[445] | 1 | /* SAMHAIN file system integrity testing */
|
---|
| 2 | /* Copyright (C) 2013 Rainer Wichmann */
|
---|
| 3 | /* */
|
---|
| 4 | /* This program is free software; you can redistribute it */
|
---|
| 5 | /* and/or modify */
|
---|
| 6 | /* it under the terms of the GNU General Public License as */
|
---|
| 7 | /* published by */
|
---|
| 8 | /* the Free Software Foundation; either version 2 of the License, or */
|
---|
| 9 | /* (at your option) any later version. */
|
---|
| 10 | /* */
|
---|
| 11 | /* This program is distributed in the hope that it will be useful, */
|
---|
| 12 | /* but WITHOUT ANY WARRANTY; without even the implied warranty of */
|
---|
| 13 | /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
|
---|
| 14 | /* GNU General Public License for more details. */
|
---|
| 15 | /* */
|
---|
| 16 | /* You should have received a copy of the GNU General Public License */
|
---|
| 17 | /* along with this program; if not, write to the Free Software */
|
---|
| 18 | /* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
|
---|
| 19 |
|
---|
| 20 | #include "config_xor.h"
|
---|
| 21 | #include "samhain.h"
|
---|
| 22 | #include "sh_checksum.h"
|
---|
| 23 | #include <string.h>
|
---|
| 24 |
|
---|
| 25 | #undef FIL__
|
---|
| 26 | #define FIL__ _("sh_checksum.c")
|
---|
| 27 |
|
---|
| 28 | /*
|
---|
| 29 | * sha2.c
|
---|
| 30 | *
|
---|
| 31 | * Version 1.0.0beta1
|
---|
| 32 | *
|
---|
| 33 | * Written by Aaron D. Gifford <me@aarongifford.com>
|
---|
| 34 | *
|
---|
| 35 | * Copyright 2000 Aaron D. Gifford. All rights reserved.
|
---|
| 36 | *
|
---|
| 37 | * Redistribution and use in source and binary forms, with or without
|
---|
| 38 | * modification, are permitted provided that the following conditions
|
---|
| 39 | * are met:
|
---|
| 40 | * 1. Redistributions of source code must retain the above copyright
|
---|
| 41 | * notice, this list of conditions and the following disclaimer.
|
---|
| 42 | * 2. Redistributions in binary form must reproduce the above copyright
|
---|
| 43 | * notice, this list of conditions and the following disclaimer in the
|
---|
| 44 | * documentation and/or other materials provided with the distribution.
|
---|
| 45 | * 3. Neither the name of the copyright holder nor the names of contributors
|
---|
| 46 | * may be used to endorse or promote products derived from this software
|
---|
| 47 | * without specific prior written permission.
|
---|
| 48 | *
|
---|
| 49 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTOR(S) ``AS IS'' AND
|
---|
| 50 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
---|
| 51 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
---|
| 52 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTOR(S) BE LIABLE
|
---|
| 53 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
---|
| 54 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
---|
| 55 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
---|
| 56 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
---|
| 57 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
---|
| 58 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
---|
| 59 | * SUCH DAMAGE.
|
---|
| 60 | *
|
---|
| 61 | */
|
---|
| 62 |
|
---|
| 63 | /* Modified for use in samhain by R. Wichmann */
|
---|
| 64 |
|
---|
| 65 | #if WORDS_BIGENDIAN
|
---|
| 66 | #define SHA2_BIG_ENDIAN 4321
|
---|
| 67 | #define SHA2_BYTE_ORDER SHA2_BIG_ENDIAN
|
---|
| 68 | #else
|
---|
| 69 | #define SHA2_LITTLE_ENDIAN 1234
|
---|
| 70 | #define SHA2_BYTE_ORDER SHA2_LITTLE_ENDIAN
|
---|
| 71 | #endif
|
---|
| 72 |
|
---|
| 73 | #if SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN
|
---|
| 74 | #define REVERSE32(w,x) { \
|
---|
| 75 | sha2_word32 tmp = (w); \
|
---|
| 76 | tmp = (tmp >> 16) | (tmp << 16); \
|
---|
| 77 | (x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \
|
---|
| 78 | }
|
---|
| 79 | #define REVERSE64(w,x) { \
|
---|
| 80 | sha2_word64 tmp = (w); \
|
---|
| 81 | tmp = (tmp >> 32) | (tmp << 32); \
|
---|
| 82 | tmp = ((tmp & 0xff00ff00ff00ff00ULL) >> 8) | \
|
---|
| 83 | ((tmp & 0x00ff00ff00ff00ffULL) << 8); \
|
---|
| 84 | (x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) | \
|
---|
| 85 | ((tmp & 0x0000ffff0000ffffULL) << 16); \
|
---|
| 86 | }
|
---|
| 87 | #endif
|
---|
| 88 |
|
---|
| 89 | /*
|
---|
| 90 | * Macro for incrementally adding the unsigned 64-bit integer n to the
|
---|
| 91 | * unsigned 128-bit integer (represented using a two-element array of
|
---|
| 92 | * 64-bit words):
|
---|
| 93 | */
|
---|
| 94 | #define ADDINC128(w,n) { \
|
---|
| 95 | (w)[0] += (sha2_word64)(n); \
|
---|
| 96 | if ((w)[0] < (n)) { \
|
---|
| 97 | (w)[1]++; \
|
---|
| 98 | } \
|
---|
| 99 | }
|
---|
| 100 |
|
---|
| 101 | /*** THE SIX LOGICAL FUNCTIONS ****************************************/
|
---|
| 102 | /*
|
---|
| 103 | * Bit shifting and rotation (used by the six SHA-XYZ logical functions:
|
---|
| 104 | *
|
---|
| 105 | * NOTE: The naming of R and S appears backwards here (R is a SHIFT and
|
---|
| 106 | * S is a ROTATION) because the SHA-256/384/512 description document
|
---|
| 107 | * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this
|
---|
| 108 | * same "backwards" definition.
|
---|
| 109 | */
|
---|
| 110 | /* Shift-right (used in SHA-256, SHA-384, and SHA-512): */
|
---|
| 111 | #define R(b,x) ((x) >> (b))
|
---|
| 112 | /* 32-bit Rotate-right (used in SHA-256): */
|
---|
| 113 | #define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b))))
|
---|
| 114 | /* 64-bit Rotate-right (used in SHA-384 and SHA-512): */
|
---|
| 115 | #define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b))))
|
---|
| 116 |
|
---|
| 117 | /* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */
|
---|
| 118 | #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
|
---|
| 119 | #define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
|
---|
| 120 |
|
---|
| 121 | /* Four of six logical functions used in SHA-256: */
|
---|
| 122 | #define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x)))
|
---|
| 123 | #define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x)))
|
---|
| 124 | #define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x)))
|
---|
| 125 | #define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x)))
|
---|
| 126 |
|
---|
| 127 | /*** INTERNAL FUNCTION PROTOTYPES *************************************/
|
---|
| 128 | /* NOTE: These should not be accessed directly from outside this
|
---|
| 129 | * library -- they are intended for private internal visibility/use
|
---|
| 130 | * only.
|
---|
| 131 | */
|
---|
| 132 | void SHA256_Transform(SHA256_CTX*, const sha2_word32*);
|
---|
| 133 |
|
---|
| 134 | /*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/
|
---|
| 135 | /* Hash constant words K for SHA-256: */
|
---|
| 136 | static const sha2_word32 K256[64] = {
|
---|
| 137 | 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
|
---|
| 138 | 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
|
---|
| 139 | 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
|
---|
| 140 | 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
|
---|
| 141 | 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
|
---|
| 142 | 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
|
---|
| 143 | 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
|
---|
| 144 | 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
|
---|
| 145 | 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
|
---|
| 146 | 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
|
---|
| 147 | 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
|
---|
| 148 | 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
|
---|
| 149 | 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
|
---|
| 150 | 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
|
---|
| 151 | 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
|
---|
| 152 | 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
|
---|
| 153 | };
|
---|
| 154 |
|
---|
| 155 | /* Initial hash value H for SHA-256: */
|
---|
| 156 | static const sha2_word32 sha256_initial_hash_value[8] = {
|
---|
| 157 | 0x6a09e667UL,
|
---|
| 158 | 0xbb67ae85UL,
|
---|
| 159 | 0x3c6ef372UL,
|
---|
| 160 | 0xa54ff53aUL,
|
---|
| 161 | 0x510e527fUL,
|
---|
| 162 | 0x9b05688cUL,
|
---|
| 163 | 0x1f83d9abUL,
|
---|
| 164 | 0x5be0cd19UL
|
---|
| 165 | };
|
---|
| 166 |
|
---|
| 167 | /*
|
---|
| 168 | * Constant used by SHA256/384/512_End() functions for converting the
|
---|
| 169 | * digest to a readable hexadecimal character string:
|
---|
| 170 | */
|
---|
| 171 | static const char *sha2_hex_digits = "0123456789abcdef";
|
---|
| 172 |
|
---|
| 173 | /*** SHA-256: *********************************************************/
|
---|
| 174 | void SHA256_Init(SHA256_CTX* context) {
|
---|
| 175 | if (context == (SHA256_CTX*)0) {
|
---|
| 176 | return;
|
---|
| 177 | }
|
---|
| 178 | memcpy(context->state, sha256_initial_hash_value, SHA256_DIGEST_LENGTH);
|
---|
| 179 | /* bcopy(sha256_initial_hash_value, context->state, SHA256_DIGEST_LENGTH); */
|
---|
| 180 | memset(context->buffer, 0, SHA256_BLOCK_LENGTH);
|
---|
| 181 | /* bzero(context->buffer, SHA256_BLOCK_LENGTH); */
|
---|
| 182 |
|
---|
| 183 | context->bitcount = 0;
|
---|
| 184 | }
|
---|
| 185 |
|
---|
| 186 | #ifdef SHA2_UNROLL_TRANSFORM
|
---|
| 187 |
|
---|
| 188 | /* Unrolled SHA-256 round macros: */
|
---|
| 189 |
|
---|
| 190 | #if SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN
|
---|
| 191 |
|
---|
| 192 | #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
|
---|
| 193 | REVERSE32(*data++, W256[j]); \
|
---|
| 194 | T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
|
---|
| 195 | K256[j] + W256[j]; \
|
---|
| 196 | (d) += T1; \
|
---|
| 197 | (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
|
---|
| 198 | j++
|
---|
| 199 |
|
---|
| 200 | #else /* SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN */
|
---|
| 201 |
|
---|
| 202 | #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
|
---|
| 203 | T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
|
---|
| 204 | K256[j] + (W256[j] = *data++); \
|
---|
| 205 | (d) += T1; \
|
---|
| 206 | (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
|
---|
| 207 | j++
|
---|
| 208 |
|
---|
| 209 | #endif /* SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN */
|
---|
| 210 |
|
---|
| 211 | #define ROUND256(a,b,c,d,e,f,g,h) \
|
---|
| 212 | s0 = W256[(j+1)&0x0f]; \
|
---|
| 213 | s0 = sigma0_256(s0); \
|
---|
| 214 | s1 = W256[(j+14)&0x0f]; \
|
---|
| 215 | s1 = sigma1_256(s1); \
|
---|
| 216 | T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \
|
---|
| 217 | (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \
|
---|
| 218 | (d) += T1; \
|
---|
| 219 | (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
|
---|
| 220 | j++
|
---|
| 221 |
|
---|
| 222 | void SHA256_Transform(SHA256_CTX* context, const sha2_word32* data) {
|
---|
| 223 | sha2_word32 a, b, c, d, e, f, g, h, s0, s1;
|
---|
| 224 | sha2_word32 T1, *W256;
|
---|
| 225 | int j;
|
---|
| 226 |
|
---|
| 227 | W256 = (sha2_word32*)context->buffer;
|
---|
| 228 |
|
---|
| 229 | /* Initialize registers with the prev. intermediate value */
|
---|
| 230 | a = context->state[0];
|
---|
| 231 | b = context->state[1];
|
---|
| 232 | c = context->state[2];
|
---|
| 233 | d = context->state[3];
|
---|
| 234 | e = context->state[4];
|
---|
| 235 | f = context->state[5];
|
---|
| 236 | g = context->state[6];
|
---|
| 237 | h = context->state[7];
|
---|
| 238 |
|
---|
| 239 | j = 0;
|
---|
| 240 | do {
|
---|
| 241 | /* Rounds 0 to 15 (unrolled): */
|
---|
| 242 | ROUND256_0_TO_15(a,b,c,d,e,f,g,h);
|
---|
| 243 | ROUND256_0_TO_15(h,a,b,c,d,e,f,g);
|
---|
| 244 | ROUND256_0_TO_15(g,h,a,b,c,d,e,f);
|
---|
| 245 | ROUND256_0_TO_15(f,g,h,a,b,c,d,e);
|
---|
| 246 | ROUND256_0_TO_15(e,f,g,h,a,b,c,d);
|
---|
| 247 | ROUND256_0_TO_15(d,e,f,g,h,a,b,c);
|
---|
| 248 | ROUND256_0_TO_15(c,d,e,f,g,h,a,b);
|
---|
| 249 | ROUND256_0_TO_15(b,c,d,e,f,g,h,a);
|
---|
| 250 | } while (j < 16);
|
---|
| 251 |
|
---|
| 252 | /* Now for the remaining rounds to 64: */
|
---|
| 253 | do {
|
---|
| 254 | ROUND256(a,b,c,d,e,f,g,h);
|
---|
| 255 | ROUND256(h,a,b,c,d,e,f,g);
|
---|
| 256 | ROUND256(g,h,a,b,c,d,e,f);
|
---|
| 257 | ROUND256(f,g,h,a,b,c,d,e);
|
---|
| 258 | ROUND256(e,f,g,h,a,b,c,d);
|
---|
| 259 | ROUND256(d,e,f,g,h,a,b,c);
|
---|
| 260 | ROUND256(c,d,e,f,g,h,a,b);
|
---|
| 261 | ROUND256(b,c,d,e,f,g,h,a);
|
---|
| 262 | } while (j < 64);
|
---|
| 263 |
|
---|
| 264 | /* Compute the current intermediate hash value */
|
---|
| 265 | context->state[0] += a;
|
---|
| 266 | context->state[1] += b;
|
---|
| 267 | context->state[2] += c;
|
---|
| 268 | context->state[3] += d;
|
---|
| 269 | context->state[4] += e;
|
---|
| 270 | context->state[5] += f;
|
---|
| 271 | context->state[6] += g;
|
---|
| 272 | context->state[7] += h;
|
---|
| 273 |
|
---|
| 274 | /* Clean up */
|
---|
| 275 | a = b = c = d = e = f = g = h = T1 = 0;
|
---|
| 276 | }
|
---|
| 277 |
|
---|
| 278 | #else /* SHA2_UNROLL_TRANSFORM */
|
---|
| 279 |
|
---|
| 280 | void SHA256_Transform(SHA256_CTX* context, const sha2_word32* data) {
|
---|
| 281 | sha2_word32 a, b, c, d, e, f, g, h, s0, s1;
|
---|
| 282 | sha2_word32 T1, T2, *W256;
|
---|
| 283 | int j;
|
---|
| 284 |
|
---|
| 285 | W256 = (sha2_word32*)context->buffer;
|
---|
| 286 |
|
---|
| 287 | /* Initialize registers with the prev. intermediate value */
|
---|
| 288 | a = context->state[0];
|
---|
| 289 | b = context->state[1];
|
---|
| 290 | c = context->state[2];
|
---|
| 291 | d = context->state[3];
|
---|
| 292 | e = context->state[4];
|
---|
| 293 | f = context->state[5];
|
---|
| 294 | g = context->state[6];
|
---|
| 295 | h = context->state[7];
|
---|
| 296 |
|
---|
| 297 | j = 0;
|
---|
| 298 | do {
|
---|
| 299 | #if SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN
|
---|
| 300 | /* Copy data while converting to host byte order */
|
---|
| 301 | REVERSE32(*data++,W256[j]);
|
---|
| 302 | /* Apply the SHA-256 compression function to update a..h */
|
---|
| 303 | T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j];
|
---|
| 304 | #else /* SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN */
|
---|
| 305 | /* Apply the SHA-256 compression function to update a..h with copy */
|
---|
| 306 | T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++);
|
---|
| 307 | #endif /* SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN */
|
---|
| 308 | T2 = Sigma0_256(a) + Maj(a, b, c);
|
---|
| 309 | h = g;
|
---|
| 310 | g = f;
|
---|
| 311 | f = e;
|
---|
| 312 | e = d + T1;
|
---|
| 313 | d = c;
|
---|
| 314 | c = b;
|
---|
| 315 | b = a;
|
---|
| 316 | a = T1 + T2;
|
---|
| 317 |
|
---|
| 318 | j++;
|
---|
| 319 | } while (j < 16);
|
---|
| 320 |
|
---|
| 321 | do {
|
---|
| 322 | /* Part of the message block expansion: */
|
---|
| 323 | s0 = W256[(j+1)&0x0f];
|
---|
| 324 | s0 = sigma0_256(s0);
|
---|
| 325 | s1 = W256[(j+14)&0x0f];
|
---|
| 326 | s1 = sigma1_256(s1);
|
---|
| 327 |
|
---|
| 328 | /* Apply the SHA-256 compression function to update a..h */
|
---|
| 329 | T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] +
|
---|
| 330 | (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0);
|
---|
| 331 | T2 = Sigma0_256(a) + Maj(a, b, c);
|
---|
| 332 | h = g;
|
---|
| 333 | g = f;
|
---|
| 334 | f = e;
|
---|
| 335 | e = d + T1;
|
---|
| 336 | d = c;
|
---|
| 337 | c = b;
|
---|
| 338 | b = a;
|
---|
| 339 | a = T1 + T2;
|
---|
| 340 |
|
---|
| 341 | j++;
|
---|
| 342 | } while (j < 64);
|
---|
| 343 |
|
---|
| 344 | /* Compute the current intermediate hash value */
|
---|
| 345 | context->state[0] += a;
|
---|
| 346 | context->state[1] += b;
|
---|
| 347 | context->state[2] += c;
|
---|
| 348 | context->state[3] += d;
|
---|
| 349 | context->state[4] += e;
|
---|
| 350 | context->state[5] += f;
|
---|
| 351 | context->state[6] += g;
|
---|
| 352 | context->state[7] += h;
|
---|
| 353 |
|
---|
| 354 | /* Clean up */
|
---|
| 355 | a = b = c = d = e = f = g = h = T1 = T2 = 0;
|
---|
| 356 | }
|
---|
| 357 |
|
---|
| 358 | #endif /* SHA2_UNROLL_TRANSFORM */
|
---|
| 359 |
|
---|
| 360 | void SHA256_Update(SHA256_CTX* context, const sha2_byte *data, size_t len) {
|
---|
| 361 | unsigned int freespace, usedspace;
|
---|
| 362 |
|
---|
| 363 | if (len == 0) {
|
---|
| 364 | /* Calling with no data is valid - we do nothing */
|
---|
| 365 | return;
|
---|
| 366 | }
|
---|
| 367 |
|
---|
| 368 | usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH;
|
---|
| 369 |
|
---|
| 370 | if (usedspace > 0) {
|
---|
| 371 | /* Calculate how much free space is available in the buffer */
|
---|
| 372 | freespace = SHA256_BLOCK_LENGTH - usedspace;
|
---|
| 373 |
|
---|
| 374 | if (len >= freespace) {
|
---|
| 375 | /* Fill the buffer completely and process it */
|
---|
| 376 | memcpy(&context->buffer[usedspace], data, freespace);
|
---|
| 377 | /* bcopy(data, &context->buffer[usedspace], freespace); */
|
---|
| 378 | context->bitcount += freespace << 3;
|
---|
| 379 | len -= freespace;
|
---|
| 380 | data += freespace;
|
---|
| 381 | SHA256_Transform(context, (sha2_word32*)context->buffer);
|
---|
| 382 | } else {
|
---|
| 383 | /* The buffer is not yet full */
|
---|
| 384 | memcpy(&context->buffer[usedspace], data, len);
|
---|
| 385 | /* bcopy(data, &context->buffer[usedspace], len); */
|
---|
| 386 | context->bitcount += len << 3;
|
---|
| 387 |
|
---|
| 388 | /* Clean up: */
|
---|
| 389 | usedspace = freespace = 0;
|
---|
| 390 | return;
|
---|
| 391 | }
|
---|
| 392 | }
|
---|
| 393 | while (len >= SHA256_BLOCK_LENGTH) {
|
---|
| 394 | /* Process as many complete blocks as we can */
|
---|
| 395 | SHA256_Transform(context, (const sha2_word32*)data);
|
---|
| 396 | context->bitcount += SHA256_BLOCK_LENGTH << 3;
|
---|
| 397 | len -= SHA256_BLOCK_LENGTH;
|
---|
| 398 | data += SHA256_BLOCK_LENGTH;
|
---|
| 399 | }
|
---|
| 400 | if (len > 0) {
|
---|
| 401 | /* There's left-overs, so save 'em */
|
---|
| 402 | memcpy(context->buffer, data, len);
|
---|
| 403 | /* bcopy(data, context->buffer, len); */
|
---|
| 404 | context->bitcount += len << 3;
|
---|
| 405 | }
|
---|
| 406 | /* Clean up: */
|
---|
| 407 | usedspace = freespace = 0;
|
---|
| 408 | }
|
---|
| 409 |
|
---|
| 410 | void SHA256_Final(sha2_byte digest[], SHA256_CTX* context)
|
---|
| 411 | {
|
---|
| 412 | sha2_word32 *d = (sha2_word32*)digest;
|
---|
| 413 | unsigned int usedspace;
|
---|
| 414 | union {
|
---|
| 415 | sha2_word64 bitcount;
|
---|
| 416 | sha2_byte buffer[sizeof(sha2_word64)];
|
---|
| 417 | } sha2_union;
|
---|
| 418 |
|
---|
| 419 | /* If no digest buffer is passed, we don't bother doing this: */
|
---|
| 420 | if (digest != (sha2_byte*)0) {
|
---|
| 421 |
|
---|
| 422 | usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH;
|
---|
| 423 |
|
---|
| 424 | #if SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN
|
---|
| 425 | /* Convert FROM host byte order */
|
---|
| 426 | REVERSE64(context->bitcount,context->bitcount);
|
---|
| 427 | #endif
|
---|
| 428 | if (usedspace > 0) {
|
---|
| 429 | /* Begin padding with a 1 bit: */
|
---|
| 430 | context->buffer[usedspace++] = 0x80;
|
---|
| 431 |
|
---|
| 432 | if (usedspace <= SHA256_SHORT_BLOCK_LENGTH) {
|
---|
| 433 | /* Set-up for the last transform: */
|
---|
| 434 | memset(&context->buffer[usedspace], 0, SHA256_SHORT_BLOCK_LENGTH - usedspace);
|
---|
| 435 | } else {
|
---|
| 436 | if (usedspace < SHA256_BLOCK_LENGTH) {
|
---|
| 437 | memset(&context->buffer[usedspace], 0, SHA256_BLOCK_LENGTH - usedspace);
|
---|
| 438 | }
|
---|
| 439 | /* Do second-to-last transform: */
|
---|
| 440 | SHA256_Transform(context, (sha2_word32*)context->buffer);
|
---|
| 441 |
|
---|
| 442 | /* And set-up for the last transform: */
|
---|
| 443 | memset(context->buffer, 0, SHA256_SHORT_BLOCK_LENGTH);
|
---|
| 444 | }
|
---|
| 445 | } else {
|
---|
| 446 | /* Set-up for the last transform: */
|
---|
| 447 | memset(context->buffer, 0, SHA256_SHORT_BLOCK_LENGTH);
|
---|
| 448 |
|
---|
| 449 | /* Begin padding with a 1 bit: */
|
---|
| 450 | *context->buffer = 0x80;
|
---|
| 451 | }
|
---|
| 452 |
|
---|
| 453 | /* Set the bit count (with fix for gcc type-punning warning): */
|
---|
| 454 | sha2_union.bitcount = context->bitcount;
|
---|
| 455 | memcpy (&context->buffer[SHA256_SHORT_BLOCK_LENGTH], sha2_union.buffer, sizeof(sha2_word64));
|
---|
| 456 | /* *(sha2_word64*) &context->buffer[SHA256_SHORT_BLOCK_LENGTH] = context->bitcount; */
|
---|
| 457 |
|
---|
| 458 | /* Final transform: */
|
---|
| 459 | SHA256_Transform(context, (sha2_word32*)context->buffer);
|
---|
| 460 |
|
---|
| 461 | #if SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN
|
---|
| 462 | {
|
---|
| 463 | /* Convert TO host byte order */
|
---|
| 464 | int j;
|
---|
| 465 | for (j = 0; j < 8; j++) {
|
---|
| 466 | REVERSE32(context->state[j],context->state[j]);
|
---|
| 467 | *d++ = context->state[j];
|
---|
| 468 | }
|
---|
| 469 | }
|
---|
| 470 | #else
|
---|
| 471 | memset(d, context->state, SHA256_DIGEST_LENGTH);
|
---|
| 472 | /* bcopy(context->state, d, SHA256_DIGEST_LENGTH); */
|
---|
| 473 | #endif
|
---|
| 474 | }
|
---|
| 475 |
|
---|
| 476 | /* Clean up state data: */
|
---|
| 477 | memset(context, 0, sizeof(context));
|
---|
| 478 | usedspace = 0;
|
---|
| 479 | }
|
---|
| 480 |
|
---|
| 481 | #include "sh_utils.h"
|
---|
| 482 |
|
---|
| 483 | /* If buffer is of length KEYBUF_SIZE, the digest will fit */
|
---|
| 484 | char *SHA256_End(SHA256_CTX* context, char buffer[])
|
---|
| 485 | {
|
---|
| 486 | sha2_byte digest[SHA256_DIGEST_LENGTH];
|
---|
| 487 |
|
---|
| 488 | if (buffer != (char*)0) {
|
---|
| 489 | SHA256_Final(digest, context);
|
---|
| 490 | sh_util_base64_enc ((unsigned char *)buffer, digest, SHA256_DIGEST_LENGTH);
|
---|
| 491 | } else {
|
---|
| 492 | memset(context, 0, sizeof(context));
|
---|
| 493 | }
|
---|
| 494 | memset(digest, 0, SHA256_DIGEST_LENGTH);
|
---|
| 495 | return buffer;
|
---|
| 496 | }
|
---|
| 497 |
|
---|
| 498 | char* SHA256_Data(const sha2_byte* data, size_t len, char digest[KEYBUF_SIZE])
|
---|
| 499 | {
|
---|
| 500 | SHA256_CTX context;
|
---|
| 501 |
|
---|
| 502 | SHA256_Init(&context);
|
---|
| 503 | SHA256_Update(&context, data, len);
|
---|
| 504 | return SHA256_End(&context, digest);
|
---|
| 505 | }
|
---|
| 506 |
|
---|
| 507 | char* SHA256_Base2Hex(char * b64digest, char * hexdigest)
|
---|
| 508 | {
|
---|
| 509 | int i;
|
---|
| 510 | sha2_byte data[512];
|
---|
| 511 | sha2_byte *d;
|
---|
| 512 | size_t len;
|
---|
| 513 | char * buffer;
|
---|
| 514 |
|
---|
| 515 | len = strlen(b64digest);
|
---|
| 516 | sh_util_base64_dec ((unsigned char*) data, (unsigned char *)b64digest, len);
|
---|
| 517 | d = data;
|
---|
| 518 |
|
---|
| 519 | buffer = hexdigest;
|
---|
| 520 | for (i = 0; i < SHA256_DIGEST_LENGTH; i++) {
|
---|
| 521 | *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
|
---|
| 522 | *buffer++ = sha2_hex_digits[*d & 0x0f];
|
---|
| 523 | d++;
|
---|
| 524 | }
|
---|
| 525 | *buffer = (char)0;
|
---|
| 526 |
|
---|
| 527 | return hexdigest;
|
---|
| 528 | }
|
---|
| 529 |
|
---|
| 530 | char * SHA256_ReplaceBaseByHex(const char * str, char * before, char after)
|
---|
| 531 | {
|
---|
| 532 | char keybuf[KEYBUF_SIZE];
|
---|
| 533 | char * s = strstr(str, before);
|
---|
| 534 |
|
---|
| 535 | if (s)
|
---|
| 536 | {
|
---|
| 537 | char * p;
|
---|
| 538 |
|
---|
| 539 | s += strlen(before);
|
---|
| 540 | memcpy(keybuf, s, sizeof(keybuf));
|
---|
| 541 | keybuf[sizeof(keybuf)-1] = '\0';
|
---|
| 542 | p = strchr(keybuf, after);
|
---|
| 543 |
|
---|
| 544 | if (p)
|
---|
| 545 | {
|
---|
| 546 | char hexbuf[SHA256_DIGEST_STRING_LENGTH];
|
---|
| 547 | char * ret = SH_ALLOC(strlen(str) + 1 + sizeof(keybuf));
|
---|
| 548 | char * r = ret;
|
---|
| 549 |
|
---|
| 550 | *p = '\0';
|
---|
| 551 | SHA256_Base2Hex(keybuf, hexbuf);
|
---|
| 552 |
|
---|
| 553 | memcpy(ret, str, (s - str));
|
---|
| 554 | r += (int)(s - str); *r = '\0';
|
---|
| 555 | strcpy(r, hexbuf); /* flawfinder: ignore */
|
---|
| 556 | r += strlen(hexbuf);
|
---|
| 557 | p = strchr(s, after);
|
---|
| 558 | strcpy(r, p); /* flawfinder: ignore */
|
---|
| 559 |
|
---|
| 560 | return ret;
|
---|
| 561 | }
|
---|
| 562 | }
|
---|
| 563 | return NULL;
|
---|
| 564 | }
|
---|
| 565 |
|
---|
| 566 |
|
---|
| 567 | #ifdef SH_CUTEST
|
---|
| 568 | #include <stdlib.h>
|
---|
| 569 | #include "CuTest.h"
|
---|
| 570 |
|
---|
| 571 | void Test_sha256 (CuTest *tc) {
|
---|
| 572 |
|
---|
| 573 | char hexdigest[SHA256_DIGEST_STRING_LENGTH];
|
---|
| 574 | char b64digest[KEYBUF_SIZE];
|
---|
| 575 | char * b64;
|
---|
| 576 | char * buffer;
|
---|
| 577 | size_t len;
|
---|
| 578 | sha2_byte data[512];
|
---|
| 579 | sha2_byte *d;
|
---|
| 580 | int i;
|
---|
| 581 |
|
---|
| 582 | data[0] = '\0'; len = 0;
|
---|
| 583 | b64 = SHA256_Data(data, len, b64digest);
|
---|
| 584 | CuAssertPtrNotNull(tc, b64);
|
---|
| 585 |
|
---|
| 586 | len = strlen((char*)b64);
|
---|
| 587 | sh_util_base64_dec (data, (unsigned char*)b64, len);
|
---|
| 588 | d = data;
|
---|
| 589 | buffer = hexdigest;
|
---|
| 590 | for (i = 0; i < SHA256_DIGEST_LENGTH; i++) {
|
---|
| 591 | *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
|
---|
| 592 | *buffer++ = sha2_hex_digits[*d & 0x0f];
|
---|
| 593 | d++;
|
---|
| 594 | }
|
---|
| 595 | *buffer = (char)0;
|
---|
| 596 | CuAssertStrEquals(tc, hexdigest, "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855");
|
---|
| 597 |
|
---|
| 598 | memset(hexdigest, 0, sizeof(hexdigest));
|
---|
| 599 | buffer = SHA256_Base2Hex(b64digest, hexdigest);
|
---|
| 600 | CuAssertPtrNotNull(tc, buffer);
|
---|
| 601 | CuAssertStrEquals(tc, hexdigest, "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855");
|
---|
| 602 | CuAssertStrEquals(tc, buffer, "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855");
|
---|
| 603 |
|
---|
| 604 | strcpy((char*)data, "The quick brown fox jumps over the lazy dog"); len = strlen((char*)data);
|
---|
| 605 | b64 = SHA256_Data(data, len, b64digest);
|
---|
| 606 | CuAssertPtrNotNull(tc, b64);
|
---|
| 607 |
|
---|
| 608 | len = strlen((char*)b64);
|
---|
| 609 | sh_util_base64_dec (data, (unsigned char*)b64, len);
|
---|
| 610 | d = data;
|
---|
| 611 | buffer = hexdigest;
|
---|
| 612 | for (i = 0; i < SHA256_DIGEST_LENGTH; i++) {
|
---|
| 613 | *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
|
---|
| 614 | *buffer++ = sha2_hex_digits[*d & 0x0f];
|
---|
| 615 | d++;
|
---|
| 616 | }
|
---|
| 617 | *buffer = (char)0;
|
---|
| 618 | CuAssertStrEquals(tc, hexdigest, "d7a8fbb307d7809469ca9abcb0082e4f8d5651e46d3cdb762d02d0bf37c9e592");
|
---|
| 619 |
|
---|
| 620 | strcpy((char*)data, "The quick brown fox jumps over the lazy dog."); len = strlen((char*)data);
|
---|
| 621 | b64 = SHA256_Data(data, len, b64digest);
|
---|
| 622 | CuAssertPtrNotNull(tc, b64);
|
---|
| 623 |
|
---|
| 624 | len = strlen((char*)b64);
|
---|
| 625 | sh_util_base64_dec (data, (unsigned char*)b64, len);
|
---|
| 626 | d = data;
|
---|
| 627 | buffer = hexdigest;
|
---|
| 628 | for (i = 0; i < SHA256_DIGEST_LENGTH; i++) {
|
---|
| 629 | *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
|
---|
| 630 | *buffer++ = sha2_hex_digits[*d & 0x0f];
|
---|
| 631 | d++;
|
---|
| 632 | }
|
---|
| 633 | *buffer = (char)0;
|
---|
| 634 | CuAssertStrEquals(tc, hexdigest, "ef537f25c895bfa782526529a9b63d97aa631564d5d789c2b765448c8635fb6c");
|
---|
| 635 |
|
---|
| 636 | }
|
---|
| 637 |
|
---|
| 638 | #endif
|
---|