1 // Copyright 2014 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6
7 #include "core/fdrm/crypto/include/fx_crypt.h"
8
9 #ifdef __cplusplus
10 extern "C" {
11 #endif
12 typedef struct {
13 unsigned int h[5];
14 unsigned char block[64];
15 int blkused;
16 unsigned int lenhi, lenlo;
17 } SHA_State;
18 #define rol(x, y) (((x) << (y)) | (((unsigned int)x) >> (32 - y)))
SHA_Core_Init(unsigned int h[5])19 static void SHA_Core_Init(unsigned int h[5]) {
20 h[0] = 0x67452301;
21 h[1] = 0xefcdab89;
22 h[2] = 0x98badcfe;
23 h[3] = 0x10325476;
24 h[4] = 0xc3d2e1f0;
25 }
SHATransform(unsigned int * digest,unsigned int * block)26 static void SHATransform(unsigned int* digest, unsigned int* block) {
27 unsigned int w[80];
28 unsigned int a, b, c, d, e;
29 int t;
30 for (t = 0; t < 16; t++) {
31 w[t] = block[t];
32 }
33 for (t = 16; t < 80; t++) {
34 unsigned int tmp = w[t - 3] ^ w[t - 8] ^ w[t - 14] ^ w[t - 16];
35 w[t] = rol(tmp, 1);
36 }
37 a = digest[0];
38 b = digest[1];
39 c = digest[2];
40 d = digest[3];
41 e = digest[4];
42 for (t = 0; t < 20; t++) {
43 unsigned int tmp = rol(a, 5) + ((b & c) | (d & ~b)) + e + w[t] + 0x5a827999;
44 e = d;
45 d = c;
46 c = rol(b, 30);
47 b = a;
48 a = tmp;
49 }
50 for (t = 20; t < 40; t++) {
51 unsigned int tmp = rol(a, 5) + (b ^ c ^ d) + e + w[t] + 0x6ed9eba1;
52 e = d;
53 d = c;
54 c = rol(b, 30);
55 b = a;
56 a = tmp;
57 }
58 for (t = 40; t < 60; t++) {
59 unsigned int tmp =
60 rol(a, 5) + ((b & c) | (b & d) | (c & d)) + e + w[t] + 0x8f1bbcdc;
61 e = d;
62 d = c;
63 c = rol(b, 30);
64 b = a;
65 a = tmp;
66 }
67 for (t = 60; t < 80; t++) {
68 unsigned int tmp = rol(a, 5) + (b ^ c ^ d) + e + w[t] + 0xca62c1d6;
69 e = d;
70 d = c;
71 c = rol(b, 30);
72 b = a;
73 a = tmp;
74 }
75 digest[0] += a;
76 digest[1] += b;
77 digest[2] += c;
78 digest[3] += d;
79 digest[4] += e;
80 }
CRYPT_SHA1Start(void * context)81 void CRYPT_SHA1Start(void* context) {
82 SHA_State* s = (SHA_State*)context;
83 SHA_Core_Init(s->h);
84 s->blkused = 0;
85 s->lenhi = s->lenlo = 0;
86 }
CRYPT_SHA1Update(void * context,const uint8_t * data,uint32_t size)87 void CRYPT_SHA1Update(void* context, const uint8_t* data, uint32_t size) {
88 SHA_State* s = (SHA_State*)context;
89 unsigned char* q = (unsigned char*)data;
90 unsigned int wordblock[16];
91 int len = size;
92 unsigned int lenw = len;
93 int i;
94 s->lenlo += lenw;
95 s->lenhi += (s->lenlo < lenw);
96 if (s->blkused && s->blkused + len < 64) {
97 FXSYS_memcpy(s->block + s->blkused, q, len);
98 s->blkused += len;
99 } else {
100 while (s->blkused + len >= 64) {
101 FXSYS_memcpy(s->block + s->blkused, q, 64 - s->blkused);
102 q += 64 - s->blkused;
103 len -= 64 - s->blkused;
104 for (i = 0; i < 16; i++) {
105 wordblock[i] = (((unsigned int)s->block[i * 4 + 0]) << 24) |
106 (((unsigned int)s->block[i * 4 + 1]) << 16) |
107 (((unsigned int)s->block[i * 4 + 2]) << 8) |
108 (((unsigned int)s->block[i * 4 + 3]) << 0);
109 }
110 SHATransform(s->h, wordblock);
111 s->blkused = 0;
112 }
113 FXSYS_memcpy(s->block, q, len);
114 s->blkused = len;
115 }
116 }
CRYPT_SHA1Finish(void * context,uint8_t digest[20])117 void CRYPT_SHA1Finish(void* context, uint8_t digest[20]) {
118 SHA_State* s = (SHA_State*)context;
119 int i;
120 int pad;
121 unsigned char c[64];
122 unsigned int lenhi, lenlo;
123 if (s->blkused >= 56) {
124 pad = 56 + 64 - s->blkused;
125 } else {
126 pad = 56 - s->blkused;
127 }
128 lenhi = (s->lenhi << 3) | (s->lenlo >> (32 - 3));
129 lenlo = (s->lenlo << 3);
130 FXSYS_memset(c, 0, pad);
131 c[0] = 0x80;
132 CRYPT_SHA1Update(s, c, pad);
133 c[0] = (lenhi >> 24) & 0xFF;
134 c[1] = (lenhi >> 16) & 0xFF;
135 c[2] = (lenhi >> 8) & 0xFF;
136 c[3] = (lenhi >> 0) & 0xFF;
137 c[4] = (lenlo >> 24) & 0xFF;
138 c[5] = (lenlo >> 16) & 0xFF;
139 c[6] = (lenlo >> 8) & 0xFF;
140 c[7] = (lenlo >> 0) & 0xFF;
141 CRYPT_SHA1Update(s, c, 8);
142 for (i = 0; i < 5; i++) {
143 digest[i * 4] = (s->h[i] >> 24) & 0xFF;
144 digest[i * 4 + 1] = (s->h[i] >> 16) & 0xFF;
145 digest[i * 4 + 2] = (s->h[i] >> 8) & 0xFF;
146 digest[i * 4 + 3] = (s->h[i]) & 0xFF;
147 }
148 }
CRYPT_SHA1Generate(const uint8_t * data,uint32_t size,uint8_t digest[20])149 void CRYPT_SHA1Generate(const uint8_t* data,
150 uint32_t size,
151 uint8_t digest[20]) {
152 SHA_State s;
153 CRYPT_SHA1Start(&s);
154 CRYPT_SHA1Update(&s, data, size);
155 CRYPT_SHA1Finish(&s, digest);
156 }
157 typedef struct {
158 uint32_t total[2];
159 uint32_t state[8];
160 uint8_t buffer[64];
161 } sha256_context;
162 #define GET_UINT32(n, b, i) \
163 { \
164 (n) = ((uint32_t)(b)[(i)] << 24) | ((uint32_t)(b)[(i) + 1] << 16) | \
165 ((uint32_t)(b)[(i) + 2] << 8) | ((uint32_t)(b)[(i) + 3]); \
166 }
167 #define PUT_UINT32(n, b, i) \
168 { \
169 (b)[(i)] = (uint8_t)((n) >> 24); \
170 (b)[(i) + 1] = (uint8_t)((n) >> 16); \
171 (b)[(i) + 2] = (uint8_t)((n) >> 8); \
172 (b)[(i) + 3] = (uint8_t)((n)); \
173 }
CRYPT_SHA256Start(void * context)174 void CRYPT_SHA256Start(void* context) {
175 sha256_context* ctx = (sha256_context*)context;
176 ctx->total[0] = 0;
177 ctx->total[1] = 0;
178 ctx->state[0] = 0x6A09E667;
179 ctx->state[1] = 0xBB67AE85;
180 ctx->state[2] = 0x3C6EF372;
181 ctx->state[3] = 0xA54FF53A;
182 ctx->state[4] = 0x510E527F;
183 ctx->state[5] = 0x9B05688C;
184 ctx->state[6] = 0x1F83D9AB;
185 ctx->state[7] = 0x5BE0CD19;
186 }
sha256_process(sha256_context * ctx,const uint8_t data[64])187 static void sha256_process(sha256_context* ctx, const uint8_t data[64]) {
188 uint32_t temp1, temp2, W[64];
189 uint32_t A, B, C, D, E, F, G, H;
190 GET_UINT32(W[0], data, 0);
191 GET_UINT32(W[1], data, 4);
192 GET_UINT32(W[2], data, 8);
193 GET_UINT32(W[3], data, 12);
194 GET_UINT32(W[4], data, 16);
195 GET_UINT32(W[5], data, 20);
196 GET_UINT32(W[6], data, 24);
197 GET_UINT32(W[7], data, 28);
198 GET_UINT32(W[8], data, 32);
199 GET_UINT32(W[9], data, 36);
200 GET_UINT32(W[10], data, 40);
201 GET_UINT32(W[11], data, 44);
202 GET_UINT32(W[12], data, 48);
203 GET_UINT32(W[13], data, 52);
204 GET_UINT32(W[14], data, 56);
205 GET_UINT32(W[15], data, 60);
206 #define SHR(x, n) ((x & 0xFFFFFFFF) >> n)
207 #define ROTR(x, n) (SHR(x, n) | (x << (32 - n)))
208 #define S0(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ SHR(x, 3))
209 #define S1(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ SHR(x, 10))
210 #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22))
211 #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25))
212 #define F0(x, y, z) ((x & y) | (z & (x | y)))
213 #define F1(x, y, z) (z ^ (x & (y ^ z)))
214 #define R(t) (W[t] = S1(W[t - 2]) + W[t - 7] + S0(W[t - 15]) + W[t - 16])
215 #define P(a, b, c, d, e, f, g, h, x, K) \
216 { \
217 temp1 = h + S3(e) + F1(e, f, g) + K + x; \
218 temp2 = S2(a) + F0(a, b, c); \
219 d += temp1; \
220 h = temp1 + temp2; \
221 }
222 A = ctx->state[0];
223 B = ctx->state[1];
224 C = ctx->state[2];
225 D = ctx->state[3];
226 E = ctx->state[4];
227 F = ctx->state[5];
228 G = ctx->state[6];
229 H = ctx->state[7];
230 P(A, B, C, D, E, F, G, H, W[0], 0x428A2F98);
231 P(H, A, B, C, D, E, F, G, W[1], 0x71374491);
232 P(G, H, A, B, C, D, E, F, W[2], 0xB5C0FBCF);
233 P(F, G, H, A, B, C, D, E, W[3], 0xE9B5DBA5);
234 P(E, F, G, H, A, B, C, D, W[4], 0x3956C25B);
235 P(D, E, F, G, H, A, B, C, W[5], 0x59F111F1);
236 P(C, D, E, F, G, H, A, B, W[6], 0x923F82A4);
237 P(B, C, D, E, F, G, H, A, W[7], 0xAB1C5ED5);
238 P(A, B, C, D, E, F, G, H, W[8], 0xD807AA98);
239 P(H, A, B, C, D, E, F, G, W[9], 0x12835B01);
240 P(G, H, A, B, C, D, E, F, W[10], 0x243185BE);
241 P(F, G, H, A, B, C, D, E, W[11], 0x550C7DC3);
242 P(E, F, G, H, A, B, C, D, W[12], 0x72BE5D74);
243 P(D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE);
244 P(C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7);
245 P(B, C, D, E, F, G, H, A, W[15], 0xC19BF174);
246 P(A, B, C, D, E, F, G, H, R(16), 0xE49B69C1);
247 P(H, A, B, C, D, E, F, G, R(17), 0xEFBE4786);
248 P(G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6);
249 P(F, G, H, A, B, C, D, E, R(19), 0x240CA1CC);
250 P(E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F);
251 P(D, E, F, G, H, A, B, C, R(21), 0x4A7484AA);
252 P(C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC);
253 P(B, C, D, E, F, G, H, A, R(23), 0x76F988DA);
254 P(A, B, C, D, E, F, G, H, R(24), 0x983E5152);
255 P(H, A, B, C, D, E, F, G, R(25), 0xA831C66D);
256 P(G, H, A, B, C, D, E, F, R(26), 0xB00327C8);
257 P(F, G, H, A, B, C, D, E, R(27), 0xBF597FC7);
258 P(E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3);
259 P(D, E, F, G, H, A, B, C, R(29), 0xD5A79147);
260 P(C, D, E, F, G, H, A, B, R(30), 0x06CA6351);
261 P(B, C, D, E, F, G, H, A, R(31), 0x14292967);
262 P(A, B, C, D, E, F, G, H, R(32), 0x27B70A85);
263 P(H, A, B, C, D, E, F, G, R(33), 0x2E1B2138);
264 P(G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC);
265 P(F, G, H, A, B, C, D, E, R(35), 0x53380D13);
266 P(E, F, G, H, A, B, C, D, R(36), 0x650A7354);
267 P(D, E, F, G, H, A, B, C, R(37), 0x766A0ABB);
268 P(C, D, E, F, G, H, A, B, R(38), 0x81C2C92E);
269 P(B, C, D, E, F, G, H, A, R(39), 0x92722C85);
270 P(A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1);
271 P(H, A, B, C, D, E, F, G, R(41), 0xA81A664B);
272 P(G, H, A, B, C, D, E, F, R(42), 0xC24B8B70);
273 P(F, G, H, A, B, C, D, E, R(43), 0xC76C51A3);
274 P(E, F, G, H, A, B, C, D, R(44), 0xD192E819);
275 P(D, E, F, G, H, A, B, C, R(45), 0xD6990624);
276 P(C, D, E, F, G, H, A, B, R(46), 0xF40E3585);
277 P(B, C, D, E, F, G, H, A, R(47), 0x106AA070);
278 P(A, B, C, D, E, F, G, H, R(48), 0x19A4C116);
279 P(H, A, B, C, D, E, F, G, R(49), 0x1E376C08);
280 P(G, H, A, B, C, D, E, F, R(50), 0x2748774C);
281 P(F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5);
282 P(E, F, G, H, A, B, C, D, R(52), 0x391C0CB3);
283 P(D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A);
284 P(C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F);
285 P(B, C, D, E, F, G, H, A, R(55), 0x682E6FF3);
286 P(A, B, C, D, E, F, G, H, R(56), 0x748F82EE);
287 P(H, A, B, C, D, E, F, G, R(57), 0x78A5636F);
288 P(G, H, A, B, C, D, E, F, R(58), 0x84C87814);
289 P(F, G, H, A, B, C, D, E, R(59), 0x8CC70208);
290 P(E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA);
291 P(D, E, F, G, H, A, B, C, R(61), 0xA4506CEB);
292 P(C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7);
293 P(B, C, D, E, F, G, H, A, R(63), 0xC67178F2);
294 ctx->state[0] += A;
295 ctx->state[1] += B;
296 ctx->state[2] += C;
297 ctx->state[3] += D;
298 ctx->state[4] += E;
299 ctx->state[5] += F;
300 ctx->state[6] += G;
301 ctx->state[7] += H;
302 }
CRYPT_SHA256Update(void * context,const uint8_t * input,uint32_t length)303 void CRYPT_SHA256Update(void* context, const uint8_t* input, uint32_t length) {
304 sha256_context* ctx = (sha256_context*)context;
305 uint32_t left, fill;
306 if (!length) {
307 return;
308 }
309 left = ctx->total[0] & 0x3F;
310 fill = 64 - left;
311 ctx->total[0] += length;
312 ctx->total[0] &= 0xFFFFFFFF;
313 if (ctx->total[0] < length) {
314 ctx->total[1]++;
315 }
316 if (left && length >= fill) {
317 FXSYS_memcpy((void*)(ctx->buffer + left), (void*)input, fill);
318 sha256_process(ctx, ctx->buffer);
319 length -= fill;
320 input += fill;
321 left = 0;
322 }
323 while (length >= 64) {
324 sha256_process(ctx, input);
325 length -= 64;
326 input += 64;
327 }
328 if (length) {
329 FXSYS_memcpy((void*)(ctx->buffer + left), (void*)input, length);
330 }
331 }
332 static const uint8_t sha256_padding[64] = {
333 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
334 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
335 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
CRYPT_SHA256Finish(void * context,uint8_t digest[32])336 void CRYPT_SHA256Finish(void* context, uint8_t digest[32]) {
337 sha256_context* ctx = (sha256_context*)context;
338 uint32_t last, padn;
339 uint32_t high, low;
340 uint8_t msglen[8];
341 high = (ctx->total[0] >> 29) | (ctx->total[1] << 3);
342 low = (ctx->total[0] << 3);
343 PUT_UINT32(high, msglen, 0);
344 PUT_UINT32(low, msglen, 4);
345 last = ctx->total[0] & 0x3F;
346 padn = (last < 56) ? (56 - last) : (120 - last);
347 CRYPT_SHA256Update(ctx, sha256_padding, padn);
348 CRYPT_SHA256Update(ctx, msglen, 8);
349 PUT_UINT32(ctx->state[0], digest, 0);
350 PUT_UINT32(ctx->state[1], digest, 4);
351 PUT_UINT32(ctx->state[2], digest, 8);
352 PUT_UINT32(ctx->state[3], digest, 12);
353 PUT_UINT32(ctx->state[4], digest, 16);
354 PUT_UINT32(ctx->state[5], digest, 20);
355 PUT_UINT32(ctx->state[6], digest, 24);
356 PUT_UINT32(ctx->state[7], digest, 28);
357 }
CRYPT_SHA256Generate(const uint8_t * data,uint32_t size,uint8_t digest[32])358 void CRYPT_SHA256Generate(const uint8_t* data,
359 uint32_t size,
360 uint8_t digest[32]) {
361 sha256_context ctx;
362 CRYPT_SHA256Start(&ctx);
363 CRYPT_SHA256Update(&ctx, data, size);
364 CRYPT_SHA256Finish(&ctx, digest);
365 }
366 typedef struct {
367 uint64_t total[2];
368 uint64_t state[8];
369 uint8_t buffer[128];
370 } sha384_context;
FX_ato64i(const FX_CHAR * str)371 uint64_t FX_ato64i(const FX_CHAR* str) {
372 ASSERT(str);
373 uint64_t ret = 0;
374 int len = (int)FXSYS_strlen(str);
375 len = len > 16 ? 16 : len;
376 for (int i = 0; i < len; ++i) {
377 if (i) {
378 ret <<= 4;
379 }
380 if (str[i] >= '0' && str[i] <= '9') {
381 ret |= (str[i] - '0') & 0xFF;
382 } else if (str[i] >= 'a' && str[i] <= 'f') {
383 ret |= (str[i] - 'a' + 10) & 0xFF;
384 } else if (str[i] >= 'A' && str[i] <= 'F') {
385 ret |= (str[i] - 'A' + 10) & 0xFF;
386 } else {
387 ASSERT(FALSE);
388 }
389 }
390 return ret;
391 }
CRYPT_SHA384Start(void * context)392 void CRYPT_SHA384Start(void* context) {
393 if (!context) {
394 return;
395 }
396 sha384_context* ctx = (sha384_context*)context;
397 FXSYS_memset(ctx, 0, sizeof(sha384_context));
398 ctx->state[0] = FX_ato64i("cbbb9d5dc1059ed8");
399 ctx->state[1] = FX_ato64i("629a292a367cd507");
400 ctx->state[2] = FX_ato64i("9159015a3070dd17");
401 ctx->state[3] = FX_ato64i("152fecd8f70e5939");
402 ctx->state[4] = FX_ato64i("67332667ffc00b31");
403 ctx->state[5] = FX_ato64i("8eb44a8768581511");
404 ctx->state[6] = FX_ato64i("db0c2e0d64f98fa7");
405 ctx->state[7] = FX_ato64i("47b5481dbefa4fa4");
406 }
407 #define SHA384_F0(x, y, z) ((x & y) | (z & (x | y)))
408 #define SHA384_F1(x, y, z) (z ^ (x & (y ^ z)))
409 #define SHA384_SHR(x, n) (x >> n)
410 #define SHA384_ROTR(x, n) (SHA384_SHR(x, n) | x << (64 - n))
411 #define SHA384_S0(x) (SHA384_ROTR(x, 1) ^ SHA384_ROTR(x, 8) ^ SHA384_SHR(x, 7))
412 #define SHA384_S1(x) \
413 (SHA384_ROTR(x, 19) ^ SHA384_ROTR(x, 61) ^ SHA384_SHR(x, 6))
414 #define SHA384_S2(x) \
415 (SHA384_ROTR(x, 28) ^ SHA384_ROTR(x, 34) ^ SHA384_ROTR(x, 39))
416 #define SHA384_S3(x) \
417 (SHA384_ROTR(x, 14) ^ SHA384_ROTR(x, 18) ^ SHA384_ROTR(x, 41))
418 #define SHA384_P(a, b, c, d, e, f, g, h, x, K) \
419 { \
420 temp1 = h + SHA384_S3(e) + SHA384_F1(e, f, g) + K + x; \
421 temp2 = SHA384_S2(a) + SHA384_F0(a, b, c); \
422 d += temp1; \
423 h = temp1 + temp2; \
424 }
425 static const uint8_t sha384_padding[128] = {
426 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
427 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
428 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
429 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
430 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
431 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
432 };
433 #define SHA384_R(t) \
434 (W[t] = SHA384_S1(W[t - 2]) + W[t - 7] + SHA384_S0(W[t - 15]) + W[t - 16])
435 static const FX_CHAR* constants[] = {
436 "428a2f98d728ae22", "7137449123ef65cd", "b5c0fbcfec4d3b2f",
437 "e9b5dba58189dbbc", "3956c25bf348b538", "59f111f1b605d019",
438 "923f82a4af194f9b", "ab1c5ed5da6d8118", "d807aa98a3030242",
439 "12835b0145706fbe", "243185be4ee4b28c", "550c7dc3d5ffb4e2",
440 "72be5d74f27b896f", "80deb1fe3b1696b1", "9bdc06a725c71235",
441 "c19bf174cf692694", "e49b69c19ef14ad2", "efbe4786384f25e3",
442 "0fc19dc68b8cd5b5", "240ca1cc77ac9c65", "2de92c6f592b0275",
443 "4a7484aa6ea6e483", "5cb0a9dcbd41fbd4", "76f988da831153b5",
444 "983e5152ee66dfab", "a831c66d2db43210", "b00327c898fb213f",
445 "bf597fc7beef0ee4", "c6e00bf33da88fc2", "d5a79147930aa725",
446 "06ca6351e003826f", "142929670a0e6e70", "27b70a8546d22ffc",
447 "2e1b21385c26c926", "4d2c6dfc5ac42aed", "53380d139d95b3df",
448 "650a73548baf63de", "766a0abb3c77b2a8", "81c2c92e47edaee6",
449 "92722c851482353b", "a2bfe8a14cf10364", "a81a664bbc423001",
450 "c24b8b70d0f89791", "c76c51a30654be30", "d192e819d6ef5218",
451 "d69906245565a910", "f40e35855771202a", "106aa07032bbd1b8",
452 "19a4c116b8d2d0c8", "1e376c085141ab53", "2748774cdf8eeb99",
453 "34b0bcb5e19b48a8", "391c0cb3c5c95a63", "4ed8aa4ae3418acb",
454 "5b9cca4f7763e373", "682e6ff3d6b2b8a3", "748f82ee5defb2fc",
455 "78a5636f43172f60", "84c87814a1f0ab72", "8cc702081a6439ec",
456 "90befffa23631e28", "a4506cebde82bde9", "bef9a3f7b2c67915",
457 "c67178f2e372532b", "ca273eceea26619c", "d186b8c721c0c207",
458 "eada7dd6cde0eb1e", "f57d4f7fee6ed178", "06f067aa72176fba",
459 "0a637dc5a2c898a6", "113f9804bef90dae", "1b710b35131c471b",
460 "28db77f523047d84", "32caab7b40c72493", "3c9ebe0a15c9bebc",
461 "431d67c49c100d4c", "4cc5d4becb3e42b6", "597f299cfc657e2a",
462 "5fcb6fab3ad6faec", "6c44198c4a475817",
463 };
464 #define GET_FX_64WORD(n, b, i) \
465 { \
466 (n) = ((uint64_t)(b)[(i)] << 56) | ((uint64_t)(b)[(i) + 1] << 48) | \
467 ((uint64_t)(b)[(i) + 2] << 40) | ((uint64_t)(b)[(i) + 3] << 32) | \
468 ((uint64_t)(b)[(i) + 4] << 24) | ((uint64_t)(b)[(i) + 5] << 16) | \
469 ((uint64_t)(b)[(i) + 6] << 8) | ((uint64_t)(b)[(i) + 7]); \
470 }
471 #define PUT_UINT64(n, b, i) \
472 { \
473 (b)[(i)] = (uint8_t)((n) >> 56); \
474 (b)[(i) + 1] = (uint8_t)((n) >> 48); \
475 (b)[(i) + 2] = (uint8_t)((n) >> 40); \
476 (b)[(i) + 3] = (uint8_t)((n) >> 32); \
477 (b)[(i) + 4] = (uint8_t)((n) >> 24); \
478 (b)[(i) + 5] = (uint8_t)((n) >> 16); \
479 (b)[(i) + 6] = (uint8_t)((n) >> 8); \
480 (b)[(i) + 7] = (uint8_t)((n)); \
481 }
sha384_process(sha384_context * ctx,const uint8_t data[128])482 static void sha384_process(sha384_context* ctx, const uint8_t data[128]) {
483 uint64_t temp1, temp2;
484 uint64_t A, B, C, D, E, F, G, H;
485 uint64_t W[80];
486 GET_FX_64WORD(W[0], data, 0);
487 GET_FX_64WORD(W[1], data, 8);
488 GET_FX_64WORD(W[2], data, 16);
489 GET_FX_64WORD(W[3], data, 24);
490 GET_FX_64WORD(W[4], data, 32);
491 GET_FX_64WORD(W[5], data, 40);
492 GET_FX_64WORD(W[6], data, 48);
493 GET_FX_64WORD(W[7], data, 56);
494 GET_FX_64WORD(W[8], data, 64);
495 GET_FX_64WORD(W[9], data, 72);
496 GET_FX_64WORD(W[10], data, 80);
497 GET_FX_64WORD(W[11], data, 88);
498 GET_FX_64WORD(W[12], data, 96);
499 GET_FX_64WORD(W[13], data, 104);
500 GET_FX_64WORD(W[14], data, 112);
501 GET_FX_64WORD(W[15], data, 120);
502 A = ctx->state[0];
503 B = ctx->state[1];
504 C = ctx->state[2];
505 D = ctx->state[3];
506 E = ctx->state[4];
507 F = ctx->state[5];
508 G = ctx->state[6];
509 H = ctx->state[7];
510 for (int i = 0; i < 10; ++i) {
511 uint64_t temp[8];
512 if (i < 2) {
513 temp[0] = W[i * 8];
514 temp[1] = W[i * 8 + 1];
515 temp[2] = W[i * 8 + 2];
516 temp[3] = W[i * 8 + 3];
517 temp[4] = W[i * 8 + 4];
518 temp[5] = W[i * 8 + 5];
519 temp[6] = W[i * 8 + 6];
520 temp[7] = W[i * 8 + 7];
521 } else {
522 temp[0] = SHA384_R(i * 8);
523 temp[1] = SHA384_R(i * 8 + 1);
524 temp[2] = SHA384_R(i * 8 + 2);
525 temp[3] = SHA384_R(i * 8 + 3);
526 temp[4] = SHA384_R(i * 8 + 4);
527 temp[5] = SHA384_R(i * 8 + 5);
528 temp[6] = SHA384_R(i * 8 + 6);
529 temp[7] = SHA384_R(i * 8 + 7);
530 }
531 SHA384_P(A, B, C, D, E, F, G, H, temp[0], FX_ato64i(constants[i * 8]));
532 SHA384_P(H, A, B, C, D, E, F, G, temp[1], FX_ato64i(constants[i * 8 + 1]));
533 SHA384_P(G, H, A, B, C, D, E, F, temp[2], FX_ato64i(constants[i * 8 + 2]));
534 SHA384_P(F, G, H, A, B, C, D, E, temp[3], FX_ato64i(constants[i * 8 + 3]));
535 SHA384_P(E, F, G, H, A, B, C, D, temp[4], FX_ato64i(constants[i * 8 + 4]));
536 SHA384_P(D, E, F, G, H, A, B, C, temp[5], FX_ato64i(constants[i * 8 + 5]));
537 SHA384_P(C, D, E, F, G, H, A, B, temp[6], FX_ato64i(constants[i * 8 + 6]));
538 SHA384_P(B, C, D, E, F, G, H, A, temp[7], FX_ato64i(constants[i * 8 + 7]));
539 }
540 ctx->state[0] += A;
541 ctx->state[1] += B;
542 ctx->state[2] += C;
543 ctx->state[3] += D;
544 ctx->state[4] += E;
545 ctx->state[5] += F;
546 ctx->state[6] += G;
547 ctx->state[7] += H;
548 }
CRYPT_SHA384Update(void * context,const uint8_t * input,uint32_t length)549 void CRYPT_SHA384Update(void* context, const uint8_t* input, uint32_t length) {
550 sha384_context* ctx = (sha384_context*)context;
551 uint32_t left, fill;
552 if (!length) {
553 return;
554 }
555 left = (uint32_t)ctx->total[0] & 0x7F;
556 fill = 128 - left;
557 ctx->total[0] += length;
558 if (ctx->total[0] < length) {
559 ctx->total[1]++;
560 }
561 if (left && length >= fill) {
562 FXSYS_memcpy((void*)(ctx->buffer + left), (void*)input, fill);
563 sha384_process(ctx, ctx->buffer);
564 length -= fill;
565 input += fill;
566 left = 0;
567 }
568 while (length >= 128) {
569 sha384_process(ctx, input);
570 length -= 128;
571 input += 128;
572 }
573 if (length) {
574 FXSYS_memcpy((void*)(ctx->buffer + left), (void*)input, length);
575 }
576 }
CRYPT_SHA384Finish(void * context,uint8_t digest[48])577 void CRYPT_SHA384Finish(void* context, uint8_t digest[48]) {
578 sha384_context* ctx = (sha384_context*)context;
579 uint32_t last, padn;
580 uint8_t msglen[16];
581 FXSYS_memset(msglen, 0, 16);
582 uint64_t high, low;
583 high = (ctx->total[0] >> 29) | (ctx->total[1] << 3);
584 low = (ctx->total[0] << 3);
585 PUT_UINT64(high, msglen, 0);
586 PUT_UINT64(low, msglen, 8);
587 last = (uint32_t)ctx->total[0] & 0x7F;
588 padn = (last < 112) ? (112 - last) : (240 - last);
589 CRYPT_SHA384Update(ctx, sha384_padding, padn);
590 CRYPT_SHA384Update(ctx, msglen, 16);
591 PUT_UINT64(ctx->state[0], digest, 0);
592 PUT_UINT64(ctx->state[1], digest, 8);
593 PUT_UINT64(ctx->state[2], digest, 16);
594 PUT_UINT64(ctx->state[3], digest, 24);
595 PUT_UINT64(ctx->state[4], digest, 32);
596 PUT_UINT64(ctx->state[5], digest, 40);
597 }
CRYPT_SHA384Generate(const uint8_t * data,uint32_t size,uint8_t digest[64])598 void CRYPT_SHA384Generate(const uint8_t* data,
599 uint32_t size,
600 uint8_t digest[64]) {
601 sha384_context context;
602 CRYPT_SHA384Start(&context);
603 CRYPT_SHA384Update(&context, data, size);
604 CRYPT_SHA384Finish(&context, digest);
605 }
CRYPT_SHA512Start(void * context)606 void CRYPT_SHA512Start(void* context) {
607 if (!context) {
608 return;
609 }
610 sha384_context* ctx = (sha384_context*)context;
611 FXSYS_memset(ctx, 0, sizeof(sha384_context));
612 ctx->state[0] = FX_ato64i("6a09e667f3bcc908");
613 ctx->state[1] = FX_ato64i("bb67ae8584caa73b");
614 ctx->state[2] = FX_ato64i("3c6ef372fe94f82b");
615 ctx->state[3] = FX_ato64i("a54ff53a5f1d36f1");
616 ctx->state[4] = FX_ato64i("510e527fade682d1");
617 ctx->state[5] = FX_ato64i("9b05688c2b3e6c1f");
618 ctx->state[6] = FX_ato64i("1f83d9abfb41bd6b");
619 ctx->state[7] = FX_ato64i("5be0cd19137e2179");
620 }
CRYPT_SHA512Update(void * context,const uint8_t * data,uint32_t size)621 void CRYPT_SHA512Update(void* context, const uint8_t* data, uint32_t size) {
622 CRYPT_SHA384Update(context, data, size);
623 }
CRYPT_SHA512Finish(void * context,uint8_t digest[64])624 void CRYPT_SHA512Finish(void* context, uint8_t digest[64]) {
625 sha384_context* ctx = (sha384_context*)context;
626 uint32_t last, padn;
627 uint8_t msglen[16];
628 FXSYS_memset(msglen, 0, 16);
629 uint64_t high, low;
630 high = (ctx->total[0] >> 29) | (ctx->total[1] << 3);
631 low = (ctx->total[0] << 3);
632 PUT_UINT64(high, msglen, 0);
633 PUT_UINT64(low, msglen, 8);
634 last = (uint32_t)ctx->total[0] & 0x7F;
635 padn = (last < 112) ? (112 - last) : (240 - last);
636 CRYPT_SHA512Update(ctx, sha384_padding, padn);
637 CRYPT_SHA512Update(ctx, msglen, 16);
638 PUT_UINT64(ctx->state[0], digest, 0);
639 PUT_UINT64(ctx->state[1], digest, 8);
640 PUT_UINT64(ctx->state[2], digest, 16);
641 PUT_UINT64(ctx->state[3], digest, 24);
642 PUT_UINT64(ctx->state[4], digest, 32);
643 PUT_UINT64(ctx->state[5], digest, 40);
644 PUT_UINT64(ctx->state[6], digest, 48);
645 PUT_UINT64(ctx->state[7], digest, 56);
646 }
CRYPT_SHA512Generate(const uint8_t * data,uint32_t size,uint8_t digest[64])647 void CRYPT_SHA512Generate(const uint8_t* data,
648 uint32_t size,
649 uint8_t digest[64]) {
650 sha384_context context;
651 CRYPT_SHA512Start(&context);
652 CRYPT_SHA512Update(&context, data, size);
653 CRYPT_SHA512Finish(&context, digest);
654 }
655 #ifdef __cplusplus
656 };
657 #endif
658