1 // Copyright 2014 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6 
7 #include "../../../include/fxcrt/fx_basic.h"
8 #include "../../../include/fdrm/fx_crypt.h"
9 #ifdef __cplusplus
10 extern "C" {
11 #endif
12 typedef struct {
13     unsigned int h[5];
14     unsigned char block[64];
15     int blkused;
16     unsigned int lenhi, lenlo;
17 } SHA_State;
18 #define rol(x,y) ( ((x) << (y)) | (((unsigned int)x) >> (32-y)) )
SHA_Core_Init(unsigned int h[5])19 static void SHA_Core_Init(unsigned int h[5])
20 {
21     h[0] = 0x67452301;
22     h[1] = 0xefcdab89;
23     h[2] = 0x98badcfe;
24     h[3] = 0x10325476;
25     h[4] = 0xc3d2e1f0;
26 }
SHATransform(unsigned int * digest,unsigned int * block)27 static void SHATransform(unsigned int * digest, unsigned int * block)
28 {
29     unsigned int w[80];
30     unsigned int a, b, c, d, e;
31     int t;
32     for (t = 0; t < 16; t++) {
33         w[t] = block[t];
34     }
35     for (t = 16; t < 80; t++) {
36         unsigned int tmp = w[t - 3] ^ w[t - 8] ^ w[t - 14] ^ w[t - 16];
37         w[t] = rol(tmp, 1);
38     }
39     a = digest[0];
40     b = digest[1];
41     c = digest[2];
42     d = digest[3];
43     e = digest[4];
44     for (t = 0; t < 20; t++) {
45         unsigned int tmp =
46             rol(a, 5) + ((b & c) | (d & ~b)) + e + w[t] + 0x5a827999;
47         e = d;
48         d = c;
49         c = rol(b, 30);
50         b = a;
51         a = tmp;
52     }
53     for (t = 20; t < 40; t++) {
54         unsigned int tmp = rol(a, 5) + (b ^ c ^ d) + e + w[t] + 0x6ed9eba1;
55         e = d;
56         d = c;
57         c = rol(b, 30);
58         b = a;
59         a = tmp;
60     }
61     for (t = 40; t < 60; t++) {
62         unsigned int tmp = rol(a,
63                                5) + ((b & c) | (b & d) | (c & d)) + e + w[t] +
64                            0x8f1bbcdc;
65         e = d;
66         d = c;
67         c = rol(b, 30);
68         b = a;
69         a = tmp;
70     }
71     for (t = 60; t < 80; t++) {
72         unsigned int tmp = rol(a, 5) + (b ^ c ^ d) + e + w[t] + 0xca62c1d6;
73         e = d;
74         d = c;
75         c = rol(b, 30);
76         b = a;
77         a = tmp;
78     }
79     digest[0] += a;
80     digest[1] += b;
81     digest[2] += c;
82     digest[3] += d;
83     digest[4] += e;
84 }
CRYPT_SHA1Start(FX_LPVOID context)85 void CRYPT_SHA1Start(FX_LPVOID context)
86 {
87     SHA_State * s = (SHA_State*)context;
88     SHA_Core_Init(s->h);
89     s->blkused = 0;
90     s->lenhi = s->lenlo = 0;
91 }
CRYPT_SHA1Update(FX_LPVOID context,FX_LPCBYTE data,FX_DWORD size)92 void CRYPT_SHA1Update(FX_LPVOID context, FX_LPCBYTE data, FX_DWORD size)
93 {
94     SHA_State * s = (SHA_State*)context;
95     unsigned char *q = (unsigned char *)data;
96     unsigned int wordblock[16];
97     int len = size;
98     unsigned int lenw = len;
99     int i;
100     s->lenlo += lenw;
101     s->lenhi += (s->lenlo < lenw);
102     if (s->blkused && s->blkused + len < 64) {
103         FXSYS_memcpy32(s->block + s->blkused, q, len);
104         s->blkused += len;
105     } else {
106         while (s->blkused + len >= 64) {
107             FXSYS_memcpy32(s->block + s->blkused, q, 64 - s->blkused);
108             q += 64 - s->blkused;
109             len -= 64 - s->blkused;
110             for (i = 0; i < 16; i++) {
111                 wordblock[i] =
112                     (((unsigned int) s->block[i * 4 + 0]) << 24) |
113                     (((unsigned int) s->block[i * 4 + 1]) << 16) |
114                     (((unsigned int) s->block[i * 4 + 2]) << 8) |
115                     (((unsigned int) s->block[i * 4 + 3]) << 0);
116             }
117             SHATransform(s->h, wordblock);
118             s->blkused = 0;
119         }
120         FXSYS_memcpy32(s->block, q, len);
121         s->blkused = len;
122     }
123 }
CRYPT_SHA1Finish(FX_LPVOID context,FX_BYTE digest[20])124 void CRYPT_SHA1Finish(FX_LPVOID context, FX_BYTE digest[20])
125 {
126     SHA_State * s = (SHA_State*)context;
127     int i;
128     int pad;
129     unsigned char c[64];
130     unsigned int lenhi, lenlo;
131     if (s->blkused >= 56) {
132         pad = 56 + 64 - s->blkused;
133     } else {
134         pad = 56 - s->blkused;
135     }
136     lenhi = (s->lenhi << 3) | (s->lenlo >> (32 - 3));
137     lenlo = (s->lenlo << 3);
138     FXSYS_memset32(c, 0, pad);
139     c[0] = 0x80;
140     CRYPT_SHA1Update(s, c, pad);
141     c[0] = (lenhi >> 24) & 0xFF;
142     c[1] = (lenhi >> 16) & 0xFF;
143     c[2] = (lenhi >> 8) & 0xFF;
144     c[3] = (lenhi >> 0) & 0xFF;
145     c[4] = (lenlo >> 24) & 0xFF;
146     c[5] = (lenlo >> 16) & 0xFF;
147     c[6] = (lenlo >> 8) & 0xFF;
148     c[7] = (lenlo >> 0) & 0xFF;
149     CRYPT_SHA1Update(s, c, 8);
150     for (i = 0; i < 5; i++) {
151         digest[i * 4] = (s->h[i] >> 24) & 0xFF;
152         digest[i * 4 + 1] = (s->h[i] >> 16) & 0xFF;
153         digest[i * 4 + 2] = (s->h[i] >> 8) & 0xFF;
154         digest[i * 4 + 3] = (s->h[i]) & 0xFF;
155     }
156 }
CRYPT_SHA1Generate(FX_LPCBYTE data,FX_DWORD size,FX_BYTE digest[20])157 void CRYPT_SHA1Generate(FX_LPCBYTE data, FX_DWORD size, FX_BYTE digest[20])
158 {
159     SHA_State s;
160     CRYPT_SHA1Start(&s);
161     CRYPT_SHA1Update(&s, data, size);
162     CRYPT_SHA1Finish(&s, digest);
163 }
164 typedef struct {
165     FX_DWORD total[2];
166     FX_DWORD state[8];
167     FX_BYTE buffer[64];
168 }
169 sha256_context;
170 #define GET_FX_DWORD(n,b,i)                       \
171     {                                               \
172         (n) = ( (FX_DWORD) (b)[(i)    ] << 24 )       \
173               | ( (FX_DWORD) (b)[(i) + 1] << 16 )       \
174               | ( (FX_DWORD) (b)[(i) + 2] <<  8 )       \
175               | ( (FX_DWORD) (b)[(i) + 3]       );      \
176     }
177 #define PUT_FX_DWORD(n,b,i)                       \
178     {                                               \
179         (b)[(i)    ] = (FX_BYTE) ( (n) >> 24 );       \
180         (b)[(i) + 1] = (FX_BYTE) ( (n) >> 16 );       \
181         (b)[(i) + 2] = (FX_BYTE) ( (n) >>  8 );       \
182         (b)[(i) + 3] = (FX_BYTE) ( (n)       );       \
183     }
CRYPT_SHA256Start(FX_LPVOID context)184 void CRYPT_SHA256Start( FX_LPVOID context )
185 {
186     sha256_context *ctx = (sha256_context *)context;
187     ctx->total[0] = 0;
188     ctx->total[1] = 0;
189     ctx->state[0] = 0x6A09E667;
190     ctx->state[1] = 0xBB67AE85;
191     ctx->state[2] = 0x3C6EF372;
192     ctx->state[3] = 0xA54FF53A;
193     ctx->state[4] = 0x510E527F;
194     ctx->state[5] = 0x9B05688C;
195     ctx->state[6] = 0x1F83D9AB;
196     ctx->state[7] = 0x5BE0CD19;
197 }
sha256_process(sha256_context * ctx,const FX_BYTE data[64])198 static void sha256_process( sha256_context *ctx, const FX_BYTE data[64] )
199 {
200     FX_DWORD temp1, temp2, W[64];
201     FX_DWORD A, B, C, D, E, F, G, H;
202     GET_FX_DWORD( W[0],  data,  0 );
203     GET_FX_DWORD( W[1],  data,  4 );
204     GET_FX_DWORD( W[2],  data,  8 );
205     GET_FX_DWORD( W[3],  data, 12 );
206     GET_FX_DWORD( W[4],  data, 16 );
207     GET_FX_DWORD( W[5],  data, 20 );
208     GET_FX_DWORD( W[6],  data, 24 );
209     GET_FX_DWORD( W[7],  data, 28 );
210     GET_FX_DWORD( W[8],  data, 32 );
211     GET_FX_DWORD( W[9],  data, 36 );
212     GET_FX_DWORD( W[10], data, 40 );
213     GET_FX_DWORD( W[11], data, 44 );
214     GET_FX_DWORD( W[12], data, 48 );
215     GET_FX_DWORD( W[13], data, 52 );
216     GET_FX_DWORD( W[14], data, 56 );
217     GET_FX_DWORD( W[15], data, 60 );
218 #define  SHR(x,n) ((x & 0xFFFFFFFF) >> n)
219 #define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
220 #define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^  SHR(x, 3))
221 #define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^  SHR(x,10))
222 #define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
223 #define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
224 #define F0(x,y,z) ((x & y) | (z & (x | y)))
225 #define F1(x,y,z) (z ^ (x & (y ^ z)))
226 #define R(t)                                    \
227     (                                               \
228             W[t] = S1(W[t -  2]) + W[t -  7] +          \
229                    S0(W[t - 15]) + W[t - 16]            \
230     )
231 #define P(a,b,c,d,e,f,g,h,x,K)                  \
232     {                                               \
233         temp1 = h + S3(e) + F1(e,f,g) + K + x;      \
234         temp2 = S2(a) + F0(a,b,c);                  \
235         d += temp1; h = temp1 + temp2;              \
236     }
237     A = ctx->state[0];
238     B = ctx->state[1];
239     C = ctx->state[2];
240     D = ctx->state[3];
241     E = ctx->state[4];
242     F = ctx->state[5];
243     G = ctx->state[6];
244     H = ctx->state[7];
245     P( A, B, C, D, E, F, G, H, W[ 0], 0x428A2F98 );
246     P( H, A, B, C, D, E, F, G, W[ 1], 0x71374491 );
247     P( G, H, A, B, C, D, E, F, W[ 2], 0xB5C0FBCF );
248     P( F, G, H, A, B, C, D, E, W[ 3], 0xE9B5DBA5 );
249     P( E, F, G, H, A, B, C, D, W[ 4], 0x3956C25B );
250     P( D, E, F, G, H, A, B, C, W[ 5], 0x59F111F1 );
251     P( C, D, E, F, G, H, A, B, W[ 6], 0x923F82A4 );
252     P( B, C, D, E, F, G, H, A, W[ 7], 0xAB1C5ED5 );
253     P( A, B, C, D, E, F, G, H, W[ 8], 0xD807AA98 );
254     P( H, A, B, C, D, E, F, G, W[ 9], 0x12835B01 );
255     P( G, H, A, B, C, D, E, F, W[10], 0x243185BE );
256     P( F, G, H, A, B, C, D, E, W[11], 0x550C7DC3 );
257     P( E, F, G, H, A, B, C, D, W[12], 0x72BE5D74 );
258     P( D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE );
259     P( C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7 );
260     P( B, C, D, E, F, G, H, A, W[15], 0xC19BF174 );
261     P( A, B, C, D, E, F, G, H, R(16), 0xE49B69C1 );
262     P( H, A, B, C, D, E, F, G, R(17), 0xEFBE4786 );
263     P( G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6 );
264     P( F, G, H, A, B, C, D, E, R(19), 0x240CA1CC );
265     P( E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F );
266     P( D, E, F, G, H, A, B, C, R(21), 0x4A7484AA );
267     P( C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC );
268     P( B, C, D, E, F, G, H, A, R(23), 0x76F988DA );
269     P( A, B, C, D, E, F, G, H, R(24), 0x983E5152 );
270     P( H, A, B, C, D, E, F, G, R(25), 0xA831C66D );
271     P( G, H, A, B, C, D, E, F, R(26), 0xB00327C8 );
272     P( F, G, H, A, B, C, D, E, R(27), 0xBF597FC7 );
273     P( E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3 );
274     P( D, E, F, G, H, A, B, C, R(29), 0xD5A79147 );
275     P( C, D, E, F, G, H, A, B, R(30), 0x06CA6351 );
276     P( B, C, D, E, F, G, H, A, R(31), 0x14292967 );
277     P( A, B, C, D, E, F, G, H, R(32), 0x27B70A85 );
278     P( H, A, B, C, D, E, F, G, R(33), 0x2E1B2138 );
279     P( G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC );
280     P( F, G, H, A, B, C, D, E, R(35), 0x53380D13 );
281     P( E, F, G, H, A, B, C, D, R(36), 0x650A7354 );
282     P( D, E, F, G, H, A, B, C, R(37), 0x766A0ABB );
283     P( C, D, E, F, G, H, A, B, R(38), 0x81C2C92E );
284     P( B, C, D, E, F, G, H, A, R(39), 0x92722C85 );
285     P( A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1 );
286     P( H, A, B, C, D, E, F, G, R(41), 0xA81A664B );
287     P( G, H, A, B, C, D, E, F, R(42), 0xC24B8B70 );
288     P( F, G, H, A, B, C, D, E, R(43), 0xC76C51A3 );
289     P( E, F, G, H, A, B, C, D, R(44), 0xD192E819 );
290     P( D, E, F, G, H, A, B, C, R(45), 0xD6990624 );
291     P( C, D, E, F, G, H, A, B, R(46), 0xF40E3585 );
292     P( B, C, D, E, F, G, H, A, R(47), 0x106AA070 );
293     P( A, B, C, D, E, F, G, H, R(48), 0x19A4C116 );
294     P( H, A, B, C, D, E, F, G, R(49), 0x1E376C08 );
295     P( G, H, A, B, C, D, E, F, R(50), 0x2748774C );
296     P( F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5 );
297     P( E, F, G, H, A, B, C, D, R(52), 0x391C0CB3 );
298     P( D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A );
299     P( C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F );
300     P( B, C, D, E, F, G, H, A, R(55), 0x682E6FF3 );
301     P( A, B, C, D, E, F, G, H, R(56), 0x748F82EE );
302     P( H, A, B, C, D, E, F, G, R(57), 0x78A5636F );
303     P( G, H, A, B, C, D, E, F, R(58), 0x84C87814 );
304     P( F, G, H, A, B, C, D, E, R(59), 0x8CC70208 );
305     P( E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA );
306     P( D, E, F, G, H, A, B, C, R(61), 0xA4506CEB );
307     P( C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7 );
308     P( B, C, D, E, F, G, H, A, R(63), 0xC67178F2 );
309     ctx->state[0] += A;
310     ctx->state[1] += B;
311     ctx->state[2] += C;
312     ctx->state[3] += D;
313     ctx->state[4] += E;
314     ctx->state[5] += F;
315     ctx->state[6] += G;
316     ctx->state[7] += H;
317 }
CRYPT_SHA256Update(void * context,FX_LPCBYTE input,FX_DWORD length)318 void CRYPT_SHA256Update( void* context, FX_LPCBYTE input, FX_DWORD length )
319 {
320     sha256_context *ctx = (sha256_context *)context;
321     FX_DWORD left, fill;
322     if( ! length ) {
323         return;
324     }
325     left = ctx->total[0] & 0x3F;
326     fill = 64 - left;
327     ctx->total[0] += length;
328     ctx->total[0] &= 0xFFFFFFFF;
329     if( ctx->total[0] < length ) {
330         ctx->total[1]++;
331     }
332     if( left && length >= fill ) {
333         FXSYS_memcpy32( (void *) (ctx->buffer + left),
334                         (void *) input, fill );
335         sha256_process( ctx, ctx->buffer );
336         length -= fill;
337         input  += fill;
338         left = 0;
339     }
340     while( length >= 64 ) {
341         sha256_process( ctx, input );
342         length -= 64;
343         input  += 64;
344     }
345     if( length ) {
346         FXSYS_memcpy32( (void *) (ctx->buffer + left),
347                         (void *) input, length );
348     }
349 }
350 static const FX_BYTE sha256_padding[64] = {
351     0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
352     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
353     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
354     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
355 };
CRYPT_SHA256Finish(FX_LPVOID context,FX_BYTE digest[32])356 void CRYPT_SHA256Finish( FX_LPVOID context, FX_BYTE digest[32] )
357 {
358     sha256_context *ctx = (sha256_context *)context;
359     FX_DWORD last, padn;
360     FX_DWORD high, low;
361     FX_BYTE msglen[8];
362     high = ( ctx->total[0] >> 29 )
363            | ( ctx->total[1] <<  3 );
364     low  = ( ctx->total[0] <<  3 );
365     PUT_FX_DWORD( high, msglen, 0 );
366     PUT_FX_DWORD( low,  msglen, 4 );
367     last = ctx->total[0] & 0x3F;
368     padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
369     CRYPT_SHA256Update( ctx, sha256_padding, padn );
370     CRYPT_SHA256Update( ctx, msglen, 8 );
371     PUT_FX_DWORD( ctx->state[0], digest,  0 );
372     PUT_FX_DWORD( ctx->state[1], digest,  4 );
373     PUT_FX_DWORD( ctx->state[2], digest,  8 );
374     PUT_FX_DWORD( ctx->state[3], digest, 12 );
375     PUT_FX_DWORD( ctx->state[4], digest, 16 );
376     PUT_FX_DWORD( ctx->state[5], digest, 20 );
377     PUT_FX_DWORD( ctx->state[6], digest, 24 );
378     PUT_FX_DWORD( ctx->state[7], digest, 28 );
379 }
CRYPT_SHA256Generate(FX_LPCBYTE data,FX_DWORD size,FX_BYTE digest[32])380 void CRYPT_SHA256Generate(FX_LPCBYTE data, FX_DWORD size, FX_BYTE digest[32])
381 {
382     sha256_context ctx;
383     CRYPT_SHA256Start(&ctx);
384     CRYPT_SHA256Update(&ctx, data, size);
385     CRYPT_SHA256Finish(&ctx, digest);
386 }
387 typedef struct {
388     FX_UINT64	total[2];
389     FX_UINT64	state[8];
390     FX_BYTE		buffer[128];
391 } sha384_context;
FX_ato64i(FX_LPCSTR str)392 FX_UINT64 FX_ato64i(FX_LPCSTR str)
393 {
394     FXSYS_assert(str != NULL);
395     FX_UINT64 ret = 0;
396     int len = (int)FXSYS_strlen(str);
397     len = len > 16 ? 16 : len;
398     for (int i = 0; i < len; ++i) {
399         if (i) {
400             ret <<= 4;
401         }
402         if (str[i] >= '0' && str[i] <= '9') {
403             ret |= (str[i] - '0') & 0xFF;
404         } else if (str[i] >= 'a' && str[i] <= 'f') {
405             ret |= (str[i] - 'a' + 10) & 0xFF;
406         } else if (str[i] >= 'A' && str[i] <= 'F') {
407             ret |= (str[i] - 'A' + 10) & 0xFF;
408         } else {
409             FXSYS_assert(FALSE);
410         }
411     }
412     return ret;
413 }
CRYPT_SHA384Start(FX_LPVOID context)414 void CRYPT_SHA384Start(FX_LPVOID context)
415 {
416     if (context == NULL) {
417         return;
418     }
419     sha384_context *ctx = (sha384_context *)context;
420     FXSYS_memset32(ctx, 0, sizeof(sha384_context));
421     ctx->state[0] = FX_ato64i("cbbb9d5dc1059ed8");
422     ctx->state[1] = FX_ato64i("629a292a367cd507");
423     ctx->state[2] = FX_ato64i("9159015a3070dd17");
424     ctx->state[3] = FX_ato64i("152fecd8f70e5939");
425     ctx->state[4] = FX_ato64i("67332667ffc00b31");
426     ctx->state[5] = FX_ato64i("8eb44a8768581511");
427     ctx->state[6] = FX_ato64i("db0c2e0d64f98fa7");
428     ctx->state[7] = FX_ato64i("47b5481dbefa4fa4");
429 }
430 #define SHA384_F0(x,y,z) ((x & y) | (z & (x | y)))
431 #define SHA384_F1(x,y,z) (z ^ (x & (y ^ z)))
432 #define SHA384_SHR(x,n) (x >> n)
433 #define SHA384_ROTR(x,n) (SHA384_SHR(x, n) | x << (64 - n))
434 #define SHA384_S0(x) (SHA384_ROTR(x, 1) ^ SHA384_ROTR(x, 8) ^  SHA384_SHR(x, 7))
435 #define SHA384_S1(x) (SHA384_ROTR(x,19) ^ SHA384_ROTR(x, 61) ^  SHA384_SHR(x, 6))
436 #define SHA384_S2(x) (SHA384_ROTR(x, 28) ^ SHA384_ROTR(x, 34) ^ SHA384_ROTR(x, 39))
437 #define SHA384_S3(x) (SHA384_ROTR(x, 14) ^ SHA384_ROTR(x,18) ^ SHA384_ROTR(x, 41))
438 #define SHA384_P(a,b,c,d,e,f,g,h,x,K)							\
439     {																\
440         temp1 = h + SHA384_S3(e) + SHA384_F1(e,f,g) + K + x;		\
441         temp2 = SHA384_S2(a) + SHA384_F0(a,b,c);					\
442         d += temp1; h = temp1 + temp2;								\
443     }
444 static const FX_BYTE sha384_padding[128] = {
445     0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
446     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
447     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
448     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
449     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
450     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
451     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
452     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
453 };
454 #define SHA384_R(t) (W[t] = SHA384_S1(W[t -  2]) + W[t -  7] + SHA384_S0(W[t - 15]) + W[t - 16])
455 static FX_LPCSTR constants[] = {
456     "428a2f98d728ae22",
457     "7137449123ef65cd",
458     "b5c0fbcfec4d3b2f",
459     "e9b5dba58189dbbc",
460     "3956c25bf348b538",
461     "59f111f1b605d019",
462     "923f82a4af194f9b",
463     "ab1c5ed5da6d8118",
464     "d807aa98a3030242",
465     "12835b0145706fbe",
466     "243185be4ee4b28c",
467     "550c7dc3d5ffb4e2",
468     "72be5d74f27b896f",
469     "80deb1fe3b1696b1",
470     "9bdc06a725c71235",
471     "c19bf174cf692694",
472     "e49b69c19ef14ad2",
473     "efbe4786384f25e3",
474     "0fc19dc68b8cd5b5",
475     "240ca1cc77ac9c65",
476     "2de92c6f592b0275",
477     "4a7484aa6ea6e483",
478     "5cb0a9dcbd41fbd4",
479     "76f988da831153b5",
480     "983e5152ee66dfab",
481     "a831c66d2db43210",
482     "b00327c898fb213f",
483     "bf597fc7beef0ee4",
484     "c6e00bf33da88fc2",
485     "d5a79147930aa725",
486     "06ca6351e003826f",
487     "142929670a0e6e70",
488     "27b70a8546d22ffc",
489     "2e1b21385c26c926",
490     "4d2c6dfc5ac42aed",
491     "53380d139d95b3df",
492     "650a73548baf63de",
493     "766a0abb3c77b2a8",
494     "81c2c92e47edaee6",
495     "92722c851482353b",
496     "a2bfe8a14cf10364",
497     "a81a664bbc423001",
498     "c24b8b70d0f89791",
499     "c76c51a30654be30",
500     "d192e819d6ef5218",
501     "d69906245565a910",
502     "f40e35855771202a",
503     "106aa07032bbd1b8",
504     "19a4c116b8d2d0c8",
505     "1e376c085141ab53",
506     "2748774cdf8eeb99",
507     "34b0bcb5e19b48a8",
508     "391c0cb3c5c95a63",
509     "4ed8aa4ae3418acb",
510     "5b9cca4f7763e373",
511     "682e6ff3d6b2b8a3",
512     "748f82ee5defb2fc",
513     "78a5636f43172f60",
514     "84c87814a1f0ab72",
515     "8cc702081a6439ec",
516     "90befffa23631e28",
517     "a4506cebde82bde9",
518     "bef9a3f7b2c67915",
519     "c67178f2e372532b",
520     "ca273eceea26619c",
521     "d186b8c721c0c207",
522     "eada7dd6cde0eb1e",
523     "f57d4f7fee6ed178",
524     "06f067aa72176fba",
525     "0a637dc5a2c898a6",
526     "113f9804bef90dae",
527     "1b710b35131c471b",
528     "28db77f523047d84",
529     "32caab7b40c72493",
530     "3c9ebe0a15c9bebc",
531     "431d67c49c100d4c",
532     "4cc5d4becb3e42b6",
533     "597f299cfc657e2a",
534     "5fcb6fab3ad6faec",
535     "6c44198c4a475817",
536 };
537 #define GET_FX_64WORD(n,b,i)                       \
538     {                                               \
539         (n) = ( (FX_UINT64) (b)[(i)    ] << 56 )       \
540               | ( (FX_UINT64) (b)[(i) + 1] << 48 )       \
541               | ( (FX_UINT64) (b)[(i) + 2] << 40 )       \
542               | ( (FX_UINT64) (b)[(i) + 3] << 32 )      \
543               | ( (FX_UINT64) (b)[(i) + 4] << 24 )       \
544               | ( (FX_UINT64) (b)[(i) + 5] << 16 )       \
545               | ( (FX_UINT64) (b)[(i) + 6] <<  8 )       \
546               | ( (FX_UINT64) (b)[(i) + 7]       );      \
547     }
548 #define PUT_FX_64DWORD(n,b,i)                       \
549     {                                               \
550         (b)[(i)    ] = (FX_BYTE) ( (n) >> 56 );       \
551         (b)[(i) + 1] = (FX_BYTE) ( (n) >> 48 );       \
552         (b)[(i) + 2] = (FX_BYTE) ( (n) >> 40 );       \
553         (b)[(i) + 3] = (FX_BYTE) ( (n) >> 32 );       \
554         (b)[(i) + 4] = (FX_BYTE) ( (n) >> 24 );       \
555         (b)[(i) + 5] = (FX_BYTE) ( (n) >> 16 );       \
556         (b)[(i) + 6] = (FX_BYTE) ( (n) >>  8 );       \
557         (b)[(i) + 7] = (FX_BYTE) ( (n) );       \
558     }
sha384_process(sha384_context * ctx,const FX_BYTE data[128])559 static void sha384_process( sha384_context *ctx, const FX_BYTE data[128] )
560 {
561     FX_UINT64 temp1, temp2;
562     FX_UINT64 A, B, C, D, E, F, G, H;
563     FX_UINT64 W[80];
564     GET_FX_64WORD(W[0], data, 0);
565     GET_FX_64WORD(W[1], data, 8);
566     GET_FX_64WORD(W[2], data, 16);
567     GET_FX_64WORD(W[3], data, 24);
568     GET_FX_64WORD(W[4], data, 32);
569     GET_FX_64WORD(W[5], data, 40);
570     GET_FX_64WORD(W[6], data, 48);
571     GET_FX_64WORD(W[7], data, 56);
572     GET_FX_64WORD(W[8], data, 64);
573     GET_FX_64WORD(W[9], data, 72);
574     GET_FX_64WORD(W[10], data, 80);
575     GET_FX_64WORD(W[11], data, 88);
576     GET_FX_64WORD(W[12], data, 96);
577     GET_FX_64WORD(W[13], data, 104);
578     GET_FX_64WORD(W[14], data, 112);
579     GET_FX_64WORD(W[15], data, 120);
580     A = ctx->state[0];
581     B = ctx->state[1];
582     C = ctx->state[2];
583     D = ctx->state[3];
584     E = ctx->state[4];
585     F = ctx->state[5];
586     G = ctx->state[6];
587     H = ctx->state[7];
588     for (int i = 0; i < 10; ++i) {
589         FX_UINT64 temp[8];
590         if (i < 2) {
591             temp[0] = W[i * 8];
592             temp[1] = W[i * 8 + 1];
593             temp[2] = W[i * 8 + 2];
594             temp[3] = W[i * 8 + 3];
595             temp[4] = W[i * 8 + 4];
596             temp[5] = W[i * 8 + 5];
597             temp[6] = W[i * 8 + 6];
598             temp[7] = W[i * 8 + 7];
599         } else {
600             temp[0] = SHA384_R(i * 8);
601             temp[1] = SHA384_R(i * 8 + 1);
602             temp[2] = SHA384_R(i * 8 + 2);
603             temp[3] = SHA384_R(i * 8 + 3);
604             temp[4] = SHA384_R(i * 8 + 4);
605             temp[5] = SHA384_R(i * 8 + 5);
606             temp[6] = SHA384_R(i * 8 + 6);
607             temp[7] = SHA384_R(i * 8 + 7);
608         }
609         SHA384_P( A, B, C, D, E, F, G, H, temp[ 0], FX_ato64i(constants[i * 8    ]) );
610         SHA384_P( H, A, B, C, D, E, F, G, temp[ 1], FX_ato64i(constants[i * 8 + 1]) );
611         SHA384_P( G, H, A, B, C, D, E, F, temp[ 2], FX_ato64i(constants[i * 8 + 2]) );
612         SHA384_P( F, G, H, A, B, C, D, E, temp[ 3], FX_ato64i(constants[i * 8 + 3]) );
613         SHA384_P( E, F, G, H, A, B, C, D, temp[ 4], FX_ato64i(constants[i * 8 + 4]) );
614         SHA384_P( D, E, F, G, H, A, B, C, temp[ 5], FX_ato64i(constants[i * 8 + 5]) );
615         SHA384_P( C, D, E, F, G, H, A, B, temp[ 6], FX_ato64i(constants[i * 8 + 6]) );
616         SHA384_P( B, C, D, E, F, G, H, A, temp[ 7], FX_ato64i(constants[i * 8 + 7]) );
617     }
618     ctx->state[0] += A;
619     ctx->state[1] += B;
620     ctx->state[2] += C;
621     ctx->state[3] += D;
622     ctx->state[4] += E;
623     ctx->state[5] += F;
624     ctx->state[6] += G;
625     ctx->state[7] += H;
626 }
CRYPT_SHA384Update(FX_LPVOID context,FX_LPCBYTE input,FX_DWORD length)627 void CRYPT_SHA384Update(FX_LPVOID context, FX_LPCBYTE input, FX_DWORD length)
628 {
629     sha384_context *ctx = (sha384_context *)context;
630     FX_DWORD left, fill;
631     if( ! length ) {
632         return;
633     }
634     left = (FX_DWORD)ctx->total[0] & 0x7F;
635     fill = 128 - left;
636     ctx->total[0] += length;
637     if( ctx->total[0] < length ) {
638         ctx->total[1]++;
639     }
640     if( left && length >= fill ) {
641         FXSYS_memcpy32( (void *) (ctx->buffer + left),
642                         (void *) input, fill );
643         sha384_process( ctx, ctx->buffer );
644         length -= fill;
645         input  += fill;
646         left = 0;
647     }
648     while( length >= 128 ) {
649         sha384_process( ctx, input );
650         length -= 128;
651         input  += 128;
652     }
653     if( length ) {
654         FXSYS_memcpy32( (void *) (ctx->buffer + left),
655                         (void *) input, length );
656     }
657 }
CRYPT_SHA384Finish(FX_LPVOID context,FX_BYTE digest[48])658 void CRYPT_SHA384Finish(FX_LPVOID context, FX_BYTE digest[48])
659 {
660     sha384_context *ctx = (sha384_context *)context;
661     FX_DWORD last, padn;
662     FX_BYTE msglen[16];
663     FXSYS_memset32(msglen, 0, 16);
664     FX_UINT64 high, low;
665     high = ( ctx->total[0] >> 29 )
666            | ( ctx->total[1] <<  3 );
667     low  = ( ctx->total[0] <<  3 );
668     PUT_FX_64DWORD( high, msglen, 0 );
669     PUT_FX_64DWORD( low,  msglen, 8 );
670     last = (FX_DWORD)ctx->total[0] & 0x7F;
671     padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last );
672     CRYPT_SHA384Update( ctx, sha384_padding, padn );
673     CRYPT_SHA384Update( ctx, msglen, 16 );
674     PUT_FX_64DWORD(ctx->state[0], digest, 0);
675     PUT_FX_64DWORD(ctx->state[1], digest, 8);
676     PUT_FX_64DWORD(ctx->state[2], digest, 16);
677     PUT_FX_64DWORD(ctx->state[3], digest, 24);
678     PUT_FX_64DWORD(ctx->state[4], digest, 32);
679     PUT_FX_64DWORD(ctx->state[5], digest, 40);
680 }
CRYPT_SHA384Generate(FX_LPCBYTE data,FX_DWORD size,FX_BYTE digest[64])681 void CRYPT_SHA384Generate(FX_LPCBYTE data, FX_DWORD size, FX_BYTE digest[64])
682 {
683     sha384_context context;
684     CRYPT_SHA384Start(&context);
685     CRYPT_SHA384Update(&context, data, size);
686     CRYPT_SHA384Finish(&context, digest);
687 }
CRYPT_SHA512Start(FX_LPVOID context)688 void CRYPT_SHA512Start(FX_LPVOID context)
689 {
690     if (context == NULL) {
691         return;
692     }
693     sha384_context *ctx = (sha384_context *)context;
694     FXSYS_memset32(ctx, 0, sizeof(sha384_context));
695     ctx->state[0] = FX_ato64i("6a09e667f3bcc908");
696     ctx->state[1] = FX_ato64i("bb67ae8584caa73b");
697     ctx->state[2] = FX_ato64i("3c6ef372fe94f82b");
698     ctx->state[3] = FX_ato64i("a54ff53a5f1d36f1");
699     ctx->state[4] = FX_ato64i("510e527fade682d1");
700     ctx->state[5] = FX_ato64i("9b05688c2b3e6c1f");
701     ctx->state[6] = FX_ato64i("1f83d9abfb41bd6b");
702     ctx->state[7] = FX_ato64i("5be0cd19137e2179");
703 }
CRYPT_SHA512Update(FX_LPVOID context,FX_LPCBYTE data,FX_DWORD size)704 void CRYPT_SHA512Update(FX_LPVOID context, FX_LPCBYTE data, FX_DWORD size)
705 {
706     CRYPT_SHA384Update(context, data, size);
707 }
CRYPT_SHA512Finish(FX_LPVOID context,FX_BYTE digest[64])708 void CRYPT_SHA512Finish(FX_LPVOID context, FX_BYTE digest[64])
709 {
710     sha384_context *ctx = (sha384_context *)context;
711     FX_DWORD last, padn;
712     FX_BYTE msglen[16];
713     FXSYS_memset32(msglen, 0, 16);
714     FX_UINT64 high, low;
715     high = ( ctx->total[0] >> 29 )
716            | ( ctx->total[1] <<  3 );
717     low  = ( ctx->total[0] <<  3 );
718     PUT_FX_64DWORD( high, msglen, 0 );
719     PUT_FX_64DWORD( low,  msglen, 8 );
720     last = (FX_DWORD)ctx->total[0] & 0x7F;
721     padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last );
722     CRYPT_SHA512Update( ctx, sha384_padding, padn );
723     CRYPT_SHA512Update( ctx, msglen, 16 );
724     PUT_FX_64DWORD(ctx->state[0], digest, 0);
725     PUT_FX_64DWORD(ctx->state[1], digest, 8);
726     PUT_FX_64DWORD(ctx->state[2], digest, 16);
727     PUT_FX_64DWORD(ctx->state[3], digest, 24);
728     PUT_FX_64DWORD(ctx->state[4], digest, 32);
729     PUT_FX_64DWORD(ctx->state[5], digest, 40);
730     PUT_FX_64DWORD(ctx->state[6], digest, 48);
731     PUT_FX_64DWORD(ctx->state[7], digest, 56);
732 }
CRYPT_SHA512Generate(FX_LPCBYTE data,FX_DWORD size,FX_BYTE digest[64])733 void CRYPT_SHA512Generate(FX_LPCBYTE data, FX_DWORD size, FX_BYTE digest[64])
734 {
735     sha384_context context;
736     CRYPT_SHA512Start(&context);
737     CRYPT_SHA512Update(&context, data, size);
738     CRYPT_SHA512Finish(&context, digest);
739 }
740 #ifdef __cplusplus
741 };
742 #endif
743