/src/lzma-fuzz/sdk/C/Sha256.c

Source (jump to first uncovered line)
/* Crypto/Sha256.c -- SHA-256 Hash
2017-04-03 : Igor Pavlov : Public domain
This code is based on public domain code from Wei Dai's Crypto++ library. */

#include "Precomp.h"

#include <string.h>

#include "CpuArch.h"
#include "RotateDefs.h"
#include "Sha256.h"

/* define it for speed optimization */
#ifndef _SFX
#define _SHA256_UNROLL
#define _SHA256_UNROLL2
#endif

/* #define _SHA256_UNROLL2 */

void Sha256_Init(CSha256 *p)
{
  p->state[0] = 0x6a09e667;
  p->state[1] = 0xbb67ae85;
  p->state[2] = 0x3c6ef372;
  p->state[3] = 0xa54ff53a;
  p->state[4] = 0x510e527f;
  p->state[5] = 0x9b05688c;
  p->state[6] = 0x1f83d9ab;
  p->state[7] = 0x5be0cd19;
  p->count = 0;
}

#define S0(x) (rotrFixed(x, 2) ^ rotrFixed(x,13) ^ rotrFixed(x, 22))
#define S1(x) (rotrFixed(x, 6) ^ rotrFixed(x,11) ^ rotrFixed(x, 25))
#define s0(x) (rotrFixed(x, 7) ^ rotrFixed(x,18) ^ (x >> 3))
#define s1(x) (rotrFixed(x,17) ^ rotrFixed(x,19) ^ (x >> 10))

#define blk0(i) (W[i])
#define blk2(i) (W[i] += s1(W[((i)-2)&15]) + W[((i)-7)&15] + s0(W[((i)-15)&15]))

#define Ch(x,y,z) (z^(x&(y^z)))
#define Maj(x,y,z) ((x&y)|(z&(x|y)))

#ifdef _SHA256_UNROLL2

#define R(a,b,c,d,e,f,g,h, i) \
    h += S1(e) + Ch(e,f,g) + K[(i)+(size_t)(j)] + (j ? blk2(i) : blk0(i)); \
    d += h; \
    h += S0(a) + Maj(a, b, c)

#define RX_8(i) \
  R(a,b,c,d,e,f,g,h, i); \
  R(h,a,b,c,d,e,f,g, i+1); \
  R(g,h,a,b,c,d,e,f, i+2); \
  R(f,g,h,a,b,c,d,e, i+3); \
  R(e,f,g,h,a,b,c,d, i+4); \
  R(d,e,f,g,h,a,b,c, i+5); \
  R(c,d,e,f,g,h,a,b, i+6); \
  R(b,c,d,e,f,g,h,a, i+7)

#define RX_16  RX_8(0); RX_8(8);

#else

#define a(i) T[(0-(i))&7]
#define b(i) T[(1-(i))&7]
#define c(i) T[(2-(i))&7]
#define d(i) T[(3-(i))&7]
#define e(i) T[(4-(i))&7]
#define f(i) T[(5-(i))&7]
#define g(i) T[(6-(i))&7]
#define h(i) T[(7-(i))&7]

#define R(i) \
    h(i) += S1(e(i)) + Ch(e(i),f(i),g(i)) + K[(i)+(size_t)(j)] + (j ? blk2(i) : blk0(i)); \
    d(i) += h(i); \
    h(i) += S0(a(i)) + Maj(a(i), b(i), c(i)) \

#ifdef _SHA256_UNROLL

#define RX_8(i)  R(i+0); R(i+1); R(i+2); R(i+3); R(i+4); R(i+5); R(i+6); R(i+7);
#define RX_16  RX_8(0); RX_8(8);

#else

#define RX_16  unsigned i; for (i = 0; i < 16; i++) { R(i); }

#endif

#endif

static const UInt32 K[64] = {
  0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
  0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
  0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
  0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
  0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
  0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
  0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
  0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
  0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
  0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
  0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
  0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
  0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
  0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
  0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
  0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
};

static void Sha256_WriteByteBlock(CSha256 *p)
{
  UInt32 W[16];
  unsigned j;
  UInt32 *state;

  #ifdef _SHA256_UNROLL2
  UInt32 a,b,c,d,e,f,g,h;
  #else
  UInt32 T[8];
  #endif

  for (j = 0; j < 16; j += 4)
  {
    const Byte *ccc = p->buffer + j * 4;
    W[j    ] = GetBe32(ccc);
    W[j + 1] = GetBe32(ccc + 4);
    W[j + 2] = GetBe32(ccc + 8);
    W[j + 3] = GetBe32(ccc + 12);
  }

  state = p->state;

  #ifdef _SHA256_UNROLL2
  a = state[0];
  b = state[1];
  c = state[2];
  d = state[3];
  e = state[4];
  f = state[5];
  g = state[6];
  h = state[7];
  #else
  for (j = 0; j < 8; j++)
    T[j] = state[j];
  #endif

  for (j = 0; j < 64; j += 16)
  {
    RX_16
  }

  #ifdef _SHA256_UNROLL2
  state[0] += a;
  state[1] += b;
  state[2] += c;
  state[3] += d;
  state[4] += e;
  state[5] += f;
  state[6] += g;
  state[7] += h;
  #else
  for (j = 0; j < 8; j++)
    state[j] += T[j];
  #endif
  
  /* Wipe variables */
  /* memset(W, 0, sizeof(W)); */
  /* memset(T, 0, sizeof(T)); */
}

#undef S0
#undef S1
#undef s0
#undef s1

void Sha256_Update(CSha256 *p, const Byte *data, size_t size)
{
  if (size == 0)
    return;

  {
    unsigned pos = (unsigned)p->count & 0x3F;
    unsigned num;
    
    p->count += size;
    
    num = 64 - pos;
    if (num > size)
    {
      memcpy(p->buffer + pos, data, size);
      return;
    }
    
    size -= num;
    memcpy(p->buffer + pos, data, num);
    data += num;
  }

  for (;;)
  {
    Sha256_WriteByteBlock(p);
    if (size < 64)
      break;
    size -= 64;
    memcpy(p->buffer, data, 64);
    data += 64;
  }

  if (size != 0)
    memcpy(p->buffer, data, size);
}

void Sha256_Final(CSha256 *p, Byte *digest)
{
  unsigned pos = (unsigned)p->count & 0x3F;
  unsigned i;
  
  p->buffer[pos++] = 0x80;
  
  while (pos != (64 - 8))
  {
    pos &= 0x3F;
    if (pos == 0)
      Sha256_WriteByteBlock(p);
    p->buffer[pos++] = 0;
  }

  {
    UInt64 numBits = (p->count << 3);
    SetBe32(p->buffer + 64 - 8, (UInt32)(numBits >> 32));
    SetBe32(p->buffer + 64 - 4, (UInt32)(numBits));
  }
  
  Sha256_WriteByteBlock(p);

  for (i = 0; i < 8; i += 2)
  {
    UInt32 v0 = p->state[i];
    UInt32 v1 = p->state[i + 1];
    SetBe32(digest    , v0);
    SetBe32(digest + 4, v1);
    digest += 8;
  }
  
  Sha256_Init(p);
}

Coverage Report

Created: 2023-03-26 07:01

Line	Count	Source (jump to first uncovered line)
1		/* Crypto/Sha256.c -- SHA-256 Hash
2		2017-04-03 : Igor Pavlov : Public domain
3		This code is based on public domain code from Wei Dai's Crypto++ library. */
4
5		#include "Precomp.h"
6
7		#include <string.h>
8
9		#include "CpuArch.h"
10		#include "RotateDefs.h"
11		#include "Sha256.h"
12
13		/* define it for speed optimization */
14		#ifndef _SFX
15		#define _SHA256_UNROLL
16		#define _SHA256_UNROLL2
17		#endif
18
19		/* #define _SHA256_UNROLL2 */
20
21		void Sha256_Init(CSha256 *p)
22	54.4k	{
23	54.4k	p->state[0] = 0x6a09e667;
24	54.4k	p->state[1] = 0xbb67ae85;
25	54.4k	p->state[2] = 0x3c6ef372;
26	54.4k	p->state[3] = 0xa54ff53a;
27	54.4k	p->state[4] = 0x510e527f;
28	54.4k	p->state[5] = 0x9b05688c;
29	54.4k	p->state[6] = 0x1f83d9ab;
30	54.4k	p->state[7] = 0x5be0cd19;
31	54.4k	p->count = 0;
32	54.4k	}
33
34	201M	#define S0(x) (rotrFixed(x, 2) ^ rotrFixed(x,13) ^ rotrFixed(x, 22))
35	201M	#define S1(x) (rotrFixed(x, 6) ^ rotrFixed(x,11) ^ rotrFixed(x, 25))
36	151M	#define s0(x) (rotrFixed(x, 7) ^ rotrFixed(x,18) ^ (x >> 3))
37	151M	#define s1(x) (rotrFixed(x,17) ^ rotrFixed(x,19) ^ (x >> 10))
38
39	50.3M	#define blk0(i) (W[i])
40	151M	#define blk2(i) (W[i] += s1(W[((i)-2)&15]) + W[((i)-7)&15] + s0(W[((i)-15)&15]))
41
42	201M	#define Ch(x,y,z) (z^(x&(y^z)))
43	201M	#define Maj(x,y,z) ((x&y)\|(z&(x\|y)))
44
45		#ifdef _SHA256_UNROLL2
46
47		#define R(a,b,c,d,e,f,g,h, i) \
48	201M	h += S1(e) + Ch(e,f,g) + K[(i)+(size_t)(j)] + (j ? blk2(i) : blk0(i)); \
49	201M	d += h; \
50	201M	h += S0(a) + Maj(a, b, c)
51
52		#define RX_8(i) \
53	25.1M	R(a,b,c,d,e,f,g,h, i); \
54	25.1M	R(h,a,b,c,d,e,f,g, i+1); \
55	25.1M	R(g,h,a,b,c,d,e,f, i+2); \
56	25.1M	R(f,g,h,a,b,c,d,e, i+3); \
57	25.1M	R(e,f,g,h,a,b,c,d, i+4); \
58	25.1M	R(d,e,f,g,h,a,b,c, i+5); \
59	25.1M	R(c,d,e,f,g,h,a,b, i+6); \
60	25.1M	R(b,c,d,e,f,g,h,a, i+7)
61
62	12.5M	#define RX_16 RX_8(0); RX_8(8);
63
64		#else
65
66		#define a(i) T[(0-(i))&7]
67		#define b(i) T[(1-(i))&7]
68		#define c(i) T[(2-(i))&7]
69		#define d(i) T[(3-(i))&7]
70		#define e(i) T[(4-(i))&7]
71		#define f(i) T[(5-(i))&7]
72		#define g(i) T[(6-(i))&7]
73		#define h(i) T[(7-(i))&7]
74
75		#define R(i) \
76		h(i) += S1(e(i)) + Ch(e(i),f(i),g(i)) + K[(i)+(size_t)(j)] + (j ? blk2(i) : blk0(i)); \
77		d(i) += h(i); \
78		h(i) += S0(a(i)) + Maj(a(i), b(i), c(i)) \
79
80		#ifdef _SHA256_UNROLL
81
82		#define RX_8(i) R(i+0); R(i+1); R(i+2); R(i+3); R(i+4); R(i+5); R(i+6); R(i+7);
83		#define RX_16 RX_8(0); RX_8(8);
84
85		#else
86
87		#define RX_16 unsigned i; for (i = 0; i < 16; i++) { R(i); }
88
89		#endif
90
91		#endif
92
93		static const UInt32 K[64] = {
94		0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
95		0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
96		0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
97		0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
98		0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
99		0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
100		0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
101		0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
102		0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
103		0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
104		0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
105		0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
106		0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
107		0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
108		0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
109		0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
110		};
111
112		static void Sha256_WriteByteBlock(CSha256 *p)
113	3.14M	{
114	3.14M	UInt32 W[16];
115	3.14M	unsigned j;
116	3.14M	UInt32 *state;
117
118	3.14M	#ifdef _SHA256_UNROLL2
119	3.14M	UInt32 a,b,c,d,e,f,g,h;
120		#else
121		UInt32 T[8];
122		#endif
123
124	15.7M	for (j = 0; j < 16; j += 4)
125	12.5M	{
126	12.5M	const Byte ccc = p->buffer + j 4;
127	12.5M	W[j ] = GetBe32(ccc);
128	12.5M	W[j + 1] = GetBe32(ccc + 4);
129	12.5M	W[j + 2] = GetBe32(ccc + 8);
130	12.5M	W[j + 3] = GetBe32(ccc + 12);
131	12.5M	}
132
133	3.14M	state = p->state;
134
135	3.14M	#ifdef _SHA256_UNROLL2
136	3.14M	a = state[0];
137	3.14M	b = state[1];
138	3.14M	c = state[2];
139	3.14M	d = state[3];
140	3.14M	e = state[4];
141	3.14M	f = state[5];
142	3.14M	g = state[6];
143	3.14M	h = state[7];
144		#else
145		for (j = 0; j < 8; j++)
146		T[j] = state[j];
147		#endif
148
149	15.7M	for (j = 0; j < 64; j += 16)
150	12.5M	{
151	12.5M	RX_16
152	12.5M	}
153
154	3.14M	#ifdef _SHA256_UNROLL2
155	3.14M	state[0] += a;
156	3.14M	state[1] += b;
157	3.14M	state[2] += c;
158	3.14M	state[3] += d;
159	3.14M	state[4] += e;
160	3.14M	state[5] += f;
161	3.14M	state[6] += g;
162	3.14M	state[7] += h;
163		#else
164		for (j = 0; j < 8; j++)
165		state[j] += T[j];
166		#endif
167
168		/* Wipe variables */
169		/* memset(W, 0, sizeof(W)); */
170		/* memset(T, 0, sizeof(T)); */
171	3.14M	}
172
173		#undef S0
174		#undef S1
175		#undef s0
176		#undef s1
177
178		void Sha256_Update(CSha256 p, const Byte data, size_t size)
179	57.2k	{
180	57.2k	if (size == 0)
181	2.01k	return;
182
183	55.2k	{
184	55.2k	unsigned pos = (unsigned)p->count & 0x3F;
185	55.2k	unsigned num;
186
187	55.2k	p->count += size;
188
189	55.2k	num = 64 - pos;
190	55.2k	if (num > size)
191	51.6k	{
192	51.6k	memcpy(p->buffer + pos, data, size);
193	51.6k	return;
194	51.6k	}
195
196	3.59k	size -= num;
197	3.59k	memcpy(p->buffer + pos, data, num);
198	3.59k	data += num;
199	3.59k	}
200
201	0	for (;;)
202	3.12M	{
203	3.12M	Sha256_WriteByteBlock(p);
204	3.12M	if (size < 64)
205	3.59k	break;
206	3.12M	size -= 64;
207	3.12M	memcpy(p->buffer, data, 64);
208	3.12M	data += 64;
209	3.12M	}
210
211	3.59k	if (size != 0)
212	1.84k	memcpy(p->buffer, data, size);
213	3.59k	}
214
215		void Sha256_Final(CSha256 p, Byte digest)
216	23.3k	{
217	23.3k	unsigned pos = (unsigned)p->count & 0x3F;
218	23.3k	unsigned i;
219
220	23.3k	p->buffer[pos++] = 0x80;
221
222	1.21M	while (pos != (64 - 8))
223	1.18M	{
224	1.18M	pos &= 0x3F;
225	1.18M	if (pos == 0)
226	221	Sha256_WriteByteBlock(p);
227	1.18M	p->buffer[pos++] = 0;
228	1.18M	}
229
230	23.3k	{
231	23.3k	UInt64 numBits = (p->count << 3);
232	23.3k	SetBe32(p->buffer + 64 - 8, (UInt32)(numBits >> 32));
233	23.3k	SetBe32(p->buffer + 64 - 4, (UInt32)(numBits));
234	23.3k	}
235
236	23.3k	Sha256_WriteByteBlock(p);
237
238	116k	for (i = 0; i < 8; i += 2)
239	93.3k	{
240	93.3k	UInt32 v0 = p->state[i];
241	93.3k	UInt32 v1 = p->state[i + 1];
242	93.3k	SetBe32(digest , v0);
243	93.3k	SetBe32(digest + 4, v1);
244	93.3k	digest += 8;
245	93.3k	}
246
247	23.3k	Sha256_Init(p);
248	23.3k	}