/src/qtbase/src/3rdparty/rfc6234/sha224-256.c
Line | Count | Source (jump to first uncovered line) |
1 | | /************************* sha224-256.c ************************/ |
2 | | /***************** See RFC 6234 for details. *******************/ |
3 | | /* Copyright (c) 2011 IETF Trust and the persons identified as */ |
4 | | /* authors of the code. All rights reserved. */ |
5 | | /* See sha.h for terms of use and redistribution. */ |
6 | | |
7 | | /* |
8 | | * Description: |
9 | | * This file implements the Secure Hash Algorithms SHA-224 and |
10 | | * SHA-256 as defined in the U.S. National Institute of Standards |
11 | | * and Technology Federal Information Processing Standards |
12 | | * Publication (FIPS PUB) 180-3 published in October 2008 |
13 | | * and formerly defined in its predecessors, FIPS PUB 180-1 |
14 | | * and FIP PUB 180-2. |
15 | | * |
16 | | * A combined document showing all algorithms is available at |
17 | | * http://csrc.nist.gov/publications/fips/ |
18 | | * fips180-3/fips180-3_final.pdf |
19 | | * |
20 | | * The SHA-224 and SHA-256 algorithms produce 224-bit and 256-bit |
21 | | * message digests for a given data stream. It should take about |
22 | | * 2**n steps to find a message with the same digest as a given |
23 | | * message and 2**(n/2) to find any two messages with the same |
24 | | * digest, when n is the digest size in bits. Therefore, this |
25 | | * algorithm can serve as a means of providing a |
26 | | * "fingerprint" for a message. |
27 | | * |
28 | | * Portability Issues: |
29 | | * SHA-224 and SHA-256 are defined in terms of 32-bit "words". |
30 | | * This code uses <stdint.h> (included via "sha.h") to define 32- |
31 | | * and 8-bit unsigned integer types. If your C compiler does not |
32 | | * support 32-bit unsigned integers, this code is not |
33 | | * appropriate. |
34 | | * |
35 | | * Caveats: |
36 | | * SHA-224 and SHA-256 are designed to work with messages less |
37 | | * than 2^64 bits long. This implementation uses SHA224/256Input() |
38 | | * to hash the bits that are a multiple of the size of an 8-bit |
39 | | * octet, and then optionally uses SHA224/256FinalBits() |
40 | | * to hash the final few bits of the input. |
41 | | */ |
42 | | |
43 | | #include "sha.h" |
44 | | #include "sha-private.h" |
45 | | |
46 | | /* Define the SHA shift, rotate left, and rotate right macros */ |
47 | 0 | #define SHA256_SHR(bits,word) ((word) >> (bits)) |
48 | | #define SHA256_ROTL(bits,word) \ |
49 | | (((word) << (bits)) | ((word) >> (32-(bits)))) |
50 | | #define SHA256_ROTR(bits,word) \ |
51 | 0 | (((word) >> (bits)) | ((word) << (32-(bits)))) |
52 | | |
53 | | /* Define the SHA SIGMA and sigma macros */ |
54 | | #define SHA256_SIGMA0(word) \ |
55 | 0 | (SHA256_ROTR( 2,word) ^ SHA256_ROTR(13,word) ^ SHA256_ROTR(22,word)) |
56 | | #define SHA256_SIGMA1(word) \ |
57 | 0 | (SHA256_ROTR( 6,word) ^ SHA256_ROTR(11,word) ^ SHA256_ROTR(25,word)) |
58 | | #define SHA256_sigma0(word) \ |
59 | 0 | (SHA256_ROTR( 7,word) ^ SHA256_ROTR(18,word) ^ SHA256_SHR( 3,word)) |
60 | | #define SHA256_sigma1(word) \ |
61 | 0 | (SHA256_ROTR(17,word) ^ SHA256_ROTR(19,word) ^ SHA256_SHR(10,word)) |
62 | | |
63 | | /* |
64 | | * Add "length" to the length. |
65 | | * Set Corrupted when overflow has occurred. |
66 | | */ |
67 | | /* addTemp commented out by Nokia, static variables are not thread-safe */ |
68 | | /* static uint32_t addTemp; */ |
69 | | /* 'M' appended to Macro name by Nokia */ |
70 | | #define SHA224_256AddLengthM(context, length) \ |
71 | 0 | (addTemp = (context)->Length_Low, (context)->Corrupted = \ |
72 | 0 | (((context)->Length_Low += (length)) < addTemp) && \ |
73 | 0 | (++(context)->Length_High == 0) ? shaInputTooLong : \ |
74 | 0 | (context)->Corrupted ) |
75 | | |
76 | | /* Local Function Prototypes */ |
77 | | static int SHA224_256Reset(SHA256Context *context, uint32_t *H0); |
78 | | static void SHA224_256ProcessMessageBlock(SHA256Context *context); |
79 | | static void SHA224_256Finalize(SHA256Context *context, |
80 | | uint8_t Pad_Byte); |
81 | | static void SHA224_256PadMessage(SHA256Context *context, |
82 | | uint8_t Pad_Byte); |
83 | | static int SHA224_256ResultN(SHA256Context *context, |
84 | | uint8_t Message_Digest[ ], int HashSize); |
85 | | |
86 | | /* Initial Hash Values: FIPS 180-3 section 5.3.2 */ |
87 | | static uint32_t SHA224_H0[SHA256HashSize/4] = { |
88 | | 0xC1059ED8, 0x367CD507, 0x3070DD17, 0xF70E5939, |
89 | | 0xFFC00B31, 0x68581511, 0x64F98FA7, 0xBEFA4FA4 |
90 | | }; |
91 | | |
92 | | /* Initial Hash Values: FIPS 180-3 section 5.3.3 */ |
93 | | static uint32_t SHA256_H0[SHA256HashSize/4] = { |
94 | | 0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, |
95 | | 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19 |
96 | | }; |
97 | | |
98 | | /* |
99 | | * SHA224Reset |
100 | | * |
101 | | * Description: |
102 | | * This function will initialize the SHA224Context in preparation |
103 | | * for computing a new SHA224 message digest. |
104 | | * |
105 | | * Parameters: |
106 | | * context: [in/out] |
107 | | * The context to reset. |
108 | | * |
109 | | * Returns: |
110 | | * sha Error Code. |
111 | | */ |
112 | | int SHA224Reset(SHA224Context *context) |
113 | 0 | { |
114 | 0 | return SHA224_256Reset(context, SHA224_H0); |
115 | 0 | } |
116 | | |
117 | | /* |
118 | | * SHA224Input |
119 | | * |
120 | | * Description: |
121 | | * This function accepts an array of octets as the next portion |
122 | | * of the message. |
123 | | * |
124 | | * Parameters: |
125 | | * context: [in/out] |
126 | | * The SHA context to update. |
127 | | * message_array[ ]: [in] |
128 | | * An array of octets representing the next portion of |
129 | | * the message. |
130 | | * length: [in] |
131 | | * The length of the message in message_array. |
132 | | * |
133 | | * Returns: |
134 | | * sha Error Code. |
135 | | * |
136 | | */ |
137 | | int SHA224Input(SHA224Context *context, const uint8_t *message_array, |
138 | | unsigned int length) |
139 | 0 | { |
140 | 0 | return SHA256Input(context, message_array, length); |
141 | 0 | } |
142 | | |
143 | | /* |
144 | | * SHA224FinalBits |
145 | | * |
146 | | * Description: |
147 | | * This function will add in any final bits of the message. |
148 | | * |
149 | | * Parameters: |
150 | | * context: [in/out] |
151 | | * The SHA context to update. |
152 | | * message_bits: [in] |
153 | | * The final bits of the message, in the upper portion of the |
154 | | * byte. (Use 0b###00000 instead of 0b00000### to input the |
155 | | * three bits ###.) |
156 | | * length: [in] |
157 | | * The number of bits in message_bits, between 1 and 7. |
158 | | * |
159 | | * Returns: |
160 | | * sha Error Code. |
161 | | */ |
162 | | int SHA224FinalBits(SHA224Context *context, |
163 | | uint8_t message_bits, unsigned int length) |
164 | 0 | { |
165 | 0 | return SHA256FinalBits(context, message_bits, length); |
166 | 0 | } |
167 | | |
168 | | /* |
169 | | * SHA224Result |
170 | | * |
171 | | * Description: |
172 | | * This function will return the 224-bit message digest |
173 | | * into the Message_Digest array provided by the caller. |
174 | | * NOTE: |
175 | | * The first octet of hash is stored in the element with index 0, |
176 | | * the last octet of hash in the element with index 27. |
177 | | * |
178 | | * Parameters: |
179 | | * context: [in/out] |
180 | | * The context to use to calculate the SHA hash. |
181 | | * Message_Digest[ ]: [out] |
182 | | * Where the digest is returned. |
183 | | * |
184 | | * Returns: |
185 | | * sha Error Code. |
186 | | */ |
187 | | int SHA224Result(SHA224Context *context, |
188 | | uint8_t Message_Digest[SHA224HashSize]) |
189 | 0 | { |
190 | 0 | return SHA224_256ResultN(context, Message_Digest, SHA224HashSize); |
191 | 0 | } |
192 | | |
193 | | /* |
194 | | * SHA256Reset |
195 | | * |
196 | | * Description: |
197 | | * This function will initialize the SHA256Context in preparation |
198 | | * for computing a new SHA256 message digest. |
199 | | * |
200 | | * Parameters: |
201 | | * context: [in/out] |
202 | | * The context to reset. |
203 | | * |
204 | | * Returns: |
205 | | * sha Error Code. |
206 | | */ |
207 | | int SHA256Reset(SHA256Context *context) |
208 | 0 | { |
209 | 0 | return SHA224_256Reset(context, SHA256_H0); |
210 | 0 | } |
211 | | |
212 | | /* |
213 | | * SHA256Input |
214 | | * |
215 | | * Description: |
216 | | * This function accepts an array of octets as the next portion |
217 | | * of the message. |
218 | | * |
219 | | * Parameters: |
220 | | * context: [in/out] |
221 | | * The SHA context to update. |
222 | | * message_array[ ]: [in] |
223 | | * An array of octets representing the next portion of |
224 | | * the message. |
225 | | * length: [in] |
226 | | * The length of the message in message_array. |
227 | | * |
228 | | * Returns: |
229 | | * sha Error Code. |
230 | | */ |
231 | | int SHA256Input(SHA256Context *context, const uint8_t *message_array, |
232 | | unsigned int length) |
233 | 0 | { |
234 | 0 | if (!context) return shaNull; |
235 | 0 | if (!length) return shaSuccess; |
236 | 0 | if (!message_array) return shaNull; |
237 | 0 | if (context->Computed) return context->Corrupted = shaStateError; |
238 | 0 | if (context->Corrupted) return context->Corrupted; |
239 | | |
240 | 0 | while (length--) { |
241 | 0 | context->Message_Block[context->Message_Block_Index++] = |
242 | 0 | *message_array; |
243 | |
|
244 | 0 | if ((SHA224_256AddLength(context, 8) == shaSuccess) && |
245 | 0 | (context->Message_Block_Index == SHA256_Message_Block_Size)) |
246 | 0 | SHA224_256ProcessMessageBlock(context); |
247 | |
|
248 | 0 | message_array++; |
249 | 0 | } |
250 | |
|
251 | 0 | return context->Corrupted; |
252 | |
|
253 | 0 | } |
254 | | |
255 | | /* |
256 | | * SHA256FinalBits |
257 | | * |
258 | | * Description: |
259 | | * This function will add in any final bits of the message. |
260 | | * |
261 | | * Parameters: |
262 | | * context: [in/out] |
263 | | * The SHA context to update. |
264 | | * message_bits: [in] |
265 | | * The final bits of the message, in the upper portion of the |
266 | | * byte. (Use 0b###00000 instead of 0b00000### to input the |
267 | | * three bits ###.) |
268 | | * length: [in] |
269 | | * The number of bits in message_bits, between 1 and 7. |
270 | | * |
271 | | * Returns: |
272 | | * sha Error Code. |
273 | | */ |
274 | | int SHA256FinalBits(SHA256Context *context, |
275 | | uint8_t message_bits, unsigned int length) |
276 | 0 | { |
277 | 0 | static uint8_t masks[8] = { |
278 | 0 | /* 0 0b00000000 */ 0x00, /* 1 0b10000000 */ 0x80, |
279 | 0 | /* 2 0b11000000 */ 0xC0, /* 3 0b11100000 */ 0xE0, |
280 | 0 | /* 4 0b11110000 */ 0xF0, /* 5 0b11111000 */ 0xF8, |
281 | 0 | /* 6 0b11111100 */ 0xFC, /* 7 0b11111110 */ 0xFE |
282 | 0 | }; |
283 | 0 | static uint8_t markbit[8] = { |
284 | 0 | /* 0 0b10000000 */ 0x80, /* 1 0b01000000 */ 0x40, |
285 | 0 | /* 2 0b00100000 */ 0x20, /* 3 0b00010000 */ 0x10, |
286 | 0 | /* 4 0b00001000 */ 0x08, /* 5 0b00000100 */ 0x04, |
287 | 0 | /* 6 0b00000010 */ 0x02, /* 7 0b00000001 */ 0x01 |
288 | 0 | }; |
289 | |
|
290 | 0 | if (!context) return shaNull; |
291 | 0 | if (!length) return shaSuccess; |
292 | 0 | if (context->Corrupted) return context->Corrupted; |
293 | 0 | if (context->Computed) return context->Corrupted = shaStateError; |
294 | 0 | if (length >= 8) return context->Corrupted = shaBadParam; |
295 | | |
296 | 0 | SHA224_256AddLength(context, length); |
297 | 0 | SHA224_256Finalize(context, (uint8_t) |
298 | 0 | ((message_bits & masks[length]) | markbit[length])); |
299 | |
|
300 | 0 | return context->Corrupted; |
301 | 0 | } |
302 | | |
303 | | /* |
304 | | * SHA256Result |
305 | | * |
306 | | * Description: |
307 | | * This function will return the 256-bit message digest |
308 | | * into the Message_Digest array provided by the caller. |
309 | | * NOTE: |
310 | | * The first octet of hash is stored in the element with index 0, |
311 | | * the last octet of hash in the element with index 31. |
312 | | * |
313 | | * Parameters: |
314 | | * context: [in/out] |
315 | | * The context to use to calculate the SHA hash. |
316 | | * Message_Digest[ ]: [out] |
317 | | * Where the digest is returned. |
318 | | * |
319 | | * Returns: |
320 | | * sha Error Code. |
321 | | */ |
322 | | int SHA256Result(SHA256Context *context, |
323 | | uint8_t Message_Digest[SHA256HashSize]) |
324 | 0 | { |
325 | 0 | return SHA224_256ResultN(context, Message_Digest, SHA256HashSize); |
326 | 0 | } |
327 | | |
328 | | /* |
329 | | * SHA224_256Reset |
330 | | * |
331 | | * Description: |
332 | | * This helper function will initialize the SHA256Context in |
333 | | * preparation for computing a new SHA-224 or SHA-256 message digest. |
334 | | * |
335 | | * Parameters: |
336 | | * context: [in/out] |
337 | | * The context to reset. |
338 | | * H0[ ]: [in] |
339 | | * The initial hash value array to use. |
340 | | * |
341 | | * Returns: |
342 | | * sha Error Code. |
343 | | */ |
344 | | static int SHA224_256Reset(SHA256Context *context, uint32_t *H0) |
345 | 0 | { |
346 | 0 | if (!context) return shaNull; |
347 | | |
348 | 0 | context->Length_High = context->Length_Low = 0; |
349 | 0 | context->Message_Block_Index = 0; |
350 | |
|
351 | 0 | context->Intermediate_Hash[0] = H0[0]; |
352 | 0 | context->Intermediate_Hash[1] = H0[1]; |
353 | 0 | context->Intermediate_Hash[2] = H0[2]; |
354 | 0 | context->Intermediate_Hash[3] = H0[3]; |
355 | 0 | context->Intermediate_Hash[4] = H0[4]; |
356 | 0 | context->Intermediate_Hash[5] = H0[5]; |
357 | 0 | context->Intermediate_Hash[6] = H0[6]; |
358 | 0 | context->Intermediate_Hash[7] = H0[7]; |
359 | |
|
360 | 0 | context->Computed = 0; |
361 | 0 | context->Corrupted = shaSuccess; |
362 | |
|
363 | 0 | return shaSuccess; |
364 | 0 | } |
365 | | |
366 | | /* |
367 | | * SHA224_256ProcessMessageBlock |
368 | | * |
369 | | * Description: |
370 | | * This helper function will process the next 512 bits of the |
371 | | * message stored in the Message_Block array. |
372 | | * |
373 | | * Parameters: |
374 | | * context: [in/out] |
375 | | * The SHA context to update. |
376 | | * |
377 | | * Returns: |
378 | | * Nothing. |
379 | | * |
380 | | * Comments: |
381 | | * Many of the variable names in this code, especially the |
382 | | * single character names, were used because those were the |
383 | | * names used in the Secure Hash Standard. |
384 | | */ |
385 | | static void SHA224_256ProcessMessageBlock(SHA256Context *context) |
386 | 0 | { |
387 | | /* Constants defined in FIPS 180-3, section 4.2.2 */ |
388 | 0 | static const uint32_t K[64] = { |
389 | 0 | 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, |
390 | 0 | 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, |
391 | 0 | 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, |
392 | 0 | 0xc19bf174, 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, |
393 | 0 | 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 0x983e5152, |
394 | 0 | 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, |
395 | 0 | 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, |
396 | 0 | 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, |
397 | 0 | 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, |
398 | 0 | 0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08, |
399 | 0 | 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, |
400 | 0 | 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, |
401 | 0 | 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 |
402 | 0 | }; |
403 | 0 | int t, t4; /* Loop counter */ |
404 | 0 | uint32_t temp1, temp2; /* Temporary word value */ |
405 | 0 | uint32_t W[64]; /* Word sequence */ |
406 | 0 | uint32_t A, B, C, D, E, F, G, H; /* Word buffers */ |
407 | | |
408 | | /* |
409 | | * Initialize the first 16 words in the array W |
410 | | */ |
411 | 0 | for (t = t4 = 0; t < 16; t++, t4 += 4) |
412 | 0 | W[t] = (((uint32_t)context->Message_Block[t4]) << 24) | |
413 | 0 | (((uint32_t)context->Message_Block[t4 + 1]) << 16) | |
414 | 0 | (((uint32_t)context->Message_Block[t4 + 2]) << 8) | |
415 | 0 | (((uint32_t)context->Message_Block[t4 + 3])); |
416 | |
|
417 | 0 | for (t = 16; t < 64; t++) |
418 | 0 | W[t] = SHA256_sigma1(W[t-2]) + W[t-7] + |
419 | 0 | SHA256_sigma0(W[t-15]) + W[t-16]; |
420 | |
|
421 | 0 | A = context->Intermediate_Hash[0]; |
422 | 0 | B = context->Intermediate_Hash[1]; |
423 | 0 | C = context->Intermediate_Hash[2]; |
424 | 0 | D = context->Intermediate_Hash[3]; |
425 | 0 | E = context->Intermediate_Hash[4]; |
426 | 0 | F = context->Intermediate_Hash[5]; |
427 | 0 | G = context->Intermediate_Hash[6]; |
428 | 0 | H = context->Intermediate_Hash[7]; |
429 | |
|
430 | 0 | for (t = 0; t < 64; t++) { |
431 | 0 | temp1 = H + SHA256_SIGMA1(E) + SHA_Ch(E,F,G) + K[t] + W[t]; |
432 | 0 | temp2 = SHA256_SIGMA0(A) + SHA_Maj(A,B,C); |
433 | 0 | H = G; |
434 | 0 | G = F; |
435 | 0 | F = E; |
436 | 0 | E = D + temp1; |
437 | 0 | D = C; |
438 | 0 | C = B; |
439 | 0 | B = A; |
440 | 0 | A = temp1 + temp2; |
441 | 0 | } |
442 | |
|
443 | 0 | context->Intermediate_Hash[0] += A; |
444 | 0 | context->Intermediate_Hash[1] += B; |
445 | 0 | context->Intermediate_Hash[2] += C; |
446 | 0 | context->Intermediate_Hash[3] += D; |
447 | 0 | context->Intermediate_Hash[4] += E; |
448 | 0 | context->Intermediate_Hash[5] += F; |
449 | 0 | context->Intermediate_Hash[6] += G; |
450 | 0 | context->Intermediate_Hash[7] += H; |
451 | |
|
452 | 0 | context->Message_Block_Index = 0; |
453 | 0 | } |
454 | | |
455 | | /* |
456 | | * SHA224_256Finalize |
457 | | * |
458 | | * Description: |
459 | | * This helper function finishes off the digest calculations. |
460 | | * |
461 | | * Parameters: |
462 | | * context: [in/out] |
463 | | * The SHA context to update. |
464 | | * Pad_Byte: [in] |
465 | | * The last byte to add to the message block before the 0-padding |
466 | | * and length. This will contain the last bits of the message |
467 | | * followed by another single bit. If the message was an |
468 | | * exact multiple of 8-bits long, Pad_Byte will be 0x80. |
469 | | * |
470 | | * Returns: |
471 | | * sha Error Code. |
472 | | */ |
473 | | static void SHA224_256Finalize(SHA256Context *context, |
474 | | uint8_t Pad_Byte) |
475 | 0 | { |
476 | 0 | int i; |
477 | 0 | SHA224_256PadMessage(context, Pad_Byte); |
478 | | /* message may be sensitive, so clear it out */ |
479 | 0 | for (i = 0; i < SHA256_Message_Block_Size; ++i) |
480 | 0 | context->Message_Block[i] = 0; |
481 | 0 | context->Length_High = 0; /* and clear length */ |
482 | 0 | context->Length_Low = 0; |
483 | 0 | context->Computed = 1; |
484 | 0 | } |
485 | | |
486 | | /* |
487 | | * SHA224_256PadMessage |
488 | | * |
489 | | * Description: |
490 | | * According to the standard, the message must be padded to the next |
491 | | * even multiple of 512 bits. The first padding bit must be a '1'. |
492 | | * The last 64 bits represent the length of the original message. |
493 | | * All bits in between should be 0. This helper function will pad |
494 | | * the message according to those rules by filling the |
495 | | * Message_Block array accordingly. When it returns, it can be |
496 | | * assumed that the message digest has been computed. |
497 | | * |
498 | | * Parameters: |
499 | | * context: [in/out] |
500 | | * The context to pad. |
501 | | * Pad_Byte: [in] |
502 | | * The last byte to add to the message block before the 0-padding |
503 | | * and length. This will contain the last bits of the message |
504 | | * followed by another single bit. If the message was an |
505 | | * exact multiple of 8-bits long, Pad_Byte will be 0x80. |
506 | | * |
507 | | * Returns: |
508 | | * Nothing. |
509 | | */ |
510 | | static void SHA224_256PadMessage(SHA256Context *context, |
511 | | uint8_t Pad_Byte) |
512 | 0 | { |
513 | | /* |
514 | | * Check to see if the current message block is too small to hold |
515 | | * the initial padding bits and length. If so, we will pad the |
516 | | * block, process it, and then continue padding into a second |
517 | | * block. |
518 | | */ |
519 | 0 | if (context->Message_Block_Index >= (SHA256_Message_Block_Size-8)) { |
520 | 0 | context->Message_Block[context->Message_Block_Index++] = Pad_Byte; |
521 | 0 | while (context->Message_Block_Index < SHA256_Message_Block_Size) |
522 | 0 | context->Message_Block[context->Message_Block_Index++] = 0; |
523 | 0 | SHA224_256ProcessMessageBlock(context); |
524 | 0 | } else |
525 | 0 | context->Message_Block[context->Message_Block_Index++] = Pad_Byte; |
526 | |
|
527 | 0 | while (context->Message_Block_Index < (SHA256_Message_Block_Size-8)) |
528 | 0 | context->Message_Block[context->Message_Block_Index++] = 0; |
529 | | |
530 | | /* |
531 | | * Store the message length as the last 8 octets |
532 | | */ |
533 | 0 | context->Message_Block[56] = (uint8_t)(context->Length_High >> 24); |
534 | 0 | context->Message_Block[57] = (uint8_t)(context->Length_High >> 16); |
535 | 0 | context->Message_Block[58] = (uint8_t)(context->Length_High >> 8); |
536 | 0 | context->Message_Block[59] = (uint8_t)(context->Length_High); |
537 | 0 | context->Message_Block[60] = (uint8_t)(context->Length_Low >> 24); |
538 | 0 | context->Message_Block[61] = (uint8_t)(context->Length_Low >> 16); |
539 | 0 | context->Message_Block[62] = (uint8_t)(context->Length_Low >> 8); |
540 | 0 | context->Message_Block[63] = (uint8_t)(context->Length_Low); |
541 | |
|
542 | 0 | SHA224_256ProcessMessageBlock(context); |
543 | 0 | } |
544 | | |
545 | | /* |
546 | | * SHA224_256ResultN |
547 | | * |
548 | | * Description: |
549 | | * This helper function will return the 224-bit or 256-bit message |
550 | | * digest into the Message_Digest array provided by the caller. |
551 | | * NOTE: |
552 | | * The first octet of hash is stored in the element with index 0, |
553 | | * the last octet of hash in the element with index 27/31. |
554 | | * |
555 | | * Parameters: |
556 | | * context: [in/out] |
557 | | * The context to use to calculate the SHA hash. |
558 | | * Message_Digest[ ]: [out] |
559 | | * Where the digest is returned. |
560 | | * HashSize: [in] |
561 | | * The size of the hash, either 28 or 32. |
562 | | * |
563 | | * Returns: |
564 | | * sha Error Code. |
565 | | */ |
566 | | static int SHA224_256ResultN(SHA256Context *context, |
567 | | uint8_t Message_Digest[ ], int HashSize) |
568 | 0 | { |
569 | 0 | int i; |
570 | |
|
571 | 0 | if (!context) return shaNull; |
572 | 0 | if (!Message_Digest) return shaNull; |
573 | 0 | if (context->Corrupted) return context->Corrupted; |
574 | | |
575 | 0 | if (!context->Computed) |
576 | 0 | SHA224_256Finalize(context, 0x80); |
577 | |
|
578 | 0 | for (i = 0; i < HashSize; ++i) |
579 | 0 | Message_Digest[i] = (uint8_t) |
580 | 0 | (context->Intermediate_Hash[i>>2] >> 8 * ( 3 - ( i & 0x03 ) )); |
581 | |
|
582 | 0 | return shaSuccess; |
583 | 0 | } |