1 // Copyright 2014 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6 
7 #include "core/include/fdrm/fx_crypt.h"
8 
9 #ifdef __cplusplus
10 extern "C" {
11 #endif
12 typedef struct {
13   unsigned int h[5];
14   unsigned char block[64];
15   int blkused;
16   unsigned int lenhi, lenlo;
17 } SHA_State;
18 #define rol(x, y) (((x) << (y)) | (((unsigned int)x) >> (32 - y)))
SHA_Core_Init(unsigned int h[5])19 static void SHA_Core_Init(unsigned int h[5]) {
20   h[0] = 0x67452301;
21   h[1] = 0xefcdab89;
22   h[2] = 0x98badcfe;
23   h[3] = 0x10325476;
24   h[4] = 0xc3d2e1f0;
25 }
SHATransform(unsigned int * digest,unsigned int * block)26 static void SHATransform(unsigned int* digest, unsigned int* block) {
27   unsigned int w[80];
28   unsigned int a, b, c, d, e;
29   int t;
30   for (t = 0; t < 16; t++) {
31     w[t] = block[t];
32   }
33   for (t = 16; t < 80; t++) {
34     unsigned int tmp = w[t - 3] ^ w[t - 8] ^ w[t - 14] ^ w[t - 16];
35     w[t] = rol(tmp, 1);
36   }
37   a = digest[0];
38   b = digest[1];
39   c = digest[2];
40   d = digest[3];
41   e = digest[4];
42   for (t = 0; t < 20; t++) {
43     unsigned int tmp = rol(a, 5) + ((b & c) | (d & ~b)) + e + w[t] + 0x5a827999;
44     e = d;
45     d = c;
46     c = rol(b, 30);
47     b = a;
48     a = tmp;
49   }
50   for (t = 20; t < 40; t++) {
51     unsigned int tmp = rol(a, 5) + (b ^ c ^ d) + e + w[t] + 0x6ed9eba1;
52     e = d;
53     d = c;
54     c = rol(b, 30);
55     b = a;
56     a = tmp;
57   }
58   for (t = 40; t < 60; t++) {
59     unsigned int tmp =
60         rol(a, 5) + ((b & c) | (b & d) | (c & d)) + e + w[t] + 0x8f1bbcdc;
61     e = d;
62     d = c;
63     c = rol(b, 30);
64     b = a;
65     a = tmp;
66   }
67   for (t = 60; t < 80; t++) {
68     unsigned int tmp = rol(a, 5) + (b ^ c ^ d) + e + w[t] + 0xca62c1d6;
69     e = d;
70     d = c;
71     c = rol(b, 30);
72     b = a;
73     a = tmp;
74   }
75   digest[0] += a;
76   digest[1] += b;
77   digest[2] += c;
78   digest[3] += d;
79   digest[4] += e;
80 }
CRYPT_SHA1Start(void * context)81 void CRYPT_SHA1Start(void* context) {
82   SHA_State* s = (SHA_State*)context;
83   SHA_Core_Init(s->h);
84   s->blkused = 0;
85   s->lenhi = s->lenlo = 0;
86 }
CRYPT_SHA1Update(void * context,const uint8_t * data,FX_DWORD size)87 void CRYPT_SHA1Update(void* context, const uint8_t* data, FX_DWORD size) {
88   SHA_State* s = (SHA_State*)context;
89   unsigned char* q = (unsigned char*)data;
90   unsigned int wordblock[16];
91   int len = size;
92   unsigned int lenw = len;
93   int i;
94   s->lenlo += lenw;
95   s->lenhi += (s->lenlo < lenw);
96   if (s->blkused && s->blkused + len < 64) {
97     FXSYS_memcpy(s->block + s->blkused, q, len);
98     s->blkused += len;
99   } else {
100     while (s->blkused + len >= 64) {
101       FXSYS_memcpy(s->block + s->blkused, q, 64 - s->blkused);
102       q += 64 - s->blkused;
103       len -= 64 - s->blkused;
104       for (i = 0; i < 16; i++) {
105         wordblock[i] = (((unsigned int)s->block[i * 4 + 0]) << 24) |
106                        (((unsigned int)s->block[i * 4 + 1]) << 16) |
107                        (((unsigned int)s->block[i * 4 + 2]) << 8) |
108                        (((unsigned int)s->block[i * 4 + 3]) << 0);
109       }
110       SHATransform(s->h, wordblock);
111       s->blkused = 0;
112     }
113     FXSYS_memcpy(s->block, q, len);
114     s->blkused = len;
115   }
116 }
CRYPT_SHA1Finish(void * context,uint8_t digest[20])117 void CRYPT_SHA1Finish(void* context, uint8_t digest[20]) {
118   SHA_State* s = (SHA_State*)context;
119   int i;
120   int pad;
121   unsigned char c[64];
122   unsigned int lenhi, lenlo;
123   if (s->blkused >= 56) {
124     pad = 56 + 64 - s->blkused;
125   } else {
126     pad = 56 - s->blkused;
127   }
128   lenhi = (s->lenhi << 3) | (s->lenlo >> (32 - 3));
129   lenlo = (s->lenlo << 3);
130   FXSYS_memset(c, 0, pad);
131   c[0] = 0x80;
132   CRYPT_SHA1Update(s, c, pad);
133   c[0] = (lenhi >> 24) & 0xFF;
134   c[1] = (lenhi >> 16) & 0xFF;
135   c[2] = (lenhi >> 8) & 0xFF;
136   c[3] = (lenhi >> 0) & 0xFF;
137   c[4] = (lenlo >> 24) & 0xFF;
138   c[5] = (lenlo >> 16) & 0xFF;
139   c[6] = (lenlo >> 8) & 0xFF;
140   c[7] = (lenlo >> 0) & 0xFF;
141   CRYPT_SHA1Update(s, c, 8);
142   for (i = 0; i < 5; i++) {
143     digest[i * 4] = (s->h[i] >> 24) & 0xFF;
144     digest[i * 4 + 1] = (s->h[i] >> 16) & 0xFF;
145     digest[i * 4 + 2] = (s->h[i] >> 8) & 0xFF;
146     digest[i * 4 + 3] = (s->h[i]) & 0xFF;
147   }
148 }
CRYPT_SHA1Generate(const uint8_t * data,FX_DWORD size,uint8_t digest[20])149 void CRYPT_SHA1Generate(const uint8_t* data,
150                         FX_DWORD size,
151                         uint8_t digest[20]) {
152   SHA_State s;
153   CRYPT_SHA1Start(&s);
154   CRYPT_SHA1Update(&s, data, size);
155   CRYPT_SHA1Finish(&s, digest);
156 }
157 typedef struct {
158   FX_DWORD total[2];
159   FX_DWORD state[8];
160   uint8_t buffer[64];
161 } sha256_context;
162 #define GET_FX_DWORD(n, b, i)                                           \
163   {                                                                     \
164     (n) = ((FX_DWORD)(b)[(i)] << 24) | ((FX_DWORD)(b)[(i) + 1] << 16) | \
165           ((FX_DWORD)(b)[(i) + 2] << 8) | ((FX_DWORD)(b)[(i) + 3]);     \
166   }
167 #define PUT_FX_DWORD(n, b, i)            \
168   {                                      \
169     (b)[(i)] = (uint8_t)((n) >> 24);     \
170     (b)[(i) + 1] = (uint8_t)((n) >> 16); \
171     (b)[(i) + 2] = (uint8_t)((n) >> 8);  \
172     (b)[(i) + 3] = (uint8_t)((n));       \
173   }
CRYPT_SHA256Start(void * context)174 void CRYPT_SHA256Start(void* context) {
175   sha256_context* ctx = (sha256_context*)context;
176   ctx->total[0] = 0;
177   ctx->total[1] = 0;
178   ctx->state[0] = 0x6A09E667;
179   ctx->state[1] = 0xBB67AE85;
180   ctx->state[2] = 0x3C6EF372;
181   ctx->state[3] = 0xA54FF53A;
182   ctx->state[4] = 0x510E527F;
183   ctx->state[5] = 0x9B05688C;
184   ctx->state[6] = 0x1F83D9AB;
185   ctx->state[7] = 0x5BE0CD19;
186 }
sha256_process(sha256_context * ctx,const uint8_t data[64])187 static void sha256_process(sha256_context* ctx, const uint8_t data[64]) {
188   FX_DWORD temp1, temp2, W[64];
189   FX_DWORD A, B, C, D, E, F, G, H;
190   GET_FX_DWORD(W[0], data, 0);
191   GET_FX_DWORD(W[1], data, 4);
192   GET_FX_DWORD(W[2], data, 8);
193   GET_FX_DWORD(W[3], data, 12);
194   GET_FX_DWORD(W[4], data, 16);
195   GET_FX_DWORD(W[5], data, 20);
196   GET_FX_DWORD(W[6], data, 24);
197   GET_FX_DWORD(W[7], data, 28);
198   GET_FX_DWORD(W[8], data, 32);
199   GET_FX_DWORD(W[9], data, 36);
200   GET_FX_DWORD(W[10], data, 40);
201   GET_FX_DWORD(W[11], data, 44);
202   GET_FX_DWORD(W[12], data, 48);
203   GET_FX_DWORD(W[13], data, 52);
204   GET_FX_DWORD(W[14], data, 56);
205   GET_FX_DWORD(W[15], data, 60);
206 #define SHR(x, n) ((x & 0xFFFFFFFF) >> n)
207 #define ROTR(x, n) (SHR(x, n) | (x << (32 - n)))
208 #define S0(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ SHR(x, 3))
209 #define S1(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ SHR(x, 10))
210 #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22))
211 #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25))
212 #define F0(x, y, z) ((x & y) | (z & (x | y)))
213 #define F1(x, y, z) (z ^ (x & (y ^ z)))
214 #define R(t) (W[t] = S1(W[t - 2]) + W[t - 7] + S0(W[t - 15]) + W[t - 16])
215 #define P(a, b, c, d, e, f, g, h, x, K)      \
216   {                                          \
217     temp1 = h + S3(e) + F1(e, f, g) + K + x; \
218     temp2 = S2(a) + F0(a, b, c);             \
219     d += temp1;                              \
220     h = temp1 + temp2;                       \
221   }
222   A = ctx->state[0];
223   B = ctx->state[1];
224   C = ctx->state[2];
225   D = ctx->state[3];
226   E = ctx->state[4];
227   F = ctx->state[5];
228   G = ctx->state[6];
229   H = ctx->state[7];
230   P(A, B, C, D, E, F, G, H, W[0], 0x428A2F98);
231   P(H, A, B, C, D, E, F, G, W[1], 0x71374491);
232   P(G, H, A, B, C, D, E, F, W[2], 0xB5C0FBCF);
233   P(F, G, H, A, B, C, D, E, W[3], 0xE9B5DBA5);
234   P(E, F, G, H, A, B, C, D, W[4], 0x3956C25B);
235   P(D, E, F, G, H, A, B, C, W[5], 0x59F111F1);
236   P(C, D, E, F, G, H, A, B, W[6], 0x923F82A4);
237   P(B, C, D, E, F, G, H, A, W[7], 0xAB1C5ED5);
238   P(A, B, C, D, E, F, G, H, W[8], 0xD807AA98);
239   P(H, A, B, C, D, E, F, G, W[9], 0x12835B01);
240   P(G, H, A, B, C, D, E, F, W[10], 0x243185BE);
241   P(F, G, H, A, B, C, D, E, W[11], 0x550C7DC3);
242   P(E, F, G, H, A, B, C, D, W[12], 0x72BE5D74);
243   P(D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE);
244   P(C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7);
245   P(B, C, D, E, F, G, H, A, W[15], 0xC19BF174);
246   P(A, B, C, D, E, F, G, H, R(16), 0xE49B69C1);
247   P(H, A, B, C, D, E, F, G, R(17), 0xEFBE4786);
248   P(G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6);
249   P(F, G, H, A, B, C, D, E, R(19), 0x240CA1CC);
250   P(E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F);
251   P(D, E, F, G, H, A, B, C, R(21), 0x4A7484AA);
252   P(C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC);
253   P(B, C, D, E, F, G, H, A, R(23), 0x76F988DA);
254   P(A, B, C, D, E, F, G, H, R(24), 0x983E5152);
255   P(H, A, B, C, D, E, F, G, R(25), 0xA831C66D);
256   P(G, H, A, B, C, D, E, F, R(26), 0xB00327C8);
257   P(F, G, H, A, B, C, D, E, R(27), 0xBF597FC7);
258   P(E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3);
259   P(D, E, F, G, H, A, B, C, R(29), 0xD5A79147);
260   P(C, D, E, F, G, H, A, B, R(30), 0x06CA6351);
261   P(B, C, D, E, F, G, H, A, R(31), 0x14292967);
262   P(A, B, C, D, E, F, G, H, R(32), 0x27B70A85);
263   P(H, A, B, C, D, E, F, G, R(33), 0x2E1B2138);
264   P(G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC);
265   P(F, G, H, A, B, C, D, E, R(35), 0x53380D13);
266   P(E, F, G, H, A, B, C, D, R(36), 0x650A7354);
267   P(D, E, F, G, H, A, B, C, R(37), 0x766A0ABB);
268   P(C, D, E, F, G, H, A, B, R(38), 0x81C2C92E);
269   P(B, C, D, E, F, G, H, A, R(39), 0x92722C85);
270   P(A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1);
271   P(H, A, B, C, D, E, F, G, R(41), 0xA81A664B);
272   P(G, H, A, B, C, D, E, F, R(42), 0xC24B8B70);
273   P(F, G, H, A, B, C, D, E, R(43), 0xC76C51A3);
274   P(E, F, G, H, A, B, C, D, R(44), 0xD192E819);
275   P(D, E, F, G, H, A, B, C, R(45), 0xD6990624);
276   P(C, D, E, F, G, H, A, B, R(46), 0xF40E3585);
277   P(B, C, D, E, F, G, H, A, R(47), 0x106AA070);
278   P(A, B, C, D, E, F, G, H, R(48), 0x19A4C116);
279   P(H, A, B, C, D, E, F, G, R(49), 0x1E376C08);
280   P(G, H, A, B, C, D, E, F, R(50), 0x2748774C);
281   P(F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5);
282   P(E, F, G, H, A, B, C, D, R(52), 0x391C0CB3);
283   P(D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A);
284   P(C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F);
285   P(B, C, D, E, F, G, H, A, R(55), 0x682E6FF3);
286   P(A, B, C, D, E, F, G, H, R(56), 0x748F82EE);
287   P(H, A, B, C, D, E, F, G, R(57), 0x78A5636F);
288   P(G, H, A, B, C, D, E, F, R(58), 0x84C87814);
289   P(F, G, H, A, B, C, D, E, R(59), 0x8CC70208);
290   P(E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA);
291   P(D, E, F, G, H, A, B, C, R(61), 0xA4506CEB);
292   P(C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7);
293   P(B, C, D, E, F, G, H, A, R(63), 0xC67178F2);
294   ctx->state[0] += A;
295   ctx->state[1] += B;
296   ctx->state[2] += C;
297   ctx->state[3] += D;
298   ctx->state[4] += E;
299   ctx->state[5] += F;
300   ctx->state[6] += G;
301   ctx->state[7] += H;
302 }
CRYPT_SHA256Update(void * context,const uint8_t * input,FX_DWORD length)303 void CRYPT_SHA256Update(void* context, const uint8_t* input, FX_DWORD length) {
304   sha256_context* ctx = (sha256_context*)context;
305   FX_DWORD left, fill;
306   if (!length) {
307     return;
308   }
309   left = ctx->total[0] & 0x3F;
310   fill = 64 - left;
311   ctx->total[0] += length;
312   ctx->total[0] &= 0xFFFFFFFF;
313   if (ctx->total[0] < length) {
314     ctx->total[1]++;
315   }
316   if (left && length >= fill) {
317     FXSYS_memcpy((void*)(ctx->buffer + left), (void*)input, fill);
318     sha256_process(ctx, ctx->buffer);
319     length -= fill;
320     input += fill;
321     left = 0;
322   }
323   while (length >= 64) {
324     sha256_process(ctx, input);
325     length -= 64;
326     input += 64;
327   }
328   if (length) {
329     FXSYS_memcpy((void*)(ctx->buffer + left), (void*)input, length);
330   }
331 }
332 static const uint8_t sha256_padding[64] = {
333     0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
334     0,    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
335     0,    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
CRYPT_SHA256Finish(void * context,uint8_t digest[32])336 void CRYPT_SHA256Finish(void* context, uint8_t digest[32]) {
337   sha256_context* ctx = (sha256_context*)context;
338   FX_DWORD last, padn;
339   FX_DWORD high, low;
340   uint8_t msglen[8];
341   high = (ctx->total[0] >> 29) | (ctx->total[1] << 3);
342   low = (ctx->total[0] << 3);
343   PUT_FX_DWORD(high, msglen, 0);
344   PUT_FX_DWORD(low, msglen, 4);
345   last = ctx->total[0] & 0x3F;
346   padn = (last < 56) ? (56 - last) : (120 - last);
347   CRYPT_SHA256Update(ctx, sha256_padding, padn);
348   CRYPT_SHA256Update(ctx, msglen, 8);
349   PUT_FX_DWORD(ctx->state[0], digest, 0);
350   PUT_FX_DWORD(ctx->state[1], digest, 4);
351   PUT_FX_DWORD(ctx->state[2], digest, 8);
352   PUT_FX_DWORD(ctx->state[3], digest, 12);
353   PUT_FX_DWORD(ctx->state[4], digest, 16);
354   PUT_FX_DWORD(ctx->state[5], digest, 20);
355   PUT_FX_DWORD(ctx->state[6], digest, 24);
356   PUT_FX_DWORD(ctx->state[7], digest, 28);
357 }
CRYPT_SHA256Generate(const uint8_t * data,FX_DWORD size,uint8_t digest[32])358 void CRYPT_SHA256Generate(const uint8_t* data,
359                           FX_DWORD size,
360                           uint8_t digest[32]) {
361   sha256_context ctx;
362   CRYPT_SHA256Start(&ctx);
363   CRYPT_SHA256Update(&ctx, data, size);
364   CRYPT_SHA256Finish(&ctx, digest);
365 }
366 typedef struct {
367   uint64_t total[2];
368   uint64_t state[8];
369   uint8_t buffer[128];
370 } sha384_context;
FX_ato64i(const FX_CHAR * str)371 uint64_t FX_ato64i(const FX_CHAR* str) {
372   FXSYS_assert(str);
373   uint64_t ret = 0;
374   int len = (int)FXSYS_strlen(str);
375   len = len > 16 ? 16 : len;
376   for (int i = 0; i < len; ++i) {
377     if (i) {
378       ret <<= 4;
379     }
380     if (str[i] >= '0' && str[i] <= '9') {
381       ret |= (str[i] - '0') & 0xFF;
382     } else if (str[i] >= 'a' && str[i] <= 'f') {
383       ret |= (str[i] - 'a' + 10) & 0xFF;
384     } else if (str[i] >= 'A' && str[i] <= 'F') {
385       ret |= (str[i] - 'A' + 10) & 0xFF;
386     } else {
387       FXSYS_assert(FALSE);
388     }
389   }
390   return ret;
391 }
CRYPT_SHA384Start(void * context)392 void CRYPT_SHA384Start(void* context) {
393   if (!context) {
394     return;
395   }
396   sha384_context* ctx = (sha384_context*)context;
397   FXSYS_memset(ctx, 0, sizeof(sha384_context));
398   ctx->state[0] = FX_ato64i("cbbb9d5dc1059ed8");
399   ctx->state[1] = FX_ato64i("629a292a367cd507");
400   ctx->state[2] = FX_ato64i("9159015a3070dd17");
401   ctx->state[3] = FX_ato64i("152fecd8f70e5939");
402   ctx->state[4] = FX_ato64i("67332667ffc00b31");
403   ctx->state[5] = FX_ato64i("8eb44a8768581511");
404   ctx->state[6] = FX_ato64i("db0c2e0d64f98fa7");
405   ctx->state[7] = FX_ato64i("47b5481dbefa4fa4");
406 }
407 #define SHA384_F0(x, y, z) ((x & y) | (z & (x | y)))
408 #define SHA384_F1(x, y, z) (z ^ (x & (y ^ z)))
409 #define SHA384_SHR(x, n) (x >> n)
410 #define SHA384_ROTR(x, n) (SHA384_SHR(x, n) | x << (64 - n))
411 #define SHA384_S0(x) (SHA384_ROTR(x, 1) ^ SHA384_ROTR(x, 8) ^ SHA384_SHR(x, 7))
412 #define SHA384_S1(x) \
413   (SHA384_ROTR(x, 19) ^ SHA384_ROTR(x, 61) ^ SHA384_SHR(x, 6))
414 #define SHA384_S2(x) \
415   (SHA384_ROTR(x, 28) ^ SHA384_ROTR(x, 34) ^ SHA384_ROTR(x, 39))
416 #define SHA384_S3(x) \
417   (SHA384_ROTR(x, 14) ^ SHA384_ROTR(x, 18) ^ SHA384_ROTR(x, 41))
418 #define SHA384_P(a, b, c, d, e, f, g, h, x, K)             \
419   {                                                        \
420     temp1 = h + SHA384_S3(e) + SHA384_F1(e, f, g) + K + x; \
421     temp2 = SHA384_S2(a) + SHA384_F0(a, b, c);             \
422     d += temp1;                                            \
423     h = temp1 + temp2;                                     \
424   }
425 static const uint8_t sha384_padding[128] = {
426     0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
427     0,    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
428     0,    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
429     0,    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
430     0,    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
431     0,    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
432 };
433 #define SHA384_R(t) \
434   (W[t] = SHA384_S1(W[t - 2]) + W[t - 7] + SHA384_S0(W[t - 15]) + W[t - 16])
435 static const FX_CHAR* constants[] = {
436     "428a2f98d728ae22", "7137449123ef65cd", "b5c0fbcfec4d3b2f",
437     "e9b5dba58189dbbc", "3956c25bf348b538", "59f111f1b605d019",
438     "923f82a4af194f9b", "ab1c5ed5da6d8118", "d807aa98a3030242",
439     "12835b0145706fbe", "243185be4ee4b28c", "550c7dc3d5ffb4e2",
440     "72be5d74f27b896f", "80deb1fe3b1696b1", "9bdc06a725c71235",
441     "c19bf174cf692694", "e49b69c19ef14ad2", "efbe4786384f25e3",
442     "0fc19dc68b8cd5b5", "240ca1cc77ac9c65", "2de92c6f592b0275",
443     "4a7484aa6ea6e483", "5cb0a9dcbd41fbd4", "76f988da831153b5",
444     "983e5152ee66dfab", "a831c66d2db43210", "b00327c898fb213f",
445     "bf597fc7beef0ee4", "c6e00bf33da88fc2", "d5a79147930aa725",
446     "06ca6351e003826f", "142929670a0e6e70", "27b70a8546d22ffc",
447     "2e1b21385c26c926", "4d2c6dfc5ac42aed", "53380d139d95b3df",
448     "650a73548baf63de", "766a0abb3c77b2a8", "81c2c92e47edaee6",
449     "92722c851482353b", "a2bfe8a14cf10364", "a81a664bbc423001",
450     "c24b8b70d0f89791", "c76c51a30654be30", "d192e819d6ef5218",
451     "d69906245565a910", "f40e35855771202a", "106aa07032bbd1b8",
452     "19a4c116b8d2d0c8", "1e376c085141ab53", "2748774cdf8eeb99",
453     "34b0bcb5e19b48a8", "391c0cb3c5c95a63", "4ed8aa4ae3418acb",
454     "5b9cca4f7763e373", "682e6ff3d6b2b8a3", "748f82ee5defb2fc",
455     "78a5636f43172f60", "84c87814a1f0ab72", "8cc702081a6439ec",
456     "90befffa23631e28", "a4506cebde82bde9", "bef9a3f7b2c67915",
457     "c67178f2e372532b", "ca273eceea26619c", "d186b8c721c0c207",
458     "eada7dd6cde0eb1e", "f57d4f7fee6ed178", "06f067aa72176fba",
459     "0a637dc5a2c898a6", "113f9804bef90dae", "1b710b35131c471b",
460     "28db77f523047d84", "32caab7b40c72493", "3c9ebe0a15c9bebc",
461     "431d67c49c100d4c", "4cc5d4becb3e42b6", "597f299cfc657e2a",
462     "5fcb6fab3ad6faec", "6c44198c4a475817",
463 };
464 #define GET_FX_64WORD(n, b, i)                                              \
465   {                                                                         \
466     (n) = ((uint64_t)(b)[(i)] << 56) | ((uint64_t)(b)[(i) + 1] << 48) |     \
467           ((uint64_t)(b)[(i) + 2] << 40) | ((uint64_t)(b)[(i) + 3] << 32) | \
468           ((uint64_t)(b)[(i) + 4] << 24) | ((uint64_t)(b)[(i) + 5] << 16) | \
469           ((uint64_t)(b)[(i) + 6] << 8) | ((uint64_t)(b)[(i) + 7]);         \
470   }
471 #define PUT_FX_64DWORD(n, b, i)          \
472   {                                      \
473     (b)[(i)] = (uint8_t)((n) >> 56);     \
474     (b)[(i) + 1] = (uint8_t)((n) >> 48); \
475     (b)[(i) + 2] = (uint8_t)((n) >> 40); \
476     (b)[(i) + 3] = (uint8_t)((n) >> 32); \
477     (b)[(i) + 4] = (uint8_t)((n) >> 24); \
478     (b)[(i) + 5] = (uint8_t)((n) >> 16); \
479     (b)[(i) + 6] = (uint8_t)((n) >> 8);  \
480     (b)[(i) + 7] = (uint8_t)((n));       \
481   }
sha384_process(sha384_context * ctx,const uint8_t data[128])482 static void sha384_process(sha384_context* ctx, const uint8_t data[128]) {
483   uint64_t temp1, temp2;
484   uint64_t A, B, C, D, E, F, G, H;
485   uint64_t W[80];
486   GET_FX_64WORD(W[0], data, 0);
487   GET_FX_64WORD(W[1], data, 8);
488   GET_FX_64WORD(W[2], data, 16);
489   GET_FX_64WORD(W[3], data, 24);
490   GET_FX_64WORD(W[4], data, 32);
491   GET_FX_64WORD(W[5], data, 40);
492   GET_FX_64WORD(W[6], data, 48);
493   GET_FX_64WORD(W[7], data, 56);
494   GET_FX_64WORD(W[8], data, 64);
495   GET_FX_64WORD(W[9], data, 72);
496   GET_FX_64WORD(W[10], data, 80);
497   GET_FX_64WORD(W[11], data, 88);
498   GET_FX_64WORD(W[12], data, 96);
499   GET_FX_64WORD(W[13], data, 104);
500   GET_FX_64WORD(W[14], data, 112);
501   GET_FX_64WORD(W[15], data, 120);
502   A = ctx->state[0];
503   B = ctx->state[1];
504   C = ctx->state[2];
505   D = ctx->state[3];
506   E = ctx->state[4];
507   F = ctx->state[5];
508   G = ctx->state[6];
509   H = ctx->state[7];
510   for (int i = 0; i < 10; ++i) {
511     uint64_t temp[8];
512     if (i < 2) {
513       temp[0] = W[i * 8];
514       temp[1] = W[i * 8 + 1];
515       temp[2] = W[i * 8 + 2];
516       temp[3] = W[i * 8 + 3];
517       temp[4] = W[i * 8 + 4];
518       temp[5] = W[i * 8 + 5];
519       temp[6] = W[i * 8 + 6];
520       temp[7] = W[i * 8 + 7];
521     } else {
522       temp[0] = SHA384_R(i * 8);
523       temp[1] = SHA384_R(i * 8 + 1);
524       temp[2] = SHA384_R(i * 8 + 2);
525       temp[3] = SHA384_R(i * 8 + 3);
526       temp[4] = SHA384_R(i * 8 + 4);
527       temp[5] = SHA384_R(i * 8 + 5);
528       temp[6] = SHA384_R(i * 8 + 6);
529       temp[7] = SHA384_R(i * 8 + 7);
530     }
531     SHA384_P(A, B, C, D, E, F, G, H, temp[0], FX_ato64i(constants[i * 8]));
532     SHA384_P(H, A, B, C, D, E, F, G, temp[1], FX_ato64i(constants[i * 8 + 1]));
533     SHA384_P(G, H, A, B, C, D, E, F, temp[2], FX_ato64i(constants[i * 8 + 2]));
534     SHA384_P(F, G, H, A, B, C, D, E, temp[3], FX_ato64i(constants[i * 8 + 3]));
535     SHA384_P(E, F, G, H, A, B, C, D, temp[4], FX_ato64i(constants[i * 8 + 4]));
536     SHA384_P(D, E, F, G, H, A, B, C, temp[5], FX_ato64i(constants[i * 8 + 5]));
537     SHA384_P(C, D, E, F, G, H, A, B, temp[6], FX_ato64i(constants[i * 8 + 6]));
538     SHA384_P(B, C, D, E, F, G, H, A, temp[7], FX_ato64i(constants[i * 8 + 7]));
539   }
540   ctx->state[0] += A;
541   ctx->state[1] += B;
542   ctx->state[2] += C;
543   ctx->state[3] += D;
544   ctx->state[4] += E;
545   ctx->state[5] += F;
546   ctx->state[6] += G;
547   ctx->state[7] += H;
548 }
CRYPT_SHA384Update(void * context,const uint8_t * input,FX_DWORD length)549 void CRYPT_SHA384Update(void* context, const uint8_t* input, FX_DWORD length) {
550   sha384_context* ctx = (sha384_context*)context;
551   FX_DWORD left, fill;
552   if (!length) {
553     return;
554   }
555   left = (FX_DWORD)ctx->total[0] & 0x7F;
556   fill = 128 - left;
557   ctx->total[0] += length;
558   if (ctx->total[0] < length) {
559     ctx->total[1]++;
560   }
561   if (left && length >= fill) {
562     FXSYS_memcpy((void*)(ctx->buffer + left), (void*)input, fill);
563     sha384_process(ctx, ctx->buffer);
564     length -= fill;
565     input += fill;
566     left = 0;
567   }
568   while (length >= 128) {
569     sha384_process(ctx, input);
570     length -= 128;
571     input += 128;
572   }
573   if (length) {
574     FXSYS_memcpy((void*)(ctx->buffer + left), (void*)input, length);
575   }
576 }
CRYPT_SHA384Finish(void * context,uint8_t digest[48])577 void CRYPT_SHA384Finish(void* context, uint8_t digest[48]) {
578   sha384_context* ctx = (sha384_context*)context;
579   FX_DWORD last, padn;
580   uint8_t msglen[16];
581   FXSYS_memset(msglen, 0, 16);
582   uint64_t high, low;
583   high = (ctx->total[0] >> 29) | (ctx->total[1] << 3);
584   low = (ctx->total[0] << 3);
585   PUT_FX_64DWORD(high, msglen, 0);
586   PUT_FX_64DWORD(low, msglen, 8);
587   last = (FX_DWORD)ctx->total[0] & 0x7F;
588   padn = (last < 112) ? (112 - last) : (240 - last);
589   CRYPT_SHA384Update(ctx, sha384_padding, padn);
590   CRYPT_SHA384Update(ctx, msglen, 16);
591   PUT_FX_64DWORD(ctx->state[0], digest, 0);
592   PUT_FX_64DWORD(ctx->state[1], digest, 8);
593   PUT_FX_64DWORD(ctx->state[2], digest, 16);
594   PUT_FX_64DWORD(ctx->state[3], digest, 24);
595   PUT_FX_64DWORD(ctx->state[4], digest, 32);
596   PUT_FX_64DWORD(ctx->state[5], digest, 40);
597 }
CRYPT_SHA384Generate(const uint8_t * data,FX_DWORD size,uint8_t digest[64])598 void CRYPT_SHA384Generate(const uint8_t* data,
599                           FX_DWORD size,
600                           uint8_t digest[64]) {
601   sha384_context context;
602   CRYPT_SHA384Start(&context);
603   CRYPT_SHA384Update(&context, data, size);
604   CRYPT_SHA384Finish(&context, digest);
605 }
CRYPT_SHA512Start(void * context)606 void CRYPT_SHA512Start(void* context) {
607   if (!context) {
608     return;
609   }
610   sha384_context* ctx = (sha384_context*)context;
611   FXSYS_memset(ctx, 0, sizeof(sha384_context));
612   ctx->state[0] = FX_ato64i("6a09e667f3bcc908");
613   ctx->state[1] = FX_ato64i("bb67ae8584caa73b");
614   ctx->state[2] = FX_ato64i("3c6ef372fe94f82b");
615   ctx->state[3] = FX_ato64i("a54ff53a5f1d36f1");
616   ctx->state[4] = FX_ato64i("510e527fade682d1");
617   ctx->state[5] = FX_ato64i("9b05688c2b3e6c1f");
618   ctx->state[6] = FX_ato64i("1f83d9abfb41bd6b");
619   ctx->state[7] = FX_ato64i("5be0cd19137e2179");
620 }
CRYPT_SHA512Update(void * context,const uint8_t * data,FX_DWORD size)621 void CRYPT_SHA512Update(void* context, const uint8_t* data, FX_DWORD size) {
622   CRYPT_SHA384Update(context, data, size);
623 }
CRYPT_SHA512Finish(void * context,uint8_t digest[64])624 void CRYPT_SHA512Finish(void* context, uint8_t digest[64]) {
625   sha384_context* ctx = (sha384_context*)context;
626   FX_DWORD last, padn;
627   uint8_t msglen[16];
628   FXSYS_memset(msglen, 0, 16);
629   uint64_t high, low;
630   high = (ctx->total[0] >> 29) | (ctx->total[1] << 3);
631   low = (ctx->total[0] << 3);
632   PUT_FX_64DWORD(high, msglen, 0);
633   PUT_FX_64DWORD(low, msglen, 8);
634   last = (FX_DWORD)ctx->total[0] & 0x7F;
635   padn = (last < 112) ? (112 - last) : (240 - last);
636   CRYPT_SHA512Update(ctx, sha384_padding, padn);
637   CRYPT_SHA512Update(ctx, msglen, 16);
638   PUT_FX_64DWORD(ctx->state[0], digest, 0);
639   PUT_FX_64DWORD(ctx->state[1], digest, 8);
640   PUT_FX_64DWORD(ctx->state[2], digest, 16);
641   PUT_FX_64DWORD(ctx->state[3], digest, 24);
642   PUT_FX_64DWORD(ctx->state[4], digest, 32);
643   PUT_FX_64DWORD(ctx->state[5], digest, 40);
644   PUT_FX_64DWORD(ctx->state[6], digest, 48);
645   PUT_FX_64DWORD(ctx->state[7], digest, 56);
646 }
CRYPT_SHA512Generate(const uint8_t * data,FX_DWORD size,uint8_t digest[64])647 void CRYPT_SHA512Generate(const uint8_t* data,
648                           FX_DWORD size,
649                           uint8_t digest[64]) {
650   sha384_context context;
651   CRYPT_SHA512Start(&context);
652   CRYPT_SHA512Update(&context, data, size);
653   CRYPT_SHA512Finish(&context, digest);
654 }
655 #ifdef __cplusplus
656 };
657 #endif
658