1 // Copyright 2014 The PDFium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6
7 #include "core/fdrm/fx_crypt.h"
8
9 #include <string.h>
10
11 #define SHA_GET_UINT32(n, b, i) \
12 { \
13 (n) = ((uint32_t)(b)[(i)] << 24) | ((uint32_t)(b)[(i) + 1] << 16) | \
14 ((uint32_t)(b)[(i) + 2] << 8) | ((uint32_t)(b)[(i) + 3]); \
15 }
16 #define SHA_PUT_UINT32(n, b, i) \
17 { \
18 (b)[(i)] = (uint8_t)((n) >> 24); \
19 (b)[(i) + 1] = (uint8_t)((n) >> 16); \
20 (b)[(i) + 2] = (uint8_t)((n) >> 8); \
21 (b)[(i) + 3] = (uint8_t)((n)); \
22 }
23 #define SHA_GET_UINT64(n, b, i) \
24 { \
25 (n) = ((uint64_t)(b)[(i)] << 56) | ((uint64_t)(b)[(i) + 1] << 48) | \
26 ((uint64_t)(b)[(i) + 2] << 40) | ((uint64_t)(b)[(i) + 3] << 32) | \
27 ((uint64_t)(b)[(i) + 4] << 24) | ((uint64_t)(b)[(i) + 5] << 16) | \
28 ((uint64_t)(b)[(i) + 6] << 8) | ((uint64_t)(b)[(i) + 7]); \
29 }
30 #define SHA_PUT_UINT64(n, b, i) \
31 { \
32 (b)[(i)] = (uint8_t)((n) >> 56); \
33 (b)[(i) + 1] = (uint8_t)((n) >> 48); \
34 (b)[(i) + 2] = (uint8_t)((n) >> 40); \
35 (b)[(i) + 3] = (uint8_t)((n) >> 32); \
36 (b)[(i) + 4] = (uint8_t)((n) >> 24); \
37 (b)[(i) + 5] = (uint8_t)((n) >> 16); \
38 (b)[(i) + 6] = (uint8_t)((n) >> 8); \
39 (b)[(i) + 7] = (uint8_t)((n)); \
40 }
41
42 #define SHA384_F0(x, y, z) ((x & y) | (z & (x | y)))
43 #define SHA384_F1(x, y, z) (z ^ (x & (y ^ z)))
44 #define SHA384_SHR(x, n) (x >> n)
45 #define SHA384_ROTR(x, n) (SHA384_SHR(x, n) | x << (64 - n))
46 #define SHA384_S0(x) (SHA384_ROTR(x, 1) ^ SHA384_ROTR(x, 8) ^ SHA384_SHR(x, 7))
47 #define SHA384_S1(x) \
48 (SHA384_ROTR(x, 19) ^ SHA384_ROTR(x, 61) ^ SHA384_SHR(x, 6))
49 #define SHA384_S2(x) \
50 (SHA384_ROTR(x, 28) ^ SHA384_ROTR(x, 34) ^ SHA384_ROTR(x, 39))
51 #define SHA384_S3(x) \
52 (SHA384_ROTR(x, 14) ^ SHA384_ROTR(x, 18) ^ SHA384_ROTR(x, 41))
53 #define SHA384_P(a, b, c, d, e, f, g, h, x, K) \
54 { \
55 uint64_t temp1 = h + SHA384_S3(e) + SHA384_F1(e, f, g) + K + x; \
56 uint64_t temp2 = SHA384_S2(a) + SHA384_F0(a, b, c); \
57 d += temp1; \
58 h = temp1 + temp2; \
59 }
60 #define SHA384_R(t) \
61 (W[t] = SHA384_S1(W[t - 2]) + W[t - 7] + SHA384_S0(W[t - 15]) + W[t - 16])
62
63 #define rol(x, y) (((x) << (y)) | (((unsigned int)x) >> (32 - y)))
64 #define SHR(x, n) ((x & 0xFFFFFFFF) >> n)
65 #define ROTR(x, n) (SHR(x, n) | (x << (32 - n)))
66 #define S0(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ SHR(x, 3))
67 #define S1(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ SHR(x, 10))
68 #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22))
69 #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25))
70 #define F0(x, y, z) ((x & y) | (z & (x | y)))
71 #define F1(x, y, z) (z ^ (x & (y ^ z)))
72 #define R(t) (W[t] = S1(W[t - 2]) + W[t - 7] + S0(W[t - 15]) + W[t - 16])
73 #define PS(a, b, c, d, e, f, g, h, x, K) \
74 { \
75 uint32_t temp1 = h + S3(e) + F1(e, f, g) + K + x; \
76 uint32_t temp2 = S2(a) + F0(a, b, c); \
77 d += temp1; \
78 h = temp1 + temp2; \
79 }
80
81 namespace {
82
SHA_Core_Init(unsigned int h[5])83 void SHA_Core_Init(unsigned int h[5]) {
84 h[0] = 0x67452301;
85 h[1] = 0xefcdab89;
86 h[2] = 0x98badcfe;
87 h[3] = 0x10325476;
88 h[4] = 0xc3d2e1f0;
89 }
90
SHATransform(unsigned int * digest,unsigned int * block)91 void SHATransform(unsigned int* digest, unsigned int* block) {
92 unsigned int w[80];
93 int t;
94 for (t = 0; t < 16; t++) {
95 w[t] = block[t];
96 }
97 for (t = 16; t < 80; t++) {
98 unsigned int tmp = w[t - 3] ^ w[t - 8] ^ w[t - 14] ^ w[t - 16];
99 w[t] = rol(tmp, 1);
100 }
101 unsigned int a = digest[0];
102 unsigned int b = digest[1];
103 unsigned int c = digest[2];
104 unsigned int d = digest[3];
105 unsigned int e = digest[4];
106 for (t = 0; t < 20; t++) {
107 unsigned int tmp = rol(a, 5) + ((b & c) | (d & ~b)) + e + w[t] + 0x5a827999;
108 e = d;
109 d = c;
110 c = rol(b, 30);
111 b = a;
112 a = tmp;
113 }
114 for (t = 20; t < 40; t++) {
115 unsigned int tmp = rol(a, 5) + (b ^ c ^ d) + e + w[t] + 0x6ed9eba1;
116 e = d;
117 d = c;
118 c = rol(b, 30);
119 b = a;
120 a = tmp;
121 }
122 for (t = 40; t < 60; t++) {
123 unsigned int tmp =
124 rol(a, 5) + ((b & c) | (b & d) | (c & d)) + e + w[t] + 0x8f1bbcdc;
125 e = d;
126 d = c;
127 c = rol(b, 30);
128 b = a;
129 a = tmp;
130 }
131 for (t = 60; t < 80; t++) {
132 unsigned int tmp = rol(a, 5) + (b ^ c ^ d) + e + w[t] + 0xca62c1d6;
133 e = d;
134 d = c;
135 c = rol(b, 30);
136 b = a;
137 a = tmp;
138 }
139 digest[0] += a;
140 digest[1] += b;
141 digest[2] += c;
142 digest[3] += d;
143 digest[4] += e;
144 }
145
sha256_process(CRYPT_sha2_context * ctx,const uint8_t data[64])146 void sha256_process(CRYPT_sha2_context* ctx, const uint8_t data[64]) {
147 uint32_t W[64];
148 SHA_GET_UINT32(W[0], data, 0);
149 SHA_GET_UINT32(W[1], data, 4);
150 SHA_GET_UINT32(W[2], data, 8);
151 SHA_GET_UINT32(W[3], data, 12);
152 SHA_GET_UINT32(W[4], data, 16);
153 SHA_GET_UINT32(W[5], data, 20);
154 SHA_GET_UINT32(W[6], data, 24);
155 SHA_GET_UINT32(W[7], data, 28);
156 SHA_GET_UINT32(W[8], data, 32);
157 SHA_GET_UINT32(W[9], data, 36);
158 SHA_GET_UINT32(W[10], data, 40);
159 SHA_GET_UINT32(W[11], data, 44);
160 SHA_GET_UINT32(W[12], data, 48);
161 SHA_GET_UINT32(W[13], data, 52);
162 SHA_GET_UINT32(W[14], data, 56);
163 SHA_GET_UINT32(W[15], data, 60);
164
165 uint32_t A = static_cast<uint32_t>(ctx->state[0]);
166 uint32_t B = static_cast<uint32_t>(ctx->state[1]);
167 uint32_t C = static_cast<uint32_t>(ctx->state[2]);
168 uint32_t D = static_cast<uint32_t>(ctx->state[3]);
169 uint32_t E = static_cast<uint32_t>(ctx->state[4]);
170 uint32_t F = static_cast<uint32_t>(ctx->state[5]);
171 uint32_t G = static_cast<uint32_t>(ctx->state[6]);
172 uint32_t H = static_cast<uint32_t>(ctx->state[7]);
173 PS(A, B, C, D, E, F, G, H, W[0], 0x428A2F98);
174 PS(H, A, B, C, D, E, F, G, W[1], 0x71374491);
175 PS(G, H, A, B, C, D, E, F, W[2], 0xB5C0FBCF);
176 PS(F, G, H, A, B, C, D, E, W[3], 0xE9B5DBA5);
177 PS(E, F, G, H, A, B, C, D, W[4], 0x3956C25B);
178 PS(D, E, F, G, H, A, B, C, W[5], 0x59F111F1);
179 PS(C, D, E, F, G, H, A, B, W[6], 0x923F82A4);
180 PS(B, C, D, E, F, G, H, A, W[7], 0xAB1C5ED5);
181 PS(A, B, C, D, E, F, G, H, W[8], 0xD807AA98);
182 PS(H, A, B, C, D, E, F, G, W[9], 0x12835B01);
183 PS(G, H, A, B, C, D, E, F, W[10], 0x243185BE);
184 PS(F, G, H, A, B, C, D, E, W[11], 0x550C7DC3);
185 PS(E, F, G, H, A, B, C, D, W[12], 0x72BE5D74);
186 PS(D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE);
187 PS(C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7);
188 PS(B, C, D, E, F, G, H, A, W[15], 0xC19BF174);
189 PS(A, B, C, D, E, F, G, H, R(16), 0xE49B69C1);
190 PS(H, A, B, C, D, E, F, G, R(17), 0xEFBE4786);
191 PS(G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6);
192 PS(F, G, H, A, B, C, D, E, R(19), 0x240CA1CC);
193 PS(E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F);
194 PS(D, E, F, G, H, A, B, C, R(21), 0x4A7484AA);
195 PS(C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC);
196 PS(B, C, D, E, F, G, H, A, R(23), 0x76F988DA);
197 PS(A, B, C, D, E, F, G, H, R(24), 0x983E5152);
198 PS(H, A, B, C, D, E, F, G, R(25), 0xA831C66D);
199 PS(G, H, A, B, C, D, E, F, R(26), 0xB00327C8);
200 PS(F, G, H, A, B, C, D, E, R(27), 0xBF597FC7);
201 PS(E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3);
202 PS(D, E, F, G, H, A, B, C, R(29), 0xD5A79147);
203 PS(C, D, E, F, G, H, A, B, R(30), 0x06CA6351);
204 PS(B, C, D, E, F, G, H, A, R(31), 0x14292967);
205 PS(A, B, C, D, E, F, G, H, R(32), 0x27B70A85);
206 PS(H, A, B, C, D, E, F, G, R(33), 0x2E1B2138);
207 PS(G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC);
208 PS(F, G, H, A, B, C, D, E, R(35), 0x53380D13);
209 PS(E, F, G, H, A, B, C, D, R(36), 0x650A7354);
210 PS(D, E, F, G, H, A, B, C, R(37), 0x766A0ABB);
211 PS(C, D, E, F, G, H, A, B, R(38), 0x81C2C92E);
212 PS(B, C, D, E, F, G, H, A, R(39), 0x92722C85);
213 PS(A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1);
214 PS(H, A, B, C, D, E, F, G, R(41), 0xA81A664B);
215 PS(G, H, A, B, C, D, E, F, R(42), 0xC24B8B70);
216 PS(F, G, H, A, B, C, D, E, R(43), 0xC76C51A3);
217 PS(E, F, G, H, A, B, C, D, R(44), 0xD192E819);
218 PS(D, E, F, G, H, A, B, C, R(45), 0xD6990624);
219 PS(C, D, E, F, G, H, A, B, R(46), 0xF40E3585);
220 PS(B, C, D, E, F, G, H, A, R(47), 0x106AA070);
221 PS(A, B, C, D, E, F, G, H, R(48), 0x19A4C116);
222 PS(H, A, B, C, D, E, F, G, R(49), 0x1E376C08);
223 PS(G, H, A, B, C, D, E, F, R(50), 0x2748774C);
224 PS(F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5);
225 PS(E, F, G, H, A, B, C, D, R(52), 0x391C0CB3);
226 PS(D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A);
227 PS(C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F);
228 PS(B, C, D, E, F, G, H, A, R(55), 0x682E6FF3);
229 PS(A, B, C, D, E, F, G, H, R(56), 0x748F82EE);
230 PS(H, A, B, C, D, E, F, G, R(57), 0x78A5636F);
231 PS(G, H, A, B, C, D, E, F, R(58), 0x84C87814);
232 PS(F, G, H, A, B, C, D, E, R(59), 0x8CC70208);
233 PS(E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA);
234 PS(D, E, F, G, H, A, B, C, R(61), 0xA4506CEB);
235 PS(C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7);
236 PS(B, C, D, E, F, G, H, A, R(63), 0xC67178F2);
237 ctx->state[0] += A;
238 ctx->state[1] += B;
239 ctx->state[2] += C;
240 ctx->state[3] += D;
241 ctx->state[4] += E;
242 ctx->state[5] += F;
243 ctx->state[6] += G;
244 ctx->state[7] += H;
245 }
246
247 const uint8_t sha256_padding[64] = {
248 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
249 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
250 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
251
252 const uint8_t sha384_padding[128] = {
253 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
254 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
255 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
256 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
257 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
258 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
259 };
260
261 uint64_t const constants[] = {
262 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL,
263 0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
264 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL,
265 0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
266 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL,
267 0xc19bf174cf692694ULL, 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
268 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 0x2de92c6f592b0275ULL,
269 0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
270 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL,
271 0xbf597fc7beef0ee4ULL, 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
272 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 0x27b70a8546d22ffcULL,
273 0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
274 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL,
275 0x92722c851482353bULL, 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
276 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 0xd192e819d6ef5218ULL,
277 0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
278 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL,
279 0x34b0bcb5e19b48a8ULL, 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
280 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 0x748f82ee5defb2fcULL,
281 0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
282 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL,
283 0xc67178f2e372532bULL, 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
284 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 0x06f067aa72176fbaULL,
285 0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
286 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL,
287 0x431d67c49c100d4cULL, 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
288 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL,
289 };
290
sha384_process(CRYPT_sha2_context * ctx,const uint8_t data[128])291 void sha384_process(CRYPT_sha2_context* ctx, const uint8_t data[128]) {
292 uint64_t W[80];
293 SHA_GET_UINT64(W[0], data, 0);
294 SHA_GET_UINT64(W[1], data, 8);
295 SHA_GET_UINT64(W[2], data, 16);
296 SHA_GET_UINT64(W[3], data, 24);
297 SHA_GET_UINT64(W[4], data, 32);
298 SHA_GET_UINT64(W[5], data, 40);
299 SHA_GET_UINT64(W[6], data, 48);
300 SHA_GET_UINT64(W[7], data, 56);
301 SHA_GET_UINT64(W[8], data, 64);
302 SHA_GET_UINT64(W[9], data, 72);
303 SHA_GET_UINT64(W[10], data, 80);
304 SHA_GET_UINT64(W[11], data, 88);
305 SHA_GET_UINT64(W[12], data, 96);
306 SHA_GET_UINT64(W[13], data, 104);
307 SHA_GET_UINT64(W[14], data, 112);
308 SHA_GET_UINT64(W[15], data, 120);
309 uint64_t A = ctx->state[0];
310 uint64_t B = ctx->state[1];
311 uint64_t C = ctx->state[2];
312 uint64_t D = ctx->state[3];
313 uint64_t E = ctx->state[4];
314 uint64_t F = ctx->state[5];
315 uint64_t G = ctx->state[6];
316 uint64_t H = ctx->state[7];
317 for (int i = 0; i < 10; ++i) {
318 uint64_t temp[8];
319 if (i < 2) {
320 temp[0] = W[i * 8];
321 temp[1] = W[i * 8 + 1];
322 temp[2] = W[i * 8 + 2];
323 temp[3] = W[i * 8 + 3];
324 temp[4] = W[i * 8 + 4];
325 temp[5] = W[i * 8 + 5];
326 temp[6] = W[i * 8 + 6];
327 temp[7] = W[i * 8 + 7];
328 } else {
329 temp[0] = SHA384_R(i * 8);
330 temp[1] = SHA384_R(i * 8 + 1);
331 temp[2] = SHA384_R(i * 8 + 2);
332 temp[3] = SHA384_R(i * 8 + 3);
333 temp[4] = SHA384_R(i * 8 + 4);
334 temp[5] = SHA384_R(i * 8 + 5);
335 temp[6] = SHA384_R(i * 8 + 6);
336 temp[7] = SHA384_R(i * 8 + 7);
337 }
338 SHA384_P(A, B, C, D, E, F, G, H, temp[0], constants[i * 8]);
339 SHA384_P(H, A, B, C, D, E, F, G, temp[1], constants[i * 8 + 1]);
340 SHA384_P(G, H, A, B, C, D, E, F, temp[2], constants[i * 8 + 2]);
341 SHA384_P(F, G, H, A, B, C, D, E, temp[3], constants[i * 8 + 3]);
342 SHA384_P(E, F, G, H, A, B, C, D, temp[4], constants[i * 8 + 4]);
343 SHA384_P(D, E, F, G, H, A, B, C, temp[5], constants[i * 8 + 5]);
344 SHA384_P(C, D, E, F, G, H, A, B, temp[6], constants[i * 8 + 6]);
345 SHA384_P(B, C, D, E, F, G, H, A, temp[7], constants[i * 8 + 7]);
346 }
347 ctx->state[0] += A;
348 ctx->state[1] += B;
349 ctx->state[2] += C;
350 ctx->state[3] += D;
351 ctx->state[4] += E;
352 ctx->state[5] += F;
353 ctx->state[6] += G;
354 ctx->state[7] += H;
355 }
356
357 } // namespace
358
CRYPT_SHA1Start(CRYPT_sha1_context * context)359 void CRYPT_SHA1Start(CRYPT_sha1_context* context) {
360 SHA_Core_Init(context->h);
361 context->total_bytes = 0;
362 context->blkused = 0;
363 }
364
CRYPT_SHA1Update(CRYPT_sha1_context * context,const uint8_t * data,uint32_t size)365 void CRYPT_SHA1Update(CRYPT_sha1_context* context,
366 const uint8_t* data,
367 uint32_t size) {
368 context->total_bytes += size;
369 if (context->blkused && size < 64 - context->blkused) {
370 memcpy(context->block + context->blkused, data, size);
371 context->blkused += size;
372 return;
373 }
374 uint32_t wordblock[16];
375 while (size >= 64 - context->blkused) {
376 memcpy(context->block + context->blkused, data, 64 - context->blkused);
377 data += 64 - context->blkused;
378 size -= 64 - context->blkused;
379 for (int i = 0; i < 16; i++) {
380 wordblock[i] = (((uint32_t)context->block[i * 4 + 0]) << 24) |
381 (((uint32_t)context->block[i * 4 + 1]) << 16) |
382 (((uint32_t)context->block[i * 4 + 2]) << 8) |
383 (((uint32_t)context->block[i * 4 + 3]) << 0);
384 }
385 SHATransform(context->h, wordblock);
386 context->blkused = 0;
387 }
388 memcpy(context->block, data, size);
389 context->blkused = size;
390 }
391
CRYPT_SHA1Finish(CRYPT_sha1_context * context,uint8_t digest[20])392 void CRYPT_SHA1Finish(CRYPT_sha1_context* context, uint8_t digest[20]) {
393 uint64_t total_bits = 8 * context->total_bytes; // Prior to padding.
394 uint8_t c[64];
395 uint8_t pad;
396 if (context->blkused >= 56) {
397 pad = 56 + 64 - context->blkused;
398 } else {
399 pad = 56 - context->blkused;
400 }
401 memset(c, 0, pad);
402 c[0] = 0x80;
403 CRYPT_SHA1Update(context, c, pad);
404 c[0] = (total_bits >> 56) & 0xFF;
405 c[1] = (total_bits >> 48) & 0xFF;
406 c[2] = (total_bits >> 40) & 0xFF;
407 c[3] = (total_bits >> 32) & 0xFF;
408 c[4] = (total_bits >> 24) & 0xFF;
409 c[5] = (total_bits >> 16) & 0xFF;
410 c[6] = (total_bits >> 8) & 0xFF;
411 c[7] = (total_bits >> 0) & 0xFF;
412 CRYPT_SHA1Update(context, c, 8);
413 for (int i = 0; i < 5; i++) {
414 digest[i * 4] = (context->h[i] >> 24) & 0xFF;
415 digest[i * 4 + 1] = (context->h[i] >> 16) & 0xFF;
416 digest[i * 4 + 2] = (context->h[i] >> 8) & 0xFF;
417 digest[i * 4 + 3] = (context->h[i]) & 0xFF;
418 }
419 }
420
CRYPT_SHA1Generate(const uint8_t * data,uint32_t size,uint8_t digest[20])421 void CRYPT_SHA1Generate(const uint8_t* data,
422 uint32_t size,
423 uint8_t digest[20]) {
424 CRYPT_sha1_context s;
425 CRYPT_SHA1Start(&s);
426 CRYPT_SHA1Update(&s, data, size);
427 CRYPT_SHA1Finish(&s, digest);
428 }
429
CRYPT_SHA256Start(CRYPT_sha2_context * context)430 void CRYPT_SHA256Start(CRYPT_sha2_context* context) {
431 context->total_bytes = 0;
432 context->state[0] = 0x6A09E667;
433 context->state[1] = 0xBB67AE85;
434 context->state[2] = 0x3C6EF372;
435 context->state[3] = 0xA54FF53A;
436 context->state[4] = 0x510E527F;
437 context->state[5] = 0x9B05688C;
438 context->state[6] = 0x1F83D9AB;
439 context->state[7] = 0x5BE0CD19;
440 memset(context->buffer, 0, sizeof(context->buffer));
441 }
442
CRYPT_SHA256Update(CRYPT_sha2_context * context,const uint8_t * data,uint32_t size)443 void CRYPT_SHA256Update(CRYPT_sha2_context* context,
444 const uint8_t* data,
445 uint32_t size) {
446 if (!size)
447 return;
448
449 uint32_t left = context->total_bytes & 0x3F;
450 uint32_t fill = 64 - left;
451 context->total_bytes += size;
452 if (left && size >= fill) {
453 memcpy(context->buffer + left, data, fill);
454 sha256_process(context, context->buffer);
455 size -= fill;
456 data += fill;
457 left = 0;
458 }
459 while (size >= 64) {
460 sha256_process(context, data);
461 size -= 64;
462 data += 64;
463 }
464 if (size)
465 memcpy(context->buffer + left, data, size);
466 }
467
CRYPT_SHA256Finish(CRYPT_sha2_context * context,uint8_t digest[32])468 void CRYPT_SHA256Finish(CRYPT_sha2_context* context, uint8_t digest[32]) {
469 uint8_t msglen[8];
470 uint64_t total_bits = 8 * context->total_bytes; // Prior to padding.
471 SHA_PUT_UINT64(total_bits, msglen, 0);
472 uint32_t last = context->total_bytes & 0x3F;
473 uint32_t padn = (last < 56) ? (56 - last) : (120 - last);
474 CRYPT_SHA256Update(context, sha256_padding, padn);
475 CRYPT_SHA256Update(context, msglen, 8);
476 SHA_PUT_UINT32(context->state[0], digest, 0);
477 SHA_PUT_UINT32(context->state[1], digest, 4);
478 SHA_PUT_UINT32(context->state[2], digest, 8);
479 SHA_PUT_UINT32(context->state[3], digest, 12);
480 SHA_PUT_UINT32(context->state[4], digest, 16);
481 SHA_PUT_UINT32(context->state[5], digest, 20);
482 SHA_PUT_UINT32(context->state[6], digest, 24);
483 SHA_PUT_UINT32(context->state[7], digest, 28);
484 }
485
CRYPT_SHA256Generate(const uint8_t * data,uint32_t size,uint8_t digest[32])486 void CRYPT_SHA256Generate(const uint8_t* data,
487 uint32_t size,
488 uint8_t digest[32]) {
489 CRYPT_sha2_context ctx;
490 CRYPT_SHA256Start(&ctx);
491 CRYPT_SHA256Update(&ctx, data, size);
492 CRYPT_SHA256Finish(&ctx, digest);
493 }
494
CRYPT_SHA384Start(CRYPT_sha2_context * context)495 void CRYPT_SHA384Start(CRYPT_sha2_context* context) {
496 context->total_bytes = 0;
497 context->state[0] = 0xcbbb9d5dc1059ed8ULL;
498 context->state[1] = 0x629a292a367cd507ULL;
499 context->state[2] = 0x9159015a3070dd17ULL;
500 context->state[3] = 0x152fecd8f70e5939ULL;
501 context->state[4] = 0x67332667ffc00b31ULL;
502 context->state[5] = 0x8eb44a8768581511ULL;
503 context->state[6] = 0xdb0c2e0d64f98fa7ULL;
504 context->state[7] = 0x47b5481dbefa4fa4ULL;
505 memset(context->buffer, 0, sizeof(context->buffer));
506 }
507
CRYPT_SHA384Update(CRYPT_sha2_context * context,const uint8_t * data,uint32_t size)508 void CRYPT_SHA384Update(CRYPT_sha2_context* context,
509 const uint8_t* data,
510 uint32_t size) {
511 if (!size)
512 return;
513
514 uint32_t left = context->total_bytes & 0x7F;
515 uint32_t fill = 128 - left;
516 context->total_bytes += size;
517 if (left && size >= fill) {
518 memcpy(context->buffer + left, data, fill);
519 sha384_process(context, context->buffer);
520 size -= fill;
521 data += fill;
522 left = 0;
523 }
524 while (size >= 128) {
525 sha384_process(context, data);
526 size -= 128;
527 data += 128;
528 }
529 if (size)
530 memcpy(context->buffer + left, data, size);
531 }
532
CRYPT_SHA384Finish(CRYPT_sha2_context * context,uint8_t digest[48])533 void CRYPT_SHA384Finish(CRYPT_sha2_context* context, uint8_t digest[48]) {
534 uint8_t msglen[16];
535 uint64_t total_bits = 8 * context->total_bytes; // Prior to padding.
536 SHA_PUT_UINT64(0ULL, msglen, 0);
537 SHA_PUT_UINT64(total_bits, msglen, 8);
538 uint32_t last = context->total_bytes & 0x7F;
539 uint32_t padn = (last < 112) ? (112 - last) : (240 - last);
540 CRYPT_SHA384Update(context, sha384_padding, padn);
541 CRYPT_SHA384Update(context, msglen, 16);
542 SHA_PUT_UINT64(context->state[0], digest, 0);
543 SHA_PUT_UINT64(context->state[1], digest, 8);
544 SHA_PUT_UINT64(context->state[2], digest, 16);
545 SHA_PUT_UINT64(context->state[3], digest, 24);
546 SHA_PUT_UINT64(context->state[4], digest, 32);
547 SHA_PUT_UINT64(context->state[5], digest, 40);
548 }
549
CRYPT_SHA384Generate(const uint8_t * data,uint32_t size,uint8_t digest[48])550 void CRYPT_SHA384Generate(const uint8_t* data,
551 uint32_t size,
552 uint8_t digest[48]) {
553 CRYPT_sha2_context context;
554 CRYPT_SHA384Start(&context);
555 CRYPT_SHA384Update(&context, data, size);
556 CRYPT_SHA384Finish(&context, digest);
557 }
558
CRYPT_SHA512Start(CRYPT_sha2_context * context)559 void CRYPT_SHA512Start(CRYPT_sha2_context* context) {
560 context->total_bytes = 0;
561 context->state[0] = 0x6a09e667f3bcc908ULL;
562 context->state[1] = 0xbb67ae8584caa73bULL;
563 context->state[2] = 0x3c6ef372fe94f82bULL;
564 context->state[3] = 0xa54ff53a5f1d36f1ULL;
565 context->state[4] = 0x510e527fade682d1ULL;
566 context->state[5] = 0x9b05688c2b3e6c1fULL;
567 context->state[6] = 0x1f83d9abfb41bd6bULL;
568 context->state[7] = 0x5be0cd19137e2179ULL;
569 memset(context->buffer, 0, sizeof(context->buffer));
570 }
571
CRYPT_SHA512Update(CRYPT_sha2_context * context,const uint8_t * data,uint32_t size)572 void CRYPT_SHA512Update(CRYPT_sha2_context* context,
573 const uint8_t* data,
574 uint32_t size) {
575 CRYPT_SHA384Update(context, data, size);
576 }
577
CRYPT_SHA512Finish(CRYPT_sha2_context * context,uint8_t digest[64])578 void CRYPT_SHA512Finish(CRYPT_sha2_context* context, uint8_t digest[64]) {
579 uint8_t msglen[16];
580 uint64_t total_bits = 8 * context->total_bytes;
581 SHA_PUT_UINT64(0ULL, msglen, 0);
582 SHA_PUT_UINT64(total_bits, msglen, 8);
583 uint32_t last = context->total_bytes & 0x7F;
584 uint32_t padn = (last < 112) ? (112 - last) : (240 - last);
585 CRYPT_SHA512Update(context, sha384_padding, padn);
586 CRYPT_SHA512Update(context, msglen, 16);
587 SHA_PUT_UINT64(context->state[0], digest, 0);
588 SHA_PUT_UINT64(context->state[1], digest, 8);
589 SHA_PUT_UINT64(context->state[2], digest, 16);
590 SHA_PUT_UINT64(context->state[3], digest, 24);
591 SHA_PUT_UINT64(context->state[4], digest, 32);
592 SHA_PUT_UINT64(context->state[5], digest, 40);
593 SHA_PUT_UINT64(context->state[6], digest, 48);
594 SHA_PUT_UINT64(context->state[7], digest, 56);
595 }
596
CRYPT_SHA512Generate(const uint8_t * data,uint32_t size,uint8_t digest[64])597 void CRYPT_SHA512Generate(const uint8_t* data,
598 uint32_t size,
599 uint8_t digest[64]) {
600 CRYPT_sha2_context context;
601 CRYPT_SHA512Start(&context);
602 CRYPT_SHA512Update(&context, data, size);
603 CRYPT_SHA512Finish(&context, digest);
604 }
605