diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/Makefile.am | 4 | ||||
| -rw-r--r-- | src/fixedint.h | 72 | ||||
| -rw-r--r-- | src/sha1.c | 517 | ||||
| -rw-r--r-- | src/sha256.c | 265 | ||||
| -rw-r--r-- | src/sha512.c | 315 | 
5 files changed, 1173 insertions, 0 deletions
| diff --git a/src/Makefile.am b/src/Makefile.am index 0db7ede..0089b5d 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -18,6 +18,10 @@ libimobiledevice_glue_1_0_la_SOURCES =	\  	cbuf.c          \  	opack.c         \  	tlv.c           \ +	sha1.c          \ +	sha256.c        \ +	sha512.c        \ +	fixedint.h      \  	common.h  if WIN32 diff --git a/src/fixedint.h b/src/fixedint.h new file mode 100644 index 0000000..1a8745b --- /dev/null +++ b/src/fixedint.h @@ -0,0 +1,72 @@ +/* +    Portable header to provide the 32 and 64 bits type. + +    Not a compatible replacement for <stdint.h>, do not blindly use it as such. +*/ + +#if ((defined(__STDC__) && __STDC__ && __STDC_VERSION__ >= 199901L) || (defined(__WATCOMC__) && (defined(_STDINT_H_INCLUDED) || __WATCOMC__ >= 1250)) || (defined(__GNUC__) && (defined(_STDINT_H) || defined(_STDINT_H_) || defined(__UINT_FAST64_TYPE__)) )) && !defined(FIXEDINT_H_INCLUDED) +    #include <stdint.h> +    #define FIXEDINT_H_INCLUDED + +    #if defined(__WATCOMC__) && __WATCOMC__ >= 1250 && !defined(UINT64_C) +        #include <limits.h> +        #define UINT64_C(x) (x + (UINT64_MAX - UINT64_MAX)) +    #endif +#endif + + +#ifndef FIXEDINT_H_INCLUDED +    #define FIXEDINT_H_INCLUDED +     +    #include <limits.h> + +    /* (u)int32_t */ +    #ifndef uint32_t +        #if (ULONG_MAX == 0xffffffffUL) +            typedef unsigned long uint32_t; +        #elif (UINT_MAX == 0xffffffffUL) +            typedef unsigned int uint32_t; +        #elif (USHRT_MAX == 0xffffffffUL) +            typedef unsigned short uint32_t; +        #endif +    #endif + + +    #ifndef int32_t +        #if (LONG_MAX == 0x7fffffffL) +            typedef signed long int32_t; +        #elif (INT_MAX == 0x7fffffffL) +            typedef signed int int32_t; +        #elif (SHRT_MAX == 0x7fffffffL) +            typedef signed short int32_t; +        #endif +    #endif + + +    /* (u)int64_t */ +    #if (defined(__STDC__) && defined(__STDC_VERSION__) && __STDC__ && __STDC_VERSION__ >= 199901L) +        typedef long long int64_t; +        typedef unsigned long long uint64_t; + +        #define UINT64_C(v) v ##ULL +        #define INT64_C(v) v ##LL +    #elif defined(__GNUC__) +        __extension__ typedef long long int64_t; +        __extension__ typedef unsigned long long uint64_t; + +        #define UINT64_C(v) v ##ULL +        #define INT64_C(v) v ##LL +    #elif defined(__MWERKS__) || defined(__SUNPRO_C) || defined(__SUNPRO_CC) || defined(__APPLE_CC__) || defined(_LONG_LONG) || defined(_CRAYC) +        typedef long long int64_t; +        typedef unsigned long long uint64_t; + +        #define UINT64_C(v) v ##ULL +        #define INT64_C(v) v ##LL +    #elif (defined(__WATCOMC__) && defined(__WATCOM_INT64__)) || (defined(_MSC_VER) && _INTEGRAL_MAX_BITS >= 64) || (defined(__BORLANDC__) && __BORLANDC__ > 0x460) || defined(__alpha) || defined(__DECC) +        typedef __int64 int64_t; +        typedef unsigned __int64 uint64_t; + +        #define UINT64_C(v) v ##UI64 +        #define INT64_C(v) v ##I64 +    #endif +#endif diff --git a/src/sha1.c b/src/sha1.c new file mode 100644 index 0000000..46bb8c0 --- /dev/null +++ b/src/sha1.c @@ -0,0 +1,517 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ + +#include "common.h" +#include "libimobiledevice-glue/sha.h" + +#include "fixedint.h" + +#define ROLc(x, y) \ +     ( (((unsigned long)(x)<<(unsigned long)((y)&31)) | \ +       (((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL) +#define ROL ROLc + +#define STORE32H(x, y)                                                                    \ +    { (y)[0] = (unsigned char)(((x)>>24)&255); (y)[1] = (unsigned char)(((x)>>16)&255);   \ +      (y)[2] = (unsigned char)(((x)>>8)&255); (y)[3] = (unsigned char)((x)&255); } + +#define LOAD32H(x, y)                           \ +    { x = ((unsigned long)((y)[0] & 255)<<24) | \ +          ((unsigned long)((y)[1] & 255)<<16) | \ +          ((unsigned long)((y)[2] & 255)<<8)  | \ +          ((unsigned long)((y)[3] & 255)); } + +#define STORE64H(x, y)                                                                     \ +   { (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255);     \ +     (y)[2] = (unsigned char)(((x)>>40)&255); (y)[3] = (unsigned char)(((x)>>32)&255);     \ +     (y)[4] = (unsigned char)(((x)>>24)&255); (y)[5] = (unsigned char)(((x)>>16)&255);     \ +     (y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); } + +#define F0(x,y,z)  (z ^ (x & (y ^ z))) +#define F1(x,y,z)  (x ^ y ^ z) +#define F2(x,y,z)  ((x & y) | (z & (x | y))) +#define F3(x,y,z)  (x ^ y ^ z) +#ifndef MIN +   #define MIN(x, y) ( ((x)<(y))?(x):(y) ) +#endif + +static int  sha1_compress(sha1_context *md, unsigned char *buf) +{ +    uint32_t a,b,c,d,e,W[80],i; +    uint32_t t; +    /* copy the state into 512-bits into W[0..15] */ +    for (i = 0; i < 16; i++) { +        LOAD32H(W[i], buf + (4*i)); +    } +    /* copy state */ +    a = md->state[0]; +    b = md->state[1]; +    c = md->state[2]; +    d = md->state[3]; +    e = md->state[4]; +    /* expand it */ +    for (i = 16; i < 80; i++) { +        W[i] = ROL(W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16], 1);  +    } +    /* compress */ +    /* round one */ +    #define FF0(a,b,c,d,e,i) e = (ROLc(a, 5) + F0(b,c,d) + e + W[i] + 0x5a827999UL); b = ROLc(b, 30); +    #define FF1(a,b,c,d,e,i) e = (ROLc(a, 5) + F1(b,c,d) + e + W[i] + 0x6ed9eba1UL); b = ROLc(b, 30); +    #define FF2(a,b,c,d,e,i) e = (ROLc(a, 5) + F2(b,c,d) + e + W[i] + 0x8f1bbcdcUL); b = ROLc(b, 30); +    #define FF3(a,b,c,d,e,i) e = (ROLc(a, 5) + F3(b,c,d) + e + W[i] + 0xca62c1d6UL); b = ROLc(b, 30); + +    for (i = 0; i < 20; ) { +       FF0(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; +    } +    for (; i < 40; ) { +       FF1(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; +    } +    for (; i < 60; ) { +       FF2(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; +    } +    for (; i < 80; ) { +       FF3(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; +    } + +    #undef FF0 +    #undef FF1 +    #undef FF2 +    #undef FF3 + +    /* store */ +    md->state[0] = md->state[0] + a; +    md->state[1] = md->state[1] + b; +    md->state[2] = md->state[2] + c; +    md->state[3] = md->state[3] + d; +    md->state[4] = md->state[4] + e; +    return 0; +} + +/** +   Initialize the hash state +   @param md   The hash state you wish to initialize +   @return 0 if successful +*/ +int sha1_init(sha1_context * md) +{ +    if (md == NULL) return 1; +    md->state[0] = 0x67452301UL; +    md->state[1] = 0xefcdab89UL; +    md->state[2] = 0x98badcfeUL; +    md->state[3] = 0x10325476UL; +    md->state[4] = 0xc3d2e1f0UL; +    md->curlen = 0; +    md->length = 0; +    return 0; +} + +/** +   Process a block of memory though the hash +   @param md     The hash state +   @param data   The data to hash +   @param inlen  The length of the data (octets) +   @return 0 if successful +*/ +int sha1_update (sha1_context * md, const void *data, size_t inlen) +{ +    const unsigned char* in = (const unsigned char*)data; +    size_t n; +    size_t i; +    int           err; +    if (md == NULL) return 1; +    if (in == NULL) return 1; +    if (md->curlen > sizeof(md->buf)) { +       return 1; +    } +    while (inlen > 0) { +        if (md->curlen == 0 && inlen >= 64) { +           if ((err = sha1_compress (md, (unsigned char *)in)) != 0) { +              return err; +           } +           md->length += 64 * 8; +           in             += 64; +           inlen          -= 64; +        } else { +           n = MIN(inlen, (64 - md->curlen)); + +           for (i = 0; i < n; i++) { +            md->buf[i + md->curlen] = in[i]; +           } + + +           md->curlen += n; +           in             += n; +           inlen          -= n; +           if (md->curlen == 64) { +              if ((err = sha1_compress (md, md->buf)) != 0) { +                 return err; +              } +              md->length += 8*64; +              md->curlen = 0; +           } +       } +    } +    return 0; +} + +/** +   Terminate the hash to get the digest +   @param md  The hash state +   @param out [out] The destination of the hash (20 bytes) +   @return 0 if successful +*/ +int sha1_final(sha1_context * md, unsigned char *out) +{ +    int i; +    if (md == NULL) return 1; +    if (out == NULL) return 1; +    if (md->curlen >= sizeof(md->buf)) { +        return 1; +    } +    /* increase the length of the message */ +    md->length += md->curlen * 8; +    /* append the '1' bit */ +    md->buf[md->curlen++] = (unsigned char)0x80; +    /* if the length is currently above 56 bytes we append zeros +     * then compress.  Then we can fall back to padding zeros and length +     * encoding like normal. +     */ +    if (md->curlen > 56) { +        while (md->curlen < 64) { +            md->buf[md->curlen++] = (unsigned char)0; +        } +        sha1_compress(md, md->buf); +        md->curlen = 0; +    } +    /* pad upto 56 bytes of zeroes */ +    while (md->curlen < 56) { +        md->buf[md->curlen++] = (unsigned char)0; +    } +    /* store length */ +    STORE64H(md->length, md->buf+56); +    sha1_compress(md, md->buf); +    /* copy output */ +    for (i = 0; i < 5; i++) { +        STORE32H(md->state[i], out+(4*i)); +    } +    return 0; +} + +int sha1(const unsigned char *message, size_t message_len, unsigned char *out) +{ +    sha1_context ctx; +    int ret; +    if ((ret = sha1_init(&ctx))) return ret; +    if ((ret = sha1_update(&ctx, message, message_len))) return ret; +    if ((ret = sha1_final(&ctx, out))) return ret; +    return 0; +} + +#if 0 + +/* +SHA-1 in C +By Steve Reid <steve@edmweb.com> +100% Public Domain +Test Vectors (from FIPS PUB 180-1) +"abc" +  A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D +"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" +  84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 +A million repetitions of "a" +  34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F +*/ + +/* #define LITTLE_ENDIAN * This should be #define'd already, if true. */ +/* #define SHA1HANDSOFF * Copies data before messing with it. */ + +#define SHA1HANDSOFF + +#include <stdio.h> +#include <string.h> + +/* for uint32_t */ +#include <stdint.h> + +#include "common.h" +#include "libimobiledevice-glue/sha.h" + + +#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) + +/* blk0() and blk() perform the initial expand. */ +/* I got the idea of expanding during the round function from SSLeay */ +#if BYTE_ORDER == LITTLE_ENDIAN +#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \ +    |(rol(block->l[i],8)&0x00FF00FF)) +#elif BYTE_ORDER == BIG_ENDIAN +#define blk0(i) block->l[i] +#else +#error "Endianness not defined!" +#endif +#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \ +    ^block->l[(i+2)&15]^block->l[i&15],1)) + +/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ +#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30); +#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30); +#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30); +#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30); +#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30); + + +/* Hash a single 512-bit block. This is the core of the algorithm. */ + +static void SHA1Transform( +    uint32_t state[5], +    const unsigned char buffer[64] +) +{ +    uint32_t a, b, c, d, e; + +    typedef union +    { +        unsigned char c[64]; +        uint32_t l[16]; +    } CHAR64LONG16; + +#ifdef SHA1HANDSOFF +    CHAR64LONG16 block[1];      /* use array to appear as a pointer */ + +    memcpy(block, buffer, 64); +#else +    /* The following had better never be used because it causes the +     * pointer-to-const buffer to be cast into a pointer to non-const. +     * And the result is written through.  I threw a "const" in, hoping +     * this will cause a diagnostic. +     */ +    CHAR64LONG16 *block = (const CHAR64LONG16 *) buffer; +#endif +    /* Copy context->state[] to working vars */ +    a = state[0]; +    b = state[1]; +    c = state[2]; +    d = state[3]; +    e = state[4]; +    /* 4 rounds of 20 operations each. Loop unrolled. */ +    R0(a, b, c, d, e, 0); +    R0(e, a, b, c, d, 1); +    R0(d, e, a, b, c, 2); +    R0(c, d, e, a, b, 3); +    R0(b, c, d, e, a, 4); +    R0(a, b, c, d, e, 5); +    R0(e, a, b, c, d, 6); +    R0(d, e, a, b, c, 7); +    R0(c, d, e, a, b, 8); +    R0(b, c, d, e, a, 9); +    R0(a, b, c, d, e, 10); +    R0(e, a, b, c, d, 11); +    R0(d, e, a, b, c, 12); +    R0(c, d, e, a, b, 13); +    R0(b, c, d, e, a, 14); +    R0(a, b, c, d, e, 15); +    R1(e, a, b, c, d, 16); +    R1(d, e, a, b, c, 17); +    R1(c, d, e, a, b, 18); +    R1(b, c, d, e, a, 19); +    R2(a, b, c, d, e, 20); +    R2(e, a, b, c, d, 21); +    R2(d, e, a, b, c, 22); +    R2(c, d, e, a, b, 23); +    R2(b, c, d, e, a, 24); +    R2(a, b, c, d, e, 25); +    R2(e, a, b, c, d, 26); +    R2(d, e, a, b, c, 27); +    R2(c, d, e, a, b, 28); +    R2(b, c, d, e, a, 29); +    R2(a, b, c, d, e, 30); +    R2(e, a, b, c, d, 31); +    R2(d, e, a, b, c, 32); +    R2(c, d, e, a, b, 33); +    R2(b, c, d, e, a, 34); +    R2(a, b, c, d, e, 35); +    R2(e, a, b, c, d, 36); +    R2(d, e, a, b, c, 37); +    R2(c, d, e, a, b, 38); +    R2(b, c, d, e, a, 39); +    R3(a, b, c, d, e, 40); +    R3(e, a, b, c, d, 41); +    R3(d, e, a, b, c, 42); +    R3(c, d, e, a, b, 43); +    R3(b, c, d, e, a, 44); +    R3(a, b, c, d, e, 45); +    R3(e, a, b, c, d, 46); +    R3(d, e, a, b, c, 47); +    R3(c, d, e, a, b, 48); +    R3(b, c, d, e, a, 49); +    R3(a, b, c, d, e, 50); +    R3(e, a, b, c, d, 51); +    R3(d, e, a, b, c, 52); +    R3(c, d, e, a, b, 53); +    R3(b, c, d, e, a, 54); +    R3(a, b, c, d, e, 55); +    R3(e, a, b, c, d, 56); +    R3(d, e, a, b, c, 57); +    R3(c, d, e, a, b, 58); +    R3(b, c, d, e, a, 59); +    R4(a, b, c, d, e, 60); +    R4(e, a, b, c, d, 61); +    R4(d, e, a, b, c, 62); +    R4(c, d, e, a, b, 63); +    R4(b, c, d, e, a, 64); +    R4(a, b, c, d, e, 65); +    R4(e, a, b, c, d, 66); +    R4(d, e, a, b, c, 67); +    R4(c, d, e, a, b, 68); +    R4(b, c, d, e, a, 69); +    R4(a, b, c, d, e, 70); +    R4(e, a, b, c, d, 71); +    R4(d, e, a, b, c, 72); +    R4(c, d, e, a, b, 73); +    R4(b, c, d, e, a, 74); +    R4(a, b, c, d, e, 75); +    R4(e, a, b, c, d, 76); +    R4(d, e, a, b, c, 77); +    R4(c, d, e, a, b, 78); +    R4(b, c, d, e, a, 79); +    /* Add the working vars back into context.state[] */ +    state[0] += a; +    state[1] += b; +    state[2] += c; +    state[3] += d; +    state[4] += e; +    /* Wipe variables */ +    a = b = c = d = e = 0; +#ifdef SHA1HANDSOFF +    memset(block, '\0', sizeof(block)); +#endif +} + + +/* SHA1Init - Initialize new context */ + +void sha1_init( +    sha1_context * context +) +{ +    /* SHA1 initialization constants */ +    context->state[0] = 0x67452301; +    context->state[1] = 0xEFCDAB89; +    context->state[2] = 0x98BADCFE; +    context->state[3] = 0x10325476; +    context->state[4] = 0xC3D2E1F0; +    context->count[0] = context->count[1] = 0; +} + + +/* Run your data through this. */ + +void sha1_update( +    sha1_context * context, +    const void *data, +    size_t len +) +{ +    size_t i; + +    size_t j; + +    j = context->count[0]; +    if ((context->count[0] += len << 3) < j) +        context->count[1]++; +    context->count[1] += (len >> 29); +    j = (j >> 3) & 63; +    if ((j + len) > 63) +    { +        memcpy(&context->buffer[j], data, (i = 64 - j)); +        SHA1Transform(context->state, context->buffer); +        for (; i + 63 < len; i += 64) +        { +            SHA1Transform(context->state, (unsigned char*)data + i); +        } +        j = 0; +    } +    else +        i = 0; +    memcpy(&context->buffer[j], (unsigned char*)data + i, len - i); +} + + +/* Add padding and return the message digest. */ + +void sha1_final( +    sha1_context * context, +    unsigned char digest[20] +) +{ +    unsigned i; + +    unsigned char finalcount[8]; + +    unsigned char c; + +#if 0    /* untested "improvement" by DHR */ +    /* Convert context->count to a sequence of bytes +     * in finalcount.  Second element first, but +     * big-endian order within element. +     * But we do it all backwards. +     */ +    unsigned char *fcp = &finalcount[8]; + +    for (i = 0; i < 2; i++) +    { +        uint32_t t = context->count[i]; + +        int j; + +        for (j = 0; j < 4; t >>= 8, j++) +            *--fcp = (unsigned char) t} +#else +    for (i = 0; i < 8; i++) +    { +        finalcount[i] = (unsigned char) ((context->count[(i >= 4 ? 0 : 1)] >> ((3 - (i & 3)) * 8)) & 255);      /* Endian independent */ +    } +#endif +    c = 0200; +    sha1_update(context, &c, 1); +    while ((context->count[0] & 504) != 448) +    { +        c = 0000; +        sha1_update(context, &c, 1); +    } +    sha1_update(context, finalcount, 8); /* Should cause a SHA1Transform() */ +    for (i = 0; i < 20; i++) +    { +        digest[i] = (unsigned char) +            ((context->state[i >> 2] >> ((3 - (i & 3)) * 8)) & 255); +    } +    /* Wipe variables */ +    memset(context, '\0', sizeof(*context)); +    memset(&finalcount, '\0', sizeof(finalcount)); +} + +void sha1( +    const unsigned char *str, +    size_t len, +    unsigned char *hash_out +) +{ +    sha1_context ctx; +    size_t ii; + +    sha1_init(&ctx); +    for (ii=0; ii<len; ii+=1) +        sha1_update(&ctx, str + ii, 1); +    sha1_final(&ctx, hash_out); +} + + +#endif diff --git a/src/sha256.c b/src/sha256.c new file mode 100644 index 0000000..71be516 --- /dev/null +++ b/src/sha256.c @@ -0,0 +1,265 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ + +#include "common.h" +#include "libimobiledevice-glue/sha.h" + +#include "fixedint.h" + +/* the K array */ +static const uint32_t K[64] = { +    0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL, +    0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL, +    0x243185beUL, 0x550c7dc3UL, 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, +    0xc19bf174UL, 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, +    0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 0x983e5152UL, +    0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 0xc6e00bf3UL, 0xd5a79147UL, +    0x06ca6351UL, 0x14292967UL, 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, +    0x53380d13UL, 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, +    0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 0xd192e819UL, +    0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 0x19a4c116UL, 0x1e376c08UL, +    0x2748774cUL, 0x34b0bcb5UL, 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, +    0x682e6ff3UL, 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, +    0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL +}; + +/* Various logical functions */ + +#define RORc(x, y) \ +    ( ((((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)((y)&31)) | \ +      ((unsigned long)(x)<<(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL) + +#define STORE32H(x, y)                                                                    \ +    { (y)[0] = (unsigned char)(((x)>>24)&255); (y)[1] = (unsigned char)(((x)>>16)&255);   \ +      (y)[2] = (unsigned char)(((x)>>8)&255); (y)[3] = (unsigned char)((x)&255); } + +#define LOAD32H(x, y)                           \ +    { x = ((unsigned long)((y)[0] & 255)<<24) | \ +          ((unsigned long)((y)[1] & 255)<<16) | \ +          ((unsigned long)((y)[2] & 255)<<8)  | \ +          ((unsigned long)((y)[3] & 255)); } + +#define STORE64H(x, y)                                                                     \ +   { (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255);     \ +     (y)[2] = (unsigned char)(((x)>>40)&255); (y)[3] = (unsigned char)(((x)>>32)&255);     \ +     (y)[4] = (unsigned char)(((x)>>24)&255); (y)[5] = (unsigned char)(((x)>>16)&255);     \ +     (y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); } + +#define Ch(x,y,z)       (z ^ (x & (y ^ z))) +#define Maj(x,y,z)      (((x | y) & z) | (x & y))  +#define S(x, n)         RORc((x),(n)) +#define R(x, n)         (((x)&0xFFFFFFFFUL)>>(n)) +#define Sigma0(x)       (S(x, 2) ^ S(x, 13) ^ S(x, 22)) +#define Sigma1(x)       (S(x, 6) ^ S(x, 11) ^ S(x, 25)) +#define Gamma0(x)       (S(x, 7) ^ S(x, 18) ^ R(x, 3)) +#define Gamma1(x)       (S(x, 17) ^ S(x, 19) ^ R(x, 10)) +#ifndef MIN +   #define MIN(x, y) ( ((x)<(y))?(x):(y) ) +#endif + +/* compress 256-bits */ +static int sha256_compress(sha256_context * md, unsigned char *buf) +{ +    uint32_t S[8], W[64], t0, t1; +    uint32_t t; +    int i; +    /* copy state into S */ +    for (i = 0; i < 8; i++) { +        S[i] = md->state[i]; +    } +    /* copy the state into 512-bits into W[0..15] */ +    for (i = 0; i < 16; i++) { +        LOAD32H(W[i], buf + (4*i)); +    } +    /* fill W[16..63] */ +    for (i = 16; i < 64; i++) { +        W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + W[i - 16]; +    } +    /* Compress */ +    #define RND(a,b,c,d,e,f,g,h,i) \ +    t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \ +    t1 = Sigma0(a) + Maj(a, b, c); \ +    d += t0; \ +    h  = t0 + t1; +    for (i = 0; i < 64; ++i) { +        RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],i); +        t = S[7]; S[7] = S[6]; S[6] = S[5]; S[5] = S[4];  +        S[4] = S[3]; S[3] = S[2]; S[2] = S[1]; S[1] = S[0]; S[0] = t; +    } +    #undef RND +    /* feedback */ +    for (i = 0; i < 8; i++) { +        md->state[i] = md->state[i] + S[i]; +    } +    return 0; +} + +/** +   Initialize the hash state +   @param md   The hash state you wish to initialize +   @return CRYPT_OK if successful +*/ +int sha256_init(sha256_context * md) +{ +    if (md == NULL) return 1; +    md->curlen = 0; +    md->length = 0; +    md->state[0] = 0x6A09E667UL; +    md->state[1] = 0xBB67AE85UL; +    md->state[2] = 0x3C6EF372UL; +    md->state[3] = 0xA54FF53AUL; +    md->state[4] = 0x510E527FUL; +    md->state[5] = 0x9B05688CUL; +    md->state[6] = 0x1F83D9ABUL; +    md->state[7] = 0x5BE0CD19UL; +    md->num_dwords = 8; +    return 0; +} + +/** +   Process a block of memory though the hash +   @param md     The hash state +   @param data   The data to hash +   @param inlen  The length of the data (octets) +   @return 0 if successful +*/ +int sha256_update (sha256_context * md, const void *data, size_t inlen) +{ +    const unsigned char* in = (const unsigned char*)data; +    size_t n; +    size_t i; +    int           err; +    if (md == NULL) return 1; +    if (in == NULL) return 1; +    if (md->curlen > sizeof(md->buf)) { +       return 1; +    } +    while (inlen > 0) { +        if (md->curlen == 0 && inlen >= 64) { +           if ((err = sha256_compress (md, (unsigned char *)in)) != 0) { +              return err; +           } +           md->length += 64 * 8; +           in             += 64; +           inlen          -= 64; +        } else { +           n = MIN(inlen, (64 - md->curlen)); + +           for (i = 0; i < n; i++) { +            md->buf[i + md->curlen] = in[i]; +           } + + +           md->curlen += n; +           in             += n; +           inlen          -= n; +           if (md->curlen == 64) { +              if ((err = sha256_compress (md, md->buf)) != 0) { +                 return err; +              } +              md->length += 8*64; +              md->curlen = 0; +           } +       } +    } +    return 0; +} + +/** +   Terminate the hash to get the digest +   @param md  The hash state +   @param out [out] The destination of the hash (32 bytes) +   @return 0 if successful +*/ +int sha256_final(sha256_context * md, unsigned char *out) +{ +    int i; +    if (md == NULL) return 1; +    if (out == NULL) return 1; +    if (md->curlen >= sizeof(md->buf)) { +       return 1; +    } +    /* increase the length of the message */ +    md->length += md->curlen * 8; +    /* append the '1' bit */ +    md->buf[md->curlen++] = (unsigned char)0x80; +    /* if the length is currently above 56 bytes we append zeros +     * then compress.  Then we can fall back to padding zeros and length +     * encoding like normal. +     */ +    if (md->curlen > 56) { +        while (md->curlen < 64) { +            md->buf[md->curlen++] = (unsigned char)0; +        } +        sha256_compress(md, md->buf); +        md->curlen = 0; +    } +    /* pad upto 56 bytes of zeroes */ +    while (md->curlen < 56) { +        md->buf[md->curlen++] = (unsigned char)0; +    } +    /* store length */ +    STORE64H(md->length, md->buf+56); +    sha256_compress(md, md->buf); +    /* copy output */ +    for (i = 0; i < md->num_dwords; i++) { +        STORE32H(md->state[i], out+(4*i)); +    } +    return 0; +} + +int sha256(const unsigned char *message, size_t message_len, unsigned char *out) +{ +    sha256_context ctx; +    int ret; +    if ((ret = sha256_init(&ctx))) return ret; +    if ((ret = sha256_update(&ctx, message, message_len))) return ret; +    if ((ret = sha256_final(&ctx, out))) return ret; +    return 0; +} + +int sha224_init(sha224_context * md) { +    if (md == NULL) return 1; + +    md->curlen = 0; +    md->length = 0; +    md->state[0] = 0xc1059ed8UL; +    md->state[1] = 0x367cd507UL; +    md->state[2] = 0x3070dd17UL; +    md->state[3] = 0xf70e5939UL; +    md->state[4] = 0xffc00b31UL; +    md->state[5] = 0x68581511UL; +    md->state[6] = 0x64f98fa7UL; +    md->state[7] = 0xbefa4fa4UL; +    md->num_dwords = 6; + +    return 0; +} + +int sha224_update(sha224_context * md, const void *data, size_t inlen) +{ +    return sha256_update(md, data, inlen); +} + +int sha224_final(sha224_context * md, unsigned char* out) +{ +    return sha256_final(md, out); +} + +int sha224(const unsigned char *message, size_t message_len, unsigned char *out) +{ +    sha224_context ctx; +    int ret; +    if ((ret = sha224_init(&ctx))) return ret; +    if ((ret = sha224_update(&ctx, message, message_len))) return ret; +    if ((ret = sha224_final(&ctx, out))) return ret; +    return 0; +} diff --git a/src/sha512.c b/src/sha512.c new file mode 100644 index 0000000..62c7159 --- /dev/null +++ b/src/sha512.c @@ -0,0 +1,315 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtom.org + */ + +#include "fixedint.h" + +#include "common.h" +#include "libimobiledevice-glue/sha.h" + +/* the K array */ +static const uint64_t K[80] = { +    UINT64_C(0x428a2f98d728ae22), UINT64_C(0x7137449123ef65cd),  +    UINT64_C(0xb5c0fbcfec4d3b2f), UINT64_C(0xe9b5dba58189dbbc), +    UINT64_C(0x3956c25bf348b538), UINT64_C(0x59f111f1b605d019),  +    UINT64_C(0x923f82a4af194f9b), UINT64_C(0xab1c5ed5da6d8118), +    UINT64_C(0xd807aa98a3030242), UINT64_C(0x12835b0145706fbe),  +    UINT64_C(0x243185be4ee4b28c), UINT64_C(0x550c7dc3d5ffb4e2), +    UINT64_C(0x72be5d74f27b896f), UINT64_C(0x80deb1fe3b1696b1),  +    UINT64_C(0x9bdc06a725c71235), UINT64_C(0xc19bf174cf692694), +    UINT64_C(0xe49b69c19ef14ad2), UINT64_C(0xefbe4786384f25e3),  +    UINT64_C(0x0fc19dc68b8cd5b5), UINT64_C(0x240ca1cc77ac9c65), +    UINT64_C(0x2de92c6f592b0275), UINT64_C(0x4a7484aa6ea6e483),  +    UINT64_C(0x5cb0a9dcbd41fbd4), UINT64_C(0x76f988da831153b5), +    UINT64_C(0x983e5152ee66dfab), UINT64_C(0xa831c66d2db43210),  +    UINT64_C(0xb00327c898fb213f), UINT64_C(0xbf597fc7beef0ee4), +    UINT64_C(0xc6e00bf33da88fc2), UINT64_C(0xd5a79147930aa725),  +    UINT64_C(0x06ca6351e003826f), UINT64_C(0x142929670a0e6e70), +    UINT64_C(0x27b70a8546d22ffc), UINT64_C(0x2e1b21385c26c926),  +    UINT64_C(0x4d2c6dfc5ac42aed), UINT64_C(0x53380d139d95b3df), +    UINT64_C(0x650a73548baf63de), UINT64_C(0x766a0abb3c77b2a8),  +    UINT64_C(0x81c2c92e47edaee6), UINT64_C(0x92722c851482353b), +    UINT64_C(0xa2bfe8a14cf10364), UINT64_C(0xa81a664bbc423001), +    UINT64_C(0xc24b8b70d0f89791), UINT64_C(0xc76c51a30654be30), +    UINT64_C(0xd192e819d6ef5218), UINT64_C(0xd69906245565a910),  +    UINT64_C(0xf40e35855771202a), UINT64_C(0x106aa07032bbd1b8), +    UINT64_C(0x19a4c116b8d2d0c8), UINT64_C(0x1e376c085141ab53),  +    UINT64_C(0x2748774cdf8eeb99), UINT64_C(0x34b0bcb5e19b48a8), +    UINT64_C(0x391c0cb3c5c95a63), UINT64_C(0x4ed8aa4ae3418acb),  +    UINT64_C(0x5b9cca4f7763e373), UINT64_C(0x682e6ff3d6b2b8a3), +    UINT64_C(0x748f82ee5defb2fc), UINT64_C(0x78a5636f43172f60),  +    UINT64_C(0x84c87814a1f0ab72), UINT64_C(0x8cc702081a6439ec), +    UINT64_C(0x90befffa23631e28), UINT64_C(0xa4506cebde82bde9),  +    UINT64_C(0xbef9a3f7b2c67915), UINT64_C(0xc67178f2e372532b), +    UINT64_C(0xca273eceea26619c), UINT64_C(0xd186b8c721c0c207),  +    UINT64_C(0xeada7dd6cde0eb1e), UINT64_C(0xf57d4f7fee6ed178), +    UINT64_C(0x06f067aa72176fba), UINT64_C(0x0a637dc5a2c898a6),  +    UINT64_C(0x113f9804bef90dae), UINT64_C(0x1b710b35131c471b), +    UINT64_C(0x28db77f523047d84), UINT64_C(0x32caab7b40c72493),  +    UINT64_C(0x3c9ebe0a15c9bebc), UINT64_C(0x431d67c49c100d4c), +    UINT64_C(0x4cc5d4becb3e42b6), UINT64_C(0x597f299cfc657e2a),  +    UINT64_C(0x5fcb6fab3ad6faec), UINT64_C(0x6c44198c4a475817) +}; + +/* Various logical functions */ + +#define ROR64c(x, y) \ +    ( ((((x)&UINT64_C(0xFFFFFFFFFFFFFFFF))>>((uint64_t)(y)&UINT64_C(63))) | \ +      ((x)<<((uint64_t)(64-((y)&UINT64_C(63)))))) & UINT64_C(0xFFFFFFFFFFFFFFFF)) + +#define STORE64H(x, y)                                                                     \ +   { (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255);     \ +     (y)[2] = (unsigned char)(((x)>>40)&255); (y)[3] = (unsigned char)(((x)>>32)&255);     \ +     (y)[4] = (unsigned char)(((x)>>24)&255); (y)[5] = (unsigned char)(((x)>>16)&255);     \ +     (y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); } + +#define LOAD64H(x, y)                                                      \ +   { x = (((uint64_t)((y)[0] & 255))<<56)|(((uint64_t)((y)[1] & 255))<<48) | \ +         (((uint64_t)((y)[2] & 255))<<40)|(((uint64_t)((y)[3] & 255))<<32) | \ +         (((uint64_t)((y)[4] & 255))<<24)|(((uint64_t)((y)[5] & 255))<<16) | \ +         (((uint64_t)((y)[6] & 255))<<8)|(((uint64_t)((y)[7] & 255))); } + + +#define Ch(x,y,z)       (z ^ (x & (y ^ z))) +#define Maj(x,y,z)      (((x | y) & z) | (x & y))  +#define S(x, n)         ROR64c(x, n) +#define R(x, n)         (((x) &UINT64_C(0xFFFFFFFFFFFFFFFF))>>((uint64_t)n)) +#define Sigma0(x)       (S(x, 28) ^ S(x, 34) ^ S(x, 39)) +#define Sigma1(x)       (S(x, 14) ^ S(x, 18) ^ S(x, 41)) +#define Gamma0(x)       (S(x, 1) ^ S(x, 8) ^ R(x, 7)) +#define Gamma1(x)       (S(x, 19) ^ S(x, 61) ^ R(x, 6)) +#ifndef MIN +   #define MIN(x, y) ( ((x)<(y))?(x):(y) ) +#endif + +/* compress 1024-bits */ +static int sha512_compress(sha512_context *md, unsigned char *buf) +{ +    uint64_t S[8], W[80], t0, t1; +    int i; + +    /* copy state into S */ +    for (i = 0; i < 8; i++) { +        S[i] = md->state[i]; +    } + +    /* copy the state into 1024-bits into W[0..15] */ +    for (i = 0; i < 16; i++) { +        LOAD64H(W[i], buf + (8*i)); +    } + +    /* fill W[16..79] */ +    for (i = 16; i < 80; i++) { +        W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + W[i - 16]; +    } + +    /* Compress */ +    #define RND(a,b,c,d,e,f,g,h,i) \ +    t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \ +    t1 = Sigma0(a) + Maj(a, b, c);\ +    d += t0; \ +    h  = t0 + t1; + +    for (i = 0; i < 80; i += 8) { +        RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],i+0); +        RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],i+1); +        RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],i+2); +        RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],i+3); +        RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],i+4); +        RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],i+5); +        RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],i+6); +        RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],i+7); +    } + +    #undef RND + +    /* feedback */ +    for (i = 0; i < 8; i++) { +        md->state[i] = md->state[i] + S[i]; +    } + +    return 0; +} + + +/** +   Initialize the hash state +   @param md   The hash state you wish to initialize +   @return 0 if successful +*/ +int sha512_init(sha512_context * md) { +    if (md == NULL) return 1; + +    md->curlen = 0; +    md->length = 0; +    md->state[0] = UINT64_C(0x6a09e667f3bcc908); +    md->state[1] = UINT64_C(0xbb67ae8584caa73b); +    md->state[2] = UINT64_C(0x3c6ef372fe94f82b); +    md->state[3] = UINT64_C(0xa54ff53a5f1d36f1); +    md->state[4] = UINT64_C(0x510e527fade682d1); +    md->state[5] = UINT64_C(0x9b05688c2b3e6c1f); +    md->state[6] = UINT64_C(0x1f83d9abfb41bd6b); +    md->state[7] = UINT64_C(0x5be0cd19137e2179); +    md->num_qwords = 8; + +    return 0; +} + +/** +   Process a block of memory though the hash +   @param md     The hash state +   @param data   The data to hash +   @param inlen  The length of the data (octets) +   @return 0 if successful +*/ +int sha512_update (sha512_context * md, const void *data, size_t inlen) +{ +    const unsigned char* in = (const unsigned char*)data; +    size_t n; +    size_t i; +    int           err; +    if (md == NULL) return 1; +    if (in == NULL) return 1; +    if (md->curlen > sizeof(md->buf)) { +       return 1; +    } +    while (inlen > 0) { +        if (md->curlen == 0 && inlen >= 128) { +           if ((err = sha512_compress (md, (unsigned char *)in)) != 0) { +              return err; +           } +           md->length += 128 * 8; +           in             += 128; +           inlen          -= 128; +        } else { +           n = MIN(inlen, (128 - md->curlen)); + +           for (i = 0; i < n; i++) { +            md->buf[i + md->curlen] = in[i]; +           } + + +           md->curlen += n; +           in             += n; +           inlen          -= n; +           if (md->curlen == 128) { +              if ((err = sha512_compress (md, md->buf)) != 0) { +                 return err; +              } +              md->length += 8*128; +              md->curlen = 0; +           } +       } +    } +    return 0; +} + +/** +   Terminate the hash to get the digest +   @param md  The hash state +   @param out [out] The destination of the hash (64 bytes) +   @return 0 if successful +*/ +int sha512_final(sha512_context * md, unsigned char *out) +{ +    int i; + +    if (md == NULL) return 1; +    if (out == NULL) return 1; + +    if (md->curlen >= sizeof(md->buf)) { +        return 1; +    } + +    /* increase the length of the message */ +    md->length += md->curlen * UINT64_C(8); + +    /* append the '1' bit */ +    md->buf[md->curlen++] = (unsigned char)0x80; + +    /* if the length is currently above 112 bytes we append zeros +     * then compress.  Then we can fall back to padding zeros and length +     * encoding like normal. +     */ +    if (md->curlen > 112) { +        while (md->curlen < 128) { +            md->buf[md->curlen++] = (unsigned char)0; +        } +        sha512_compress(md, md->buf); +        md->curlen = 0; +    } + +    /* pad upto 120 bytes of zeroes  +     * note: that from 112 to 120 is the 64 MSB of the length.  We assume that you won't hash +     * > 2^64 bits of data... :-) +     */ +    while (md->curlen < 120) { +        md->buf[md->curlen++] = (unsigned char)0; +    } + +    /* store length */ +    STORE64H(md->length, md->buf+120); +    sha512_compress(md, md->buf); + +    /* copy output */ +    for (i = 0; i < md->num_qwords; i++) { +        STORE64H(md->state[i], out+(8*i)); +    } + +    return 0; +} + +int sha512(const unsigned char *message, size_t message_len, unsigned char *out) +{ +    sha512_context ctx; +    int ret; +    if ((ret = sha512_init(&ctx))) return ret; +    if ((ret = sha512_update(&ctx, message, message_len))) return ret; +    if ((ret = sha512_final(&ctx, out))) return ret; +    return 0; +} + +int sha384_init(sha384_context * md) { +    if (md == NULL) return 1; + +    md->curlen = 0; +    md->length = 0; +    md->state[0] = UINT64_C(0xcbbb9d5dc1059ed8); +    md->state[1] = UINT64_C(0x629a292a367cd507); +    md->state[2] = UINT64_C(0x9159015a3070dd17); +    md->state[3] = UINT64_C(0x152fecd8f70e5939); +    md->state[4] = UINT64_C(0x67332667ffc00b31); +    md->state[5] = UINT64_C(0x8eb44a8768581511); +    md->state[6] = UINT64_C(0xdb0c2e0d64f98fa7); +    md->state[7] = UINT64_C(0x47b5481dbefa4fa4); +    md->num_qwords = 6; + +    return 0; +} + +int sha384_update(sha384_context * md, const void *data, size_t inlen) +{ +    return sha512_update(md, data, inlen); +} + +int sha384_final(sha384_context * md, unsigned char* out) +{ +    return sha512_final(md, out); +} + +int sha384(const unsigned char *message, size_t message_len, unsigned char *out) +{ +    sha384_context ctx; +    int ret; +    if ((ret = sha384_init(&ctx))) return ret; +    if ((ret = sha384_update(&ctx, message, message_len))) return ret; +    if ((ret = sha384_final(&ctx, out))) return ret; +    return 0; +} | 
