mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-12-18 12:28:09 +00:00
Merge pull request #67 from jhoenicke/master
sha2: fix unaligned access.
This commit is contained in:
Pavol Rusnak
GitHub
commit
62b8f845f2
49
sha2.c
49
sha2.c
@ -480,7 +480,6 @@ void sha256_Update(SHA256_CTX* context, const sha2_byte *data, size_t len) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
void sha256_Final(SHA256_CTX* context, sha2_byte digest[]) {
|
void sha256_Final(SHA256_CTX* context, sha2_byte digest[]) {
|
||||||
sha2_word32 *d = (sha2_word32*)(void*)digest;
|
|
||||||
unsigned int usedspace;
|
unsigned int usedspace;
|
||||||
|
|
||||||
/* If no digest buffer is passed, we don't bother doing this: */
|
/* If no digest buffer is passed, we don't bother doing this: */
|
||||||
@ -489,13 +488,9 @@ void sha256_Final(SHA256_CTX* context, sha2_byte digest[]) {
|
|||||||
/* Begin padding with a 1 bit: */
|
/* Begin padding with a 1 bit: */
|
||||||
((uint8_t*)context->buffer)[usedspace++] = 0x80;
|
((uint8_t*)context->buffer)[usedspace++] = 0x80;
|
||||||
|
|
||||||
if (usedspace <= SHA256_SHORT_BLOCK_LENGTH) {
|
if (usedspace > SHA256_SHORT_BLOCK_LENGTH) {
|
||||||
/* Set-up for the last transform: */
|
MEMSET_BZERO(((uint8_t*)context->buffer) + usedspace, SHA256_BLOCK_LENGTH - usedspace);
|
||||||
MEMSET_BZERO(((uint8_t*)context->buffer) + usedspace, SHA256_SHORT_BLOCK_LENGTH - usedspace);
|
|
||||||
} else {
|
|
||||||
if (usedspace < SHA256_BLOCK_LENGTH) {
|
|
||||||
MEMSET_BZERO(((uint8_t*)context->buffer) + usedspace, SHA256_BLOCK_LENGTH - usedspace);
|
|
||||||
}
|
|
||||||
#if BYTE_ORDER == LITTLE_ENDIAN
|
#if BYTE_ORDER == LITTLE_ENDIAN
|
||||||
/* Convert TO host byte order */
|
/* Convert TO host byte order */
|
||||||
for (int j = 0; j < 16; j++) {
|
for (int j = 0; j < 16; j++) {
|
||||||
@ -505,9 +500,11 @@ void sha256_Final(SHA256_CTX* context, sha2_byte digest[]) {
|
|||||||
/* Do second-to-last transform: */
|
/* Do second-to-last transform: */
|
||||||
sha256_Transform(context->state, context->buffer, context->state);
|
sha256_Transform(context->state, context->buffer, context->state);
|
||||||
|
|
||||||
/* And set-up for the last transform: */
|
/* And prepare the last transform: */
|
||||||
MEMSET_BZERO(context->buffer, SHA256_SHORT_BLOCK_LENGTH);
|
usedspace = 0;
|
||||||
}
|
}
|
||||||
|
/* Set-up for the last transform: */
|
||||||
|
MEMSET_BZERO(((uint8_t*)context->buffer) + usedspace, SHA256_SHORT_BLOCK_LENGTH - usedspace);
|
||||||
|
|
||||||
#if BYTE_ORDER == LITTLE_ENDIAN
|
#if BYTE_ORDER == LITTLE_ENDIAN
|
||||||
/* Convert TO host byte order */
|
/* Convert TO host byte order */
|
||||||
@ -528,7 +525,7 @@ void sha256_Final(SHA256_CTX* context, sha2_byte digest[]) {
|
|||||||
REVERSE32(context->state[j],context->state[j]);
|
REVERSE32(context->state[j],context->state[j]);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
MEMCPY_BCOPY(d, context->state, SHA256_DIGEST_LENGTH);
|
MEMCPY_BCOPY(digest, context->state, SHA256_DIGEST_LENGTH);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Clean up state data: */
|
/* Clean up state data: */
|
||||||
@ -770,7 +767,7 @@ void sha512_Update(SHA512_CTX* context, const sha2_byte *data, size_t len) {
|
|||||||
#if BYTE_ORDER == LITTLE_ENDIAN
|
#if BYTE_ORDER == LITTLE_ENDIAN
|
||||||
/* Convert TO host byte order */
|
/* Convert TO host byte order */
|
||||||
for (int j = 0; j < 16; j++) {
|
for (int j = 0; j < 16; j++) {
|
||||||
REVERSE64(((sha2_word64*)data)[j],context->buffer[j]);
|
REVERSE64(context->buffer[j],context->buffer[j]);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
sha512_Transform(context->state, context->buffer, context->state);
|
sha512_Transform(context->state, context->buffer, context->state);
|
||||||
@ -794,13 +791,9 @@ static void sha512_Last(SHA512_CTX* context) {
|
|||||||
/* Begin padding with a 1 bit: */
|
/* Begin padding with a 1 bit: */
|
||||||
((uint8_t*)context->buffer)[usedspace++] = 0x80;
|
((uint8_t*)context->buffer)[usedspace++] = 0x80;
|
||||||
|
|
||||||
if (usedspace <= SHA512_SHORT_BLOCK_LENGTH) {
|
if (usedspace > SHA512_SHORT_BLOCK_LENGTH) {
|
||||||
/* Set-up for the last transform: */
|
MEMSET_BZERO(((uint8_t*)context->buffer) + usedspace, SHA512_BLOCK_LENGTH - usedspace);
|
||||||
MEMSET_BZERO(((uint8_t*)context->buffer) + usedspace, SHA512_SHORT_BLOCK_LENGTH - usedspace);
|
|
||||||
} else {
|
|
||||||
if (usedspace < SHA512_BLOCK_LENGTH) {
|
|
||||||
MEMSET_BZERO(((uint8_t*)context->buffer) + usedspace, SHA512_BLOCK_LENGTH - usedspace);
|
|
||||||
}
|
|
||||||
#if BYTE_ORDER == LITTLE_ENDIAN
|
#if BYTE_ORDER == LITTLE_ENDIAN
|
||||||
/* Convert TO host byte order */
|
/* Convert TO host byte order */
|
||||||
for (int j = 0; j < 16; j++) {
|
for (int j = 0; j < 16; j++) {
|
||||||
@ -810,29 +803,27 @@ static void sha512_Last(SHA512_CTX* context) {
|
|||||||
/* Do second-to-last transform: */
|
/* Do second-to-last transform: */
|
||||||
sha512_Transform(context->state, context->buffer, context->state);
|
sha512_Transform(context->state, context->buffer, context->state);
|
||||||
|
|
||||||
/* And set-up for the last transform: */
|
/* And prepare the last transform: */
|
||||||
MEMSET_BZERO(context->buffer, SHA512_BLOCK_LENGTH - 2);
|
usedspace = 0;
|
||||||
}
|
}
|
||||||
|
/* Set-up for the last transform: */
|
||||||
|
MEMSET_BZERO(((uint8_t*)context->buffer) + usedspace, SHA512_SHORT_BLOCK_LENGTH - usedspace);
|
||||||
|
|
||||||
#if BYTE_ORDER == LITTLE_ENDIAN
|
#if BYTE_ORDER == LITTLE_ENDIAN
|
||||||
/* Convert TO host byte order */
|
/* Convert TO host byte order */
|
||||||
for (int j = 0; j < 16; j++) {
|
for (int j = 0; j < 14; j++) {
|
||||||
REVERSE64(context->buffer[j],context->buffer[j]);
|
REVERSE64(context->buffer[j],context->buffer[j]);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
/* Store the length of input data (in bits): */
|
/* Store the length of input data (in bits): */
|
||||||
sha2_word64 *t;
|
context->buffer[14] = context->bitcount[1];
|
||||||
t = &context->buffer[SHA512_SHORT_BLOCK_LENGTH/sizeof(sha2_word64)];
|
context->buffer[15] = context->bitcount[0];
|
||||||
t[0] = context->bitcount[1];
|
|
||||||
t[1] = context->bitcount[0];
|
|
||||||
|
|
||||||
/* Final transform: */
|
/* Final transform: */
|
||||||
sha512_Transform(context->state, context->buffer, context->state);
|
sha512_Transform(context->state, context->buffer, context->state);
|
||||||
}
|
}
|
||||||
|
|
||||||
void sha512_Final(SHA512_CTX* context, sha2_byte digest[]) {
|
void sha512_Final(SHA512_CTX* context, sha2_byte digest[]) {
|
||||||
sha2_word64 *d = (sha2_word64*)(void*)digest;
|
|
||||||
|
|
||||||
/* If no digest buffer is passed, we don't bother doing this: */
|
/* If no digest buffer is passed, we don't bother doing this: */
|
||||||
if (digest != (sha2_byte*)0) {
|
if (digest != (sha2_byte*)0) {
|
||||||
sha512_Last(context);
|
sha512_Last(context);
|
||||||
@ -844,7 +835,7 @@ void sha512_Final(SHA512_CTX* context, sha2_byte digest[]) {
|
|||||||
REVERSE64(context->state[j],context->state[j]);
|
REVERSE64(context->state[j],context->state[j]);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
MEMCPY_BCOPY(d, context->state, SHA512_DIGEST_LENGTH);
|
MEMCPY_BCOPY(digest, context->state, SHA512_DIGEST_LENGTH);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Zero out state data */
|
/* Zero out state data */
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user