Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity

gh-99108: Refresh HACL*; update modules accordingly; fix namespacing (GH-117237) 

Pulls in a new update from https://github.com/hacl-star/hacl-star and fixes our C "namespacing" done by `Modules/_hacl/refresh.sh`.
This commit is contained in:
Jonathan Protzenko 2024-03-25 17:35:26 -07:00 committed by GitHub
parent 8945b7ff55
commit 872e212378
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
23 changed files with 1603 additions and 1843 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Misc/NEWS.d/next/Core and Builtins/2024-03-25-17-04-54.gh-issue-99108.8bjdO6.rst Normal file
View File

@ -0,0 +1,6 @@
Updated the :mod:`hashlib` built-in `HACL\* project`_ C code from upstream
that we use for many implementations when they are not present via OpenSSL
in a given build. This also avoids the rare potential for a C symbol name
one definition rule linking issue.
.. _HACL\* project: https://github.com/hacl-star/hacl-star

64
Misc/sbom.spdx.json generated
View File

@ -300,11 +300,11 @@
"checksums": [
{
"algorithm": "SHA1",
"checksumValue": "f77449b2b4eb99f1da0938633cc558baf9c444fb"
"checksumValue": "f8ba39b46ebdfa7d031d9c33130c6ded680a8120"
},
{
"algorithm": "SHA256",
"checksumValue": "0f252967debca5b35362ca53951ea16ca8bb97a19a1d24f6695f44d50010859e"
"checksumValue": "f71cf6a0e8f09354c2af2c785a1d36e0cba7613a589be01ca8a3d8478f4c8874"
}
],
"fileName": "Modules/_hacl/Hacl_Hash_MD5.c"
@ -314,11 +314,11 @@
"checksums": [
{
"algorithm": "SHA1",
"checksumValue": "c24e6779a91c840f3d65d24abbce225b608b676e"
"checksumValue": "eaaab54cea2b0bb8ec0eedf0b373d42f1a0f8f6c"
},
{
"algorithm": "SHA256",
"checksumValue": "9cd062e782801013e3cacaba583e44e1b5e682e217d20208d5323354d42011f1"
"checksumValue": "9a02e2a6e163515ea0228a859d5e55c1f57b11fae5908c42f9f9814ce9bca230"
}
],
"fileName": "Modules/_hacl/Hacl_Hash_MD5.h"
@ -328,11 +328,11 @@
"checksums": [
{
"algorithm": "SHA1",
"checksumValue": "560f6ff541b5eff480ea047b147f4212bb0db7ed"
"checksumValue": "f4f42faf8da78a230199f649c0f2a1b865799a31"
},
{
"algorithm": "SHA256",
"checksumValue": "0ade3ab264e912d7b4e5cdcf773db8c63e4440540d295922d74b06bcfc74c77a"
"checksumValue": "5b29bd9951646861e0e19427be5d923a5bab7a4516824ccc068f696469195eec"
}
],
"fileName": "Modules/_hacl/Hacl_Hash_SHA1.c"
@ -342,11 +342,11 @@
"checksums": [
{
"algorithm": "SHA1",
"checksumValue": "853b77d45379146faaeac5fe899b28db386ad13c"
"checksumValue": "722b57139737ceeb88e41d3839e6f7d70578741b"
},
{
"algorithm": "SHA256",
"checksumValue": "b13eb14f91582703819235ea7c8f807bb93e4f1e6b695499dc1d86021dc39e72"
"checksumValue": "5640295c790d56b1b4df147d6a6c58803b1845cd7d93365bf7cc7b75ba3cacd5"
}
],
"fileName": "Modules/_hacl/Hacl_Hash_SHA1.h"
@ -356,11 +356,11 @@
"checksums": [
{
"algorithm": "SHA1",
"checksumValue": "667120b6100c946cdaa442f1173c723339923071"
"checksumValue": "f2aa3ed6acce621c162bc3a0592780ce5aa3bc4d"
},
{
"algorithm": "SHA256",
"checksumValue": "b189459b863341a3a9c5c78c0208b6554a2f2ac26e0748fbd4432a91db21fae6"
"checksumValue": "30638efb75c8b185bb09c3df6977e3f3c5d21a1e696218cf7ade6bc4d5201b31"
}
],
"fileName": "Modules/_hacl/Hacl_Hash_SHA2.c"
@ -370,11 +370,11 @@
"checksums": [
{
"algorithm": "SHA1",
"checksumValue": "81db38b0b920e63ec33c7109d1144c35cf091da0"
"checksumValue": "4903e10291d07367be3bc283935bc52926e57ba1"
},
{
"algorithm": "SHA256",
"checksumValue": "631c9ba19c1c2c835bb63d3f2f22b8d76fb535edfed3c254ff2a52f12af3fe61"
"checksumValue": "093d7693084af0999d2a13d207311d74b5bdfdc9c08447ed4a979e3f7505ae6b"
}
],
"fileName": "Modules/_hacl/Hacl_Hash_SHA2.h"
@ -384,11 +384,11 @@
"checksums": [
{
"algorithm": "SHA1",
"checksumValue": "9c832b98a2f2a68202d2da016fb718965d7b7602"
"checksumValue": "66644fd3325c414fef7d985536bb477c849c8f9a"
},
{
"algorithm": "SHA256",
"checksumValue": "38d350d1184238966cfa821a59ae00343f362182b6c2fbea7f2651763d757fb7"
"checksumValue": "17c0db96d40d1849f02546d5f55428fa89b61b07748d5b5df45cec25c5f29c0f"
}
],
"fileName": "Modules/_hacl/Hacl_Hash_SHA3.c"
@ -398,11 +398,11 @@
"checksums": [
{
"algorithm": "SHA1",
"checksumValue": "ecc766fb6f7ee85e902b593b61b41e5a728fca34"
"checksumValue": "580e9a73813281e99a98871380b3726576295a96"
},
{
"algorithm": "SHA256",
"checksumValue": "bae290a94366a2460f51e8468144baaade91d9048db111e10d2e2ffddc3f98cf"
"checksumValue": "d8d4d14bbc3a561a4e590d9b18b326e6a8095efb12423edbd949cf3c00953621"
}
],
"fileName": "Modules/_hacl/Hacl_Hash_SHA3.h"
@ -426,11 +426,11 @@
"checksums": [
{
"algorithm": "SHA1",
"checksumValue": "2ea61d6a236147462045f65c20311819d74db80c"
"checksumValue": "12c0c680c93b8112b97cc575faacbb3cbbd315b1"
},
{
"algorithm": "SHA256",
"checksumValue": "2c22b4d49ba06d6a3053cdc66405bd5ae953a28fcfed1ab164e8f5e0f6e2fb8b"
"checksumValue": "455e94f24a0900deda7e6e36f4714e4253d32cea077f97e23f90c569a717bc48"
}
],
"fileName": "Modules/_hacl/include/krml/FStar_UInt128_Verified.h"
@ -440,11 +440,11 @@
"checksums": [
{
"algorithm": "SHA1",
"checksumValue": "1a647d841180ac8ca667afa968c353425e81ad0d"
"checksumValue": "62b44acbbdc77b749c36c242cda027bacf7679f8"
},
{
"algorithm": "SHA256",
"checksumValue": "e5d1c5854833bec7ea02e227ec35bd7b49c5fb9e0f339efa0dd83e1595f722d4"
"checksumValue": "65decdb74c24049aa19430462a51219250cfc65d8c162778e42df88b3142fa42"
}
],
"fileName": "Modules/_hacl/include/krml/FStar_UInt_8_16_32_64.h"
@ -468,11 +468,11 @@
"checksums": [
{
"algorithm": "SHA1",
"checksumValue": "903c9eb76b01f3a95c04c3bc841c2fb71dea5403"
"checksumValue": "ba64394679643c6d4ceaf6bd2616d48d12f996a7"
},
{
"algorithm": "SHA256",
"checksumValue": "08ec602c7f90a1540389c0cfc95769fa7fec251e7ca143ef83c0b9f7afcf89a7"
"checksumValue": "d16a59f37a1d4982626870e370889eb9d332a9ad035661b8062f549fc734d061"
}
],
"fileName": "Modules/_hacl/include/krml/internal/target.h"
@ -510,11 +510,11 @@
"checksums": [
{
"algorithm": "SHA1",
"checksumValue": "5dd4ee3c835a0d176a6e9fecbe9752fd1474ff41"
"checksumValue": "60f02d21f045c8a4c2b6b84a8f7e023d9490c8e5"
},
{
"algorithm": "SHA256",
"checksumValue": "d82ef594cba44203576d67b047240316bb3c542912ebb7034afa1e07888cec56"
"checksumValue": "370d8ef9c48cb55472ece11e12eaf94c58118de3f5515b6df1c130b696597828"
}
],
"fileName": "Modules/_hacl/internal/Hacl_Hash_MD5.h"
@ -524,11 +524,11 @@
"checksums": [
{
"algorithm": "SHA1",
"checksumValue": "515b3082eb7c30597773e1c63ec46688f6da3634"
"checksumValue": "6346c30a140e7d3010c98fe19d14fa229a54eb16"
},
{
"algorithm": "SHA256",
"checksumValue": "10aacf847006b8e0dfb64d5c327443f954db6718b4aec712fb3268230df6a752"
"checksumValue": "ab52c6092bdbbfc9884f841bf4824016792ffa96167577cbe0df00dd96f56a34"
}
],
"fileName": "Modules/_hacl/internal/Hacl_Hash_SHA1.h"
@ -538,11 +538,11 @@
"checksums": [
{
"algorithm": "SHA1",
"checksumValue": "a044ec12b70ba97b67e9a312827d6270452a20ca"
"checksumValue": "0018e084339058dd454b4e49d10d236b4f896bf8"
},
{
"algorithm": "SHA256",
"checksumValue": "a1426b54fa7273ba5b50817c25b2b26fc85c4d1befb14092cd27dc4c99439463"
"checksumValue": "10e959a92b3288a6165a404c8fae2bbcd7fb00a9abbae2b7809fa55d6fe9068d"
}
],
"fileName": "Modules/_hacl/internal/Hacl_Hash_SHA2.h"
@ -552,11 +552,11 @@
"checksums": [
{
"algorithm": "SHA1",
"checksumValue": "cfb7b520c39a73cb84c541d370455f92b998781f"
"checksumValue": "eae8a5226bf993f07584cf4c0d269022328cf3d4"
},
{
"algorithm": "SHA256",
"checksumValue": "fd41997f9e96b3c9a3337b1b51fab965a1e21b0c16f353d156f1a1fa00709fbf"
"checksumValue": "6853125de10d0f605e9bc3a3dbbd7254713709e9893cc3f69929ea8d3f254934"
}
],
"fileName": "Modules/_hacl/internal/Hacl_Hash_SHA3.h"
@ -566,11 +566,11 @@
"checksums": [
{
"algorithm": "SHA1",
"checksumValue": "f5c7b3ed911af6c8d582e8b3714b0c36195dc994"
"checksumValue": "d8063060cc707a7ac70108a15934d33e7b448db6"
},
{
"algorithm": "SHA256",
"checksumValue": "07de72398b12957e014e97b9ac197bceef12d6d6505c2bfe8b23ee17b94ec5fa"
"checksumValue": "347dfdf856ed1e584d124d6709b51267598ea5b37c1a2e03beeb358c978beada"
}
],
"fileName": "Modules/_hacl/python_hacl_namespaces.h"

688
Modules/_hacl/Hacl_Hash_MD5.c
View File

File diff suppressed because it is too large Load Diff

17
Modules/_hacl/Hacl_Hash_MD5.h
View File

@ -31,31 +31,32 @@ extern "C" {
#endif
#include <string.h>
#include "python_hacl_namespaces.h"
#include "krml/types.h"
#include "krml/lowstar_endianness.h"
#include "krml/internal/target.h"
#include "Hacl_Streaming_Types.h"
typedef Hacl_Streaming_MD_state_32 Hacl_Streaming_MD5_state;
typedef Hacl_Streaming_MD_state_32 Hacl_Hash_MD5_state_t;
Hacl_Streaming_MD_state_32 *Hacl_Streaming_MD5_legacy_create_in(void);
Hacl_Streaming_MD_state_32 *Hacl_Hash_MD5_malloc(void);
void Hacl_Streaming_MD5_legacy_init(Hacl_Streaming_MD_state_32 *s);
void Hacl_Hash_MD5_reset(Hacl_Streaming_MD_state_32 *state);
/**
0 = success, 1 = max length exceeded
*/
Hacl_Streaming_Types_error_code
Hacl_Streaming_MD5_legacy_update(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len);
Hacl_Hash_MD5_update(Hacl_Streaming_MD_state_32 *state, uint8_t *chunk, uint32_t chunk_len);
void Hacl_Streaming_MD5_legacy_finish(Hacl_Streaming_MD_state_32 *p, uint8_t *dst);
void Hacl_Hash_MD5_digest(Hacl_Streaming_MD_state_32 *state, uint8_t *output);
void Hacl_Streaming_MD5_legacy_free(Hacl_Streaming_MD_state_32 *s);
void Hacl_Hash_MD5_free(Hacl_Streaming_MD_state_32 *state);
Hacl_Streaming_MD_state_32 *Hacl_Streaming_MD5_legacy_copy(Hacl_Streaming_MD_state_32 *s0);
Hacl_Streaming_MD_state_32 *Hacl_Hash_MD5_copy(Hacl_Streaming_MD_state_32 *state);
void Hacl_Streaming_MD5_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst);
void Hacl_Hash_MD5_hash(uint8_t *output, uint8_t *input, uint32_t input_len);
#if defined(__cplusplus)
}

339
Modules/_hacl/Hacl_Hash_SHA1.c
View File

@ -25,19 +25,14 @@
#include "internal/Hacl_Hash_SHA1.h"
static uint32_t
_h0[5U] =
{
(uint32_t)0x67452301U, (uint32_t)0xefcdab89U, (uint32_t)0x98badcfeU, (uint32_t)0x10325476U,
(uint32_t)0xc3d2e1f0U
};
static uint32_t _h0[5U] = { 0x67452301U, 0xefcdab89U, 0x98badcfeU, 0x10325476U, 0xc3d2e1f0U };
void Hacl_Hash_Core_SHA1_legacy_init(uint32_t *s)
void Hacl_Hash_SHA1_init(uint32_t *s)
{
KRML_MAYBE_FOR5(i, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, s[i] = _h0[i];);
KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i] = _h0[i];);
}
static void legacy_update(uint32_t *h, uint8_t *l)
static void update(uint32_t *h, uint8_t *l)
{
uint32_t ha = h[0U];
uint32_t hb = h[1U];
@ -45,29 +40,26 @@ static void legacy_update(uint32_t *h, uint8_t *l)
uint32_t hd = h[3U];
uint32_t he = h[4U];
uint32_t _w[80U] = { 0U };
for (uint32_t i = (uint32_t)0U; i < (uint32_t)80U; i++)
for (uint32_t i = 0U; i < 80U; i++)
{
uint32_t v;
if (i < (uint32_t)16U)
if (i < 16U)
{
uint8_t *b = l + i * (uint32_t)4U;
uint8_t *b = l + i * 4U;
uint32_t u = load32_be(b);
v = u;
}
else
{
uint32_t wmit3 = _w[i - (uint32_t)3U];
uint32_t wmit8 = _w[i - (uint32_t)8U];
uint32_t wmit14 = _w[i - (uint32_t)14U];
uint32_t wmit16 = _w[i - (uint32_t)16U];
v =
(wmit3 ^ (wmit8 ^ (wmit14 ^ wmit16)))
<< (uint32_t)1U
| (wmit3 ^ (wmit8 ^ (wmit14 ^ wmit16))) >> (uint32_t)31U;
uint32_t wmit3 = _w[i - 3U];
uint32_t wmit8 = _w[i - 8U];
uint32_t wmit14 = _w[i - 14U];
uint32_t wmit16 = _w[i - 16U];
v = (wmit3 ^ (wmit8 ^ (wmit14 ^ wmit16))) << 1U | (wmit3 ^ (wmit8 ^ (wmit14 ^ wmit16))) >> 31U;
}
_w[i] = v;
}
for (uint32_t i = (uint32_t)0U; i < (uint32_t)80U; i++)
for (uint32_t i = 0U; i < 80U; i++)
{
uint32_t _a = h[0U];
uint32_t _b = h[1U];
@ -76,11 +68,11 @@ static void legacy_update(uint32_t *h, uint8_t *l)
uint32_t _e = h[4U];
uint32_t wmit = _w[i];
uint32_t ite0;
if (i < (uint32_t)20U)
if (i < 20U)
{
ite0 = (_b & _c) ^ (~_b & _d);
}
else if ((uint32_t)39U < i && i < (uint32_t)60U)
else if (39U < i && i < 60U)
{
ite0 = (_b & _c) ^ ((_b & _d) ^ (_c & _d));
}
@ -89,32 +81,32 @@ static void legacy_update(uint32_t *h, uint8_t *l)
ite0 = _b ^ (_c ^ _d);
}
uint32_t ite;
if (i < (uint32_t)20U)
if (i < 20U)
{
ite = (uint32_t)0x5a827999U;
ite = 0x5a827999U;
}
else if (i < (uint32_t)40U)
else if (i < 40U)
{
ite = (uint32_t)0x6ed9eba1U;
ite = 0x6ed9eba1U;
}
else if (i < (uint32_t)60U)
else if (i < 60U)
{
ite = (uint32_t)0x8f1bbcdcU;
ite = 0x8f1bbcdcU;
}
else
{
ite = (uint32_t)0xca62c1d6U;
ite = 0xca62c1d6U;
}
uint32_t _T = (_a << (uint32_t)5U | _a >> (uint32_t)27U) + ite0 + _e + ite + wmit;
uint32_t _T = (_a << 5U | _a >> 27U) + ite0 + _e + ite + wmit;
h[0U] = _T;
h[1U] = _a;
h[2U] = _b << (uint32_t)30U | _b >> (uint32_t)2U;
h[2U] = _b << 30U | _b >> 2U;
h[3U] = _c;
h[4U] = _d;
}
for (uint32_t i = (uint32_t)0U; i < (uint32_t)80U; i++)
for (uint32_t i = 0U; i < 80U; i++)
{
_w[i] = (uint32_t)0U;
_w[i] = 0U;
}
uint32_t sta = h[0U];
uint32_t stb = h[1U];
@ -128,101 +120,69 @@ static void legacy_update(uint32_t *h, uint8_t *l)
h[4U] = ste + he;
}
static void legacy_pad(uint64_t len, uint8_t *dst)
static void pad(uint64_t len, uint8_t *dst)
{
uint8_t *dst1 = dst;
dst1[0U] = (uint8_t)0x80U;
uint8_t *dst2 = dst + (uint32_t)1U;
for
(uint32_t
i = (uint32_t)0U;
i
< ((uint32_t)128U - ((uint32_t)9U + (uint32_t)(len % (uint64_t)(uint32_t)64U))) % (uint32_t)64U;
i++)
dst1[0U] = 0x80U;
uint8_t *dst2 = dst + 1U;
for (uint32_t i = 0U; i < (128U - (9U + (uint32_t)(len % (uint64_t)64U))) % 64U; i++)
{
dst2[i] = (uint8_t)0U;
dst2[i] = 0U;
}
uint8_t
*dst3 =
dst
+
(uint32_t)1U
+
((uint32_t)128U - ((uint32_t)9U + (uint32_t)(len % (uint64_t)(uint32_t)64U)))
% (uint32_t)64U;
store64_be(dst3, len << (uint32_t)3U);
uint8_t *dst3 = dst + 1U + (128U - (9U + (uint32_t)(len % (uint64_t)64U))) % 64U;
store64_be(dst3, len << 3U);
}
void Hacl_Hash_Core_SHA1_legacy_finish(uint32_t *s, uint8_t *dst)
void Hacl_Hash_SHA1_finish(uint32_t *s, uint8_t *dst)
{
KRML_MAYBE_FOR5(i,
(uint32_t)0U,
(uint32_t)5U,
(uint32_t)1U,
store32_be(dst + i * (uint32_t)4U, s[i]););
KRML_MAYBE_FOR5(i, 0U, 5U, 1U, store32_be(dst + i * 4U, s[i]););
}
void Hacl_Hash_SHA1_legacy_update_multi(uint32_t *s, uint8_t *blocks, uint32_t n_blocks)
void Hacl_Hash_SHA1_update_multi(uint32_t *s, uint8_t *blocks, uint32_t n_blocks)
{
for (uint32_t i = (uint32_t)0U; i < n_blocks; i++)
for (uint32_t i = 0U; i < n_blocks; i++)
{
uint32_t sz = (uint32_t)64U;
uint32_t sz = 64U;
uint8_t *block = blocks + sz * i;
legacy_update(s, block);
update(s, block);
}
}
void
Hacl_Hash_SHA1_legacy_update_last(
uint32_t *s,
uint64_t prev_len,
uint8_t *input,
uint32_t input_len
)
Hacl_Hash_SHA1_update_last(uint32_t *s, uint64_t prev_len, uint8_t *input, uint32_t input_len)
{
uint32_t blocks_n = input_len / (uint32_t)64U;
uint32_t blocks_len = blocks_n * (uint32_t)64U;
uint32_t blocks_n = input_len / 64U;
uint32_t blocks_len = blocks_n * 64U;
uint8_t *blocks = input;
uint32_t rest_len = input_len - blocks_len;
uint8_t *rest = input + blocks_len;
Hacl_Hash_SHA1_legacy_update_multi(s, blocks, blocks_n);
Hacl_Hash_SHA1_update_multi(s, blocks, blocks_n);
uint64_t total_input_len = prev_len + (uint64_t)input_len;
uint32_t
pad_len =
(uint32_t)1U
+
((uint32_t)128U - ((uint32_t)9U + (uint32_t)(total_input_len % (uint64_t)(uint32_t)64U)))
% (uint32_t)64U
+ (uint32_t)8U;
uint32_t pad_len = 1U + (128U - (9U + (uint32_t)(total_input_len % (uint64_t)64U))) % 64U + 8U;
uint32_t tmp_len = rest_len + pad_len;
uint8_t tmp_twoblocks[128U] = { 0U };
uint8_t *tmp = tmp_twoblocks;
uint8_t *tmp_rest = tmp;
uint8_t *tmp_pad = tmp + rest_len;
memcpy(tmp_rest, rest, rest_len * sizeof (uint8_t));
legacy_pad(total_input_len, tmp_pad);
Hacl_Hash_SHA1_legacy_update_multi(s, tmp, tmp_len / (uint32_t)64U);
pad(total_input_len, tmp_pad);
Hacl_Hash_SHA1_update_multi(s, tmp, tmp_len / 64U);
}
void Hacl_Hash_SHA1_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst)
void Hacl_Hash_SHA1_hash_oneshot(uint8_t *output, uint8_t *input, uint32_t input_len)
{
uint32_t
s[5U] =
{
(uint32_t)0x67452301U, (uint32_t)0xefcdab89U, (uint32_t)0x98badcfeU, (uint32_t)0x10325476U,
(uint32_t)0xc3d2e1f0U
};
uint32_t blocks_n0 = input_len / (uint32_t)64U;
uint32_t s[5U] = { 0x67452301U, 0xefcdab89U, 0x98badcfeU, 0x10325476U, 0xc3d2e1f0U };
uint32_t blocks_n0 = input_len / 64U;
uint32_t blocks_n1;
if (input_len % (uint32_t)64U == (uint32_t)0U && blocks_n0 > (uint32_t)0U)
if (input_len % 64U == 0U && blocks_n0 > 0U)
{
blocks_n1 = blocks_n0 - (uint32_t)1U;
blocks_n1 = blocks_n0 - 1U;
}
else
{
blocks_n1 = blocks_n0;
}
uint32_t blocks_len0 = blocks_n1 * (uint32_t)64U;
uint32_t blocks_len0 = blocks_n1 * 64U;
uint8_t *blocks0 = input;
uint32_t rest_len0 = input_len - blocks_len0;
uint8_t *rest0 = input + blocks_len0;
@ -231,75 +191,75 @@ void Hacl_Hash_SHA1_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst
uint8_t *blocks = blocks0;
uint32_t rest_len = rest_len0;
uint8_t *rest = rest0;
Hacl_Hash_SHA1_legacy_update_multi(s, blocks, blocks_n);
Hacl_Hash_SHA1_legacy_update_last(s, (uint64_t)blocks_len, rest, rest_len);
Hacl_Hash_Core_SHA1_legacy_finish(s, dst);
Hacl_Hash_SHA1_update_multi(s, blocks, blocks_n);
Hacl_Hash_SHA1_update_last(s, (uint64_t)blocks_len, rest, rest_len);
Hacl_Hash_SHA1_finish(s, output);
}
Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA1_legacy_create_in(void)
Hacl_Streaming_MD_state_32 *Hacl_Hash_SHA1_malloc(void)
{
uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint8_t));
uint32_t *block_state = (uint32_t *)KRML_HOST_CALLOC((uint32_t)5U, sizeof (uint32_t));
uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(64U, sizeof (uint8_t));
uint32_t *block_state = (uint32_t *)KRML_HOST_CALLOC(5U, sizeof (uint32_t));
Hacl_Streaming_MD_state_32
s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
Hacl_Streaming_MD_state_32
*p = (Hacl_Streaming_MD_state_32 *)KRML_HOST_MALLOC(sizeof (Hacl_Streaming_MD_state_32));
p[0U] = s;
Hacl_Hash_Core_SHA1_legacy_init(block_state);
Hacl_Hash_SHA1_init(block_state);
return p;
}
void Hacl_Streaming_SHA1_legacy_init(Hacl_Streaming_MD_state_32 *s)
void Hacl_Hash_SHA1_reset(Hacl_Streaming_MD_state_32 *state)
{
Hacl_Streaming_MD_state_32 scrut = *s;
Hacl_Streaming_MD_state_32 scrut = *state;
uint8_t *buf = scrut.buf;
uint32_t *block_state = scrut.block_state;
Hacl_Hash_Core_SHA1_legacy_init(block_state);
Hacl_Hash_SHA1_init(block_state);
Hacl_Streaming_MD_state_32
tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
s[0U] = tmp;
tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
state[0U] = tmp;
}
/**
0 = success, 1 = max length exceeded
*/
Hacl_Streaming_Types_error_code
Hacl_Streaming_SHA1_legacy_update(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len)
Hacl_Hash_SHA1_update(Hacl_Streaming_MD_state_32 *state, uint8_t *chunk, uint32_t chunk_len)
{
Hacl_Streaming_MD_state_32 s = *p;
Hacl_Streaming_MD_state_32 s = *state;
uint64_t total_len = s.total_len;
if ((uint64_t)len > (uint64_t)2305843009213693951U - total_len)
if ((uint64_t)chunk_len > 2305843009213693951ULL - total_len)
{
return Hacl_Streaming_Types_MaximumLengthExceeded;
}
uint32_t sz;
if (total_len % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len > (uint64_t)0U)
if (total_len % (uint64_t)64U == 0ULL && total_len > 0ULL)
{
sz = (uint32_t)64U;
sz = 64U;
}
else
{
sz = (uint32_t)(total_len % (uint64_t)(uint32_t)64U);
sz = (uint32_t)(total_len % (uint64_t)64U);
}
if (len <= (uint32_t)64U - sz)
if (chunk_len <= 64U - sz)
{
Hacl_Streaming_MD_state_32 s1 = *p;
Hacl_Streaming_MD_state_32 s1 = *state;
uint32_t *block_state1 = s1.block_state;
uint8_t *buf = s1.buf;
uint64_t total_len1 = s1.total_len;
uint32_t sz1;
if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
{
sz1 = (uint32_t)64U;
sz1 = 64U;
}
else
{
sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
}
uint8_t *buf2 = buf + sz1;
memcpy(buf2, data, len * sizeof (uint8_t));
uint64_t total_len2 = total_len1 + (uint64_t)len;
*p
memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
*state
=
(
(Hacl_Streaming_MD_state_32){
@ -309,74 +269,74 @@ Hacl_Streaming_SHA1_legacy_update(Hacl_Streaming_MD_state_32 *p, uint8_t *data,
}
);
}
else if (sz == (uint32_t)0U)
else if (sz == 0U)
{
Hacl_Streaming_MD_state_32 s1 = *p;
Hacl_Streaming_MD_state_32 s1 = *state;
uint32_t *block_state1 = s1.block_state;
uint8_t *buf = s1.buf;
uint64_t total_len1 = s1.total_len;
uint32_t sz1;
if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
{
sz1 = (uint32_t)64U;
sz1 = 64U;
}
else
{
sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
}
if (!(sz1 == (uint32_t)0U))
if (!(sz1 == 0U))
{
Hacl_Hash_SHA1_legacy_update_multi(block_state1, buf, (uint32_t)1U);
Hacl_Hash_SHA1_update_multi(block_state1, buf, 1U);
}
uint32_t ite;
if ((uint64_t)len % (uint64_t)(uint32_t)64U == (uint64_t)0U && (uint64_t)len > (uint64_t)0U)
if ((uint64_t)chunk_len % (uint64_t)64U == 0ULL && (uint64_t)chunk_len > 0ULL)
{
ite = (uint32_t)64U;
ite = 64U;
}
else
{
ite = (uint32_t)((uint64_t)len % (uint64_t)(uint32_t)64U);
ite = (uint32_t)((uint64_t)chunk_len % (uint64_t)64U);
}
uint32_t n_blocks = (len - ite) / (uint32_t)64U;
uint32_t data1_len = n_blocks * (uint32_t)64U;
uint32_t data2_len = len - data1_len;
uint8_t *data1 = data;
uint8_t *data2 = data + data1_len;
Hacl_Hash_SHA1_legacy_update_multi(block_state1, data1, data1_len / (uint32_t)64U);
uint32_t n_blocks = (chunk_len - ite) / 64U;
uint32_t data1_len = n_blocks * 64U;
uint32_t data2_len = chunk_len - data1_len;
uint8_t *data1 = chunk;
uint8_t *data2 = chunk + data1_len;
Hacl_Hash_SHA1_update_multi(block_state1, data1, data1_len / 64U);
uint8_t *dst = buf;
memcpy(dst, data2, data2_len * sizeof (uint8_t));
*p
*state
=
(
(Hacl_Streaming_MD_state_32){
.block_state = block_state1,
.buf = buf,
.total_len = total_len1 + (uint64_t)len
.total_len = total_len1 + (uint64_t)chunk_len
}
);
}
else
{
uint32_t diff = (uint32_t)64U - sz;
uint8_t *data1 = data;
uint8_t *data2 = data + diff;
Hacl_Streaming_MD_state_32 s1 = *p;
uint32_t diff = 64U - sz;
uint8_t *chunk1 = chunk;
uint8_t *chunk2 = chunk + diff;
Hacl_Streaming_MD_state_32 s1 = *state;
uint32_t *block_state10 = s1.block_state;
uint8_t *buf0 = s1.buf;
uint64_t total_len10 = s1.total_len;
uint32_t sz10;
if (total_len10 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len10 > (uint64_t)0U)
if (total_len10 % (uint64_t)64U == 0ULL && total_len10 > 0ULL)
{
sz10 = (uint32_t)64U;
sz10 = 64U;
}
else
{
sz10 = (uint32_t)(total_len10 % (uint64_t)(uint32_t)64U);
sz10 = (uint32_t)(total_len10 % (uint64_t)64U);
}
uint8_t *buf2 = buf0 + sz10;
memcpy(buf2, data1, diff * sizeof (uint8_t));
memcpy(buf2, chunk1, diff * sizeof (uint8_t));
uint64_t total_len2 = total_len10 + (uint64_t)diff;
*p
*state
=
(
(Hacl_Streaming_MD_state_32){
@ -385,114 +345,109 @@ Hacl_Streaming_SHA1_legacy_update(Hacl_Streaming_MD_state_32 *p, uint8_t *data,
.total_len = total_len2
}
);
Hacl_Streaming_MD_state_32 s10 = *p;
Hacl_Streaming_MD_state_32 s10 = *state;
uint32_t *block_state1 = s10.block_state;
uint8_t *buf = s10.buf;
uint64_t total_len1 = s10.total_len;
uint32_t sz1;
if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
if (total_len1 % (uint64_t)64U == 0ULL && total_len1 > 0ULL)
{
sz1 = (uint32_t)64U;
sz1 = 64U;
}
else
{
sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
sz1 = (uint32_t)(total_len1 % (uint64_t)64U);
}
if (!(sz1 == (uint32_t)0U))
if (!(sz1 == 0U))
{
Hacl_Hash_SHA1_legacy_update_multi(block_state1, buf, (uint32_t)1U);
Hacl_Hash_SHA1_update_multi(block_state1, buf, 1U);
}
uint32_t ite;
if
(
(uint64_t)(len - diff)
% (uint64_t)(uint32_t)64U
== (uint64_t)0U
&& (uint64_t)(len - diff) > (uint64_t)0U
)
((uint64_t)(chunk_len - diff) % (uint64_t)64U == 0ULL && (uint64_t)(chunk_len - diff) > 0ULL)
{
ite = (uint32_t)64U;
ite = 64U;
}
else
{
ite = (uint32_t)((uint64_t)(len - diff) % (uint64_t)(uint32_t)64U);
ite = (uint32_t)((uint64_t)(chunk_len - diff) % (uint64_t)64U);
}
uint32_t n_blocks = (len - diff - ite) / (uint32_t)64U;
uint32_t data1_len = n_blocks * (uint32_t)64U;
uint32_t data2_len = len - diff - data1_len;
uint8_t *data11 = data2;
uint8_t *data21 = data2 + data1_len;
Hacl_Hash_SHA1_legacy_update_multi(block_state1, data11, data1_len / (uint32_t)64U);
uint32_t n_blocks = (chunk_len - diff - ite) / 64U;
uint32_t data1_len = n_blocks * 64U;
uint32_t data2_len = chunk_len - diff - data1_len;
uint8_t *data1 = chunk2;
uint8_t *data2 = chunk2 + data1_len;
Hacl_Hash_SHA1_update_multi(block_state1, data1, data1_len / 64U);
uint8_t *dst = buf;
memcpy(dst, data21, data2_len * sizeof (uint8_t));
*p
memcpy(dst, data2, data2_len * sizeof (uint8_t));
*state
=
(
(Hacl_Streaming_MD_state_32){
.block_state = block_state1,
.buf = buf,
.total_len = total_len1 + (uint64_t)(len - diff)
.total_len = total_len1 + (uint64_t)(chunk_len - diff)
}
);
}
return Hacl_Streaming_Types_Success;
}
void Hacl_Streaming_SHA1_legacy_finish(Hacl_Streaming_MD_state_32 *p, uint8_t *dst)
void Hacl_Hash_SHA1_digest(Hacl_Streaming_MD_state_32 *state, uint8_t *output)
{
Hacl_Streaming_MD_state_32 scrut = *p;
Hacl_Streaming_MD_state_32 scrut = *state;
uint32_t *block_state = scrut.block_state;
uint8_t *buf_ = scrut.buf;
uint64_t total_len = scrut.total_len;
uint32_t r;
if (total_len % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len > (uint64_t)0U)
if (total_len % (uint64_t)64U == 0ULL && total_len > 0ULL)
{
r = (uint32_t)64U;
r = 64U;
}
else
{
r = (uint32_t)(total_len % (uint64_t)(uint32_t)64U);
r = (uint32_t)(total_len % (uint64_t)64U);
}
uint8_t *buf_1 = buf_;
uint32_t tmp_block_state[5U] = { 0U };
memcpy(tmp_block_state, block_state, (uint32_t)5U * sizeof (uint32_t));
memcpy(tmp_block_state, block_state, 5U * sizeof (uint32_t));
uint32_t ite;
if (r % (uint32_t)64U == (uint32_t)0U && r > (uint32_t)0U)
if (r % 64U == 0U && r > 0U)
{
ite = (uint32_t)64U;
ite = 64U;
}
else
{
ite = r % (uint32_t)64U;
ite = r % 64U;
}
uint8_t *buf_last = buf_1 + r - ite;
uint8_t *buf_multi = buf_1;
Hacl_Hash_SHA1_legacy_update_multi(tmp_block_state, buf_multi, (uint32_t)0U);
Hacl_Hash_SHA1_update_multi(tmp_block_state, buf_multi, 0U);
uint64_t prev_len_last = total_len - (uint64_t)r;
Hacl_Hash_SHA1_legacy_update_last(tmp_block_state, prev_len_last, buf_last, r);
Hacl_Hash_Core_SHA1_legacy_finish(tmp_block_state, dst);
Hacl_Hash_SHA1_update_last(tmp_block_state, prev_len_last, buf_last, r);
Hacl_Hash_SHA1_finish(tmp_block_state, output);
}
void Hacl_Streaming_SHA1_legacy_free(Hacl_Streaming_MD_state_32 *s)
void Hacl_Hash_SHA1_free(Hacl_Streaming_MD_state_32 *state)
{
Hacl_Streaming_MD_state_32 scrut = *s;
Hacl_Streaming_MD_state_32 scrut = *state;
uint8_t *buf = scrut.buf;
uint32_t *block_state = scrut.block_state;
KRML_HOST_FREE(block_state);
KRML_HOST_FREE(buf);
KRML_HOST_FREE(s);
KRML_HOST_FREE(state);
}
Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA1_legacy_copy(Hacl_Streaming_MD_state_32 *s0)
Hacl_Streaming_MD_state_32 *Hacl_Hash_SHA1_copy(Hacl_Streaming_MD_state_32 *state)
{
Hacl_Streaming_MD_state_32 scrut = *s0;
Hacl_Streaming_MD_state_32 scrut = *state;
uint32_t *block_state0 = scrut.block_state;
uint8_t *buf0 = scrut.buf;
uint64_t total_len0 = scrut.total_len;
uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint8_t));
memcpy(buf, buf0, (uint32_t)64U * sizeof (uint8_t));
uint32_t *block_state = (uint32_t *)KRML_HOST_CALLOC((uint32_t)5U, sizeof (uint32_t));
memcpy(block_state, block_state0, (uint32_t)5U * sizeof (uint32_t));
uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC(64U, sizeof (uint8_t));
memcpy(buf, buf0, 64U * sizeof (uint8_t));
uint32_t *block_state = (uint32_t *)KRML_HOST_CALLOC(5U, sizeof (uint32_t));
memcpy(block_state, block_state0, 5U * sizeof (uint32_t));
Hacl_Streaming_MD_state_32
s = { .block_state = block_state, .buf = buf, .total_len = total_len0 };
Hacl_Streaming_MD_state_32
@ -501,8 +456,8 @@ Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA1_legacy_copy(Hacl_Streaming_MD_st
return p;
}
void Hacl_Streaming_SHA1_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst)
void Hacl_Hash_SHA1_hash(uint8_t *output, uint8_t *input, uint32_t input_len)
{
Hacl_Hash_SHA1_legacy_hash(input, input_len, dst);
Hacl_Hash_SHA1_hash_oneshot(output, input, input_len);
}

17
Modules/_hacl/Hacl_Hash_SHA1.h
View File

@ -31,31 +31,32 @@ extern "C" {
#endif
#include <string.h>
#include "python_hacl_namespaces.h"
#include "krml/types.h"
#include "krml/lowstar_endianness.h"
#include "krml/internal/target.h"
#include "Hacl_Streaming_Types.h"
typedef Hacl_Streaming_MD_state_32 Hacl_Streaming_SHA1_state;
typedef Hacl_Streaming_MD_state_32 Hacl_Hash_SHA1_state_t;
Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA1_legacy_create_in(void);
Hacl_Streaming_MD_state_32 *Hacl_Hash_SHA1_malloc(void);
void Hacl_Streaming_SHA1_legacy_init(Hacl_Streaming_MD_state_32 *s);
void Hacl_Hash_SHA1_reset(Hacl_Streaming_MD_state_32 *state);
/**
0 = success, 1 = max length exceeded
*/
Hacl_Streaming_Types_error_code
Hacl_Streaming_SHA1_legacy_update(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len);
Hacl_Hash_SHA1_update(Hacl_Streaming_MD_state_32 *state, uint8_t *chunk, uint32_t chunk_len);
void Hacl_Streaming_SHA1_legacy_finish(Hacl_Streaming_MD_state_32 *p, uint8_t *dst);
void Hacl_Hash_SHA1_digest(Hacl_Streaming_MD_state_32 *state, uint8_t *output);
void Hacl_Streaming_SHA1_legacy_free(Hacl_Streaming_MD_state_32 *s);
void Hacl_Hash_SHA1_free(Hacl_Streaming_MD_state_32 *state);
Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA1_legacy_copy(Hacl_Streaming_MD_state_32 *s0);
Hacl_Streaming_MD_state_32 *Hacl_Hash_SHA1_copy(Hacl_Streaming_MD_state_32 *state);
void Hacl_Streaming_SHA1_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst);
void Hacl_Hash_SHA1_hash(uint8_t *output, uint8_t *input, uint32_t input_len);
#if defined(__cplusplus)
}

932
Modules/_hacl/Hacl_Hash_SHA2.c
View File

File diff suppressed because it is too large Load Diff

104
Modules/_hacl/Hacl_Hash_SHA2.h
View File

@ -39,19 +39,19 @@ extern "C" {
#include "Hacl_Streaming_Types.h"
typedef Hacl_Streaming_MD_state_32 Hacl_Streaming_SHA2_state_sha2_224;
typedef Hacl_Streaming_MD_state_32 Hacl_Hash_SHA2_state_t_224;
typedef Hacl_Streaming_MD_state_32 Hacl_Streaming_SHA2_state_sha2_256;
typedef Hacl_Streaming_MD_state_32 Hacl_Hash_SHA2_state_t_256;
typedef Hacl_Streaming_MD_state_64 Hacl_Streaming_SHA2_state_sha2_384;
typedef Hacl_Streaming_MD_state_64 Hacl_Hash_SHA2_state_t_384;
typedef Hacl_Streaming_MD_state_64 Hacl_Streaming_SHA2_state_sha2_512;
typedef Hacl_Streaming_MD_state_64 Hacl_Hash_SHA2_state_t_512;
/**
Allocate initial state for the SHA2_256 hash. The state is to be freed by
calling `free_256`.
*/
Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA2_create_in_256(void);
Hacl_Streaming_MD_state_32 *Hacl_Hash_SHA2_malloc_256(void);
/**
Copies the state passed as argument into a newly allocated state (deep copy).
@ -59,73 +59,73 @@ The state is to be freed by calling `free_256`. Cloning the state this way is
useful, for instance, if your control-flow diverges and you need to feed
more (different) data into the hash in each branch.
*/
Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA2_copy_256(Hacl_Streaming_MD_state_32 *s0);
Hacl_Streaming_MD_state_32 *Hacl_Hash_SHA2_copy_256(Hacl_Streaming_MD_state_32 *state);
/**
Reset an existing state to the initial hash state with empty data.
*/
void Hacl_Streaming_SHA2_init_256(Hacl_Streaming_MD_state_32 *s);
void Hacl_Hash_SHA2_reset_256(Hacl_Streaming_MD_state_32 *state);
/**
Feed an arbitrary amount of data into the hash. This function returns 0 for
success, or 1 if the combined length of all of the data passed to `update_256`
(since the last call to `init_256`) exceeds 2^61-1 bytes.
(since the last call to `reset_256`) exceeds 2^61-1 bytes.
This function is identical to the update function for SHA2_224.
*/
Hacl_Streaming_Types_error_code
Hacl_Streaming_SHA2_update_256(
Hacl_Streaming_MD_state_32 *p,
Hacl_Hash_SHA2_update_256(
Hacl_Streaming_MD_state_32 *state,
uint8_t *input,
uint32_t input_len
);
/**
Write the resulting hash into `dst`, an array of 32 bytes. The state remains
valid after a call to `finish_256`, meaning the user may feed more data into
the hash via `update_256`. (The finish_256 function operates on an internal copy of
Write the resulting hash into `output`, an array of 32 bytes. The state remains
valid after a call to `digest_256`, meaning the user may feed more data into
the hash via `update_256`. (The digest_256 function operates on an internal copy of
the state and therefore does not invalidate the client-held state `p`.)
*/
void Hacl_Streaming_SHA2_finish_256(Hacl_Streaming_MD_state_32 *p, uint8_t *dst);
void Hacl_Hash_SHA2_digest_256(Hacl_Streaming_MD_state_32 *state, uint8_t *output);
/**
Free a state allocated with `create_in_256`.
Free a state allocated with `malloc_256`.
This function is identical to the free function for SHA2_224.
*/
void Hacl_Streaming_SHA2_free_256(Hacl_Streaming_MD_state_32 *s);
void Hacl_Hash_SHA2_free_256(Hacl_Streaming_MD_state_32 *state);
/**
Hash `input`, of len `input_len`, into `dst`, an array of 32 bytes.
Hash `input`, of len `input_len`, into `output`, an array of 32 bytes.
*/
void Hacl_Streaming_SHA2_hash_256(uint8_t *input, uint32_t input_len, uint8_t *dst);
void Hacl_Hash_SHA2_hash_256(uint8_t *output, uint8_t *input, uint32_t input_len);
Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA2_create_in_224(void);
Hacl_Streaming_MD_state_32 *Hacl_Hash_SHA2_malloc_224(void);
void Hacl_Streaming_SHA2_init_224(Hacl_Streaming_MD_state_32 *s);
void Hacl_Hash_SHA2_reset_224(Hacl_Streaming_MD_state_32 *state);
Hacl_Streaming_Types_error_code
Hacl_Streaming_SHA2_update_224(
Hacl_Streaming_MD_state_32 *p,
Hacl_Hash_SHA2_update_224(
Hacl_Streaming_MD_state_32 *state,
uint8_t *input,
uint32_t input_len
);
/**
Write the resulting hash into `dst`, an array of 28 bytes. The state remains
valid after a call to `finish_224`, meaning the user may feed more data into
Write the resulting hash into `output`, an array of 28 bytes. The state remains
valid after a call to `digest_224`, meaning the user may feed more data into
the hash via `update_224`.
*/
void Hacl_Streaming_SHA2_finish_224(Hacl_Streaming_MD_state_32 *p, uint8_t *dst);
void Hacl_Hash_SHA2_digest_224(Hacl_Streaming_MD_state_32 *state, uint8_t *output);
void Hacl_Streaming_SHA2_free_224(Hacl_Streaming_MD_state_32 *p);
void Hacl_Hash_SHA2_free_224(Hacl_Streaming_MD_state_32 *state);
/**
Hash `input`, of len `input_len`, into `dst`, an array of 28 bytes.
Hash `input`, of len `input_len`, into `output`, an array of 28 bytes.
*/
void Hacl_Streaming_SHA2_hash_224(uint8_t *input, uint32_t input_len, uint8_t *dst);
void Hacl_Hash_SHA2_hash_224(uint8_t *output, uint8_t *input, uint32_t input_len);
Hacl_Streaming_MD_state_64 *Hacl_Streaming_SHA2_create_in_512(void);
Hacl_Streaming_MD_state_64 *Hacl_Hash_SHA2_malloc_512(void);
/**
Copies the state passed as argument into a newly allocated state (deep copy).
@ -133,68 +133,68 @@ The state is to be freed by calling `free_512`. Cloning the state this way is
useful, for instance, if your control-flow diverges and you need to feed
more (different) data into the hash in each branch.
*/
Hacl_Streaming_MD_state_64 *Hacl_Streaming_SHA2_copy_512(Hacl_Streaming_MD_state_64 *s0);
Hacl_Streaming_MD_state_64 *Hacl_Hash_SHA2_copy_512(Hacl_Streaming_MD_state_64 *state);
void Hacl_Streaming_SHA2_init_512(Hacl_Streaming_MD_state_64 *s);
void Hacl_Hash_SHA2_reset_512(Hacl_Streaming_MD_state_64 *state);
/**
Feed an arbitrary amount of data into the hash. This function returns 0 for
success, or 1 if the combined length of all of the data passed to `update_512`
(since the last call to `init_512`) exceeds 2^125-1 bytes.
(since the last call to `reset_512`) exceeds 2^125-1 bytes.
This function is identical to the update function for SHA2_384.
*/
Hacl_Streaming_Types_error_code
Hacl_Streaming_SHA2_update_512(
Hacl_Streaming_MD_state_64 *p,
Hacl_Hash_SHA2_update_512(
Hacl_Streaming_MD_state_64 *state,
uint8_t *input,
uint32_t input_len
);
/**
Write the resulting hash into `dst`, an array of 64 bytes. The state remains
valid after a call to `finish_512`, meaning the user may feed more data into
the hash via `update_512`. (The finish_512 function operates on an internal copy of
Write the resulting hash into `output`, an array of 64 bytes. The state remains
valid after a call to `digest_512`, meaning the user may feed more data into
the hash via `update_512`. (The digest_512 function operates on an internal copy of
the state and therefore does not invalidate the client-held state `p`.)
*/
void Hacl_Streaming_SHA2_finish_512(Hacl_Streaming_MD_state_64 *p, uint8_t *dst);
void Hacl_Hash_SHA2_digest_512(Hacl_Streaming_MD_state_64 *state, uint8_t *output);
/**
Free a state allocated with `create_in_512`.
Free a state allocated with `malloc_512`.
This function is identical to the free function for SHA2_384.
*/
void Hacl_Streaming_SHA2_free_512(Hacl_Streaming_MD_state_64 *s);
void Hacl_Hash_SHA2_free_512(Hacl_Streaming_MD_state_64 *state);
/**
Hash `input`, of len `input_len`, into `dst`, an array of 64 bytes.
Hash `input`, of len `input_len`, into `output`, an array of 64 bytes.
*/
void Hacl_Streaming_SHA2_hash_512(uint8_t *input, uint32_t input_len, uint8_t *dst);
void Hacl_Hash_SHA2_hash_512(uint8_t *output, uint8_t *input, uint32_t input_len);
Hacl_Streaming_MD_state_64 *Hacl_Streaming_SHA2_create_in_384(void);
Hacl_Streaming_MD_state_64 *Hacl_Hash_SHA2_malloc_384(void);
void Hacl_Streaming_SHA2_init_384(Hacl_Streaming_MD_state_64 *s);
void Hacl_Hash_SHA2_reset_384(Hacl_Streaming_MD_state_64 *state);
Hacl_Streaming_Types_error_code
Hacl_Streaming_SHA2_update_384(
Hacl_Streaming_MD_state_64 *p,
Hacl_Hash_SHA2_update_384(
Hacl_Streaming_MD_state_64 *state,
uint8_t *input,
uint32_t input_len
);
/**
Write the resulting hash into `dst`, an array of 48 bytes. The state remains
valid after a call to `finish_384`, meaning the user may feed more data into
Write the resulting hash into `output`, an array of 48 bytes. The state remains
valid after a call to `digest_384`, meaning the user may feed more data into
the hash via `update_384`.
*/
void Hacl_Streaming_SHA2_finish_384(Hacl_Streaming_MD_state_64 *p, uint8_t *dst);
void Hacl_Hash_SHA2_digest_384(Hacl_Streaming_MD_state_64 *state, uint8_t *output);
void Hacl_Streaming_SHA2_free_384(Hacl_Streaming_MD_state_64 *p);
void Hacl_Hash_SHA2_free_384(Hacl_Streaming_MD_state_64 *state);
/**
Hash `input`, of len `input_len`, into `dst`, an array of 48 bytes.
Hash `input`, of len `input_len`, into `output`, an array of 48 bytes.
*/
void Hacl_Streaming_SHA2_hash_384(uint8_t *input, uint32_t input_len, uint8_t *dst);
void Hacl_Hash_SHA2_hash_384(uint8_t *output, uint8_t *input, uint32_t input_len);
#if defined(__cplusplus)
}

526
Modules/_hacl/Hacl_Hash_SHA3.c
View File

@ -31,27 +31,27 @@ static uint32_t block_len(Spec_Hash_Definitions_hash_alg a)
{
case Spec_Hash_Definitions_SHA3_224:
{
return (uint32_t)144U;
return 144U;
}
case Spec_Hash_Definitions_SHA3_256:
{
return (uint32_t)136U;
return 136U;
}
case Spec_Hash_Definitions_SHA3_384:
{
return (uint32_t)104U;
return 104U;
}
case Spec_Hash_Definitions_SHA3_512:
{
return (uint32_t)72U;
return 72U;
}
case Spec_Hash_Definitions_Shake128:
{
return (uint32_t)168U;
return 168U;
}
case Spec_Hash_Definitions_Shake256:
{
return (uint32_t)136U;
return 136U;
}
default:
{
@ -67,19 +67,19 @@ static uint32_t hash_len(Spec_Hash_Definitions_hash_alg a)
{
case Spec_Hash_Definitions_SHA3_224:
{
return (uint32_t)28U;
return 28U;
}
case Spec_Hash_Definitions_SHA3_256:
{
return (uint32_t)32U;
return 32U;
}
case Spec_Hash_Definitions_SHA3_384:
{
return (uint32_t)48U;
return 48U;
}
case Spec_Hash_Definitions_SHA3_512:
{
return (uint32_t)64U;
return 64U;
}
default:
{
@ -97,10 +97,10 @@ Hacl_Hash_SHA3_update_multi_sha3(
uint32_t n_blocks
)
{
for (uint32_t i = (uint32_t)0U; i < n_blocks; i++)
for (uint32_t i = 0U; i < n_blocks; i++)
{
uint8_t *block = blocks + i * block_len(a);
Hacl_Impl_SHA3_absorb_inner(block_len(a), block, s);
Hacl_Hash_SHA3_absorb_inner(block_len(a), block, s);
}
}
@ -115,139 +115,139 @@ Hacl_Hash_SHA3_update_last_sha3(
uint8_t suffix;
if (a == Spec_Hash_Definitions_Shake128 || a == Spec_Hash_Definitions_Shake256)
{
suffix = (uint8_t)0x1fU;
suffix = 0x1fU;
}
else
{
suffix = (uint8_t)0x06U;
suffix = 0x06U;
}
uint32_t len = block_len(a);
if (input_len == len)
{
Hacl_Impl_SHA3_absorb_inner(len, input, s);
uint8_t *uu____0 = input + input_len;
Hacl_Hash_SHA3_absorb_inner(len, input, s);
uint8_t lastBlock_[200U] = { 0U };
uint8_t *lastBlock = lastBlock_;
memcpy(lastBlock, uu____0, (uint32_t)0U * sizeof (uint8_t));
memcpy(lastBlock, input + input_len, 0U * sizeof (uint8_t));
lastBlock[0U] = suffix;
Hacl_Impl_SHA3_loadState(len, lastBlock, s);
if (!((suffix & (uint8_t)0x80U) == (uint8_t)0U) && (uint32_t)0U == len - (uint32_t)1U)
Hacl_Hash_SHA3_loadState(len, lastBlock, s);
if (!(((uint32_t)suffix & 0x80U) == 0U) && 0U == len - 1U)
{
Hacl_Impl_SHA3_state_permute(s);
Hacl_Hash_SHA3_state_permute(s);
}
uint8_t nextBlock_[200U] = { 0U };
uint8_t *nextBlock = nextBlock_;
nextBlock[len - (uint32_t)1U] = (uint8_t)0x80U;
Hacl_Impl_SHA3_loadState(len, nextBlock, s);
Hacl_Impl_SHA3_state_permute(s);
nextBlock[len - 1U] = 0x80U;
Hacl_Hash_SHA3_loadState(len, nextBlock, s);
Hacl_Hash_SHA3_state_permute(s);
return;
}
uint8_t lastBlock_[200U] = { 0U };
uint8_t *lastBlock = lastBlock_;
memcpy(lastBlock, input, input_len * sizeof (uint8_t));
lastBlock[input_len] = suffix;
Hacl_Impl_SHA3_loadState(len, lastBlock, s);
if (!((suffix & (uint8_t)0x80U) == (uint8_t)0U) && input_len == len - (uint32_t)1U)
Hacl_Hash_SHA3_loadState(len, lastBlock, s);
if (!(((uint32_t)suffix & 0x80U) == 0U) && input_len == len - 1U)
{
Hacl_Impl_SHA3_state_permute(s);
Hacl_Hash_SHA3_state_permute(s);
}
uint8_t nextBlock_[200U] = { 0U };
uint8_t *nextBlock = nextBlock_;
nextBlock[len - (uint32_t)1U] = (uint8_t)0x80U;
Hacl_Impl_SHA3_loadState(len, nextBlock, s);
Hacl_Impl_SHA3_state_permute(s);
nextBlock[len - 1U] = 0x80U;
Hacl_Hash_SHA3_loadState(len, nextBlock, s);
Hacl_Hash_SHA3_state_permute(s);
}
typedef struct hash_buf2_s
{
Hacl_Streaming_Keccak_hash_buf fst;
Hacl_Streaming_Keccak_hash_buf snd;
Hacl_Hash_SHA3_hash_buf fst;
Hacl_Hash_SHA3_hash_buf snd;
}
hash_buf2;
Spec_Hash_Definitions_hash_alg Hacl_Streaming_Keccak_get_alg(Hacl_Streaming_Keccak_state *s)
Spec_Hash_Definitions_hash_alg Hacl_Hash_SHA3_get_alg(Hacl_Hash_SHA3_state_t *s)
{
Hacl_Streaming_Keccak_state scrut = *s;
Hacl_Streaming_Keccak_hash_buf block_state = scrut.block_state;
Hacl_Hash_SHA3_hash_buf block_state = (*s).block_state;
return block_state.fst;
}
Hacl_Streaming_Keccak_state *Hacl_Streaming_Keccak_malloc(Spec_Hash_Definitions_hash_alg a)
Hacl_Hash_SHA3_state_t *Hacl_Hash_SHA3_malloc(Spec_Hash_Definitions_hash_alg a)
{
KRML_CHECK_SIZE(sizeof (uint8_t), block_len(a));
uint8_t *buf0 = (uint8_t *)KRML_HOST_CALLOC(block_len(a), sizeof (uint8_t));
uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC((uint32_t)25U, sizeof (uint64_t));
Hacl_Streaming_Keccak_hash_buf block_state = { .fst = a, .snd = buf };
Hacl_Streaming_Keccak_state
s = { .block_state = block_state, .buf = buf0, .total_len = (uint64_t)(uint32_t)0U };
Hacl_Streaming_Keccak_state
*p = (Hacl_Streaming_Keccak_state *)KRML_HOST_MALLOC(sizeof (Hacl_Streaming_Keccak_state));
uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC(25U, sizeof (uint64_t));
Hacl_Hash_SHA3_hash_buf block_state = { .fst = a, .snd = buf };
Hacl_Hash_SHA3_state_t
s = { .block_state = block_state, .buf = buf0, .total_len = (uint64_t)0U };
Hacl_Hash_SHA3_state_t
*p = (Hacl_Hash_SHA3_state_t *)KRML_HOST_MALLOC(sizeof (Hacl_Hash_SHA3_state_t));
p[0U] = s;
uint64_t *s1 = block_state.snd;
memset(s1, 0U, (uint32_t)25U * sizeof (uint64_t));
memset(s1, 0U, 25U * sizeof (uint64_t));
return p;
}
void Hacl_Streaming_Keccak_free(Hacl_Streaming_Keccak_state *s)
void Hacl_Hash_SHA3_free(Hacl_Hash_SHA3_state_t *state)
{
Hacl_Streaming_Keccak_state scrut = *s;
Hacl_Hash_SHA3_state_t scrut = *state;
uint8_t *buf = scrut.buf;
Hacl_Streaming_Keccak_hash_buf block_state = scrut.block_state;
uint64_t *s1 = block_state.snd;
KRML_HOST_FREE(s1);
KRML_HOST_FREE(buf);
Hacl_Hash_SHA3_hash_buf block_state = scrut.block_state;
uint64_t *s = block_state.snd;
KRML_HOST_FREE(s);
KRML_HOST_FREE(buf);
KRML_HOST_FREE(state);
}
Hacl_Streaming_Keccak_state *Hacl_Streaming_Keccak_copy(Hacl_Streaming_Keccak_state *s0)
Hacl_Hash_SHA3_state_t *Hacl_Hash_SHA3_copy(Hacl_Hash_SHA3_state_t *state)
{
Hacl_Streaming_Keccak_state scrut0 = *s0;
Hacl_Streaming_Keccak_hash_buf block_state0 = scrut0.block_state;
Hacl_Hash_SHA3_state_t scrut0 = *state;
Hacl_Hash_SHA3_hash_buf block_state0 = scrut0.block_state;
uint8_t *buf0 = scrut0.buf;
uint64_t total_len0 = scrut0.total_len;
Spec_Hash_Definitions_hash_alg i = block_state0.fst;
KRML_CHECK_SIZE(sizeof (uint8_t), block_len(i));
uint8_t *buf1 = (uint8_t *)KRML_HOST_CALLOC(block_len(i), sizeof (uint8_t));
memcpy(buf1, buf0, block_len(i) * sizeof (uint8_t));
uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC((uint32_t)25U, sizeof (uint64_t));
Hacl_Streaming_Keccak_hash_buf block_state = { .fst = i, .snd = buf };
uint64_t *buf = (uint64_t *)KRML_HOST_CALLOC(25U, sizeof (uint64_t));
Hacl_Hash_SHA3_hash_buf block_state = { .fst = i, .snd = buf };
hash_buf2 scrut = { .fst = block_state0, .snd = block_state };
uint64_t *s_dst = scrut.snd.snd;
uint64_t *s_src = scrut.fst.snd;
memcpy(s_dst, s_src, (uint32_t)25U * sizeof (uint64_t));
Hacl_Streaming_Keccak_state
memcpy(s_dst, s_src, 25U * sizeof (uint64_t));
Hacl_Hash_SHA3_state_t
s = { .block_state = block_state, .buf = buf1, .total_len = total_len0 };
Hacl_Streaming_Keccak_state
*p = (Hacl_Streaming_Keccak_state *)KRML_HOST_MALLOC(sizeof (Hacl_Streaming_Keccak_state));
Hacl_Hash_SHA3_state_t
*p = (Hacl_Hash_SHA3_state_t *)KRML_HOST_MALLOC(sizeof (Hacl_Hash_SHA3_state_t));
p[0U] = s;
return p;
}
void Hacl_Streaming_Keccak_reset(Hacl_Streaming_Keccak_state *s)
void Hacl_Hash_SHA3_reset(Hacl_Hash_SHA3_state_t *state)
{
Hacl_Streaming_Keccak_state scrut = *s;
Hacl_Hash_SHA3_state_t scrut = *state;
uint8_t *buf = scrut.buf;
Hacl_Streaming_Keccak_hash_buf block_state = scrut.block_state;
uint64_t *s1 = block_state.snd;
memset(s1, 0U, (uint32_t)25U * sizeof (uint64_t));
Hacl_Streaming_Keccak_state
tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
s[0U] = tmp;
Hacl_Hash_SHA3_hash_buf block_state = scrut.block_state;
Spec_Hash_Definitions_hash_alg i = block_state.fst;
KRML_MAYBE_UNUSED_VAR(i);
uint64_t *s = block_state.snd;
memset(s, 0U, 25U * sizeof (uint64_t));
Hacl_Hash_SHA3_state_t
tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U };
state[0U] = tmp;
}
Hacl_Streaming_Types_error_code
Hacl_Streaming_Keccak_update(Hacl_Streaming_Keccak_state *p, uint8_t *data, uint32_t len)
Hacl_Hash_SHA3_update(Hacl_Hash_SHA3_state_t *state, uint8_t *chunk, uint32_t chunk_len)
{
Hacl_Streaming_Keccak_state s = *p;
Hacl_Streaming_Keccak_hash_buf block_state = s.block_state;
Hacl_Hash_SHA3_state_t s = *state;
Hacl_Hash_SHA3_hash_buf block_state = s.block_state;
uint64_t total_len = s.total_len;
Spec_Hash_Definitions_hash_alg i = block_state.fst;
if ((uint64_t)len > (uint64_t)0xFFFFFFFFFFFFFFFFU - total_len)
if ((uint64_t)chunk_len > 0xFFFFFFFFFFFFFFFFULL - total_len)
{
return Hacl_Streaming_Types_MaximumLengthExceeded;
}
uint32_t sz;
if (total_len % (uint64_t)block_len(i) == (uint64_t)0U && total_len > (uint64_t)0U)
if (total_len % (uint64_t)block_len(i) == 0ULL && total_len > 0ULL)
{
sz = block_len(i);
}
@ -255,14 +255,14 @@ Hacl_Streaming_Keccak_update(Hacl_Streaming_Keccak_state *p, uint8_t *data, uint
{
sz = (uint32_t)(total_len % (uint64_t)block_len(i));
}
if (len <= block_len(i) - sz)
if (chunk_len <= block_len(i) - sz)
{
Hacl_Streaming_Keccak_state s1 = *p;
Hacl_Streaming_Keccak_hash_buf block_state1 = s1.block_state;
Hacl_Hash_SHA3_state_t s1 = *state;
Hacl_Hash_SHA3_hash_buf block_state1 = s1.block_state;
uint8_t *buf = s1.buf;
uint64_t total_len1 = s1.total_len;
uint32_t sz1;
if (total_len1 % (uint64_t)block_len(i) == (uint64_t)0U && total_len1 > (uint64_t)0U)
if (total_len1 % (uint64_t)block_len(i) == 0ULL && total_len1 > 0ULL)
{
sz1 = block_len(i);
}
@ -271,26 +271,20 @@ Hacl_Streaming_Keccak_update(Hacl_Streaming_Keccak_state *p, uint8_t *data, uint
sz1 = (uint32_t)(total_len1 % (uint64_t)block_len(i));
}
uint8_t *buf2 = buf + sz1;
memcpy(buf2, data, len * sizeof (uint8_t));
uint64_t total_len2 = total_len1 + (uint64_t)len;
*p
memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
*state
=
(
(Hacl_Streaming_Keccak_state){
.block_state = block_state1,
.buf = buf,
.total_len = total_len2
}
);
((Hacl_Hash_SHA3_state_t){ .block_state = block_state1, .buf = buf, .total_len = total_len2 });
}
else if (sz == (uint32_t)0U)
else if (sz == 0U)
{
Hacl_Streaming_Keccak_state s1 = *p;
Hacl_Streaming_Keccak_hash_buf block_state1 = s1.block_state;
Hacl_Hash_SHA3_state_t s1 = *state;
Hacl_Hash_SHA3_hash_buf block_state1 = s1.block_state;
uint8_t *buf = s1.buf;
uint64_t total_len1 = s1.total_len;
uint32_t sz1;
if (total_len1 % (uint64_t)block_len(i) == (uint64_t)0U && total_len1 > (uint64_t)0U)
if (total_len1 % (uint64_t)block_len(i) == 0ULL && total_len1 > 0ULL)
{
sz1 = block_len(i);
}
@ -298,52 +292,52 @@ Hacl_Streaming_Keccak_update(Hacl_Streaming_Keccak_state *p, uint8_t *data, uint
{
sz1 = (uint32_t)(total_len1 % (uint64_t)block_len(i));
}
if (!(sz1 == (uint32_t)0U))
if (!(sz1 == 0U))
{
Spec_Hash_Definitions_hash_alg a1 = block_state1.fst;
uint64_t *s2 = block_state1.snd;
Hacl_Hash_SHA3_update_multi_sha3(a1, s2, buf, block_len(i) / block_len(a1));
}
uint32_t ite;
if ((uint64_t)len % (uint64_t)block_len(i) == (uint64_t)0U && (uint64_t)len > (uint64_t)0U)
if ((uint64_t)chunk_len % (uint64_t)block_len(i) == 0ULL && (uint64_t)chunk_len > 0ULL)
{
ite = block_len(i);
}
else
{
ite = (uint32_t)((uint64_t)len % (uint64_t)block_len(i));
ite = (uint32_t)((uint64_t)chunk_len % (uint64_t)block_len(i));
}
uint32_t n_blocks = (len - ite) / block_len(i);
uint32_t n_blocks = (chunk_len - ite) / block_len(i);
uint32_t data1_len = n_blocks * block_len(i);
uint32_t data2_len = len - data1_len;
uint8_t *data1 = data;
uint8_t *data2 = data + data1_len;
uint32_t data2_len = chunk_len - data1_len;
uint8_t *data1 = chunk;
uint8_t *data2 = chunk + data1_len;
Spec_Hash_Definitions_hash_alg a1 = block_state1.fst;
uint64_t *s2 = block_state1.snd;
Hacl_Hash_SHA3_update_multi_sha3(a1, s2, data1, data1_len / block_len(a1));
uint8_t *dst = buf;
memcpy(dst, data2, data2_len * sizeof (uint8_t));
*p
*state
=
(
(Hacl_Streaming_Keccak_state){
(Hacl_Hash_SHA3_state_t){
.block_state = block_state1,
.buf = buf,
.total_len = total_len1 + (uint64_t)len
.total_len = total_len1 + (uint64_t)chunk_len
}
);
}
else
{
uint32_t diff = block_len(i) - sz;
uint8_t *data1 = data;
uint8_t *data2 = data + diff;
Hacl_Streaming_Keccak_state s1 = *p;
Hacl_Streaming_Keccak_hash_buf block_state10 = s1.block_state;
uint8_t *chunk1 = chunk;
uint8_t *chunk2 = chunk + diff;
Hacl_Hash_SHA3_state_t s1 = *state;
Hacl_Hash_SHA3_hash_buf block_state10 = s1.block_state;
uint8_t *buf0 = s1.buf;
uint64_t total_len10 = s1.total_len;
uint32_t sz10;
if (total_len10 % (uint64_t)block_len(i) == (uint64_t)0U && total_len10 > (uint64_t)0U)
if (total_len10 % (uint64_t)block_len(i) == 0ULL && total_len10 > 0ULL)
{
sz10 = block_len(i);
}
@ -352,23 +346,23 @@ Hacl_Streaming_Keccak_update(Hacl_Streaming_Keccak_state *p, uint8_t *data, uint
sz10 = (uint32_t)(total_len10 % (uint64_t)block_len(i));
}
uint8_t *buf2 = buf0 + sz10;
memcpy(buf2, data1, diff * sizeof (uint8_t));
memcpy(buf2, chunk1, diff * sizeof (uint8_t));
uint64_t total_len2 = total_len10 + (uint64_t)diff;
*p
*state
=
(
(Hacl_Streaming_Keccak_state){
(Hacl_Hash_SHA3_state_t){
.block_state = block_state10,
.buf = buf0,
.total_len = total_len2
}
);
Hacl_Streaming_Keccak_state s10 = *p;
Hacl_Streaming_Keccak_hash_buf block_state1 = s10.block_state;
Hacl_Hash_SHA3_state_t s10 = *state;
Hacl_Hash_SHA3_hash_buf block_state1 = s10.block_state;
uint8_t *buf = s10.buf;
uint64_t total_len1 = s10.total_len;
uint32_t sz1;
if (total_len1 % (uint64_t)block_len(i) == (uint64_t)0U && total_len1 > (uint64_t)0U)
if (total_len1 % (uint64_t)block_len(i) == 0ULL && total_len1 > 0ULL)
{
sz1 = block_len(i);
}
@ -376,7 +370,7 @@ Hacl_Streaming_Keccak_update(Hacl_Streaming_Keccak_state *p, uint8_t *data, uint
{
sz1 = (uint32_t)(total_len1 % (uint64_t)block_len(i));
}
if (!(sz1 == (uint32_t)0U))
if (!(sz1 == 0U))
{
Spec_Hash_Definitions_hash_alg a1 = block_state1.fst;
uint64_t *s2 = block_state1.snd;
@ -385,35 +379,35 @@ Hacl_Streaming_Keccak_update(Hacl_Streaming_Keccak_state *p, uint8_t *data, uint
uint32_t ite;
if
(
(uint64_t)(len - diff)
(uint64_t)(chunk_len - diff)
% (uint64_t)block_len(i)
== (uint64_t)0U
&& (uint64_t)(len - diff) > (uint64_t)0U
== 0ULL
&& (uint64_t)(chunk_len - diff) > 0ULL
)
{
ite = block_len(i);
}
else
{
ite = (uint32_t)((uint64_t)(len - diff) % (uint64_t)block_len(i));
ite = (uint32_t)((uint64_t)(chunk_len - diff) % (uint64_t)block_len(i));
}
uint32_t n_blocks = (len - diff - ite) / block_len(i);
uint32_t n_blocks = (chunk_len - diff - ite) / block_len(i);
uint32_t data1_len = n_blocks * block_len(i);
uint32_t data2_len = len - diff - data1_len;
uint8_t *data11 = data2;
uint8_t *data21 = data2 + data1_len;
uint32_t data2_len = chunk_len - diff - data1_len;
uint8_t *data1 = chunk2;
uint8_t *data2 = chunk2 + data1_len;
Spec_Hash_Definitions_hash_alg a1 = block_state1.fst;
uint64_t *s2 = block_state1.snd;
Hacl_Hash_SHA3_update_multi_sha3(a1, s2, data11, data1_len / block_len(a1));
Hacl_Hash_SHA3_update_multi_sha3(a1, s2, data1, data1_len / block_len(a1));
uint8_t *dst = buf;
memcpy(dst, data21, data2_len * sizeof (uint8_t));
*p
memcpy(dst, data2, data2_len * sizeof (uint8_t));
*state
=
(
(Hacl_Streaming_Keccak_state){
(Hacl_Hash_SHA3_state_t){
.block_state = block_state1,
.buf = buf,
.total_len = total_len1 + (uint64_t)(len - diff)
.total_len = total_len1 + (uint64_t)(chunk_len - diff)
}
);
}
@ -421,19 +415,19 @@ Hacl_Streaming_Keccak_update(Hacl_Streaming_Keccak_state *p, uint8_t *data, uint
}
static void
finish_(
digest_(
Spec_Hash_Definitions_hash_alg a,
Hacl_Streaming_Keccak_state *p,
uint8_t *dst,
Hacl_Hash_SHA3_state_t *state,
uint8_t *output,
uint32_t l
)
{
Hacl_Streaming_Keccak_state scrut0 = *p;
Hacl_Streaming_Keccak_hash_buf block_state = scrut0.block_state;
Hacl_Hash_SHA3_state_t scrut0 = *state;
Hacl_Hash_SHA3_hash_buf block_state = scrut0.block_state;
uint8_t *buf_ = scrut0.buf;
uint64_t total_len = scrut0.total_len;
uint32_t r;
if (total_len % (uint64_t)block_len(a) == (uint64_t)0U && total_len > (uint64_t)0U)
if (total_len % (uint64_t)block_len(a) == 0ULL && total_len > 0ULL)
{
r = block_len(a);
}
@ -443,25 +437,25 @@ finish_(
}
uint8_t *buf_1 = buf_;
uint64_t buf[25U] = { 0U };
Hacl_Streaming_Keccak_hash_buf tmp_block_state = { .fst = a, .snd = buf };
Hacl_Hash_SHA3_hash_buf tmp_block_state = { .fst = a, .snd = buf };
hash_buf2 scrut = { .fst = block_state, .snd = tmp_block_state };
uint64_t *s_dst = scrut.snd.snd;
uint64_t *s_src = scrut.fst.snd;
memcpy(s_dst, s_src, (uint32_t)25U * sizeof (uint64_t));
uint32_t ite0;
if (r % block_len(a) == (uint32_t)0U && r > (uint32_t)0U)
memcpy(s_dst, s_src, 25U * sizeof (uint64_t));
uint32_t ite;
if (r % block_len(a) == 0U && r > 0U)
{
ite0 = block_len(a);
ite = block_len(a);
}
else
{
ite0 = r % block_len(a);
ite = r % block_len(a);
}
uint8_t *buf_last = buf_1 + r - ite0;
uint8_t *buf_last = buf_1 + r - ite;
uint8_t *buf_multi = buf_1;
Spec_Hash_Definitions_hash_alg a1 = tmp_block_state.fst;
uint64_t *s0 = tmp_block_state.snd;
Hacl_Hash_SHA3_update_multi_sha3(a1, s0, buf_multi, (uint32_t)0U / block_len(a1));
Hacl_Hash_SHA3_update_multi_sha3(a1, s0, buf_multi, 0U / block_len(a1));
Spec_Hash_Definitions_hash_alg a10 = tmp_block_state.fst;
uint64_t *s1 = tmp_block_state.snd;
Hacl_Hash_SHA3_update_last_sha3(a10, s1, buf_last, r);
@ -469,267 +463,182 @@ finish_(
uint64_t *s = tmp_block_state.snd;
if (a11 == Spec_Hash_Definitions_Shake128 || a11 == Spec_Hash_Definitions_Shake256)
{
uint32_t ite;
if (a11 == Spec_Hash_Definitions_Shake128 || a11 == Spec_Hash_Definitions_Shake256)
{
ite = l;
}
else
{
ite = hash_len(a11);
}
Hacl_Impl_SHA3_squeeze(s, block_len(a11), ite, dst);
Hacl_Hash_SHA3_squeeze0(s, block_len(a11), l, output);
return;
}
Hacl_Impl_SHA3_squeeze(s, block_len(a11), hash_len(a11), dst);
Hacl_Hash_SHA3_squeeze0(s, block_len(a11), hash_len(a11), output);
}
Hacl_Streaming_Types_error_code
Hacl_Streaming_Keccak_finish(Hacl_Streaming_Keccak_state *s, uint8_t *dst)
Hacl_Hash_SHA3_digest(Hacl_Hash_SHA3_state_t *state, uint8_t *output)
{
Spec_Hash_Definitions_hash_alg a1 = Hacl_Streaming_Keccak_get_alg(s);
Spec_Hash_Definitions_hash_alg a1 = Hacl_Hash_SHA3_get_alg(state);
if (a1 == Spec_Hash_Definitions_Shake128 || a1 == Spec_Hash_Definitions_Shake256)
{
return Hacl_Streaming_Types_InvalidAlgorithm;
}
finish_(a1, s, dst, hash_len(a1));
digest_(a1, state, output, hash_len(a1));
return Hacl_Streaming_Types_Success;
}
Hacl_Streaming_Types_error_code
Hacl_Streaming_Keccak_squeeze(Hacl_Streaming_Keccak_state *s, uint8_t *dst, uint32_t l)
Hacl_Hash_SHA3_squeeze(Hacl_Hash_SHA3_state_t *s, uint8_t *dst, uint32_t l)
{
Spec_Hash_Definitions_hash_alg a1 = Hacl_Streaming_Keccak_get_alg(s);
Spec_Hash_Definitions_hash_alg a1 = Hacl_Hash_SHA3_get_alg(s);
if (!(a1 == Spec_Hash_Definitions_Shake128 || a1 == Spec_Hash_Definitions_Shake256))
{
return Hacl_Streaming_Types_InvalidAlgorithm;
}
if (l == (uint32_t)0U)
if (l == 0U)
{
return Hacl_Streaming_Types_InvalidLength;
}
finish_(a1, s, dst, l);
digest_(a1, s, dst, l);
return Hacl_Streaming_Types_Success;
}
uint32_t Hacl_Streaming_Keccak_block_len(Hacl_Streaming_Keccak_state *s)
uint32_t Hacl_Hash_SHA3_block_len(Hacl_Hash_SHA3_state_t *s)
{
Spec_Hash_Definitions_hash_alg a1 = Hacl_Streaming_Keccak_get_alg(s);
Spec_Hash_Definitions_hash_alg a1 = Hacl_Hash_SHA3_get_alg(s);
return block_len(a1);
}
uint32_t Hacl_Streaming_Keccak_hash_len(Hacl_Streaming_Keccak_state *s)
uint32_t Hacl_Hash_SHA3_hash_len(Hacl_Hash_SHA3_state_t *s)
{
Spec_Hash_Definitions_hash_alg a1 = Hacl_Streaming_Keccak_get_alg(s);
Spec_Hash_Definitions_hash_alg a1 = Hacl_Hash_SHA3_get_alg(s);
return hash_len(a1);
}
bool Hacl_Streaming_Keccak_is_shake(Hacl_Streaming_Keccak_state *s)
bool Hacl_Hash_SHA3_is_shake(Hacl_Hash_SHA3_state_t *s)
{
Spec_Hash_Definitions_hash_alg uu____0 = Hacl_Streaming_Keccak_get_alg(s);
Spec_Hash_Definitions_hash_alg uu____0 = Hacl_Hash_SHA3_get_alg(s);
return uu____0 == Spec_Hash_Definitions_Shake128 || uu____0 == Spec_Hash_Definitions_Shake256;
}
void
Hacl_SHA3_shake128_hacl(
Hacl_Hash_SHA3_shake128_hacl(
uint32_t inputByteLen,
uint8_t *input,
uint32_t outputByteLen,
uint8_t *output
)
{
Hacl_Impl_SHA3_keccak((uint32_t)1344U,
(uint32_t)256U,
inputByteLen,
input,
(uint8_t)0x1FU,
outputByteLen,
output);
Hacl_Hash_SHA3_keccak(1344U, 256U, inputByteLen, input, 0x1FU, outputByteLen, output);
}
void
Hacl_SHA3_shake256_hacl(
Hacl_Hash_SHA3_shake256_hacl(
uint32_t inputByteLen,
uint8_t *input,
uint32_t outputByteLen,
uint8_t *output
)
{
Hacl_Impl_SHA3_keccak((uint32_t)1088U,
(uint32_t)512U,
inputByteLen,
input,
(uint8_t)0x1FU,
outputByteLen,
output);
Hacl_Hash_SHA3_keccak(1088U, 512U, inputByteLen, input, 0x1FU, outputByteLen, output);
}
void Hacl_SHA3_sha3_224(uint32_t inputByteLen, uint8_t *input, uint8_t *output)
void Hacl_Hash_SHA3_sha3_224(uint8_t *output, uint8_t *input, uint32_t input_len)
{
Hacl_Impl_SHA3_keccak((uint32_t)1152U,
(uint32_t)448U,
inputByteLen,
input,
(uint8_t)0x06U,
(uint32_t)28U,
output);
Hacl_Hash_SHA3_keccak(1152U, 448U, input_len, input, 0x06U, 28U, output);
}
void Hacl_SHA3_sha3_256(uint32_t inputByteLen, uint8_t *input, uint8_t *output)
void Hacl_Hash_SHA3_sha3_256(uint8_t *output, uint8_t *input, uint32_t input_len)
{
Hacl_Impl_SHA3_keccak((uint32_t)1088U,
(uint32_t)512U,
inputByteLen,
input,
(uint8_t)0x06U,
(uint32_t)32U,
output);
Hacl_Hash_SHA3_keccak(1088U, 512U, input_len, input, 0x06U, 32U, output);
}
void Hacl_SHA3_sha3_384(uint32_t inputByteLen, uint8_t *input, uint8_t *output)
void Hacl_Hash_SHA3_sha3_384(uint8_t *output, uint8_t *input, uint32_t input_len)
{
Hacl_Impl_SHA3_keccak((uint32_t)832U,
(uint32_t)768U,
inputByteLen,
input,
(uint8_t)0x06U,
(uint32_t)48U,
output);
Hacl_Hash_SHA3_keccak(832U, 768U, input_len, input, 0x06U, 48U, output);
}
void Hacl_SHA3_sha3_512(uint32_t inputByteLen, uint8_t *input, uint8_t *output)
void Hacl_Hash_SHA3_sha3_512(uint8_t *output, uint8_t *input, uint32_t input_len)
{
Hacl_Impl_SHA3_keccak((uint32_t)576U,
(uint32_t)1024U,
inputByteLen,
input,
(uint8_t)0x06U,
(uint32_t)64U,
output);
Hacl_Hash_SHA3_keccak(576U, 1024U, input_len, input, 0x06U, 64U, output);
}
static const
uint32_t
keccak_rotc[24U] =
{
(uint32_t)1U, (uint32_t)3U, (uint32_t)6U, (uint32_t)10U, (uint32_t)15U, (uint32_t)21U,
(uint32_t)28U, (uint32_t)36U, (uint32_t)45U, (uint32_t)55U, (uint32_t)2U, (uint32_t)14U,
(uint32_t)27U, (uint32_t)41U, (uint32_t)56U, (uint32_t)8U, (uint32_t)25U, (uint32_t)43U,
(uint32_t)62U, (uint32_t)18U, (uint32_t)39U, (uint32_t)61U, (uint32_t)20U, (uint32_t)44U
1U, 3U, 6U, 10U, 15U, 21U, 28U, 36U, 45U, 55U, 2U, 14U, 27U, 41U, 56U, 8U, 25U, 43U, 62U, 18U,
39U, 61U, 20U, 44U
};
static const
uint32_t
keccak_piln[24U] =
{
(uint32_t)10U, (uint32_t)7U, (uint32_t)11U, (uint32_t)17U, (uint32_t)18U, (uint32_t)3U,
(uint32_t)5U, (uint32_t)16U, (uint32_t)8U, (uint32_t)21U, (uint32_t)24U, (uint32_t)4U,
(uint32_t)15U, (uint32_t)23U, (uint32_t)19U, (uint32_t)13U, (uint32_t)12U, (uint32_t)2U,
(uint32_t)20U, (uint32_t)14U, (uint32_t)22U, (uint32_t)9U, (uint32_t)6U, (uint32_t)1U
10U, 7U, 11U, 17U, 18U, 3U, 5U, 16U, 8U, 21U, 24U, 4U, 15U, 23U, 19U, 13U, 12U, 2U, 20U, 14U,
22U, 9U, 6U, 1U
};
static const
uint64_t
keccak_rndc[24U] =
{
(uint64_t)0x0000000000000001U, (uint64_t)0x0000000000008082U, (uint64_t)0x800000000000808aU,
(uint64_t)0x8000000080008000U, (uint64_t)0x000000000000808bU, (uint64_t)0x0000000080000001U,
(uint64_t)0x8000000080008081U, (uint64_t)0x8000000000008009U, (uint64_t)0x000000000000008aU,
(uint64_t)0x0000000000000088U, (uint64_t)0x0000000080008009U, (uint64_t)0x000000008000000aU,
(uint64_t)0x000000008000808bU, (uint64_t)0x800000000000008bU, (uint64_t)0x8000000000008089U,
(uint64_t)0x8000000000008003U, (uint64_t)0x8000000000008002U, (uint64_t)0x8000000000000080U,
(uint64_t)0x000000000000800aU, (uint64_t)0x800000008000000aU, (uint64_t)0x8000000080008081U,
(uint64_t)0x8000000000008080U, (uint64_t)0x0000000080000001U, (uint64_t)0x8000000080008008U
0x0000000000000001ULL, 0x0000000000008082ULL, 0x800000000000808aULL, 0x8000000080008000ULL,
0x000000000000808bULL, 0x0000000080000001ULL, 0x8000000080008081ULL, 0x8000000000008009ULL,
0x000000000000008aULL, 0x0000000000000088ULL, 0x0000000080008009ULL, 0x000000008000000aULL,
0x000000008000808bULL, 0x800000000000008bULL, 0x8000000000008089ULL, 0x8000000000008003ULL,
0x8000000000008002ULL, 0x8000000000000080ULL, 0x000000000000800aULL, 0x800000008000000aULL,
0x8000000080008081ULL, 0x8000000000008080ULL, 0x0000000080000001ULL, 0x8000000080008008ULL
};
void Hacl_Impl_SHA3_state_permute(uint64_t *s)
void Hacl_Hash_SHA3_state_permute(uint64_t *s)
{
for (uint32_t i0 = (uint32_t)0U; i0 < (uint32_t)24U; i0++)
for (uint32_t i0 = 0U; i0 < 24U; i0++)
{
uint64_t _C[5U] = { 0U };
KRML_MAYBE_FOR5(i,
(uint32_t)0U,
(uint32_t)5U,
(uint32_t)1U,
_C[i] =
s[i
+ (uint32_t)0U]
^
(s[i
+ (uint32_t)5U]
^ (s[i + (uint32_t)10U] ^ (s[i + (uint32_t)15U] ^ s[i + (uint32_t)20U]))););
0U,
5U,
1U,
_C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U]))););
KRML_MAYBE_FOR5(i1,
(uint32_t)0U,
(uint32_t)5U,
(uint32_t)1U,
uint64_t uu____0 = _C[(i1 + (uint32_t)1U) % (uint32_t)5U];
uint64_t
_D =
_C[(i1 + (uint32_t)4U)
% (uint32_t)5U]
^ (uu____0 << (uint32_t)1U | uu____0 >> (uint32_t)63U);
KRML_MAYBE_FOR5(i,
(uint32_t)0U,
(uint32_t)5U,
(uint32_t)1U,
s[i1 + (uint32_t)5U * i] = s[i1 + (uint32_t)5U * i] ^ _D;););
0U,
5U,
1U,
uint64_t uu____0 = _C[(i1 + 1U) % 5U];
uint64_t _D = _C[(i1 + 4U) % 5U] ^ (uu____0 << 1U | uu____0 >> 63U);
KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i1 + 5U * i] = s[i1 + 5U * i] ^ _D;););
uint64_t x = s[1U];
uint64_t current = x;
for (uint32_t i = (uint32_t)0U; i < (uint32_t)24U; i++)
for (uint32_t i = 0U; i < 24U; i++)
{
uint32_t _Y = keccak_piln[i];
uint32_t r = keccak_rotc[i];
uint64_t temp = s[_Y];
uint64_t uu____1 = current;
s[_Y] = uu____1 << r | uu____1 >> ((uint32_t)64U - r);
s[_Y] = uu____1 << r | uu____1 >> (64U - r);
current = temp;
}
KRML_MAYBE_FOR5(i,
(uint32_t)0U,
(uint32_t)5U,
(uint32_t)1U,
uint64_t
v0 =
s[(uint32_t)0U
+ (uint32_t)5U * i]
^ (~s[(uint32_t)1U + (uint32_t)5U * i] & s[(uint32_t)2U + (uint32_t)5U * i]);
uint64_t
v1 =
s[(uint32_t)1U
+ (uint32_t)5U * i]
^ (~s[(uint32_t)2U + (uint32_t)5U * i] & s[(uint32_t)3U + (uint32_t)5U * i]);
uint64_t
v2 =
s[(uint32_t)2U
+ (uint32_t)5U * i]
^ (~s[(uint32_t)3U + (uint32_t)5U * i] & s[(uint32_t)4U + (uint32_t)5U * i]);
uint64_t
v3 =
s[(uint32_t)3U
+ (uint32_t)5U * i]
^ (~s[(uint32_t)4U + (uint32_t)5U * i] & s[(uint32_t)0U + (uint32_t)5U * i]);
uint64_t
v4 =
s[(uint32_t)4U
+ (uint32_t)5U * i]
^ (~s[(uint32_t)0U + (uint32_t)5U * i] & s[(uint32_t)1U + (uint32_t)5U * i]);
s[(uint32_t)0U + (uint32_t)5U * i] = v0;
s[(uint32_t)1U + (uint32_t)5U * i] = v1;
s[(uint32_t)2U + (uint32_t)5U * i] = v2;
s[(uint32_t)3U + (uint32_t)5U * i] = v3;
s[(uint32_t)4U + (uint32_t)5U * i] = v4;);
0U,
5U,
1U,
uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]);
uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]);
uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]);
uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]);
uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]);
s[0U + 5U * i] = v0;
s[1U + 5U * i] = v1;
s[2U + 5U * i] = v2;
s[3U + 5U * i] = v3;
s[4U + 5U * i] = v4;);
uint64_t c = keccak_rndc[i0];
s[0U] = s[0U] ^ c;
}
}
void Hacl_Impl_SHA3_loadState(uint32_t rateInBytes, uint8_t *input, uint64_t *s)
void Hacl_Hash_SHA3_loadState(uint32_t rateInBytes, uint8_t *input, uint64_t *s)
{
uint8_t block[200U] = { 0U };
memcpy(block, input, rateInBytes * sizeof (uint8_t));
for (uint32_t i = (uint32_t)0U; i < (uint32_t)25U; i++)
for (uint32_t i = 0U; i < 25U; i++)
{
uint64_t u = load64_le(block + i * (uint32_t)8U);
uint64_t u = load64_le(block + i * 8U);
uint64_t x = u;
s[i] = s[i] ^ x;
}
@ -738,18 +647,18 @@ void Hacl_Impl_SHA3_loadState(uint32_t rateInBytes, uint8_t *input, uint64_t *s)
static void storeState(uint32_t rateInBytes, uint64_t *s, uint8_t *res)
{
uint8_t block[200U] = { 0U };
for (uint32_t i = (uint32_t)0U; i < (uint32_t)25U; i++)
for (uint32_t i = 0U; i < 25U; i++)
{
uint64_t sj = s[i];
store64_le(block + i * (uint32_t)8U, sj);
store64_le(block + i * 8U, sj);
}
memcpy(res, block, rateInBytes * sizeof (uint8_t));
}
void Hacl_Impl_SHA3_absorb_inner(uint32_t rateInBytes, uint8_t *block, uint64_t *s)
void Hacl_Hash_SHA3_absorb_inner(uint32_t rateInBytes, uint8_t *block, uint64_t *s)
{
Hacl_Impl_SHA3_loadState(rateInBytes, block, s);
Hacl_Impl_SHA3_state_permute(s);
Hacl_Hash_SHA3_loadState(rateInBytes, block, s);
Hacl_Hash_SHA3_state_permute(s);
}
static void
@ -763,30 +672,30 @@ absorb(
{
uint32_t n_blocks = inputByteLen / rateInBytes;
uint32_t rem = inputByteLen % rateInBytes;
for (uint32_t i = (uint32_t)0U; i < n_blocks; i++)
for (uint32_t i = 0U; i < n_blocks; i++)
{
uint8_t *block = input + i * rateInBytes;
Hacl_Impl_SHA3_absorb_inner(rateInBytes, block, s);
Hacl_Hash_SHA3_absorb_inner(rateInBytes, block, s);
}
uint8_t *last = input + n_blocks * rateInBytes;
uint8_t lastBlock_[200U] = { 0U };
uint8_t *lastBlock = lastBlock_;
memcpy(lastBlock, last, rem * sizeof (uint8_t));
lastBlock[rem] = delimitedSuffix;
Hacl_Impl_SHA3_loadState(rateInBytes, lastBlock, s);
if (!((delimitedSuffix & (uint8_t)0x80U) == (uint8_t)0U) && rem == rateInBytes - (uint32_t)1U)
Hacl_Hash_SHA3_loadState(rateInBytes, lastBlock, s);
if (!(((uint32_t)delimitedSuffix & 0x80U) == 0U) && rem == rateInBytes - 1U)
{
Hacl_Impl_SHA3_state_permute(s);
Hacl_Hash_SHA3_state_permute(s);
}
uint8_t nextBlock_[200U] = { 0U };
uint8_t *nextBlock = nextBlock_;
nextBlock[rateInBytes - (uint32_t)1U] = (uint8_t)0x80U;
Hacl_Impl_SHA3_loadState(rateInBytes, nextBlock, s);
Hacl_Impl_SHA3_state_permute(s);
nextBlock[rateInBytes - 1U] = 0x80U;
Hacl_Hash_SHA3_loadState(rateInBytes, nextBlock, s);
Hacl_Hash_SHA3_state_permute(s);
}
void
Hacl_Impl_SHA3_squeeze(
Hacl_Hash_SHA3_squeeze0(
uint64_t *s,
uint32_t rateInBytes,
uint32_t outputByteLen,
@ -797,16 +706,16 @@ Hacl_Impl_SHA3_squeeze(
uint32_t remOut = outputByteLen % rateInBytes;
uint8_t *last = output + outputByteLen - remOut;
uint8_t *blocks = output;
for (uint32_t i = (uint32_t)0U; i < outBlocks; i++)
for (uint32_t i = 0U; i < outBlocks; i++)
{
storeState(rateInBytes, s, blocks + i * rateInBytes);
Hacl_Impl_SHA3_state_permute(s);
Hacl_Hash_SHA3_state_permute(s);
}
storeState(remOut, s, last);
}
void
Hacl_Impl_SHA3_keccak(
Hacl_Hash_SHA3_keccak(
uint32_t rate,
uint32_t capacity,
uint32_t inputByteLen,
@ -816,9 +725,10 @@ Hacl_Impl_SHA3_keccak(
uint8_t *output
)
{
uint32_t rateInBytes = rate / (uint32_t)8U;
KRML_MAYBE_UNUSED_VAR(capacity);
uint32_t rateInBytes = rate / 8U;
uint64_t s[25U] = { 0U };
absorb(s, rateInBytes, inputByteLen, input, delimitedSuffix);
Hacl_Impl_SHA3_squeeze(s, rateInBytes, outputByteLen, output);
Hacl_Hash_SHA3_squeeze0(s, rateInBytes, outputByteLen, output);
}

51
Modules/_hacl/Hacl_Hash_SHA3.h
View File

@ -31,54 +31,55 @@ extern "C" {
#endif
#include <string.h>
#include "python_hacl_namespaces.h"
#include "krml/types.h"
#include "krml/lowstar_endianness.h"
#include "krml/internal/target.h"
#include "Hacl_Streaming_Types.h"
typedef struct Hacl_Streaming_Keccak_hash_buf_s
typedef struct Hacl_Hash_SHA3_hash_buf_s
{
Spec_Hash_Definitions_hash_alg fst;
uint64_t *snd;
}
Hacl_Streaming_Keccak_hash_buf;
Hacl_Hash_SHA3_hash_buf;
typedef struct Hacl_Streaming_Keccak_state_s
typedef struct Hacl_Hash_SHA3_state_t_s
{
Hacl_Streaming_Keccak_hash_buf block_state;
Hacl_Hash_SHA3_hash_buf block_state;
uint8_t *buf;
uint64_t total_len;
}
Hacl_Streaming_Keccak_state;
Hacl_Hash_SHA3_state_t;
Spec_Hash_Definitions_hash_alg Hacl_Streaming_Keccak_get_alg(Hacl_Streaming_Keccak_state *s);
Spec_Hash_Definitions_hash_alg Hacl_Hash_SHA3_get_alg(Hacl_Hash_SHA3_state_t *s);
Hacl_Streaming_Keccak_state *Hacl_Streaming_Keccak_malloc(Spec_Hash_Definitions_hash_alg a);
Hacl_Hash_SHA3_state_t *Hacl_Hash_SHA3_malloc(Spec_Hash_Definitions_hash_alg a);
void Hacl_Streaming_Keccak_free(Hacl_Streaming_Keccak_state *s);
void Hacl_Hash_SHA3_free(Hacl_Hash_SHA3_state_t *state);
Hacl_Streaming_Keccak_state *Hacl_Streaming_Keccak_copy(Hacl_Streaming_Keccak_state *s0);
Hacl_Hash_SHA3_state_t *Hacl_Hash_SHA3_copy(Hacl_Hash_SHA3_state_t *state);
void Hacl_Streaming_Keccak_reset(Hacl_Streaming_Keccak_state *s);
void Hacl_Hash_SHA3_reset(Hacl_Hash_SHA3_state_t *state);
Hacl_Streaming_Types_error_code
Hacl_Streaming_Keccak_update(Hacl_Streaming_Keccak_state *p, uint8_t *data, uint32_t len);
Hacl_Hash_SHA3_update(Hacl_Hash_SHA3_state_t *state, uint8_t *chunk, uint32_t chunk_len);
Hacl_Streaming_Types_error_code
Hacl_Streaming_Keccak_finish(Hacl_Streaming_Keccak_state *s, uint8_t *dst);
Hacl_Hash_SHA3_digest(Hacl_Hash_SHA3_state_t *state, uint8_t *output);
Hacl_Streaming_Types_error_code
Hacl_Streaming_Keccak_squeeze(Hacl_Streaming_Keccak_state *s, uint8_t *dst, uint32_t l);
Hacl_Hash_SHA3_squeeze(Hacl_Hash_SHA3_state_t *s, uint8_t *dst, uint32_t l);
uint32_t Hacl_Streaming_Keccak_block_len(Hacl_Streaming_Keccak_state *s);
uint32_t Hacl_Hash_SHA3_block_len(Hacl_Hash_SHA3_state_t *s);
uint32_t Hacl_Streaming_Keccak_hash_len(Hacl_Streaming_Keccak_state *s);
uint32_t Hacl_Hash_SHA3_hash_len(Hacl_Hash_SHA3_state_t *s);
bool Hacl_Streaming_Keccak_is_shake(Hacl_Streaming_Keccak_state *s);
bool Hacl_Hash_SHA3_is_shake(Hacl_Hash_SHA3_state_t *s);
void
Hacl_SHA3_shake128_hacl(
Hacl_Hash_SHA3_shake128_hacl(
uint32_t inputByteLen,
uint8_t *input,
uint32_t outputByteLen,
@ -86,25 +87,25 @@ Hacl_SHA3_shake128_hacl(
);
void
Hacl_SHA3_shake256_hacl(
Hacl_Hash_SHA3_shake256_hacl(
uint32_t inputByteLen,
uint8_t *input,
uint32_t outputByteLen,
uint8_t *output
);
void Hacl_SHA3_sha3_224(uint32_t inputByteLen, uint8_t *input, uint8_t *output);
void Hacl_Hash_SHA3_sha3_224(uint8_t *output, uint8_t *input, uint32_t input_len);
void Hacl_SHA3_sha3_256(uint32_t inputByteLen, uint8_t *input, uint8_t *output);
void Hacl_Hash_SHA3_sha3_256(uint8_t *output, uint8_t *input, uint32_t input_len);
void Hacl_SHA3_sha3_384(uint32_t inputByteLen, uint8_t *input, uint8_t *output);
void Hacl_Hash_SHA3_sha3_384(uint8_t *output, uint8_t *input, uint32_t input_len);
void Hacl_SHA3_sha3_512(uint32_t inputByteLen, uint8_t *input, uint8_t *output);
void Hacl_Hash_SHA3_sha3_512(uint8_t *output, uint8_t *input, uint32_t input_len);
void Hacl_Impl_SHA3_absorb_inner(uint32_t rateInBytes, uint8_t *block, uint64_t *s);
void Hacl_Hash_SHA3_absorb_inner(uint32_t rateInBytes, uint8_t *block, uint64_t *s);
void
Hacl_Impl_SHA3_squeeze(
Hacl_Hash_SHA3_squeeze0(
uint64_t *s,
uint32_t rateInBytes,
uint32_t outputByteLen,
@ -112,7 +113,7 @@ Hacl_Impl_SHA3_squeeze(
);
void
Hacl_Impl_SHA3_keccak(
Hacl_Hash_SHA3_keccak(
uint32_t rate,
uint32_t capacity,
uint32_t inputByteLen,

18
Modules/_hacl/include/krml/FStar_UInt128_Verified.h
View File

@ -15,7 +15,7 @@
static inline uint64_t FStar_UInt128_constant_time_carry(uint64_t a, uint64_t b)
{
return (a ^ ((a ^ b) | ((a - b) ^ b))) >> (uint32_t)63U;
return (a ^ ((a ^ b) | ((a - b) ^ b))) >> 63U;
}
static inline uint64_t FStar_UInt128_carry(uint64_t a, uint64_t b)
@ -118,7 +118,7 @@ static inline FStar_UInt128_uint128 FStar_UInt128_lognot(FStar_UInt128_uint128 a
return lit;
}
static uint32_t FStar_UInt128_u32_64 = (uint32_t)64U;
static uint32_t FStar_UInt128_u32_64 = 64U;
static inline uint64_t FStar_UInt128_add_u64_shift_left(uint64_t hi, uint64_t lo, uint32_t s)
{
@ -134,7 +134,7 @@ FStar_UInt128_add_u64_shift_left_respec(uint64_t hi, uint64_t lo, uint32_t s)
static inline FStar_UInt128_uint128
FStar_UInt128_shift_left_small(FStar_UInt128_uint128 a, uint32_t s)
{
if (s == (uint32_t)0U)
if (s == 0U)
{
return a;
}
@ -151,7 +151,7 @@ static inline FStar_UInt128_uint128
FStar_UInt128_shift_left_large(FStar_UInt128_uint128 a, uint32_t s)
{
FStar_UInt128_uint128 lit;
lit.low = (uint64_t)0U;
lit.low = 0ULL;
lit.high = a.low << (s - FStar_UInt128_u32_64);
return lit;
}
@ -183,7 +183,7 @@ FStar_UInt128_add_u64_shift_right_respec(uint64_t hi, uint64_t lo, uint32_t s)
static inline FStar_UInt128_uint128
FStar_UInt128_shift_right_small(FStar_UInt128_uint128 a, uint32_t s)
{
if (s == (uint32_t)0U)
if (s == 0U)
{
return a;
}
@ -201,7 +201,7 @@ FStar_UInt128_shift_right_large(FStar_UInt128_uint128 a, uint32_t s)
{
FStar_UInt128_uint128 lit;
lit.low = a.high >> (s - FStar_UInt128_u32_64);
lit.high = (uint64_t)0U;
lit.high = 0ULL;
return lit;
}
@ -269,7 +269,7 @@ static inline FStar_UInt128_uint128 FStar_UInt128_uint64_to_uint128(uint64_t a)
{
FStar_UInt128_uint128 lit;
lit.low = a;
lit.high = (uint64_t)0U;
lit.high = 0ULL;
return lit;
}
@ -280,10 +280,10 @@ static inline uint64_t FStar_UInt128_uint128_to_uint64(FStar_UInt128_uint128 a)
static inline uint64_t FStar_UInt128_u64_mod_32(uint64_t a)
{
return a & (uint64_t)0xffffffffU;
return a & 0xffffffffULL;
}
static uint32_t FStar_UInt128_u32_32 = (uint32_t)32U;
static uint32_t FStar_UInt128_u32_32 = 32U;
static inline uint64_t FStar_UInt128_u32_combine(uint64_t hi, uint64_t lo)
{

84
Modules/_hacl/include/krml/FStar_UInt_8_16_32_64.h
View File

@ -14,16 +14,16 @@
#include "krml/types.h"
#include "krml/internal/target.h"
static inline uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b)
static KRML_NOINLINE uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b)
{
uint64_t x = a ^ b;
uint64_t minus_x = ~x + (uint64_t)1U;
uint64_t minus_x = ~x + 1ULL;
uint64_t x_or_minus_x = x | minus_x;
uint64_t xnx = x_or_minus_x >> (uint32_t)63U;
return xnx - (uint64_t)1U;
uint64_t xnx = x_or_minus_x >> 63U;
return xnx - 1ULL;
}
static inline uint64_t FStar_UInt64_gte_mask(uint64_t a, uint64_t b)
static KRML_NOINLINE uint64_t FStar_UInt64_gte_mask(uint64_t a, uint64_t b)
{
uint64_t x = a;
uint64_t y = b;
@ -32,20 +32,20 @@ static inline uint64_t FStar_UInt64_gte_mask(uint64_t a, uint64_t b)
uint64_t x_sub_y_xor_y = x_sub_y ^ y;
uint64_t q = x_xor_y | x_sub_y_xor_y;
uint64_t x_xor_q = x ^ q;
uint64_t x_xor_q_ = x_xor_q >> (uint32_t)63U;
return x_xor_q_ - (uint64_t)1U;
uint64_t x_xor_q_ = x_xor_q >> 63U;
return x_xor_q_ - 1ULL;
}
static inline uint32_t FStar_UInt32_eq_mask(uint32_t a, uint32_t b)
static KRML_NOINLINE uint32_t FStar_UInt32_eq_mask(uint32_t a, uint32_t b)
{
uint32_t x = a ^ b;
uint32_t minus_x = ~x + (uint32_t)1U;
uint32_t minus_x = ~x + 1U;
uint32_t x_or_minus_x = x | minus_x;
uint32_t xnx = x_or_minus_x >> (uint32_t)31U;
return xnx - (uint32_t)1U;
uint32_t xnx = x_or_minus_x >> 31U;
return xnx - 1U;
}
static inline uint32_t FStar_UInt32_gte_mask(uint32_t a, uint32_t b)
static KRML_NOINLINE uint32_t FStar_UInt32_gte_mask(uint32_t a, uint32_t b)
{
uint32_t x = a;
uint32_t y = b;
@ -54,52 +54,52 @@ static inline uint32_t FStar_UInt32_gte_mask(uint32_t a, uint32_t b)
uint32_t x_sub_y_xor_y = x_sub_y ^ y;
uint32_t q = x_xor_y | x_sub_y_xor_y;
uint32_t x_xor_q = x ^ q;
uint32_t x_xor_q_ = x_xor_q >> (uint32_t)31U;
return x_xor_q_ - (uint32_t)1U;
uint32_t x_xor_q_ = x_xor_q >> 31U;
return x_xor_q_ - 1U;
}
static inline uint16_t FStar_UInt16_eq_mask(uint16_t a, uint16_t b)
static KRML_NOINLINE uint16_t FStar_UInt16_eq_mask(uint16_t a, uint16_t b)
{
uint16_t x = a ^ b;
uint16_t minus_x = ~x + (uint16_t)1U;
uint16_t x_or_minus_x = x | minus_x;
uint16_t xnx = x_or_minus_x >> (uint32_t)15U;
return xnx - (uint16_t)1U;
uint16_t x = (uint32_t)a ^ (uint32_t)b;
uint16_t minus_x = (uint32_t)~x + 1U;
uint16_t x_or_minus_x = (uint32_t)x | (uint32_t)minus_x;
uint16_t xnx = (uint32_t)x_or_minus_x >> 15U;
return (uint32_t)xnx - 1U;
}
static inline uint16_t FStar_UInt16_gte_mask(uint16_t a, uint16_t b)
static KRML_NOINLINE uint16_t FStar_UInt16_gte_mask(uint16_t a, uint16_t b)
{
uint16_t x = a;
uint16_t y = b;
uint16_t x_xor_y = x ^ y;
uint16_t x_sub_y = x - y;
uint16_t x_sub_y_xor_y = x_sub_y ^ y;
uint16_t q = x_xor_y | x_sub_y_xor_y;
uint16_t x_xor_q = x ^ q;
uint16_t x_xor_q_ = x_xor_q >> (uint32_t)15U;
return x_xor_q_ - (uint16_t)1U;
uint16_t x_xor_y = (uint32_t)x ^ (uint32_t)y;
uint16_t x_sub_y = (uint32_t)x - (uint32_t)y;
uint16_t x_sub_y_xor_y = (uint32_t)x_sub_y ^ (uint32_t)y;
uint16_t q = (uint32_t)x_xor_y | (uint32_t)x_sub_y_xor_y;
uint16_t x_xor_q = (uint32_t)x ^ (uint32_t)q;
uint16_t x_xor_q_ = (uint32_t)x_xor_q >> 15U;
return (uint32_t)x_xor_q_ - 1U;
}
static inline uint8_t FStar_UInt8_eq_mask(uint8_t a, uint8_t b)
static KRML_NOINLINE uint8_t FStar_UInt8_eq_mask(uint8_t a, uint8_t b)
{
uint8_t x = a ^ b;
uint8_t minus_x = ~x + (uint8_t)1U;
uint8_t x_or_minus_x = x | minus_x;
uint8_t xnx = x_or_minus_x >> (uint32_t)7U;
return xnx - (uint8_t)1U;
uint8_t x = (uint32_t)a ^ (uint32_t)b;
uint8_t minus_x = (uint32_t)~x + 1U;
uint8_t x_or_minus_x = (uint32_t)x | (uint32_t)minus_x;
uint8_t xnx = (uint32_t)x_or_minus_x >> 7U;
return (uint32_t)xnx - 1U;
}
static inline uint8_t FStar_UInt8_gte_mask(uint8_t a, uint8_t b)
static KRML_NOINLINE uint8_t FStar_UInt8_gte_mask(uint8_t a, uint8_t b)
{
uint8_t x = a;
uint8_t y = b;
uint8_t x_xor_y = x ^ y;
uint8_t x_sub_y = x - y;
uint8_t x_sub_y_xor_y = x_sub_y ^ y;
uint8_t q = x_xor_y | x_sub_y_xor_y;
uint8_t x_xor_q = x ^ q;
uint8_t x_xor_q_ = x_xor_q >> (uint32_t)7U;
return x_xor_q_ - (uint8_t)1U;
uint8_t x_xor_y = (uint32_t)x ^ (uint32_t)y;
uint8_t x_sub_y = (uint32_t)x - (uint32_t)y;
uint8_t x_sub_y_xor_y = (uint32_t)x_sub_y ^ (uint32_t)y;
uint8_t q = (uint32_t)x_xor_y | (uint32_t)x_sub_y_xor_y;
uint8_t x_xor_q = (uint32_t)x ^ (uint32_t)q;
uint8_t x_xor_q_ = (uint32_t)x_xor_q >> 7U;
return (uint32_t)x_xor_q_ - 1U;
}

185
Modules/_hacl/include/krml/internal/target.h
View File

@ -4,13 +4,13 @@
#ifndef __KRML_TARGET_H
#define __KRML_TARGET_H
#include <stdlib.h>
#include <stddef.h>
#include <stdio.h>
#include <stdbool.h>
#include <assert.h>
#include <inttypes.h>
#include <limits.h>
#include <assert.h>
#include <stdbool.h>
#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>
/* Since KaRaMeL emits the inline keyword unconditionally, we follow the
* guidelines at https://gcc.gnu.org/onlinedocs/gcc/Inline.html and make this
@ -57,6 +57,31 @@
# define KRML_HOST_IGNORE(x) (void)(x)
#endif
#ifndef KRML_MAYBE_UNUSED_VAR
# define KRML_MAYBE_UNUSED_VAR(x) KRML_HOST_IGNORE(x)
#endif
#ifndef KRML_MAYBE_UNUSED
# if defined(__GNUC__)
# define KRML_MAYBE_UNUSED __attribute__((unused))
# else
# define KRML_MAYBE_UNUSED
# endif
#endif
#ifndef KRML_NOINLINE
# if defined(_MSC_VER)
# define KRML_NOINLINE __declspec(noinline)
# elif defined (__GNUC__)
# define KRML_NOINLINE __attribute__((noinline,unused))
# else
# define KRML_NOINLINE
# warning "The KRML_NOINLINE macro is not defined for this toolchain!"
# warning "The compiler may defeat side-channel resistance with optimizations."
# warning "Please locate target.h and try to fill it out with a suitable definition for this compiler."
# endif
#endif
/* In FStar.Buffer.fst, the size of arrays is uint32_t, but it's a number of
* *elements*. Do an ugly, run-time check (some of which KaRaMeL can eliminate).
*/
@ -83,184 +108,186 @@
#define KRML_LOOP1(i, n, x) { \
x \
i += n; \
(void) i; \
}
#define KRML_LOOP2(i, n, x) \
KRML_LOOP1(i, n, x) \
#define KRML_LOOP2(i, n, x) \
KRML_LOOP1(i, n, x) \
KRML_LOOP1(i, n, x)
#define KRML_LOOP3(i, n, x) \
KRML_LOOP2(i, n, x) \
#define KRML_LOOP3(i, n, x) \
KRML_LOOP2(i, n, x) \
KRML_LOOP1(i, n, x)
#define KRML_LOOP4(i, n, x) \
KRML_LOOP2(i, n, x) \
#define KRML_LOOP4(i, n, x) \
KRML_LOOP2(i, n, x) \
KRML_LOOP2(i, n, x)
#define KRML_LOOP5(i, n, x) \
KRML_LOOP4(i, n, x) \
#define KRML_LOOP5(i, n, x) \
KRML_LOOP4(i, n, x) \
KRML_LOOP1(i, n, x)
#define KRML_LOOP6(i, n, x) \
KRML_LOOP4(i, n, x) \
#define KRML_LOOP6(i, n, x) \
KRML_LOOP4(i, n, x) \
KRML_LOOP2(i, n, x)
#define KRML_LOOP7(i, n, x) \
KRML_LOOP4(i, n, x) \
#define KRML_LOOP7(i, n, x) \
KRML_LOOP4(i, n, x) \
KRML_LOOP3(i, n, x)
#define KRML_LOOP8(i, n, x) \
KRML_LOOP4(i, n, x) \
#define KRML_LOOP8(i, n, x) \
KRML_LOOP4(i, n, x) \
KRML_LOOP4(i, n, x)
#define KRML_LOOP9(i, n, x) \
KRML_LOOP8(i, n, x) \
#define KRML_LOOP9(i, n, x) \
KRML_LOOP8(i, n, x) \
KRML_LOOP1(i, n, x)
#define KRML_LOOP10(i, n, x) \
KRML_LOOP8(i, n, x) \
#define KRML_LOOP10(i, n, x) \
KRML_LOOP8(i, n, x) \
KRML_LOOP2(i, n, x)
#define KRML_LOOP11(i, n, x) \
KRML_LOOP8(i, n, x) \
#define KRML_LOOP11(i, n, x) \
KRML_LOOP8(i, n, x) \
KRML_LOOP3(i, n, x)
#define KRML_LOOP12(i, n, x) \
KRML_LOOP8(i, n, x) \
#define KRML_LOOP12(i, n, x) \
KRML_LOOP8(i, n, x) \
KRML_LOOP4(i, n, x)
#define KRML_LOOP13(i, n, x) \
KRML_LOOP8(i, n, x) \
#define KRML_LOOP13(i, n, x) \
KRML_LOOP8(i, n, x) \
KRML_LOOP5(i, n, x)
#define KRML_LOOP14(i, n, x) \
KRML_LOOP8(i, n, x) \
#define KRML_LOOP14(i, n, x) \
KRML_LOOP8(i, n, x) \
KRML_LOOP6(i, n, x)
#define KRML_LOOP15(i, n, x) \
KRML_LOOP8(i, n, x) \
#define KRML_LOOP15(i, n, x) \
KRML_LOOP8(i, n, x) \
KRML_LOOP7(i, n, x)
#define KRML_LOOP16(i, n, x) \
KRML_LOOP8(i, n, x) \
#define KRML_LOOP16(i, n, x) \
KRML_LOOP8(i, n, x) \
KRML_LOOP8(i, n, x)
#define KRML_UNROLL_FOR(i, z, n, k, x) do { \
uint32_t i = z; \
KRML_LOOP##n(i, k, x) \
} while (0)
#define KRML_UNROLL_FOR(i, z, n, k, x) \
do { \
uint32_t i = z; \
KRML_LOOP##n(i, k, x) \
} while (0)
#define KRML_ACTUAL_FOR(i, z, n, k, x) \
do { \
for (uint32_t i = z; i < n; i += k) { \
x \
} \
#define KRML_ACTUAL_FOR(i, z, n, k, x) \
do { \
for (uint32_t i = z; i < n; i += k) { \
x \
} \
} while (0)
#ifndef KRML_UNROLL_MAX
#define KRML_UNROLL_MAX 16
# define KRML_UNROLL_MAX 16
#endif
/* 1 is the number of loop iterations, i.e. (n - z)/k as evaluated by krml */
#if 0 <= KRML_UNROLL_MAX
#define KRML_MAYBE_FOR0(i, z, n, k, x)
# define KRML_MAYBE_FOR0(i, z, n, k, x)
#else
#define KRML_MAYBE_FOR0(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
# define KRML_MAYBE_FOR0(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
#endif
#if 1 <= KRML_UNROLL_MAX
#define KRML_MAYBE_FOR1(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 1, k, x)
# define KRML_MAYBE_FOR1(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 1, k, x)
#else
#define KRML_MAYBE_FOR1(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
# define KRML_MAYBE_FOR1(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
#endif
#if 2 <= KRML_UNROLL_MAX
#define KRML_MAYBE_FOR2(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 2, k, x)
# define KRML_MAYBE_FOR2(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 2, k, x)
#else
#define KRML_MAYBE_FOR2(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
# define KRML_MAYBE_FOR2(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
#endif
#if 3 <= KRML_UNROLL_MAX
#define KRML_MAYBE_FOR3(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 3, k, x)
# define KRML_MAYBE_FOR3(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 3, k, x)
#else
#define KRML_MAYBE_FOR3(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
# define KRML_MAYBE_FOR3(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
#endif
#if 4 <= KRML_UNROLL_MAX
#define KRML_MAYBE_FOR4(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 4, k, x)
# define KRML_MAYBE_FOR4(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 4, k, x)
#else
#define KRML_MAYBE_FOR4(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
# define KRML_MAYBE_FOR4(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
#endif
#if 5 <= KRML_UNROLL_MAX
#define KRML_MAYBE_FOR5(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 5, k, x)
# define KRML_MAYBE_FOR5(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 5, k, x)
#else
#define KRML_MAYBE_FOR5(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
# define KRML_MAYBE_FOR5(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
#endif
#if 6 <= KRML_UNROLL_MAX
#define KRML_MAYBE_FOR6(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 6, k, x)
# define KRML_MAYBE_FOR6(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 6, k, x)
#else
#define KRML_MAYBE_FOR6(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
# define KRML_MAYBE_FOR6(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
#endif
#if 7 <= KRML_UNROLL_MAX
#define KRML_MAYBE_FOR7(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 7, k, x)
# define KRML_MAYBE_FOR7(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 7, k, x)
#else
#define KRML_MAYBE_FOR7(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
# define KRML_MAYBE_FOR7(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
#endif
#if 8 <= KRML_UNROLL_MAX
#define KRML_MAYBE_FOR8(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 8, k, x)
# define KRML_MAYBE_FOR8(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 8, k, x)
#else
#define KRML_MAYBE_FOR8(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
# define KRML_MAYBE_FOR8(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
#endif
#if 9 <= KRML_UNROLL_MAX
#define KRML_MAYBE_FOR9(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 9, k, x)
# define KRML_MAYBE_FOR9(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 9, k, x)
#else
#define KRML_MAYBE_FOR9(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
# define KRML_MAYBE_FOR9(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
#endif
#if 10 <= KRML_UNROLL_MAX
#define KRML_MAYBE_FOR10(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 10, k, x)
# define KRML_MAYBE_FOR10(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 10, k, x)
#else
#define KRML_MAYBE_FOR10(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
# define KRML_MAYBE_FOR10(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
#endif
#if 11 <= KRML_UNROLL_MAX
#define KRML_MAYBE_FOR11(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 11, k, x)
# define KRML_MAYBE_FOR11(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 11, k, x)
#else
#define KRML_MAYBE_FOR11(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
# define KRML_MAYBE_FOR11(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
#endif
#if 12 <= KRML_UNROLL_MAX
#define KRML_MAYBE_FOR12(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 12, k, x)
# define KRML_MAYBE_FOR12(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 12, k, x)
#else
#define KRML_MAYBE_FOR12(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
# define KRML_MAYBE_FOR12(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
#endif
#if 13 <= KRML_UNROLL_MAX
#define KRML_MAYBE_FOR13(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 13, k, x)
# define KRML_MAYBE_FOR13(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 13, k, x)
#else
#define KRML_MAYBE_FOR13(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
# define KRML_MAYBE_FOR13(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
#endif
#if 14 <= KRML_UNROLL_MAX
#define KRML_MAYBE_FOR14(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 14, k, x)
# define KRML_MAYBE_FOR14(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 14, k, x)
#else
#define KRML_MAYBE_FOR14(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
# define KRML_MAYBE_FOR14(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
#endif
#if 15 <= KRML_UNROLL_MAX
#define KRML_MAYBE_FOR15(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 15, k, x)
# define KRML_MAYBE_FOR15(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 15, k, x)
#else
#define KRML_MAYBE_FOR15(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
# define KRML_MAYBE_FOR15(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
#endif
#if 16 <= KRML_UNROLL_MAX
#define KRML_MAYBE_FOR16(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 16, k, x)
# define KRML_MAYBE_FOR16(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 16, k, x)
#else
#define KRML_MAYBE_FOR16(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
# define KRML_MAYBE_FOR16(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
#endif
#endif

15
Modules/_hacl/internal/Hacl_Hash_MD5.h
View File

@ -37,21 +37,16 @@ extern "C" {
#include "../Hacl_Hash_MD5.h"
void Hacl_Hash_Core_MD5_legacy_init(uint32_t *s);
void Hacl_Hash_MD5_init(uint32_t *s);
void Hacl_Hash_Core_MD5_legacy_finish(uint32_t *s, uint8_t *dst);
void Hacl_Hash_MD5_finish(uint32_t *s, uint8_t *dst);
void Hacl_Hash_MD5_legacy_update_multi(uint32_t *s, uint8_t *blocks, uint32_t n_blocks);
void Hacl_Hash_MD5_update_multi(uint32_t *s, uint8_t *blocks, uint32_t n_blocks);
void
Hacl_Hash_MD5_legacy_update_last(
uint32_t *s,
uint64_t prev_len,
uint8_t *input,
uint32_t input_len
);
Hacl_Hash_MD5_update_last(uint32_t *s, uint64_t prev_len, uint8_t *input, uint32_t input_len);
void Hacl_Hash_MD5_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst);
void Hacl_Hash_MD5_hash_oneshot(uint8_t *output, uint8_t *input, uint32_t input_len);
#if defined(__cplusplus)
}

15
Modules/_hacl/internal/Hacl_Hash_SHA1.h
View File

@ -37,21 +37,16 @@ extern "C" {
#include "../Hacl_Hash_SHA1.h"
void Hacl_Hash_Core_SHA1_legacy_init(uint32_t *s);
void Hacl_Hash_SHA1_init(uint32_t *s);
void Hacl_Hash_Core_SHA1_legacy_finish(uint32_t *s, uint8_t *dst);
void Hacl_Hash_SHA1_finish(uint32_t *s, uint8_t *dst);
void Hacl_Hash_SHA1_legacy_update_multi(uint32_t *s, uint8_t *blocks, uint32_t n_blocks);
void Hacl_Hash_SHA1_update_multi(uint32_t *s, uint8_t *blocks, uint32_t n_blocks);
void
Hacl_Hash_SHA1_legacy_update_last(
uint32_t *s,
uint64_t prev_len,
uint8_t *input,
uint32_t input_len
);
Hacl_Hash_SHA1_update_last(uint32_t *s, uint64_t prev_len, uint8_t *input, uint32_t input_len);
void Hacl_Hash_SHA1_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst);
void Hacl_Hash_SHA1_hash_oneshot(uint8_t *output, uint8_t *input, uint32_t input_len);
#if defined(__cplusplus)
}

138
Modules/_hacl/internal/Hacl_Hash_SHA2.h
View File

@ -40,141 +40,121 @@ extern "C" {
static const
uint32_t
Hacl_Impl_SHA2_Generic_h224[8U] =
Hacl_Hash_SHA2_h224[8U] =
{
(uint32_t)0xc1059ed8U, (uint32_t)0x367cd507U, (uint32_t)0x3070dd17U, (uint32_t)0xf70e5939U,
(uint32_t)0xffc00b31U, (uint32_t)0x68581511U, (uint32_t)0x64f98fa7U, (uint32_t)0xbefa4fa4U
0xc1059ed8U, 0x367cd507U, 0x3070dd17U, 0xf70e5939U, 0xffc00b31U, 0x68581511U, 0x64f98fa7U,
0xbefa4fa4U
};
static const
uint32_t
Hacl_Impl_SHA2_Generic_h256[8U] =
Hacl_Hash_SHA2_h256[8U] =
{
(uint32_t)0x6a09e667U, (uint32_t)0xbb67ae85U, (uint32_t)0x3c6ef372U, (uint32_t)0xa54ff53aU,
(uint32_t)0x510e527fU, (uint32_t)0x9b05688cU, (uint32_t)0x1f83d9abU, (uint32_t)0x5be0cd19U
0x6a09e667U, 0xbb67ae85U, 0x3c6ef372U, 0xa54ff53aU, 0x510e527fU, 0x9b05688cU, 0x1f83d9abU,
0x5be0cd19U
};
static const
uint64_t
Hacl_Impl_SHA2_Generic_h384[8U] =
Hacl_Hash_SHA2_h384[8U] =
{
(uint64_t)0xcbbb9d5dc1059ed8U, (uint64_t)0x629a292a367cd507U, (uint64_t)0x9159015a3070dd17U,
(uint64_t)0x152fecd8f70e5939U, (uint64_t)0x67332667ffc00b31U, (uint64_t)0x8eb44a8768581511U,
(uint64_t)0xdb0c2e0d64f98fa7U, (uint64_t)0x47b5481dbefa4fa4U
0xcbbb9d5dc1059ed8ULL, 0x629a292a367cd507ULL, 0x9159015a3070dd17ULL, 0x152fecd8f70e5939ULL,
0x67332667ffc00b31ULL, 0x8eb44a8768581511ULL, 0xdb0c2e0d64f98fa7ULL, 0x47b5481dbefa4fa4ULL
};
static const
uint64_t
Hacl_Impl_SHA2_Generic_h512[8U] =
Hacl_Hash_SHA2_h512[8U] =
{
(uint64_t)0x6a09e667f3bcc908U, (uint64_t)0xbb67ae8584caa73bU, (uint64_t)0x3c6ef372fe94f82bU,
(uint64_t)0xa54ff53a5f1d36f1U, (uint64_t)0x510e527fade682d1U, (uint64_t)0x9b05688c2b3e6c1fU,
(uint64_t)0x1f83d9abfb41bd6bU, (uint64_t)0x5be0cd19137e2179U
0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, 0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL,
0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL, 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL
};
static const
uint32_t
Hacl_Impl_SHA2_Generic_k224_256[64U] =
Hacl_Hash_SHA2_k224_256[64U] =
{
(uint32_t)0x428a2f98U, (uint32_t)0x71374491U, (uint32_t)0xb5c0fbcfU, (uint32_t)0xe9b5dba5U,
(uint32_t)0x3956c25bU, (uint32_t)0x59f111f1U, (uint32_t)0x923f82a4U, (uint32_t)0xab1c5ed5U,
(uint32_t)0xd807aa98U, (uint32_t)0x12835b01U, (uint32_t)0x243185beU, (uint32_t)0x550c7dc3U,
(uint32_t)0x72be5d74U, (uint32_t)0x80deb1feU, (uint32_t)0x9bdc06a7U, (uint32_t)0xc19bf174U,
(uint32_t)0xe49b69c1U, (uint32_t)0xefbe4786U, (uint32_t)0x0fc19dc6U, (uint32_t)0x240ca1ccU,
(uint32_t)0x2de92c6fU, (uint32_t)0x4a7484aaU, (uint32_t)0x5cb0a9dcU, (uint32_t)0x76f988daU,
(uint32_t)0x983e5152U, (uint32_t)0xa831c66dU, (uint32_t)0xb00327c8U, (uint32_t)0xbf597fc7U,
(uint32_t)0xc6e00bf3U, (uint32_t)0xd5a79147U, (uint32_t)0x06ca6351U, (uint32_t)0x14292967U,
(uint32_t)0x27b70a85U, (uint32_t)0x2e1b2138U, (uint32_t)0x4d2c6dfcU, (uint32_t)0x53380d13U,
(uint32_t)0x650a7354U, (uint32_t)0x766a0abbU, (uint32_t)0x81c2c92eU, (uint32_t)0x92722c85U,
(uint32_t)0xa2bfe8a1U, (uint32_t)0xa81a664bU, (uint32_t)0xc24b8b70U, (uint32_t)0xc76c51a3U,
(uint32_t)0xd192e819U, (uint32_t)0xd6990624U, (uint32_t)0xf40e3585U, (uint32_t)0x106aa070U,
(uint32_t)0x19a4c116U, (uint32_t)0x1e376c08U, (uint32_t)0x2748774cU, (uint32_t)0x34b0bcb5U,
(uint32_t)0x391c0cb3U, (uint32_t)0x4ed8aa4aU, (uint32_t)0x5b9cca4fU, (uint32_t)0x682e6ff3U,
(uint32_t)0x748f82eeU, (uint32_t)0x78a5636fU, (uint32_t)0x84c87814U, (uint32_t)0x8cc70208U,
(uint32_t)0x90befffaU, (uint32_t)0xa4506cebU, (uint32_t)0xbef9a3f7U, (uint32_t)0xc67178f2U
0x428a2f98U, 0x71374491U, 0xb5c0fbcfU, 0xe9b5dba5U, 0x3956c25bU, 0x59f111f1U, 0x923f82a4U,
0xab1c5ed5U, 0xd807aa98U, 0x12835b01U, 0x243185beU, 0x550c7dc3U, 0x72be5d74U, 0x80deb1feU,
0x9bdc06a7U, 0xc19bf174U, 0xe49b69c1U, 0xefbe4786U, 0x0fc19dc6U, 0x240ca1ccU, 0x2de92c6fU,
0x4a7484aaU, 0x5cb0a9dcU, 0x76f988daU, 0x983e5152U, 0xa831c66dU, 0xb00327c8U, 0xbf597fc7U,
0xc6e00bf3U, 0xd5a79147U, 0x06ca6351U, 0x14292967U, 0x27b70a85U, 0x2e1b2138U, 0x4d2c6dfcU,
0x53380d13U, 0x650a7354U, 0x766a0abbU, 0x81c2c92eU, 0x92722c85U, 0xa2bfe8a1U, 0xa81a664bU,
0xc24b8b70U, 0xc76c51a3U, 0xd192e819U, 0xd6990624U, 0xf40e3585U, 0x106aa070U, 0x19a4c116U,
0x1e376c08U, 0x2748774cU, 0x34b0bcb5U, 0x391c0cb3U, 0x4ed8aa4aU, 0x5b9cca4fU, 0x682e6ff3U,
0x748f82eeU, 0x78a5636fU, 0x84c87814U, 0x8cc70208U, 0x90befffaU, 0xa4506cebU, 0xbef9a3f7U,
0xc67178f2U
};
static const
uint64_t
Hacl_Impl_SHA2_Generic_k384_512[80U] =
Hacl_Hash_SHA2_k384_512[80U] =
{
(uint64_t)0x428a2f98d728ae22U, (uint64_t)0x7137449123ef65cdU, (uint64_t)0xb5c0fbcfec4d3b2fU,
(uint64_t)0xe9b5dba58189dbbcU, (uint64_t)0x3956c25bf348b538U, (uint64_t)0x59f111f1b605d019U,
(uint64_t)0x923f82a4af194f9bU, (uint64_t)0xab1c5ed5da6d8118U, (uint64_t)0xd807aa98a3030242U,
(uint64_t)0x12835b0145706fbeU, (uint64_t)0x243185be4ee4b28cU, (uint64_t)0x550c7dc3d5ffb4e2U,
(uint64_t)0x72be5d74f27b896fU, (uint64_t)0x80deb1fe3b1696b1U, (uint64_t)0x9bdc06a725c71235U,
(uint64_t)0xc19bf174cf692694U, (uint64_t)0xe49b69c19ef14ad2U, (uint64_t)0xefbe4786384f25e3U,
(uint64_t)0x0fc19dc68b8cd5b5U, (uint64_t)0x240ca1cc77ac9c65U, (uint64_t)0x2de92c6f592b0275U,
(uint64_t)0x4a7484aa6ea6e483U, (uint64_t)0x5cb0a9dcbd41fbd4U, (uint64_t)0x76f988da831153b5U,
(uint64_t)0x983e5152ee66dfabU, (uint64_t)0xa831c66d2db43210U, (uint64_t)0xb00327c898fb213fU,
(uint64_t)0xbf597fc7beef0ee4U, (uint64_t)0xc6e00bf33da88fc2U, (uint64_t)0xd5a79147930aa725U,
(uint64_t)0x06ca6351e003826fU, (uint64_t)0x142929670a0e6e70U, (uint64_t)0x27b70a8546d22ffcU,
(uint64_t)0x2e1b21385c26c926U, (uint64_t)0x4d2c6dfc5ac42aedU, (uint64_t)0x53380d139d95b3dfU,
(uint64_t)0x650a73548baf63deU, (uint64_t)0x766a0abb3c77b2a8U, (uint64_t)0x81c2c92e47edaee6U,
(uint64_t)0x92722c851482353bU, (uint64_t)0xa2bfe8a14cf10364U, (uint64_t)0xa81a664bbc423001U,
(uint64_t)0xc24b8b70d0f89791U, (uint64_t)0xc76c51a30654be30U, (uint64_t)0xd192e819d6ef5218U,
(uint64_t)0xd69906245565a910U, (uint64_t)0xf40e35855771202aU, (uint64_t)0x106aa07032bbd1b8U,
(uint64_t)0x19a4c116b8d2d0c8U, (uint64_t)0x1e376c085141ab53U, (uint64_t)0x2748774cdf8eeb99U,
(uint64_t)0x34b0bcb5e19b48a8U, (uint64_t)0x391c0cb3c5c95a63U, (uint64_t)0x4ed8aa4ae3418acbU,
(uint64_t)0x5b9cca4f7763e373U, (uint64_t)0x682e6ff3d6b2b8a3U, (uint64_t)0x748f82ee5defb2fcU,
(uint64_t)0x78a5636f43172f60U, (uint64_t)0x84c87814a1f0ab72U, (uint64_t)0x8cc702081a6439ecU,
(uint64_t)0x90befffa23631e28U, (uint64_t)0xa4506cebde82bde9U, (uint64_t)0xbef9a3f7b2c67915U,
(uint64_t)0xc67178f2e372532bU, (uint64_t)0xca273eceea26619cU, (uint64_t)0xd186b8c721c0c207U,
(uint64_t)0xeada7dd6cde0eb1eU, (uint64_t)0xf57d4f7fee6ed178U, (uint64_t)0x06f067aa72176fbaU,
(uint64_t)0x0a637dc5a2c898a6U, (uint64_t)0x113f9804bef90daeU, (uint64_t)0x1b710b35131c471bU,
(uint64_t)0x28db77f523047d84U, (uint64_t)0x32caab7b40c72493U, (uint64_t)0x3c9ebe0a15c9bebcU,
(uint64_t)0x431d67c49c100d4cU, (uint64_t)0x4cc5d4becb3e42b6U, (uint64_t)0x597f299cfc657e2aU,
(uint64_t)0x5fcb6fab3ad6faecU, (uint64_t)0x6c44198c4a475817U
0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
};
void Hacl_SHA2_Scalar32_sha256_init(uint32_t *hash);
void Hacl_Hash_SHA2_sha256_init(uint32_t *hash);
void Hacl_SHA2_Scalar32_sha256_update_nblocks(uint32_t len, uint8_t *b, uint32_t *st);
void Hacl_Hash_SHA2_sha256_update_nblocks(uint32_t len, uint8_t *b, uint32_t *st);
void
Hacl_SHA2_Scalar32_sha256_update_last(
uint64_t totlen,
uint32_t len,
uint8_t *b,
uint32_t *hash
);
Hacl_Hash_SHA2_sha256_update_last(uint64_t totlen, uint32_t len, uint8_t *b, uint32_t *hash);
void Hacl_SHA2_Scalar32_sha256_finish(uint32_t *st, uint8_t *h);
void Hacl_Hash_SHA2_sha256_finish(uint32_t *st, uint8_t *h);
void Hacl_SHA2_Scalar32_sha224_init(uint32_t *hash);
void Hacl_Hash_SHA2_sha224_init(uint32_t *hash);
void
Hacl_SHA2_Scalar32_sha224_update_last(uint64_t totlen, uint32_t len, uint8_t *b, uint32_t *st);
Hacl_Hash_SHA2_sha224_update_last(uint64_t totlen, uint32_t len, uint8_t *b, uint32_t *st);
void Hacl_SHA2_Scalar32_sha224_finish(uint32_t *st, uint8_t *h);
void Hacl_Hash_SHA2_sha224_finish(uint32_t *st, uint8_t *h);
void Hacl_SHA2_Scalar32_sha512_init(uint64_t *hash);
void Hacl_Hash_SHA2_sha512_init(uint64_t *hash);
void Hacl_SHA2_Scalar32_sha512_update_nblocks(uint32_t len, uint8_t *b, uint64_t *st);
void Hacl_Hash_SHA2_sha512_update_nblocks(uint32_t len, uint8_t *b, uint64_t *st);
void
Hacl_SHA2_Scalar32_sha512_update_last(
Hacl_Hash_SHA2_sha512_update_last(
FStar_UInt128_uint128 totlen,
uint32_t len,
uint8_t *b,
uint64_t *hash
);
void Hacl_SHA2_Scalar32_sha512_finish(uint64_t *st, uint8_t *h);
void Hacl_Hash_SHA2_sha512_finish(uint64_t *st, uint8_t *h);
void Hacl_SHA2_Scalar32_sha384_init(uint64_t *hash);
void Hacl_Hash_SHA2_sha384_init(uint64_t *hash);
void Hacl_SHA2_Scalar32_sha384_update_nblocks(uint32_t len, uint8_t *b, uint64_t *st);
void Hacl_Hash_SHA2_sha384_update_nblocks(uint32_t len, uint8_t *b, uint64_t *st);
void
Hacl_SHA2_Scalar32_sha384_update_last(
Hacl_Hash_SHA2_sha384_update_last(
FStar_UInt128_uint128 totlen,
uint32_t len,
uint8_t *b,
uint64_t *st
);
void Hacl_SHA2_Scalar32_sha384_finish(uint64_t *st, uint8_t *h);
void Hacl_Hash_SHA2_sha384_finish(uint64_t *st, uint8_t *h);
#if defined(__cplusplus)
}

4
Modules/_hacl/internal/Hacl_Hash_SHA3.h
View File

@ -53,9 +53,9 @@ Hacl_Hash_SHA3_update_last_sha3(
uint32_t input_len
);
void Hacl_Impl_SHA3_state_permute(uint64_t *s);
void Hacl_Hash_SHA3_state_permute(uint64_t *s);
void Hacl_Impl_SHA3_loadState(uint32_t rateInBytes, uint8_t *input, uint64_t *s);
void Hacl_Hash_SHA3_loadState(uint32_t rateInBytes, uint8_t *input, uint64_t *s);
#if defined(__cplusplus)
}

119
Modules/_hacl/python_hacl_namespaces.h
View File

@ -5,59 +5,61 @@
* C's excuse for namespaces: Use globally unique names to avoid linkage
* conflicts with builds linking or dynamically loading other code potentially
* using HACL* libraries.
*
* To make sure this is effective: cd Modules && nm -a *.o | grep Hacl
*/
#define Hacl_Streaming_SHA2_state_sha2_224_s python_hashlib_Hacl_Streaming_SHA2_state_sha2_224_s
#define Hacl_Streaming_SHA2_state_sha2_224 python_hashlib_Hacl_Streaming_SHA2_state_sha2_224
#define Hacl_Streaming_SHA2_state_sha2_256 python_hashlib_Hacl_Streaming_SHA2_state_sha2_256
#define Hacl_Streaming_SHA2_state_sha2_384_s python_hashlib_Hacl_Streaming_SHA2_state_sha2_384_s
#define Hacl_Streaming_SHA2_state_sha2_384 python_hashlib_Hacl_Streaming_SHA2_state_sha2_384
#define Hacl_Streaming_SHA2_state_sha2_512 python_hashlib_Hacl_Streaming_SHA2_state_sha2_512
#define Hacl_Streaming_SHA2_create_in_256 python_hashlib_Hacl_Streaming_SHA2_create_in_256
#define Hacl_Streaming_SHA2_create_in_224 python_hashlib_Hacl_Streaming_SHA2_create_in_224
#define Hacl_Streaming_SHA2_create_in_512 python_hashlib_Hacl_Streaming_SHA2_create_in_512
#define Hacl_Streaming_SHA2_create_in_384 python_hashlib_Hacl_Streaming_SHA2_create_in_384
#define Hacl_Streaming_SHA2_copy_256 python_hashlib_Hacl_Streaming_SHA2_copy_256
#define Hacl_Streaming_SHA2_copy_224 python_hashlib_Hacl_Streaming_SHA2_copy_224
#define Hacl_Streaming_SHA2_copy_512 python_hashlib_Hacl_Streaming_SHA2_copy_512
#define Hacl_Streaming_SHA2_copy_384 python_hashlib_Hacl_Streaming_SHA2_copy_384
#define Hacl_Streaming_SHA2_init_256 python_hashlib_Hacl_Streaming_SHA2_init_256
#define Hacl_Streaming_SHA2_init_224 python_hashlib_Hacl_Streaming_SHA2_init_224
#define Hacl_Streaming_SHA2_init_512 python_hashlib_Hacl_Streaming_SHA2_init_512
#define Hacl_Streaming_SHA2_init_384 python_hashlib_Hacl_Streaming_SHA2_init_384
#define Hacl_Hash_SHA2_state_sha2_224_s python_hashlib_Hacl_Hash_SHA2_state_sha2_224_s
#define Hacl_Hash_SHA2_state_sha2_224 python_hashlib_Hacl_Hash_SHA2_state_sha2_224
#define Hacl_Hash_SHA2_state_sha2_256 python_hashlib_Hacl_Hash_SHA2_state_sha2_256
#define Hacl_Hash_SHA2_state_sha2_384_s python_hashlib_Hacl_Hash_SHA2_state_sha2_384_s
#define Hacl_Hash_SHA2_state_sha2_384 python_hashlib_Hacl_Hash_SHA2_state_sha2_384
#define Hacl_Hash_SHA2_state_sha2_512 python_hashlib_Hacl_Hash_SHA2_state_sha2_512
#define Hacl_Hash_SHA2_malloc_256 python_hashlib_Hacl_Hash_SHA2_malloc_256
#define Hacl_Hash_SHA2_malloc_224 python_hashlib_Hacl_Hash_SHA2_malloc_224
#define Hacl_Hash_SHA2_malloc_512 python_hashlib_Hacl_Hash_SHA2_malloc_512
#define Hacl_Hash_SHA2_malloc_384 python_hashlib_Hacl_Hash_SHA2_malloc_384
#define Hacl_Hash_SHA2_copy_256 python_hashlib_Hacl_Hash_SHA2_copy_256
#define Hacl_Hash_SHA2_copy_224 python_hashlib_Hacl_Hash_SHA2_copy_224
#define Hacl_Hash_SHA2_copy_512 python_hashlib_Hacl_Hash_SHA2_copy_512
#define Hacl_Hash_SHA2_copy_384 python_hashlib_Hacl_Hash_SHA2_copy_384
#define Hacl_Hash_SHA2_init_256 python_hashlib_Hacl_Hash_SHA2_init_256
#define Hacl_Hash_SHA2_init_224 python_hashlib_Hacl_Hash_SHA2_init_224
#define Hacl_Hash_SHA2_init_512 python_hashlib_Hacl_Hash_SHA2_init_512
#define Hacl_Hash_SHA2_init_384 python_hashlib_Hacl_Hash_SHA2_init_384
#define Hacl_SHA2_Scalar32_sha512_init python_hashlib_Hacl_SHA2_Scalar32_sha512_init
#define Hacl_Streaming_SHA2_update_256 python_hashlib_Hacl_Streaming_SHA2_update_256
#define Hacl_Streaming_SHA2_update_224 python_hashlib_Hacl_Streaming_SHA2_update_224
#define Hacl_Streaming_SHA2_update_512 python_hashlib_Hacl_Streaming_SHA2_update_512
#define Hacl_Streaming_SHA2_update_384 python_hashlib_Hacl_Streaming_SHA2_update_384
#define Hacl_Streaming_SHA2_finish_256 python_hashlib_Hacl_Streaming_SHA2_finish_256
#define Hacl_Streaming_SHA2_finish_224 python_hashlib_Hacl_Streaming_SHA2_finish_224
#define Hacl_Streaming_SHA2_finish_512 python_hashlib_Hacl_Streaming_SHA2_finish_512
#define Hacl_Streaming_SHA2_finish_384 python_hashlib_Hacl_Streaming_SHA2_finish_384
#define Hacl_Streaming_SHA2_free_256 python_hashlib_Hacl_Streaming_SHA2_free_256
#define Hacl_Streaming_SHA2_free_224 python_hashlib_Hacl_Streaming_SHA2_free_224
#define Hacl_Streaming_SHA2_free_512 python_hashlib_Hacl_Streaming_SHA2_free_512
#define Hacl_Streaming_SHA2_free_384 python_hashlib_Hacl_Streaming_SHA2_free_384
#define Hacl_Streaming_SHA2_sha256 python_hashlib_Hacl_Streaming_SHA2_sha256
#define Hacl_Streaming_SHA2_sha224 python_hashlib_Hacl_Streaming_SHA2_sha224
#define Hacl_Streaming_SHA2_sha512 python_hashlib_Hacl_Streaming_SHA2_sha512
#define Hacl_Streaming_SHA2_sha384 python_hashlib_Hacl_Streaming_SHA2_sha384
#define Hacl_Hash_SHA2_update_256 python_hashlib_Hacl_Hash_SHA2_update_256
#define Hacl_Hash_SHA2_update_224 python_hashlib_Hacl_Hash_SHA2_update_224
#define Hacl_Hash_SHA2_update_512 python_hashlib_Hacl_Hash_SHA2_update_512
#define Hacl_Hash_SHA2_update_384 python_hashlib_Hacl_Hash_SHA2_update_384
#define Hacl_Hash_SHA2_digest_256 python_hashlib_Hacl_Hash_SHA2_digest_256
#define Hacl_Hash_SHA2_digest_224 python_hashlib_Hacl_Hash_SHA2_digest_224
#define Hacl_Hash_SHA2_digest_512 python_hashlib_Hacl_Hash_SHA2_digest_512
#define Hacl_Hash_SHA2_digest_384 python_hashlib_Hacl_Hash_SHA2_digest_384
#define Hacl_Hash_SHA2_free_256 python_hashlib_Hacl_Hash_SHA2_free_256
#define Hacl_Hash_SHA2_free_224 python_hashlib_Hacl_Hash_SHA2_free_224
#define Hacl_Hash_SHA2_free_512 python_hashlib_Hacl_Hash_SHA2_free_512
#define Hacl_Hash_SHA2_free_384 python_hashlib_Hacl_Hash_SHA2_free_384
#define Hacl_Hash_SHA2_sha256 python_hashlib_Hacl_Hash_SHA2_sha256
#define Hacl_Hash_SHA2_sha224 python_hashlib_Hacl_Hash_SHA2_sha224
#define Hacl_Hash_SHA2_sha512 python_hashlib_Hacl_Hash_SHA2_sha512
#define Hacl_Hash_SHA2_sha384 python_hashlib_Hacl_Hash_SHA2_sha384
#define Hacl_Streaming_MD5_legacy_create_in python_hashlib_Hacl_Streaming_MD5_legacy_create_in
#define Hacl_Streaming_MD5_legacy_init python_hashlib_Hacl_Streaming_MD5_legacy_init
#define Hacl_Streaming_MD5_legacy_update python_hashlib_Hacl_Streaming_MD5_legacy_update
#define Hacl_Streaming_MD5_legacy_finish python_hashlib_Hacl_Streaming_MD5_legacy_finish
#define Hacl_Streaming_MD5_legacy_free python_hashlib_Hacl_Streaming_MD5_legacy_free
#define Hacl_Streaming_MD5_legacy_copy python_hashlib_Hacl_Streaming_MD5_legacy_copy
#define Hacl_Streaming_MD5_legacy_hash python_hashlib_Hacl_Streaming_MD5_legacy_hash
#define Hacl_Hash_MD5_malloc python_hashlib_Hacl_Hash_MD5_malloc
#define Hacl_Hash_MD5_init python_hashlib_Hacl_Hash_MD5_init
#define Hacl_Hash_MD5_update python_hashlib_Hacl_Hash_MD5_update
#define Hacl_Hash_MD5_digest python_hashlib_Hacl_Hash_MD5_digest
#define Hacl_Hash_MD5_free python_hashlib_Hacl_Hash_MD5_free
#define Hacl_Hash_MD5_copy python_hashlib_Hacl_Hash_MD5_copy
#define Hacl_Hash_MD5_hash python_hashlib_Hacl_Hash_MD5_hash
#define Hacl_Streaming_SHA1_legacy_create_in python_hashlib_Hacl_Streaming_SHA1_legacy_create_in
#define Hacl_Streaming_SHA1_legacy_init python_hashlib_Hacl_Streaming_SHA1_legacy_init
#define Hacl_Streaming_SHA1_legacy_update python_hashlib_Hacl_Streaming_SHA1_legacy_update
#define Hacl_Streaming_SHA1_legacy_finish python_hashlib_Hacl_Streaming_SHA1_legacy_finish
#define Hacl_Streaming_SHA1_legacy_free python_hashlib_Hacl_Streaming_SHA1_legacy_free
#define Hacl_Streaming_SHA1_legacy_copy python_hashlib_Hacl_Streaming_SHA1_legacy_copy
#define Hacl_Streaming_SHA1_legacy_hash python_hashlib_Hacl_Streaming_SHA1_legacy_hash
#define Hacl_Hash_SHA1_malloc python_hashlib_Hacl_Hash_SHA1_malloc
#define Hacl_Hash_SHA1_init python_hashlib_Hacl_Hash_SHA1_init
#define Hacl_Hash_SHA1_update python_hashlib_Hacl_Hash_SHA1_update
#define Hacl_Hash_SHA1_digest python_hashlib_Hacl_Hash_SHA1_digest
#define Hacl_Hash_SHA1_free python_hashlib_Hacl_Hash_SHA1_free
#define Hacl_Hash_SHA1_copy python_hashlib_Hacl_Hash_SHA1_copy
#define Hacl_Hash_SHA1_hash python_hashlib_Hacl_Hash_SHA1_hash
#define Hacl_Hash_SHA3_update_last_sha3 python_hashlib_Hacl_Hash_SHA3_update_last_sha3
#define Hacl_Hash_SHA3_update_multi_sha3 python_hashlib_Hacl_Hash_SHA3_update_multi_sha3
@ -72,15 +74,16 @@
#define Hacl_SHA3_sha3_512 python_hashlib_Hacl_SHA3_sha3_512
#define Hacl_SHA3_shake128_hacl python_hashlib_Hacl_SHA3_shake128_hacl
#define Hacl_SHA3_shake256_hacl python_hashlib_Hacl_SHA3_shake256_hacl
#define Hacl_Streaming_Keccak_block_len python_hashlib_Hacl_Streaming_Keccak_block_len
#define Hacl_Streaming_Keccak_copy python_hashlib_Hacl_Streaming_Keccak_copy
#define Hacl_Streaming_Keccak_finish python_hashlib_Hacl_Streaming_Keccak_finish
#define Hacl_Streaming_Keccak_free python_hashlib_Hacl_Streaming_Keccak_free
#define Hacl_Streaming_Keccak_get_alg python_hashlib_Hacl_Streaming_Keccak_get_alg
#define Hacl_Streaming_Keccak_hash_len python_hashlib_Hacl_Streaming_Keccak_hash_len
#define Hacl_Streaming_Keccak_is_shake python_hashlib_Hacl_Streaming_Keccak_is_shake
#define Hacl_Streaming_Keccak_malloc python_hashlib_Hacl_Streaming_Keccak_malloc
#define Hacl_Streaming_Keccak_reset python_hashlib_Hacl_Streaming_Keccak_reset
#define Hacl_Streaming_Keccak_update python_hashlib_Hacl_Streaming_Keccak_update
#define Hacl_Hash_SHA3_block_len python_hashlib_Hacl_Hash_SHA3_block_len
#define Hacl_Hash_SHA3_copy python_hashlib_Hacl_Hash_SHA3_copy
#define Hacl_Hash_SHA3_digest python_hashlib_Hacl_Hash_SHA3_digest
#define Hacl_Hash_SHA3_free python_hashlib_Hacl_Hash_SHA3_free
#define Hacl_Hash_SHA3_get_alg python_hashlib_Hacl_Hash_SHA3_get_alg
#define Hacl_Hash_SHA3_hash_len python_hashlib_Hacl_Hash_SHA3_hash_len
#define Hacl_Hash_SHA3_is_shake python_hashlib_Hacl_Hash_SHA3_is_shake
#define Hacl_Hash_SHA3_malloc python_hashlib_Hacl_Hash_SHA3_malloc
#define Hacl_Hash_SHA3_reset python_hashlib_Hacl_Hash_SHA3_reset
#define Hacl_Hash_SHA3_update python_hashlib_Hacl_Hash_SHA3_update
#define Hacl_Hash_SHA3_squeeze python_hashlib_Hacl_Hash_SHA3_squeeze
#endif // _PYTHON_HACL_NAMESPACES_H

4
Modules/_hacl/refresh.sh
View File

@ -22,7 +22,7 @@ fi
# Update this when updating to a new version after verifying that the changes
# the update brings in are good.
expected_hacl_star_rev=521af282fdf6d60227335120f18ae9309a4b8e8c
expected_hacl_star_rev=bb3d0dc8d9d15a5cd51094d5b69e70aa09005ff0
hacl_dir="$(realpath "$1")"
cd "$(dirname "$0")"
@ -127,7 +127,7 @@ $sed -i -z 's!\(extern\|typedef\)[^;]*;\n\n!!g' include/krml/FStar_UInt_8_16_32_
$sed -i 's!#include.*Hacl_Krmllib.h"!!g' "${all_files[@]}"
# Use globally unique names for the Hacl_ C APIs to avoid linkage conflicts.
$sed -i -z 's!#include <string.h>\n!#include <string.h>\n#include "python_hacl_namespaces.h"\n!' Hacl_Hash_SHA2.h
$sed -i -z 's!#include <string.h>\n!#include <string.h>\n#include "python_hacl_namespaces.h"\n!' Hacl_Hash_*.h
# Finally, we remove a bunch of ifdefs from target.h that are, again, useful in
# the general case, but not exercised by the subset of HACL* that we vendor.

18
Modules/md5module.c
View File

@ -51,7 +51,7 @@ typedef struct {
// Prevents undefined behavior via multiple threads entering the C API.
bool use_mutex;
PyMutex mutex;
Hacl_Streaming_MD5_state *hash_state;
Hacl_Hash_MD5_state_t *hash_state;
} MD5object;
#include "clinic/md5module.c.h"
@ -93,7 +93,7 @@ MD5_traverse(PyObject *ptr, visitproc visit, void *arg)
static void
MD5_dealloc(MD5object *ptr)
{
Hacl_Streaming_MD5_legacy_free(ptr->hash_state);
Hacl_Hash_MD5_free(ptr->hash_state);
PyTypeObject *tp = Py_TYPE((PyObject*)ptr);
PyObject_GC_UnTrack(ptr);
PyObject_GC_Del(ptr);
@ -122,7 +122,7 @@ MD5Type_copy_impl(MD5object *self, PyTypeObject *cls)
return NULL;
ENTER_HASHLIB(self);
newobj->hash_state = Hacl_Streaming_MD5_legacy_copy(self->hash_state);
newobj->hash_state = Hacl_Hash_MD5_copy(self->hash_state);
LEAVE_HASHLIB(self);
return (PyObject *)newobj;
}
@ -139,7 +139,7 @@ MD5Type_digest_impl(MD5object *self)
{
unsigned char digest[MD5_DIGESTSIZE];
ENTER_HASHLIB(self);
Hacl_Streaming_MD5_legacy_finish(self->hash_state, digest);
Hacl_Hash_MD5_digest(self->hash_state, digest);
LEAVE_HASHLIB(self);
return PyBytes_FromStringAndSize((const char *)digest, MD5_DIGESTSIZE);
}
@ -156,7 +156,7 @@ MD5Type_hexdigest_impl(MD5object *self)
{
unsigned char digest[MD5_DIGESTSIZE];
ENTER_HASHLIB(self);
Hacl_Streaming_MD5_legacy_finish(self->hash_state, digest);
Hacl_Hash_MD5_digest(self->hash_state, digest);
LEAVE_HASHLIB(self);
const char *hexdigits = "0123456789abcdef";
@ -170,15 +170,15 @@ MD5Type_hexdigest_impl(MD5object *self)
return PyUnicode_FromStringAndSize(digest_hex, sizeof(digest_hex));
}
static void update(Hacl_Streaming_MD5_state *state, uint8_t *buf, Py_ssize_t len) {
static void update(Hacl_Hash_MD5_state_t *state, uint8_t *buf, Py_ssize_t len) {
#if PY_SSIZE_T_MAX > UINT32_MAX
while (len > UINT32_MAX) {
Hacl_Streaming_MD5_legacy_update(state, buf, UINT32_MAX);
Hacl_Hash_MD5_update(state, buf, UINT32_MAX);
len -= UINT32_MAX;
buf += UINT32_MAX;
}
#endif
Hacl_Streaming_MD5_legacy_update(state, buf, (uint32_t) len);
Hacl_Hash_MD5_update(state, buf, (uint32_t) len);
}
/*[clinic input]
@ -302,7 +302,7 @@ _md5_md5_impl(PyObject *module, PyObject *string, int usedforsecurity)
return NULL;
}
new->hash_state = Hacl_Streaming_MD5_legacy_create_in();
new->hash_state = Hacl_Hash_MD5_malloc();
if (PyErr_Occurred()) {
Py_DECREF(new);

18
Modules/sha1module.c
View File

@ -52,7 +52,7 @@ typedef struct {
bool use_mutex;
PyMutex mutex;
PyThread_type_lock lock;
Hacl_Streaming_SHA1_state *hash_state;
Hacl_Hash_SHA1_state_t *hash_state;
} SHA1object;
#include "clinic/sha1module.c.h"
@ -95,7 +95,7 @@ SHA1_traverse(PyObject *ptr, visitproc visit, void *arg)
static void
SHA1_dealloc(SHA1object *ptr)
{
Hacl_Streaming_SHA1_legacy_free(ptr->hash_state);
Hacl_Hash_SHA1_free(ptr->hash_state);
PyTypeObject *tp = Py_TYPE(ptr);
PyObject_GC_UnTrack(ptr);
PyObject_GC_Del(ptr);
@ -124,7 +124,7 @@ SHA1Type_copy_impl(SHA1object *self, PyTypeObject *cls)
return NULL;
ENTER_HASHLIB(self);
newobj->hash_state = Hacl_Streaming_SHA1_legacy_copy(self->hash_state);
newobj->hash_state = Hacl_Hash_SHA1_copy(self->hash_state);
LEAVE_HASHLIB(self);
return (PyObject *)newobj;
}
@ -141,7 +141,7 @@ SHA1Type_digest_impl(SHA1object *self)
{
unsigned char digest[SHA1_DIGESTSIZE];
ENTER_HASHLIB(self);
Hacl_Streaming_SHA1_legacy_finish(self->hash_state, digest);
Hacl_Hash_SHA1_digest(self->hash_state, digest);
LEAVE_HASHLIB(self);
return PyBytes_FromStringAndSize((const char *)digest, SHA1_DIGESTSIZE);
}
@ -158,20 +158,20 @@ SHA1Type_hexdigest_impl(SHA1object *self)
{
unsigned char digest[SHA1_DIGESTSIZE];
ENTER_HASHLIB(self);
Hacl_Streaming_SHA1_legacy_finish(self->hash_state, digest);
Hacl_Hash_SHA1_digest(self->hash_state, digest);
LEAVE_HASHLIB(self);
return _Py_strhex((const char *)digest, SHA1_DIGESTSIZE);
}
static void update(Hacl_Streaming_SHA1_state *state, uint8_t *buf, Py_ssize_t len) {
static void update(Hacl_Hash_SHA1_state_t *state, uint8_t *buf, Py_ssize_t len) {
#if PY_SSIZE_T_MAX > UINT32_MAX
while (len > UINT32_MAX) {
Hacl_Streaming_SHA1_legacy_update(state, buf, UINT32_MAX);
Hacl_Hash_SHA1_update(state, buf, UINT32_MAX);
len -= UINT32_MAX;
buf += UINT32_MAX;
}
#endif
Hacl_Streaming_SHA1_legacy_update(state, buf, (uint32_t) len);
Hacl_Hash_SHA1_update(state, buf, (uint32_t) len);
}
/*[clinic input]
@ -295,7 +295,7 @@ _sha1_sha1_impl(PyObject *module, PyObject *string, int usedforsecurity)
return NULL;
}
new->hash_state = Hacl_Streaming_SHA1_legacy_create_in();
new->hash_state = Hacl_Hash_SHA1_malloc();
if (PyErr_Occurred()) {
Py_DECREF(new);

40
Modules/sha2module.c
View File

@ -55,7 +55,7 @@ typedef struct {
// Prevents undefined behavior via multiple threads entering the C API.
bool use_mutex;
PyMutex mutex;
Hacl_Streaming_SHA2_state_sha2_256 *state;
Hacl_Hash_SHA2_state_t_256 *state;
} SHA256object;
typedef struct {
@ -64,7 +64,7 @@ typedef struct {
// Prevents undefined behavior via multiple threads entering the C API.
bool use_mutex;
PyMutex mutex;
Hacl_Streaming_SHA2_state_sha2_512 *state;
Hacl_Hash_SHA2_state_t_512 *state;
} SHA512object;
#include "clinic/sha2module.c.h"
@ -89,13 +89,13 @@ sha2_get_state(PyObject *module)
static void SHA256copy(SHA256object *src, SHA256object *dest)
{
dest->digestsize = src->digestsize;
dest->state = Hacl_Streaming_SHA2_copy_256(src->state);
dest->state = Hacl_Hash_SHA2_copy_256(src->state);
}
static void SHA512copy(SHA512object *src, SHA512object *dest)
{
dest->digestsize = src->digestsize;
dest->state = Hacl_Streaming_SHA2_copy_512(src->state);
dest->state = Hacl_Hash_SHA2_copy_512(src->state);
}
static SHA256object *
@ -166,7 +166,7 @@ SHA2_traverse(PyObject *ptr, visitproc visit, void *arg)
static void
SHA256_dealloc(SHA256object *ptr)
{
Hacl_Streaming_SHA2_free_256(ptr->state);
Hacl_Hash_SHA2_free_256(ptr->state);
PyTypeObject *tp = Py_TYPE(ptr);
PyObject_GC_UnTrack(ptr);
PyObject_GC_Del(ptr);
@ -176,7 +176,7 @@ SHA256_dealloc(SHA256object *ptr)
static void
SHA512_dealloc(SHA512object *ptr)
{
Hacl_Streaming_SHA2_free_512(ptr->state);
Hacl_Hash_SHA2_free_512(ptr->state);
PyTypeObject *tp = Py_TYPE(ptr);
PyObject_GC_UnTrack(ptr);
PyObject_GC_Del(ptr);
@ -186,34 +186,34 @@ SHA512_dealloc(SHA512object *ptr)
/* HACL* takes a uint32_t for the length of its parameter, but Py_ssize_t can be
* 64 bits so we loop in <4gig chunks when needed. */
static void update_256(Hacl_Streaming_SHA2_state_sha2_256 *state, uint8_t *buf, Py_ssize_t len) {
static void update_256(Hacl_Hash_SHA2_state_t_256 *state, uint8_t *buf, Py_ssize_t len) {
/* Note: we explicitly ignore the error code on the basis that it would take >
* 1 billion years to overflow the maximum admissible length for SHA2-256
* (namely, 2^61-1 bytes). */
#if PY_SSIZE_T_MAX > UINT32_MAX
while (len > UINT32_MAX) {
Hacl_Streaming_SHA2_update_256(state, buf, UINT32_MAX);
Hacl_Hash_SHA2_update_256(state, buf, UINT32_MAX);
len -= UINT32_MAX;
buf += UINT32_MAX;
}
#endif
/* Cast to uint32_t is safe: len <= UINT32_MAX at this point. */
Hacl_Streaming_SHA2_update_256(state, buf, (uint32_t) len);
Hacl_Hash_SHA2_update_256(state, buf, (uint32_t) len);
}
static void update_512(Hacl_Streaming_SHA2_state_sha2_512 *state, uint8_t *buf, Py_ssize_t len) {
static void update_512(Hacl_Hash_SHA2_state_t_512 *state, uint8_t *buf, Py_ssize_t len) {
/* Note: we explicitly ignore the error code on the basis that it would take >
* 1 billion years to overflow the maximum admissible length for this API
* (namely, 2^64-1 bytes). */
#if PY_SSIZE_T_MAX > UINT32_MAX
while (len > UINT32_MAX) {
Hacl_Streaming_SHA2_update_512(state, buf, UINT32_MAX);
Hacl_Hash_SHA2_update_512(state, buf, UINT32_MAX);
len -= UINT32_MAX;
buf += UINT32_MAX;
}
#endif
/* Cast to uint32_t is safe: len <= UINT32_MAX at this point. */
Hacl_Streaming_SHA2_update_512(state, buf, (uint32_t) len);
Hacl_Hash_SHA2_update_512(state, buf, (uint32_t) len);
}
@ -296,7 +296,7 @@ SHA256Type_digest_impl(SHA256object *self)
ENTER_HASHLIB(self);
// HACL* performs copies under the hood so that self->state remains valid
// after this call.
Hacl_Streaming_SHA2_finish_256(self->state, digest);
Hacl_Hash_SHA2_digest_256(self->state, digest);
LEAVE_HASHLIB(self);
return PyBytes_FromStringAndSize((const char *)digest, self->digestsize);
}
@ -316,7 +316,7 @@ SHA512Type_digest_impl(SHA512object *self)
ENTER_HASHLIB(self);
// HACL* performs copies under the hood so that self->state remains valid
// after this call.
Hacl_Streaming_SHA2_finish_512(self->state, digest);
Hacl_Hash_SHA2_digest_512(self->state, digest);
LEAVE_HASHLIB(self);
return PyBytes_FromStringAndSize((const char *)digest, self->digestsize);
}
@ -334,7 +334,7 @@ SHA256Type_hexdigest_impl(SHA256object *self)
uint8_t digest[SHA256_DIGESTSIZE];
assert(self->digestsize <= SHA256_DIGESTSIZE);
ENTER_HASHLIB(self);
Hacl_Streaming_SHA2_finish_256(self->state, digest);
Hacl_Hash_SHA2_digest_256(self->state, digest);
LEAVE_HASHLIB(self);
return _Py_strhex((const char *)digest, self->digestsize);
}
@ -352,7 +352,7 @@ SHA512Type_hexdigest_impl(SHA512object *self)
uint8_t digest[SHA512_DIGESTSIZE];
assert(self->digestsize <= SHA512_DIGESTSIZE);
ENTER_HASHLIB(self);
Hacl_Streaming_SHA2_finish_512(self->state, digest);
Hacl_Hash_SHA2_digest_512(self->state, digest);
LEAVE_HASHLIB(self);
return _Py_strhex((const char *)digest, self->digestsize);
}
@ -597,7 +597,7 @@ _sha2_sha256_impl(PyObject *module, PyObject *string, int usedforsecurity)
return NULL;
}
new->state = Hacl_Streaming_SHA2_create_in_256();
new->state = Hacl_Hash_SHA2_malloc_256();
new->digestsize = 32;
if (PyErr_Occurred()) {
@ -651,7 +651,7 @@ _sha2_sha224_impl(PyObject *module, PyObject *string, int usedforsecurity)
return NULL;
}
new->state = Hacl_Streaming_SHA2_create_in_224();
new->state = Hacl_Hash_SHA2_malloc_224();
new->digestsize = 28;
if (PyErr_Occurred()) {
@ -705,7 +705,7 @@ _sha2_sha512_impl(PyObject *module, PyObject *string, int usedforsecurity)
return NULL;
}
new->state = Hacl_Streaming_SHA2_create_in_512();
new->state = Hacl_Hash_SHA2_malloc_512();
new->digestsize = 64;
if (PyErr_Occurred()) {
@ -758,7 +758,7 @@ _sha2_sha384_impl(PyObject *module, PyObject *string, int usedforsecurity)
return NULL;
}
new->state = Hacl_Streaming_SHA2_create_in_384();
new->state = Hacl_Hash_SHA2_malloc_384();
new->digestsize = 48;
if (PyErr_Occurred()) {

44
Modules/sha3module.c
View File

@ -63,7 +63,7 @@ typedef struct {
// Prevents undefined behavior via multiple threads entering the C API.
bool use_mutex;
PyMutex mutex;
Hacl_Streaming_Keccak_state *hash_state;
Hacl_Hash_SHA3_state_t *hash_state;
} SHA3object;
#include "clinic/sha3module.c.h"
@ -81,18 +81,18 @@ newSHA3object(PyTypeObject *type)
return newobj;
}
static void sha3_update(Hacl_Streaming_Keccak_state *state, uint8_t *buf, Py_ssize_t len) {
static void sha3_update(Hacl_Hash_SHA3_state_t *state, uint8_t *buf, Py_ssize_t len) {
/* Note: we explicitly ignore the error code on the basis that it would take >
* 1 billion years to hash more than 2^64 bytes. */
#if PY_SSIZE_T_MAX > UINT32_MAX
while (len > UINT32_MAX) {
Hacl_Streaming_Keccak_update(state, buf, UINT32_MAX);
Hacl_Hash_SHA3_update(state, buf, UINT32_MAX);
len -= UINT32_MAX;
buf += UINT32_MAX;
}
#endif
/* Cast to uint32_t is safe: len <= UINT32_MAX at this point. */
Hacl_Streaming_Keccak_update(state, buf, (uint32_t) len);
Hacl_Hash_SHA3_update(state, buf, (uint32_t) len);
}
/*[clinic input]
@ -120,17 +120,17 @@ py_sha3_new_impl(PyTypeObject *type, PyObject *data, int usedforsecurity)
assert(state != NULL);
if (type == state->sha3_224_type) {
self->hash_state = Hacl_Streaming_Keccak_malloc(Spec_Hash_Definitions_SHA3_224);
self->hash_state = Hacl_Hash_SHA3_malloc(Spec_Hash_Definitions_SHA3_224);
} else if (type == state->sha3_256_type) {
self->hash_state = Hacl_Streaming_Keccak_malloc(Spec_Hash_Definitions_SHA3_256);
self->hash_state = Hacl_Hash_SHA3_malloc(Spec_Hash_Definitions_SHA3_256);
} else if (type == state->sha3_384_type) {
self->hash_state = Hacl_Streaming_Keccak_malloc(Spec_Hash_Definitions_SHA3_384);
self->hash_state = Hacl_Hash_SHA3_malloc(Spec_Hash_Definitions_SHA3_384);
} else if (type == state->sha3_512_type) {
self->hash_state = Hacl_Streaming_Keccak_malloc(Spec_Hash_Definitions_SHA3_512);
self->hash_state = Hacl_Hash_SHA3_malloc(Spec_Hash_Definitions_SHA3_512);
} else if (type == state->shake_128_type) {
self->hash_state = Hacl_Streaming_Keccak_malloc(Spec_Hash_Definitions_Shake128);
self->hash_state = Hacl_Hash_SHA3_malloc(Spec_Hash_Definitions_Shake128);
} else if (type == state->shake_256_type) {
self->hash_state = Hacl_Streaming_Keccak_malloc(Spec_Hash_Definitions_Shake256);
self->hash_state = Hacl_Hash_SHA3_malloc(Spec_Hash_Definitions_Shake256);
} else {
PyErr_BadInternalCall();
goto error;
@ -169,7 +169,7 @@ py_sha3_new_impl(PyTypeObject *type, PyObject *data, int usedforsecurity)
static void
SHA3_dealloc(SHA3object *self)
{
Hacl_Streaming_Keccak_free(self->hash_state);
Hacl_Hash_SHA3_free(self->hash_state);
PyTypeObject *tp = Py_TYPE(self);
PyObject_Free(self);
Py_DECREF(tp);
@ -195,7 +195,7 @@ _sha3_sha3_224_copy_impl(SHA3object *self)
return NULL;
}
ENTER_HASHLIB(self);
newobj->hash_state = Hacl_Streaming_Keccak_copy(self->hash_state);
newobj->hash_state = Hacl_Hash_SHA3_copy(self->hash_state);
LEAVE_HASHLIB(self);
return (PyObject *)newobj;
}
@ -215,10 +215,10 @@ _sha3_sha3_224_digest_impl(SHA3object *self)
// This function errors out if the algorithm is Shake. Here, we know this
// not to be the case, and therefore do not perform error checking.
ENTER_HASHLIB(self);
Hacl_Streaming_Keccak_finish(self->hash_state, digest);
Hacl_Hash_SHA3_digest(self->hash_state, digest);
LEAVE_HASHLIB(self);
return PyBytes_FromStringAndSize((const char *)digest,
Hacl_Streaming_Keccak_hash_len(self->hash_state));
Hacl_Hash_SHA3_hash_len(self->hash_state));
}
@ -234,10 +234,10 @@ _sha3_sha3_224_hexdigest_impl(SHA3object *self)
{
unsigned char digest[SHA3_MAX_DIGESTSIZE];
ENTER_HASHLIB(self);
Hacl_Streaming_Keccak_finish(self->hash_state, digest);
Hacl_Hash_SHA3_digest(self->hash_state, digest);
LEAVE_HASHLIB(self);
return _Py_strhex((const char *)digest,
Hacl_Streaming_Keccak_hash_len(self->hash_state));
Hacl_Hash_SHA3_hash_len(self->hash_state));
}
@ -288,7 +288,7 @@ static PyMethodDef SHA3_methods[] = {
static PyObject *
SHA3_get_block_size(SHA3object *self, void *closure)
{
uint32_t rate = Hacl_Streaming_Keccak_block_len(self->hash_state);
uint32_t rate = Hacl_Hash_SHA3_block_len(self->hash_state);
return PyLong_FromLong(rate);
}
@ -324,17 +324,17 @@ static PyObject *
SHA3_get_digest_size(SHA3object *self, void *closure)
{
// Preserving previous behavior: variable-length algorithms return 0
if (Hacl_Streaming_Keccak_is_shake(self->hash_state))
if (Hacl_Hash_SHA3_is_shake(self->hash_state))
return PyLong_FromLong(0);
else
return PyLong_FromLong(Hacl_Streaming_Keccak_hash_len(self->hash_state));
return PyLong_FromLong(Hacl_Hash_SHA3_hash_len(self->hash_state));
}
static PyObject *
SHA3_get_capacity_bits(SHA3object *self, void *closure)
{
uint32_t rate = Hacl_Streaming_Keccak_block_len(self->hash_state) * 8;
uint32_t rate = Hacl_Hash_SHA3_block_len(self->hash_state) * 8;
int capacity = 1600 - rate;
return PyLong_FromLong(capacity);
}
@ -343,7 +343,7 @@ SHA3_get_capacity_bits(SHA3object *self, void *closure)
static PyObject *
SHA3_get_rate_bits(SHA3object *self, void *closure)
{
uint32_t rate = Hacl_Streaming_Keccak_block_len(self->hash_state) * 8;
uint32_t rate = Hacl_Hash_SHA3_block_len(self->hash_state) * 8;
return PyLong_FromLong(rate);
}
@ -436,7 +436,7 @@ _SHAKE_digest(SHA3object *self, unsigned long digestlen, int hex)
* - the output length is zero -- we follow the existing behavior and return
* an empty digest, without raising an error */
if (digestlen > 0) {
Hacl_Streaming_Keccak_squeeze(self->hash_state, digest, digestlen);
Hacl_Hash_SHA3_squeeze(self->hash_state, digest, digestlen);
}
if (hex) {
result = _Py_strhex((const char *)digest, digestlen);