memset(CTX, 0, sizeof(gost2012_hash_ctx));
CTX->digest_size = digest_size;
+ /*
+ * IV for 512-bit hash should be 0^512
+ * IV for 256-bit hash should be (00000001)^64
+ *
+ * It's already zeroed when CTX is cleared above, so we only
+ * need to set it to 0x01-s for 256-bit hash.
+ */
if (digest_size == 256)
memset(&CTX->h, 0x01, sizeof(uint512_u));
- else
- memset(&CTX->h, 0x00, sizeof(uint512_u));
}
static INLINE void pad(gost2012_hash_ctx * CTX)
{
- unsigned char buf[64];
-
- if (CTX->bufsize > 63)
- return;
-
- memset(&buf, 0x00, sizeof buf);
- memcpy(&buf, CTX->buffer, CTX->bufsize);
+ memset(&(CTX->buffer.B[CTX->bufsize]), 0, sizeof(CTX->buffer) - CTX->bufsize);
+ CTX->buffer.B[CTX->bufsize] = 1;
- buf[CTX->bufsize] = 0x01;
- memcpy(CTX->buffer, &buf, sizeof buf);
}
-static INLINE void add512(const union uint512_u *x,
- const union uint512_u *y, union uint512_u *r)
+static INLINE void add512(union uint512_u * RESTRICT x,
+ const union uint512_u * RESTRICT y)
{
#ifndef __GOST3411_BIG_ENDIAN__
- unsigned int CF, OF;
- unsigned long long tmp;
+ unsigned int CF;
unsigned int i;
CF = 0;
- for (i = 0; i < 8; i++)
- {
- /* Detecting integer overflow condition for three numbers
- * in a portable way is tricky a little. */
-
- /* Step 1: numbers cause overflow */
- tmp = x->QWORD[i] + y->QWORD[i];
-
- /* Compare with any of two summands, no need to check both */
- if (tmp < x->QWORD[i])
- OF = 1;
- else
- OF = 0;
-
- /* Step 2: carry bit causes overflow */
- tmp += CF;
-
- if (CF > 0 && tmp == 0)
- OF = 1;
-
- CF = OF;
-
- r->QWORD[i] = tmp;
+ for (i = 0; i < 8; i++) {
+ const unsigned long long left = x->QWORD[i];
+ unsigned long long sum;
+
+ sum = left + y->QWORD[i] + CF;
+ /*
+ * (sum == left): is noop, because it's possible only
+ * when `left' is added with `0 + 0' or with `ULLONG_MAX + 1',
+ * in that case `CF' (carry) retain previous value, which is correct,
+ * because when `left + 0 + 0' there was no overflow (thus no carry),
+ * and when `left + ULLONG_MAX + 1' value is wrapped back to
+ * itself with overflow, thus creating carry.
+ *
+ * (sum != left):
+ * if `sum' is not wrapped (sum > left) there should not be carry,
+ * if `sum' is wrapped (sum < left) there should be carry.
+ */
+ if (sum != left)
+ CF = (sum < left);
+ x->QWORD[i] = sum;
}
#else
- const unsigned char *xp, *yp;
- unsigned char *rp;
+ const unsigned char *yp;
+ unsigned char *xp;
unsigned int i;
int buf;
- xp = (const unsigned char *)&x[0];
+ xp = (unsigned char *)&x[0];
yp = (const unsigned char *)&y[0];
- rp = (unsigned char *)&r[0];
buf = 0;
for (i = 0; i < 64; i++) {
buf = xp[i] + yp[i] + (buf >> 8);
- rp[i] = (unsigned char)buf & 0xFF;
+ xp[i] = (unsigned char)buf & 0xFF;
}
#endif
}
-static void g(union uint512_u *h, const union uint512_u *N,
- const unsigned char *m)
+static void g(union uint512_u *h, const union uint512_u * RESTRICT N,
+ const union uint512_u * RESTRICT m)
{
#ifdef __GOST3411_HAS_SSE2__
__m128i xmm0, xmm2, xmm4, xmm6; /* XMMR0-quadruple */
/* E() done */
X((&data), h, (&data));
- X((&data), ((const union uint512_u *)&m[0]), h);
+ X((&data), m, h);
#endif
}
-static INLINE void stage2(gost2012_hash_ctx * CTX, const unsigned char *data)
+static INLINE void stage2(gost2012_hash_ctx * CTX, const union uint512_u *data)
{
- union uint512_u m;
+ g(&(CTX->h), &(CTX->N), data);
- memcpy(&m, data, sizeof(m));
- g(&(CTX->h), &(CTX->N), (const unsigned char *)&m);
-
- add512(&(CTX->N), &buffer512, &(CTX->N));
- add512(&(CTX->Sigma), &m, &(CTX->Sigma));
+ add512(&(CTX->N), &buffer512);
+ add512(&(CTX->Sigma), data);
}
static INLINE void stage3(gost2012_hash_ctx * CTX)
pad(CTX);
- g(&(CTX->h), &(CTX->N), (const unsigned char *)&(CTX->buffer));
+ g(&(CTX->h), &(CTX->N), &(CTX->buffer));
- add512(&(CTX->N), &buf, &(CTX->N));
- add512(&(CTX->Sigma), (const union uint512_u *)&CTX->buffer[0],
- &(CTX->Sigma));
+ add512(&(CTX->N), &buf);
+ add512(&(CTX->Sigma), &CTX->buffer);
- g(&(CTX->h), &buffer0, (const unsigned char *)&(CTX->N));
+ g(&(CTX->h), &buffer0, &(CTX->N));
- g(&(CTX->h), &buffer0, (const unsigned char *)&(CTX->Sigma));
- memcpy(&(CTX->hash), &(CTX->h), sizeof(uint512_u));
+ g(&(CTX->h), &buffer0, &(CTX->Sigma));
}
/*
void gost2012_hash_block(gost2012_hash_ctx * CTX,
const unsigned char *data, size_t len)
{
- size_t chunksize;
-
- while (len > 63 && CTX->bufsize == 0) {
- stage2(CTX, data);
-
- data += 64;
- len -= 64;
+ register size_t chunksize;
+ register size_t bufsize = CTX->bufsize;
+
+ if (bufsize == 0) {
+ while (len >= 64) {
+ memcpy(&CTX->buffer.B[0], data, 64);
+ stage2(CTX, &(CTX->buffer));
+ data += 64;
+ len -= 64;
+ }
}
while (len) {
- chunksize = 64 - CTX->bufsize;
+ chunksize = 64 - bufsize;
if (chunksize > len)
chunksize = len;
- memcpy(&CTX->buffer[CTX->bufsize], data, chunksize);
+ memcpy(&CTX->buffer.B[bufsize], data, chunksize);
- CTX->bufsize += chunksize;
+ bufsize += chunksize;
len -= chunksize;
data += chunksize;
- if (CTX->bufsize == 64) {
- stage2(CTX, CTX->buffer);
-
- CTX->bufsize = 0;
+ if (bufsize == 64) {
+ stage2(CTX, &(CTX->buffer) );
+ bufsize = 0;
}
}
+ CTX->bufsize = bufsize;
}
/*
CTX->bufsize = 0;
if (CTX->digest_size == 256)
- memcpy(digest, &(CTX->hash.QWORD[4]), 32);
+ memcpy(digest, &(CTX->h.QWORD[4]), 32);
else
- memcpy(digest, &(CTX->hash.QWORD[0]), 64);
+ memcpy(digest, &(CTX->h.QWORD[0]), 64);
}
projects / openssl-gost / engine.git / blobdiff