1 // Copyright 2014 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6
7 #include "core/fdrm/crypto/fx_crypt.h"
8
9 #ifdef __cplusplus
10 extern "C" {
11 #endif
12 #define rol(x, y) (((x) << (y)) | (((unsigned int)x) >> (32 - y)))
SHA_Core_Init(unsigned int h[5])13 static void SHA_Core_Init(unsigned int h[5]) {
14 h[0] = 0x67452301;
15 h[1] = 0xefcdab89;
16 h[2] = 0x98badcfe;
17 h[3] = 0x10325476;
18 h[4] = 0xc3d2e1f0;
19 }
SHATransform(unsigned int * digest,unsigned int * block)20 static void SHATransform(unsigned int* digest, unsigned int* block) {
21 unsigned int w[80];
22 unsigned int a, b, c, d, e;
23 int t;
24 for (t = 0; t < 16; t++) {
25 w[t] = block[t];
26 }
27 for (t = 16; t < 80; t++) {
28 unsigned int tmp = w[t - 3] ^ w[t - 8] ^ w[t - 14] ^ w[t - 16];
29 w[t] = rol(tmp, 1);
30 }
31 a = digest[0];
32 b = digest[1];
33 c = digest[2];
34 d = digest[3];
35 e = digest[4];
36 for (t = 0; t < 20; t++) {
37 unsigned int tmp = rol(a, 5) + ((b & c) | (d & ~b)) + e + w[t] + 0x5a827999;
38 e = d;
39 d = c;
40 c = rol(b, 30);
41 b = a;
42 a = tmp;
43 }
44 for (t = 20; t < 40; t++) {
45 unsigned int tmp = rol(a, 5) + (b ^ c ^ d) + e + w[t] + 0x6ed9eba1;
46 e = d;
47 d = c;
48 c = rol(b, 30);
49 b = a;
50 a = tmp;
51 }
52 for (t = 40; t < 60; t++) {
53 unsigned int tmp =
54 rol(a, 5) + ((b & c) | (b & d) | (c & d)) + e + w[t] + 0x8f1bbcdc;
55 e = d;
56 d = c;
57 c = rol(b, 30);
58 b = a;
59 a = tmp;
60 }
61 for (t = 60; t < 80; t++) {
62 unsigned int tmp = rol(a, 5) + (b ^ c ^ d) + e + w[t] + 0xca62c1d6;
63 e = d;
64 d = c;
65 c = rol(b, 30);
66 b = a;
67 a = tmp;
68 }
69 digest[0] += a;
70 digest[1] += b;
71 digest[2] += c;
72 digest[3] += d;
73 digest[4] += e;
74 }
75
CRYPT_SHA1Start(CRYPT_sha1_context * s)76 void CRYPT_SHA1Start(CRYPT_sha1_context* s) {
77 SHA_Core_Init(s->h);
78 s->blkused = 0;
79 s->lenhi = s->lenlo = 0;
80 }
81
CRYPT_SHA1Update(CRYPT_sha1_context * s,const uint8_t * data,uint32_t size)82 void CRYPT_SHA1Update(CRYPT_sha1_context* s,
83 const uint8_t* data,
84 uint32_t size) {
85 unsigned char* q = (unsigned char*)data;
86 unsigned int wordblock[16];
87 int len = size;
88 unsigned int lenw = len;
89 int i;
90 s->lenlo += lenw;
91 s->lenhi += (s->lenlo < lenw);
92 if (s->blkused && s->blkused + len < 64) {
93 FXSYS_memcpy(s->block + s->blkused, q, len);
94 s->blkused += len;
95 } else {
96 while (s->blkused + len >= 64) {
97 FXSYS_memcpy(s->block + s->blkused, q, 64 - s->blkused);
98 q += 64 - s->blkused;
99 len -= 64 - s->blkused;
100 for (i = 0; i < 16; i++) {
101 wordblock[i] = (((unsigned int)s->block[i * 4 + 0]) << 24) |
102 (((unsigned int)s->block[i * 4 + 1]) << 16) |
103 (((unsigned int)s->block[i * 4 + 2]) << 8) |
104 (((unsigned int)s->block[i * 4 + 3]) << 0);
105 }
106 SHATransform(s->h, wordblock);
107 s->blkused = 0;
108 }
109 FXSYS_memcpy(s->block, q, len);
110 s->blkused = len;
111 }
112 }
113
CRYPT_SHA1Finish(CRYPT_sha1_context * s,uint8_t digest[20])114 void CRYPT_SHA1Finish(CRYPT_sha1_context* s, uint8_t digest[20]) {
115 int i;
116 int pad;
117 unsigned char c[64];
118 unsigned int lenhi, lenlo;
119 if (s->blkused >= 56) {
120 pad = 56 + 64 - s->blkused;
121 } else {
122 pad = 56 - s->blkused;
123 }
124 lenhi = (s->lenhi << 3) | (s->lenlo >> (32 - 3));
125 lenlo = (s->lenlo << 3);
126 FXSYS_memset(c, 0, pad);
127 c[0] = 0x80;
128 CRYPT_SHA1Update(s, c, pad);
129 c[0] = (lenhi >> 24) & 0xFF;
130 c[1] = (lenhi >> 16) & 0xFF;
131 c[2] = (lenhi >> 8) & 0xFF;
132 c[3] = (lenhi >> 0) & 0xFF;
133 c[4] = (lenlo >> 24) & 0xFF;
134 c[5] = (lenlo >> 16) & 0xFF;
135 c[6] = (lenlo >> 8) & 0xFF;
136 c[7] = (lenlo >> 0) & 0xFF;
137 CRYPT_SHA1Update(s, c, 8);
138 for (i = 0; i < 5; i++) {
139 digest[i * 4] = (s->h[i] >> 24) & 0xFF;
140 digest[i * 4 + 1] = (s->h[i] >> 16) & 0xFF;
141 digest[i * 4 + 2] = (s->h[i] >> 8) & 0xFF;
142 digest[i * 4 + 3] = (s->h[i]) & 0xFF;
143 }
144 }
CRYPT_SHA1Generate(const uint8_t * data,uint32_t size,uint8_t digest[20])145 void CRYPT_SHA1Generate(const uint8_t* data,
146 uint32_t size,
147 uint8_t digest[20]) {
148 CRYPT_sha1_context s;
149 CRYPT_SHA1Start(&s);
150 CRYPT_SHA1Update(&s, data, size);
151 CRYPT_SHA1Finish(&s, digest);
152 }
153 #define GET_UINT32(n, b, i) \
154 { \
155 (n) = ((uint32_t)(b)[(i)] << 24) | ((uint32_t)(b)[(i) + 1] << 16) | \
156 ((uint32_t)(b)[(i) + 2] << 8) | ((uint32_t)(b)[(i) + 3]); \
157 }
158 #define PUT_UINT32(n, b, i) \
159 { \
160 (b)[(i)] = (uint8_t)((n) >> 24); \
161 (b)[(i) + 1] = (uint8_t)((n) >> 16); \
162 (b)[(i) + 2] = (uint8_t)((n) >> 8); \
163 (b)[(i) + 3] = (uint8_t)((n)); \
164 }
165
CRYPT_SHA256Start(CRYPT_sha256_context * ctx)166 void CRYPT_SHA256Start(CRYPT_sha256_context* ctx) {
167 ctx->total[0] = 0;
168 ctx->total[1] = 0;
169 ctx->state[0] = 0x6A09E667;
170 ctx->state[1] = 0xBB67AE85;
171 ctx->state[2] = 0x3C6EF372;
172 ctx->state[3] = 0xA54FF53A;
173 ctx->state[4] = 0x510E527F;
174 ctx->state[5] = 0x9B05688C;
175 ctx->state[6] = 0x1F83D9AB;
176 ctx->state[7] = 0x5BE0CD19;
177 }
178
sha256_process(CRYPT_sha256_context * ctx,const uint8_t data[64])179 static void sha256_process(CRYPT_sha256_context* ctx, const uint8_t data[64]) {
180 uint32_t temp1, temp2, W[64];
181 uint32_t A, B, C, D, E, F, G, H;
182 GET_UINT32(W[0], data, 0);
183 GET_UINT32(W[1], data, 4);
184 GET_UINT32(W[2], data, 8);
185 GET_UINT32(W[3], data, 12);
186 GET_UINT32(W[4], data, 16);
187 GET_UINT32(W[5], data, 20);
188 GET_UINT32(W[6], data, 24);
189 GET_UINT32(W[7], data, 28);
190 GET_UINT32(W[8], data, 32);
191 GET_UINT32(W[9], data, 36);
192 GET_UINT32(W[10], data, 40);
193 GET_UINT32(W[11], data, 44);
194 GET_UINT32(W[12], data, 48);
195 GET_UINT32(W[13], data, 52);
196 GET_UINT32(W[14], data, 56);
197 GET_UINT32(W[15], data, 60);
198 #define SHR(x, n) ((x & 0xFFFFFFFF) >> n)
199 #define ROTR(x, n) (SHR(x, n) | (x << (32 - n)))
200 #define S0(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ SHR(x, 3))
201 #define S1(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ SHR(x, 10))
202 #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22))
203 #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25))
204 #define F0(x, y, z) ((x & y) | (z & (x | y)))
205 #define F1(x, y, z) (z ^ (x & (y ^ z)))
206 #define R(t) (W[t] = S1(W[t - 2]) + W[t - 7] + S0(W[t - 15]) + W[t - 16])
207 #define P(a, b, c, d, e, f, g, h, x, K) \
208 { \
209 temp1 = h + S3(e) + F1(e, f, g) + K + x; \
210 temp2 = S2(a) + F0(a, b, c); \
211 d += temp1; \
212 h = temp1 + temp2; \
213 }
214 A = ctx->state[0];
215 B = ctx->state[1];
216 C = ctx->state[2];
217 D = ctx->state[3];
218 E = ctx->state[4];
219 F = ctx->state[5];
220 G = ctx->state[6];
221 H = ctx->state[7];
222 P(A, B, C, D, E, F, G, H, W[0], 0x428A2F98);
223 P(H, A, B, C, D, E, F, G, W[1], 0x71374491);
224 P(G, H, A, B, C, D, E, F, W[2], 0xB5C0FBCF);
225 P(F, G, H, A, B, C, D, E, W[3], 0xE9B5DBA5);
226 P(E, F, G, H, A, B, C, D, W[4], 0x3956C25B);
227 P(D, E, F, G, H, A, B, C, W[5], 0x59F111F1);
228 P(C, D, E, F, G, H, A, B, W[6], 0x923F82A4);
229 P(B, C, D, E, F, G, H, A, W[7], 0xAB1C5ED5);
230 P(A, B, C, D, E, F, G, H, W[8], 0xD807AA98);
231 P(H, A, B, C, D, E, F, G, W[9], 0x12835B01);
232 P(G, H, A, B, C, D, E, F, W[10], 0x243185BE);
233 P(F, G, H, A, B, C, D, E, W[11], 0x550C7DC3);
234 P(E, F, G, H, A, B, C, D, W[12], 0x72BE5D74);
235 P(D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE);
236 P(C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7);
237 P(B, C, D, E, F, G, H, A, W[15], 0xC19BF174);
238 P(A, B, C, D, E, F, G, H, R(16), 0xE49B69C1);
239 P(H, A, B, C, D, E, F, G, R(17), 0xEFBE4786);
240 P(G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6);
241 P(F, G, H, A, B, C, D, E, R(19), 0x240CA1CC);
242 P(E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F);
243 P(D, E, F, G, H, A, B, C, R(21), 0x4A7484AA);
244 P(C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC);
245 P(B, C, D, E, F, G, H, A, R(23), 0x76F988DA);
246 P(A, B, C, D, E, F, G, H, R(24), 0x983E5152);
247 P(H, A, B, C, D, E, F, G, R(25), 0xA831C66D);
248 P(G, H, A, B, C, D, E, F, R(26), 0xB00327C8);
249 P(F, G, H, A, B, C, D, E, R(27), 0xBF597FC7);
250 P(E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3);
251 P(D, E, F, G, H, A, B, C, R(29), 0xD5A79147);
252 P(C, D, E, F, G, H, A, B, R(30), 0x06CA6351);
253 P(B, C, D, E, F, G, H, A, R(31), 0x14292967);
254 P(A, B, C, D, E, F, G, H, R(32), 0x27B70A85);
255 P(H, A, B, C, D, E, F, G, R(33), 0x2E1B2138);
256 P(G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC);
257 P(F, G, H, A, B, C, D, E, R(35), 0x53380D13);
258 P(E, F, G, H, A, B, C, D, R(36), 0x650A7354);
259 P(D, E, F, G, H, A, B, C, R(37), 0x766A0ABB);
260 P(C, D, E, F, G, H, A, B, R(38), 0x81C2C92E);
261 P(B, C, D, E, F, G, H, A, R(39), 0x92722C85);
262 P(A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1);
263 P(H, A, B, C, D, E, F, G, R(41), 0xA81A664B);
264 P(G, H, A, B, C, D, E, F, R(42), 0xC24B8B70);
265 P(F, G, H, A, B, C, D, E, R(43), 0xC76C51A3);
266 P(E, F, G, H, A, B, C, D, R(44), 0xD192E819);
267 P(D, E, F, G, H, A, B, C, R(45), 0xD6990624);
268 P(C, D, E, F, G, H, A, B, R(46), 0xF40E3585);
269 P(B, C, D, E, F, G, H, A, R(47), 0x106AA070);
270 P(A, B, C, D, E, F, G, H, R(48), 0x19A4C116);
271 P(H, A, B, C, D, E, F, G, R(49), 0x1E376C08);
272 P(G, H, A, B, C, D, E, F, R(50), 0x2748774C);
273 P(F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5);
274 P(E, F, G, H, A, B, C, D, R(52), 0x391C0CB3);
275 P(D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A);
276 P(C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F);
277 P(B, C, D, E, F, G, H, A, R(55), 0x682E6FF3);
278 P(A, B, C, D, E, F, G, H, R(56), 0x748F82EE);
279 P(H, A, B, C, D, E, F, G, R(57), 0x78A5636F);
280 P(G, H, A, B, C, D, E, F, R(58), 0x84C87814);
281 P(F, G, H, A, B, C, D, E, R(59), 0x8CC70208);
282 P(E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA);
283 P(D, E, F, G, H, A, B, C, R(61), 0xA4506CEB);
284 P(C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7);
285 P(B, C, D, E, F, G, H, A, R(63), 0xC67178F2);
286 ctx->state[0] += A;
287 ctx->state[1] += B;
288 ctx->state[2] += C;
289 ctx->state[3] += D;
290 ctx->state[4] += E;
291 ctx->state[5] += F;
292 ctx->state[6] += G;
293 ctx->state[7] += H;
294 }
295
CRYPT_SHA256Update(CRYPT_sha256_context * ctx,const uint8_t * input,uint32_t length)296 void CRYPT_SHA256Update(CRYPT_sha256_context* ctx,
297 const uint8_t* input,
298 uint32_t length) {
299 if (!length)
300 return;
301
302 uint32_t left = ctx->total[0] & 0x3F;
303 uint32_t fill = 64 - left;
304 ctx->total[0] += length;
305 ctx->total[0] &= 0xFFFFFFFF;
306 if (ctx->total[0] < length) {
307 ctx->total[1]++;
308 }
309 if (left && length >= fill) {
310 FXSYS_memcpy((void*)(ctx->buffer + left), (void*)input, fill);
311 sha256_process(ctx, ctx->buffer);
312 length -= fill;
313 input += fill;
314 left = 0;
315 }
316 while (length >= 64) {
317 sha256_process(ctx, input);
318 length -= 64;
319 input += 64;
320 }
321 if (length) {
322 FXSYS_memcpy((void*)(ctx->buffer + left), (void*)input, length);
323 }
324 }
325
326 static const uint8_t sha256_padding[64] = {
327 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
328 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
329 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
330
CRYPT_SHA256Finish(CRYPT_sha256_context * ctx,uint8_t digest[32])331 void CRYPT_SHA256Finish(CRYPT_sha256_context* ctx, uint8_t digest[32]) {
332 uint32_t last, padn;
333 uint32_t high, low;
334 uint8_t msglen[8];
335 high = (ctx->total[0] >> 29) | (ctx->total[1] << 3);
336 low = (ctx->total[0] << 3);
337 PUT_UINT32(high, msglen, 0);
338 PUT_UINT32(low, msglen, 4);
339 last = ctx->total[0] & 0x3F;
340 padn = (last < 56) ? (56 - last) : (120 - last);
341 CRYPT_SHA256Update(ctx, sha256_padding, padn);
342 CRYPT_SHA256Update(ctx, msglen, 8);
343 PUT_UINT32(ctx->state[0], digest, 0);
344 PUT_UINT32(ctx->state[1], digest, 4);
345 PUT_UINT32(ctx->state[2], digest, 8);
346 PUT_UINT32(ctx->state[3], digest, 12);
347 PUT_UINT32(ctx->state[4], digest, 16);
348 PUT_UINT32(ctx->state[5], digest, 20);
349 PUT_UINT32(ctx->state[6], digest, 24);
350 PUT_UINT32(ctx->state[7], digest, 28);
351 }
352
CRYPT_SHA256Generate(const uint8_t * data,uint32_t size,uint8_t digest[32])353 void CRYPT_SHA256Generate(const uint8_t* data,
354 uint32_t size,
355 uint8_t digest[32]) {
356 CRYPT_sha256_context ctx;
357 CRYPT_SHA256Start(&ctx);
358 CRYPT_SHA256Update(&ctx, data, size);
359 CRYPT_SHA256Finish(&ctx, digest);
360 }
361
FX_ato64i(const FX_CHAR * str)362 uint64_t FX_ato64i(const FX_CHAR* str) {
363 ASSERT(str);
364 uint64_t ret = 0;
365 int len = (int)FXSYS_strlen(str);
366 len = len > 16 ? 16 : len;
367 for (int i = 0; i < len; ++i) {
368 if (i) {
369 ret <<= 4;
370 }
371 if (str[i] >= '0' && str[i] <= '9') {
372 ret |= (str[i] - '0') & 0xFF;
373 } else if (str[i] >= 'a' && str[i] <= 'f') {
374 ret |= (str[i] - 'a' + 10) & 0xFF;
375 } else if (str[i] >= 'A' && str[i] <= 'F') {
376 ret |= (str[i] - 'A' + 10) & 0xFF;
377 } else {
378 ASSERT(false);
379 }
380 }
381 return ret;
382 }
383
CRYPT_SHA384Start(CRYPT_sha384_context * ctx)384 void CRYPT_SHA384Start(CRYPT_sha384_context* ctx) {
385 if (!ctx)
386 return;
387
388 FXSYS_memset(ctx, 0, sizeof(CRYPT_sha384_context));
389 ctx->state[0] = FX_ato64i("cbbb9d5dc1059ed8");
390 ctx->state[1] = FX_ato64i("629a292a367cd507");
391 ctx->state[2] = FX_ato64i("9159015a3070dd17");
392 ctx->state[3] = FX_ato64i("152fecd8f70e5939");
393 ctx->state[4] = FX_ato64i("67332667ffc00b31");
394 ctx->state[5] = FX_ato64i("8eb44a8768581511");
395 ctx->state[6] = FX_ato64i("db0c2e0d64f98fa7");
396 ctx->state[7] = FX_ato64i("47b5481dbefa4fa4");
397 }
398
399 #define SHA384_F0(x, y, z) ((x & y) | (z & (x | y)))
400 #define SHA384_F1(x, y, z) (z ^ (x & (y ^ z)))
401 #define SHA384_SHR(x, n) (x >> n)
402 #define SHA384_ROTR(x, n) (SHA384_SHR(x, n) | x << (64 - n))
403 #define SHA384_S0(x) (SHA384_ROTR(x, 1) ^ SHA384_ROTR(x, 8) ^ SHA384_SHR(x, 7))
404 #define SHA384_S1(x) \
405 (SHA384_ROTR(x, 19) ^ SHA384_ROTR(x, 61) ^ SHA384_SHR(x, 6))
406 #define SHA384_S2(x) \
407 (SHA384_ROTR(x, 28) ^ SHA384_ROTR(x, 34) ^ SHA384_ROTR(x, 39))
408 #define SHA384_S3(x) \
409 (SHA384_ROTR(x, 14) ^ SHA384_ROTR(x, 18) ^ SHA384_ROTR(x, 41))
410 #define SHA384_P(a, b, c, d, e, f, g, h, x, K) \
411 { \
412 temp1 = h + SHA384_S3(e) + SHA384_F1(e, f, g) + K + x; \
413 temp2 = SHA384_S2(a) + SHA384_F0(a, b, c); \
414 d += temp1; \
415 h = temp1 + temp2; \
416 }
417 #define SHA384_R(t) \
418 (W[t] = SHA384_S1(W[t - 2]) + W[t - 7] + SHA384_S0(W[t - 15]) + W[t - 16])
419
420 static const uint8_t sha384_padding[128] = {
421 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
422 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
423 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
424 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
425 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
426 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
427 };
428
429 static const FX_CHAR* constants[] = {
430 "428a2f98d728ae22", "7137449123ef65cd", "b5c0fbcfec4d3b2f",
431 "e9b5dba58189dbbc", "3956c25bf348b538", "59f111f1b605d019",
432 "923f82a4af194f9b", "ab1c5ed5da6d8118", "d807aa98a3030242",
433 "12835b0145706fbe", "243185be4ee4b28c", "550c7dc3d5ffb4e2",
434 "72be5d74f27b896f", "80deb1fe3b1696b1", "9bdc06a725c71235",
435 "c19bf174cf692694", "e49b69c19ef14ad2", "efbe4786384f25e3",
436 "0fc19dc68b8cd5b5", "240ca1cc77ac9c65", "2de92c6f592b0275",
437 "4a7484aa6ea6e483", "5cb0a9dcbd41fbd4", "76f988da831153b5",
438 "983e5152ee66dfab", "a831c66d2db43210", "b00327c898fb213f",
439 "bf597fc7beef0ee4", "c6e00bf33da88fc2", "d5a79147930aa725",
440 "06ca6351e003826f", "142929670a0e6e70", "27b70a8546d22ffc",
441 "2e1b21385c26c926", "4d2c6dfc5ac42aed", "53380d139d95b3df",
442 "650a73548baf63de", "766a0abb3c77b2a8", "81c2c92e47edaee6",
443 "92722c851482353b", "a2bfe8a14cf10364", "a81a664bbc423001",
444 "c24b8b70d0f89791", "c76c51a30654be30", "d192e819d6ef5218",
445 "d69906245565a910", "f40e35855771202a", "106aa07032bbd1b8",
446 "19a4c116b8d2d0c8", "1e376c085141ab53", "2748774cdf8eeb99",
447 "34b0bcb5e19b48a8", "391c0cb3c5c95a63", "4ed8aa4ae3418acb",
448 "5b9cca4f7763e373", "682e6ff3d6b2b8a3", "748f82ee5defb2fc",
449 "78a5636f43172f60", "84c87814a1f0ab72", "8cc702081a6439ec",
450 "90befffa23631e28", "a4506cebde82bde9", "bef9a3f7b2c67915",
451 "c67178f2e372532b", "ca273eceea26619c", "d186b8c721c0c207",
452 "eada7dd6cde0eb1e", "f57d4f7fee6ed178", "06f067aa72176fba",
453 "0a637dc5a2c898a6", "113f9804bef90dae", "1b710b35131c471b",
454 "28db77f523047d84", "32caab7b40c72493", "3c9ebe0a15c9bebc",
455 "431d67c49c100d4c", "4cc5d4becb3e42b6", "597f299cfc657e2a",
456 "5fcb6fab3ad6faec", "6c44198c4a475817",
457 };
458 #define GET_FX_64WORD(n, b, i) \
459 { \
460 (n) = ((uint64_t)(b)[(i)] << 56) | ((uint64_t)(b)[(i) + 1] << 48) | \
461 ((uint64_t)(b)[(i) + 2] << 40) | ((uint64_t)(b)[(i) + 3] << 32) | \
462 ((uint64_t)(b)[(i) + 4] << 24) | ((uint64_t)(b)[(i) + 5] << 16) | \
463 ((uint64_t)(b)[(i) + 6] << 8) | ((uint64_t)(b)[(i) + 7]); \
464 }
465 #define PUT_UINT64(n, b, i) \
466 { \
467 (b)[(i)] = (uint8_t)((n) >> 56); \
468 (b)[(i) + 1] = (uint8_t)((n) >> 48); \
469 (b)[(i) + 2] = (uint8_t)((n) >> 40); \
470 (b)[(i) + 3] = (uint8_t)((n) >> 32); \
471 (b)[(i) + 4] = (uint8_t)((n) >> 24); \
472 (b)[(i) + 5] = (uint8_t)((n) >> 16); \
473 (b)[(i) + 6] = (uint8_t)((n) >> 8); \
474 (b)[(i) + 7] = (uint8_t)((n)); \
475 }
476
sha384_process(CRYPT_sha384_context * ctx,const uint8_t data[128])477 static void sha384_process(CRYPT_sha384_context* ctx, const uint8_t data[128]) {
478 uint64_t temp1, temp2;
479 uint64_t A, B, C, D, E, F, G, H;
480 uint64_t W[80];
481 GET_FX_64WORD(W[0], data, 0);
482 GET_FX_64WORD(W[1], data, 8);
483 GET_FX_64WORD(W[2], data, 16);
484 GET_FX_64WORD(W[3], data, 24);
485 GET_FX_64WORD(W[4], data, 32);
486 GET_FX_64WORD(W[5], data, 40);
487 GET_FX_64WORD(W[6], data, 48);
488 GET_FX_64WORD(W[7], data, 56);
489 GET_FX_64WORD(W[8], data, 64);
490 GET_FX_64WORD(W[9], data, 72);
491 GET_FX_64WORD(W[10], data, 80);
492 GET_FX_64WORD(W[11], data, 88);
493 GET_FX_64WORD(W[12], data, 96);
494 GET_FX_64WORD(W[13], data, 104);
495 GET_FX_64WORD(W[14], data, 112);
496 GET_FX_64WORD(W[15], data, 120);
497 A = ctx->state[0];
498 B = ctx->state[1];
499 C = ctx->state[2];
500 D = ctx->state[3];
501 E = ctx->state[4];
502 F = ctx->state[5];
503 G = ctx->state[6];
504 H = ctx->state[7];
505 for (int i = 0; i < 10; ++i) {
506 uint64_t temp[8];
507 if (i < 2) {
508 temp[0] = W[i * 8];
509 temp[1] = W[i * 8 + 1];
510 temp[2] = W[i * 8 + 2];
511 temp[3] = W[i * 8 + 3];
512 temp[4] = W[i * 8 + 4];
513 temp[5] = W[i * 8 + 5];
514 temp[6] = W[i * 8 + 6];
515 temp[7] = W[i * 8 + 7];
516 } else {
517 temp[0] = SHA384_R(i * 8);
518 temp[1] = SHA384_R(i * 8 + 1);
519 temp[2] = SHA384_R(i * 8 + 2);
520 temp[3] = SHA384_R(i * 8 + 3);
521 temp[4] = SHA384_R(i * 8 + 4);
522 temp[5] = SHA384_R(i * 8 + 5);
523 temp[6] = SHA384_R(i * 8 + 6);
524 temp[7] = SHA384_R(i * 8 + 7);
525 }
526 SHA384_P(A, B, C, D, E, F, G, H, temp[0], FX_ato64i(constants[i * 8]));
527 SHA384_P(H, A, B, C, D, E, F, G, temp[1], FX_ato64i(constants[i * 8 + 1]));
528 SHA384_P(G, H, A, B, C, D, E, F, temp[2], FX_ato64i(constants[i * 8 + 2]));
529 SHA384_P(F, G, H, A, B, C, D, E, temp[3], FX_ato64i(constants[i * 8 + 3]));
530 SHA384_P(E, F, G, H, A, B, C, D, temp[4], FX_ato64i(constants[i * 8 + 4]));
531 SHA384_P(D, E, F, G, H, A, B, C, temp[5], FX_ato64i(constants[i * 8 + 5]));
532 SHA384_P(C, D, E, F, G, H, A, B, temp[6], FX_ato64i(constants[i * 8 + 6]));
533 SHA384_P(B, C, D, E, F, G, H, A, temp[7], FX_ato64i(constants[i * 8 + 7]));
534 }
535 ctx->state[0] += A;
536 ctx->state[1] += B;
537 ctx->state[2] += C;
538 ctx->state[3] += D;
539 ctx->state[4] += E;
540 ctx->state[5] += F;
541 ctx->state[6] += G;
542 ctx->state[7] += H;
543 }
544
CRYPT_SHA384Update(CRYPT_sha384_context * ctx,const uint8_t * input,uint32_t length)545 void CRYPT_SHA384Update(CRYPT_sha384_context* ctx,
546 const uint8_t* input,
547 uint32_t length) {
548 uint32_t left, fill;
549 if (!length) {
550 return;
551 }
552 left = (uint32_t)ctx->total[0] & 0x7F;
553 fill = 128 - left;
554 ctx->total[0] += length;
555 if (ctx->total[0] < length) {
556 ctx->total[1]++;
557 }
558 if (left && length >= fill) {
559 FXSYS_memcpy((void*)(ctx->buffer + left), (void*)input, fill);
560 sha384_process(ctx, ctx->buffer);
561 length -= fill;
562 input += fill;
563 left = 0;
564 }
565 while (length >= 128) {
566 sha384_process(ctx, input);
567 length -= 128;
568 input += 128;
569 }
570 if (length) {
571 FXSYS_memcpy((void*)(ctx->buffer + left), (void*)input, length);
572 }
573 }
574
CRYPT_SHA384Finish(CRYPT_sha384_context * ctx,uint8_t digest[48])575 void CRYPT_SHA384Finish(CRYPT_sha384_context* ctx, uint8_t digest[48]) {
576 uint32_t last, padn;
577 uint8_t msglen[16];
578 FXSYS_memset(msglen, 0, 16);
579 uint64_t high, low;
580 high = (ctx->total[0] >> 29) | (ctx->total[1] << 3);
581 low = (ctx->total[0] << 3);
582 PUT_UINT64(high, msglen, 0);
583 PUT_UINT64(low, msglen, 8);
584 last = (uint32_t)ctx->total[0] & 0x7F;
585 padn = (last < 112) ? (112 - last) : (240 - last);
586 CRYPT_SHA384Update(ctx, sha384_padding, padn);
587 CRYPT_SHA384Update(ctx, msglen, 16);
588 PUT_UINT64(ctx->state[0], digest, 0);
589 PUT_UINT64(ctx->state[1], digest, 8);
590 PUT_UINT64(ctx->state[2], digest, 16);
591 PUT_UINT64(ctx->state[3], digest, 24);
592 PUT_UINT64(ctx->state[4], digest, 32);
593 PUT_UINT64(ctx->state[5], digest, 40);
594 }
595
CRYPT_SHA384Generate(const uint8_t * data,uint32_t size,uint8_t digest[64])596 void CRYPT_SHA384Generate(const uint8_t* data,
597 uint32_t size,
598 uint8_t digest[64]) {
599 CRYPT_sha384_context context;
600 CRYPT_SHA384Start(&context);
601 CRYPT_SHA384Update(&context, data, size);
602 CRYPT_SHA384Finish(&context, digest);
603 }
604
CRYPT_SHA512Start(void * context)605 void CRYPT_SHA512Start(void* context) {
606 if (!context) {
607 return;
608 }
609 CRYPT_sha384_context* ctx = (CRYPT_sha384_context*)context;
610 FXSYS_memset(ctx, 0, sizeof(CRYPT_sha384_context));
611 ctx->state[0] = FX_ato64i("6a09e667f3bcc908");
612 ctx->state[1] = FX_ato64i("bb67ae8584caa73b");
613 ctx->state[2] = FX_ato64i("3c6ef372fe94f82b");
614 ctx->state[3] = FX_ato64i("a54ff53a5f1d36f1");
615 ctx->state[4] = FX_ato64i("510e527fade682d1");
616 ctx->state[5] = FX_ato64i("9b05688c2b3e6c1f");
617 ctx->state[6] = FX_ato64i("1f83d9abfb41bd6b");
618 ctx->state[7] = FX_ato64i("5be0cd19137e2179");
619 }
620
CRYPT_SHA512Update(void * context,const uint8_t * data,uint32_t size)621 void CRYPT_SHA512Update(void* context, const uint8_t* data, uint32_t size) {
622 CRYPT_sha384_context* ctx = (CRYPT_sha384_context*)context;
623 CRYPT_SHA384Update(ctx, data, size);
624 }
625
CRYPT_SHA512Finish(void * context,uint8_t digest[64])626 void CRYPT_SHA512Finish(void* context, uint8_t digest[64]) {
627 CRYPT_sha384_context* ctx = (CRYPT_sha384_context*)context;
628 uint32_t last, padn;
629 uint8_t msglen[16];
630 FXSYS_memset(msglen, 0, 16);
631 uint64_t high, low;
632 high = (ctx->total[0] >> 29) | (ctx->total[1] << 3);
633 low = (ctx->total[0] << 3);
634 PUT_UINT64(high, msglen, 0);
635 PUT_UINT64(low, msglen, 8);
636 last = (uint32_t)ctx->total[0] & 0x7F;
637 padn = (last < 112) ? (112 - last) : (240 - last);
638 CRYPT_SHA512Update(ctx, sha384_padding, padn);
639 CRYPT_SHA512Update(ctx, msglen, 16);
640 PUT_UINT64(ctx->state[0], digest, 0);
641 PUT_UINT64(ctx->state[1], digest, 8);
642 PUT_UINT64(ctx->state[2], digest, 16);
643 PUT_UINT64(ctx->state[3], digest, 24);
644 PUT_UINT64(ctx->state[4], digest, 32);
645 PUT_UINT64(ctx->state[5], digest, 40);
646 PUT_UINT64(ctx->state[6], digest, 48);
647 PUT_UINT64(ctx->state[7], digest, 56);
648 }
649
CRYPT_SHA512Generate(const uint8_t * data,uint32_t size,uint8_t digest[64])650 void CRYPT_SHA512Generate(const uint8_t* data,
651 uint32_t size,
652 uint8_t digest[64]) {
653 CRYPT_sha384_context context;
654 CRYPT_SHA512Start(&context);
655 CRYPT_SHA512Update(&context, data, size);
656 CRYPT_SHA512Finish(&context, digest);
657 }
658
659 #ifdef __cplusplus
660 };
661 #endif
662