1 // Copyright 2014 PDFium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com 6 7 #include "core/include/fdrm/fx_crypt.h" 8 9 #ifdef __cplusplus 10 extern "C" { 11 #endif 12 typedef struct { 13 unsigned int h[5]; 14 unsigned char block[64]; 15 int blkused; 16 unsigned int lenhi, lenlo; 17 } SHA_State; 18 #define rol(x, y) (((x) << (y)) | (((unsigned int)x) >> (32 - y))) 19 static void SHA_Core_Init(unsigned int h[5]) { 20 h[0] = 0x67452301; 21 h[1] = 0xefcdab89; 22 h[2] = 0x98badcfe; 23 h[3] = 0x10325476; 24 h[4] = 0xc3d2e1f0; 25 } 26 static void SHATransform(unsigned int* digest, unsigned int* block) { 27 unsigned int w[80]; 28 unsigned int a, b, c, d, e; 29 int t; 30 for (t = 0; t < 16; t++) { 31 w[t] = block[t]; 32 } 33 for (t = 16; t < 80; t++) { 34 unsigned int tmp = w[t - 3] ^ w[t - 8] ^ w[t - 14] ^ w[t - 16]; 35 w[t] = rol(tmp, 1); 36 } 37 a = digest[0]; 38 b = digest[1]; 39 c = digest[2]; 40 d = digest[3]; 41 e = digest[4]; 42 for (t = 0; t < 20; t++) { 43 unsigned int tmp = rol(a, 5) + ((b & c) | (d & ~b)) + e + w[t] + 0x5a827999; 44 e = d; 45 d = c; 46 c = rol(b, 30); 47 b = a; 48 a = tmp; 49 } 50 for (t = 20; t < 40; t++) { 51 unsigned int tmp = rol(a, 5) + (b ^ c ^ d) + e + w[t] + 0x6ed9eba1; 52 e = d; 53 d = c; 54 c = rol(b, 30); 55 b = a; 56 a = tmp; 57 } 58 for (t = 40; t < 60; t++) { 59 unsigned int tmp = 60 rol(a, 5) + ((b & c) | (b & d) | (c & d)) + e + w[t] + 0x8f1bbcdc; 61 e = d; 62 d = c; 63 c = rol(b, 30); 64 b = a; 65 a = tmp; 66 } 67 for (t = 60; t < 80; t++) { 68 unsigned int tmp = rol(a, 5) + (b ^ c ^ d) + e + w[t] + 0xca62c1d6; 69 e = d; 70 d = c; 71 c = rol(b, 30); 72 b = a; 73 a = tmp; 74 } 75 digest[0] += a; 76 digest[1] += b; 77 digest[2] += c; 78 digest[3] += d; 79 digest[4] += e; 80 } 81 void CRYPT_SHA1Start(void* context) { 82 SHA_State* s = (SHA_State*)context; 83 SHA_Core_Init(s->h); 84 s->blkused = 0; 85 s->lenhi = s->lenlo = 0; 86 } 87 void CRYPT_SHA1Update(void* context, const uint8_t* data, FX_DWORD size) { 88 SHA_State* s = (SHA_State*)context; 89 unsigned char* q = (unsigned char*)data; 90 unsigned int wordblock[16]; 91 int len = size; 92 unsigned int lenw = len; 93 int i; 94 s->lenlo += lenw; 95 s->lenhi += (s->lenlo < lenw); 96 if (s->blkused && s->blkused + len < 64) { 97 FXSYS_memcpy(s->block + s->blkused, q, len); 98 s->blkused += len; 99 } else { 100 while (s->blkused + len >= 64) { 101 FXSYS_memcpy(s->block + s->blkused, q, 64 - s->blkused); 102 q += 64 - s->blkused; 103 len -= 64 - s->blkused; 104 for (i = 0; i < 16; i++) { 105 wordblock[i] = (((unsigned int)s->block[i * 4 + 0]) << 24) | 106 (((unsigned int)s->block[i * 4 + 1]) << 16) | 107 (((unsigned int)s->block[i * 4 + 2]) << 8) | 108 (((unsigned int)s->block[i * 4 + 3]) << 0); 109 } 110 SHATransform(s->h, wordblock); 111 s->blkused = 0; 112 } 113 FXSYS_memcpy(s->block, q, len); 114 s->blkused = len; 115 } 116 } 117 void CRYPT_SHA1Finish(void* context, uint8_t digest[20]) { 118 SHA_State* s = (SHA_State*)context; 119 int i; 120 int pad; 121 unsigned char c[64]; 122 unsigned int lenhi, lenlo; 123 if (s->blkused >= 56) { 124 pad = 56 + 64 - s->blkused; 125 } else { 126 pad = 56 - s->blkused; 127 } 128 lenhi = (s->lenhi << 3) | (s->lenlo >> (32 - 3)); 129 lenlo = (s->lenlo << 3); 130 FXSYS_memset(c, 0, pad); 131 c[0] = 0x80; 132 CRYPT_SHA1Update(s, c, pad); 133 c[0] = (lenhi >> 24) & 0xFF; 134 c[1] = (lenhi >> 16) & 0xFF; 135 c[2] = (lenhi >> 8) & 0xFF; 136 c[3] = (lenhi >> 0) & 0xFF; 137 c[4] = (lenlo >> 24) & 0xFF; 138 c[5] = (lenlo >> 16) & 0xFF; 139 c[6] = (lenlo >> 8) & 0xFF; 140 c[7] = (lenlo >> 0) & 0xFF; 141 CRYPT_SHA1Update(s, c, 8); 142 for (i = 0; i < 5; i++) { 143 digest[i * 4] = (s->h[i] >> 24) & 0xFF; 144 digest[i * 4 + 1] = (s->h[i] >> 16) & 0xFF; 145 digest[i * 4 + 2] = (s->h[i] >> 8) & 0xFF; 146 digest[i * 4 + 3] = (s->h[i]) & 0xFF; 147 } 148 } 149 void CRYPT_SHA1Generate(const uint8_t* data, 150 FX_DWORD size, 151 uint8_t digest[20]) { 152 SHA_State s; 153 CRYPT_SHA1Start(&s); 154 CRYPT_SHA1Update(&s, data, size); 155 CRYPT_SHA1Finish(&s, digest); 156 } 157 typedef struct { 158 FX_DWORD total[2]; 159 FX_DWORD state[8]; 160 uint8_t buffer[64]; 161 } sha256_context; 162 #define GET_FX_DWORD(n, b, i) \ 163 { \ 164 (n) = ((FX_DWORD)(b)[(i)] << 24) | ((FX_DWORD)(b)[(i) + 1] << 16) | \ 165 ((FX_DWORD)(b)[(i) + 2] << 8) | ((FX_DWORD)(b)[(i) + 3]); \ 166 } 167 #define PUT_FX_DWORD(n, b, i) \ 168 { \ 169 (b)[(i)] = (uint8_t)((n) >> 24); \ 170 (b)[(i) + 1] = (uint8_t)((n) >> 16); \ 171 (b)[(i) + 2] = (uint8_t)((n) >> 8); \ 172 (b)[(i) + 3] = (uint8_t)((n)); \ 173 } 174 void CRYPT_SHA256Start(void* context) { 175 sha256_context* ctx = (sha256_context*)context; 176 ctx->total[0] = 0; 177 ctx->total[1] = 0; 178 ctx->state[0] = 0x6A09E667; 179 ctx->state[1] = 0xBB67AE85; 180 ctx->state[2] = 0x3C6EF372; 181 ctx->state[3] = 0xA54FF53A; 182 ctx->state[4] = 0x510E527F; 183 ctx->state[5] = 0x9B05688C; 184 ctx->state[6] = 0x1F83D9AB; 185 ctx->state[7] = 0x5BE0CD19; 186 } 187 static void sha256_process(sha256_context* ctx, const uint8_t data[64]) { 188 FX_DWORD temp1, temp2, W[64]; 189 FX_DWORD A, B, C, D, E, F, G, H; 190 GET_FX_DWORD(W[0], data, 0); 191 GET_FX_DWORD(W[1], data, 4); 192 GET_FX_DWORD(W[2], data, 8); 193 GET_FX_DWORD(W[3], data, 12); 194 GET_FX_DWORD(W[4], data, 16); 195 GET_FX_DWORD(W[5], data, 20); 196 GET_FX_DWORD(W[6], data, 24); 197 GET_FX_DWORD(W[7], data, 28); 198 GET_FX_DWORD(W[8], data, 32); 199 GET_FX_DWORD(W[9], data, 36); 200 GET_FX_DWORD(W[10], data, 40); 201 GET_FX_DWORD(W[11], data, 44); 202 GET_FX_DWORD(W[12], data, 48); 203 GET_FX_DWORD(W[13], data, 52); 204 GET_FX_DWORD(W[14], data, 56); 205 GET_FX_DWORD(W[15], data, 60); 206 #define SHR(x, n) ((x & 0xFFFFFFFF) >> n) 207 #define ROTR(x, n) (SHR(x, n) | (x << (32 - n))) 208 #define S0(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ SHR(x, 3)) 209 #define S1(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ SHR(x, 10)) 210 #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) 211 #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) 212 #define F0(x, y, z) ((x & y) | (z & (x | y))) 213 #define F1(x, y, z) (z ^ (x & (y ^ z))) 214 #define R(t) (W[t] = S1(W[t - 2]) + W[t - 7] + S0(W[t - 15]) + W[t - 16]) 215 #define P(a, b, c, d, e, f, g, h, x, K) \ 216 { \ 217 temp1 = h + S3(e) + F1(e, f, g) + K + x; \ 218 temp2 = S2(a) + F0(a, b, c); \ 219 d += temp1; \ 220 h = temp1 + temp2; \ 221 } 222 A = ctx->state[0]; 223 B = ctx->state[1]; 224 C = ctx->state[2]; 225 D = ctx->state[3]; 226 E = ctx->state[4]; 227 F = ctx->state[5]; 228 G = ctx->state[6]; 229 H = ctx->state[7]; 230 P(A, B, C, D, E, F, G, H, W[0], 0x428A2F98); 231 P(H, A, B, C, D, E, F, G, W[1], 0x71374491); 232 P(G, H, A, B, C, D, E, F, W[2], 0xB5C0FBCF); 233 P(F, G, H, A, B, C, D, E, W[3], 0xE9B5DBA5); 234 P(E, F, G, H, A, B, C, D, W[4], 0x3956C25B); 235 P(D, E, F, G, H, A, B, C, W[5], 0x59F111F1); 236 P(C, D, E, F, G, H, A, B, W[6], 0x923F82A4); 237 P(B, C, D, E, F, G, H, A, W[7], 0xAB1C5ED5); 238 P(A, B, C, D, E, F, G, H, W[8], 0xD807AA98); 239 P(H, A, B, C, D, E, F, G, W[9], 0x12835B01); 240 P(G, H, A, B, C, D, E, F, W[10], 0x243185BE); 241 P(F, G, H, A, B, C, D, E, W[11], 0x550C7DC3); 242 P(E, F, G, H, A, B, C, D, W[12], 0x72BE5D74); 243 P(D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE); 244 P(C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7); 245 P(B, C, D, E, F, G, H, A, W[15], 0xC19BF174); 246 P(A, B, C, D, E, F, G, H, R(16), 0xE49B69C1); 247 P(H, A, B, C, D, E, F, G, R(17), 0xEFBE4786); 248 P(G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6); 249 P(F, G, H, A, B, C, D, E, R(19), 0x240CA1CC); 250 P(E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F); 251 P(D, E, F, G, H, A, B, C, R(21), 0x4A7484AA); 252 P(C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC); 253 P(B, C, D, E, F, G, H, A, R(23), 0x76F988DA); 254 P(A, B, C, D, E, F, G, H, R(24), 0x983E5152); 255 P(H, A, B, C, D, E, F, G, R(25), 0xA831C66D); 256 P(G, H, A, B, C, D, E, F, R(26), 0xB00327C8); 257 P(F, G, H, A, B, C, D, E, R(27), 0xBF597FC7); 258 P(E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3); 259 P(D, E, F, G, H, A, B, C, R(29), 0xD5A79147); 260 P(C, D, E, F, G, H, A, B, R(30), 0x06CA6351); 261 P(B, C, D, E, F, G, H, A, R(31), 0x14292967); 262 P(A, B, C, D, E, F, G, H, R(32), 0x27B70A85); 263 P(H, A, B, C, D, E, F, G, R(33), 0x2E1B2138); 264 P(G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC); 265 P(F, G, H, A, B, C, D, E, R(35), 0x53380D13); 266 P(E, F, G, H, A, B, C, D, R(36), 0x650A7354); 267 P(D, E, F, G, H, A, B, C, R(37), 0x766A0ABB); 268 P(C, D, E, F, G, H, A, B, R(38), 0x81C2C92E); 269 P(B, C, D, E, F, G, H, A, R(39), 0x92722C85); 270 P(A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1); 271 P(H, A, B, C, D, E, F, G, R(41), 0xA81A664B); 272 P(G, H, A, B, C, D, E, F, R(42), 0xC24B8B70); 273 P(F, G, H, A, B, C, D, E, R(43), 0xC76C51A3); 274 P(E, F, G, H, A, B, C, D, R(44), 0xD192E819); 275 P(D, E, F, G, H, A, B, C, R(45), 0xD6990624); 276 P(C, D, E, F, G, H, A, B, R(46), 0xF40E3585); 277 P(B, C, D, E, F, G, H, A, R(47), 0x106AA070); 278 P(A, B, C, D, E, F, G, H, R(48), 0x19A4C116); 279 P(H, A, B, C, D, E, F, G, R(49), 0x1E376C08); 280 P(G, H, A, B, C, D, E, F, R(50), 0x2748774C); 281 P(F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5); 282 P(E, F, G, H, A, B, C, D, R(52), 0x391C0CB3); 283 P(D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A); 284 P(C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F); 285 P(B, C, D, E, F, G, H, A, R(55), 0x682E6FF3); 286 P(A, B, C, D, E, F, G, H, R(56), 0x748F82EE); 287 P(H, A, B, C, D, E, F, G, R(57), 0x78A5636F); 288 P(G, H, A, B, C, D, E, F, R(58), 0x84C87814); 289 P(F, G, H, A, B, C, D, E, R(59), 0x8CC70208); 290 P(E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA); 291 P(D, E, F, G, H, A, B, C, R(61), 0xA4506CEB); 292 P(C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7); 293 P(B, C, D, E, F, G, H, A, R(63), 0xC67178F2); 294 ctx->state[0] += A; 295 ctx->state[1] += B; 296 ctx->state[2] += C; 297 ctx->state[3] += D; 298 ctx->state[4] += E; 299 ctx->state[5] += F; 300 ctx->state[6] += G; 301 ctx->state[7] += H; 302 } 303 void CRYPT_SHA256Update(void* context, const uint8_t* input, FX_DWORD length) { 304 sha256_context* ctx = (sha256_context*)context; 305 FX_DWORD left, fill; 306 if (!length) { 307 return; 308 } 309 left = ctx->total[0] & 0x3F; 310 fill = 64 - left; 311 ctx->total[0] += length; 312 ctx->total[0] &= 0xFFFFFFFF; 313 if (ctx->total[0] < length) { 314 ctx->total[1]++; 315 } 316 if (left && length >= fill) { 317 FXSYS_memcpy((void*)(ctx->buffer + left), (void*)input, fill); 318 sha256_process(ctx, ctx->buffer); 319 length -= fill; 320 input += fill; 321 left = 0; 322 } 323 while (length >= 64) { 324 sha256_process(ctx, input); 325 length -= 64; 326 input += 64; 327 } 328 if (length) { 329 FXSYS_memcpy((void*)(ctx->buffer + left), (void*)input, length); 330 } 331 } 332 static const uint8_t sha256_padding[64] = { 333 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 334 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 335 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; 336 void CRYPT_SHA256Finish(void* context, uint8_t digest[32]) { 337 sha256_context* ctx = (sha256_context*)context; 338 FX_DWORD last, padn; 339 FX_DWORD high, low; 340 uint8_t msglen[8]; 341 high = (ctx->total[0] >> 29) | (ctx->total[1] << 3); 342 low = (ctx->total[0] << 3); 343 PUT_FX_DWORD(high, msglen, 0); 344 PUT_FX_DWORD(low, msglen, 4); 345 last = ctx->total[0] & 0x3F; 346 padn = (last < 56) ? (56 - last) : (120 - last); 347 CRYPT_SHA256Update(ctx, sha256_padding, padn); 348 CRYPT_SHA256Update(ctx, msglen, 8); 349 PUT_FX_DWORD(ctx->state[0], digest, 0); 350 PUT_FX_DWORD(ctx->state[1], digest, 4); 351 PUT_FX_DWORD(ctx->state[2], digest, 8); 352 PUT_FX_DWORD(ctx->state[3], digest, 12); 353 PUT_FX_DWORD(ctx->state[4], digest, 16); 354 PUT_FX_DWORD(ctx->state[5], digest, 20); 355 PUT_FX_DWORD(ctx->state[6], digest, 24); 356 PUT_FX_DWORD(ctx->state[7], digest, 28); 357 } 358 void CRYPT_SHA256Generate(const uint8_t* data, 359 FX_DWORD size, 360 uint8_t digest[32]) { 361 sha256_context ctx; 362 CRYPT_SHA256Start(&ctx); 363 CRYPT_SHA256Update(&ctx, data, size); 364 CRYPT_SHA256Finish(&ctx, digest); 365 } 366 typedef struct { 367 uint64_t total[2]; 368 uint64_t state[8]; 369 uint8_t buffer[128]; 370 } sha384_context; 371 uint64_t FX_ato64i(const FX_CHAR* str) { 372 FXSYS_assert(str); 373 uint64_t ret = 0; 374 int len = (int)FXSYS_strlen(str); 375 len = len > 16 ? 16 : len; 376 for (int i = 0; i < len; ++i) { 377 if (i) { 378 ret <<= 4; 379 } 380 if (str[i] >= '0' && str[i] <= '9') { 381 ret |= (str[i] - '0') & 0xFF; 382 } else if (str[i] >= 'a' && str[i] <= 'f') { 383 ret |= (str[i] - 'a' + 10) & 0xFF; 384 } else if (str[i] >= 'A' && str[i] <= 'F') { 385 ret |= (str[i] - 'A' + 10) & 0xFF; 386 } else { 387 FXSYS_assert(FALSE); 388 } 389 } 390 return ret; 391 } 392 void CRYPT_SHA384Start(void* context) { 393 if (!context) { 394 return; 395 } 396 sha384_context* ctx = (sha384_context*)context; 397 FXSYS_memset(ctx, 0, sizeof(sha384_context)); 398 ctx->state[0] = FX_ato64i("cbbb9d5dc1059ed8"); 399 ctx->state[1] = FX_ato64i("629a292a367cd507"); 400 ctx->state[2] = FX_ato64i("9159015a3070dd17"); 401 ctx->state[3] = FX_ato64i("152fecd8f70e5939"); 402 ctx->state[4] = FX_ato64i("67332667ffc00b31"); 403 ctx->state[5] = FX_ato64i("8eb44a8768581511"); 404 ctx->state[6] = FX_ato64i("db0c2e0d64f98fa7"); 405 ctx->state[7] = FX_ato64i("47b5481dbefa4fa4"); 406 } 407 #define SHA384_F0(x, y, z) ((x & y) | (z & (x | y))) 408 #define SHA384_F1(x, y, z) (z ^ (x & (y ^ z))) 409 #define SHA384_SHR(x, n) (x >> n) 410 #define SHA384_ROTR(x, n) (SHA384_SHR(x, n) | x << (64 - n)) 411 #define SHA384_S0(x) (SHA384_ROTR(x, 1) ^ SHA384_ROTR(x, 8) ^ SHA384_SHR(x, 7)) 412 #define SHA384_S1(x) \ 413 (SHA384_ROTR(x, 19) ^ SHA384_ROTR(x, 61) ^ SHA384_SHR(x, 6)) 414 #define SHA384_S2(x) \ 415 (SHA384_ROTR(x, 28) ^ SHA384_ROTR(x, 34) ^ SHA384_ROTR(x, 39)) 416 #define SHA384_S3(x) \ 417 (SHA384_ROTR(x, 14) ^ SHA384_ROTR(x, 18) ^ SHA384_ROTR(x, 41)) 418 #define SHA384_P(a, b, c, d, e, f, g, h, x, K) \ 419 { \ 420 temp1 = h + SHA384_S3(e) + SHA384_F1(e, f, g) + K + x; \ 421 temp2 = SHA384_S2(a) + SHA384_F0(a, b, c); \ 422 d += temp1; \ 423 h = temp1 + temp2; \ 424 } 425 static const uint8_t sha384_padding[128] = { 426 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 427 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 428 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 429 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 430 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 431 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 432 }; 433 #define SHA384_R(t) \ 434 (W[t] = SHA384_S1(W[t - 2]) + W[t - 7] + SHA384_S0(W[t - 15]) + W[t - 16]) 435 static const FX_CHAR* constants[] = { 436 "428a2f98d728ae22", "7137449123ef65cd", "b5c0fbcfec4d3b2f", 437 "e9b5dba58189dbbc", "3956c25bf348b538", "59f111f1b605d019", 438 "923f82a4af194f9b", "ab1c5ed5da6d8118", "d807aa98a3030242", 439 "12835b0145706fbe", "243185be4ee4b28c", "550c7dc3d5ffb4e2", 440 "72be5d74f27b896f", "80deb1fe3b1696b1", "9bdc06a725c71235", 441 "c19bf174cf692694", "e49b69c19ef14ad2", "efbe4786384f25e3", 442 "0fc19dc68b8cd5b5", "240ca1cc77ac9c65", "2de92c6f592b0275", 443 "4a7484aa6ea6e483", "5cb0a9dcbd41fbd4", "76f988da831153b5", 444 "983e5152ee66dfab", "a831c66d2db43210", "b00327c898fb213f", 445 "bf597fc7beef0ee4", "c6e00bf33da88fc2", "d5a79147930aa725", 446 "06ca6351e003826f", "142929670a0e6e70", "27b70a8546d22ffc", 447 "2e1b21385c26c926", "4d2c6dfc5ac42aed", "53380d139d95b3df", 448 "650a73548baf63de", "766a0abb3c77b2a8", "81c2c92e47edaee6", 449 "92722c851482353b", "a2bfe8a14cf10364", "a81a664bbc423001", 450 "c24b8b70d0f89791", "c76c51a30654be30", "d192e819d6ef5218", 451 "d69906245565a910", "f40e35855771202a", "106aa07032bbd1b8", 452 "19a4c116b8d2d0c8", "1e376c085141ab53", "2748774cdf8eeb99", 453 "34b0bcb5e19b48a8", "391c0cb3c5c95a63", "4ed8aa4ae3418acb", 454 "5b9cca4f7763e373", "682e6ff3d6b2b8a3", "748f82ee5defb2fc", 455 "78a5636f43172f60", "84c87814a1f0ab72", "8cc702081a6439ec", 456 "90befffa23631e28", "a4506cebde82bde9", "bef9a3f7b2c67915", 457 "c67178f2e372532b", "ca273eceea26619c", "d186b8c721c0c207", 458 "eada7dd6cde0eb1e", "f57d4f7fee6ed178", "06f067aa72176fba", 459 "0a637dc5a2c898a6", "113f9804bef90dae", "1b710b35131c471b", 460 "28db77f523047d84", "32caab7b40c72493", "3c9ebe0a15c9bebc", 461 "431d67c49c100d4c", "4cc5d4becb3e42b6", "597f299cfc657e2a", 462 "5fcb6fab3ad6faec", "6c44198c4a475817", 463 }; 464 #define GET_FX_64WORD(n, b, i) \ 465 { \ 466 (n) = ((uint64_t)(b)[(i)] << 56) | ((uint64_t)(b)[(i) + 1] << 48) | \ 467 ((uint64_t)(b)[(i) + 2] << 40) | ((uint64_t)(b)[(i) + 3] << 32) | \ 468 ((uint64_t)(b)[(i) + 4] << 24) | ((uint64_t)(b)[(i) + 5] << 16) | \ 469 ((uint64_t)(b)[(i) + 6] << 8) | ((uint64_t)(b)[(i) + 7]); \ 470 } 471 #define PUT_FX_64DWORD(n, b, i) \ 472 { \ 473 (b)[(i)] = (uint8_t)((n) >> 56); \ 474 (b)[(i) + 1] = (uint8_t)((n) >> 48); \ 475 (b)[(i) + 2] = (uint8_t)((n) >> 40); \ 476 (b)[(i) + 3] = (uint8_t)((n) >> 32); \ 477 (b)[(i) + 4] = (uint8_t)((n) >> 24); \ 478 (b)[(i) + 5] = (uint8_t)((n) >> 16); \ 479 (b)[(i) + 6] = (uint8_t)((n) >> 8); \ 480 (b)[(i) + 7] = (uint8_t)((n)); \ 481 } 482 static void sha384_process(sha384_context* ctx, const uint8_t data[128]) { 483 uint64_t temp1, temp2; 484 uint64_t A, B, C, D, E, F, G, H; 485 uint64_t W[80]; 486 GET_FX_64WORD(W[0], data, 0); 487 GET_FX_64WORD(W[1], data, 8); 488 GET_FX_64WORD(W[2], data, 16); 489 GET_FX_64WORD(W[3], data, 24); 490 GET_FX_64WORD(W[4], data, 32); 491 GET_FX_64WORD(W[5], data, 40); 492 GET_FX_64WORD(W[6], data, 48); 493 GET_FX_64WORD(W[7], data, 56); 494 GET_FX_64WORD(W[8], data, 64); 495 GET_FX_64WORD(W[9], data, 72); 496 GET_FX_64WORD(W[10], data, 80); 497 GET_FX_64WORD(W[11], data, 88); 498 GET_FX_64WORD(W[12], data, 96); 499 GET_FX_64WORD(W[13], data, 104); 500 GET_FX_64WORD(W[14], data, 112); 501 GET_FX_64WORD(W[15], data, 120); 502 A = ctx->state[0]; 503 B = ctx->state[1]; 504 C = ctx->state[2]; 505 D = ctx->state[3]; 506 E = ctx->state[4]; 507 F = ctx->state[5]; 508 G = ctx->state[6]; 509 H = ctx->state[7]; 510 for (int i = 0; i < 10; ++i) { 511 uint64_t temp[8]; 512 if (i < 2) { 513 temp[0] = W[i * 8]; 514 temp[1] = W[i * 8 + 1]; 515 temp[2] = W[i * 8 + 2]; 516 temp[3] = W[i * 8 + 3]; 517 temp[4] = W[i * 8 + 4]; 518 temp[5] = W[i * 8 + 5]; 519 temp[6] = W[i * 8 + 6]; 520 temp[7] = W[i * 8 + 7]; 521 } else { 522 temp[0] = SHA384_R(i * 8); 523 temp[1] = SHA384_R(i * 8 + 1); 524 temp[2] = SHA384_R(i * 8 + 2); 525 temp[3] = SHA384_R(i * 8 + 3); 526 temp[4] = SHA384_R(i * 8 + 4); 527 temp[5] = SHA384_R(i * 8 + 5); 528 temp[6] = SHA384_R(i * 8 + 6); 529 temp[7] = SHA384_R(i * 8 + 7); 530 } 531 SHA384_P(A, B, C, D, E, F, G, H, temp[0], FX_ato64i(constants[i * 8])); 532 SHA384_P(H, A, B, C, D, E, F, G, temp[1], FX_ato64i(constants[i * 8 + 1])); 533 SHA384_P(G, H, A, B, C, D, E, F, temp[2], FX_ato64i(constants[i * 8 + 2])); 534 SHA384_P(F, G, H, A, B, C, D, E, temp[3], FX_ato64i(constants[i * 8 + 3])); 535 SHA384_P(E, F, G, H, A, B, C, D, temp[4], FX_ato64i(constants[i * 8 + 4])); 536 SHA384_P(D, E, F, G, H, A, B, C, temp[5], FX_ato64i(constants[i * 8 + 5])); 537 SHA384_P(C, D, E, F, G, H, A, B, temp[6], FX_ato64i(constants[i * 8 + 6])); 538 SHA384_P(B, C, D, E, F, G, H, A, temp[7], FX_ato64i(constants[i * 8 + 7])); 539 } 540 ctx->state[0] += A; 541 ctx->state[1] += B; 542 ctx->state[2] += C; 543 ctx->state[3] += D; 544 ctx->state[4] += E; 545 ctx->state[5] += F; 546 ctx->state[6] += G; 547 ctx->state[7] += H; 548 } 549 void CRYPT_SHA384Update(void* context, const uint8_t* input, FX_DWORD length) { 550 sha384_context* ctx = (sha384_context*)context; 551 FX_DWORD left, fill; 552 if (!length) { 553 return; 554 } 555 left = (FX_DWORD)ctx->total[0] & 0x7F; 556 fill = 128 - left; 557 ctx->total[0] += length; 558 if (ctx->total[0] < length) { 559 ctx->total[1]++; 560 } 561 if (left && length >= fill) { 562 FXSYS_memcpy((void*)(ctx->buffer + left), (void*)input, fill); 563 sha384_process(ctx, ctx->buffer); 564 length -= fill; 565 input += fill; 566 left = 0; 567 } 568 while (length >= 128) { 569 sha384_process(ctx, input); 570 length -= 128; 571 input += 128; 572 } 573 if (length) { 574 FXSYS_memcpy((void*)(ctx->buffer + left), (void*)input, length); 575 } 576 } 577 void CRYPT_SHA384Finish(void* context, uint8_t digest[48]) { 578 sha384_context* ctx = (sha384_context*)context; 579 FX_DWORD last, padn; 580 uint8_t msglen[16]; 581 FXSYS_memset(msglen, 0, 16); 582 uint64_t high, low; 583 high = (ctx->total[0] >> 29) | (ctx->total[1] << 3); 584 low = (ctx->total[0] << 3); 585 PUT_FX_64DWORD(high, msglen, 0); 586 PUT_FX_64DWORD(low, msglen, 8); 587 last = (FX_DWORD)ctx->total[0] & 0x7F; 588 padn = (last < 112) ? (112 - last) : (240 - last); 589 CRYPT_SHA384Update(ctx, sha384_padding, padn); 590 CRYPT_SHA384Update(ctx, msglen, 16); 591 PUT_FX_64DWORD(ctx->state[0], digest, 0); 592 PUT_FX_64DWORD(ctx->state[1], digest, 8); 593 PUT_FX_64DWORD(ctx->state[2], digest, 16); 594 PUT_FX_64DWORD(ctx->state[3], digest, 24); 595 PUT_FX_64DWORD(ctx->state[4], digest, 32); 596 PUT_FX_64DWORD(ctx->state[5], digest, 40); 597 } 598 void CRYPT_SHA384Generate(const uint8_t* data, 599 FX_DWORD size, 600 uint8_t digest[64]) { 601 sha384_context context; 602 CRYPT_SHA384Start(&context); 603 CRYPT_SHA384Update(&context, data, size); 604 CRYPT_SHA384Finish(&context, digest); 605 } 606 void CRYPT_SHA512Start(void* context) { 607 if (!context) { 608 return; 609 } 610 sha384_context* ctx = (sha384_context*)context; 611 FXSYS_memset(ctx, 0, sizeof(sha384_context)); 612 ctx->state[0] = FX_ato64i("6a09e667f3bcc908"); 613 ctx->state[1] = FX_ato64i("bb67ae8584caa73b"); 614 ctx->state[2] = FX_ato64i("3c6ef372fe94f82b"); 615 ctx->state[3] = FX_ato64i("a54ff53a5f1d36f1"); 616 ctx->state[4] = FX_ato64i("510e527fade682d1"); 617 ctx->state[5] = FX_ato64i("9b05688c2b3e6c1f"); 618 ctx->state[6] = FX_ato64i("1f83d9abfb41bd6b"); 619 ctx->state[7] = FX_ato64i("5be0cd19137e2179"); 620 } 621 void CRYPT_SHA512Update(void* context, const uint8_t* data, FX_DWORD size) { 622 CRYPT_SHA384Update(context, data, size); 623 } 624 void CRYPT_SHA512Finish(void* context, uint8_t digest[64]) { 625 sha384_context* ctx = (sha384_context*)context; 626 FX_DWORD last, padn; 627 uint8_t msglen[16]; 628 FXSYS_memset(msglen, 0, 16); 629 uint64_t high, low; 630 high = (ctx->total[0] >> 29) | (ctx->total[1] << 3); 631 low = (ctx->total[0] << 3); 632 PUT_FX_64DWORD(high, msglen, 0); 633 PUT_FX_64DWORD(low, msglen, 8); 634 last = (FX_DWORD)ctx->total[0] & 0x7F; 635 padn = (last < 112) ? (112 - last) : (240 - last); 636 CRYPT_SHA512Update(ctx, sha384_padding, padn); 637 CRYPT_SHA512Update(ctx, msglen, 16); 638 PUT_FX_64DWORD(ctx->state[0], digest, 0); 639 PUT_FX_64DWORD(ctx->state[1], digest, 8); 640 PUT_FX_64DWORD(ctx->state[2], digest, 16); 641 PUT_FX_64DWORD(ctx->state[3], digest, 24); 642 PUT_FX_64DWORD(ctx->state[4], digest, 32); 643 PUT_FX_64DWORD(ctx->state[5], digest, 40); 644 PUT_FX_64DWORD(ctx->state[6], digest, 48); 645 PUT_FX_64DWORD(ctx->state[7], digest, 56); 646 } 647 void CRYPT_SHA512Generate(const uint8_t* data, 648 FX_DWORD size, 649 uint8_t digest[64]) { 650 sha384_context context; 651 CRYPT_SHA512Start(&context); 652 CRYPT_SHA512Update(&context, data, size); 653 CRYPT_SHA512Finish(&context, digest); 654 } 655 #ifdef __cplusplus 656 }; 657 #endif 658
