Fix bad SHA::Transform calculation (Issue 455)

Reworked SHA class internals to align all the implementations. Formerly all hashes were software based, IterHashBase handled endian conversions, IterHashBase repeatedly called the single block SHA{N}::Transform. The rework added SHA{N}::HashMultipleBlocks, and the SHA classes attempt to always use it.

Now SHA{N}::Transform calls into SHA{N}_HashMultipleBlocks, which is a free standing function. An added wrinkle is hardware wants little endian data and software presents big endian data, so HashMultipleBlocks accepts a ByteOrder for the incoming data. Hardware based SHA{N}_HashMultipleBlocks can often perform the endian swap much easier by setting an EPI mask so it was profitable to defer to hardware when available.

The rework also removed the hacked-in pointers to implementations. The class now looks more like AES, GCM, etc.

1 files changed, 21 insertions, 24 deletions

diff --git a/sha.h b/sha.h
index 6be24415..30a859ac 100644
--- a/sha.h
+++ b/sha.h
@@ -38,21 +38,20 @@ public:
 	//! \param digest the state of the hash

 	//! \param data the data to be digested

 	//! \details Transform operates the hash on <tt>data</tt>. When the call is invoked

-	//!    <tt>digest</tt> holds initial state. Upon return <tt>digest</tt> holds the hash or

-	//!    updated state.

+	//!   <tt>digest</tt> holds initial state. Upon return <tt>digest</tt> holds the hash

+	//!   or updated state.

 	//! \details Hashes which derive from IteratedHashWithStaticTransform provide static

 	//!   member functions InitState and Transform. External classes, like SEAL and MDC,

 	//!   can initialize state with a user provided key and operate the hash on the data

 	//!   with the user supplied state.

 	//! \note On Intel platforms the state array and data must be 16-byte aligned for SSE2.

-	static void CRYPTOPP_API Transform(word32 *digest, const word32 *data);

+	static void CRYPTOPP_API Transform(HashWordType *digest, const HashWordType *data);

 	//! \brief The algorithm name

 	//! \returns C-style string "SHA-1"

 	CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "SHA-1";}

 

-#if CRYPTOPP_BOOL_SSE_SHA_INTRINSICS_AVAILABLE

-	size_t HashMultipleBlocks(const word32 *input, size_t length);

-#endif

+protected:

+	size_t HashMultipleBlocks(const HashWordType *input, size_t length);

 };

 

 //! \class SHA256

@@ -75,21 +74,20 @@ public:
 	//! \param digest the state of the hash

 	//! \param data the data to be digested

 	//! \details Transform operates the hash on <tt>data</tt>. When the call is invoked

-	//!    <tt>digest</tt> holds initial state. Upon return <tt>digest</tt> holds the hash or

-	//!    updated state.

+	//!   <tt>digest</tt> holds initial state. Upon return <tt>digest</tt> holds the hash

+	//!   or updated state.

 	//! \details Hashes which derive from IteratedHashWithStaticTransform provide static

 	//!   member functions InitState and Transform. External classes, like SEAL and MDC,

 	//!   can initialize state with a user provided key and operate the hash on the data

 	//!   with the user supplied state.

 	//! \note On Intel platforms the state array and data must be 16-byte aligned for SSE2.

-	static void CRYPTOPP_API Transform(word32 *digest, const word32 *data);

+	static void CRYPTOPP_API Transform(HashWordType *digest, const HashWordType *data);

 	//! \brief The algorithm name

 	//! \returns C-style string "SHA-256"

 	CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "SHA-256";}

 

-#if (defined(CRYPTOPP_X86_ASM_AVAILABLE) || defined(CRYPTOPP_X32_ASM_AVAILABLE) || defined(CRYPTOPP_X64_MASM_AVAILABLE)) && !defined(CRYPTOPP_DISABLE_SHA_ASM)

-	size_t HashMultipleBlocks(const word32 *input, size_t length);

-#endif

+protected:

+	size_t HashMultipleBlocks(const HashWordType *input, size_t length);

 };

 

 //! \class SHA224

@@ -112,21 +110,20 @@ public:
 	//! \param digest the state of the hash

 	//! \param data the data to be digested

 	//! \details Transform operates the hash on <tt>data</tt>. When the call is invoked

-	//!    <tt>digest</tt> holds initial state. Upon return <tt>digest</tt> holds the hash or

-	//!    updated state.

+	//!   <tt>digest</tt> holds initial state. Upon return <tt>digest</tt> holds the hash

+	//!   or updated state.

 	//! \details Hashes which derive from IteratedHashWithStaticTransform provide static

 	//!   member functions InitState and Transform. External classes, like SEAL and MDC,

 	//!   can initialize state with a user provided key and operate the hash on the data

 	//!   with the user supplied state.

 	//! \note On Intel platforms the state array and data must be 16-byte aligned for SSE2.

-	static void CRYPTOPP_API Transform(word32 *digest, const word32 *data) {SHA256::Transform(digest, data);}

+	static void CRYPTOPP_API Transform(HashWordType *digest, const HashWordType *data) {SHA256::Transform(digest, data);}

 	//! \brief The algorithm name

 	//! \returns C-style string "SHA-224"

 	CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "SHA-224";}

 

-#if (defined(CRYPTOPP_X86_ASM_AVAILABLE) || defined(CRYPTOPP_X32_ASM_AVAILABLE) || defined(CRYPTOPP_X64_MASM_AVAILABLE)) && !defined(CRYPTOPP_DISABLE_SHA_ASM)

-	size_t HashMultipleBlocks(const word32 *input, size_t length);

-#endif

+protected:

+	size_t HashMultipleBlocks(const HashWordType *input, size_t length);

 };

 

 //! \class SHA512

@@ -149,14 +146,14 @@ public:
 	//! \param digest the state of the hash

 	//! \param data the data to be digested

 	//! \details Transform operates the hash on <tt>data</tt>. When the call is invoked

-	//!    <tt>digest</tt> holds initial state. Upon return <tt>digest</tt> holds the hash or

-	//!    updated state.

+	//!   <tt>digest</tt> holds initial state. Upon return <tt>digest</tt> holds the hash

+	//!   or updated state.

 	//! \details Hashes which derive from IteratedHashWithStaticTransform provide static

 	//!   member functions InitState and Transform. External classes, like SEAL and MDC,

 	//!   can initialize state with a user provided key and operate the hash on the data

 	//!   with the user supplied state.

 	//! \note On Intel platforms the state array and data must be 16-byte aligned for SSE2.

-	static void CRYPTOPP_API Transform(word64 *digest, const word64 *data);

+	static void CRYPTOPP_API Transform(HashWordType *digest, const HashWordType *data);

 	//! \brief The algorithm name

 	//! \returns C-style string "SHA-512"

 	CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "SHA-512";}

@@ -182,14 +179,14 @@ public:
 	//! \param digest the state of the hash

 	//! \param data the data to be digested

 	//! \details Transform operates the hash on <tt>data</tt>. When the call is invoked

-	//!    <tt>digest</tt> holds initial state. Upon return <tt>digest</tt> holds the hash or

-	//!    updated state.

+	//!   <tt>digest</tt> holds initial state. Upon return <tt>digest</tt> holds the hash

+	//!   or updated state.

 	//! \details Hashes which derive from IteratedHashWithStaticTransform provide static

 	//!   member functions InitState and Transform. External classes, like SEAL and MDC,

 	//!   can initialize state with a user provided key and operate the hash on the data

 	//!   with the user supplied state.

 	//! \note On Intel platforms the state array and data must be 16-byte aligned for SSE2.

-	static void CRYPTOPP_API Transform(word64 *digest, const word64 *data) {SHA512::Transform(digest, data);}

+	static void CRYPTOPP_API Transform(HashWordType *digest, const HashWordType *data) {SHA512::Transform(digest, data);}

 	//! \brief The algorithm name

 	//! \returns C-style string "SHA-384"

 	CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "SHA-384";}