/src/botan/src/lib/hash/mdx_hash/mdx_hash.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Merkle-Damgard Hash Function |
3 | | * (C) 1999-2008,2018 Jack Lloyd |
4 | | * |
5 | | * Botan is released under the Simplified BSD License (see license.txt) |
6 | | */ |
7 | | |
8 | | #include <botan/internal/mdx_hash.h> |
9 | | #include <botan/exceptn.h> |
10 | | #include <botan/internal/loadstor.h> |
11 | | #include <botan/internal/bit_ops.h> |
12 | | |
13 | | namespace Botan { |
14 | | |
15 | | /* |
16 | | * MDx_HashFunction Constructor |
17 | | */ |
18 | | MDx_HashFunction::MDx_HashFunction(size_t block_len, |
19 | | bool byte_big_endian, |
20 | | bool bit_big_endian, |
21 | | uint8_t cnt_size) : |
22 | | m_pad_char(bit_big_endian == true ? 0x80 : 0x01), |
23 | | m_counter_size(cnt_size), |
24 | | m_block_bits(ceil_log2(block_len)), |
25 | | m_count_big_endian(byte_big_endian), |
26 | | m_count(0), |
27 | | m_buffer(block_len), |
28 | | m_position(0) |
29 | 126k | { |
30 | 126k | if(!is_power_of_2(block_len)) |
31 | 0 | throw Invalid_Argument("MDx_HashFunction block length must be a power of 2"); |
32 | 126k | if(m_block_bits < 3 || m_block_bits > 16) |
33 | 0 | throw Invalid_Argument("MDx_HashFunction block size too large or too small"); |
34 | 126k | if(m_counter_size < 8 || m_counter_size > block_len) |
35 | 0 | throw Invalid_State("MDx_HashFunction invalid counter length"); |
36 | 126k | } |
37 | | |
38 | | /* |
39 | | * Clear memory of sensitive data |
40 | | */ |
41 | | void MDx_HashFunction::clear() |
42 | 613k | { |
43 | 613k | zeroise(m_buffer); |
44 | 613k | m_count = m_position = 0; |
45 | 613k | } |
46 | | |
47 | | /* |
48 | | * Update the hash |
49 | | */ |
50 | | void MDx_HashFunction::add_data(const uint8_t input[], size_t length) |
51 | 908k | { |
52 | 908k | const size_t block_len = static_cast<size_t>(1) << m_block_bits; |
53 | | |
54 | 908k | m_count += length; |
55 | | |
56 | 908k | if(m_position) |
57 | 96.0k | { |
58 | 96.0k | buffer_insert(m_buffer, m_position, input, length); |
59 | | |
60 | 96.0k | if(m_position + length >= block_len) |
61 | 73.8k | { |
62 | 73.8k | compress_n(m_buffer.data(), 1); |
63 | 73.8k | input += (block_len - m_position); |
64 | 73.8k | length -= (block_len - m_position); |
65 | 73.8k | m_position = 0; |
66 | 73.8k | } |
67 | 96.0k | } |
68 | | |
69 | | // Just in case the compiler can't figure out block_len is a power of 2 |
70 | 908k | const size_t full_blocks = length >> m_block_bits; |
71 | 908k | const size_t remaining = length & (block_len - 1); |
72 | | |
73 | 908k | if(full_blocks > 0) |
74 | 446k | { |
75 | 446k | compress_n(input, full_blocks); |
76 | 446k | } |
77 | | |
78 | 908k | buffer_insert(m_buffer, m_position, input + full_blocks * block_len, remaining); |
79 | 908k | m_position += remaining; |
80 | 908k | } |
81 | | |
82 | | /* |
83 | | * Finalize a hash |
84 | | */ |
85 | | void MDx_HashFunction::final_result(uint8_t output[]) |
86 | 455k | { |
87 | 455k | const size_t block_len = static_cast<size_t>(1) << m_block_bits; |
88 | | |
89 | 455k | clear_mem(&m_buffer[m_position], block_len - m_position); |
90 | 455k | m_buffer[m_position] = m_pad_char; |
91 | | |
92 | 455k | if(m_position >= block_len - m_counter_size) |
93 | 20.3k | { |
94 | 20.3k | compress_n(m_buffer.data(), 1); |
95 | 20.3k | zeroise(m_buffer); |
96 | 20.3k | } |
97 | | |
98 | 455k | BOTAN_ASSERT_NOMSG(m_counter_size <= output_length()); |
99 | 455k | BOTAN_ASSERT_NOMSG(m_counter_size >= 8); |
100 | | |
101 | 455k | const uint64_t bit_count = m_count * 8; |
102 | | |
103 | 455k | if(m_count_big_endian) |
104 | 454k | store_be(bit_count, &m_buffer[block_len - 8]); |
105 | 235 | else |
106 | 235 | store_le(bit_count, &m_buffer[block_len - 8]); |
107 | | |
108 | 455k | compress_n(m_buffer.data(), 1); |
109 | 455k | copy_out(output); |
110 | 455k | clear(); |
111 | 455k | } |
112 | | |
113 | | } |