tools/../../3rdparty/rfc6234/sha224-256.c

Source codeSwitch to Preprocessed file
LineSource CodeCoverage
1/************************* sha224-256.c ************************/ -
2/***************** See RFC 6234 for details. *******************/ -
3/* Copyright (c) 2011 IETF Trust and the persons identified as */ -
4/* authors of the code. All rights reserved. */ -
5/* See sha.h for terms of use and redistribution. */ -
6 -
7/* -
8 * Description: -
9 * This file implements the Secure Hash Algorithms SHA-224 and -
10 * SHA-256 as defined in the U.S. National Institute of Standards -
11 * and Technology Federal Information Processing Standards -
12 * Publication (FIPS PUB) 180-3 published in October 2008 -
13 * and formerly defined in its predecessors, FIPS PUB 180-1 -
14 * and FIP PUB 180-2. -
15 * -
16 * A combined document showing all algorithms is available at -
17 * http://csrc.nist.gov/publications/fips/ -
18 * fips180-3/fips180-3_final.pdf -
19 * -
20 * The SHA-224 and SHA-256 algorithms produce 224-bit and 256-bit -
21 * message digests for a given data stream. It should take about -
22 * 2**n steps to find a message with the same digest as a given -
23 * message and 2**(n/2) to find any two messages with the same -
24 * digest, when n is the digest size in bits. Therefore, this -
25 * algorithm can serve as a means of providing a -
26 * "fingerprint" for a message. -
27 * -
28 * Portability Issues: -
29 * SHA-224 and SHA-256 are defined in terms of 32-bit "words". -
30 * This code uses <stdint.h> (included via "sha.h") to define 32- -
31 * and 8-bit unsigned integer types. If your C compiler does not -
32 * support 32-bit unsigned integers, this code is not -
33 * appropriate. -
34 * -
35 * Caveats: -
36 * SHA-224 and SHA-256 are designed to work with messages less -
37 * than 2^64 bits long. This implementation uses SHA224/256Input() -
38 * to hash the bits that are a multiple of the size of an 8-bit -
39 * octet, and then optionally uses SHA224/256FinalBits() -
40 * to hash the final few bits of the input. -
41 */ -
42 -
43#include "sha.h" -
44#include "sha-private.h" -
45 -
46/* Define the SHA shift, rotate left, and rotate right macros */ -
47#define SHA256_SHR(bits,word) ((word) >> (bits)) -
48#define SHA256_ROTL(bits,word) \ -
49 (((word) << (bits)) | ((word) >> (32-(bits)))) -
50#define SHA256_ROTR(bits,word) \ -
51 (((word) >> (bits)) | ((word) << (32-(bits)))) -
52 -
53/* Define the SHA SIGMA and sigma macros */ -
54#define SHA256_SIGMA0(word) \ -
55 (SHA256_ROTR( 2,word) ^ SHA256_ROTR(13,word) ^ SHA256_ROTR(22,word)) -
56#define SHA256_SIGMA1(word) \ -
57 (SHA256_ROTR( 6,word) ^ SHA256_ROTR(11,word) ^ SHA256_ROTR(25,word)) -
58#define SHA256_sigma0(word) \ -
59 (SHA256_ROTR( 7,word) ^ SHA256_ROTR(18,word) ^ SHA256_SHR( 3,word)) -
60#define SHA256_sigma1(word) \ -
61 (SHA256_ROTR(17,word) ^ SHA256_ROTR(19,word) ^ SHA256_SHR(10,word)) -
62 -
63/* -
64 * Add "length" to the length. -
65 * Set Corrupted when overflow has occurred. -
66 */ -
67/* addTemp commented out by Nokia, static variables are not thread-safe */ -
68/* static uint32_t addTemp; */ -
69/* 'M' appended to Macro name by Nokia */ -
70#define SHA224_256AddLengthM(context, length) \ -
71 (addTemp = (context)->Length_Low, (context)->Corrupted = \ -
72 (((context)->Length_Low += (length)) < addTemp) && \ -
73 (++(context)->Length_High == 0) ? shaInputTooLong : \ -
74 (context)->Corrupted ) -
75 -
76/* Local Function Prototypes */ -
77static int SHA224_256Reset(SHA256Context *context, uint32_t *H0); -
78static void SHA224_256ProcessMessageBlock(SHA256Context *context); -
79static void SHA224_256Finalize(SHA256Context *context, -
80 uint8_t Pad_Byte); -
81static void SHA224_256PadMessage(SHA256Context *context, -
82 uint8_t Pad_Byte); -
83static int SHA224_256ResultN(SHA256Context *context, -
84 uint8_t Message_Digest[ ], int HashSize); -
85 -
86/* Initial Hash Values: FIPS 180-3 section 5.3.2 */ -
87static uint32_t SHA224_H0[SHA256HashSize/4] = { -
88 0xC1059ED8, 0x367CD507, 0x3070DD17, 0xF70E5939, -
89 0xFFC00B31, 0x68581511, 0x64F98FA7, 0xBEFA4FA4 -
90}; -
91 -
92/* Initial Hash Values: FIPS 180-3 section 5.3.3 */ -
93static uint32_t SHA256_H0[SHA256HashSize/4] = { -
94 0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, -
95 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19 -
96}; -
97 -
98/* -
99 * SHA224Reset -
100 * -
101 * Description: -
102 * This function will initialize the SHA224Context in preparation -
103 * for computing a new SHA224 message digest. -
104 * -
105 * Parameters: -
106 * context: [in/out] -
107 * The context to reset. -
108 * -
109 * Returns: -
110 * sha Error Code. -
111 */ -
112int SHA224Reset(SHA224Context *context) -
113{ -
114 return SHA224_256Reset(context, SHA224_H0);
executed: return SHA224_256Reset(context, SHA224_H0);
Execution Count:4
4
115} -
116 -
117/* -
118 * SHA224Input -
119 * -
120 * Description: -
121 * This function accepts an array of octets as the next portion -
122 * of the message. -
123 * -
124 * Parameters: -
125 * context: [in/out] -
126 * The SHA context to update. -
127 * message_array[ ]: [in] -
128 * An array of octets representing the next portion of -
129 * the message. -
130 * length: [in] -
131 * The length of the message in message_array. -
132 * -
133 * Returns: -
134 * sha Error Code. -
135 * -
136 */ -
137int SHA224Input(SHA224Context *context, const uint8_t *message_array, -
138 unsigned int length) -
139{ -
140 return SHA256Input(context, message_array, length);
executed: return SHA256Input(context, message_array, length);
Execution Count:4
4
141} -
142 -
143/* -
144 * SHA224FinalBits -
145 * -
146 * Description: -
147 * This function will add in any final bits of the message. -
148 * -
149 * Parameters: -
150 * context: [in/out] -
151 * The SHA context to update. -
152 * message_bits: [in] -
153 * The final bits of the message, in the upper portion of the -
154 * byte. (Use 0b###00000 instead of 0b00000### to input the -
155 * three bits ###.) -
156 * length: [in] -
157 * The number of bits in message_bits, between 1 and 7. -
158 * -
159 * Returns: -
160 * sha Error Code. -
161 */ -
162int SHA224FinalBits(SHA224Context *context, -
163 uint8_t message_bits, unsigned int length) -
164{ -
165 return SHA256FinalBits(context, message_bits, length);
never executed: return SHA256FinalBits(context, message_bits, length);
0
166} -
167 -
168/* -
169 * SHA224Result -
170 * -
171 * Description: -
172 * This function will return the 224-bit message digest -
173 * into the Message_Digest array provided by the caller. -
174 * NOTE: -
175 * The first octet of hash is stored in the element with index 0, -
176 * the last octet of hash in the element with index 27. -
177 * -
178 * Parameters: -
179 * context: [in/out] -
180 * The context to use to calculate the SHA hash. -
181 * Message_Digest[ ]: [out] -
182 * Where the digest is returned. -
183 * -
184 * Returns: -
185 * sha Error Code. -
186 */ -
187int SHA224Result(SHA224Context *context, -
188 uint8_t Message_Digest[SHA224HashSize]) -
189{ -
190 return SHA224_256ResultN(context, Message_Digest, SHA224HashSize);
executed: return SHA224_256ResultN(context, Message_Digest, SHA224HashSize);
Execution Count:4
4
191} -
192 -
193/* -
194 * SHA256Reset -
195 * -
196 * Description: -
197 * This function will initialize the SHA256Context in preparation -
198 * for computing a new SHA256 message digest. -
199 * -
200 * Parameters: -
201 * context: [in/out] -
202 * The context to reset. -
203 * -
204 * Returns: -
205 * sha Error Code. -
206 */ -
207int SHA256Reset(SHA256Context *context) -
208{ -
209 return SHA224_256Reset(context, SHA256_H0);
executed: return SHA224_256Reset(context, SHA256_H0);
Execution Count:4
4
210} -
211 -
212/* -
213 * SHA256Input -
214 * -
215 * Description: -
216 * This function accepts an array of octets as the next portion -
217 * of the message. -
218 * -
219 * Parameters: -
220 * context: [in/out] -
221 * The SHA context to update. -
222 * message_array[ ]: [in] -
223 * An array of octets representing the next portion of -
224 * the message. -
225 * length: [in] -
226 * The length of the message in message_array. -
227 * -
228 * Returns: -
229 * sha Error Code. -
230 */ -
231int SHA256Input(SHA256Context *context, const uint8_t *message_array, -
232 unsigned int length) -
233{ -
234 if (!context) return shaNull;
never executed: return shaNull;
partially evaluated: !context
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:8
0-8
235 if (!length) return shaSuccess;
never executed: return shaSuccess;
partially evaluated: !length
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:8
0-8
236 if (!message_array) return shaNull;
never executed: return shaNull;
partially evaluated: !message_array
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:8
0-8
237 if (context->Computed) return context->Corrupted = shaStateError;
never executed: return context->Corrupted = shaStateError;
partially evaluated: context->Computed
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:8
0-8
238 if (context->Corrupted) return context->Corrupted;
never executed: return context->Corrupted;
partially evaluated: context->Corrupted
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:8
0-8
239 -
240 while (length--) {
evaluated: length--
TRUEFALSE
yes
Evaluation Count:24
yes
Evaluation Count:8
8-24
241 context->Message_Block[context->Message_Block_Index++] =
executed (the execution status of this line is deduced): context->Message_Block[context->Message_Block_Index++] =
-
242 *message_array;
executed (the execution status of this line is deduced): *message_array;
-
243 -
244 if ((SHA224_256AddLength(context, 8) == shaSuccess) &&
partially evaluated: (SHA224_256AddLength(context, 8) == shaSuccess)
TRUEFALSE
yes
Evaluation Count:24
no
Evaluation Count:0
0-24
245 (context->Message_Block_Index == SHA256_Message_Block_Size))
partially evaluated: (context->Message_Block_Index == SHA256_Message_Block_Size)
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:24
0-24
246 SHA224_256ProcessMessageBlock(context);
never executed: SHA224_256ProcessMessageBlock(context);
0
247 -
248 message_array++;
executed (the execution status of this line is deduced): message_array++;
-
249 }
executed: }
Execution Count:24
24
250 -
251 return context->Corrupted;
executed: return context->Corrupted;
Execution Count:8
8
252 -
253} -
254 -
255/* -
256 * SHA256FinalBits -
257 * -
258 * Description: -
259 * This function will add in any final bits of the message. -
260 * -
261 * Parameters: -
262 * context: [in/out] -
263 * The SHA context to update. -
264 * message_bits: [in] -
265 * The final bits of the message, in the upper portion of the -
266 * byte. (Use 0b###00000 instead of 0b00000### to input the -
267 * three bits ###.) -
268 * length: [in] -
269 * The number of bits in message_bits, between 1 and 7. -
270 * -
271 * Returns: -
272 * sha Error Code. -
273 */ -
274int SHA256FinalBits(SHA256Context *context, -
275 uint8_t message_bits, unsigned int length) -
276{ -
277 static uint8_t masks[8] = { -
278 /* 0 0b00000000 */ 0x00, /* 1 0b10000000 */ 0x80, -
279 /* 2 0b11000000 */ 0xC0, /* 3 0b11100000 */ 0xE0, -
280 /* 4 0b11110000 */ 0xF0, /* 5 0b11111000 */ 0xF8, -
281 /* 6 0b11111100 */ 0xFC, /* 7 0b11111110 */ 0xFE -
282 }; -
283 static uint8_t markbit[8] = { -
284 /* 0 0b10000000 */ 0x80, /* 1 0b01000000 */ 0x40, -
285 /* 2 0b00100000 */ 0x20, /* 3 0b00010000 */ 0x10, -
286 /* 4 0b00001000 */ 0x08, /* 5 0b00000100 */ 0x04, -
287 /* 6 0b00000010 */ 0x02, /* 7 0b00000001 */ 0x01 -
288 }; -
289 -
290 if (!context) return shaNull;
never executed: return shaNull;
never evaluated: !context
0
291 if (!length) return shaSuccess;
never executed: return shaSuccess;
never evaluated: !length
0
292 if (context->Corrupted) return context->Corrupted;
never executed: return context->Corrupted;
never evaluated: context->Corrupted
0
293 if (context->Computed) return context->Corrupted = shaStateError;
never executed: return context->Corrupted = shaStateError;
never evaluated: context->Computed
0
294 if (length >= 8) return context->Corrupted = shaBadParam;
never executed: return context->Corrupted = shaBadParam;
never evaluated: length >= 8
0
295 -
296 SHA224_256AddLength(context, length);
never executed (the execution status of this line is deduced): SHA224_256AddLength(context, length);
-
297 SHA224_256Finalize(context, (uint8_t)
never executed (the execution status of this line is deduced): SHA224_256Finalize(context, (::quint8)
-
298 ((message_bits & masks[length]) | markbit[length]));
never executed (the execution status of this line is deduced): ((message_bits & masks[length]) | markbit[length]));
-
299 -
300 return context->Corrupted;
never executed: return context->Corrupted;
0
301} -
302 -
303/* -
304 * SHA256Result -
305 * -
306 * Description: -
307 * This function will return the 256-bit message digest -
308 * into the Message_Digest array provided by the caller. -
309 * NOTE: -
310 * The first octet of hash is stored in the element with index 0, -
311 * the last octet of hash in the element with index 31. -
312 * -
313 * Parameters: -
314 * context: [in/out] -
315 * The context to use to calculate the SHA hash. -
316 * Message_Digest[ ]: [out] -
317 * Where the digest is returned. -
318 * -
319 * Returns: -
320 * sha Error Code. -
321 */ -
322int SHA256Result(SHA256Context *context, -
323 uint8_t Message_Digest[SHA256HashSize]) -
324{ -
325 return SHA224_256ResultN(context, Message_Digest, SHA256HashSize);
executed: return SHA224_256ResultN(context, Message_Digest, SHA256HashSize);
Execution Count:4
4
326} -
327 -
328/* -
329 * SHA224_256Reset -
330 * -
331 * Description: -
332 * This helper function will initialize the SHA256Context in -
333 * preparation for computing a new SHA-224 or SHA-256 message digest. -
334 * -
335 * Parameters: -
336 * context: [in/out] -
337 * The context to reset. -
338 * H0[ ]: [in] -
339 * The initial hash value array to use. -
340 * -
341 * Returns: -
342 * sha Error Code. -
343 */ -
344static int SHA224_256Reset(SHA256Context *context, uint32_t *H0) -
345{ -
346 if (!context) return shaNull;
never executed: return shaNull;
partially evaluated: !context
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:8
0-8
347 -
348 context->Length_High = context->Length_Low = 0;
executed (the execution status of this line is deduced): context->Length_High = context->Length_Low = 0;
-
349 context->Message_Block_Index = 0;
executed (the execution status of this line is deduced): context->Message_Block_Index = 0;
-
350 -
351 context->Intermediate_Hash[0] = H0[0];
executed (the execution status of this line is deduced): context->Intermediate_Hash[0] = H0[0];
-
352 context->Intermediate_Hash[1] = H0[1];
executed (the execution status of this line is deduced): context->Intermediate_Hash[1] = H0[1];
-
353 context->Intermediate_Hash[2] = H0[2];
executed (the execution status of this line is deduced): context->Intermediate_Hash[2] = H0[2];
-
354 context->Intermediate_Hash[3] = H0[3];
executed (the execution status of this line is deduced): context->Intermediate_Hash[3] = H0[3];
-
355 context->Intermediate_Hash[4] = H0[4];
executed (the execution status of this line is deduced): context->Intermediate_Hash[4] = H0[4];
-
356 context->Intermediate_Hash[5] = H0[5];
executed (the execution status of this line is deduced): context->Intermediate_Hash[5] = H0[5];
-
357 context->Intermediate_Hash[6] = H0[6];
executed (the execution status of this line is deduced): context->Intermediate_Hash[6] = H0[6];
-
358 context->Intermediate_Hash[7] = H0[7];
executed (the execution status of this line is deduced): context->Intermediate_Hash[7] = H0[7];
-
359 -
360 context->Computed = 0;
executed (the execution status of this line is deduced): context->Computed = 0;
-
361 context->Corrupted = shaSuccess;
executed (the execution status of this line is deduced): context->Corrupted = shaSuccess;
-
362 -
363 return shaSuccess;
executed: return shaSuccess;
Execution Count:8
8
364} -
365 -
366/* -
367 * SHA224_256ProcessMessageBlock -
368 * -
369 * Description: -
370 * This helper function will process the next 512 bits of the -
371 * message stored in the Message_Block array. -
372 * -
373 * Parameters: -
374 * context: [in/out] -
375 * The SHA context to update. -
376 * -
377 * Returns: -
378 * Nothing. -
379 * -
380 * Comments: -
381 * Many of the variable names in this code, especially the -
382 * single character names, were used because those were the -
383 * names used in the Secure Hash Standard. -
384 */ -
385static void SHA224_256ProcessMessageBlock(SHA256Context *context) -
386{ -
387 /* Constants defined in FIPS 180-3, section 4.2.2 */ -
388 static const uint32_t K[64] = { -
389 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, -
390 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, -
391 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, -
392 0xc19bf174, 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, -
393 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 0x983e5152, -
394 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, -
395 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, -
396 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, -
397 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, -
398 0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08, -
399 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, -
400 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, -
401 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 -
402 }; -
403 int t, t4; /* Loop counter */
executed (the execution status of this line is deduced): int t, t4;
-
404 uint32_t temp1, temp2; /* Temporary word value */
executed (the execution status of this line is deduced): ::quint32 temp1, temp2;
-
405 uint32_t W[64]; /* Word sequence */
executed (the execution status of this line is deduced): ::quint32 W[64];
-
406 uint32_t A, B, C, D, E, F, G, H; /* Word buffers */
executed (the execution status of this line is deduced): ::quint32 A, B, C, D, E, F, G, H;
-
407 -
408 /* -
409 * Initialize the first 16 words in the array W -
410 */ -
411 for (t = t4 = 0; t < 16; t++, t4 += 4)
evaluated: t < 16
TRUEFALSE
yes
Evaluation Count:128
yes
Evaluation Count:8
8-128
412 W[t] = (((uint32_t)context->Message_Block[t4]) << 24) |
executed: W[t] = (((::quint32)context->Message_Block[t4]) << 24) | (((::quint32)context->Message_Block[t4 + 1]) << 16) | (((::quint32)context->Message_Block[t4 + 2]) << 8) | (((::quint32)context->Message_Block[t4 + 3]));
Execution Count:128
128
413 (((uint32_t)context->Message_Block[t4 + 1]) << 16) |
executed: W[t] = (((::quint32)context->Message_Block[t4]) << 24) | (((::quint32)context->Message_Block[t4 + 1]) << 16) | (((::quint32)context->Message_Block[t4 + 2]) << 8) | (((::quint32)context->Message_Block[t4 + 3]));
Execution Count:128
128
414 (((uint32_t)context->Message_Block[t4 + 2]) << 8) |
executed: W[t] = (((::quint32)context->Message_Block[t4]) << 24) | (((::quint32)context->Message_Block[t4 + 1]) << 16) | (((::quint32)context->Message_Block[t4 + 2]) << 8) | (((::quint32)context->Message_Block[t4 + 3]));
Execution Count:128
128
415 (((uint32_t)context->Message_Block[t4 + 3]));
executed: W[t] = (((::quint32)context->Message_Block[t4]) << 24) | (((::quint32)context->Message_Block[t4 + 1]) << 16) | (((::quint32)context->Message_Block[t4 + 2]) << 8) | (((::quint32)context->Message_Block[t4 + 3]));
Execution Count:128
128
416 -
417 for (t = 16; t < 64; t++)
evaluated: t < 64
TRUEFALSE
yes
Evaluation Count:384
yes
Evaluation Count:8
8-384
418 W[t] = SHA256_sigma1(W[t-2]) + W[t-7] +
executed: W[t] = ((((W[t-2]) >> (17)) | ((W[t-2]) << (32-(17)))) ^ (((W[t-2]) >> (19)) | ((W[t-2]) << (32-(19)))) ^ ((W[t-2]) >> (10))) + W[t-7] + ((((W[t-15]) >> (7)) | ((W[t-15]) << (32-(7)))) ^ (((W[t-15]) >> (18)) | ((W[t-15]) << (32-(18)))) ^ ((W[t-15]) >> (3))) + W[t-16];
Execution Count:384
384
419 SHA256_sigma0(W[t-15]) + W[t-16];
executed: W[t] = ((((W[t-2]) >> (17)) | ((W[t-2]) << (32-(17)))) ^ (((W[t-2]) >> (19)) | ((W[t-2]) << (32-(19)))) ^ ((W[t-2]) >> (10))) + W[t-7] + ((((W[t-15]) >> (7)) | ((W[t-15]) << (32-(7)))) ^ (((W[t-15]) >> (18)) | ((W[t-15]) << (32-(18)))) ^ ((W[t-15]) >> (3))) + W[t-16];
Execution Count:384
384
420 -
421 A = context->Intermediate_Hash[0];
executed (the execution status of this line is deduced): A = context->Intermediate_Hash[0];
-
422 B = context->Intermediate_Hash[1];
executed (the execution status of this line is deduced): B = context->Intermediate_Hash[1];
-
423 C = context->Intermediate_Hash[2];
executed (the execution status of this line is deduced): C = context->Intermediate_Hash[2];
-
424 D = context->Intermediate_Hash[3];
executed (the execution status of this line is deduced): D = context->Intermediate_Hash[3];
-
425 E = context->Intermediate_Hash[4];
executed (the execution status of this line is deduced): E = context->Intermediate_Hash[4];
-
426 F = context->Intermediate_Hash[5];
executed (the execution status of this line is deduced): F = context->Intermediate_Hash[5];
-
427 G = context->Intermediate_Hash[6];
executed (the execution status of this line is deduced): G = context->Intermediate_Hash[6];
-
428 H = context->Intermediate_Hash[7];
executed (the execution status of this line is deduced): H = context->Intermediate_Hash[7];
-
429 -
430 for (t = 0; t < 64; t++) {
evaluated: t < 64
TRUEFALSE
yes
Evaluation Count:512
yes
Evaluation Count:8
8-512
431 temp1 = H + SHA256_SIGMA1(E) + SHA_Ch(E,F,G) + K[t] + W[t];
executed (the execution status of this line is deduced): temp1 = H + ((((E) >> (6)) | ((E) << (32-(6)))) ^ (((E) >> (11)) | ((E) << (32-(11)))) ^ (((E) >> (25)) | ((E) << (32-(25))))) + (((E) & (F)) ^ ((~(E)) & (G))) + K[t] + W[t];
-
432 temp2 = SHA256_SIGMA0(A) + SHA_Maj(A,B,C);
executed (the execution status of this line is deduced): temp2 = ((((A) >> (2)) | ((A) << (32-(2)))) ^ (((A) >> (13)) | ((A) << (32-(13)))) ^ (((A) >> (22)) | ((A) << (32-(22))))) + (((A) & (B)) ^ ((A) & (C)) ^ ((B) & (C)));
-
433 H = G;
executed (the execution status of this line is deduced): H = G;
-
434 G = F;
executed (the execution status of this line is deduced): G = F;
-
435 F = E;
executed (the execution status of this line is deduced): F = E;
-
436 E = D + temp1;
executed (the execution status of this line is deduced): E = D + temp1;
-
437 D = C;
executed (the execution status of this line is deduced): D = C;
-
438 C = B;
executed (the execution status of this line is deduced): C = B;
-
439 B = A;
executed (the execution status of this line is deduced): B = A;
-
440 A = temp1 + temp2;
executed (the execution status of this line is deduced): A = temp1 + temp2;
-
441 }
executed: }
Execution Count:512
512
442 -
443 context->Intermediate_Hash[0] += A;
executed (the execution status of this line is deduced): context->Intermediate_Hash[0] += A;
-
444 context->Intermediate_Hash[1] += B;
executed (the execution status of this line is deduced): context->Intermediate_Hash[1] += B;
-
445 context->Intermediate_Hash[2] += C;
executed (the execution status of this line is deduced): context->Intermediate_Hash[2] += C;
-
446 context->Intermediate_Hash[3] += D;
executed (the execution status of this line is deduced): context->Intermediate_Hash[3] += D;
-
447 context->Intermediate_Hash[4] += E;
executed (the execution status of this line is deduced): context->Intermediate_Hash[4] += E;
-
448 context->Intermediate_Hash[5] += F;
executed (the execution status of this line is deduced): context->Intermediate_Hash[5] += F;
-
449 context->Intermediate_Hash[6] += G;
executed (the execution status of this line is deduced): context->Intermediate_Hash[6] += G;
-
450 context->Intermediate_Hash[7] += H;
executed (the execution status of this line is deduced): context->Intermediate_Hash[7] += H;
-
451 -
452 context->Message_Block_Index = 0;
executed (the execution status of this line is deduced): context->Message_Block_Index = 0;
-
453}
executed: }
Execution Count:8
8
454 -
455/* -
456 * SHA224_256Finalize -
457 * -
458 * Description: -
459 * This helper function finishes off the digest calculations. -
460 * -
461 * Parameters: -
462 * context: [in/out] -
463 * The SHA context to update. -
464 * Pad_Byte: [in] -
465 * The last byte to add to the message block before the 0-padding -
466 * and length. This will contain the last bits of the message -
467 * followed by another single bit. If the message was an -
468 * exact multiple of 8-bits long, Pad_Byte will be 0x80. -
469 * -
470 * Returns: -
471 * sha Error Code. -
472 */ -
473static void SHA224_256Finalize(SHA256Context *context, -
474 uint8_t Pad_Byte) -
475{ -
476 int i;
executed (the execution status of this line is deduced): int i;
-
477 SHA224_256PadMessage(context, Pad_Byte);
executed (the execution status of this line is deduced): SHA224_256PadMessage(context, Pad_Byte);
-
478 /* message may be sensitive, so clear it out */ -
479 for (i = 0; i < SHA256_Message_Block_Size; ++i)
evaluated: i < SHA256_Message_Block_Size
TRUEFALSE
yes
Evaluation Count:512
yes
Evaluation Count:8
8-512
480 context->Message_Block[i] = 0;
executed: context->Message_Block[i] = 0;
Execution Count:512
512
481 context->Length_High = 0; /* and clear length */
executed (the execution status of this line is deduced): context->Length_High = 0;
-
482 context->Length_Low = 0;
executed (the execution status of this line is deduced): context->Length_Low = 0;
-
483 context->Computed = 1;
executed (the execution status of this line is deduced): context->Computed = 1;
-
484}
executed: }
Execution Count:8
8
485 -
486/* -
487 * SHA224_256PadMessage -
488 * -
489 * Description: -
490 * According to the standard, the message must be padded to the next -
491 * even multiple of 512 bits. The first padding bit must be a '1'. -
492 * The last 64 bits represent the length of the original message. -
493 * All bits in between should be 0. This helper function will pad -
494 * the message according to those rules by filling the -
495 * Message_Block array accordingly. When it returns, it can be -
496 * assumed that the message digest has been computed. -
497 * -
498 * Parameters: -
499 * context: [in/out] -
500 * The context to pad. -
501 * Pad_Byte: [in] -
502 * The last byte to add to the message block before the 0-padding -
503 * and length. This will contain the last bits of the message -
504 * followed by another single bit. If the message was an -
505 * exact multiple of 8-bits long, Pad_Byte will be 0x80. -
506 * -
507 * Returns: -
508 * Nothing. -
509 */ -
510static void SHA224_256PadMessage(SHA256Context *context, -
511 uint8_t Pad_Byte) -
512{ -
513 /* -
514 * Check to see if the current message block is too small to hold -
515 * the initial padding bits and length. If so, we will pad the -
516 * block, process it, and then continue padding into a second -
517 * block. -
518 */ -
519 if (context->Message_Block_Index >= (SHA256_Message_Block_Size-8)) {
partially evaluated: context->Message_Block_Index >= (SHA256_Message_Block_Size-8)
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:8
0-8
520 context->Message_Block[context->Message_Block_Index++] = Pad_Byte;
never executed (the execution status of this line is deduced): context->Message_Block[context->Message_Block_Index++] = Pad_Byte;
-
521 while (context->Message_Block_Index < SHA256_Message_Block_Size)
never evaluated: context->Message_Block_Index < SHA256_Message_Block_Size
0
522 context->Message_Block[context->Message_Block_Index++] = 0;
never executed: context->Message_Block[context->Message_Block_Index++] = 0;
0
523 SHA224_256ProcessMessageBlock(context);
never executed (the execution status of this line is deduced): SHA224_256ProcessMessageBlock(context);
-
524 } else
never executed: }
0
525 context->Message_Block[context->Message_Block_Index++] = Pad_Byte;
executed: context->Message_Block[context->Message_Block_Index++] = Pad_Byte;
Execution Count:8
8
526 -
527 while (context->Message_Block_Index < (SHA256_Message_Block_Size-8))
evaluated: context->Message_Block_Index < (SHA256_Message_Block_Size-8)
TRUEFALSE
yes
Evaluation Count:410
yes
Evaluation Count:8
8-410
528 context->Message_Block[context->Message_Block_Index++] = 0;
executed: context->Message_Block[context->Message_Block_Index++] = 0;
Execution Count:410
410
529 -
530 /* -
531 * Store the message length as the last 8 octets -
532 */ -
533 context->Message_Block[56] = (uint8_t)(context->Length_High >> 24);
executed (the execution status of this line is deduced): context->Message_Block[56] = (::quint8)(context->Length_High >> 24);
-
534 context->Message_Block[57] = (uint8_t)(context->Length_High >> 16);
executed (the execution status of this line is deduced): context->Message_Block[57] = (::quint8)(context->Length_High >> 16);
-
535 context->Message_Block[58] = (uint8_t)(context->Length_High >> 8);
executed (the execution status of this line is deduced): context->Message_Block[58] = (::quint8)(context->Length_High >> 8);
-
536 context->Message_Block[59] = (uint8_t)(context->Length_High);
executed (the execution status of this line is deduced): context->Message_Block[59] = (::quint8)(context->Length_High);
-
537 context->Message_Block[60] = (uint8_t)(context->Length_Low >> 24);
executed (the execution status of this line is deduced): context->Message_Block[60] = (::quint8)(context->Length_Low >> 24);
-
538 context->Message_Block[61] = (uint8_t)(context->Length_Low >> 16);
executed (the execution status of this line is deduced): context->Message_Block[61] = (::quint8)(context->Length_Low >> 16);
-
539 context->Message_Block[62] = (uint8_t)(context->Length_Low >> 8);
executed (the execution status of this line is deduced): context->Message_Block[62] = (::quint8)(context->Length_Low >> 8);
-
540 context->Message_Block[63] = (uint8_t)(context->Length_Low);
executed (the execution status of this line is deduced): context->Message_Block[63] = (::quint8)(context->Length_Low);
-
541 -
542 SHA224_256ProcessMessageBlock(context);
executed (the execution status of this line is deduced): SHA224_256ProcessMessageBlock(context);
-
543}
executed: }
Execution Count:8
8
544 -
545/* -
546 * SHA224_256ResultN -
547 * -
548 * Description: -
549 * This helper function will return the 224-bit or 256-bit message -
550 * digest into the Message_Digest array provided by the caller. -
551 * NOTE: -
552 * The first octet of hash is stored in the element with index 0, -
553 * the last octet of hash in the element with index 27/31. -
554 * -
555 * Parameters: -
556 * context: [in/out] -
557 * The context to use to calculate the SHA hash. -
558 * Message_Digest[ ]: [out] -
559 * Where the digest is returned. -
560 * HashSize: [in] -
561 * The size of the hash, either 28 or 32. -
562 * -
563 * Returns: -
564 * sha Error Code. -
565 */ -
566static int SHA224_256ResultN(SHA256Context *context, -
567 uint8_t Message_Digest[ ], int HashSize) -
568{ -
569 int i;
executed (the execution status of this line is deduced): int i;
-
570 -
571 if (!context) return shaNull;
never executed: return shaNull;
partially evaluated: !context
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:8
0-8
572 if (!Message_Digest) return shaNull;
never executed: return shaNull;
partially evaluated: !Message_Digest
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:8
0-8
573 if (context->Corrupted) return context->Corrupted;
never executed: return context->Corrupted;
partially evaluated: context->Corrupted
TRUEFALSE
no
Evaluation Count:0
yes
Evaluation Count:8
0-8
574 -
575 if (!context->Computed)
partially evaluated: !context->Computed
TRUEFALSE
yes
Evaluation Count:8
no
Evaluation Count:0
0-8
576 SHA224_256Finalize(context, 0x80);
executed: SHA224_256Finalize(context, 0x80);
Execution Count:8
8
577 -
578 for (i = 0; i < HashSize; ++i)
evaluated: i < HashSize
TRUEFALSE
yes
Evaluation Count:240
yes
Evaluation Count:8
8-240
579 Message_Digest[i] = (uint8_t)
executed: Message_Digest[i] = (::quint8) (context->Intermediate_Hash[i>>2] >> 8 * ( 3 - ( i & 0x03 ) ));
Execution Count:240
240
580 (context->Intermediate_Hash[i>>2] >> 8 * ( 3 - ( i & 0x03 ) ));
executed: Message_Digest[i] = (::quint8) (context->Intermediate_Hash[i>>2] >> 8 * ( 3 - ( i & 0x03 ) ));
Execution Count:240
240
581 -
582 return shaSuccess;
executed: return shaSuccess;
Execution Count:8
8
583} -
584 -
Source codeSwitch to Preprocessed file
Generated by Squish Coco Non-Commercial