Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity

gh-99108: Import MD5 and SHA1 from HACL* (#102089) 

Replaces our fallback non-OpenSSL MD5 and SHA1 implementations with those from HACL* as we've already done with SHA2.
This commit is contained in:
Jonathan Protzenko 2023-02-22 13:18:43 -08:00 committed by GitHub
parent 96bf24380e
commit fcadc7e405
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
24 changed files with 2498 additions and 699 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Makefile.pre.in
View File

@ -578,17 +578,21 @@ LIBEXPAT_HEADERS= \
LIBHACL_SHA2_OBJS= \
Modules/_hacl/Hacl_Streaming_SHA2.o
LIBHACL_SHA2_HEADERS= \
Modules/_hacl/Hacl_Streaming_SHA2.h \
LIBHACL_HEADERS= \
Modules/_hacl/include/krml/FStar_UInt128_Verified.h \
Modules/_hacl/include/krml/FStar_UInt_8_16_32_64.h \
Modules/_hacl/include/krml/fstar_uint128_struct_endianness.h \
Modules/_hacl/include/krml/internal/target.h \
Modules/_hacl/include/krml/lowstar_endianness.h \
Modules/_hacl/include/krml/types.h \
Modules/_hacl/internal/Hacl_SHA2_Generic.h \
Modules/_hacl/Hacl_Streaming_Types.h \
Modules/_hacl/python_hacl_namespaces.h
LIBHACL_SHA2_HEADERS= \
Modules/_hacl/Hacl_Streaming_SHA2.h \
Modules/_hacl/internal/Hacl_SHA2_Generic.h \
$(LIBHACL_HEADERS)
#########################################################################
# Rules
@ -2635,8 +2639,8 @@ MODULE__DECIMAL_DEPS=$(srcdir)/Modules/_decimal/docstrings.h @LIBMPDEC_INTERNAL@
MODULE__ELEMENTTREE_DEPS=$(srcdir)/Modules/pyexpat.c @LIBEXPAT_INTERNAL@
MODULE__HASHLIB_DEPS=$(srcdir)/Modules/hashlib.h
MODULE__IO_DEPS=$(srcdir)/Modules/_io/_iomodule.h
MODULE__MD5_DEPS=$(srcdir)/Modules/hashlib.h
MODULE__SHA1_DEPS=$(srcdir)/Modules/hashlib.h
MODULE__MD5_DEPS=$(srcdir)/Modules/hashlib.h $(LIBHACL_HEADERS) Modules/_hacl/Hacl_Hash_MD5.h Modules/_hacl/Hacl_Hash_MD5.c
MODULE__SHA1_DEPS=$(srcdir)/Modules/hashlib.h $(LIBHACL_HEADERS) Modules/_hacl/Hacl_Hash_SHA1.h Modules/_hacl/Hacl_Hash_SHA1.c
MODULE__SHA2_DEPS=$(srcdir)/Modules/hashlib.h $(LIBHACL_SHA2_HEADERS) $(LIBHACL_SHA2_A)
MODULE__SHA3_DEPS=$(srcdir)/Modules/_sha3/sha3.c $(srcdir)/Modules/_sha3/sha3.h $(srcdir)/Modules/hashlib.h
MODULE__SOCKET_DEPS=$(srcdir)/Modules/socketmodule.h $(srcdir)/Modules/addrinfo.h $(srcdir)/Modules/getaddrinfo.c $(srcdir)/Modules/getnameinfo.c

2
Misc/NEWS.d/next/Security/2023-02-17-10-42-48.gh-issue-99108.MKA8-f.rst Normal file
View File

@ -0,0 +1,2 @@
Replace builtin hashlib implementations of MD5 and SHA1 with verified ones
from the HACL* project.

4
Modules/Setup
View File

@ -163,8 +163,8 @@ PYTHONPATH=$(COREPYTHONPATH)
# hashing builtins
#_blake2 _blake2/blake2module.c _blake2/blake2b_impl.c _blake2/blake2s_impl.c
#_md5 md5module.c
#_sha1 sha1module.c
#_md5 md5module.c -I$(srcdir)/Modules/_hacl/include _hacl/libHacl_Hash_MD5.c
#_sha1 sha1module.c -I$(srcdir)/Modules/_hacl/include _hacl/libHacl_Hash_SHA1.c
#_sha2 sha2module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Streaming_SHA2.a
#_sha3 _sha3/sha3module.c

4
Modules/Setup.stdlib.in
View File

@ -77,8 +77,8 @@
@MODULE_READLINE_TRUE@readline readline.c
# hashing builtins, can be disabled with --without-builtin-hashlib-hashes
@MODULE__MD5_TRUE@_md5 md5module.c
@MODULE__SHA1_TRUE@_sha1 sha1module.c
@MODULE__MD5_TRUE@_md5 md5module.c -I$(srcdir)/Modules/_hacl/include _hacl/Hacl_Hash_MD5.c -D_BSD_SOURCE -D_DEFAULT_SOURCE
@MODULE__SHA1_TRUE@_sha1 sha1module.c -I$(srcdir)/Modules/_hacl/include _hacl/Hacl_Hash_SHA1.c -D_BSD_SOURCE -D_DEFAULT_SOURCE
@MODULE__SHA2_TRUE@_sha2 sha2module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Streaming_SHA2.a
@MODULE__SHA3_TRUE@_sha3 _sha3/sha3module.c
@MODULE__BLAKE2_TRUE@_blake2 _blake2/blake2module.c _blake2/blake2b_impl.c _blake2/blake2s_impl.c

1472
Modules/_hacl/Hacl_Hash_MD5.c Normal file
View File

File diff suppressed because it is too large Load Diff

65
Modules/_hacl/Hacl_Hash_MD5.h Normal file
View File

@ -0,0 +1,65 @@
/* MIT License
*
* Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
* Copyright (c) 2022-2023 HACL* Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#ifndef __Hacl_Hash_MD5_H
#define __Hacl_Hash_MD5_H
#if defined(__cplusplus)
extern "C" {
#endif
#include <string.h>
#include "krml/types.h"
#include "krml/lowstar_endianness.h"
#include "krml/internal/target.h"
#include "Hacl_Streaming_Types.h"
typedef Hacl_Streaming_MD_state_32 Hacl_Streaming_MD5_state;
Hacl_Streaming_MD_state_32 *Hacl_Streaming_MD5_legacy_create_in(void);
void Hacl_Streaming_MD5_legacy_init(Hacl_Streaming_MD_state_32 *s);
/**
0 = success, 1 = max length exceeded
*/
uint32_t
Hacl_Streaming_MD5_legacy_update(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len);
void Hacl_Streaming_MD5_legacy_finish(Hacl_Streaming_MD_state_32 *p, uint8_t *dst);
void Hacl_Streaming_MD5_legacy_free(Hacl_Streaming_MD_state_32 *s);
Hacl_Streaming_MD_state_32 *Hacl_Streaming_MD5_legacy_copy(Hacl_Streaming_MD_state_32 *s0);
void Hacl_Streaming_MD5_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst);
#if defined(__cplusplus)
}
#endif
#define __Hacl_Hash_MD5_H_DEFINED
#endif

508
Modules/_hacl/Hacl_Hash_SHA1.c Normal file
View File

@ -0,0 +1,508 @@
/* MIT License
*
* Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
* Copyright (c) 2022-2023 HACL* Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#include "internal/Hacl_Hash_SHA1.h"
static uint32_t
_h0[5U] =
{
(uint32_t)0x67452301U, (uint32_t)0xefcdab89U, (uint32_t)0x98badcfeU, (uint32_t)0x10325476U,
(uint32_t)0xc3d2e1f0U
};
void Hacl_Hash_Core_SHA1_legacy_init(uint32_t *s)
{
KRML_MAYBE_FOR5(i, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, s[i] = _h0[i];);
}
static void legacy_update(uint32_t *h, uint8_t *l)
{
uint32_t ha = h[0U];
uint32_t hb = h[1U];
uint32_t hc = h[2U];
uint32_t hd = h[3U];
uint32_t he = h[4U];
uint32_t _w[80U] = { 0U };
for (uint32_t i = (uint32_t)0U; i < (uint32_t)80U; i++)
{
uint32_t v;
if (i < (uint32_t)16U)
{
uint8_t *b = l + i * (uint32_t)4U;
uint32_t u = load32_be(b);
v = u;
}
else
{
uint32_t wmit3 = _w[i - (uint32_t)3U];
uint32_t wmit8 = _w[i - (uint32_t)8U];
uint32_t wmit14 = _w[i - (uint32_t)14U];
uint32_t wmit16 = _w[i - (uint32_t)16U];
v =
(wmit3 ^ (wmit8 ^ (wmit14 ^ wmit16)))
<< (uint32_t)1U
| (wmit3 ^ (wmit8 ^ (wmit14 ^ wmit16))) >> (uint32_t)31U;
}
_w[i] = v;
}
for (uint32_t i = (uint32_t)0U; i < (uint32_t)80U; i++)
{
uint32_t _a = h[0U];
uint32_t _b = h[1U];
uint32_t _c = h[2U];
uint32_t _d = h[3U];
uint32_t _e = h[4U];
uint32_t wmit = _w[i];
uint32_t ite0;
if (i < (uint32_t)20U)
{
ite0 = (_b & _c) ^ (~_b & _d);
}
else if ((uint32_t)39U < i && i < (uint32_t)60U)
{
ite0 = (_b & _c) ^ ((_b & _d) ^ (_c & _d));
}
else
{
ite0 = _b ^ (_c ^ _d);
}
uint32_t ite;
if (i < (uint32_t)20U)
{
ite = (uint32_t)0x5a827999U;
}
else if (i < (uint32_t)40U)
{
ite = (uint32_t)0x6ed9eba1U;
}
else if (i < (uint32_t)60U)
{
ite = (uint32_t)0x8f1bbcdcU;
}
else
{
ite = (uint32_t)0xca62c1d6U;
}
uint32_t _T = (_a << (uint32_t)5U | _a >> (uint32_t)27U) + ite0 + _e + ite + wmit;
h[0U] = _T;
h[1U] = _a;
h[2U] = _b << (uint32_t)30U | _b >> (uint32_t)2U;
h[3U] = _c;
h[4U] = _d;
}
for (uint32_t i = (uint32_t)0U; i < (uint32_t)80U; i++)
{
_w[i] = (uint32_t)0U;
}
uint32_t sta = h[0U];
uint32_t stb = h[1U];
uint32_t stc = h[2U];
uint32_t std = h[3U];
uint32_t ste = h[4U];
h[0U] = sta + ha;
h[1U] = stb + hb;
h[2U] = stc + hc;
h[3U] = std + hd;
h[4U] = ste + he;
}
static void legacy_pad(uint64_t len, uint8_t *dst)
{
uint8_t *dst1 = dst;
dst1[0U] = (uint8_t)0x80U;
uint8_t *dst2 = dst + (uint32_t)1U;
for
(uint32_t
i = (uint32_t)0U;
i
< ((uint32_t)128U - ((uint32_t)9U + (uint32_t)(len % (uint64_t)(uint32_t)64U))) % (uint32_t)64U;
i++)
{
dst2[i] = (uint8_t)0U;
}
uint8_t
*dst3 =
dst
+
(uint32_t)1U
+
((uint32_t)128U - ((uint32_t)9U + (uint32_t)(len % (uint64_t)(uint32_t)64U)))
% (uint32_t)64U;
store64_be(dst3, len << (uint32_t)3U);
}
void Hacl_Hash_Core_SHA1_legacy_finish(uint32_t *s, uint8_t *dst)
{
KRML_MAYBE_FOR5(i,
(uint32_t)0U,
(uint32_t)5U,
(uint32_t)1U,
store32_be(dst + i * (uint32_t)4U, s[i]););
}
void Hacl_Hash_SHA1_legacy_update_multi(uint32_t *s, uint8_t *blocks, uint32_t n_blocks)
{
for (uint32_t i = (uint32_t)0U; i < n_blocks; i++)
{
uint32_t sz = (uint32_t)64U;
uint8_t *block = blocks + sz * i;
legacy_update(s, block);
}
}
void
Hacl_Hash_SHA1_legacy_update_last(
uint32_t *s,
uint64_t prev_len,
uint8_t *input,
uint32_t input_len
)
{
uint32_t blocks_n = input_len / (uint32_t)64U;
uint32_t blocks_len = blocks_n * (uint32_t)64U;
uint8_t *blocks = input;
uint32_t rest_len = input_len - blocks_len;
uint8_t *rest = input + blocks_len;
Hacl_Hash_SHA1_legacy_update_multi(s, blocks, blocks_n);
uint64_t total_input_len = prev_len + (uint64_t)input_len;
uint32_t
pad_len =
(uint32_t)1U
+
((uint32_t)128U - ((uint32_t)9U + (uint32_t)(total_input_len % (uint64_t)(uint32_t)64U)))
% (uint32_t)64U
+ (uint32_t)8U;
uint32_t tmp_len = rest_len + pad_len;
uint8_t tmp_twoblocks[128U] = { 0U };
uint8_t *tmp = tmp_twoblocks;
uint8_t *tmp_rest = tmp;
uint8_t *tmp_pad = tmp + rest_len;
memcpy(tmp_rest, rest, rest_len * sizeof (uint8_t));
legacy_pad(total_input_len, tmp_pad);
Hacl_Hash_SHA1_legacy_update_multi(s, tmp, tmp_len / (uint32_t)64U);
}
void Hacl_Hash_SHA1_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst)
{
uint32_t
s[5U] =
{
(uint32_t)0x67452301U, (uint32_t)0xefcdab89U, (uint32_t)0x98badcfeU, (uint32_t)0x10325476U,
(uint32_t)0xc3d2e1f0U
};
uint32_t blocks_n0 = input_len / (uint32_t)64U;
uint32_t blocks_n1;
if (input_len % (uint32_t)64U == (uint32_t)0U && blocks_n0 > (uint32_t)0U)
{
blocks_n1 = blocks_n0 - (uint32_t)1U;
}
else
{
blocks_n1 = blocks_n0;
}
uint32_t blocks_len0 = blocks_n1 * (uint32_t)64U;
uint8_t *blocks0 = input;
uint32_t rest_len0 = input_len - blocks_len0;
uint8_t *rest0 = input + blocks_len0;
uint32_t blocks_n = blocks_n1;
uint32_t blocks_len = blocks_len0;
uint8_t *blocks = blocks0;
uint32_t rest_len = rest_len0;
uint8_t *rest = rest0;
Hacl_Hash_SHA1_legacy_update_multi(s, blocks, blocks_n);
Hacl_Hash_SHA1_legacy_update_last(s, (uint64_t)blocks_len, rest, rest_len);
Hacl_Hash_Core_SHA1_legacy_finish(s, dst);
}
Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA1_legacy_create_in(void)
{
uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint8_t));
uint32_t *block_state = (uint32_t *)KRML_HOST_CALLOC((uint32_t)5U, sizeof (uint32_t));
Hacl_Streaming_MD_state_32
s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
Hacl_Streaming_MD_state_32
*p = (Hacl_Streaming_MD_state_32 *)KRML_HOST_MALLOC(sizeof (Hacl_Streaming_MD_state_32));
p[0U] = s;
Hacl_Hash_Core_SHA1_legacy_init(block_state);
return p;
}
void Hacl_Streaming_SHA1_legacy_init(Hacl_Streaming_MD_state_32 *s)
{
Hacl_Streaming_MD_state_32 scrut = *s;
uint8_t *buf = scrut.buf;
uint32_t *block_state = scrut.block_state;
Hacl_Hash_Core_SHA1_legacy_init(block_state);
Hacl_Streaming_MD_state_32
tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
s[0U] = tmp;
}
/**
0 = success, 1 = max length exceeded
*/
uint32_t
Hacl_Streaming_SHA1_legacy_update(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len)
{
Hacl_Streaming_MD_state_32 s = *p;
uint64_t total_len = s.total_len;
if ((uint64_t)len > (uint64_t)2305843009213693951U - total_len)
{
return (uint32_t)1U;
}
uint32_t sz;
if (total_len % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len > (uint64_t)0U)
{
sz = (uint32_t)64U;
}
else
{
sz = (uint32_t)(total_len % (uint64_t)(uint32_t)64U);
}
if (len <= (uint32_t)64U - sz)
{
Hacl_Streaming_MD_state_32 s1 = *p;
uint32_t *block_state1 = s1.block_state;
uint8_t *buf = s1.buf;
uint64_t total_len1 = s1.total_len;
uint32_t sz1;
if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
{
sz1 = (uint32_t)64U;
}
else
{
sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
}
uint8_t *buf2 = buf + sz1;
memcpy(buf2, data, len * sizeof (uint8_t));
uint64_t total_len2 = total_len1 + (uint64_t)len;
*p
=
(
(Hacl_Streaming_MD_state_32){
.block_state = block_state1,
.buf = buf,
.total_len = total_len2
}
);
}
else if (sz == (uint32_t)0U)
{
Hacl_Streaming_MD_state_32 s1 = *p;
uint32_t *block_state1 = s1.block_state;
uint8_t *buf = s1.buf;
uint64_t total_len1 = s1.total_len;
uint32_t sz1;
if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
{
sz1 = (uint32_t)64U;
}
else
{
sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
}
if (!(sz1 == (uint32_t)0U))
{
Hacl_Hash_SHA1_legacy_update_multi(block_state1, buf, (uint32_t)1U);
}
uint32_t ite;
if ((uint64_t)len % (uint64_t)(uint32_t)64U == (uint64_t)0U && (uint64_t)len > (uint64_t)0U)
{
ite = (uint32_t)64U;
}
else
{
ite = (uint32_t)((uint64_t)len % (uint64_t)(uint32_t)64U);
}
uint32_t n_blocks = (len - ite) / (uint32_t)64U;
uint32_t data1_len = n_blocks * (uint32_t)64U;
uint32_t data2_len = len - data1_len;
uint8_t *data1 = data;
uint8_t *data2 = data + data1_len;
Hacl_Hash_SHA1_legacy_update_multi(block_state1, data1, data1_len / (uint32_t)64U);
uint8_t *dst = buf;
memcpy(dst, data2, data2_len * sizeof (uint8_t));
*p
=
(
(Hacl_Streaming_MD_state_32){
.block_state = block_state1,
.buf = buf,
.total_len = total_len1 + (uint64_t)len
}
);
}
else
{
uint32_t diff = (uint32_t)64U - sz;
uint8_t *data1 = data;
uint8_t *data2 = data + diff;
Hacl_Streaming_MD_state_32 s1 = *p;
uint32_t *block_state10 = s1.block_state;
uint8_t *buf0 = s1.buf;
uint64_t total_len10 = s1.total_len;
uint32_t sz10;
if (total_len10 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len10 > (uint64_t)0U)
{
sz10 = (uint32_t)64U;
}
else
{
sz10 = (uint32_t)(total_len10 % (uint64_t)(uint32_t)64U);
}
uint8_t *buf2 = buf0 + sz10;
memcpy(buf2, data1, diff * sizeof (uint8_t));
uint64_t total_len2 = total_len10 + (uint64_t)diff;
*p
=
(
(Hacl_Streaming_MD_state_32){
.block_state = block_state10,
.buf = buf0,
.total_len = total_len2
}
);
Hacl_Streaming_MD_state_32 s10 = *p;
uint32_t *block_state1 = s10.block_state;
uint8_t *buf = s10.buf;
uint64_t total_len1 = s10.total_len;
uint32_t sz1;
if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len1 > (uint64_t)0U)
{
sz1 = (uint32_t)64U;
}
else
{
sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U);
}
if (!(sz1 == (uint32_t)0U))
{
Hacl_Hash_SHA1_legacy_update_multi(block_state1, buf, (uint32_t)1U);
}
uint32_t ite;
if
(
(uint64_t)(len - diff)
% (uint64_t)(uint32_t)64U
== (uint64_t)0U
&& (uint64_t)(len - diff) > (uint64_t)0U
)
{
ite = (uint32_t)64U;
}
else
{
ite = (uint32_t)((uint64_t)(len - diff) % (uint64_t)(uint32_t)64U);
}
uint32_t n_blocks = (len - diff - ite) / (uint32_t)64U;
uint32_t data1_len = n_blocks * (uint32_t)64U;
uint32_t data2_len = len - diff - data1_len;
uint8_t *data11 = data2;
uint8_t *data21 = data2 + data1_len;
Hacl_Hash_SHA1_legacy_update_multi(block_state1, data11, data1_len / (uint32_t)64U);
uint8_t *dst = buf;
memcpy(dst, data21, data2_len * sizeof (uint8_t));
*p
=
(
(Hacl_Streaming_MD_state_32){
.block_state = block_state1,
.buf = buf,
.total_len = total_len1 + (uint64_t)(len - diff)
}
);
}
return (uint32_t)0U;
}
void Hacl_Streaming_SHA1_legacy_finish(Hacl_Streaming_MD_state_32 *p, uint8_t *dst)
{
Hacl_Streaming_MD_state_32 scrut = *p;
uint32_t *block_state = scrut.block_state;
uint8_t *buf_ = scrut.buf;
uint64_t total_len = scrut.total_len;
uint32_t r;
if (total_len % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len > (uint64_t)0U)
{
r = (uint32_t)64U;
}
else
{
r = (uint32_t)(total_len % (uint64_t)(uint32_t)64U);
}
uint8_t *buf_1 = buf_;
uint32_t tmp_block_state[5U] = { 0U };
memcpy(tmp_block_state, block_state, (uint32_t)5U * sizeof (uint32_t));
uint32_t ite;
if (r % (uint32_t)64U == (uint32_t)0U && r > (uint32_t)0U)
{
ite = (uint32_t)64U;
}
else
{
ite = r % (uint32_t)64U;
}
uint8_t *buf_last = buf_1 + r - ite;
uint8_t *buf_multi = buf_1;
Hacl_Hash_SHA1_legacy_update_multi(tmp_block_state, buf_multi, (uint32_t)0U);
uint64_t prev_len_last = total_len - (uint64_t)r;
Hacl_Hash_SHA1_legacy_update_last(tmp_block_state, prev_len_last, buf_last, r);
Hacl_Hash_Core_SHA1_legacy_finish(tmp_block_state, dst);
}
void Hacl_Streaming_SHA1_legacy_free(Hacl_Streaming_MD_state_32 *s)
{
Hacl_Streaming_MD_state_32 scrut = *s;
uint8_t *buf = scrut.buf;
uint32_t *block_state = scrut.block_state;
KRML_HOST_FREE(block_state);
KRML_HOST_FREE(buf);
KRML_HOST_FREE(s);
}
Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA1_legacy_copy(Hacl_Streaming_MD_state_32 *s0)
{
Hacl_Streaming_MD_state_32 scrut = *s0;
uint32_t *block_state0 = scrut.block_state;
uint8_t *buf0 = scrut.buf;
uint64_t total_len0 = scrut.total_len;
uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint8_t));
memcpy(buf, buf0, (uint32_t)64U * sizeof (uint8_t));
uint32_t *block_state = (uint32_t *)KRML_HOST_CALLOC((uint32_t)5U, sizeof (uint32_t));
memcpy(block_state, block_state0, (uint32_t)5U * sizeof (uint32_t));
Hacl_Streaming_MD_state_32
s = { .block_state = block_state, .buf = buf, .total_len = total_len0 };
Hacl_Streaming_MD_state_32
*p = (Hacl_Streaming_MD_state_32 *)KRML_HOST_MALLOC(sizeof (Hacl_Streaming_MD_state_32));
p[0U] = s;
return p;
}
void Hacl_Streaming_SHA1_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst)
{
Hacl_Hash_SHA1_legacy_hash(input, input_len, dst);
}

65
Modules/_hacl/Hacl_Hash_SHA1.h Normal file
View File

@ -0,0 +1,65 @@
/* MIT License
*
* Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
* Copyright (c) 2022-2023 HACL* Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#ifndef __Hacl_Hash_SHA1_H
#define __Hacl_Hash_SHA1_H
#if defined(__cplusplus)
extern "C" {
#endif
#include <string.h>
#include "krml/types.h"
#include "krml/lowstar_endianness.h"
#include "krml/internal/target.h"
#include "Hacl_Streaming_Types.h"
typedef Hacl_Streaming_MD_state_32 Hacl_Streaming_SHA1_state;
Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA1_legacy_create_in(void);
void Hacl_Streaming_SHA1_legacy_init(Hacl_Streaming_MD_state_32 *s);
/**
0 = success, 1 = max length exceeded
*/
uint32_t
Hacl_Streaming_SHA1_legacy_update(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len);
void Hacl_Streaming_SHA1_legacy_finish(Hacl_Streaming_MD_state_32 *p, uint8_t *dst);
void Hacl_Streaming_SHA1_legacy_free(Hacl_Streaming_MD_state_32 *s);
Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA1_legacy_copy(Hacl_Streaming_MD_state_32 *s0);
void Hacl_Streaming_SHA1_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst);
#if defined(__cplusplus)
}
#endif
#define __Hacl_Hash_SHA1_H_DEFINED
#endif

172
Modules/_hacl/Hacl_Streaming_SHA2.c
View File

@ -477,17 +477,14 @@ static inline void sha384_finish(uint64_t *st, uint8_t *h)
Allocate initial state for the SHA2_256 hash. The state is to be freed by
calling `free_256`.
*/
Hacl_Streaming_SHA2_state_sha2_224 *Hacl_Streaming_SHA2_create_in_256(void)
Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA2_create_in_256(void)
{
uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint8_t));
uint32_t *block_state = (uint32_t *)KRML_HOST_CALLOC((uint32_t)8U, sizeof (uint32_t));
Hacl_Streaming_SHA2_state_sha2_224
Hacl_Streaming_MD_state_32
s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
Hacl_Streaming_SHA2_state_sha2_224
*p =
(Hacl_Streaming_SHA2_state_sha2_224 *)KRML_HOST_MALLOC(sizeof (
Hacl_Streaming_SHA2_state_sha2_224
));
Hacl_Streaming_MD_state_32
*p = (Hacl_Streaming_MD_state_32 *)KRML_HOST_MALLOC(sizeof (Hacl_Streaming_MD_state_32));
p[0U] = s;
sha256_init(block_state);
return p;
@ -499,10 +496,9 @@ The state is to be freed by calling `free_256`. Cloning the state this way is
useful, for instance, if your control-flow diverges and you need to feed
more (different) data into the hash in each branch.
*/
Hacl_Streaming_SHA2_state_sha2_224
*Hacl_Streaming_SHA2_copy_256(Hacl_Streaming_SHA2_state_sha2_224 *s0)
Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA2_copy_256(Hacl_Streaming_MD_state_32 *s0)
{
Hacl_Streaming_SHA2_state_sha2_224 scrut = *s0;
Hacl_Streaming_MD_state_32 scrut = *s0;
uint32_t *block_state0 = scrut.block_state;
uint8_t *buf0 = scrut.buf;
uint64_t total_len0 = scrut.total_len;
@ -510,13 +506,10 @@ Hacl_Streaming_SHA2_state_sha2_224
memcpy(buf, buf0, (uint32_t)64U * sizeof (uint8_t));
uint32_t *block_state = (uint32_t *)KRML_HOST_CALLOC((uint32_t)8U, sizeof (uint32_t));
memcpy(block_state, block_state0, (uint32_t)8U * sizeof (uint32_t));
Hacl_Streaming_SHA2_state_sha2_224
Hacl_Streaming_MD_state_32
s = { .block_state = block_state, .buf = buf, .total_len = total_len0 };
Hacl_Streaming_SHA2_state_sha2_224
*p =
(Hacl_Streaming_SHA2_state_sha2_224 *)KRML_HOST_MALLOC(sizeof (
Hacl_Streaming_SHA2_state_sha2_224
));
Hacl_Streaming_MD_state_32
*p = (Hacl_Streaming_MD_state_32 *)KRML_HOST_MALLOC(sizeof (Hacl_Streaming_MD_state_32));
p[0U] = s;
return p;
}
@ -524,21 +517,21 @@ Hacl_Streaming_SHA2_state_sha2_224
/**
Reset an existing state to the initial hash state with empty data.
*/
void Hacl_Streaming_SHA2_init_256(Hacl_Streaming_SHA2_state_sha2_224 *s)
void Hacl_Streaming_SHA2_init_256(Hacl_Streaming_MD_state_32 *s)
{
Hacl_Streaming_SHA2_state_sha2_224 scrut = *s;
Hacl_Streaming_MD_state_32 scrut = *s;
uint8_t *buf = scrut.buf;
uint32_t *block_state = scrut.block_state;
sha256_init(block_state);
Hacl_Streaming_SHA2_state_sha2_224
Hacl_Streaming_MD_state_32
tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
s[0U] = tmp;
}
static inline uint32_t
update_224_256(Hacl_Streaming_SHA2_state_sha2_224 *p, uint8_t *data, uint32_t len)
update_224_256(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len)
{
Hacl_Streaming_SHA2_state_sha2_224 s = *p;
Hacl_Streaming_MD_state_32 s = *p;
uint64_t total_len = s.total_len;
if ((uint64_t)len > (uint64_t)2305843009213693951U - total_len)
{
@ -555,7 +548,7 @@ update_224_256(Hacl_Streaming_SHA2_state_sha2_224 *p, uint8_t *data, uint32_t le
}
if (len <= (uint32_t)64U - sz)
{
Hacl_Streaming_SHA2_state_sha2_224 s1 = *p;
Hacl_Streaming_MD_state_32 s1 = *p;
uint32_t *block_state1 = s1.block_state;
uint8_t *buf = s1.buf;
uint64_t total_len1 = s1.total_len;
@ -574,7 +567,7 @@ update_224_256(Hacl_Streaming_SHA2_state_sha2_224 *p, uint8_t *data, uint32_t le
*p
=
(
(Hacl_Streaming_SHA2_state_sha2_224){
(Hacl_Streaming_MD_state_32){
.block_state = block_state1,
.buf = buf,
.total_len = total_len2
@ -583,7 +576,7 @@ update_224_256(Hacl_Streaming_SHA2_state_sha2_224 *p, uint8_t *data, uint32_t le
}
else if (sz == (uint32_t)0U)
{
Hacl_Streaming_SHA2_state_sha2_224 s1 = *p;
Hacl_Streaming_MD_state_32 s1 = *p;
uint32_t *block_state1 = s1.block_state;
uint8_t *buf = s1.buf;
uint64_t total_len1 = s1.total_len;
@ -620,7 +613,7 @@ update_224_256(Hacl_Streaming_SHA2_state_sha2_224 *p, uint8_t *data, uint32_t le
*p
=
(
(Hacl_Streaming_SHA2_state_sha2_224){
(Hacl_Streaming_MD_state_32){
.block_state = block_state1,
.buf = buf,
.total_len = total_len1 + (uint64_t)len
@ -632,7 +625,7 @@ update_224_256(Hacl_Streaming_SHA2_state_sha2_224 *p, uint8_t *data, uint32_t le
uint32_t diff = (uint32_t)64U - sz;
uint8_t *data1 = data;
uint8_t *data2 = data + diff;
Hacl_Streaming_SHA2_state_sha2_224 s1 = *p;
Hacl_Streaming_MD_state_32 s1 = *p;
uint32_t *block_state10 = s1.block_state;
uint8_t *buf0 = s1.buf;
uint64_t total_len10 = s1.total_len;
@ -651,13 +644,13 @@ update_224_256(Hacl_Streaming_SHA2_state_sha2_224 *p, uint8_t *data, uint32_t le
*p
=
(
(Hacl_Streaming_SHA2_state_sha2_224){
(Hacl_Streaming_MD_state_32){
.block_state = block_state10,
.buf = buf0,
.total_len = total_len2
}
);
Hacl_Streaming_SHA2_state_sha2_224 s10 = *p;
Hacl_Streaming_MD_state_32 s10 = *p;
uint32_t *block_state1 = s10.block_state;
uint8_t *buf = s10.buf;
uint64_t total_len1 = s10.total_len;
@ -700,7 +693,7 @@ update_224_256(Hacl_Streaming_SHA2_state_sha2_224 *p, uint8_t *data, uint32_t le
*p
=
(
(Hacl_Streaming_SHA2_state_sha2_224){
(Hacl_Streaming_MD_state_32){
.block_state = block_state1,
.buf = buf,
.total_len = total_len1 + (uint64_t)(len - diff)
@ -719,7 +712,7 @@ This function is identical to the update function for SHA2_224.
*/
uint32_t
Hacl_Streaming_SHA2_update_256(
Hacl_Streaming_SHA2_state_sha2_224 *p,
Hacl_Streaming_MD_state_32 *p,
uint8_t *input,
uint32_t input_len
)
@ -733,9 +726,9 @@ valid after a call to `finish_256`, meaning the user may feed more data into
the hash via `update_256`. (The finish_256 function operates on an internal copy of
the state and therefore does not invalidate the client-held state `p`.)
*/
void Hacl_Streaming_SHA2_finish_256(Hacl_Streaming_SHA2_state_sha2_224 *p, uint8_t *dst)
void Hacl_Streaming_SHA2_finish_256(Hacl_Streaming_MD_state_32 *p, uint8_t *dst)
{
Hacl_Streaming_SHA2_state_sha2_224 scrut = *p;
Hacl_Streaming_MD_state_32 scrut = *p;
uint32_t *block_state = scrut.block_state;
uint8_t *buf_ = scrut.buf;
uint64_t total_len = scrut.total_len;
@ -773,9 +766,9 @@ Free a state allocated with `create_in_256`.
This function is identical to the free function for SHA2_224.
*/
void Hacl_Streaming_SHA2_free_256(Hacl_Streaming_SHA2_state_sha2_224 *s)
void Hacl_Streaming_SHA2_free_256(Hacl_Streaming_MD_state_32 *s)
{
Hacl_Streaming_SHA2_state_sha2_224 scrut = *s;
Hacl_Streaming_MD_state_32 scrut = *s;
uint8_t *buf = scrut.buf;
uint32_t *block_state = scrut.block_state;
KRML_HOST_FREE(block_state);
@ -802,36 +795,33 @@ void Hacl_Streaming_SHA2_sha256(uint8_t *input, uint32_t input_len, uint8_t *dst
sha256_finish(st, rb);
}
Hacl_Streaming_SHA2_state_sha2_224 *Hacl_Streaming_SHA2_create_in_224(void)
Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA2_create_in_224(void)
{
uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint8_t));
uint32_t *block_state = (uint32_t *)KRML_HOST_CALLOC((uint32_t)8U, sizeof (uint32_t));
Hacl_Streaming_SHA2_state_sha2_224
Hacl_Streaming_MD_state_32
s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
Hacl_Streaming_SHA2_state_sha2_224
*p =
(Hacl_Streaming_SHA2_state_sha2_224 *)KRML_HOST_MALLOC(sizeof (
Hacl_Streaming_SHA2_state_sha2_224
));
Hacl_Streaming_MD_state_32
*p = (Hacl_Streaming_MD_state_32 *)KRML_HOST_MALLOC(sizeof (Hacl_Streaming_MD_state_32));
p[0U] = s;
sha224_init(block_state);
return p;
}
void Hacl_Streaming_SHA2_init_224(Hacl_Streaming_SHA2_state_sha2_224 *s)
void Hacl_Streaming_SHA2_init_224(Hacl_Streaming_MD_state_32 *s)
{
Hacl_Streaming_SHA2_state_sha2_224 scrut = *s;
Hacl_Streaming_MD_state_32 scrut = *s;
uint8_t *buf = scrut.buf;
uint32_t *block_state = scrut.block_state;
sha224_init(block_state);
Hacl_Streaming_SHA2_state_sha2_224
Hacl_Streaming_MD_state_32
tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
s[0U] = tmp;
}
uint32_t
Hacl_Streaming_SHA2_update_224(
Hacl_Streaming_SHA2_state_sha2_224 *p,
Hacl_Streaming_MD_state_32 *p,
uint8_t *input,
uint32_t input_len
)
@ -844,9 +834,9 @@ Write the resulting hash into `dst`, an array of 28 bytes. The state remains
valid after a call to `finish_224`, meaning the user may feed more data into
the hash via `update_224`.
*/
void Hacl_Streaming_SHA2_finish_224(Hacl_Streaming_SHA2_state_sha2_224 *p, uint8_t *dst)
void Hacl_Streaming_SHA2_finish_224(Hacl_Streaming_MD_state_32 *p, uint8_t *dst)
{
Hacl_Streaming_SHA2_state_sha2_224 scrut = *p;
Hacl_Streaming_MD_state_32 scrut = *p;
uint32_t *block_state = scrut.block_state;
uint8_t *buf_ = scrut.buf;
uint64_t total_len = scrut.total_len;
@ -879,7 +869,7 @@ void Hacl_Streaming_SHA2_finish_224(Hacl_Streaming_SHA2_state_sha2_224 *p, uint8
sha224_finish(tmp_block_state, dst);
}
void Hacl_Streaming_SHA2_free_224(Hacl_Streaming_SHA2_state_sha2_224 *p)
void Hacl_Streaming_SHA2_free_224(Hacl_Streaming_MD_state_32 *p)
{
Hacl_Streaming_SHA2_free_256(p);
}
@ -903,17 +893,14 @@ void Hacl_Streaming_SHA2_sha224(uint8_t *input, uint32_t input_len, uint8_t *dst
sha224_finish(st, rb);
}
Hacl_Streaming_SHA2_state_sha2_384 *Hacl_Streaming_SHA2_create_in_512(void)
Hacl_Streaming_MD_state_64 *Hacl_Streaming_SHA2_create_in_512(void)
{
uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)128U, sizeof (uint8_t));
uint64_t *block_state = (uint64_t *)KRML_HOST_CALLOC((uint32_t)8U, sizeof (uint64_t));
Hacl_Streaming_SHA2_state_sha2_384
Hacl_Streaming_MD_state_64
s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
Hacl_Streaming_SHA2_state_sha2_384
*p =
(Hacl_Streaming_SHA2_state_sha2_384 *)KRML_HOST_MALLOC(sizeof (
Hacl_Streaming_SHA2_state_sha2_384
));
Hacl_Streaming_MD_state_64
*p = (Hacl_Streaming_MD_state_64 *)KRML_HOST_MALLOC(sizeof (Hacl_Streaming_MD_state_64));
p[0U] = s;
Hacl_SHA2_Scalar32_sha512_init(block_state);
return p;
@ -925,10 +912,9 @@ The state is to be freed by calling `free_512`. Cloning the state this way is
useful, for instance, if your control-flow diverges and you need to feed
more (different) data into the hash in each branch.
*/
Hacl_Streaming_SHA2_state_sha2_384
*Hacl_Streaming_SHA2_copy_512(Hacl_Streaming_SHA2_state_sha2_384 *s0)
Hacl_Streaming_MD_state_64 *Hacl_Streaming_SHA2_copy_512(Hacl_Streaming_MD_state_64 *s0)
{
Hacl_Streaming_SHA2_state_sha2_384 scrut = *s0;
Hacl_Streaming_MD_state_64 scrut = *s0;
uint64_t *block_state0 = scrut.block_state;
uint8_t *buf0 = scrut.buf;
uint64_t total_len0 = scrut.total_len;
@ -936,32 +922,29 @@ Hacl_Streaming_SHA2_state_sha2_384
memcpy(buf, buf0, (uint32_t)128U * sizeof (uint8_t));
uint64_t *block_state = (uint64_t *)KRML_HOST_CALLOC((uint32_t)8U, sizeof (uint64_t));
memcpy(block_state, block_state0, (uint32_t)8U * sizeof (uint64_t));
Hacl_Streaming_SHA2_state_sha2_384
Hacl_Streaming_MD_state_64
s = { .block_state = block_state, .buf = buf, .total_len = total_len0 };
Hacl_Streaming_SHA2_state_sha2_384
*p =
(Hacl_Streaming_SHA2_state_sha2_384 *)KRML_HOST_MALLOC(sizeof (
Hacl_Streaming_SHA2_state_sha2_384
));
Hacl_Streaming_MD_state_64
*p = (Hacl_Streaming_MD_state_64 *)KRML_HOST_MALLOC(sizeof (Hacl_Streaming_MD_state_64));
p[0U] = s;
return p;
}
void Hacl_Streaming_SHA2_init_512(Hacl_Streaming_SHA2_state_sha2_384 *s)
void Hacl_Streaming_SHA2_init_512(Hacl_Streaming_MD_state_64 *s)
{
Hacl_Streaming_SHA2_state_sha2_384 scrut = *s;
Hacl_Streaming_MD_state_64 scrut = *s;
uint8_t *buf = scrut.buf;
uint64_t *block_state = scrut.block_state;
Hacl_SHA2_Scalar32_sha512_init(block_state);
Hacl_Streaming_SHA2_state_sha2_384
Hacl_Streaming_MD_state_64
tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
s[0U] = tmp;
}
static inline uint32_t
update_384_512(Hacl_Streaming_SHA2_state_sha2_384 *p, uint8_t *data, uint32_t len)
update_384_512(Hacl_Streaming_MD_state_64 *p, uint8_t *data, uint32_t len)
{
Hacl_Streaming_SHA2_state_sha2_384 s = *p;
Hacl_Streaming_MD_state_64 s = *p;
uint64_t total_len = s.total_len;
if ((uint64_t)len > (uint64_t)18446744073709551615U - total_len)
{
@ -978,7 +961,7 @@ update_384_512(Hacl_Streaming_SHA2_state_sha2_384 *p, uint8_t *data, uint32_t le
}
if (len <= (uint32_t)128U - sz)
{
Hacl_Streaming_SHA2_state_sha2_384 s1 = *p;
Hacl_Streaming_MD_state_64 s1 = *p;
uint64_t *block_state1 = s1.block_state;
uint8_t *buf = s1.buf;
uint64_t total_len1 = s1.total_len;
@ -997,7 +980,7 @@ update_384_512(Hacl_Streaming_SHA2_state_sha2_384 *p, uint8_t *data, uint32_t le
*p
=
(
(Hacl_Streaming_SHA2_state_sha2_384){
(Hacl_Streaming_MD_state_64){
.block_state = block_state1,
.buf = buf,
.total_len = total_len2
@ -1006,7 +989,7 @@ update_384_512(Hacl_Streaming_SHA2_state_sha2_384 *p, uint8_t *data, uint32_t le
}
else if (sz == (uint32_t)0U)
{
Hacl_Streaming_SHA2_state_sha2_384 s1 = *p;
Hacl_Streaming_MD_state_64 s1 = *p;
uint64_t *block_state1 = s1.block_state;
uint8_t *buf = s1.buf;
uint64_t total_len1 = s1.total_len;
@ -1043,7 +1026,7 @@ update_384_512(Hacl_Streaming_SHA2_state_sha2_384 *p, uint8_t *data, uint32_t le
*p
=
(
(Hacl_Streaming_SHA2_state_sha2_384){
(Hacl_Streaming_MD_state_64){
.block_state = block_state1,
.buf = buf,
.total_len = total_len1 + (uint64_t)len
@ -1055,7 +1038,7 @@ update_384_512(Hacl_Streaming_SHA2_state_sha2_384 *p, uint8_t *data, uint32_t le
uint32_t diff = (uint32_t)128U - sz;
uint8_t *data1 = data;
uint8_t *data2 = data + diff;
Hacl_Streaming_SHA2_state_sha2_384 s1 = *p;
Hacl_Streaming_MD_state_64 s1 = *p;
uint64_t *block_state10 = s1.block_state;
uint8_t *buf0 = s1.buf;
uint64_t total_len10 = s1.total_len;
@ -1074,13 +1057,13 @@ update_384_512(Hacl_Streaming_SHA2_state_sha2_384 *p, uint8_t *data, uint32_t le
*p
=
(
(Hacl_Streaming_SHA2_state_sha2_384){
(Hacl_Streaming_MD_state_64){
.block_state = block_state10,
.buf = buf0,
.total_len = total_len2
}
);
Hacl_Streaming_SHA2_state_sha2_384 s10 = *p;
Hacl_Streaming_MD_state_64 s10 = *p;
uint64_t *block_state1 = s10.block_state;
uint8_t *buf = s10.buf;
uint64_t total_len1 = s10.total_len;
@ -1123,7 +1106,7 @@ update_384_512(Hacl_Streaming_SHA2_state_sha2_384 *p, uint8_t *data, uint32_t le
*p
=
(
(Hacl_Streaming_SHA2_state_sha2_384){
(Hacl_Streaming_MD_state_64){
.block_state = block_state1,
.buf = buf,
.total_len = total_len1 + (uint64_t)(len - diff)
@ -1142,7 +1125,7 @@ This function is identical to the update function for SHA2_384.
*/
uint32_t
Hacl_Streaming_SHA2_update_512(
Hacl_Streaming_SHA2_state_sha2_384 *p,
Hacl_Streaming_MD_state_64 *p,
uint8_t *input,
uint32_t input_len
)
@ -1156,9 +1139,9 @@ valid after a call to `finish_512`, meaning the user may feed more data into
the hash via `update_512`. (The finish_512 function operates on an internal copy of
the state and therefore does not invalidate the client-held state `p`.)
*/
void Hacl_Streaming_SHA2_finish_512(Hacl_Streaming_SHA2_state_sha2_384 *p, uint8_t *dst)
void Hacl_Streaming_SHA2_finish_512(Hacl_Streaming_MD_state_64 *p, uint8_t *dst)
{
Hacl_Streaming_SHA2_state_sha2_384 scrut = *p;
Hacl_Streaming_MD_state_64 scrut = *p;
uint64_t *block_state = scrut.block_state;
uint8_t *buf_ = scrut.buf;
uint64_t total_len = scrut.total_len;
@ -1200,9 +1183,9 @@ Free a state allocated with `create_in_512`.
This function is identical to the free function for SHA2_384.
*/
void Hacl_Streaming_SHA2_free_512(Hacl_Streaming_SHA2_state_sha2_384 *s)
void Hacl_Streaming_SHA2_free_512(Hacl_Streaming_MD_state_64 *s)
{
Hacl_Streaming_SHA2_state_sha2_384 scrut = *s;
Hacl_Streaming_MD_state_64 scrut = *s;
uint8_t *buf = scrut.buf;
uint64_t *block_state = scrut.block_state;
KRML_HOST_FREE(block_state);
@ -1229,36 +1212,33 @@ void Hacl_Streaming_SHA2_sha512(uint8_t *input, uint32_t input_len, uint8_t *dst
sha512_finish(st, rb);
}
Hacl_Streaming_SHA2_state_sha2_384 *Hacl_Streaming_SHA2_create_in_384(void)
Hacl_Streaming_MD_state_64 *Hacl_Streaming_SHA2_create_in_384(void)
{
uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)128U, sizeof (uint8_t));
uint64_t *block_state = (uint64_t *)KRML_HOST_CALLOC((uint32_t)8U, sizeof (uint64_t));
Hacl_Streaming_SHA2_state_sha2_384
Hacl_Streaming_MD_state_64
s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
Hacl_Streaming_SHA2_state_sha2_384
*p =
(Hacl_Streaming_SHA2_state_sha2_384 *)KRML_HOST_MALLOC(sizeof (
Hacl_Streaming_SHA2_state_sha2_384
));
Hacl_Streaming_MD_state_64
*p = (Hacl_Streaming_MD_state_64 *)KRML_HOST_MALLOC(sizeof (Hacl_Streaming_MD_state_64));
p[0U] = s;
sha384_init(block_state);
return p;
}
void Hacl_Streaming_SHA2_init_384(Hacl_Streaming_SHA2_state_sha2_384 *s)
void Hacl_Streaming_SHA2_init_384(Hacl_Streaming_MD_state_64 *s)
{
Hacl_Streaming_SHA2_state_sha2_384 scrut = *s;
Hacl_Streaming_MD_state_64 scrut = *s;
uint8_t *buf = scrut.buf;
uint64_t *block_state = scrut.block_state;
sha384_init(block_state);
Hacl_Streaming_SHA2_state_sha2_384
Hacl_Streaming_MD_state_64
tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
s[0U] = tmp;
}
uint32_t
Hacl_Streaming_SHA2_update_384(
Hacl_Streaming_SHA2_state_sha2_384 *p,
Hacl_Streaming_MD_state_64 *p,
uint8_t *input,
uint32_t input_len
)
@ -1271,9 +1251,9 @@ Write the resulting hash into `dst`, an array of 48 bytes. The state remains
valid after a call to `finish_384`, meaning the user may feed more data into
the hash via `update_384`.
*/
void Hacl_Streaming_SHA2_finish_384(Hacl_Streaming_SHA2_state_sha2_384 *p, uint8_t *dst)
void Hacl_Streaming_SHA2_finish_384(Hacl_Streaming_MD_state_64 *p, uint8_t *dst)
{
Hacl_Streaming_SHA2_state_sha2_384 scrut = *p;
Hacl_Streaming_MD_state_64 scrut = *p;
uint64_t *block_state = scrut.block_state;
uint8_t *buf_ = scrut.buf;
uint64_t total_len = scrut.total_len;
@ -1310,7 +1290,7 @@ void Hacl_Streaming_SHA2_finish_384(Hacl_Streaming_SHA2_state_sha2_384 *p, uint8
sha384_finish(tmp_block_state, dst);
}
void Hacl_Streaming_SHA2_free_384(Hacl_Streaming_SHA2_state_sha2_384 *p)
void Hacl_Streaming_SHA2_free_384(Hacl_Streaming_MD_state_64 *p)
{
Hacl_Streaming_SHA2_free_512(p);
}

67
Modules/_hacl/Hacl_Streaming_SHA2.h
View File

@ -36,33 +36,22 @@ extern "C" {
#include "krml/lowstar_endianness.h"
#include "krml/internal/target.h"
#include "Hacl_Streaming_Types.h"
typedef struct Hacl_Streaming_SHA2_state_sha2_224_s
{
uint32_t *block_state;
uint8_t *buf;
uint64_t total_len;
}
Hacl_Streaming_SHA2_state_sha2_224;
typedef Hacl_Streaming_MD_state_32 Hacl_Streaming_SHA2_state_sha2_224;
typedef Hacl_Streaming_SHA2_state_sha2_224 Hacl_Streaming_SHA2_state_sha2_256;
typedef Hacl_Streaming_MD_state_32 Hacl_Streaming_SHA2_state_sha2_256;
typedef struct Hacl_Streaming_SHA2_state_sha2_384_s
{
uint64_t *block_state;
uint8_t *buf;
uint64_t total_len;
}
Hacl_Streaming_SHA2_state_sha2_384;
typedef Hacl_Streaming_MD_state_64 Hacl_Streaming_SHA2_state_sha2_384;
typedef Hacl_Streaming_SHA2_state_sha2_384 Hacl_Streaming_SHA2_state_sha2_512;
typedef Hacl_Streaming_MD_state_64 Hacl_Streaming_SHA2_state_sha2_512;
/**
Allocate initial state for the SHA2_256 hash. The state is to be freed by
calling `free_256`.
*/
Hacl_Streaming_SHA2_state_sha2_224 *Hacl_Streaming_SHA2_create_in_256(void);
Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA2_create_in_256(void);
/**
Copies the state passed as argument into a newly allocated state (deep copy).
@ -70,13 +59,12 @@ The state is to be freed by calling `free_256`. Cloning the state this way is
useful, for instance, if your control-flow diverges and you need to feed
more (different) data into the hash in each branch.
*/
Hacl_Streaming_SHA2_state_sha2_224
*Hacl_Streaming_SHA2_copy_256(Hacl_Streaming_SHA2_state_sha2_224 *s0);
Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA2_copy_256(Hacl_Streaming_MD_state_32 *s0);
/**
Reset an existing state to the initial hash state with empty data.
*/
void Hacl_Streaming_SHA2_init_256(Hacl_Streaming_SHA2_state_sha2_224 *s);
void Hacl_Streaming_SHA2_init_256(Hacl_Streaming_MD_state_32 *s);
/**
Feed an arbitrary amount of data into the hash. This function returns 0 for
@ -87,7 +75,7 @@ This function is identical to the update function for SHA2_224.
*/
uint32_t
Hacl_Streaming_SHA2_update_256(
Hacl_Streaming_SHA2_state_sha2_224 *p,
Hacl_Streaming_MD_state_32 *p,
uint8_t *input,
uint32_t input_len
);
@ -98,27 +86,27 @@ valid after a call to `finish_256`, meaning the user may feed more data into
the hash via `update_256`. (The finish_256 function operates on an internal copy of
the state and therefore does not invalidate the client-held state `p`.)
*/
void Hacl_Streaming_SHA2_finish_256(Hacl_Streaming_SHA2_state_sha2_224 *p, uint8_t *dst);
void Hacl_Streaming_SHA2_finish_256(Hacl_Streaming_MD_state_32 *p, uint8_t *dst);
/**
Free a state allocated with `create_in_256`.
This function is identical to the free function for SHA2_224.
*/
void Hacl_Streaming_SHA2_free_256(Hacl_Streaming_SHA2_state_sha2_224 *s);
void Hacl_Streaming_SHA2_free_256(Hacl_Streaming_MD_state_32 *s);
/**
Hash `input`, of len `input_len`, into `dst`, an array of 32 bytes.
*/
void Hacl_Streaming_SHA2_sha256(uint8_t *input, uint32_t input_len, uint8_t *dst);
Hacl_Streaming_SHA2_state_sha2_224 *Hacl_Streaming_SHA2_create_in_224(void);
Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA2_create_in_224(void);
void Hacl_Streaming_SHA2_init_224(Hacl_Streaming_SHA2_state_sha2_224 *s);
void Hacl_Streaming_SHA2_init_224(Hacl_Streaming_MD_state_32 *s);
uint32_t
Hacl_Streaming_SHA2_update_224(
Hacl_Streaming_SHA2_state_sha2_224 *p,
Hacl_Streaming_MD_state_32 *p,
uint8_t *input,
uint32_t input_len
);
@ -128,16 +116,16 @@ Write the resulting hash into `dst`, an array of 28 bytes. The state remains
valid after a call to `finish_224`, meaning the user may feed more data into
the hash via `update_224`.
*/
void Hacl_Streaming_SHA2_finish_224(Hacl_Streaming_SHA2_state_sha2_224 *p, uint8_t *dst);
void Hacl_Streaming_SHA2_finish_224(Hacl_Streaming_MD_state_32 *p, uint8_t *dst);
void Hacl_Streaming_SHA2_free_224(Hacl_Streaming_SHA2_state_sha2_224 *p);
void Hacl_Streaming_SHA2_free_224(Hacl_Streaming_MD_state_32 *p);
/**
Hash `input`, of len `input_len`, into `dst`, an array of 28 bytes.
*/
void Hacl_Streaming_SHA2_sha224(uint8_t *input, uint32_t input_len, uint8_t *dst);
Hacl_Streaming_SHA2_state_sha2_384 *Hacl_Streaming_SHA2_create_in_512(void);
Hacl_Streaming_MD_state_64 *Hacl_Streaming_SHA2_create_in_512(void);
/**
Copies the state passed as argument into a newly allocated state (deep copy).
@ -145,10 +133,9 @@ The state is to be freed by calling `free_512`. Cloning the state this way is
useful, for instance, if your control-flow diverges and you need to feed
more (different) data into the hash in each branch.
*/
Hacl_Streaming_SHA2_state_sha2_384
*Hacl_Streaming_SHA2_copy_512(Hacl_Streaming_SHA2_state_sha2_384 *s0);
Hacl_Streaming_MD_state_64 *Hacl_Streaming_SHA2_copy_512(Hacl_Streaming_MD_state_64 *s0);
void Hacl_Streaming_SHA2_init_512(Hacl_Streaming_SHA2_state_sha2_384 *s);
void Hacl_Streaming_SHA2_init_512(Hacl_Streaming_MD_state_64 *s);
/**
Feed an arbitrary amount of data into the hash. This function returns 0 for
@ -159,7 +146,7 @@ This function is identical to the update function for SHA2_384.
*/
uint32_t
Hacl_Streaming_SHA2_update_512(
Hacl_Streaming_SHA2_state_sha2_384 *p,
Hacl_Streaming_MD_state_64 *p,
uint8_t *input,
uint32_t input_len
);
@ -170,27 +157,27 @@ valid after a call to `finish_512`, meaning the user may feed more data into
the hash via `update_512`. (The finish_512 function operates on an internal copy of
the state and therefore does not invalidate the client-held state `p`.)
*/
void Hacl_Streaming_SHA2_finish_512(Hacl_Streaming_SHA2_state_sha2_384 *p, uint8_t *dst);
void Hacl_Streaming_SHA2_finish_512(Hacl_Streaming_MD_state_64 *p, uint8_t *dst);
/**
Free a state allocated with `create_in_512`.
This function is identical to the free function for SHA2_384.
*/
void Hacl_Streaming_SHA2_free_512(Hacl_Streaming_SHA2_state_sha2_384 *s);
void Hacl_Streaming_SHA2_free_512(Hacl_Streaming_MD_state_64 *s);
/**
Hash `input`, of len `input_len`, into `dst`, an array of 64 bytes.
*/
void Hacl_Streaming_SHA2_sha512(uint8_t *input, uint32_t input_len, uint8_t *dst);
Hacl_Streaming_SHA2_state_sha2_384 *Hacl_Streaming_SHA2_create_in_384(void);
Hacl_Streaming_MD_state_64 *Hacl_Streaming_SHA2_create_in_384(void);
void Hacl_Streaming_SHA2_init_384(Hacl_Streaming_SHA2_state_sha2_384 *s);
void Hacl_Streaming_SHA2_init_384(Hacl_Streaming_MD_state_64 *s);
uint32_t
Hacl_Streaming_SHA2_update_384(
Hacl_Streaming_SHA2_state_sha2_384 *p,
Hacl_Streaming_MD_state_64 *p,
uint8_t *input,
uint32_t input_len
);
@ -200,9 +187,9 @@ Write the resulting hash into `dst`, an array of 48 bytes. The state remains
valid after a call to `finish_384`, meaning the user may feed more data into
the hash via `update_384`.
*/
void Hacl_Streaming_SHA2_finish_384(Hacl_Streaming_SHA2_state_sha2_384 *p, uint8_t *dst);
void Hacl_Streaming_SHA2_finish_384(Hacl_Streaming_MD_state_64 *p, uint8_t *dst);
void Hacl_Streaming_SHA2_free_384(Hacl_Streaming_SHA2_state_sha2_384 *p);
void Hacl_Streaming_SHA2_free_384(Hacl_Streaming_MD_state_64 *p);
/**
Hash `input`, of len `input_len`, into `dst`, an array of 48 bytes.

59
Modules/_hacl/Hacl_Streaming_Types.h Normal file
View File

@ -0,0 +1,59 @@
/* MIT License
*
* Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
* Copyright (c) 2022-2023 HACL* Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#ifndef __Hacl_Streaming_Types_H
#define __Hacl_Streaming_Types_H
#if defined(__cplusplus)
extern "C" {
#endif
#include <string.h>
#include "krml/types.h"
#include "krml/lowstar_endianness.h"
#include "krml/internal/target.h"
typedef struct Hacl_Streaming_MD_state_32_s
{
uint32_t *block_state;
uint8_t *buf;
uint64_t total_len;
}
Hacl_Streaming_MD_state_32;
typedef struct Hacl_Streaming_MD_state_64_s
{
uint64_t *block_state;
uint8_t *buf;
uint64_t total_len;
}
Hacl_Streaming_MD_state_64;
#if defined(__cplusplus)
}
#endif
#define __Hacl_Streaming_Types_H_DEFINED
#endif

3
Modules/_hacl/include/krml/FStar_UInt128_Verified.h
View File

@ -7,13 +7,12 @@
#ifndef __FStar_UInt128_Verified_H
#define __FStar_UInt128_Verified_H
#include "FStar_UInt_8_16_32_64.h"
#include <inttypes.h>
#include <stdbool.h>
#include "krml/types.h"
#include "krml/internal/target.h"
static inline uint64_t FStar_UInt128_constant_time_carry(uint64_t a, uint64_t b)
{
return (a ^ ((a ^ b) | ((a - b) ^ b))) >> (uint32_t)63U;

4
Modules/_hacl/include/krml/FStar_UInt_8_16_32_64.h
View File

@ -7,15 +7,13 @@
#ifndef __FStar_UInt_8_16_32_64_H
#define __FStar_UInt_8_16_32_64_H
#include <inttypes.h>
#include <stdbool.h>
#include "krml/lowstar_endianness.h"
#include "krml/types.h"
#include "krml/internal/target.h"
static inline uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b)
{
uint64_t x = a ^ b;

4
Modules/_hacl/include/krml/internal/target.h
View File

@ -31,6 +31,10 @@
# define KRML_HOST_FREE free
#endif
#ifndef KRML_HOST_IGNORE
# define KRML_HOST_IGNORE(x) (void)(x)
#endif
/* Macros for prettier unrolling of loops */
#define KRML_LOOP1(i, n, x) { \
x \

61
Modules/_hacl/internal/Hacl_Hash_MD5.h Normal file
View File

@ -0,0 +1,61 @@
/* MIT License
*
* Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
* Copyright (c) 2022-2023 HACL* Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#ifndef __internal_Hacl_Hash_MD5_H
#define __internal_Hacl_Hash_MD5_H
#if defined(__cplusplus)
extern "C" {
#endif
#include <string.h>
#include "krml/types.h"
#include "krml/lowstar_endianness.h"
#include "krml/internal/target.h"
#include "../Hacl_Hash_MD5.h"
void Hacl_Hash_Core_MD5_legacy_init(uint32_t *s);
void Hacl_Hash_Core_MD5_legacy_finish(uint32_t *s, uint8_t *dst);
void Hacl_Hash_MD5_legacy_update_multi(uint32_t *s, uint8_t *blocks, uint32_t n_blocks);
void
Hacl_Hash_MD5_legacy_update_last(
uint32_t *s,
uint64_t prev_len,
uint8_t *input,
uint32_t input_len
);
void Hacl_Hash_MD5_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst);
#if defined(__cplusplus)
}
#endif
#define __internal_Hacl_Hash_MD5_H_DEFINED
#endif

61
Modules/_hacl/internal/Hacl_Hash_SHA1.h Normal file
View File

@ -0,0 +1,61 @@
/* MIT License
*
* Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
* Copyright (c) 2022-2023 HACL* Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#ifndef __internal_Hacl_Hash_SHA1_H
#define __internal_Hacl_Hash_SHA1_H
#if defined(__cplusplus)
extern "C" {
#endif
#include <string.h>
#include "krml/types.h"
#include "krml/lowstar_endianness.h"
#include "krml/internal/target.h"
#include "../Hacl_Hash_SHA1.h"
void Hacl_Hash_Core_SHA1_legacy_init(uint32_t *s);
void Hacl_Hash_Core_SHA1_legacy_finish(uint32_t *s, uint8_t *dst);
void Hacl_Hash_SHA1_legacy_update_multi(uint32_t *s, uint8_t *blocks, uint32_t n_blocks);
void
Hacl_Hash_SHA1_legacy_update_last(
uint32_t *s,
uint64_t prev_len,
uint8_t *input,
uint32_t input_len
);
void Hacl_Hash_SHA1_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst);
#if defined(__cplusplus)
}
#endif
#define __internal_Hacl_Hash_SHA1_H_DEFINED
#endif

17
Modules/_hacl/python_hacl_namespaces.h
View File

@ -43,4 +43,21 @@
#define Hacl_Streaming_SHA2_sha512 python_hashlib_Hacl_Streaming_SHA2_sha512
#define Hacl_Streaming_SHA2_sha384 python_hashlib_Hacl_Streaming_SHA2_sha384
#define Hacl_Streaming_MD5_legacy_create_in python_hashlib_Hacl_Streaming_MD5_legacy_create_in
#define Hacl_Streaming_MD5_legacy_init python_hashlib_Hacl_Streaming_MD5_legacy_init
#define Hacl_Streaming_MD5_legacy_update python_hashlib_Hacl_Streaming_MD5_legacy_update
#define Hacl_Streaming_MD5_legacy_finish python_hashlib_Hacl_Streaming_MD5_legacy_finish
#define Hacl_Streaming_MD5_legacy_free python_hashlib_Hacl_Streaming_MD5_legacy_free
#define Hacl_Streaming_MD5_legacy_copy python_hashlib_Hacl_Streaming_MD5_legacy_copy
#define Hacl_Streaming_MD5_legacy_hash python_hashlib_Hacl_Streaming_MD5_legacy_hash
#define Hacl_Streaming_SHA1_legacy_create_in python_hashlib_Hacl_Streaming_SHA1_legacy_create_in
#define Hacl_Streaming_SHA1_legacy_init python_hashlib_Hacl_Streaming_SHA1_legacy_init
#define Hacl_Streaming_SHA1_legacy_update python_hashlib_Hacl_Streaming_SHA1_legacy_update
#define Hacl_Streaming_SHA1_legacy_finish python_hashlib_Hacl_Streaming_SHA1_legacy_finish
#define Hacl_Streaming_SHA1_legacy_free python_hashlib_Hacl_Streaming_SHA1_legacy_free
#define Hacl_Streaming_SHA1_legacy_copy python_hashlib_Hacl_Streaming_SHA1_legacy_copy
#define Hacl_Streaming_SHA1_legacy_hash python_hashlib_Hacl_Streaming_SHA1_legacy_hash
#endif // _PYTHON_HACL_NAMESPACES_H

9
Modules/_hacl/refresh.sh
View File

@ -22,7 +22,7 @@ fi
# Update this when updating to a new version after verifying that the changes
# the update brings in are good.
expected_hacl_star_rev=4751fc2b11639f651718abf8522fcc36902ca67c
expected_hacl_star_rev=13e0c6721ac9206c4249ecc1dc04ed617ad1e262
hacl_dir="$(realpath "$1")"
cd "$(dirname "$0")"
@ -41,8 +41,15 @@ fi
declare -a dist_files
dist_files=(
Hacl_Streaming_SHA2.h
Hacl_Streaming_Types.h
Hacl_Hash_SHA1.h
internal/Hacl_Hash_SHA1.h
Hacl_Hash_MD5.h
internal/Hacl_Hash_MD5.h
internal/Hacl_SHA2_Generic.h
Hacl_Streaming_SHA2.c
Hacl_Hash_SHA1.c
Hacl_Hash_MD5.c
)
declare -a include_files

304
Modules/md5module.c
View File

@ -43,283 +43,17 @@ typedef long long MD5_INT64; /* 64-bit integer */
#define MD5_BLOCKSIZE 64
#define MD5_DIGESTSIZE 16
/* The structure for storing MD5 info */
#include "_hacl/Hacl_Hash_MD5.h"
struct md5_state {
MD5_INT64 length;
MD5_INT32 state[4], curlen;
unsigned char buf[MD5_BLOCKSIZE];
};
typedef struct {
PyObject_HEAD
struct md5_state hash_state;
Hacl_Streaming_MD5_state *hash_state;
} MD5object;
#include "clinic/md5module.c.h"
/* ------------------------------------------------------------------------
*
* This code for the MD5 algorithm was noted as public domain. The
* original headers are pasted below.
*
* Several changes have been made to make it more compatible with the
* Python environment and desired interface.
*
*/
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, https://www.libtom.net
*/
/* rotate the hard way (platform optimizations could be done) */
#define ROLc(x, y) ( (((unsigned long)(x)<<(unsigned long)((y)&31)) | (((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL)
/* Endian Neutral macros that work on all platforms */
#define STORE32L(x, y) \
{ (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \
(y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); }
#define LOAD32L(x, y) \
{ x = ((unsigned long)((y)[3] & 255)<<24) | \
((unsigned long)((y)[2] & 255)<<16) | \
((unsigned long)((y)[1] & 255)<<8) | \
((unsigned long)((y)[0] & 255)); }
#define STORE64L(x, y) \
{ (y)[7] = (unsigned char)(((x)>>56)&255); (y)[6] = (unsigned char)(((x)>>48)&255); \
(y)[5] = (unsigned char)(((x)>>40)&255); (y)[4] = (unsigned char)(((x)>>32)&255); \
(y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \
(y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); }
/* MD5 macros */
#define F(x,y,z) (z ^ (x & (y ^ z)))
#define G(x,y,z) (y ^ (z & (y ^ x)))
#define H(x,y,z) (x^y^z)
#define I(x,y,z) (y^(x|(~z)))
#define FF(a,b,c,d,M,s,t) \
a = (a + F(b,c,d) + M + t); a = ROLc(a, s) + b;
#define GG(a,b,c,d,M,s,t) \
a = (a + G(b,c,d) + M + t); a = ROLc(a, s) + b;
#define HH(a,b,c,d,M,s,t) \
a = (a + H(b,c,d) + M + t); a = ROLc(a, s) + b;
#define II(a,b,c,d,M,s,t) \
a = (a + I(b,c,d) + M + t); a = ROLc(a, s) + b;
static void md5_compress(struct md5_state *md5, const unsigned char *buf)
{
MD5_INT32 i, W[16], a, b, c, d;
assert(md5 != NULL);
assert(buf != NULL);
/* copy the state into 512-bits into W[0..15] */
for (i = 0; i < 16; i++) {
LOAD32L(W[i], buf + (4*i));
}
/* copy state */
a = md5->state[0];
b = md5->state[1];
c = md5->state[2];
d = md5->state[3];
FF(a,b,c,d,W[0],7,0xd76aa478UL)
FF(d,a,b,c,W[1],12,0xe8c7b756UL)
FF(c,d,a,b,W[2],17,0x242070dbUL)
FF(b,c,d,a,W[3],22,0xc1bdceeeUL)
FF(a,b,c,d,W[4],7,0xf57c0fafUL)
FF(d,a,b,c,W[5],12,0x4787c62aUL)
FF(c,d,a,b,W[6],17,0xa8304613UL)
FF(b,c,d,a,W[7],22,0xfd469501UL)
FF(a,b,c,d,W[8],7,0x698098d8UL)
FF(d,a,b,c,W[9],12,0x8b44f7afUL)
FF(c,d,a,b,W[10],17,0xffff5bb1UL)
FF(b,c,d,a,W[11],22,0x895cd7beUL)
FF(a,b,c,d,W[12],7,0x6b901122UL)
FF(d,a,b,c,W[13],12,0xfd987193UL)
FF(c,d,a,b,W[14],17,0xa679438eUL)
FF(b,c,d,a,W[15],22,0x49b40821UL)
GG(a,b,c,d,W[1],5,0xf61e2562UL)
GG(d,a,b,c,W[6],9,0xc040b340UL)
GG(c,d,a,b,W[11],14,0x265e5a51UL)
GG(b,c,d,a,W[0],20,0xe9b6c7aaUL)
GG(a,b,c,d,W[5],5,0xd62f105dUL)
GG(d,a,b,c,W[10],9,0x02441453UL)
GG(c,d,a,b,W[15],14,0xd8a1e681UL)
GG(b,c,d,a,W[4],20,0xe7d3fbc8UL)
GG(a,b,c,d,W[9],5,0x21e1cde6UL)
GG(d,a,b,c,W[14],9,0xc33707d6UL)
GG(c,d,a,b,W[3],14,0xf4d50d87UL)
GG(b,c,d,a,W[8],20,0x455a14edUL)
GG(a,b,c,d,W[13],5,0xa9e3e905UL)
GG(d,a,b,c,W[2],9,0xfcefa3f8UL)
GG(c,d,a,b,W[7],14,0x676f02d9UL)
GG(b,c,d,a,W[12],20,0x8d2a4c8aUL)
HH(a,b,c,d,W[5],4,0xfffa3942UL)
HH(d,a,b,c,W[8],11,0x8771f681UL)
HH(c,d,a,b,W[11],16,0x6d9d6122UL)
HH(b,c,d,a,W[14],23,0xfde5380cUL)
HH(a,b,c,d,W[1],4,0xa4beea44UL)
HH(d,a,b,c,W[4],11,0x4bdecfa9UL)
HH(c,d,a,b,W[7],16,0xf6bb4b60UL)
HH(b,c,d,a,W[10],23,0xbebfbc70UL)
HH(a,b,c,d,W[13],4,0x289b7ec6UL)
HH(d,a,b,c,W[0],11,0xeaa127faUL)
HH(c,d,a,b,W[3],16,0xd4ef3085UL)
HH(b,c,d,a,W[6],23,0x04881d05UL)
HH(a,b,c,d,W[9],4,0xd9d4d039UL)
HH(d,a,b,c,W[12],11,0xe6db99e5UL)
HH(c,d,a,b,W[15],16,0x1fa27cf8UL)
HH(b,c,d,a,W[2],23,0xc4ac5665UL)
II(a,b,c,d,W[0],6,0xf4292244UL)
II(d,a,b,c,W[7],10,0x432aff97UL)
II(c,d,a,b,W[14],15,0xab9423a7UL)
II(b,c,d,a,W[5],21,0xfc93a039UL)
II(a,b,c,d,W[12],6,0x655b59c3UL)
II(d,a,b,c,W[3],10,0x8f0ccc92UL)
II(c,d,a,b,W[10],15,0xffeff47dUL)
II(b,c,d,a,W[1],21,0x85845dd1UL)
II(a,b,c,d,W[8],6,0x6fa87e4fUL)
II(d,a,b,c,W[15],10,0xfe2ce6e0UL)
II(c,d,a,b,W[6],15,0xa3014314UL)
II(b,c,d,a,W[13],21,0x4e0811a1UL)
II(a,b,c,d,W[4],6,0xf7537e82UL)
II(d,a,b,c,W[11],10,0xbd3af235UL)
II(c,d,a,b,W[2],15,0x2ad7d2bbUL)
II(b,c,d,a,W[9],21,0xeb86d391UL)
md5->state[0] = md5->state[0] + a;
md5->state[1] = md5->state[1] + b;
md5->state[2] = md5->state[2] + c;
md5->state[3] = md5->state[3] + d;
}
/**
Initialize the hash state
@param md5 The hash state you wish to initialize
*/
static void
md5_init(struct md5_state *md5)
{
assert(md5 != NULL);
md5->state[0] = 0x67452301UL;
md5->state[1] = 0xefcdab89UL;
md5->state[2] = 0x98badcfeUL;
md5->state[3] = 0x10325476UL;
md5->curlen = 0;
md5->length = 0;
}
/**
Process a block of memory though the hash
@param md5 The hash state
@param in The data to hash
@param inlen The length of the data (octets)
*/
static void
md5_process(struct md5_state *md5, const unsigned char *in, Py_ssize_t inlen)
{
Py_ssize_t n;
assert(md5 != NULL);
assert(in != NULL);
assert(md5->curlen <= sizeof(md5->buf));
while (inlen > 0) {
if (md5->curlen == 0 && inlen >= MD5_BLOCKSIZE) {
md5_compress(md5, in);
md5->length += MD5_BLOCKSIZE * 8;
in += MD5_BLOCKSIZE;
inlen -= MD5_BLOCKSIZE;
} else {
n = Py_MIN(inlen, (Py_ssize_t)(MD5_BLOCKSIZE - md5->curlen));
memcpy(md5->buf + md5->curlen, in, (size_t)n);
md5->curlen += (MD5_INT32)n;
in += n;
inlen -= n;
if (md5->curlen == MD5_BLOCKSIZE) {
md5_compress(md5, md5->buf);
md5->length += 8*MD5_BLOCKSIZE;
md5->curlen = 0;
}
}
}
}
/**
Terminate the hash to get the digest
@param md5 The hash state
@param out [out] The destination of the hash (16 bytes)
*/
static void
md5_done(struct md5_state *md5, unsigned char *out)
{
int i;
assert(md5 != NULL);
assert(out != NULL);
assert(md5->curlen < sizeof(md5->buf));
/* increase the length of the message */
md5->length += md5->curlen * 8;
/* append the '1' bit */
md5->buf[md5->curlen++] = (unsigned char)0x80;
/* if the length is currently above 56 bytes we append zeros
* then compress. Then we can fall back to padding zeros and length
* encoding like normal.
*/
if (md5->curlen > 56) {
while (md5->curlen < 64) {
md5->buf[md5->curlen++] = (unsigned char)0;
}
md5_compress(md5, md5->buf);
md5->curlen = 0;
}
/* pad up to 56 bytes of zeroes */
while (md5->curlen < 56) {
md5->buf[md5->curlen++] = (unsigned char)0;
}
/* store length */
STORE64L(md5->length, md5->buf+56);
md5_compress(md5, md5->buf);
/* copy output */
for (i = 0; i < 4; i++) {
STORE32L(md5->state[i], out+(4*i));
}
}
/* .Source: /cvs/libtom/libtomcrypt/src/hashes/md5.c,v $ */
/* .Revision: 1.10 $ */
/* .Date: 2007/05/12 14:25:28 $ */
/*
* End of copied MD5 code.
*
* ------------------------------------------------------------------------
*/
typedef struct {
PyTypeObject* md5_type;
@ -350,8 +84,9 @@ MD5_traverse(PyObject *ptr, visitproc visit, void *arg)
}
static void
MD5_dealloc(PyObject *ptr)
MD5_dealloc(MD5object *ptr)
{
Hacl_Streaming_MD5_legacy_free(ptr->hash_state);
PyTypeObject *tp = Py_TYPE(ptr);
PyObject_GC_UnTrack(ptr);
PyObject_GC_Del(ptr);
@ -379,7 +114,7 @@ MD5Type_copy_impl(MD5object *self, PyTypeObject *cls)
if ((newobj = newMD5object(st))==NULL)
return NULL;
newobj->hash_state = self->hash_state;
newobj->hash_state = Hacl_Streaming_MD5_legacy_copy(self->hash_state);
return (PyObject *)newobj;
}
@ -394,10 +129,7 @@ MD5Type_digest_impl(MD5object *self)
/*[clinic end generated code: output=eb691dc4190a07ec input=bc0c4397c2994be6]*/
{
unsigned char digest[MD5_DIGESTSIZE];
struct md5_state temp;
temp = self->hash_state;
md5_done(&temp, digest);
Hacl_Streaming_MD5_legacy_finish(self->hash_state, digest);
return PyBytes_FromStringAndSize((const char *)digest, MD5_DIGESTSIZE);
}
@ -412,15 +144,21 @@ MD5Type_hexdigest_impl(MD5object *self)
/*[clinic end generated code: output=17badced1f3ac932 input=b60b19de644798dd]*/
{
unsigned char digest[MD5_DIGESTSIZE];
struct md5_state temp;
/* Get the raw (binary) digest value */
temp = self->hash_state;
md5_done(&temp, digest);
Hacl_Streaming_MD5_legacy_finish(self->hash_state, digest);
return _Py_strhex((const char*)digest, MD5_DIGESTSIZE);
}
static void update(Hacl_Streaming_MD5_state *state, uint8_t *buf, Py_ssize_t len) {
#if PY_SSIZE_T_MAX > UINT32_MAX
while (len > UINT32_MAX) {
Hacl_Streaming_MD5_legacy_update(state, buf, UINT32_MAX);
len -= UINT32_MAX;
buf += UINT32_MAX;
}
#endif
Hacl_Streaming_MD5_legacy_update(state, buf, (uint32_t) len);
}
/*[clinic input]
MD5Type.update
@ -438,7 +176,7 @@ MD5Type_update(MD5object *self, PyObject *obj)
GET_BUFFER_VIEW_OR_ERROUT(obj, &buf);
md5_process(&self->hash_state, buf.buf, buf.len);
update(self->hash_state, buf.buf, buf.len);
PyBuffer_Release(&buf);
Py_RETURN_NONE;
@ -531,7 +269,7 @@ _md5_md5_impl(PyObject *module, PyObject *string, int usedforsecurity)
return NULL;
}
md5_init(&new->hash_state);
new->hash_state = Hacl_Streaming_MD5_legacy_create_in();
if (PyErr_Occurred()) {
Py_DECREF(new);
@ -540,7 +278,7 @@ _md5_md5_impl(PyObject *module, PyObject *string, int usedforsecurity)
return NULL;
}
if (string) {
md5_process(&new->hash_state, buf.buf, buf.len);
update(new->hash_state, buf.buf, buf.len);
PyBuffer_Release(&buf);
}

282
Modules/sha1module.c
View File

@ -43,260 +43,16 @@ typedef long long SHA1_INT64; /* 64-bit integer */
#define SHA1_BLOCKSIZE 64
#define SHA1_DIGESTSIZE 20
/* The structure for storing SHA1 info */
struct sha1_state {
SHA1_INT64 length;
SHA1_INT32 state[5], curlen;
unsigned char buf[SHA1_BLOCKSIZE];
};
#include "_hacl/Hacl_Hash_SHA1.h"
typedef struct {
PyObject_HEAD
struct sha1_state hash_state;
Hacl_Streaming_SHA1_state *hash_state;
} SHA1object;
#include "clinic/sha1module.c.h"
/* ------------------------------------------------------------------------
*
* This code for the SHA1 algorithm was noted as public domain. The
* original headers are pasted below.
*
* Several changes have been made to make it more compatible with the
* Python environment and desired interface.
*
*/
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, https://www.libtom.net
*/
/* rotate the hard way (platform optimizations could be done) */
#define ROL(x, y) ( (((unsigned long)(x)<<(unsigned long)((y)&31)) | (((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL)
#define ROLc(x, y) ( (((unsigned long)(x)<<(unsigned long)((y)&31)) | (((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL)
/* Endian Neutral macros that work on all platforms */
#define STORE32H(x, y) \
{ (y)[0] = (unsigned char)(((x)>>24)&255); (y)[1] = (unsigned char)(((x)>>16)&255); \
(y)[2] = (unsigned char)(((x)>>8)&255); (y)[3] = (unsigned char)((x)&255); }
#define LOAD32H(x, y) \
{ x = ((unsigned long)((y)[0] & 255)<<24) | \
((unsigned long)((y)[1] & 255)<<16) | \
((unsigned long)((y)[2] & 255)<<8) | \
((unsigned long)((y)[3] & 255)); }
#define STORE64H(x, y) \
{ (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255); \
(y)[2] = (unsigned char)(((x)>>40)&255); (y)[3] = (unsigned char)(((x)>>32)&255); \
(y)[4] = (unsigned char)(((x)>>24)&255); (y)[5] = (unsigned char)(((x)>>16)&255); \
(y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); }
/* SHA1 macros */
#define F0(x,y,z) (z ^ (x & (y ^ z)))
#define F1(x,y,z) (x ^ y ^ z)
#define F2(x,y,z) ((x & y) | (z & (x | y)))
#define F3(x,y,z) (x ^ y ^ z)
static void sha1_compress(struct sha1_state *sha1, unsigned char *buf)
{
SHA1_INT32 a,b,c,d,e,W[80],i;
/* copy the state into 512-bits into W[0..15] */
for (i = 0; i < 16; i++) {
LOAD32H(W[i], buf + (4*i));
}
/* copy state */
a = sha1->state[0];
b = sha1->state[1];
c = sha1->state[2];
d = sha1->state[3];
e = sha1->state[4];
/* expand it */
for (i = 16; i < 80; i++) {
W[i] = ROL(W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16], 1);
}
/* compress */
/* round one */
#define FF_0(a,b,c,d,e,i) e = (ROLc(a, 5) + F0(b,c,d) + e + W[i] + 0x5a827999UL); b = ROLc(b, 30);
#define FF_1(a,b,c,d,e,i) e = (ROLc(a, 5) + F1(b,c,d) + e + W[i] + 0x6ed9eba1UL); b = ROLc(b, 30);
#define FF_2(a,b,c,d,e,i) e = (ROLc(a, 5) + F2(b,c,d) + e + W[i] + 0x8f1bbcdcUL); b = ROLc(b, 30);
#define FF_3(a,b,c,d,e,i) e = (ROLc(a, 5) + F3(b,c,d) + e + W[i] + 0xca62c1d6UL); b = ROLc(b, 30);
for (i = 0; i < 20; ) {
FF_0(a,b,c,d,e,i++);
FF_0(e,a,b,c,d,i++);
FF_0(d,e,a,b,c,i++);
FF_0(c,d,e,a,b,i++);
FF_0(b,c,d,e,a,i++);
}
/* round two */
for (; i < 40; ) {
FF_1(a,b,c,d,e,i++);
FF_1(e,a,b,c,d,i++);
FF_1(d,e,a,b,c,i++);
FF_1(c,d,e,a,b,i++);
FF_1(b,c,d,e,a,i++);
}
/* round three */
for (; i < 60; ) {
FF_2(a,b,c,d,e,i++);
FF_2(e,a,b,c,d,i++);
FF_2(d,e,a,b,c,i++);
FF_2(c,d,e,a,b,i++);
FF_2(b,c,d,e,a,i++);
}
/* round four */
for (; i < 80; ) {
FF_3(a,b,c,d,e,i++);
FF_3(e,a,b,c,d,i++);
FF_3(d,e,a,b,c,i++);
FF_3(c,d,e,a,b,i++);
FF_3(b,c,d,e,a,i++);
}
#undef FF_0
#undef FF_1
#undef FF_2
#undef FF_3
/* store */
sha1->state[0] = sha1->state[0] + a;
sha1->state[1] = sha1->state[1] + b;
sha1->state[2] = sha1->state[2] + c;
sha1->state[3] = sha1->state[3] + d;
sha1->state[4] = sha1->state[4] + e;
}
/**
Initialize the hash state
@param sha1 The hash state you wish to initialize
*/
static void
sha1_init(struct sha1_state *sha1)
{
assert(sha1 != NULL);
sha1->state[0] = 0x67452301UL;
sha1->state[1] = 0xefcdab89UL;
sha1->state[2] = 0x98badcfeUL;
sha1->state[3] = 0x10325476UL;
sha1->state[4] = 0xc3d2e1f0UL;
sha1->curlen = 0;
sha1->length = 0;
}
/**
Process a block of memory though the hash
@param sha1 The hash state
@param in The data to hash
@param inlen The length of the data (octets)
*/
static void
sha1_process(struct sha1_state *sha1,
const unsigned char *in, Py_ssize_t inlen)
{
Py_ssize_t n;
assert(sha1 != NULL);
assert(in != NULL);
assert(sha1->curlen <= sizeof(sha1->buf));
while (inlen > 0) {
if (sha1->curlen == 0 && inlen >= SHA1_BLOCKSIZE) {
sha1_compress(sha1, (unsigned char *)in);
sha1->length += SHA1_BLOCKSIZE * 8;
in += SHA1_BLOCKSIZE;
inlen -= SHA1_BLOCKSIZE;
} else {
n = Py_MIN(inlen, (Py_ssize_t)(SHA1_BLOCKSIZE - sha1->curlen));
memcpy(sha1->buf + sha1->curlen, in, (size_t)n);
sha1->curlen += (SHA1_INT32)n;
in += n;
inlen -= n;
if (sha1->curlen == SHA1_BLOCKSIZE) {
sha1_compress(sha1, sha1->buf);
sha1->length += 8*SHA1_BLOCKSIZE;
sha1->curlen = 0;
}
}
}
}
/**
Terminate the hash to get the digest
@param sha1 The hash state
@param out [out] The destination of the hash (20 bytes)
*/
static void
sha1_done(struct sha1_state *sha1, unsigned char *out)
{
int i;
assert(sha1 != NULL);
assert(out != NULL);
assert(sha1->curlen < sizeof(sha1->buf));
/* increase the length of the message */
sha1->length += sha1->curlen * 8;
/* append the '1' bit */
sha1->buf[sha1->curlen++] = (unsigned char)0x80;
/* if the length is currently above 56 bytes we append zeros
* then compress. Then we can fall back to padding zeros and length
* encoding like normal.
*/
if (sha1->curlen > 56) {
while (sha1->curlen < 64) {
sha1->buf[sha1->curlen++] = (unsigned char)0;
}
sha1_compress(sha1, sha1->buf);
sha1->curlen = 0;
}
/* pad up to 56 bytes of zeroes */
while (sha1->curlen < 56) {
sha1->buf[sha1->curlen++] = (unsigned char)0;
}
/* store length */
STORE64H(sha1->length, sha1->buf+56);
sha1_compress(sha1, sha1->buf);
/* copy output */
for (i = 0; i < 5; i++) {
STORE32H(sha1->state[i], out+(4*i));
}
}
/* .Source: /cvs/libtom/libtomcrypt/src/hashes/sha1.c,v $ */
/* .Revision: 1.10 $ */
/* .Date: 2007/05/12 14:25:28 $ */
/*
* End of copied SHA1 code.
*
* ------------------------------------------------------------------------
*/
typedef struct {
PyTypeObject* sha1_type;
@ -328,8 +84,9 @@ SHA1_traverse(PyObject *ptr, visitproc visit, void *arg)
}
static void
SHA1_dealloc(PyObject *ptr)
SHA1_dealloc(SHA1object *ptr)
{
Hacl_Streaming_SHA1_legacy_free(ptr->hash_state);
PyTypeObject *tp = Py_TYPE(ptr);
PyObject_GC_UnTrack(ptr);
PyObject_GC_Del(ptr);
@ -357,7 +114,7 @@ SHA1Type_copy_impl(SHA1object *self, PyTypeObject *cls)
if ((newobj = newSHA1object(st)) == NULL)
return NULL;
newobj->hash_state = self->hash_state;
newobj->hash_state = Hacl_Streaming_SHA1_legacy_copy(self->hash_state);
return (PyObject *)newobj;
}
@ -372,10 +129,7 @@ SHA1Type_digest_impl(SHA1object *self)
/*[clinic end generated code: output=2f05302a7aa2b5cb input=13824b35407444bd]*/
{
unsigned char digest[SHA1_DIGESTSIZE];
struct sha1_state temp;
temp = self->hash_state;
sha1_done(&temp, digest);
Hacl_Streaming_SHA1_legacy_finish(self->hash_state, digest);
return PyBytes_FromStringAndSize((const char *)digest, SHA1_DIGESTSIZE);
}
@ -390,15 +144,21 @@ SHA1Type_hexdigest_impl(SHA1object *self)
/*[clinic end generated code: output=4161fd71e68c6659 input=97691055c0c74ab0]*/
{
unsigned char digest[SHA1_DIGESTSIZE];
struct sha1_state temp;
/* Get the raw (binary) digest value */
temp = self->hash_state;
sha1_done(&temp, digest);
Hacl_Streaming_SHA1_legacy_finish(self->hash_state, digest);
return _Py_strhex((const char *)digest, SHA1_DIGESTSIZE);
}
static void update(Hacl_Streaming_SHA1_state *state, uint8_t *buf, Py_ssize_t len) {
#if PY_SSIZE_T_MAX > UINT32_MAX
while (len > UINT32_MAX) {
Hacl_Streaming_SHA1_legacy_update(state, buf, UINT32_MAX);
len -= UINT32_MAX;
buf += UINT32_MAX;
}
#endif
Hacl_Streaming_SHA1_legacy_update(state, buf, (uint32_t) len);
}
/*[clinic input]
SHA1Type.update
@ -416,7 +176,7 @@ SHA1Type_update(SHA1object *self, PyObject *obj)
GET_BUFFER_VIEW_OR_ERROUT(obj, &buf);
sha1_process(&self->hash_state, buf.buf, buf.len);
update(self->hash_state, buf.buf, buf.len);
PyBuffer_Release(&buf);
Py_RETURN_NONE;
@ -509,7 +269,7 @@ _sha1_sha1_impl(PyObject *module, PyObject *string, int usedforsecurity)
return NULL;
}
sha1_init(&new->hash_state);
new->hash_state = Hacl_Streaming_SHA1_legacy_create_in();
if (PyErr_Occurred()) {
Py_DECREF(new);
@ -518,7 +278,7 @@ _sha1_sha1_impl(PyObject *module, PyObject *string, int usedforsecurity)
return NULL;
}
if (string) {
sha1_process(&new->hash_state, buf.buf, buf.len);
update(new->hash_state, buf.buf, buf.len);
PyBuffer_Release(&buf);
}

2
PCbuild/pythoncore.vcxproj
View File

@ -400,12 +400,14 @@
<ClCompile Include="..\Modules\itertoolsmodule.c" />
<ClCompile Include="..\Modules\main.c" />
<ClCompile Include="..\Modules\mathmodule.c" />
<ClCompile Include="..\Modules\_hacl\Hacl_Hash_MD5.c" />
<ClCompile Include="..\Modules\md5module.c" />
<ClCompile Include="..\Modules\mmapmodule.c" />
<ClCompile Include="..\Modules\_opcode.c" />
<ClCompile Include="..\Modules\_operator.c" />
<ClCompile Include="..\Modules\posixmodule.c" />
<ClCompile Include="..\Modules\rotatingtree.c" />
<ClCompile Include="..\Modules\_hacl\Hacl_Hash_SHA1.c" />
<ClCompile Include="..\Modules\sha1module.c" />
<ClCompile Include="..\Modules\_hacl\Hacl_Streaming_SHA2.c" />
<ClCompile Include="..\Modules\sha2module.c" />

6
PCbuild/pythoncore.vcxproj.filters
View File

@ -848,6 +848,9 @@
<ClCompile Include="..\Modules\mathmodule.c">
<Filter>Modules</Filter>
</ClCompile>
<ClCompile Include="..\Modules\_hacl\Hacl_Hash_MD5.c">
<Filter>Modules</Filter>
</ClCompile>
<ClCompile Include="..\Modules\md5module.c">
<Filter>Modules</Filter>
</ClCompile>
@ -863,6 +866,9 @@
<ClCompile Include="..\Modules\rotatingtree.c">
<Filter>Modules</Filter>
</ClCompile>
<ClCompile Include="..\Modules\_hacl\Hacl_Hash_SHA1.c">
<Filter>Modules</Filter>
</ClCompile>
<ClCompile Include="..\Modules\sha1module.c">
<Filter>Modules</Filter>
</ClCompile>

4
configure generated vendored
View File

@ -26844,7 +26844,7 @@ fi
as_fn_append MODULE_BLOCK "MODULE__MD5_STATE=$py_cv_module__md5$as_nl"
if test "x$py_cv_module__md5" = xyes; then :
as_fn_append MODULE_BLOCK "MODULE__MD5_CFLAGS=-I\$(srcdir)/Modules/_hacl/include -I\$(srcdir)/Modules/_hacl/internal -D_BSD_SOURCE -D_DEFAULT_SOURCE$as_nl"
fi
@ -26878,7 +26878,7 @@ fi
as_fn_append MODULE_BLOCK "MODULE__SHA1_STATE=$py_cv_module__sha1$as_nl"
if test "x$py_cv_module__sha1" = xyes; then :
as_fn_append MODULE_BLOCK "MODULE__SHA1_CFLAGS=-I\$(srcdir)/Modules/_hacl/include -I\$(srcdir)/Modules/_hacl/internal -D_BSD_SOURCE -D_DEFAULT_SOURCE$as_nl"
fi

8
configure.ac
View File

@ -7194,8 +7194,12 @@ PY_STDLIB_MOD_SIMPLE([unicodedata])
dnl By default we always compile these even when OpenSSL is available
dnl (issue #14693). The modules are small.
PY_STDLIB_MOD([_md5], [test "$with_builtin_md5" = yes])
PY_STDLIB_MOD([_sha1], [test "$with_builtin_sha1" = yes])
PY_STDLIB_MOD([_md5],
[test "$with_builtin_md5" = yes], [],
[-I\$(srcdir)/Modules/_hacl/include -I\$(srcdir)/Modules/_hacl/internal -D_BSD_SOURCE -D_DEFAULT_SOURCE])
PY_STDLIB_MOD([_sha1],
[test "$with_builtin_sha1" = yes], [],
[-I\$(srcdir)/Modules/_hacl/include -I\$(srcdir)/Modules/_hacl/internal -D_BSD_SOURCE -D_DEFAULT_SOURCE])
PY_STDLIB_MOD([_sha2],
[test "$with_builtin_sha2" = yes], [],
[-I\$(srcdir)/Modules/_hacl/include -I\$(srcdir)/Modules/_hacl/internal -D_BSD_SOURCE -D_DEFAULT_SOURCE])