1 // Copyright 2014 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6
7 #include "core/fdrm/crypto/fx_crypt.h"
8
9 #define rol(x, y) (((x) << (y)) | (((unsigned int)x) >> (32 - y)))
10
11 #define SHA_GET_UINT32(n, b, i) \
12 { \
13 (n) = ((uint32_t)(b)[(i)] << 24) | ((uint32_t)(b)[(i) + 1] << 16) | \
14 ((uint32_t)(b)[(i) + 2] << 8) | ((uint32_t)(b)[(i) + 3]); \
15 }
16 #define SHA_PUT_UINT32(n, b, i) \
17 { \
18 (b)[(i)] = (uint8_t)((n) >> 24); \
19 (b)[(i) + 1] = (uint8_t)((n) >> 16); \
20 (b)[(i) + 2] = (uint8_t)((n) >> 8); \
21 (b)[(i) + 3] = (uint8_t)((n)); \
22 }
23
24 #define SHA384_F0(x, y, z) ((x & y) | (z & (x | y)))
25 #define SHA384_F1(x, y, z) (z ^ (x & (y ^ z)))
26 #define SHA384_SHR(x, n) (x >> n)
27 #define SHA384_ROTR(x, n) (SHA384_SHR(x, n) | x << (64 - n))
28 #define SHA384_S0(x) (SHA384_ROTR(x, 1) ^ SHA384_ROTR(x, 8) ^ SHA384_SHR(x, 7))
29 #define SHA384_S1(x) \
30 (SHA384_ROTR(x, 19) ^ SHA384_ROTR(x, 61) ^ SHA384_SHR(x, 6))
31 #define SHA384_S2(x) \
32 (SHA384_ROTR(x, 28) ^ SHA384_ROTR(x, 34) ^ SHA384_ROTR(x, 39))
33 #define SHA384_S3(x) \
34 (SHA384_ROTR(x, 14) ^ SHA384_ROTR(x, 18) ^ SHA384_ROTR(x, 41))
35 #define SHA384_P(a, b, c, d, e, f, g, h, x, K) \
36 { \
37 temp1 = h + SHA384_S3(e) + SHA384_F1(e, f, g) + K + x; \
38 temp2 = SHA384_S2(a) + SHA384_F0(a, b, c); \
39 d += temp1; \
40 h = temp1 + temp2; \
41 }
42 #define SHA384_R(t) \
43 (W[t] = SHA384_S1(W[t - 2]) + W[t - 7] + SHA384_S0(W[t - 15]) + W[t - 16])
44
45 #define GET_FX_64WORD(n, b, i) \
46 { \
47 (n) = ((uint64_t)(b)[(i)] << 56) | ((uint64_t)(b)[(i) + 1] << 48) | \
48 ((uint64_t)(b)[(i) + 2] << 40) | ((uint64_t)(b)[(i) + 3] << 32) | \
49 ((uint64_t)(b)[(i) + 4] << 24) | ((uint64_t)(b)[(i) + 5] << 16) | \
50 ((uint64_t)(b)[(i) + 6] << 8) | ((uint64_t)(b)[(i) + 7]); \
51 }
52 #define PUT_UINT64(n, b, i) \
53 { \
54 (b)[(i)] = (uint8_t)((n) >> 56); \
55 (b)[(i) + 1] = (uint8_t)((n) >> 48); \
56 (b)[(i) + 2] = (uint8_t)((n) >> 40); \
57 (b)[(i) + 3] = (uint8_t)((n) >> 32); \
58 (b)[(i) + 4] = (uint8_t)((n) >> 24); \
59 (b)[(i) + 5] = (uint8_t)((n) >> 16); \
60 (b)[(i) + 6] = (uint8_t)((n) >> 8); \
61 (b)[(i) + 7] = (uint8_t)((n)); \
62 }
63
64 #define SHR(x, n) ((x & 0xFFFFFFFF) >> n)
65 #define ROTR(x, n) (SHR(x, n) | (x << (32 - n)))
66 #define S0(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ SHR(x, 3))
67 #define S1(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ SHR(x, 10))
68 #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22))
69 #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25))
70 #define F0(x, y, z) ((x & y) | (z & (x | y)))
71 #define F1(x, y, z) (z ^ (x & (y ^ z)))
72 #define R(t) (W[t] = S1(W[t - 2]) + W[t - 7] + S0(W[t - 15]) + W[t - 16])
73 #define PS(a, b, c, d, e, f, g, h, x, K) \
74 { \
75 temp1 = h + S3(e) + F1(e, f, g) + K + x; \
76 temp2 = S2(a) + F0(a, b, c); \
77 d += temp1; \
78 h = temp1 + temp2; \
79 }
80
81 namespace {
82
SHA_Core_Init(unsigned int h[5])83 void SHA_Core_Init(unsigned int h[5]) {
84 h[0] = 0x67452301;
85 h[1] = 0xefcdab89;
86 h[2] = 0x98badcfe;
87 h[3] = 0x10325476;
88 h[4] = 0xc3d2e1f0;
89 }
90
SHATransform(unsigned int * digest,unsigned int * block)91 void SHATransform(unsigned int* digest, unsigned int* block) {
92 unsigned int w[80];
93 unsigned int a, b, c, d, e;
94 int t;
95 for (t = 0; t < 16; t++) {
96 w[t] = block[t];
97 }
98 for (t = 16; t < 80; t++) {
99 unsigned int tmp = w[t - 3] ^ w[t - 8] ^ w[t - 14] ^ w[t - 16];
100 w[t] = rol(tmp, 1);
101 }
102 a = digest[0];
103 b = digest[1];
104 c = digest[2];
105 d = digest[3];
106 e = digest[4];
107 for (t = 0; t < 20; t++) {
108 unsigned int tmp = rol(a, 5) + ((b & c) | (d & ~b)) + e + w[t] + 0x5a827999;
109 e = d;
110 d = c;
111 c = rol(b, 30);
112 b = a;
113 a = tmp;
114 }
115 for (t = 20; t < 40; t++) {
116 unsigned int tmp = rol(a, 5) + (b ^ c ^ d) + e + w[t] + 0x6ed9eba1;
117 e = d;
118 d = c;
119 c = rol(b, 30);
120 b = a;
121 a = tmp;
122 }
123 for (t = 40; t < 60; t++) {
124 unsigned int tmp =
125 rol(a, 5) + ((b & c) | (b & d) | (c & d)) + e + w[t] + 0x8f1bbcdc;
126 e = d;
127 d = c;
128 c = rol(b, 30);
129 b = a;
130 a = tmp;
131 }
132 for (t = 60; t < 80; t++) {
133 unsigned int tmp = rol(a, 5) + (b ^ c ^ d) + e + w[t] + 0xca62c1d6;
134 e = d;
135 d = c;
136 c = rol(b, 30);
137 b = a;
138 a = tmp;
139 }
140 digest[0] += a;
141 digest[1] += b;
142 digest[2] += c;
143 digest[3] += d;
144 digest[4] += e;
145 }
146
sha256_process(CRYPT_sha2_context * ctx,const uint8_t data[64])147 void sha256_process(CRYPT_sha2_context* ctx, const uint8_t data[64]) {
148 uint32_t W[64];
149 SHA_GET_UINT32(W[0], data, 0);
150 SHA_GET_UINT32(W[1], data, 4);
151 SHA_GET_UINT32(W[2], data, 8);
152 SHA_GET_UINT32(W[3], data, 12);
153 SHA_GET_UINT32(W[4], data, 16);
154 SHA_GET_UINT32(W[5], data, 20);
155 SHA_GET_UINT32(W[6], data, 24);
156 SHA_GET_UINT32(W[7], data, 28);
157 SHA_GET_UINT32(W[8], data, 32);
158 SHA_GET_UINT32(W[9], data, 36);
159 SHA_GET_UINT32(W[10], data, 40);
160 SHA_GET_UINT32(W[11], data, 44);
161 SHA_GET_UINT32(W[12], data, 48);
162 SHA_GET_UINT32(W[13], data, 52);
163 SHA_GET_UINT32(W[14], data, 56);
164 SHA_GET_UINT32(W[15], data, 60);
165
166 uint32_t temp1;
167 uint32_t temp2;
168 uint32_t A = ctx->state[0];
169 uint32_t B = ctx->state[1];
170 uint32_t C = ctx->state[2];
171 uint32_t D = ctx->state[3];
172 uint32_t E = ctx->state[4];
173 uint32_t F = ctx->state[5];
174 uint32_t G = ctx->state[6];
175 uint32_t H = ctx->state[7];
176 PS(A, B, C, D, E, F, G, H, W[0], 0x428A2F98);
177 PS(H, A, B, C, D, E, F, G, W[1], 0x71374491);
178 PS(G, H, A, B, C, D, E, F, W[2], 0xB5C0FBCF);
179 PS(F, G, H, A, B, C, D, E, W[3], 0xE9B5DBA5);
180 PS(E, F, G, H, A, B, C, D, W[4], 0x3956C25B);
181 PS(D, E, F, G, H, A, B, C, W[5], 0x59F111F1);
182 PS(C, D, E, F, G, H, A, B, W[6], 0x923F82A4);
183 PS(B, C, D, E, F, G, H, A, W[7], 0xAB1C5ED5);
184 PS(A, B, C, D, E, F, G, H, W[8], 0xD807AA98);
185 PS(H, A, B, C, D, E, F, G, W[9], 0x12835B01);
186 PS(G, H, A, B, C, D, E, F, W[10], 0x243185BE);
187 PS(F, G, H, A, B, C, D, E, W[11], 0x550C7DC3);
188 PS(E, F, G, H, A, B, C, D, W[12], 0x72BE5D74);
189 PS(D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE);
190 PS(C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7);
191 PS(B, C, D, E, F, G, H, A, W[15], 0xC19BF174);
192 PS(A, B, C, D, E, F, G, H, R(16), 0xE49B69C1);
193 PS(H, A, B, C, D, E, F, G, R(17), 0xEFBE4786);
194 PS(G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6);
195 PS(F, G, H, A, B, C, D, E, R(19), 0x240CA1CC);
196 PS(E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F);
197 PS(D, E, F, G, H, A, B, C, R(21), 0x4A7484AA);
198 PS(C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC);
199 PS(B, C, D, E, F, G, H, A, R(23), 0x76F988DA);
200 PS(A, B, C, D, E, F, G, H, R(24), 0x983E5152);
201 PS(H, A, B, C, D, E, F, G, R(25), 0xA831C66D);
202 PS(G, H, A, B, C, D, E, F, R(26), 0xB00327C8);
203 PS(F, G, H, A, B, C, D, E, R(27), 0xBF597FC7);
204 PS(E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3);
205 PS(D, E, F, G, H, A, B, C, R(29), 0xD5A79147);
206 PS(C, D, E, F, G, H, A, B, R(30), 0x06CA6351);
207 PS(B, C, D, E, F, G, H, A, R(31), 0x14292967);
208 PS(A, B, C, D, E, F, G, H, R(32), 0x27B70A85);
209 PS(H, A, B, C, D, E, F, G, R(33), 0x2E1B2138);
210 PS(G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC);
211 PS(F, G, H, A, B, C, D, E, R(35), 0x53380D13);
212 PS(E, F, G, H, A, B, C, D, R(36), 0x650A7354);
213 PS(D, E, F, G, H, A, B, C, R(37), 0x766A0ABB);
214 PS(C, D, E, F, G, H, A, B, R(38), 0x81C2C92E);
215 PS(B, C, D, E, F, G, H, A, R(39), 0x92722C85);
216 PS(A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1);
217 PS(H, A, B, C, D, E, F, G, R(41), 0xA81A664B);
218 PS(G, H, A, B, C, D, E, F, R(42), 0xC24B8B70);
219 PS(F, G, H, A, B, C, D, E, R(43), 0xC76C51A3);
220 PS(E, F, G, H, A, B, C, D, R(44), 0xD192E819);
221 PS(D, E, F, G, H, A, B, C, R(45), 0xD6990624);
222 PS(C, D, E, F, G, H, A, B, R(46), 0xF40E3585);
223 PS(B, C, D, E, F, G, H, A, R(47), 0x106AA070);
224 PS(A, B, C, D, E, F, G, H, R(48), 0x19A4C116);
225 PS(H, A, B, C, D, E, F, G, R(49), 0x1E376C08);
226 PS(G, H, A, B, C, D, E, F, R(50), 0x2748774C);
227 PS(F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5);
228 PS(E, F, G, H, A, B, C, D, R(52), 0x391C0CB3);
229 PS(D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A);
230 PS(C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F);
231 PS(B, C, D, E, F, G, H, A, R(55), 0x682E6FF3);
232 PS(A, B, C, D, E, F, G, H, R(56), 0x748F82EE);
233 PS(H, A, B, C, D, E, F, G, R(57), 0x78A5636F);
234 PS(G, H, A, B, C, D, E, F, R(58), 0x84C87814);
235 PS(F, G, H, A, B, C, D, E, R(59), 0x8CC70208);
236 PS(E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA);
237 PS(D, E, F, G, H, A, B, C, R(61), 0xA4506CEB);
238 PS(C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7);
239 PS(B, C, D, E, F, G, H, A, R(63), 0xC67178F2);
240 ctx->state[0] += A;
241 ctx->state[1] += B;
242 ctx->state[2] += C;
243 ctx->state[3] += D;
244 ctx->state[4] += E;
245 ctx->state[5] += F;
246 ctx->state[6] += G;
247 ctx->state[7] += H;
248 }
249
250 const uint8_t sha256_padding[64] = {
251 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
252 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
253 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
254
255 const uint8_t sha384_padding[128] = {
256 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
257 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
258 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
259 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
260 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
261 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
262 };
263
264 uint64_t const constants[] = {
265 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL,
266 0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
267 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL,
268 0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
269 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL,
270 0xc19bf174cf692694ULL, 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
271 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 0x2de92c6f592b0275ULL,
272 0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
273 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL,
274 0xbf597fc7beef0ee4ULL, 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
275 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 0x27b70a8546d22ffcULL,
276 0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
277 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL,
278 0x92722c851482353bULL, 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
279 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 0xd192e819d6ef5218ULL,
280 0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
281 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL,
282 0x34b0bcb5e19b48a8ULL, 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
283 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 0x748f82ee5defb2fcULL,
284 0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
285 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL,
286 0xc67178f2e372532bULL, 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
287 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 0x06f067aa72176fbaULL,
288 0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
289 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL,
290 0x431d67c49c100d4cULL, 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
291 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL,
292 };
293
sha384_process(CRYPT_sha2_context * ctx,const uint8_t data[128])294 void sha384_process(CRYPT_sha2_context* ctx, const uint8_t data[128]) {
295 uint64_t temp1, temp2;
296 uint64_t A, B, C, D, E, F, G, H;
297 uint64_t W[80];
298 GET_FX_64WORD(W[0], data, 0);
299 GET_FX_64WORD(W[1], data, 8);
300 GET_FX_64WORD(W[2], data, 16);
301 GET_FX_64WORD(W[3], data, 24);
302 GET_FX_64WORD(W[4], data, 32);
303 GET_FX_64WORD(W[5], data, 40);
304 GET_FX_64WORD(W[6], data, 48);
305 GET_FX_64WORD(W[7], data, 56);
306 GET_FX_64WORD(W[8], data, 64);
307 GET_FX_64WORD(W[9], data, 72);
308 GET_FX_64WORD(W[10], data, 80);
309 GET_FX_64WORD(W[11], data, 88);
310 GET_FX_64WORD(W[12], data, 96);
311 GET_FX_64WORD(W[13], data, 104);
312 GET_FX_64WORD(W[14], data, 112);
313 GET_FX_64WORD(W[15], data, 120);
314 A = ctx->state[0];
315 B = ctx->state[1];
316 C = ctx->state[2];
317 D = ctx->state[3];
318 E = ctx->state[4];
319 F = ctx->state[5];
320 G = ctx->state[6];
321 H = ctx->state[7];
322 for (int i = 0; i < 10; ++i) {
323 uint64_t temp[8];
324 if (i < 2) {
325 temp[0] = W[i * 8];
326 temp[1] = W[i * 8 + 1];
327 temp[2] = W[i * 8 + 2];
328 temp[3] = W[i * 8 + 3];
329 temp[4] = W[i * 8 + 4];
330 temp[5] = W[i * 8 + 5];
331 temp[6] = W[i * 8 + 6];
332 temp[7] = W[i * 8 + 7];
333 } else {
334 temp[0] = SHA384_R(i * 8);
335 temp[1] = SHA384_R(i * 8 + 1);
336 temp[2] = SHA384_R(i * 8 + 2);
337 temp[3] = SHA384_R(i * 8 + 3);
338 temp[4] = SHA384_R(i * 8 + 4);
339 temp[5] = SHA384_R(i * 8 + 5);
340 temp[6] = SHA384_R(i * 8 + 6);
341 temp[7] = SHA384_R(i * 8 + 7);
342 }
343 SHA384_P(A, B, C, D, E, F, G, H, temp[0], constants[i * 8]);
344 SHA384_P(H, A, B, C, D, E, F, G, temp[1], constants[i * 8 + 1]);
345 SHA384_P(G, H, A, B, C, D, E, F, temp[2], constants[i * 8 + 2]);
346 SHA384_P(F, G, H, A, B, C, D, E, temp[3], constants[i * 8 + 3]);
347 SHA384_P(E, F, G, H, A, B, C, D, temp[4], constants[i * 8 + 4]);
348 SHA384_P(D, E, F, G, H, A, B, C, temp[5], constants[i * 8 + 5]);
349 SHA384_P(C, D, E, F, G, H, A, B, temp[6], constants[i * 8 + 6]);
350 SHA384_P(B, C, D, E, F, G, H, A, temp[7], constants[i * 8 + 7]);
351 }
352 ctx->state[0] += A;
353 ctx->state[1] += B;
354 ctx->state[2] += C;
355 ctx->state[3] += D;
356 ctx->state[4] += E;
357 ctx->state[5] += F;
358 ctx->state[6] += G;
359 ctx->state[7] += H;
360 }
361
362 } // namespace
363
CRYPT_SHA1Start(CRYPT_sha1_context * s)364 void CRYPT_SHA1Start(CRYPT_sha1_context* s) {
365 SHA_Core_Init(s->h);
366 s->blkused = 0;
367 s->lenhi = s->lenlo = 0;
368 }
369
CRYPT_SHA1Update(CRYPT_sha1_context * s,const uint8_t * data,uint32_t size)370 void CRYPT_SHA1Update(CRYPT_sha1_context* s,
371 const uint8_t* data,
372 uint32_t size) {
373 unsigned char* q = (unsigned char*)data;
374 unsigned int wordblock[16];
375 int len = size;
376 unsigned int lenw = len;
377 int i;
378 s->lenlo += lenw;
379 s->lenhi += (s->lenlo < lenw);
380 if (s->blkused && s->blkused + len < 64) {
381 memcpy(s->block + s->blkused, q, len);
382 s->blkused += len;
383 } else {
384 while (s->blkused + len >= 64) {
385 memcpy(s->block + s->blkused, q, 64 - s->blkused);
386 q += 64 - s->blkused;
387 len -= 64 - s->blkused;
388 for (i = 0; i < 16; i++) {
389 wordblock[i] = (((unsigned int)s->block[i * 4 + 0]) << 24) |
390 (((unsigned int)s->block[i * 4 + 1]) << 16) |
391 (((unsigned int)s->block[i * 4 + 2]) << 8) |
392 (((unsigned int)s->block[i * 4 + 3]) << 0);
393 }
394 SHATransform(s->h, wordblock);
395 s->blkused = 0;
396 }
397 memcpy(s->block, q, len);
398 s->blkused = len;
399 }
400 }
401
CRYPT_SHA1Finish(CRYPT_sha1_context * s,uint8_t digest[20])402 void CRYPT_SHA1Finish(CRYPT_sha1_context* s, uint8_t digest[20]) {
403 int i;
404 int pad;
405 unsigned char c[64];
406 unsigned int lenhi, lenlo;
407 if (s->blkused >= 56) {
408 pad = 56 + 64 - s->blkused;
409 } else {
410 pad = 56 - s->blkused;
411 }
412 lenhi = (s->lenhi << 3) | (s->lenlo >> (32 - 3));
413 lenlo = (s->lenlo << 3);
414 memset(c, 0, pad);
415 c[0] = 0x80;
416 CRYPT_SHA1Update(s, c, pad);
417 c[0] = (lenhi >> 24) & 0xFF;
418 c[1] = (lenhi >> 16) & 0xFF;
419 c[2] = (lenhi >> 8) & 0xFF;
420 c[3] = (lenhi >> 0) & 0xFF;
421 c[4] = (lenlo >> 24) & 0xFF;
422 c[5] = (lenlo >> 16) & 0xFF;
423 c[6] = (lenlo >> 8) & 0xFF;
424 c[7] = (lenlo >> 0) & 0xFF;
425 CRYPT_SHA1Update(s, c, 8);
426 for (i = 0; i < 5; i++) {
427 digest[i * 4] = (s->h[i] >> 24) & 0xFF;
428 digest[i * 4 + 1] = (s->h[i] >> 16) & 0xFF;
429 digest[i * 4 + 2] = (s->h[i] >> 8) & 0xFF;
430 digest[i * 4 + 3] = (s->h[i]) & 0xFF;
431 }
432 }
CRYPT_SHA1Generate(const uint8_t * data,uint32_t size,uint8_t digest[20])433 void CRYPT_SHA1Generate(const uint8_t* data,
434 uint32_t size,
435 uint8_t digest[20]) {
436 CRYPT_sha1_context s;
437 CRYPT_SHA1Start(&s);
438 CRYPT_SHA1Update(&s, data, size);
439 CRYPT_SHA1Finish(&s, digest);
440 }
CRYPT_SHA256Start(CRYPT_sha2_context * ctx)441 void CRYPT_SHA256Start(CRYPT_sha2_context* ctx) {
442 ctx->total[0] = 0;
443 ctx->total[1] = 0;
444 ctx->state[0] = 0x6A09E667;
445 ctx->state[1] = 0xBB67AE85;
446 ctx->state[2] = 0x3C6EF372;
447 ctx->state[3] = 0xA54FF53A;
448 ctx->state[4] = 0x510E527F;
449 ctx->state[5] = 0x9B05688C;
450 ctx->state[6] = 0x1F83D9AB;
451 ctx->state[7] = 0x5BE0CD19;
452 }
453
CRYPT_SHA256Update(CRYPT_sha2_context * ctx,const uint8_t * input,uint32_t length)454 void CRYPT_SHA256Update(CRYPT_sha2_context* ctx,
455 const uint8_t* input,
456 uint32_t length) {
457 if (!length)
458 return;
459
460 uint32_t left = ctx->total[0] & 0x3F;
461 uint32_t fill = 64 - left;
462 ctx->total[0] += length;
463 ctx->total[0] &= 0xFFFFFFFF;
464 if (ctx->total[0] < length)
465 ctx->total[1]++;
466
467 if (left && length >= fill) {
468 memcpy(ctx->buffer + left, input, fill);
469 sha256_process(ctx, ctx->buffer);
470 length -= fill;
471 input += fill;
472 left = 0;
473 }
474 while (length >= 64) {
475 sha256_process(ctx, input);
476 length -= 64;
477 input += 64;
478 }
479 if (length)
480 memcpy(ctx->buffer + left, input, length);
481 }
482
CRYPT_SHA256Finish(CRYPT_sha2_context * ctx,uint8_t digest[32])483 void CRYPT_SHA256Finish(CRYPT_sha2_context* ctx, uint8_t digest[32]) {
484 uint8_t msglen[8];
485 uint32_t high = (ctx->total[0] >> 29) | (ctx->total[1] << 3);
486 uint32_t low = (ctx->total[0] << 3);
487 SHA_PUT_UINT32(high, msglen, 0);
488 SHA_PUT_UINT32(low, msglen, 4);
489 uint32_t last = ctx->total[0] & 0x3F;
490 uint32_t padn = (last < 56) ? (56 - last) : (120 - last);
491 CRYPT_SHA256Update(ctx, sha256_padding, padn);
492 CRYPT_SHA256Update(ctx, msglen, 8);
493 SHA_PUT_UINT32(ctx->state[0], digest, 0);
494 SHA_PUT_UINT32(ctx->state[1], digest, 4);
495 SHA_PUT_UINT32(ctx->state[2], digest, 8);
496 SHA_PUT_UINT32(ctx->state[3], digest, 12);
497 SHA_PUT_UINT32(ctx->state[4], digest, 16);
498 SHA_PUT_UINT32(ctx->state[5], digest, 20);
499 SHA_PUT_UINT32(ctx->state[6], digest, 24);
500 SHA_PUT_UINT32(ctx->state[7], digest, 28);
501 }
502
CRYPT_SHA256Generate(const uint8_t * data,uint32_t size,uint8_t digest[32])503 void CRYPT_SHA256Generate(const uint8_t* data,
504 uint32_t size,
505 uint8_t digest[32]) {
506 CRYPT_sha2_context ctx;
507 CRYPT_SHA256Start(&ctx);
508 CRYPT_SHA256Update(&ctx, data, size);
509 CRYPT_SHA256Finish(&ctx, digest);
510 }
511
CRYPT_SHA384Start(CRYPT_sha2_context * ctx)512 void CRYPT_SHA384Start(CRYPT_sha2_context* ctx) {
513 if (!ctx)
514 return;
515
516 memset(ctx, 0, sizeof(CRYPT_sha2_context));
517 ctx->state[0] = 0xcbbb9d5dc1059ed8ULL;
518 ctx->state[1] = 0x629a292a367cd507ULL;
519 ctx->state[2] = 0x9159015a3070dd17ULL;
520 ctx->state[3] = 0x152fecd8f70e5939ULL;
521 ctx->state[4] = 0x67332667ffc00b31ULL;
522 ctx->state[5] = 0x8eb44a8768581511ULL;
523 ctx->state[6] = 0xdb0c2e0d64f98fa7ULL;
524 ctx->state[7] = 0x47b5481dbefa4fa4ULL;
525 }
526
CRYPT_SHA384Update(CRYPT_sha2_context * ctx,const uint8_t * input,uint32_t length)527 void CRYPT_SHA384Update(CRYPT_sha2_context* ctx,
528 const uint8_t* input,
529 uint32_t length) {
530 if (!length)
531 return;
532
533 uint32_t left = static_cast<uint32_t>(ctx->total[0]) & 0x7F;
534 uint32_t fill = 128 - left;
535 ctx->total[0] += length;
536 if (ctx->total[0] < length)
537 ctx->total[1]++;
538
539 if (left && length >= fill) {
540 memcpy(ctx->buffer + left, input, fill);
541 sha384_process(ctx, ctx->buffer);
542 length -= fill;
543 input += fill;
544 left = 0;
545 }
546 while (length >= 128) {
547 sha384_process(ctx, input);
548 length -= 128;
549 input += 128;
550 }
551 if (length)
552 memcpy(ctx->buffer + left, input, length);
553 }
554
CRYPT_SHA384Finish(CRYPT_sha2_context * ctx,uint8_t digest[48])555 void CRYPT_SHA384Finish(CRYPT_sha2_context* ctx, uint8_t digest[48]) {
556 uint32_t last, padn;
557 uint8_t msglen[16];
558 memset(msglen, 0, 16);
559 uint64_t high, low;
560 high = (ctx->total[0] >> 29) | (ctx->total[1] << 3);
561 low = (ctx->total[0] << 3);
562 PUT_UINT64(high, msglen, 0);
563 PUT_UINT64(low, msglen, 8);
564 last = (uint32_t)ctx->total[0] & 0x7F;
565 padn = (last < 112) ? (112 - last) : (240 - last);
566 CRYPT_SHA384Update(ctx, sha384_padding, padn);
567 CRYPT_SHA384Update(ctx, msglen, 16);
568 PUT_UINT64(ctx->state[0], digest, 0);
569 PUT_UINT64(ctx->state[1], digest, 8);
570 PUT_UINT64(ctx->state[2], digest, 16);
571 PUT_UINT64(ctx->state[3], digest, 24);
572 PUT_UINT64(ctx->state[4], digest, 32);
573 PUT_UINT64(ctx->state[5], digest, 40);
574 }
575
CRYPT_SHA384Generate(const uint8_t * data,uint32_t size,uint8_t digest[64])576 void CRYPT_SHA384Generate(const uint8_t* data,
577 uint32_t size,
578 uint8_t digest[64]) {
579 CRYPT_sha2_context context;
580 CRYPT_SHA384Start(&context);
581 CRYPT_SHA384Update(&context, data, size);
582 CRYPT_SHA384Finish(&context, digest);
583 }
584
CRYPT_SHA512Start(CRYPT_sha2_context * ctx)585 void CRYPT_SHA512Start(CRYPT_sha2_context* ctx) {
586 if (!ctx)
587 return;
588
589 memset(ctx, 0, sizeof(CRYPT_sha2_context));
590 ctx->state[0] = 0x6a09e667f3bcc908ULL;
591 ctx->state[1] = 0xbb67ae8584caa73bULL;
592 ctx->state[2] = 0x3c6ef372fe94f82bULL;
593 ctx->state[3] = 0xa54ff53a5f1d36f1ULL;
594 ctx->state[4] = 0x510e527fade682d1ULL;
595 ctx->state[5] = 0x9b05688c2b3e6c1fULL;
596 ctx->state[6] = 0x1f83d9abfb41bd6bULL;
597 ctx->state[7] = 0x5be0cd19137e2179ULL;
598 }
599
CRYPT_SHA512Update(CRYPT_sha2_context * ctx,const uint8_t * data,uint32_t size)600 void CRYPT_SHA512Update(CRYPT_sha2_context* ctx,
601 const uint8_t* data,
602 uint32_t size) {
603 CRYPT_SHA384Update(ctx, data, size);
604 }
605
CRYPT_SHA512Finish(CRYPT_sha2_context * ctx,uint8_t digest[64])606 void CRYPT_SHA512Finish(CRYPT_sha2_context* ctx, uint8_t digest[64]) {
607 uint32_t last, padn;
608 uint8_t msglen[16];
609 memset(msglen, 0, 16);
610 uint64_t high, low;
611 high = (ctx->total[0] >> 29) | (ctx->total[1] << 3);
612 low = (ctx->total[0] << 3);
613 PUT_UINT64(high, msglen, 0);
614 PUT_UINT64(low, msglen, 8);
615 last = (uint32_t)ctx->total[0] & 0x7F;
616 padn = (last < 112) ? (112 - last) : (240 - last);
617 CRYPT_SHA512Update(ctx, sha384_padding, padn);
618 CRYPT_SHA512Update(ctx, msglen, 16);
619 PUT_UINT64(ctx->state[0], digest, 0);
620 PUT_UINT64(ctx->state[1], digest, 8);
621 PUT_UINT64(ctx->state[2], digest, 16);
622 PUT_UINT64(ctx->state[3], digest, 24);
623 PUT_UINT64(ctx->state[4], digest, 32);
624 PUT_UINT64(ctx->state[5], digest, 40);
625 PUT_UINT64(ctx->state[6], digest, 48);
626 PUT_UINT64(ctx->state[7], digest, 56);
627 }
628
CRYPT_SHA512Generate(const uint8_t * data,uint32_t size,uint8_t digest[64])629 void CRYPT_SHA512Generate(const uint8_t* data,
630 uint32_t size,
631 uint8_t digest[64]) {
632 CRYPT_sha2_context context;
633 CRYPT_SHA512Start(&context);
634 CRYPT_SHA512Update(&context, data, size);
635 CRYPT_SHA512Finish(&context, digest);
636 }
637