Commit 777debe1 authored by Niels Möller's avatar Niels Möller

(COMPRESS): New macro wrapping _nettle_sha256_compress.

(SHA256_INCR): Deleted macro.
(sha256_update): Use MD_UPDATE.
(sha256_final): Deleted function.
(sha256_write_digest): New function, replacing sha256_final, and
using MD_FINAL.
(sha256_digest): Use sha256_write_digest.
(sha224_digest): Likewise.

Rev: nettle/sha256.c:1.6
parent 5d125822
......@@ -62,6 +62,8 @@ K[64] =
0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL,
};
#define COMPRESS(digest, data) (_nettle_sha256_compress((digest), (data), K))
/* Initialize the SHA values */
void
......@@ -83,89 +85,22 @@ sha256_init(struct sha256_ctx *ctx)
ctx->index = 0;
}
#define SHA256_INCR(ctx) ((ctx)->count_high += !++(ctx)->count_low)
void
sha256_update(struct sha256_ctx *ctx,
unsigned length, const uint8_t *buffer)
unsigned length, const uint8_t *data)
{
if (ctx->index)
{ /* Try to fill partial block */
unsigned left = SHA256_DATA_SIZE - ctx->index;
if (length < left)
{
memcpy(ctx->block + ctx->index, buffer, length);
ctx->index += length;
return; /* Finished */
}
else
{
memcpy(ctx->block + ctx->index, buffer, left);
_nettle_sha256_compress(ctx->state, ctx->block, K);
SHA256_INCR(ctx);
buffer += left;
length -= left;
}
}
while (length >= SHA256_DATA_SIZE)
{
_nettle_sha256_compress(ctx->state, buffer, K);
SHA256_INCR(ctx);
buffer += SHA256_DATA_SIZE;
length -= SHA256_DATA_SIZE;
}
/* Buffer leftovers */
/* NOTE: The corresponding sha1 code checks for the special case length == 0.
* That seems supoptimal, as I suspect it increases the number of branches. */
memcpy(ctx->block, buffer, length);
ctx->index = length;
MD_UPDATE (ctx, length, data, COMPRESS);
}
/* Final wrapup - pad to SHA1_DATA_SIZE-byte boundary with the bit pattern
1 0* (64-bit count of bits processed, MSB-first) */
static void
sha256_final(struct sha256_ctx *ctx)
sha256_write_digest(struct sha256_ctx *ctx,
unsigned length,
uint8_t *digest)
{
uint32_t bitcount_high;
uint32_t bitcount_low;
int i;
i = ctx->index;
/* Set the first char of padding to 0x80. This is safe since there is
always at least one byte free */
assert(i < SHA256_DATA_SIZE);
ctx->block[i++] = 0x80;
if (i > (SHA1_DATA_SIZE - 8))
{ /* No room for length in this block. Process it and
* pad with another one */
memset(ctx->block + i, 0, SHA256_DATA_SIZE - i);
_nettle_sha256_compress(ctx->state, ctx->block, K);
i = 0;
}
if (i < (SHA256_DATA_SIZE - 8))
memset(ctx->block + i, 0, (SHA256_DATA_SIZE - 8) - i);
/* There are 512 = 2^9 bits in one block */
bitcount_high = (ctx->count_high << 9) | (ctx->count_low >> 23);
bitcount_low = (ctx->count_low << 9) | (ctx->index << 3);
/* This is slightly inefficient, as the numbers are converted to
big-endian format, and will be converted back by the compression
function. It's probably not worth the effort to fix this. */
WRITE_UINT32(ctx->block + (SHA256_DATA_SIZE - 8), bitcount_high);
WRITE_UINT32(ctx->block + (SHA256_DATA_SIZE - 4), bitcount_low);
assert(length <= SHA256_DIGEST_SIZE);
_nettle_sha256_compress(ctx->state, ctx->block, K);
MD_FINAL(ctx, 32, 9, COMPRESS, WRITE_UINT32);
_nettle_write_be32(length, digest, ctx->state);
}
void
......@@ -173,10 +108,7 @@ sha256_digest(struct sha256_ctx *ctx,
unsigned length,
uint8_t *digest)
{
assert(length <= SHA256_DIGEST_SIZE);
sha256_final(ctx);
_nettle_write_be32(length, digest, ctx->state);
sha256_write_digest(ctx, length, digest);
sha256_init(ctx);
}
......@@ -206,9 +138,6 @@ sha224_digest(struct sha256_ctx *ctx,
unsigned length,
uint8_t *digest)
{
assert(length <= SHA224_DIGEST_SIZE);
sha256_final(ctx);
_nettle_write_be32(length, digest, ctx->state);
sha256_write_digest(ctx, length, digest);
sha224_init(ctx);
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment