1 // Copyright 2014 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6
7 #include "core/fdrm/fx_crypt.h"
8
9 #define SHA_GET_UINT32(n, b, i) \
10 { \
11 (n) = ((uint32_t)(b)[(i)] << 24) | ((uint32_t)(b)[(i) + 1] << 16) | \
12 ((uint32_t)(b)[(i) + 2] << 8) | ((uint32_t)(b)[(i) + 3]); \
13 }
14 #define SHA_PUT_UINT32(n, b, i) \
15 { \
16 (b)[(i)] = (uint8_t)((n) >> 24); \
17 (b)[(i) + 1] = (uint8_t)((n) >> 16); \
18 (b)[(i) + 2] = (uint8_t)((n) >> 8); \
19 (b)[(i) + 3] = (uint8_t)((n)); \
20 }
21 #define SHA_GET_UINT64(n, b, i) \
22 { \
23 (n) = ((uint64_t)(b)[(i)] << 56) | ((uint64_t)(b)[(i) + 1] << 48) | \
24 ((uint64_t)(b)[(i) + 2] << 40) | ((uint64_t)(b)[(i) + 3] << 32) | \
25 ((uint64_t)(b)[(i) + 4] << 24) | ((uint64_t)(b)[(i) + 5] << 16) | \
26 ((uint64_t)(b)[(i) + 6] << 8) | ((uint64_t)(b)[(i) + 7]); \
27 }
28 #define SHA_PUT_UINT64(n, b, i) \
29 { \
30 (b)[(i)] = (uint8_t)((n) >> 56); \
31 (b)[(i) + 1] = (uint8_t)((n) >> 48); \
32 (b)[(i) + 2] = (uint8_t)((n) >> 40); \
33 (b)[(i) + 3] = (uint8_t)((n) >> 32); \
34 (b)[(i) + 4] = (uint8_t)((n) >> 24); \
35 (b)[(i) + 5] = (uint8_t)((n) >> 16); \
36 (b)[(i) + 6] = (uint8_t)((n) >> 8); \
37 (b)[(i) + 7] = (uint8_t)((n)); \
38 }
39
40 #define SHA384_F0(x, y, z) ((x & y) | (z & (x | y)))
41 #define SHA384_F1(x, y, z) (z ^ (x & (y ^ z)))
42 #define SHA384_SHR(x, n) (x >> n)
43 #define SHA384_ROTR(x, n) (SHA384_SHR(x, n) | x << (64 - n))
44 #define SHA384_S0(x) (SHA384_ROTR(x, 1) ^ SHA384_ROTR(x, 8) ^ SHA384_SHR(x, 7))
45 #define SHA384_S1(x) \
46 (SHA384_ROTR(x, 19) ^ SHA384_ROTR(x, 61) ^ SHA384_SHR(x, 6))
47 #define SHA384_S2(x) \
48 (SHA384_ROTR(x, 28) ^ SHA384_ROTR(x, 34) ^ SHA384_ROTR(x, 39))
49 #define SHA384_S3(x) \
50 (SHA384_ROTR(x, 14) ^ SHA384_ROTR(x, 18) ^ SHA384_ROTR(x, 41))
51 #define SHA384_P(a, b, c, d, e, f, g, h, x, K) \
52 { \
53 temp1 = h + SHA384_S3(e) + SHA384_F1(e, f, g) + K + x; \
54 temp2 = SHA384_S2(a) + SHA384_F0(a, b, c); \
55 d += temp1; \
56 h = temp1 + temp2; \
57 }
58 #define SHA384_R(t) \
59 (W[t] = SHA384_S1(W[t - 2]) + W[t - 7] + SHA384_S0(W[t - 15]) + W[t - 16])
60
61 #define rol(x, y) (((x) << (y)) | (((unsigned int)x) >> (32 - y)))
62 #define SHR(x, n) ((x & 0xFFFFFFFF) >> n)
63 #define ROTR(x, n) (SHR(x, n) | (x << (32 - n)))
64 #define S0(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ SHR(x, 3))
65 #define S1(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ SHR(x, 10))
66 #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22))
67 #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25))
68 #define F0(x, y, z) ((x & y) | (z & (x | y)))
69 #define F1(x, y, z) (z ^ (x & (y ^ z)))
70 #define R(t) (W[t] = S1(W[t - 2]) + W[t - 7] + S0(W[t - 15]) + W[t - 16])
71 #define PS(a, b, c, d, e, f, g, h, x, K) \
72 { \
73 temp1 = h + S3(e) + F1(e, f, g) + K + x; \
74 temp2 = S2(a) + F0(a, b, c); \
75 d += temp1; \
76 h = temp1 + temp2; \
77 }
78
79 namespace {
80
SHA_Core_Init(unsigned int h[5])81 void SHA_Core_Init(unsigned int h[5]) {
82 h[0] = 0x67452301;
83 h[1] = 0xefcdab89;
84 h[2] = 0x98badcfe;
85 h[3] = 0x10325476;
86 h[4] = 0xc3d2e1f0;
87 }
88
SHATransform(unsigned int * digest,unsigned int * block)89 void SHATransform(unsigned int* digest, unsigned int* block) {
90 unsigned int w[80];
91 unsigned int a, b, c, d, e;
92 int t;
93 for (t = 0; t < 16; t++) {
94 w[t] = block[t];
95 }
96 for (t = 16; t < 80; t++) {
97 unsigned int tmp = w[t - 3] ^ w[t - 8] ^ w[t - 14] ^ w[t - 16];
98 w[t] = rol(tmp, 1);
99 }
100 a = digest[0];
101 b = digest[1];
102 c = digest[2];
103 d = digest[3];
104 e = digest[4];
105 for (t = 0; t < 20; t++) {
106 unsigned int tmp = rol(a, 5) + ((b & c) | (d & ~b)) + e + w[t] + 0x5a827999;
107 e = d;
108 d = c;
109 c = rol(b, 30);
110 b = a;
111 a = tmp;
112 }
113 for (t = 20; t < 40; t++) {
114 unsigned int tmp = rol(a, 5) + (b ^ c ^ d) + e + w[t] + 0x6ed9eba1;
115 e = d;
116 d = c;
117 c = rol(b, 30);
118 b = a;
119 a = tmp;
120 }
121 for (t = 40; t < 60; t++) {
122 unsigned int tmp =
123 rol(a, 5) + ((b & c) | (b & d) | (c & d)) + e + w[t] + 0x8f1bbcdc;
124 e = d;
125 d = c;
126 c = rol(b, 30);
127 b = a;
128 a = tmp;
129 }
130 for (t = 60; t < 80; t++) {
131 unsigned int tmp = rol(a, 5) + (b ^ c ^ d) + e + w[t] + 0xca62c1d6;
132 e = d;
133 d = c;
134 c = rol(b, 30);
135 b = a;
136 a = tmp;
137 }
138 digest[0] += a;
139 digest[1] += b;
140 digest[2] += c;
141 digest[3] += d;
142 digest[4] += e;
143 }
144
sha256_process(CRYPT_sha2_context * ctx,const uint8_t data[64])145 void sha256_process(CRYPT_sha2_context* ctx, const uint8_t data[64]) {
146 uint32_t W[64];
147 SHA_GET_UINT32(W[0], data, 0);
148 SHA_GET_UINT32(W[1], data, 4);
149 SHA_GET_UINT32(W[2], data, 8);
150 SHA_GET_UINT32(W[3], data, 12);
151 SHA_GET_UINT32(W[4], data, 16);
152 SHA_GET_UINT32(W[5], data, 20);
153 SHA_GET_UINT32(W[6], data, 24);
154 SHA_GET_UINT32(W[7], data, 28);
155 SHA_GET_UINT32(W[8], data, 32);
156 SHA_GET_UINT32(W[9], data, 36);
157 SHA_GET_UINT32(W[10], data, 40);
158 SHA_GET_UINT32(W[11], data, 44);
159 SHA_GET_UINT32(W[12], data, 48);
160 SHA_GET_UINT32(W[13], data, 52);
161 SHA_GET_UINT32(W[14], data, 56);
162 SHA_GET_UINT32(W[15], data, 60);
163
164 uint32_t temp1;
165 uint32_t temp2;
166 uint32_t A = ctx->state[0];
167 uint32_t B = ctx->state[1];
168 uint32_t C = ctx->state[2];
169 uint32_t D = ctx->state[3];
170 uint32_t E = ctx->state[4];
171 uint32_t F = ctx->state[5];
172 uint32_t G = ctx->state[6];
173 uint32_t H = ctx->state[7];
174 PS(A, B, C, D, E, F, G, H, W[0], 0x428A2F98);
175 PS(H, A, B, C, D, E, F, G, W[1], 0x71374491);
176 PS(G, H, A, B, C, D, E, F, W[2], 0xB5C0FBCF);
177 PS(F, G, H, A, B, C, D, E, W[3], 0xE9B5DBA5);
178 PS(E, F, G, H, A, B, C, D, W[4], 0x3956C25B);
179 PS(D, E, F, G, H, A, B, C, W[5], 0x59F111F1);
180 PS(C, D, E, F, G, H, A, B, W[6], 0x923F82A4);
181 PS(B, C, D, E, F, G, H, A, W[7], 0xAB1C5ED5);
182 PS(A, B, C, D, E, F, G, H, W[8], 0xD807AA98);
183 PS(H, A, B, C, D, E, F, G, W[9], 0x12835B01);
184 PS(G, H, A, B, C, D, E, F, W[10], 0x243185BE);
185 PS(F, G, H, A, B, C, D, E, W[11], 0x550C7DC3);
186 PS(E, F, G, H, A, B, C, D, W[12], 0x72BE5D74);
187 PS(D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE);
188 PS(C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7);
189 PS(B, C, D, E, F, G, H, A, W[15], 0xC19BF174);
190 PS(A, B, C, D, E, F, G, H, R(16), 0xE49B69C1);
191 PS(H, A, B, C, D, E, F, G, R(17), 0xEFBE4786);
192 PS(G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6);
193 PS(F, G, H, A, B, C, D, E, R(19), 0x240CA1CC);
194 PS(E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F);
195 PS(D, E, F, G, H, A, B, C, R(21), 0x4A7484AA);
196 PS(C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC);
197 PS(B, C, D, E, F, G, H, A, R(23), 0x76F988DA);
198 PS(A, B, C, D, E, F, G, H, R(24), 0x983E5152);
199 PS(H, A, B, C, D, E, F, G, R(25), 0xA831C66D);
200 PS(G, H, A, B, C, D, E, F, R(26), 0xB00327C8);
201 PS(F, G, H, A, B, C, D, E, R(27), 0xBF597FC7);
202 PS(E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3);
203 PS(D, E, F, G, H, A, B, C, R(29), 0xD5A79147);
204 PS(C, D, E, F, G, H, A, B, R(30), 0x06CA6351);
205 PS(B, C, D, E, F, G, H, A, R(31), 0x14292967);
206 PS(A, B, C, D, E, F, G, H, R(32), 0x27B70A85);
207 PS(H, A, B, C, D, E, F, G, R(33), 0x2E1B2138);
208 PS(G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC);
209 PS(F, G, H, A, B, C, D, E, R(35), 0x53380D13);
210 PS(E, F, G, H, A, B, C, D, R(36), 0x650A7354);
211 PS(D, E, F, G, H, A, B, C, R(37), 0x766A0ABB);
212 PS(C, D, E, F, G, H, A, B, R(38), 0x81C2C92E);
213 PS(B, C, D, E, F, G, H, A, R(39), 0x92722C85);
214 PS(A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1);
215 PS(H, A, B, C, D, E, F, G, R(41), 0xA81A664B);
216 PS(G, H, A, B, C, D, E, F, R(42), 0xC24B8B70);
217 PS(F, G, H, A, B, C, D, E, R(43), 0xC76C51A3);
218 PS(E, F, G, H, A, B, C, D, R(44), 0xD192E819);
219 PS(D, E, F, G, H, A, B, C, R(45), 0xD6990624);
220 PS(C, D, E, F, G, H, A, B, R(46), 0xF40E3585);
221 PS(B, C, D, E, F, G, H, A, R(47), 0x106AA070);
222 PS(A, B, C, D, E, F, G, H, R(48), 0x19A4C116);
223 PS(H, A, B, C, D, E, F, G, R(49), 0x1E376C08);
224 PS(G, H, A, B, C, D, E, F, R(50), 0x2748774C);
225 PS(F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5);
226 PS(E, F, G, H, A, B, C, D, R(52), 0x391C0CB3);
227 PS(D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A);
228 PS(C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F);
229 PS(B, C, D, E, F, G, H, A, R(55), 0x682E6FF3);
230 PS(A, B, C, D, E, F, G, H, R(56), 0x748F82EE);
231 PS(H, A, B, C, D, E, F, G, R(57), 0x78A5636F);
232 PS(G, H, A, B, C, D, E, F, R(58), 0x84C87814);
233 PS(F, G, H, A, B, C, D, E, R(59), 0x8CC70208);
234 PS(E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA);
235 PS(D, E, F, G, H, A, B, C, R(61), 0xA4506CEB);
236 PS(C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7);
237 PS(B, C, D, E, F, G, H, A, R(63), 0xC67178F2);
238 ctx->state[0] += A;
239 ctx->state[1] += B;
240 ctx->state[2] += C;
241 ctx->state[3] += D;
242 ctx->state[4] += E;
243 ctx->state[5] += F;
244 ctx->state[6] += G;
245 ctx->state[7] += H;
246 }
247
248 const uint8_t sha256_padding[64] = {
249 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
250 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
251 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
252
253 const uint8_t sha384_padding[128] = {
254 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
255 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
256 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
257 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
258 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
259 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
260 };
261
262 uint64_t const constants[] = {
263 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL,
264 0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
265 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL,
266 0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
267 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL,
268 0xc19bf174cf692694ULL, 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
269 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 0x2de92c6f592b0275ULL,
270 0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
271 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL,
272 0xbf597fc7beef0ee4ULL, 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
273 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 0x27b70a8546d22ffcULL,
274 0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
275 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL,
276 0x92722c851482353bULL, 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
277 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 0xd192e819d6ef5218ULL,
278 0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
279 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL,
280 0x34b0bcb5e19b48a8ULL, 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
281 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 0x748f82ee5defb2fcULL,
282 0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
283 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL,
284 0xc67178f2e372532bULL, 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
285 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 0x06f067aa72176fbaULL,
286 0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
287 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL,
288 0x431d67c49c100d4cULL, 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
289 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL,
290 };
291
sha384_process(CRYPT_sha2_context * ctx,const uint8_t data[128])292 void sha384_process(CRYPT_sha2_context* ctx, const uint8_t data[128]) {
293 uint64_t temp1, temp2;
294 uint64_t A, B, C, D, E, F, G, H;
295 uint64_t W[80];
296 SHA_GET_UINT64(W[0], data, 0);
297 SHA_GET_UINT64(W[1], data, 8);
298 SHA_GET_UINT64(W[2], data, 16);
299 SHA_GET_UINT64(W[3], data, 24);
300 SHA_GET_UINT64(W[4], data, 32);
301 SHA_GET_UINT64(W[5], data, 40);
302 SHA_GET_UINT64(W[6], data, 48);
303 SHA_GET_UINT64(W[7], data, 56);
304 SHA_GET_UINT64(W[8], data, 64);
305 SHA_GET_UINT64(W[9], data, 72);
306 SHA_GET_UINT64(W[10], data, 80);
307 SHA_GET_UINT64(W[11], data, 88);
308 SHA_GET_UINT64(W[12], data, 96);
309 SHA_GET_UINT64(W[13], data, 104);
310 SHA_GET_UINT64(W[14], data, 112);
311 SHA_GET_UINT64(W[15], data, 120);
312 A = ctx->state[0];
313 B = ctx->state[1];
314 C = ctx->state[2];
315 D = ctx->state[3];
316 E = ctx->state[4];
317 F = ctx->state[5];
318 G = ctx->state[6];
319 H = ctx->state[7];
320 for (int i = 0; i < 10; ++i) {
321 uint64_t temp[8];
322 if (i < 2) {
323 temp[0] = W[i * 8];
324 temp[1] = W[i * 8 + 1];
325 temp[2] = W[i * 8 + 2];
326 temp[3] = W[i * 8 + 3];
327 temp[4] = W[i * 8 + 4];
328 temp[5] = W[i * 8 + 5];
329 temp[6] = W[i * 8 + 6];
330 temp[7] = W[i * 8 + 7];
331 } else {
332 temp[0] = SHA384_R(i * 8);
333 temp[1] = SHA384_R(i * 8 + 1);
334 temp[2] = SHA384_R(i * 8 + 2);
335 temp[3] = SHA384_R(i * 8 + 3);
336 temp[4] = SHA384_R(i * 8 + 4);
337 temp[5] = SHA384_R(i * 8 + 5);
338 temp[6] = SHA384_R(i * 8 + 6);
339 temp[7] = SHA384_R(i * 8 + 7);
340 }
341 SHA384_P(A, B, C, D, E, F, G, H, temp[0], constants[i * 8]);
342 SHA384_P(H, A, B, C, D, E, F, G, temp[1], constants[i * 8 + 1]);
343 SHA384_P(G, H, A, B, C, D, E, F, temp[2], constants[i * 8 + 2]);
344 SHA384_P(F, G, H, A, B, C, D, E, temp[3], constants[i * 8 + 3]);
345 SHA384_P(E, F, G, H, A, B, C, D, temp[4], constants[i * 8 + 4]);
346 SHA384_P(D, E, F, G, H, A, B, C, temp[5], constants[i * 8 + 5]);
347 SHA384_P(C, D, E, F, G, H, A, B, temp[6], constants[i * 8 + 6]);
348 SHA384_P(B, C, D, E, F, G, H, A, temp[7], constants[i * 8 + 7]);
349 }
350 ctx->state[0] += A;
351 ctx->state[1] += B;
352 ctx->state[2] += C;
353 ctx->state[3] += D;
354 ctx->state[4] += E;
355 ctx->state[5] += F;
356 ctx->state[6] += G;
357 ctx->state[7] += H;
358 }
359
360 } // namespace
361
CRYPT_SHA1Start(CRYPT_sha1_context * context)362 void CRYPT_SHA1Start(CRYPT_sha1_context* context) {
363 SHA_Core_Init(context->h);
364 context->total_bytes = 0;
365 context->blkused = 0;
366 }
367
CRYPT_SHA1Update(CRYPT_sha1_context * context,const uint8_t * data,uint32_t size)368 void CRYPT_SHA1Update(CRYPT_sha1_context* context,
369 const uint8_t* data,
370 uint32_t size) {
371 context->total_bytes += size;
372 if (context->blkused && size < 64 - context->blkused) {
373 memcpy(context->block + context->blkused, data, size);
374 context->blkused += size;
375 return;
376 }
377 uint32_t wordblock[16];
378 while (size >= 64 - context->blkused) {
379 memcpy(context->block + context->blkused, data, 64 - context->blkused);
380 data += 64 - context->blkused;
381 size -= 64 - context->blkused;
382 for (int i = 0; i < 16; i++) {
383 wordblock[i] = (((uint32_t)context->block[i * 4 + 0]) << 24) |
384 (((uint32_t)context->block[i * 4 + 1]) << 16) |
385 (((uint32_t)context->block[i * 4 + 2]) << 8) |
386 (((uint32_t)context->block[i * 4 + 3]) << 0);
387 }
388 SHATransform(context->h, wordblock);
389 context->blkused = 0;
390 }
391 memcpy(context->block, data, size);
392 context->blkused = size;
393 }
394
CRYPT_SHA1Finish(CRYPT_sha1_context * context,uint8_t digest[20])395 void CRYPT_SHA1Finish(CRYPT_sha1_context* context, uint8_t digest[20]) {
396 uint64_t total_bits = 8 * context->total_bytes; // Prior to padding.
397 uint8_t c[64];
398 uint8_t pad;
399 if (context->blkused >= 56) {
400 pad = 56 + 64 - context->blkused;
401 } else {
402 pad = 56 - context->blkused;
403 }
404 memset(c, 0, pad);
405 c[0] = 0x80;
406 CRYPT_SHA1Update(context, c, pad);
407 c[0] = (total_bits >> 56) & 0xFF;
408 c[1] = (total_bits >> 48) & 0xFF;
409 c[2] = (total_bits >> 40) & 0xFF;
410 c[3] = (total_bits >> 32) & 0xFF;
411 c[4] = (total_bits >> 24) & 0xFF;
412 c[5] = (total_bits >> 16) & 0xFF;
413 c[6] = (total_bits >> 8) & 0xFF;
414 c[7] = (total_bits >> 0) & 0xFF;
415 CRYPT_SHA1Update(context, c, 8);
416 for (int i = 0; i < 5; i++) {
417 digest[i * 4] = (context->h[i] >> 24) & 0xFF;
418 digest[i * 4 + 1] = (context->h[i] >> 16) & 0xFF;
419 digest[i * 4 + 2] = (context->h[i] >> 8) & 0xFF;
420 digest[i * 4 + 3] = (context->h[i]) & 0xFF;
421 }
422 }
423
CRYPT_SHA1Generate(const uint8_t * data,uint32_t size,uint8_t digest[20])424 void CRYPT_SHA1Generate(const uint8_t* data,
425 uint32_t size,
426 uint8_t digest[20]) {
427 CRYPT_sha1_context s;
428 CRYPT_SHA1Start(&s);
429 CRYPT_SHA1Update(&s, data, size);
430 CRYPT_SHA1Finish(&s, digest);
431 }
432
CRYPT_SHA256Start(CRYPT_sha2_context * context)433 void CRYPT_SHA256Start(CRYPT_sha2_context* context) {
434 context->total_bytes = 0;
435 context->state[0] = 0x6A09E667;
436 context->state[1] = 0xBB67AE85;
437 context->state[2] = 0x3C6EF372;
438 context->state[3] = 0xA54FF53A;
439 context->state[4] = 0x510E527F;
440 context->state[5] = 0x9B05688C;
441 context->state[6] = 0x1F83D9AB;
442 context->state[7] = 0x5BE0CD19;
443 memset(context->buffer, 0, sizeof(context->buffer));
444 }
445
CRYPT_SHA256Update(CRYPT_sha2_context * context,const uint8_t * data,uint32_t size)446 void CRYPT_SHA256Update(CRYPT_sha2_context* context,
447 const uint8_t* data,
448 uint32_t size) {
449 if (!size)
450 return;
451
452 uint32_t left = context->total_bytes & 0x3F;
453 uint32_t fill = 64 - left;
454 context->total_bytes += size;
455 if (left && size >= fill) {
456 memcpy(context->buffer + left, data, fill);
457 sha256_process(context, context->buffer);
458 size -= fill;
459 data += fill;
460 left = 0;
461 }
462 while (size >= 64) {
463 sha256_process(context, data);
464 size -= 64;
465 data += 64;
466 }
467 if (size)
468 memcpy(context->buffer + left, data, size);
469 }
470
CRYPT_SHA256Finish(CRYPT_sha2_context * context,uint8_t digest[32])471 void CRYPT_SHA256Finish(CRYPT_sha2_context* context, uint8_t digest[32]) {
472 uint8_t msglen[8];
473 uint64_t total_bits = 8 * context->total_bytes; // Prior to padding.
474 SHA_PUT_UINT64(total_bits, msglen, 0);
475 uint32_t last = context->total_bytes & 0x3F;
476 uint32_t padn = (last < 56) ? (56 - last) : (120 - last);
477 CRYPT_SHA256Update(context, sha256_padding, padn);
478 CRYPT_SHA256Update(context, msglen, 8);
479 SHA_PUT_UINT32(context->state[0], digest, 0);
480 SHA_PUT_UINT32(context->state[1], digest, 4);
481 SHA_PUT_UINT32(context->state[2], digest, 8);
482 SHA_PUT_UINT32(context->state[3], digest, 12);
483 SHA_PUT_UINT32(context->state[4], digest, 16);
484 SHA_PUT_UINT32(context->state[5], digest, 20);
485 SHA_PUT_UINT32(context->state[6], digest, 24);
486 SHA_PUT_UINT32(context->state[7], digest, 28);
487 }
488
CRYPT_SHA256Generate(const uint8_t * data,uint32_t size,uint8_t digest[32])489 void CRYPT_SHA256Generate(const uint8_t* data,
490 uint32_t size,
491 uint8_t digest[32]) {
492 CRYPT_sha2_context ctx;
493 CRYPT_SHA256Start(&ctx);
494 CRYPT_SHA256Update(&ctx, data, size);
495 CRYPT_SHA256Finish(&ctx, digest);
496 }
497
CRYPT_SHA384Start(CRYPT_sha2_context * context)498 void CRYPT_SHA384Start(CRYPT_sha2_context* context) {
499 context->total_bytes = 0;
500 context->state[0] = 0xcbbb9d5dc1059ed8ULL;
501 context->state[1] = 0x629a292a367cd507ULL;
502 context->state[2] = 0x9159015a3070dd17ULL;
503 context->state[3] = 0x152fecd8f70e5939ULL;
504 context->state[4] = 0x67332667ffc00b31ULL;
505 context->state[5] = 0x8eb44a8768581511ULL;
506 context->state[6] = 0xdb0c2e0d64f98fa7ULL;
507 context->state[7] = 0x47b5481dbefa4fa4ULL;
508 memset(context->buffer, 0, sizeof(context->buffer));
509 }
510
CRYPT_SHA384Update(CRYPT_sha2_context * context,const uint8_t * data,uint32_t size)511 void CRYPT_SHA384Update(CRYPT_sha2_context* context,
512 const uint8_t* data,
513 uint32_t size) {
514 if (!size)
515 return;
516
517 uint32_t left = context->total_bytes & 0x7F;
518 uint32_t fill = 128 - left;
519 context->total_bytes += size;
520 if (left && size >= fill) {
521 memcpy(context->buffer + left, data, fill);
522 sha384_process(context, context->buffer);
523 size -= fill;
524 data += fill;
525 left = 0;
526 }
527 while (size >= 128) {
528 sha384_process(context, data);
529 size -= 128;
530 data += 128;
531 }
532 if (size)
533 memcpy(context->buffer + left, data, size);
534 }
535
CRYPT_SHA384Finish(CRYPT_sha2_context * context,uint8_t digest[48])536 void CRYPT_SHA384Finish(CRYPT_sha2_context* context, uint8_t digest[48]) {
537 uint8_t msglen[16];
538 uint64_t total_bits = 8 * context->total_bytes; // Prior to padding.
539 SHA_PUT_UINT64(0ULL, msglen, 0);
540 SHA_PUT_UINT64(total_bits, msglen, 8);
541 uint32_t last = context->total_bytes & 0x7F;
542 uint32_t padn = (last < 112) ? (112 - last) : (240 - last);
543 CRYPT_SHA384Update(context, sha384_padding, padn);
544 CRYPT_SHA384Update(context, msglen, 16);
545 SHA_PUT_UINT64(context->state[0], digest, 0);
546 SHA_PUT_UINT64(context->state[1], digest, 8);
547 SHA_PUT_UINT64(context->state[2], digest, 16);
548 SHA_PUT_UINT64(context->state[3], digest, 24);
549 SHA_PUT_UINT64(context->state[4], digest, 32);
550 SHA_PUT_UINT64(context->state[5], digest, 40);
551 }
552
CRYPT_SHA384Generate(const uint8_t * data,uint32_t size,uint8_t digest[64])553 void CRYPT_SHA384Generate(const uint8_t* data,
554 uint32_t size,
555 uint8_t digest[64]) {
556 CRYPT_sha2_context context;
557 CRYPT_SHA384Start(&context);
558 CRYPT_SHA384Update(&context, data, size);
559 CRYPT_SHA384Finish(&context, digest);
560 }
561
CRYPT_SHA512Start(CRYPT_sha2_context * context)562 void CRYPT_SHA512Start(CRYPT_sha2_context* context) {
563 context->total_bytes = 0;
564 context->state[0] = 0x6a09e667f3bcc908ULL;
565 context->state[1] = 0xbb67ae8584caa73bULL;
566 context->state[2] = 0x3c6ef372fe94f82bULL;
567 context->state[3] = 0xa54ff53a5f1d36f1ULL;
568 context->state[4] = 0x510e527fade682d1ULL;
569 context->state[5] = 0x9b05688c2b3e6c1fULL;
570 context->state[6] = 0x1f83d9abfb41bd6bULL;
571 context->state[7] = 0x5be0cd19137e2179ULL;
572 memset(context->buffer, 0, sizeof(context->buffer));
573 }
574
CRYPT_SHA512Update(CRYPT_sha2_context * context,const uint8_t * data,uint32_t size)575 void CRYPT_SHA512Update(CRYPT_sha2_context* context,
576 const uint8_t* data,
577 uint32_t size) {
578 CRYPT_SHA384Update(context, data, size);
579 }
580
CRYPT_SHA512Finish(CRYPT_sha2_context * context,uint8_t digest[64])581 void CRYPT_SHA512Finish(CRYPT_sha2_context* context, uint8_t digest[64]) {
582 uint8_t msglen[16];
583 uint64_t total_bits = 8 * context->total_bytes;
584 SHA_PUT_UINT64(0ULL, msglen, 0);
585 SHA_PUT_UINT64(total_bits, msglen, 8);
586 uint32_t last = context->total_bytes & 0x7F;
587 uint32_t padn = (last < 112) ? (112 - last) : (240 - last);
588 CRYPT_SHA512Update(context, sha384_padding, padn);
589 CRYPT_SHA512Update(context, msglen, 16);
590 SHA_PUT_UINT64(context->state[0], digest, 0);
591 SHA_PUT_UINT64(context->state[1], digest, 8);
592 SHA_PUT_UINT64(context->state[2], digest, 16);
593 SHA_PUT_UINT64(context->state[3], digest, 24);
594 SHA_PUT_UINT64(context->state[4], digest, 32);
595 SHA_PUT_UINT64(context->state[5], digest, 40);
596 SHA_PUT_UINT64(context->state[6], digest, 48);
597 SHA_PUT_UINT64(context->state[7], digest, 56);
598 }
599
CRYPT_SHA512Generate(const uint8_t * data,uint32_t size,uint8_t digest[64])600 void CRYPT_SHA512Generate(const uint8_t* data,
601 uint32_t size,
602 uint8_t digest[64]) {
603 CRYPT_sha2_context context;
604 CRYPT_SHA512Start(&context);
605 CRYPT_SHA512Update(&context, data, size);
606 CRYPT_SHA512Finish(&context, digest);
607 }
608