1]);
158 so current 'vD' will be used as 'vE' on next step,
159 current 'vH' will be used as 'vA' on next step. */
160#if _MHD_BYTE_ORDER == _MHD_BIG_ENDIAN
161 if ((const void *) W == data)
162 {
163 /* The input data is already in the cyclic data buffer W[] in correct bytes
164 order. */
165 SHA2STEP32 (a, b, c, d, e, f, g, h, UINT32_C (0x428a2f98), W[0]);
166 SHA2STEP32 (h, a, b, c, d, e, f, g, UINT32_C (0x71374491), W[1]);
167 SHA2STEP32 (g, h, a, b, c, d, e, f, UINT32_C (0xb5c0fbcf), W[2]);
168 SHA2STEP32 (f, g, h, a, b, c, d, e, UINT32_C (0xe9b5dba5), W[3]);
169 SHA2STEP32 (e, f, g, h, a, b, c, d, UINT32_C (0x3956c25b), W[4]);
170 SHA2STEP32 (d, e, f, g, h, a, b, c, UINT32_C (0x59f111f1), W[5]);
171 SHA2STEP32 (c, d, e, f, g, h, a, b, UINT32_C (0x923f82a4), W[6]);
172 SHA2STEP32 (b, c, d, e, f, g, h, a, UINT32_C (0xab1c5ed5), W[7]);
173 SHA2STEP32 (a, b, c, d, e, f, g, h, UINT32_C (0xd807aa98), W[8]);
174 SHA2STEP32 (h, a, b, c, d, e, f, g, UINT32_C (0x12835b01), W[9]);
175 SHA2STEP32 (g, h, a, b, c, d, e, f, UINT32_C (0x243185be), W[10]);
176 SHA2STEP32 (f, g, h, a, b, c, d, e, UINT32_C (0x550c7dc3), W[11]);
177 SHA2STEP32 (e, f, g, h, a, b, c, d, UINT32_C (0x72be5d74), W[12]);
178 SHA2STEP32 (d, e, f, g, h, a, b, c, UINT32_C (0x80deb1fe), W[13]);
179 SHA2STEP32 (c, d, e, f, g, h, a, b, UINT32_C (0x9bdc06a7), W[14]);
180 SHA2STEP32 (b, c, d, e, f, g, h, a, UINT32_C (0xc19bf174), W[15]);
181 }
182 else /* Combined with the next 'if' */
183#endif /* _MHD_BYTE_ORDER == _MHD_BIG_ENDIAN */
184 if (1)
185 {
186 /* During first 16 steps, before making any calculations on each step,
187 the W element is read from input data buffer as big-endian value and
188 stored in array of W elements. */
189 SHA2STEP32 (a, b, c, d, e, f, g, h, UINT32_C (0x428a2f98), W[0] = \
190 GET_W_FROM_DATA (data, 0));
191 SHA2STEP32 (h, a, b, c, d, e, f, g, UINT32_C (0x71374491), W[1] = \
192 GET_W_FROM_DATA (data, 1));
193 SHA2STEP32 (g, h, a, b, c, d, e, f, UINT32_C (0xb5c0fbcf), W[2] = \
194 GET_W_FROM_DATA (data, 2));
195 SHA2STEP32 (f, g, h, a, b, c, d, e, UINT32_C (0xe9b5dba5), W[3] = \
196 GET_W_FROM_DATA (data, 3));
197 SHA2STEP32 (e, f, g, h, a, b, c, d, UINT32_C (0x3956c25b), W[4] = \
198 GET_W_FROM_DATA (data, 4));
199 SHA2STEP32 (d, e, f, g, h, a, b, c, UINT32_C (0x59f111f1), W[5] = \
200 GET_W_FROM_DATA (data, 5));
201 SHA2STEP32 (c, d, e, f, g, h, a, b, UINT32_C (0x923f82a4), W[6] = \
202 GET_W_FROM_DATA (data, 6));
203 SHA2STEP32 (b, c, d, e, f, g, h, a, UINT32_C (0xab1c5ed5), W[7] = \
204 GET_W_FROM_DATA (data, 7));
205 SHA2STEP32 (a, b, c, d, e, f, g, h, UINT32_C (0xd807aa98), W[8] = \
206 GET_W_FROM_DATA (data, 8));
207 SHA2STEP32 (h, a, b, c, d, e, f, g, UINT32_C (0x12835b01), W[9] = \
208 GET_W_FROM_DATA (data, 9));
209 SHA2STEP32 (g, h, a, b, c, d, e, f, UINT32_C (0x243185be), W[10] = \
210 GET_W_FROM_DATA (data, 10));
211 SHA2STEP32 (f, g, h, a, b, c, d, e, UINT32_C (0x550c7dc3), W[11] = \
212 GET_W_FROM_DATA (data, 11));
213 SHA2STEP32 (e, f, g, h, a, b, c, d, UINT32_C (0x72be5d74), W[12] = \
214 GET_W_FROM_DATA (data, 12));
215 SHA2STEP32 (d, e, f, g, h, a, b, c, UINT32_C (0x80deb1fe), W[13] = \
216 GET_W_FROM_DATA (data, 13));
217 SHA2STEP32 (c, d, e, f, g, h, a, b, UINT32_C (0x9bdc06a7), W[14] = \
218 GET_W_FROM_DATA (data, 14));
219 SHA2STEP32 (b, c, d, e, f, g, h, a, UINT32_C (0xc19bf174), W[15] = \
220 GET_W_FROM_DATA (data, 15));
221 }
222
223 /* During last 48 steps, before making any calculations on each step,
224 current W element is generated from other W elements of the cyclic buffer
225 and the generated value is stored back in the cyclic buffer. */
226 /* Note: instead of using K constants as array, all K values are specified
227 individually for each step, see FIPS PUB 180-4 paragraph 4.2.2 for K values. */
228 SHA2STEP32 (a, b, c, d, e, f, g, h, UINT32_C (0xe49b69c1), W[16 & 0xf] = \
229 Wgen (W,16));
230 SHA2STEP32 (h, a, b, c, d, e, f, g, UINT32_C (0xefbe4786), W[17 & 0xf] = \
231 Wgen (W,17));
232 SHA2STEP32 (g, h, a, b, c, d, e, f, UINT32_C (0x0fc19dc6), W[18 & 0xf] = \
233 Wgen (W,18));
234 SHA2STEP32 (f, g, h, a, b, c, d, e, UINT32_C (0x240ca1cc), W[19 & 0xf] = \
235 Wgen (W,19));
236 SHA2STEP32 (e, f, g, h, a, b, c, d, UINT32_C (0x2de92c6f), W[20 & 0xf] = \
237 Wgen (W,20));
238 SHA2STEP32 (d, e, f, g, h, a, b, c, UINT32_C (0x4a7484aa), W[21 & 0xf] = \
239 Wgen (W,21));
240 SHA2STEP32 (c, d, e, f, g, h, a, b, UINT32_C (0x5cb0a9dc), W[22 & 0xf] = \
241 Wgen (W,22));
242 SHA2STEP32 (b, c, d, e, f, g, h, a, UINT32_C (0x76f988da), W[23 & 0xf] = \
243 Wgen (W,23));
244 SHA2STEP32 (a, b, c, d, e, f, g, h, UINT32_C (0x983e5152), W[24 & 0xf] = \
245 Wgen (W,24));
246 SHA2STEP32 (h, a, b, c, d, e, f, g, UINT32_C (0xa831c66d), W[25 & 0xf] = \
247 Wgen (W,25));
248 SHA2STEP32 (g, h, a, b, c, d, e, f, UINT32_C (0xb00327c8), W[26 & 0xf] = \
249 Wgen (W,26));
250 SHA2STEP32 (f, g, h, a, b, c, d, e, UINT32_C (0xbf597fc7), W[27 & 0xf] = \
251 Wgen (W,27));
252 SHA2STEP32 (e, f, g, h, a, b, c, d, UINT32_C (0xc6e00bf3), W[28 & 0xf] = \
253 Wgen (W,28));
254 SHA2STEP32 (d, e, f, g, h, a, b, c, UINT32_C (0xd5a79147), W[29 & 0xf] = \
255 Wgen (W,29));
256 SHA2STEP32 (c, d, e, f, g, h, a, b, UINT32_C (0x06ca6351), W[30 & 0xf] = \
257 Wgen (W,30));
258 SHA2STEP32 (b, c, d, e, f, g, h, a, UINT32_C (0x14292967), W[31 & 0xf] = \
259 Wgen (W,31));
260 SHA2STEP32 (a, b, c, d, e, f, g, h, UINT32_C (0x27b70a85), W[32 & 0xf] = \
261 Wgen (W,32));
262 SHA2STEP32 (h, a, b, c, d, e, f, g, UINT32_C (0x2e1b2138), W[33 & 0xf] = \
263 Wgen (W,33));
264 SHA2STEP32 (g, h, a, b, c, d, e, f, UINT32_C (0x4d2c6dfc), W[34 & 0xf] = \
265 Wgen (W,34));
266 SHA2STEP32 (f, g, h, a, b, c, d, e, UINT32_C (0x53380d13), W[35 & 0xf] = \
267 Wgen (W,35));
268 SHA2STEP32 (e, f, g, h, a, b, c, d, UINT32_C (0x650a7354), W[36 & 0xf] = \
269 Wgen (W,36));
270 SHA2STEP32 (d, e, f, g, h, a, b, c, UINT32_C (0x766a0abb), W[37 & 0xf] = \
271 Wgen (W,37));
272 SHA2STEP32 (c, d, e, f, g, h, a, b, UINT32_C (0x81c2c92e), W[38 & 0xf] = \
273 Wgen (W,38));
274 SHA2STEP32 (b, c, d, e, f, g, h, a, UINT32_C (0x92722c85), W[39 & 0xf] = \
275 Wgen (W,39));
276 SHA2STEP32 (a, b, c, d, e, f, g, h, UINT32_C (0xa2bfe8a1), W[40 & 0xf] = \
277 Wgen (W,40));
278 SHA2STEP32 (h, a, b, c, d, e, f, g, UINT32_C (0xa81a664b), W[41 & 0xf] = \
279 Wgen (W,41));
280 SHA2STEP32 (g, h, a, b, c, d, e, f, UINT32_C (0xc24b8b70), W[42 & 0xf] = \
281 Wgen (W,42));
282 SHA2STEP32 (f, g, h, a, b, c, d, e, UINT32_C (0xc76c51a3), W[43 & 0xf] = \
283 Wgen (W,43));
284 SHA2STEP32 (e, f, g, h, a, b, c, d, UINT32_C (0xd192e819), W[44 & 0xf] = \
285 Wgen (W,44));
286 SHA2STEP32 (d, e, f, g, h, a, b, c, UINT32_C (0xd6990624), W[45 & 0xf] = \
287 Wgen (W,45));
288 SHA2STEP32 (c, d, e, f, g, h, a, b, UINT32_C (0xf40e3585), W[46 & 0xf] = \
289 Wgen (W,46));
290 SHA2STEP32 (b, c, d, e, f, g, h, a, UINT32_C (0x106aa070), W[47 & 0xf] = \
291 Wgen (W,47));
292 SHA2STEP32 (a, b, c, d, e, f, g, h, UINT32_C (0x19a4c116), W[48 & 0xf] = \
293 Wgen (W,48));
294 SHA2STEP32 (h, a, b, c, d, e, f, g, UINT32_C (0x1e376c08), W[49 & 0xf] = \
295 Wgen (W,49));
296 SHA2STEP32 (g, h, a, b, c, d, e, f, UINT32_C (0x2748774c), W[50 & 0xf] = \
297 Wgen (W,50));
298 SHA2STEP32 (f, g, h, a, b, c, d, e, UINT32_C (0x34b0bcb5), W[51 & 0xf] = \
299 Wgen (W,51));
300 SHA2STEP32 (e, f, g, h, a, b, c, d, UINT32_C (0x391c0cb3), W[52 & 0xf] = \
301 Wgen (W,52));
302 SHA2STEP32 (d, e, f, g, h, a, b, c, UINT32_C (0x4ed8aa4a), W[53 & 0xf] = \
303 Wgen (W,53));
304 SHA2STEP32 (c, d, e, f, g, h, a, b, UINT32_C (0x5b9cca4f), W[54 & 0xf] = \
305 Wgen (W,54));
306 SHA2STEP32 (b, c, d, e, f, g, h, a, UINT32_C (0x682e6ff3), W[55 & 0xf] = \
307 Wgen (W,55));
308 SHA2STEP32 (a, b, c, d, e, f, g, h, UINT32_C (0x748f82ee), W[56 & 0xf] = \
309 Wgen (W,56));
310 SHA2STEP32 (h, a, b, c, d, e, f, g, UINT32_C (0x78a5636f), W[57 & 0xf] = \
311 Wgen (W,57));
312 SHA2STEP32 (g, h, a, b, c, d, e, f, UINT32_C (0x84c87814), W[58 & 0xf] = \
313 Wgen (W,58));
314 SHA2STEP32 (f, g, h, a, b, c, d, e, UINT32_C (0x8cc70208), W[59 & 0xf] = \
315 Wgen (W,59));
316 SHA2STEP32 (e, f, g, h, a, b, c, d, UINT32_C (0x90befffa), W[60 & 0xf] = \
317 Wgen (W,60));
318 SHA2STEP32 (d, e, f, g, h, a, b, c, UINT32_C (0xa4506ceb), W[61 & 0xf] = \
319 Wgen (W,61));
320 SHA2STEP32 (c, d, e, f, g, h, a, b, UINT32_C (0xbef9a3f7), W[62 & 0xf] = \
321 Wgen (W,62));
322 SHA2STEP32 (b, c, d, e, f, g, h, a, UINT32_C (0xc67178f2), W[63 & 0xf] = \
323 Wgen (W,63));
324#else /* ! MHD_FAVOR_SMALL_CODE */
325 if (1)
326 {
327 unsigned int t;
328 /* K constants array.
329 See FIPS PUB 180-4 paragraph 4.2.2 for K values. */
330 static const uint32_t K[80] =
331 { UINT32_C (0x428a2f98), UINT32_C (0x71374491), UINT32_C (0xb5c0fbcf),
332 UINT32_C (0xe9b5dba5), UINT32_C (0x3956c25b), UINT32_C (0x59f111f1),
333 UINT32_C (0x923f82a4), UINT32_C (0xab1c5ed5), UINT32_C (0xd807aa98),
334 UINT32_C (0x12835b01), UINT32_C (0x243185be), UINT32_C (0x550c7dc3),
335 UINT32_C (0x72be5d74), UINT32_C (0x80deb1fe), UINT32_C (0x9bdc06a7),
336 UINT32_C (0xc19bf174), UINT32_C (0xe49b69c1), UINT32_C (0xefbe4786),
337 UINT32_C (0x0fc19dc6), UINT32_C (0x240ca1cc), UINT32_C (0x2de92c6f),
338 UINT32_C (0x4a7484aa), UINT32_C (0x5cb0a9dc), UINT32_C (0x76f988da),
339 UINT32_C (0x983e5152), UINT32_C (0xa831c66d), UINT32_C (0xb00327c8),
340 UINT32_C (0xbf597fc7), UINT32_C (0xc6e00bf3), UINT32_C (0xd5a79147),
341 UINT32_C (0x06ca6351), UINT32_C (0x14292967), UINT32_C (0x27b70a85),
342 UINT32_C (0x2e1b2138), UINT32_C (0x4d2c6dfc), UINT32_C (0x53380d13),
343 UINT32_C (0x650a7354), UINT32_C (0x766a0abb), UINT32_C (0x81c2c92e),
344 UINT32_C (0x92722c85), UINT32_C (0xa2bfe8a1), UINT32_C (0xa81a664b),
345 UINT32_C (0xc24b8b70), UINT32_C (0xc76c51a3), UINT32_C (0xd192e819),
346 UINT32_C (0xd6990624), UINT32_C (0xf40e3585), UINT32_C (0x106aa070),
347 UINT32_C (0x19a4c116), UINT32_C (0x1e376c08), UINT32_C (0x2748774c),
348 UINT32_C (0x34b0bcb5), UINT32_C (0x391c0cb3), UINT32_C (0x4ed8aa4a),
349 UINT32_C (0x5b9cca4f), UINT32_C (0x682e6ff3), UINT32_C (0x748f82ee),
350 UINT32_C (0x78a5636f), UINT32_C (0x84c87814), UINT32_C (0x8cc70208),
351 UINT32_C (0x90befffa), UINT32_C (0xa4506ceb), UINT32_C (0xbef9a3f7),
352 UINT32_C (0xc67178f2) };
353 /* One step of SHA-256 computation with working variables rotation,
354 see FIPS PUB 180-4 paragraph 6.2.2 step 3.
355 * Note: this version of macro reassign all working variable on
356 each step. */
357#define SHA2STEP32RV(vA,vB,vC,vD,vE,vF,vG,vH,kt,wt) do { \
358 uint32_t tmp_h_ = (vH); \
359 SHA2STEP32((vA),(vB),(vC),(vD),(vE),(vF),(vG),tmp_h_,(kt),(wt)); \
360 (vH) = (vG); \
361 (vG) = (vF); \
362 (vF) = (vE); \
363 (vE) = (vD); \
364 (vD) = (vC); \
365 (vC) = (vB); \
366 (vB) = (vA); \
367 (vA) = tmp_h_; } while (0)
368
369 /* During first 16 steps, before making any calculations on each step,
370 the W element is read from input data buffer as big-endian value and
371 stored in array of W elements. */
372 for (t = 0; t < 16; ++t)
373 {
374 SHA2STEP32RV (a, b, c, d, e, f, g, h, K[t], \
375 W[t] = GET_W_FROM_DATA (data, t));
376 }
377
378 /* During last 48 steps, before making any calculations on each step,
379 current W element is generated from other W elements of the cyclic buffer
380 and the generated value is stored back in the cyclic buffer. */
381 for (t = 16; t < 64; ++t)
382 {
383 SHA2STEP32RV (a, b, c, d, e, f, g, h, K[t], W[t & 15] = Wgen (W,t));
384 }
385 }
386#endif /* ! MHD_FAVOR_SMALL_CODE */
387
388
389 /* Compute intermediate hash.
390 See FIPS PUB 180-4 paragraph 6.2.2 step 4. */
391 H[0] += a;
392 H[1] += b;
393 H[2] += c;
394 H[3] += d;
395 H[4] += e;
396 H[5] += f;
397 H[6] += g;
398 H[7] += h;
399}
400
401
409void
411 const uint8_t *data,
412 size_t length)
413{
414 unsigned bytes_have;
416 mhd_assert ((data != NULL) || (length == 0));
417
418#ifndef MHD_FAVOR_SMALL_CODE
419 if (0 == length)
420 return; /* Shortcut, do nothing */
421#endif /* MHD_FAVOR_SMALL_CODE */
422
423 /* Note: (count & (SHA256_BLOCK_SIZE-1))
424 equals (count % SHA256_BLOCK_SIZE) for this block size. */
425 bytes_have = (unsigned) (ctx->count & (SHA256_BLOCK_SIZE - 1));
426 ctx->count += length;
427
428 if (0 != bytes_have)
429 {
431 if (length >= bytes_left)
432 { /* Combine new data with data in the buffer and
433 process full block. */
434 memcpy (((uint8_t *) ctx->buffer) + bytes_have,
435 data,
436 bytes_left);
437 data += bytes_left;
439 sha256_transform (ctx->H, ctx->buffer);
440 bytes_have = 0;
441 }
442 }
443
444 while (SHA256_BLOCK_SIZE <= length)
445 { /* Process any full blocks of new data directly,
446 without copying to the buffer. */
447 sha256_transform (ctx->H, data);
450 }
451
452 if (0 != length)
453 { /* Copy incomplete block of new data (if any)
454 to the buffer. */
455 memcpy (((uint8_t *) ctx->buffer) + bytes_have, data, length);
456 }
457}
458
459
464#define SHA256_SIZE_OF_LEN_ADD (64 / 8)
465
472void
475{
477 unsigned bytes_have;
479 num_bits = ctx->count << 3;
480 /* Note: (count & (SHA256_BLOCK_SIZE-1))
481 equal (count % SHA256_BLOCK_SIZE) for this block size. */
482 bytes_have = (unsigned) (ctx->count & (SHA256_BLOCK_SIZE - 1));
483
484 /* Input data must be padded with a single bit "1", then with zeros and
485 the finally the length of data in bits must be added as the final bytes
486 of the last block.
487 See FIPS PUB 180-4 paragraph 5.1.1. */
488
489 /* Data is always processed in form of bytes (not by individual bits),
490 therefore position of first padding bit in byte is always
491 predefined (0x80). */
492 /* Buffer always have space at least for one byte (as full buffers are
493 processed immediately). */
494 ((uint8_t *) ctx->buffer)[bytes_have++] = 0x80;
495
497 { /* No space in current block to put total length of message.
498 Pad current block with zeros and process it. */
500 memset (((uint8_t *) ctx->buffer) + bytes_have, 0,
502 /* Process full block. */
503 sha256_transform (ctx->H, ctx->buffer);
504 /* Start new block. */
505 bytes_have = 0;
506 }
507
508 /* Pad the rest of the buffer with zeros. */
509 memset (((uint8_t *) ctx->buffer) + bytes_have, 0,
511 /* Put the number of bits in processed message as big-endian value. */
513 /* Process full final block. */
514 sha256_transform (ctx->H, ctx->buffer);
515
516 /* Put final hash/digest in BE mode */
517#ifndef _MHD_PUT_32BIT_BE_UNALIGNED
518 if (1
520 && (0 != ((uintptr_t) digest) % _MHD_UINT32_ALIGN)
521#endif /* MHD_FAVOR_SMALL_CODE */
522 )
523 {
524 /* If storing of the final result requires aligned address and
525 the destination address is not aligned or compact code is used,
526 store the final digest in aligned temporary buffer first, then
527 copy it to the destination. */
529 _MHD_PUT_32BIT_BE (alig_dgst + 0, ctx->H[0]);
530 _MHD_PUT_32BIT_BE (alig_dgst + 1, ctx->H[1]);
531 _MHD_PUT_32BIT_BE (alig_dgst + 2, ctx->H[2]);
532 _MHD_PUT_32BIT_BE (alig_dgst + 3, ctx->H[3]);
533 _MHD_PUT_32BIT_BE (alig_dgst + 4, ctx->H[4]);
534 _MHD_PUT_32BIT_BE (alig_dgst + 5, ctx->H[5]);
535 _MHD_PUT_32BIT_BE (alig_dgst + 6, ctx->H[6]);
536 _MHD_PUT_32BIT_BE (alig_dgst + 7, ctx->H[7]);
537 /* Copy result to unaligned destination address */
539 }
540#ifndef MHD_FAVOR_SMALL_CODE
541 else /* Combined with the next 'if' */
542#endif /* MHD_FAVOR_SMALL_CODE */
543#endif /* ! _MHD_PUT_32BIT_BE_UNALIGNED */
544#if ! defined(MHD_FAVOR_SMALL_CODE) || defined(_MHD_PUT_32BIT_BE_UNALIGNED)
545 if (1)
546 {
547 /* Use cast to (void*) here to mute compiler alignment warnings.
548 * Compilers are not smart enough to see that alignment has been checked. */
549 _MHD_PUT_32BIT_BE ((void *) (digest + 0 * SHA256_BYTES_IN_WORD), ctx->H[0]);
550 _MHD_PUT_32BIT_BE ((void *) (digest + 1 * SHA256_BYTES_IN_WORD), ctx->H[1]);
551 _MHD_PUT_32BIT_BE ((void *) (digest + 2 * SHA256_BYTES_IN_WORD), ctx->H[2]);
552 _MHD_PUT_32BIT_BE ((void *) (digest + 3 * SHA256_BYTES_IN_WORD), ctx->H[3]);
553 _MHD_PUT_32BIT_BE ((void *) (digest + 4 * SHA256_BYTES_IN_WORD), ctx->H[4]);
554 _MHD_PUT_32BIT_BE ((void *) (digest + 5 * SHA256_BYTES_IN_WORD), ctx->H[5]);
555 _MHD_PUT_32BIT_BE ((void *) (digest + 6 * SHA256_BYTES_IN_WORD), ctx->H[6]);
556 _MHD_PUT_32BIT_BE ((void *) (digest + 7 * SHA256_BYTES_IN_WORD), ctx->H[7]);
557 }
558#endif /* ! MHD_FAVOR_SMALL_CODE || _MHD_PUT_32BIT_BE_UNALIGNED */
559
560 /* Erase potentially sensitive data. */
561 memset (ctx, 0, sizeof(struct Sha256Ctx));
562}
563
564
#define MHD_HTTP_OK
Definition microhttpd.h:344
#define mhd_assert(CHK)
Definition mhd_assert.h:39
#define NULL
#define _MHD_UINT32_ALIGN
Definition mhd_align.h:85
macros for bits manipulations
_MHD_static_inline void _MHD_PUT_64BIT_BE_SAFE(void *dst, uint64_t value)
#define _MHD_PUT_32BIT_BE(addr, value32)
#define MHD_DATA_TRUNCATION_RUNTIME_CHECK_DISABLE_
#define MHD_DATA_TRUNCATION_RUNTIME_CHECK_RESTORE_
macros for mhd_assert()
void * data
#define Wgen(w, t)
#define SHA256_SIZE_OF_LEN_ADD
Definition sha256.c:464
void MHD_SHA256_update(struct Sha256Ctx *ctx, const uint8_t *data, size_t length)
Definition sha256.c:410
void MHD_SHA256_init(struct Sha256Ctx *ctx)
Definition sha256.c:41
void MHD_SHA256_finish(struct Sha256Ctx *ctx, uint8_t digest[SHA256_DIGEST_SIZE])
Definition sha256.c:473
static MHD_DATA_TRUNCATION_RUNTIME_CHECK_DISABLE_ void sha256_transform(uint32_t H[SHA256_DIGEST_SIZE_WORDS], const void *data)
Definition sha256.c:70
#define SHA2STEP32(vA, vB, vC, vD, vE, vF, vG, vH, kt, wt)
#define GET_W_FROM_DATA(buf, t)
Calculation of SHA-256 digest.
#define SHA256_BYTES_IN_WORD
Definition sha256.h:50
#define SHA256_DIGEST_SIZE_WORDS
Definition sha256.h:39
#define SHA256_DIGEST_SIZE
Definition sha256.h:55
#define SHA256_BLOCK_SIZE
Definition sha256.h:70
#define SHA256_BLOCK_SIZE_WORDS
Definition sha256.h:75
uint32_t H[SHA256_DIGEST_SIZE_WORDS]
Definition sha256.h:80
uint64_t count
Definition sha256.h:82
uint32_t buffer[SHA256_BLOCK_SIZE_WORDS]
Definition sha256.h:81