Sandboxie/SandboxieTools/ImBox/dc/crypto_small/sha512_small.c

164 lines
5.3 KiB
C

/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
* modified by ntldr, http://diskcryptor.net/
*/
#ifdef _M_ARM64
#include <stdlib.h>
#include <string.h>
#define __stosb memset
#define __movsb memmove
#else
#include <intrin.h>
#endif
#include "sha512_small.h"
// the K array
static const unsigned __int64 K[80] = {
0x428a2f98d728ae22, 0x7137449123ef65cd, 0xb5c0fbcfec4d3b2f, 0xe9b5dba58189dbbc,
0x3956c25bf348b538, 0x59f111f1b605d019, 0x923f82a4af194f9b, 0xab1c5ed5da6d8118,
0xd807aa98a3030242, 0x12835b0145706fbe, 0x243185be4ee4b28c, 0x550c7dc3d5ffb4e2,
0x72be5d74f27b896f, 0x80deb1fe3b1696b1, 0x9bdc06a725c71235, 0xc19bf174cf692694,
0xe49b69c19ef14ad2, 0xefbe4786384f25e3, 0x0fc19dc68b8cd5b5, 0x240ca1cc77ac9c65,
0x2de92c6f592b0275, 0x4a7484aa6ea6e483, 0x5cb0a9dcbd41fbd4, 0x76f988da831153b5,
0x983e5152ee66dfab, 0xa831c66d2db43210, 0xb00327c898fb213f, 0xbf597fc7beef0ee4,
0xc6e00bf33da88fc2, 0xd5a79147930aa725, 0x06ca6351e003826f, 0x142929670a0e6e70,
0x27b70a8546d22ffc, 0x2e1b21385c26c926, 0x4d2c6dfc5ac42aed, 0x53380d139d95b3df,
0x650a73548baf63de, 0x766a0abb3c77b2a8, 0x81c2c92e47edaee6, 0x92722c851482353b,
0xa2bfe8a14cf10364, 0xa81a664bbc423001, 0xc24b8b70d0f89791, 0xc76c51a30654be30,
0xd192e819d6ef5218, 0xd69906245565a910, 0xf40e35855771202a, 0x106aa07032bbd1b8,
0x19a4c116b8d2d0c8, 0x1e376c085141ab53, 0x2748774cdf8eeb99, 0x34b0bcb5e19b48a8,
0x391c0cb3c5c95a63, 0x4ed8aa4ae3418acb, 0x5b9cca4f7763e373, 0x682e6ff3d6b2b8a3,
0x748f82ee5defb2fc, 0x78a5636f43172f60, 0x84c87814a1f0ab72, 0x8cc702081a6439ec,
0x90befffa23631e28, 0xa4506cebde82bde9, 0xbef9a3f7b2c67915, 0xc67178f2e372532b,
0xca273eceea26619c, 0xd186b8c721c0c207, 0xeada7dd6cde0eb1e, 0xf57d4f7fee6ed178,
0x06f067aa72176fba, 0x0a637dc5a2c898a6, 0x113f9804bef90dae, 0x1b710b35131c471b,
0x28db77f523047d84, 0x32caab7b40c72493, 0x3c9ebe0a15c9bebc, 0x431d67c49c100d4c,
0x4cc5d4becb3e42b6, 0x597f299cfc657e2a, 0x5fcb6fab3ad6faec, 0x6c44198c4a475817
};
// initial hash value
static const unsigned __int64 H[8] = {
0x6a09e667f3bcc908, 0xbb67ae8584caa73b, 0x3c6ef372fe94f82b, 0xa54ff53a5f1d36f1,
0x510e527fade682d1, 0x9b05688c2b3e6c1f, 0x1f83d9abfb41bd6b, 0x5be0cd19137e2179
};
// Various logical functions
#define Ch(x,y,z) (z ^ (x & (y ^ z)))
#define Maj(x,y,z) (((x | y) & z) | (x & y))
#define S(x, n) (_rotr64(x, n))
#define R(x, n) ((unsigned __int64)(x) >> (unsigned __int64)(n))
#define Sigma0(x) (S(x, 28) ^ S(x, 34) ^ S(x, 39))
#define Sigma1(x) (S(x, 14) ^ S(x, 18) ^ S(x, 41))
#define Gamma0(x) (S(x, 1) ^ S(x, 8) ^ R(x, 7))
#define Gamma1(x) (S(x, 19) ^ S(x, 61) ^ R(x, 6))
// compress 1024-bits
static void sha512_compress(sha512_ctx *ctx, const unsigned char *buf)
{
unsigned __int64 S[8], W[80], t0, t1;
int i;
// copy state into S
__movsb((unsigned char*)&S, (const unsigned char*)&ctx->hash, sizeof(S));
// copy the state into 1024-bits into W[0..15]
for (i = 0; i < 16; i++) {
W[i] = _byteswap_uint64(((unsigned __int64*)buf)[i]);
}
// fill W[16..79]
for (i = 16; i < 80; i++) {
W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + W[i - 16];
}
// Compress
for (i = 0; i < 80; i++)
{
t0 = S[7] + Sigma1(S[4]) + Ch(S[4], S[5], S[6]) + K[i] + W[i];
t1 = Sigma0(S[0]) + Maj(S[0], S[1], S[2]);
S[7] = S[6];
S[6] = S[5];
S[5] = S[4];
S[4] = S[3] + t0;
S[3] = S[2];
S[2] = S[1];
S[1] = S[0];
S[0] = t0 + t1;
}
for (i = 0; i < 8; i++) {
ctx->hash[i] += S[i];
}
// prevent leaks
__stosb((unsigned char*)&S, 0, sizeof(S));
__stosb((unsigned char*)&W, 0, sizeof(W));
}
// Initialize the hash state
void sha512_init(sha512_ctx *ctx)
{
__movsb((unsigned char*)&ctx->hash, (const unsigned char*)&H, sizeof(H));
ctx->curlen = 0;
ctx->length = 0;
}
// Process a block of memory though the hash
void sha512_add(sha512_ctx *ctx, const unsigned char *in, unsigned long inlen)
{
while (inlen--)
{
ctx->buf[ctx->curlen++] = *in++;
if (ctx->curlen == SHA512_BLOCK_SIZE) {
sha512_compress(ctx, ctx->buf);
ctx->length += 8 * SHA512_BLOCK_SIZE;
ctx->curlen = 0;
}
}
}
// Terminate the hash to get the digest
void sha512_done(sha512_ctx *ctx, unsigned char *out)
{
int i;
// increase the length of the message
ctx->length += ctx->curlen * 8;
// append the '1' bit
ctx->buf[ctx->curlen++] = 0x80;
/* if the length is currently above 112 bytes we append zeros
* then compress. Then we can fall back to padding zeros and length
* encoding like normal.
*/
if (ctx->curlen > 112)
{
while (ctx->curlen < SHA512_BLOCK_SIZE) {
ctx->buf[ctx->curlen++] = 0;
}
sha512_compress(ctx, ctx->buf);
ctx->curlen = 0;
}
/* pad up to 120 bytes of zeroes
* note: that from 112 to 120 is the 64 MSB of the length. We assume that you won't hash
* > 2^64 bits of data... :-)
*/
while (ctx->curlen < 120) {
ctx->buf[ctx->curlen++] = 0;
}
// store length
((unsigned __int64*)ctx->buf)[15] = _byteswap_uint64(ctx->length);
sha512_compress(ctx, ctx->buf);
// copy output
for (i = 0; i < 8; i++) {
((unsigned __int64*)out)[i] = _byteswap_uint64(ctx->hash[i]);
}
}