LCOV - code coverage report
Current view: top level - cipher - sha256.c (source / functions) Hit Total Coverage
Test: coverage.info Lines: 205 224 91.5 %
Date: 2017-03-02 16:44:37 Functions: 9 9 100.0 %

          Line data    Source code
       1             : /* sha256.c - SHA256 hash function
       2             :  * Copyright (C) 2003, 2006, 2008, 2009 Free Software Foundation, Inc.
       3             :  *
       4             :  * This file is part of Libgcrypt.
       5             :  *
       6             :  * Libgcrypt is free software; you can redistribute it and/or modify
       7             :  * it under the terms of the GNU Lesser General Public License as
       8             :  * published by the Free Software Foundation; either version 2.1 of
       9             :  * the License, or (at your option) any later version.
      10             :  *
      11             :  * Libgcrypt is distributed in the hope that it will be useful,
      12             :  * but WITHOUT ANY WARRANTY; without even the implied warranty of
      13             :  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      14             :  * GNU Lesser General Public License for more details.
      15             :  *
      16             :  * You should have received a copy of the GNU Lesser General Public
      17             :  * License along with this program; if not, see <http://www.gnu.org/licenses/>.
      18             :  */
      19             : 
      20             : 
      21             : /*  Test vectors:
      22             : 
      23             :     "abc"
      24             :     SHA224: 23097d22 3405d822 8642a477 bda255b3 2aadbce4 bda0b3f7 e36c9da7
      25             :     SHA256: ba7816bf 8f01cfea 414140de 5dae2223 b00361a3 96177a9c b410ff61 f20015ad
      26             : 
      27             :     "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
      28             :     SHA224: 75388b16 512776cc 5dba5da1 fd890150 b0c6455c b4f58b19 52522525
      29             :     SHA256: 248d6a61 d20638b8 e5c02693 0c3e6039 a33ce459 64ff2167 f6ecedd4 19db06c1
      30             : 
      31             :     "a" one million times
      32             :     SHA224: 20794655 980c91d8 bbb4c1ea 97618a4b f03f4258 1948b2ee 4ee7ad67
      33             :     SHA256: cdc76e5c 9914fb92 81a1c7e2 84d73e67 f1809a48 a497200e 046d39cc c7112cd0
      34             : 
      35             :  */
      36             : 
      37             : 
      38             : #include <config.h>
      39             : #include <stdio.h>
      40             : #include <stdlib.h>
      41             : #include <string.h>
      42             : 
      43             : #include "g10lib.h"
      44             : #include "bithelp.h"
      45             : #include "bufhelp.h"
      46             : #include "cipher.h"
      47             : #include "hash-common.h"
      48             : 
      49             : 
      50             : /* USE_SSSE3 indicates whether to compile with Intel SSSE3 code. */
      51             : #undef USE_SSSE3
      52             : #if defined(__x86_64__) && defined(HAVE_GCC_INLINE_ASM_SSSE3) && \
      53             :     defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) && \
      54             :     (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \
      55             :      defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS))
      56             : # define USE_SSSE3 1
      57             : #endif
      58             : 
      59             : /* USE_AVX indicates whether to compile with Intel AVX code. */
      60             : #undef USE_AVX
      61             : #if defined(__x86_64__) && defined(HAVE_GCC_INLINE_ASM_AVX) && \
      62             :     defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) && \
      63             :     (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \
      64             :      defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS))
      65             : # define USE_AVX 1
      66             : #endif
      67             : 
      68             : /* USE_AVX2 indicates whether to compile with Intel AVX2/BMI2 code. */
      69             : #undef USE_AVX2
      70             : #if defined(__x86_64__) && defined(HAVE_GCC_INLINE_ASM_AVX2) && \
      71             :     defined(HAVE_GCC_INLINE_ASM_BMI2) && \
      72             :     defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) && \
      73             :     (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \
      74             :      defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS))
      75             : # define USE_AVX2 1
      76             : #endif
      77             : 
      78             : /* USE_ARM_CE indicates whether to enable ARMv8 Crypto Extension assembly
      79             :  * code. */
      80             : #undef USE_ARM_CE
      81             : #ifdef ENABLE_ARM_CRYPTO_SUPPORT
      82             : # if defined(HAVE_ARM_ARCH_V6) && defined(__ARMEL__) \
      83             :      && defined(HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS) \
      84             :      && defined(HAVE_GCC_INLINE_ASM_AARCH32_CRYPTO)
      85             : #  define USE_ARM_CE 1
      86             : # elif defined(__AARCH64EL__) \
      87             :        && defined(HAVE_COMPATIBLE_GCC_AARCH64_PLATFORM_AS) \
      88             :        && defined(HAVE_GCC_INLINE_ASM_AARCH64_CRYPTO)
      89             : #  define USE_ARM_CE 1
      90             : # endif
      91             : #endif
      92             : 
      93             : 
      94             : typedef struct {
      95             :   gcry_md_block_ctx_t bctx;
      96             :   u32  h0,h1,h2,h3,h4,h5,h6,h7;
      97             : #ifdef USE_SSSE3
      98             :   unsigned int use_ssse3:1;
      99             : #endif
     100             : #ifdef USE_AVX
     101             :   unsigned int use_avx:1;
     102             : #endif
     103             : #ifdef USE_AVX2
     104             :   unsigned int use_avx2:1;
     105             : #endif
     106             : #ifdef USE_ARM_CE
     107             :   unsigned int use_arm_ce:1;
     108             : #endif
     109             : } SHA256_CONTEXT;
     110             : 
     111             : 
     112             : static unsigned int
     113             : transform (void *c, const unsigned char *data, size_t nblks);
     114             : 
     115             : 
     116             : static void
     117        2682 : sha256_init (void *context, unsigned int flags)
     118             : {
     119        2682 :   SHA256_CONTEXT *hd = context;
     120        2682 :   unsigned int features = _gcry_get_hw_features ();
     121             : 
     122             :   (void)flags;
     123             : 
     124        2682 :   hd->h0 = 0x6a09e667;
     125        2682 :   hd->h1 = 0xbb67ae85;
     126        2682 :   hd->h2 = 0x3c6ef372;
     127        2682 :   hd->h3 = 0xa54ff53a;
     128        2682 :   hd->h4 = 0x510e527f;
     129        2682 :   hd->h5 = 0x9b05688c;
     130        2682 :   hd->h6 = 0x1f83d9ab;
     131        2682 :   hd->h7 = 0x5be0cd19;
     132             : 
     133        2682 :   hd->bctx.nblocks = 0;
     134        2682 :   hd->bctx.nblocks_high = 0;
     135        2682 :   hd->bctx.count = 0;
     136        2682 :   hd->bctx.blocksize = 64;
     137        2682 :   hd->bctx.bwrite = transform;
     138             : 
     139             : #ifdef USE_SSSE3
     140        2682 :   hd->use_ssse3 = (features & HWF_INTEL_SSSE3) != 0;
     141             : #endif
     142             : #ifdef USE_AVX
     143             :   /* AVX implementation uses SHLD which is known to be slow on non-Intel CPUs.
     144             :    * Therefore use this implementation on Intel CPUs only. */
     145        2682 :   hd->use_avx = (features & HWF_INTEL_AVX) && (features & HWF_INTEL_FAST_SHLD);
     146             : #endif
     147             : #ifdef USE_AVX2
     148        2682 :   hd->use_avx2 = (features & HWF_INTEL_AVX2) && (features & HWF_INTEL_BMI2);
     149             : #endif
     150             : #ifdef USE_ARM_CE
     151             :   hd->use_arm_ce = (features & HWF_ARM_SHA2) != 0;
     152             : #endif
     153             :   (void)features;
     154        2682 : }
     155             : 
     156             : 
     157             : static void
     158       38432 : sha224_init (void *context, unsigned int flags)
     159             : {
     160       38432 :   SHA256_CONTEXT *hd = context;
     161       38432 :   unsigned int features = _gcry_get_hw_features ();
     162             : 
     163             :   (void)flags;
     164             : 
     165       38432 :   hd->h0 = 0xc1059ed8;
     166       38432 :   hd->h1 = 0x367cd507;
     167       38432 :   hd->h2 = 0x3070dd17;
     168       38432 :   hd->h3 = 0xf70e5939;
     169       38432 :   hd->h4 = 0xffc00b31;
     170       38432 :   hd->h5 = 0x68581511;
     171       38432 :   hd->h6 = 0x64f98fa7;
     172       38432 :   hd->h7 = 0xbefa4fa4;
     173             : 
     174       38432 :   hd->bctx.nblocks = 0;
     175       38432 :   hd->bctx.nblocks_high = 0;
     176       38432 :   hd->bctx.count = 0;
     177       38432 :   hd->bctx.blocksize = 64;
     178       38432 :   hd->bctx.bwrite = transform;
     179             : 
     180             : #ifdef USE_SSSE3
     181       38432 :   hd->use_ssse3 = (features & HWF_INTEL_SSSE3) != 0;
     182             : #endif
     183             : #ifdef USE_AVX
     184             :   /* AVX implementation uses SHLD which is known to be slow on non-Intel CPUs.
     185             :    * Therefore use this implementation on Intel CPUs only. */
     186       38432 :   hd->use_avx = (features & HWF_INTEL_AVX) && (features & HWF_INTEL_FAST_SHLD);
     187             : #endif
     188             : #ifdef USE_AVX2
     189       38432 :   hd->use_avx2 = (features & HWF_INTEL_AVX2) && (features & HWF_INTEL_BMI2);
     190             : #endif
     191             : #ifdef USE_ARM_CE
     192             :   hd->use_arm_ce = (features & HWF_ARM_SHA2) != 0;
     193             : #endif
     194             :   (void)features;
     195       38432 : }
     196             : 
     197             : 
     198             : /*
     199             :   Transform the message X which consists of 16 32-bit-words. See FIPS
     200             :   180-2 for details.  */
     201             : #define R(a,b,c,d,e,f,g,h,k,w) do                                 \
     202             :           {                                                       \
     203             :             t1 = (h) + Sum1((e)) + Cho((e),(f),(g)) + (k) + (w);  \
     204             :             t2 = Sum0((a)) + Maj((a),(b),(c));                    \
     205             :             d += t1;                                              \
     206             :             h  = t1 + t2;                                         \
     207             :           } while (0)
     208             : 
     209             : /* (4.2) same as SHA-1's F1.  */
     210             : #define Cho(x, y, z)  (z ^ (x & (y ^ z)))
     211             : 
     212             : /* (4.3) same as SHA-1's F3 */
     213             : #define Maj(x, y, z)  ((x & y) + (z & (x ^ y)))
     214             : 
     215             : /* (4.4) */
     216             : #define Sum0(x)       (ror (x, 2) ^ ror (x, 13) ^ ror (x, 22))
     217             : 
     218             : /* (4.5) */
     219             : #define Sum1(x)       (ror (x, 6) ^ ror (x, 11) ^ ror (x, 25))
     220             : 
     221             : /* Message expansion */
     222             : #define S0(x) (ror ((x), 7) ^ ror ((x), 18) ^ ((x) >> 3))       /* (4.6) */
     223             : #define S1(x) (ror ((x), 17) ^ ror ((x), 19) ^ ((x) >> 10))     /* (4.7) */
     224             : #define I(i) ( w[i] = buf_get_be32(data + i * 4) )
     225             : #define W(i) ( w[i&0x0f] =    S1(w[(i-2) &0x0f]) \
     226             :                             +    w[(i-7) &0x0f]  \
     227             :                             + S0(w[(i-15)&0x0f]) \
     228             :                             +    w[(i-16)&0x0f] )
     229             : 
     230             : static unsigned int
     231      125364 : transform_blk (void *ctx, const unsigned char *data)
     232             : {
     233      125364 :   SHA256_CONTEXT *hd = ctx;
     234             :   static const u32 K[64] = {
     235             :     0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
     236             :     0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
     237             :     0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
     238             :     0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
     239             :     0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
     240             :     0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
     241             :     0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
     242             :     0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
     243             :     0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
     244             :     0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
     245             :     0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
     246             :     0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
     247             :     0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
     248             :     0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
     249             :     0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
     250             :     0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
     251             :   };
     252             : 
     253             :   u32 a,b,c,d,e,f,g,h,t1,t2;
     254             :   u32 w[16];
     255             : 
     256      125364 :   a = hd->h0;
     257      125364 :   b = hd->h1;
     258      125364 :   c = hd->h2;
     259      125364 :   d = hd->h3;
     260      125364 :   e = hd->h4;
     261      125364 :   f = hd->h5;
     262      125364 :   g = hd->h6;
     263      125364 :   h = hd->h7;
     264             : 
     265      125364 :   R(a, b, c, d, e, f, g, h, K[0], I(0));
     266      125364 :   R(h, a, b, c, d, e, f, g, K[1], I(1));
     267      125364 :   R(g, h, a, b, c, d, e, f, K[2], I(2));
     268      125364 :   R(f, g, h, a, b, c, d, e, K[3], I(3));
     269      125364 :   R(e, f, g, h, a, b, c, d, K[4], I(4));
     270      125364 :   R(d, e, f, g, h, a, b, c, K[5], I(5));
     271      125364 :   R(c, d, e, f, g, h, a, b, K[6], I(6));
     272      125364 :   R(b, c, d, e, f, g, h, a, K[7], I(7));
     273      125364 :   R(a, b, c, d, e, f, g, h, K[8], I(8));
     274      125364 :   R(h, a, b, c, d, e, f, g, K[9], I(9));
     275      125364 :   R(g, h, a, b, c, d, e, f, K[10], I(10));
     276      125364 :   R(f, g, h, a, b, c, d, e, K[11], I(11));
     277      125364 :   R(e, f, g, h, a, b, c, d, K[12], I(12));
     278      125364 :   R(d, e, f, g, h, a, b, c, K[13], I(13));
     279      125364 :   R(c, d, e, f, g, h, a, b, K[14], I(14));
     280      125364 :   R(b, c, d, e, f, g, h, a, K[15], I(15));
     281             : 
     282      125364 :   R(a, b, c, d, e, f, g, h, K[16], W(16));
     283      125364 :   R(h, a, b, c, d, e, f, g, K[17], W(17));
     284      125364 :   R(g, h, a, b, c, d, e, f, K[18], W(18));
     285      125364 :   R(f, g, h, a, b, c, d, e, K[19], W(19));
     286      125364 :   R(e, f, g, h, a, b, c, d, K[20], W(20));
     287      125364 :   R(d, e, f, g, h, a, b, c, K[21], W(21));
     288      125364 :   R(c, d, e, f, g, h, a, b, K[22], W(22));
     289      125364 :   R(b, c, d, e, f, g, h, a, K[23], W(23));
     290      125364 :   R(a, b, c, d, e, f, g, h, K[24], W(24));
     291      125364 :   R(h, a, b, c, d, e, f, g, K[25], W(25));
     292      125364 :   R(g, h, a, b, c, d, e, f, K[26], W(26));
     293      125364 :   R(f, g, h, a, b, c, d, e, K[27], W(27));
     294      125364 :   R(e, f, g, h, a, b, c, d, K[28], W(28));
     295      125364 :   R(d, e, f, g, h, a, b, c, K[29], W(29));
     296      125364 :   R(c, d, e, f, g, h, a, b, K[30], W(30));
     297      125364 :   R(b, c, d, e, f, g, h, a, K[31], W(31));
     298             : 
     299      125364 :   R(a, b, c, d, e, f, g, h, K[32], W(32));
     300      125364 :   R(h, a, b, c, d, e, f, g, K[33], W(33));
     301      125364 :   R(g, h, a, b, c, d, e, f, K[34], W(34));
     302      125364 :   R(f, g, h, a, b, c, d, e, K[35], W(35));
     303      125364 :   R(e, f, g, h, a, b, c, d, K[36], W(36));
     304      125364 :   R(d, e, f, g, h, a, b, c, K[37], W(37));
     305      125364 :   R(c, d, e, f, g, h, a, b, K[38], W(38));
     306      125364 :   R(b, c, d, e, f, g, h, a, K[39], W(39));
     307      125364 :   R(a, b, c, d, e, f, g, h, K[40], W(40));
     308      125364 :   R(h, a, b, c, d, e, f, g, K[41], W(41));
     309      125364 :   R(g, h, a, b, c, d, e, f, K[42], W(42));
     310      125364 :   R(f, g, h, a, b, c, d, e, K[43], W(43));
     311      125364 :   R(e, f, g, h, a, b, c, d, K[44], W(44));
     312      125364 :   R(d, e, f, g, h, a, b, c, K[45], W(45));
     313      125364 :   R(c, d, e, f, g, h, a, b, K[46], W(46));
     314      125364 :   R(b, c, d, e, f, g, h, a, K[47], W(47));
     315             : 
     316      125364 :   R(a, b, c, d, e, f, g, h, K[48], W(48));
     317      125364 :   R(h, a, b, c, d, e, f, g, K[49], W(49));
     318      125364 :   R(g, h, a, b, c, d, e, f, K[50], W(50));
     319      125364 :   R(f, g, h, a, b, c, d, e, K[51], W(51));
     320      125364 :   R(e, f, g, h, a, b, c, d, K[52], W(52));
     321      125364 :   R(d, e, f, g, h, a, b, c, K[53], W(53));
     322      125364 :   R(c, d, e, f, g, h, a, b, K[54], W(54));
     323      125364 :   R(b, c, d, e, f, g, h, a, K[55], W(55));
     324      125364 :   R(a, b, c, d, e, f, g, h, K[56], W(56));
     325      125364 :   R(h, a, b, c, d, e, f, g, K[57], W(57));
     326      125364 :   R(g, h, a, b, c, d, e, f, K[58], W(58));
     327      125364 :   R(f, g, h, a, b, c, d, e, K[59], W(59));
     328      125364 :   R(e, f, g, h, a, b, c, d, K[60], W(60));
     329      125364 :   R(d, e, f, g, h, a, b, c, K[61], W(61));
     330      125364 :   R(c, d, e, f, g, h, a, b, K[62], W(62));
     331      125364 :   R(b, c, d, e, f, g, h, a, K[63], W(63));
     332             : 
     333      125364 :   hd->h0 += a;
     334      125364 :   hd->h1 += b;
     335      125364 :   hd->h2 += c;
     336      125364 :   hd->h3 += d;
     337      125364 :   hd->h4 += e;
     338      125364 :   hd->h5 += f;
     339      125364 :   hd->h6 += g;
     340      125364 :   hd->h7 += h;
     341             : 
     342      125364 :   return /*burn_stack*/ 26*4+32;
     343             : }
     344             : #undef S0
     345             : #undef S1
     346             : #undef R
     347             : 
     348             : 
     349             : /* Assembly implementations use SystemV ABI, ABI conversion and additional
     350             :  * stack to store XMM6-XMM15 needed on Win64. */
     351             : #undef ASM_FUNC_ABI
     352             : #undef ASM_EXTRA_STACK
     353             : #if defined(USE_SSSE3) || defined(USE_AVX) || defined(USE_AVX2)
     354             : # ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS
     355             : #  define ASM_FUNC_ABI __attribute__((sysv_abi))
     356             : #  define ASM_EXTRA_STACK (10 * 16)
     357             : # else
     358             : #  define ASM_FUNC_ABI
     359             : #  define ASM_EXTRA_STACK 0
     360             : # endif
     361             : #endif
     362             : 
     363             : 
     364             : #ifdef USE_SSSE3
     365             : unsigned int _gcry_sha256_transform_amd64_ssse3(const void *input_data,
     366             :                                                 u32 state[8],
     367             :                                                 size_t num_blks) ASM_FUNC_ABI;
     368             : #endif
     369             : 
     370             : #ifdef USE_AVX
     371             : unsigned int _gcry_sha256_transform_amd64_avx(const void *input_data,
     372             :                                               u32 state[8],
     373             :                                               size_t num_blks) ASM_FUNC_ABI;
     374             : #endif
     375             : 
     376             : #ifdef USE_AVX2
     377             : unsigned int _gcry_sha256_transform_amd64_avx2(const void *input_data,
     378             :                                                u32 state[8],
     379             :                                                size_t num_blks) ASM_FUNC_ABI;
     380             : #endif
     381             : 
     382             : #ifdef USE_ARM_CE
     383             : unsigned int _gcry_sha256_transform_armv8_ce(u32 state[8],
     384             :                                              const void *input_data,
     385             :                                              size_t num_blks);
     386             : #endif
     387             : 
     388             : static unsigned int
     389      278005 : transform (void *ctx, const unsigned char *data, size_t nblks)
     390             : {
     391      278005 :   SHA256_CONTEXT *hd = ctx;
     392             :   unsigned int burn;
     393             : 
     394             : #ifdef USE_AVX2
     395      278005 :   if (hd->use_avx2)
     396           0 :     return _gcry_sha256_transform_amd64_avx2 (data, &hd->h0, nblks)
     397           0 :            + 4 * sizeof(void*) + ASM_EXTRA_STACK;
     398             : #endif
     399             : 
     400             : #ifdef USE_AVX
     401      278005 :   if (hd->use_avx)
     402      250475 :     return _gcry_sha256_transform_amd64_avx (data, &hd->h0, nblks)
     403      250475 :            + 4 * sizeof(void*) + ASM_EXTRA_STACK;
     404             : #endif
     405             : 
     406             : #ifdef USE_SSSE3
     407       27530 :   if (hd->use_ssse3)
     408           0 :     return _gcry_sha256_transform_amd64_ssse3 (data, &hd->h0, nblks)
     409           0 :            + 4 * sizeof(void*) + ASM_EXTRA_STACK;
     410             : #endif
     411             : 
     412             : #ifdef USE_ARM_CE
     413             :   if (hd->use_arm_ce)
     414             :     return _gcry_sha256_transform_armv8_ce (&hd->h0, data, nblks);
     415             : #endif
     416             : 
     417             :   do
     418             :     {
     419      125364 :       burn = transform_blk (hd, data);
     420      125364 :       data += 64;
     421             :     }
     422      125364 :   while (--nblks);
     423             : 
     424             : #ifdef ASM_EXTRA_STACK
     425             :   /* 'transform_blk' is typically inlined and XMM6-XMM15 are stored at
     426             :    *  the prologue of this function. Therefore need to add ASM_EXTRA_STACK to
     427             :    *  here too.
     428             :    */
     429       27530 :   burn += ASM_EXTRA_STACK;
     430             : #endif
     431             : 
     432       27530 :   return burn;
     433             : }
     434             : 
     435             : 
     436             : /*
     437             :    The routine finally terminates the computation and returns the
     438             :    digest.  The handle is prepared for a new cycle, but adding bytes
     439             :    to the handle will the destroy the returned buffer.  Returns: 32
     440             :    bytes with the message the digest.  */
     441             : static void
     442       77709 : sha256_final(void *context)
     443             : {
     444       77709 :   SHA256_CONTEXT *hd = context;
     445             :   u32 t, th, msb, lsb;
     446             :   byte *p;
     447             :   unsigned int burn;
     448             : 
     449       77709 :   _gcry_md_block_write (hd, NULL, 0); /* flush */;
     450             : 
     451       77709 :   t = hd->bctx.nblocks;
     452             :   if (sizeof t == sizeof hd->bctx.nblocks)
     453             :     th = hd->bctx.nblocks_high;
     454             :   else
     455       77709 :     th = hd->bctx.nblocks >> 32;
     456             : 
     457             :   /* multiply by 64 to make a byte count */
     458       77709 :   lsb = t << 6;
     459       77709 :   msb = (th << 6) | (t >> 26);
     460             :   /* add the count */
     461       77709 :   t = lsb;
     462       77709 :   if ((lsb += hd->bctx.count) < t)
     463           0 :     msb++;
     464             :   /* multiply by 8 to make a bit count */
     465       77709 :   t = lsb;
     466       77709 :   lsb <<= 3;
     467       77709 :   msb <<= 3;
     468       77709 :   msb |= t >> 29;
     469             : 
     470       77709 :   if (hd->bctx.count < 56)
     471             :     { /* enough room */
     472       77691 :       hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad */
     473     2245898 :       while (hd->bctx.count < 56)
     474     2090516 :         hd->bctx.buf[hd->bctx.count++] = 0;  /* pad */
     475             :     }
     476             :   else
     477             :     { /* need one extra block */
     478          18 :       hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad character */
     479         142 :       while (hd->bctx.count < 64)
     480         106 :         hd->bctx.buf[hd->bctx.count++] = 0;
     481          18 :       _gcry_md_block_write (hd, NULL, 0);  /* flush */;
     482          18 :       memset (hd->bctx.buf, 0, 56 ); /* fill next block with zeroes */
     483             :     }
     484             :   /* append the 64 bit count */
     485       77709 :   buf_put_be32(hd->bctx.buf + 56, msb);
     486       77709 :   buf_put_be32(hd->bctx.buf + 60, lsb);
     487       77709 :   burn = transform (hd, hd->bctx.buf, 1);
     488       77709 :   _gcry_burn_stack (burn);
     489             : 
     490       77709 :   p = hd->bctx.buf;
     491             : #define X(a) do { buf_put_be32(p, hd->h##a); p += 4; } while(0)
     492       77709 :   X(0);
     493       77709 :   X(1);
     494       77709 :   X(2);
     495       77709 :   X(3);
     496       77709 :   X(4);
     497       77709 :   X(5);
     498       77709 :   X(6);
     499       77709 :   X(7);
     500             : #undef X
     501       77709 : }
     502             : 
     503             : static byte *
     504       75821 : sha256_read (void *context)
     505             : {
     506       75821 :   SHA256_CONTEXT *hd = context;
     507             : 
     508       75821 :   return hd->bctx.buf;
     509             : }
     510             : 
     511             : 
     512             : 
     513             : /*
     514             :      Self-test section.
     515             :  */
     516             : 
     517             : 
     518             : static gpg_err_code_t
     519           3 : selftests_sha224 (int extended, selftest_report_func_t report)
     520             : {
     521             :   const char *what;
     522             :   const char *errtxt;
     523             : 
     524           3 :   what = "short string";
     525           3 :   errtxt = _gcry_hash_selftest_check_one
     526             :     (GCRY_MD_SHA224, 0,
     527             :      "abc", 3,
     528             :      "\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2\x55\xb3"
     529             :      "\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7", 28);
     530           3 :   if (errtxt)
     531           0 :     goto failed;
     532             : 
     533           3 :   if (extended)
     534             :     {
     535           3 :       what = "long string";
     536           3 :       errtxt = _gcry_hash_selftest_check_one
     537             :         (GCRY_MD_SHA224, 0,
     538             :          "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56,
     539             :          "\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01\x50"
     540             :          "\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25", 28);
     541           3 :       if (errtxt)
     542           0 :         goto failed;
     543             : 
     544           3 :       what = "one million \"a\"";
     545           3 :       errtxt = _gcry_hash_selftest_check_one
     546             :         (GCRY_MD_SHA224, 1,
     547             :          NULL, 0,
     548             :          "\x20\x79\x46\x55\x98\x0c\x91\xd8\xbb\xb4\xc1\xea\x97\x61\x8a\x4b"
     549             :          "\xf0\x3f\x42\x58\x19\x48\xb2\xee\x4e\xe7\xad\x67", 28);
     550           3 :       if (errtxt)
     551           0 :         goto failed;
     552             :     }
     553             : 
     554           3 :   return 0; /* Succeeded. */
     555             : 
     556             :  failed:
     557           0 :   if (report)
     558           0 :     report ("digest", GCRY_MD_SHA224, what, errtxt);
     559           0 :   return GPG_ERR_SELFTEST_FAILED;
     560             : }
     561             : 
     562             : static gpg_err_code_t
     563           3 : selftests_sha256 (int extended, selftest_report_func_t report)
     564             : {
     565             :   const char *what;
     566             :   const char *errtxt;
     567             : 
     568           3 :   what = "short string";
     569           3 :   errtxt = _gcry_hash_selftest_check_one
     570             :     (GCRY_MD_SHA256, 0,
     571             :      "abc", 3,
     572             :      "\xba\x78\x16\xbf\x8f\x01\xcf\xea\x41\x41\x40\xde\x5d\xae\x22\x23"
     573             :      "\xb0\x03\x61\xa3\x96\x17\x7a\x9c\xb4\x10\xff\x61\xf2\x00\x15\xad", 32);
     574           3 :   if (errtxt)
     575           0 :     goto failed;
     576             : 
     577           3 :   if (extended)
     578             :     {
     579           3 :       what = "long string";
     580           3 :       errtxt = _gcry_hash_selftest_check_one
     581             :         (GCRY_MD_SHA256, 0,
     582             :          "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56,
     583             :          "\x24\x8d\x6a\x61\xd2\x06\x38\xb8\xe5\xc0\x26\x93\x0c\x3e\x60\x39"
     584             :          "\xa3\x3c\xe4\x59\x64\xff\x21\x67\xf6\xec\xed\xd4\x19\xdb\x06\xc1",
     585             :          32);
     586           3 :       if (errtxt)
     587           0 :         goto failed;
     588             : 
     589           3 :       what = "one million \"a\"";
     590           3 :       errtxt = _gcry_hash_selftest_check_one
     591             :         (GCRY_MD_SHA256, 1,
     592             :          NULL, 0,
     593             :          "\xcd\xc7\x6e\x5c\x99\x14\xfb\x92\x81\xa1\xc7\xe2\x84\xd7\x3e\x67"
     594             :          "\xf1\x80\x9a\x48\xa4\x97\x20\x0e\x04\x6d\x39\xcc\xc7\x11\x2c\xd0",
     595             :          32);
     596           3 :       if (errtxt)
     597           0 :         goto failed;
     598             :     }
     599             : 
     600           3 :   return 0; /* Succeeded. */
     601             : 
     602             :  failed:
     603           0 :   if (report)
     604           0 :     report ("digest", GCRY_MD_SHA256, what, errtxt);
     605           0 :   return GPG_ERR_SELFTEST_FAILED;
     606             : }
     607             : 
     608             : 
     609             : /* Run a full self-test for ALGO and return 0 on success.  */
     610             : static gpg_err_code_t
     611           6 : run_selftests (int algo, int extended, selftest_report_func_t report)
     612             : {
     613             :   gpg_err_code_t ec;
     614             : 
     615           6 :   switch (algo)
     616             :     {
     617             :     case GCRY_MD_SHA224:
     618           3 :       ec = selftests_sha224 (extended, report);
     619           3 :       break;
     620             :     case GCRY_MD_SHA256:
     621           3 :       ec = selftests_sha256 (extended, report);
     622           3 :       break;
     623             :     default:
     624           0 :       ec = GPG_ERR_DIGEST_ALGO;
     625           0 :       break;
     626             : 
     627             :     }
     628           6 :   return ec;
     629             : }
     630             : 
     631             : 
     632             : 
     633             : 
     634             : static byte asn224[19] = /* Object ID is 2.16.840.1.101.3.4.2.4 */
     635             :   { 0x30, 0x2D, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48,
     636             :     0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, 0x00, 0x04,
     637             :     0x1C
     638             :   };
     639             : 
     640             : static gcry_md_oid_spec_t oid_spec_sha224[] =
     641             :   {
     642             :     /* From RFC3874, Section 4 */
     643             :     { "2.16.840.1.101.3.4.2.4" },
     644             :     { NULL },
     645             :   };
     646             : 
     647             : static byte asn256[19] = /* Object ID is  2.16.840.1.101.3.4.2.1 */
     648             :   { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
     649             :     0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
     650             :     0x00, 0x04, 0x20 };
     651             : 
     652             : static gcry_md_oid_spec_t oid_spec_sha256[] =
     653             :   {
     654             :     /* According to the OpenPGP draft rfc2440-bis06 */
     655             :     { "2.16.840.1.101.3.4.2.1" },
     656             :     /* PKCS#1 sha256WithRSAEncryption */
     657             :     { "1.2.840.113549.1.1.11" },
     658             : 
     659             :     { NULL },
     660             :   };
     661             : 
     662             : gcry_md_spec_t _gcry_digest_spec_sha224 =
     663             :   {
     664             :     GCRY_MD_SHA224, {0, 1},
     665             :     "SHA224", asn224, DIM (asn224), oid_spec_sha224, 28,
     666             :     sha224_init, _gcry_md_block_write, sha256_final, sha256_read, NULL,
     667             :     sizeof (SHA256_CONTEXT),
     668             :     run_selftests
     669             :   };
     670             : 
     671             : gcry_md_spec_t _gcry_digest_spec_sha256 =
     672             :   {
     673             :     GCRY_MD_SHA256, {0, 1},
     674             :     "SHA256", asn256, DIM (asn256), oid_spec_sha256, 32,
     675             :     sha256_init, _gcry_md_block_write, sha256_final, sha256_read, NULL,
     676             :     sizeof (SHA256_CONTEXT),
     677             :     run_selftests
     678             :   };

Generated by: LCOV version 1.13