1 | /* SAMHAIN file system integrity testing */
|
---|
2 | /* Copyright (C) 2013 Rainer Wichmann */
|
---|
3 | /* */
|
---|
4 | /* This program is free software; you can redistribute it */
|
---|
5 | /* and/or modify */
|
---|
6 | /* it under the terms of the GNU General Public License as */
|
---|
7 | /* published by */
|
---|
8 | /* the Free Software Foundation; either version 2 of the License, or */
|
---|
9 | /* (at your option) any later version. */
|
---|
10 | /* */
|
---|
11 | /* This program is distributed in the hope that it will be useful, */
|
---|
12 | /* but WITHOUT ANY WARRANTY; without even the implied warranty of */
|
---|
13 | /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
|
---|
14 | /* GNU General Public License for more details. */
|
---|
15 | /* */
|
---|
16 | /* You should have received a copy of the GNU General Public License */
|
---|
17 | /* along with this program; if not, write to the Free Software */
|
---|
18 | /* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
|
---|
19 |
|
---|
20 | #include "config_xor.h"
|
---|
21 | #include "samhain.h"
|
---|
22 | #include "sh_checksum.h"
|
---|
23 | #include <string.h>
|
---|
24 |
|
---|
25 | #undef FIL__
|
---|
26 | #define FIL__ _("sh_checksum.c")
|
---|
27 |
|
---|
28 | /*
|
---|
29 | * sha2.c
|
---|
30 | *
|
---|
31 | * Version 1.0.0beta1
|
---|
32 | *
|
---|
33 | * Written by Aaron D. Gifford <me@aarongifford.com>
|
---|
34 | *
|
---|
35 | * Copyright 2000 Aaron D. Gifford. All rights reserved.
|
---|
36 | *
|
---|
37 | * Redistribution and use in source and binary forms, with or without
|
---|
38 | * modification, are permitted provided that the following conditions
|
---|
39 | * are met:
|
---|
40 | * 1. Redistributions of source code must retain the above copyright
|
---|
41 | * notice, this list of conditions and the following disclaimer.
|
---|
42 | * 2. Redistributions in binary form must reproduce the above copyright
|
---|
43 | * notice, this list of conditions and the following disclaimer in the
|
---|
44 | * documentation and/or other materials provided with the distribution.
|
---|
45 | * 3. Neither the name of the copyright holder nor the names of contributors
|
---|
46 | * may be used to endorse or promote products derived from this software
|
---|
47 | * without specific prior written permission.
|
---|
48 | *
|
---|
49 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTOR(S) ``AS IS'' AND
|
---|
50 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
---|
51 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
---|
52 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTOR(S) BE LIABLE
|
---|
53 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
---|
54 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
---|
55 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
---|
56 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
---|
57 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
---|
58 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
---|
59 | * SUCH DAMAGE.
|
---|
60 | *
|
---|
61 | */
|
---|
62 |
|
---|
63 | /* Modified for use in samhain by R. Wichmann */
|
---|
64 |
|
---|
65 | #if WORDS_BIGENDIAN
|
---|
66 | #define SHA2_BIG_ENDIAN 4321
|
---|
67 | #define SHA2_BYTE_ORDER SHA2_BIG_ENDIAN
|
---|
68 | #else
|
---|
69 | #define SHA2_LITTLE_ENDIAN 1234
|
---|
70 | #define SHA2_BYTE_ORDER SHA2_LITTLE_ENDIAN
|
---|
71 | #endif
|
---|
72 |
|
---|
73 | #if SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN
|
---|
74 | #define REVERSE32(w,x) { \
|
---|
75 | sha2_word32 tmp = (w); \
|
---|
76 | tmp = (tmp >> 16) | (tmp << 16); \
|
---|
77 | (x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \
|
---|
78 | }
|
---|
79 | #define REVERSE64(w,x) { \
|
---|
80 | sha2_word64 tmp = (w); \
|
---|
81 | tmp = (tmp >> 32) | (tmp << 32); \
|
---|
82 | tmp = ((tmp & 0xff00ff00ff00ff00ULL) >> 8) | \
|
---|
83 | ((tmp & 0x00ff00ff00ff00ffULL) << 8); \
|
---|
84 | (x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) | \
|
---|
85 | ((tmp & 0x0000ffff0000ffffULL) << 16); \
|
---|
86 | }
|
---|
87 | #endif
|
---|
88 |
|
---|
89 | /*
|
---|
90 | * Macro for incrementally adding the unsigned 64-bit integer n to the
|
---|
91 | * unsigned 128-bit integer (represented using a two-element array of
|
---|
92 | * 64-bit words):
|
---|
93 | */
|
---|
94 | #define ADDINC128(w,n) { \
|
---|
95 | (w)[0] += (sha2_word64)(n); \
|
---|
96 | if ((w)[0] < (n)) { \
|
---|
97 | (w)[1]++; \
|
---|
98 | } \
|
---|
99 | }
|
---|
100 |
|
---|
101 | /*** THE SIX LOGICAL FUNCTIONS ****************************************/
|
---|
102 | /*
|
---|
103 | * Bit shifting and rotation (used by the six SHA-XYZ logical functions:
|
---|
104 | *
|
---|
105 | * NOTE: The naming of R and S appears backwards here (R is a SHIFT and
|
---|
106 | * S is a ROTATION) because the SHA-256/384/512 description document
|
---|
107 | * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this
|
---|
108 | * same "backwards" definition.
|
---|
109 | */
|
---|
110 | /* Shift-right (used in SHA-256, SHA-384, and SHA-512): */
|
---|
111 | #define R(b,x) ((x) >> (b))
|
---|
112 | /* 32-bit Rotate-right (used in SHA-256): */
|
---|
113 | #define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b))))
|
---|
114 | /* 64-bit Rotate-right (used in SHA-384 and SHA-512): */
|
---|
115 | #define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b))))
|
---|
116 |
|
---|
117 | /* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */
|
---|
118 | #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
|
---|
119 | #define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
|
---|
120 |
|
---|
121 | /* Four of six logical functions used in SHA-256: */
|
---|
122 | #define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x)))
|
---|
123 | #define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x)))
|
---|
124 | #define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x)))
|
---|
125 | #define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x)))
|
---|
126 |
|
---|
127 | /*** INTERNAL FUNCTION PROTOTYPES *************************************/
|
---|
128 | /* NOTE: These should not be accessed directly from outside this
|
---|
129 | * library -- they are intended for private internal visibility/use
|
---|
130 | * only.
|
---|
131 | */
|
---|
132 | void SHA256_Transform(SHA256_CTX*, const sha2_word32*);
|
---|
133 |
|
---|
134 | /*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/
|
---|
135 | /* Hash constant words K for SHA-256: */
|
---|
136 | static const sha2_word32 K256[64] = {
|
---|
137 | 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
|
---|
138 | 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
|
---|
139 | 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
|
---|
140 | 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
|
---|
141 | 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
|
---|
142 | 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
|
---|
143 | 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
|
---|
144 | 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
|
---|
145 | 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
|
---|
146 | 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
|
---|
147 | 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
|
---|
148 | 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
|
---|
149 | 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
|
---|
150 | 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
|
---|
151 | 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
|
---|
152 | 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
|
---|
153 | };
|
---|
154 |
|
---|
155 | /* Initial hash value H for SHA-256: */
|
---|
156 | static const sha2_word32 sha256_initial_hash_value[8] = {
|
---|
157 | 0x6a09e667UL,
|
---|
158 | 0xbb67ae85UL,
|
---|
159 | 0x3c6ef372UL,
|
---|
160 | 0xa54ff53aUL,
|
---|
161 | 0x510e527fUL,
|
---|
162 | 0x9b05688cUL,
|
---|
163 | 0x1f83d9abUL,
|
---|
164 | 0x5be0cd19UL
|
---|
165 | };
|
---|
166 |
|
---|
167 | /*
|
---|
168 | * Constant used by SHA256/384/512_End() functions for converting the
|
---|
169 | * digest to a readable hexadecimal character string:
|
---|
170 | */
|
---|
171 | static const char *sha2_hex_digits = "0123456789abcdef";
|
---|
172 |
|
---|
173 | /*** SHA-256: *********************************************************/
|
---|
174 | void SHA256_Init(SHA256_CTX* context) {
|
---|
175 | if (context == (SHA256_CTX*)0) {
|
---|
176 | return;
|
---|
177 | }
|
---|
178 | memcpy(context->state, sha256_initial_hash_value, SHA256_DIGEST_LENGTH);
|
---|
179 | /* bcopy(sha256_initial_hash_value, context->state, SHA256_DIGEST_LENGTH); */
|
---|
180 | memset(context->buffer, 0, SHA256_BLOCK_LENGTH);
|
---|
181 | /* bzero(context->buffer, SHA256_BLOCK_LENGTH); */
|
---|
182 |
|
---|
183 | context->bitcount = 0;
|
---|
184 | }
|
---|
185 |
|
---|
186 | #ifdef SHA2_UNROLL_TRANSFORM
|
---|
187 |
|
---|
188 | /* Unrolled SHA-256 round macros: */
|
---|
189 |
|
---|
190 | #if SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN
|
---|
191 |
|
---|
192 | #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
|
---|
193 | REVERSE32(*data++, W256[j]); \
|
---|
194 | T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
|
---|
195 | K256[j] + W256[j]; \
|
---|
196 | (d) += T1; \
|
---|
197 | (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
|
---|
198 | j++
|
---|
199 |
|
---|
200 | #else /* SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN */
|
---|
201 |
|
---|
202 | #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
|
---|
203 | T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
|
---|
204 | K256[j] + (W256[j] = *data++); \
|
---|
205 | (d) += T1; \
|
---|
206 | (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
|
---|
207 | j++
|
---|
208 |
|
---|
209 | #endif /* SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN */
|
---|
210 |
|
---|
211 | #define ROUND256(a,b,c,d,e,f,g,h) \
|
---|
212 | s0 = W256[(j+1)&0x0f]; \
|
---|
213 | s0 = sigma0_256(s0); \
|
---|
214 | s1 = W256[(j+14)&0x0f]; \
|
---|
215 | s1 = sigma1_256(s1); \
|
---|
216 | T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \
|
---|
217 | (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \
|
---|
218 | (d) += T1; \
|
---|
219 | (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
|
---|
220 | j++
|
---|
221 |
|
---|
222 | void SHA256_Transform(SHA256_CTX* context, const sha2_word32* data) {
|
---|
223 | sha2_word32 a, b, c, d, e, f, g, h, s0, s1;
|
---|
224 | sha2_word32 T1, *W256;
|
---|
225 | int j;
|
---|
226 |
|
---|
227 | W256 = (sha2_word32*)context->buffer;
|
---|
228 |
|
---|
229 | /* Initialize registers with the prev. intermediate value */
|
---|
230 | a = context->state[0];
|
---|
231 | b = context->state[1];
|
---|
232 | c = context->state[2];
|
---|
233 | d = context->state[3];
|
---|
234 | e = context->state[4];
|
---|
235 | f = context->state[5];
|
---|
236 | g = context->state[6];
|
---|
237 | h = context->state[7];
|
---|
238 |
|
---|
239 | j = 0;
|
---|
240 | do {
|
---|
241 | /* Rounds 0 to 15 (unrolled): */
|
---|
242 | ROUND256_0_TO_15(a,b,c,d,e,f,g,h);
|
---|
243 | ROUND256_0_TO_15(h,a,b,c,d,e,f,g);
|
---|
244 | ROUND256_0_TO_15(g,h,a,b,c,d,e,f);
|
---|
245 | ROUND256_0_TO_15(f,g,h,a,b,c,d,e);
|
---|
246 | ROUND256_0_TO_15(e,f,g,h,a,b,c,d);
|
---|
247 | ROUND256_0_TO_15(d,e,f,g,h,a,b,c);
|
---|
248 | ROUND256_0_TO_15(c,d,e,f,g,h,a,b);
|
---|
249 | ROUND256_0_TO_15(b,c,d,e,f,g,h,a);
|
---|
250 | } while (j < 16);
|
---|
251 |
|
---|
252 | /* Now for the remaining rounds to 64: */
|
---|
253 | do {
|
---|
254 | ROUND256(a,b,c,d,e,f,g,h);
|
---|
255 | ROUND256(h,a,b,c,d,e,f,g);
|
---|
256 | ROUND256(g,h,a,b,c,d,e,f);
|
---|
257 | ROUND256(f,g,h,a,b,c,d,e);
|
---|
258 | ROUND256(e,f,g,h,a,b,c,d);
|
---|
259 | ROUND256(d,e,f,g,h,a,b,c);
|
---|
260 | ROUND256(c,d,e,f,g,h,a,b);
|
---|
261 | ROUND256(b,c,d,e,f,g,h,a);
|
---|
262 | } while (j < 64);
|
---|
263 |
|
---|
264 | /* Compute the current intermediate hash value */
|
---|
265 | context->state[0] += a;
|
---|
266 | context->state[1] += b;
|
---|
267 | context->state[2] += c;
|
---|
268 | context->state[3] += d;
|
---|
269 | context->state[4] += e;
|
---|
270 | context->state[5] += f;
|
---|
271 | context->state[6] += g;
|
---|
272 | context->state[7] += h;
|
---|
273 |
|
---|
274 | /* Clean up */
|
---|
275 | a = b = c = d = e = f = g = h = T1 = 0;
|
---|
276 | }
|
---|
277 |
|
---|
278 | #else /* SHA2_UNROLL_TRANSFORM */
|
---|
279 |
|
---|
280 | void SHA256_Transform(SHA256_CTX* context, const sha2_word32* data) {
|
---|
281 | sha2_word32 a, b, c, d, e, f, g, h, s0, s1;
|
---|
282 | sha2_word32 T1, T2, *W256;
|
---|
283 | int j;
|
---|
284 |
|
---|
285 | W256 = (sha2_word32*)context->buffer;
|
---|
286 |
|
---|
287 | /* Initialize registers with the prev. intermediate value */
|
---|
288 | a = context->state[0];
|
---|
289 | b = context->state[1];
|
---|
290 | c = context->state[2];
|
---|
291 | d = context->state[3];
|
---|
292 | e = context->state[4];
|
---|
293 | f = context->state[5];
|
---|
294 | g = context->state[6];
|
---|
295 | h = context->state[7];
|
---|
296 |
|
---|
297 | j = 0;
|
---|
298 | do {
|
---|
299 | #if SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN
|
---|
300 | /* Copy data while converting to host byte order */
|
---|
301 | REVERSE32(*data++,W256[j]);
|
---|
302 | /* Apply the SHA-256 compression function to update a..h */
|
---|
303 | T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j];
|
---|
304 | #else /* SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN */
|
---|
305 | /* Apply the SHA-256 compression function to update a..h with copy */
|
---|
306 | T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++);
|
---|
307 | #endif /* SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN */
|
---|
308 | T2 = Sigma0_256(a) + Maj(a, b, c);
|
---|
309 | h = g;
|
---|
310 | g = f;
|
---|
311 | f = e;
|
---|
312 | e = d + T1;
|
---|
313 | d = c;
|
---|
314 | c = b;
|
---|
315 | b = a;
|
---|
316 | a = T1 + T2;
|
---|
317 |
|
---|
318 | j++;
|
---|
319 | } while (j < 16);
|
---|
320 |
|
---|
321 | do {
|
---|
322 | /* Part of the message block expansion: */
|
---|
323 | s0 = W256[(j+1)&0x0f];
|
---|
324 | s0 = sigma0_256(s0);
|
---|
325 | s1 = W256[(j+14)&0x0f];
|
---|
326 | s1 = sigma1_256(s1);
|
---|
327 |
|
---|
328 | /* Apply the SHA-256 compression function to update a..h */
|
---|
329 | T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] +
|
---|
330 | (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0);
|
---|
331 | T2 = Sigma0_256(a) + Maj(a, b, c);
|
---|
332 | h = g;
|
---|
333 | g = f;
|
---|
334 | f = e;
|
---|
335 | e = d + T1;
|
---|
336 | d = c;
|
---|
337 | c = b;
|
---|
338 | b = a;
|
---|
339 | a = T1 + T2;
|
---|
340 |
|
---|
341 | j++;
|
---|
342 | } while (j < 64);
|
---|
343 |
|
---|
344 | /* Compute the current intermediate hash value */
|
---|
345 | context->state[0] += a;
|
---|
346 | context->state[1] += b;
|
---|
347 | context->state[2] += c;
|
---|
348 | context->state[3] += d;
|
---|
349 | context->state[4] += e;
|
---|
350 | context->state[5] += f;
|
---|
351 | context->state[6] += g;
|
---|
352 | context->state[7] += h;
|
---|
353 |
|
---|
354 | /* Clean up */
|
---|
355 | a = b = c = d = e = f = g = h = T1 = T2 = 0;
|
---|
356 | }
|
---|
357 |
|
---|
358 | #endif /* SHA2_UNROLL_TRANSFORM */
|
---|
359 |
|
---|
360 | void SHA256_Update(SHA256_CTX* context, const sha2_byte *data, size_t len) {
|
---|
361 | unsigned int freespace, usedspace;
|
---|
362 |
|
---|
363 | if (len == 0) {
|
---|
364 | /* Calling with no data is valid - we do nothing */
|
---|
365 | return;
|
---|
366 | }
|
---|
367 |
|
---|
368 | usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH;
|
---|
369 |
|
---|
370 | if (usedspace > 0) {
|
---|
371 | /* Calculate how much free space is available in the buffer */
|
---|
372 | freespace = SHA256_BLOCK_LENGTH - usedspace;
|
---|
373 |
|
---|
374 | if (len >= freespace) {
|
---|
375 | /* Fill the buffer completely and process it */
|
---|
376 | memcpy(&context->buffer[usedspace], data, freespace);
|
---|
377 | /* bcopy(data, &context->buffer[usedspace], freespace); */
|
---|
378 | context->bitcount += freespace << 3;
|
---|
379 | len -= freespace;
|
---|
380 | data += freespace;
|
---|
381 | SHA256_Transform(context, (sha2_word32*)context->buffer);
|
---|
382 | } else {
|
---|
383 | /* The buffer is not yet full */
|
---|
384 | memcpy(&context->buffer[usedspace], data, len);
|
---|
385 | /* bcopy(data, &context->buffer[usedspace], len); */
|
---|
386 | context->bitcount += len << 3;
|
---|
387 |
|
---|
388 | /* Clean up: */
|
---|
389 | usedspace = freespace = 0;
|
---|
390 | return;
|
---|
391 | }
|
---|
392 | }
|
---|
393 | while (len >= SHA256_BLOCK_LENGTH) {
|
---|
394 | /* Process as many complete blocks as we can */
|
---|
395 | SHA256_Transform(context, (const sha2_word32*)data);
|
---|
396 | context->bitcount += SHA256_BLOCK_LENGTH << 3;
|
---|
397 | len -= SHA256_BLOCK_LENGTH;
|
---|
398 | data += SHA256_BLOCK_LENGTH;
|
---|
399 | }
|
---|
400 | if (len > 0) {
|
---|
401 | /* There's left-overs, so save 'em */
|
---|
402 | memcpy(context->buffer, data, len);
|
---|
403 | /* bcopy(data, context->buffer, len); */
|
---|
404 | context->bitcount += len << 3;
|
---|
405 | }
|
---|
406 | /* Clean up: */
|
---|
407 | usedspace = freespace = 0;
|
---|
408 | }
|
---|
409 |
|
---|
410 | void SHA256_Final(sha2_byte digest[SHA256_DIGEST_LENGTH], SHA256_CTX* context)
|
---|
411 | {
|
---|
412 | sha2_word32 *d = (sha2_word32*)digest;
|
---|
413 | unsigned int usedspace;
|
---|
414 | union {
|
---|
415 | sha2_word64 bitcount;
|
---|
416 | sha2_byte buffer[sizeof(sha2_word64)];
|
---|
417 | } sha2_union;
|
---|
418 |
|
---|
419 | /* If no digest buffer is passed, we don't bother doing this: */
|
---|
420 | if (digest != (sha2_byte*)0) {
|
---|
421 |
|
---|
422 | usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH;
|
---|
423 |
|
---|
424 | #if SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN
|
---|
425 | /* Convert FROM host byte order */
|
---|
426 | REVERSE64(context->bitcount,context->bitcount);
|
---|
427 | #endif
|
---|
428 | if (usedspace > 0) {
|
---|
429 | /* Begin padding with a 1 bit: */
|
---|
430 | context->buffer[usedspace++] = 0x80;
|
---|
431 |
|
---|
432 | if (usedspace <= SHA256_SHORT_BLOCK_LENGTH) {
|
---|
433 | /* Set-up for the last transform: */
|
---|
434 | memset(&context->buffer[usedspace], 0, SHA256_SHORT_BLOCK_LENGTH - usedspace);
|
---|
435 | } else {
|
---|
436 | if (usedspace < SHA256_BLOCK_LENGTH) {
|
---|
437 | memset(&context->buffer[usedspace], 0, SHA256_BLOCK_LENGTH - usedspace);
|
---|
438 | }
|
---|
439 | /* Do second-to-last transform: */
|
---|
440 | SHA256_Transform(context, (sha2_word32*)context->buffer);
|
---|
441 |
|
---|
442 | /* And set-up for the last transform: */
|
---|
443 | memset(context->buffer, 0, SHA256_SHORT_BLOCK_LENGTH);
|
---|
444 | }
|
---|
445 | } else {
|
---|
446 | /* Set-up for the last transform: */
|
---|
447 | memset(context->buffer, 0, SHA256_SHORT_BLOCK_LENGTH);
|
---|
448 |
|
---|
449 | /* Begin padding with a 1 bit: */
|
---|
450 | *context->buffer = 0x80;
|
---|
451 | }
|
---|
452 |
|
---|
453 | /* Set the bit count (with fix for gcc type-punning warning): */
|
---|
454 | sha2_union.bitcount = context->bitcount;
|
---|
455 | memcpy (&context->buffer[SHA256_SHORT_BLOCK_LENGTH], sha2_union.buffer, sizeof(sha2_word64));
|
---|
456 | /* *(sha2_word64*) &context->buffer[SHA256_SHORT_BLOCK_LENGTH] = context->bitcount; */
|
---|
457 |
|
---|
458 | /* Final transform: */
|
---|
459 | SHA256_Transform(context, (sha2_word32*)context->buffer);
|
---|
460 |
|
---|
461 | #if SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN
|
---|
462 | {
|
---|
463 | /* Convert TO host byte order */
|
---|
464 | int j;
|
---|
465 | for (j = 0; j < 8; j++) {
|
---|
466 | REVERSE32(context->state[j],context->state[j]);
|
---|
467 | *d++ = context->state[j];
|
---|
468 | }
|
---|
469 | }
|
---|
470 | #else
|
---|
471 | memset(d, context->state, SHA256_DIGEST_LENGTH);
|
---|
472 | /* bcopy(context->state, d, SHA256_DIGEST_LENGTH); */
|
---|
473 | #endif
|
---|
474 | }
|
---|
475 |
|
---|
476 | /* Clean up state data: */
|
---|
477 | memset(context, 0, sizeof(SHA256_CTX));
|
---|
478 | usedspace = 0;
|
---|
479 | }
|
---|
480 |
|
---|
481 | #include "sh_utils.h"
|
---|
482 |
|
---|
483 | /* If buffer is of length KEYBUF_SIZE, the digest will fit */
|
---|
484 | char *SHA256_End(SHA256_CTX* context, char buffer[KEYBUF_SIZE])
|
---|
485 | {
|
---|
486 | sha2_byte digest[SHA256_DIGEST_LENGTH];
|
---|
487 |
|
---|
488 | if (buffer != (char*)0) {
|
---|
489 | SHA256_Final(digest, context);
|
---|
490 | sh_util_base64_enc ((unsigned char *)buffer, digest, SHA256_DIGEST_LENGTH);
|
---|
491 | } else {
|
---|
492 | memset(context, 0, sizeof(SHA256_CTX));
|
---|
493 | }
|
---|
494 | memset(digest, 0, SHA256_DIGEST_LENGTH);
|
---|
495 | return buffer;
|
---|
496 | }
|
---|
497 |
|
---|
498 | char* SHA256_Data(const sha2_byte* data, size_t len, char digest[KEYBUF_SIZE])
|
---|
499 | {
|
---|
500 | SHA256_CTX context;
|
---|
501 |
|
---|
502 | SHA256_Init(&context);
|
---|
503 | SHA256_Update(&context, data, len);
|
---|
504 | return SHA256_End(&context, digest);
|
---|
505 | }
|
---|
506 |
|
---|
507 | char* SHA256_Base2Hex(char * b64digest, char * hexdigest)
|
---|
508 | {
|
---|
509 | int i;
|
---|
510 | sha2_byte data[512];
|
---|
511 | sha2_byte *d;
|
---|
512 | size_t len;
|
---|
513 | char * buffer;
|
---|
514 |
|
---|
515 | len = strlen(b64digest);
|
---|
516 | sh_util_base64_dec ((unsigned char*) data, (unsigned char *)b64digest, len);
|
---|
517 | d = data;
|
---|
518 |
|
---|
519 | buffer = hexdigest;
|
---|
520 | for (i = 0; i < SHA256_DIGEST_LENGTH; i++) {
|
---|
521 | *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
|
---|
522 | *buffer++ = sha2_hex_digits[*d & 0x0f];
|
---|
523 | d++;
|
---|
524 | }
|
---|
525 | *buffer = (char)0;
|
---|
526 |
|
---|
527 | return hexdigest;
|
---|
528 | }
|
---|
529 |
|
---|
530 | char * SHA256_ReplaceBaseByHex(const char * str, char * before, char after)
|
---|
531 | {
|
---|
532 | char keybuf[KEYBUF_SIZE];
|
---|
533 | char * s = strstr(str, before);
|
---|
534 |
|
---|
535 | if (s)
|
---|
536 | {
|
---|
537 | char * p;
|
---|
538 |
|
---|
539 | s += strlen(before);
|
---|
540 | memcpy(keybuf, s, sizeof(keybuf));
|
---|
541 | keybuf[sizeof(keybuf)-1] = '\0';
|
---|
542 | p = strchr(keybuf, after);
|
---|
543 |
|
---|
544 | if (p)
|
---|
545 | {
|
---|
546 | char hexbuf[SHA256_DIGEST_STRING_LENGTH];
|
---|
547 | char * ret = SH_ALLOC(strlen(str) + 1 + sizeof(keybuf));
|
---|
548 | char * r = ret;
|
---|
549 |
|
---|
550 | *p = '\0';
|
---|
551 | SHA256_Base2Hex(keybuf, hexbuf);
|
---|
552 |
|
---|
553 | memcpy(ret, str, (s - str));
|
---|
554 | r += (int)(s - str); *r = '\0';
|
---|
555 | strcpy(r, hexbuf); /* flawfinder: ignore */
|
---|
556 | r += strlen(hexbuf);
|
---|
557 | p = strchr(s, after);
|
---|
558 | strcpy(r, p); /* flawfinder: ignore */
|
---|
559 |
|
---|
560 | return ret;
|
---|
561 | }
|
---|
562 | }
|
---|
563 | return NULL;
|
---|
564 | }
|
---|
565 |
|
---|
566 |
|
---|
567 | #ifdef SH_CUTEST
|
---|
568 | #include <stdlib.h>
|
---|
569 | #include "CuTest.h"
|
---|
570 |
|
---|
571 | void Test_sha256 (CuTest *tc) {
|
---|
572 |
|
---|
573 | char hexdigest[SHA256_DIGEST_STRING_LENGTH];
|
---|
574 | char b64digest[KEYBUF_SIZE];
|
---|
575 | char * b64;
|
---|
576 | char * buffer;
|
---|
577 | size_t len;
|
---|
578 | sha2_byte data[512];
|
---|
579 | sha2_byte *d;
|
---|
580 | int i;
|
---|
581 |
|
---|
582 | data[0] = '\0'; len = 0;
|
---|
583 | b64 = SHA256_Data(data, len, b64digest);
|
---|
584 | CuAssertPtrNotNull(tc, b64);
|
---|
585 |
|
---|
586 | len = strlen((char*)b64);
|
---|
587 | sh_util_base64_dec (data, (unsigned char*)b64, len);
|
---|
588 | d = data;
|
---|
589 | buffer = hexdigest;
|
---|
590 | for (i = 0; i < SHA256_DIGEST_LENGTH; i++) {
|
---|
591 | *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
|
---|
592 | *buffer++ = sha2_hex_digits[*d & 0x0f];
|
---|
593 | d++;
|
---|
594 | }
|
---|
595 | *buffer = (char)0;
|
---|
596 | CuAssertStrEquals(tc, hexdigest, "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855");
|
---|
597 |
|
---|
598 | memset(hexdigest, 0, sizeof(hexdigest));
|
---|
599 | buffer = SHA256_Base2Hex(b64digest, hexdigest);
|
---|
600 | CuAssertPtrNotNull(tc, buffer);
|
---|
601 | CuAssertStrEquals(tc, hexdigest, "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855");
|
---|
602 | CuAssertStrEquals(tc, buffer, "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855");
|
---|
603 |
|
---|
604 | strcpy((char*)data, "The quick brown fox jumps over the lazy dog"); len = strlen((char*)data);
|
---|
605 | b64 = SHA256_Data(data, len, b64digest);
|
---|
606 | CuAssertPtrNotNull(tc, b64);
|
---|
607 |
|
---|
608 | len = strlen((char*)b64);
|
---|
609 | sh_util_base64_dec (data, (unsigned char*)b64, len);
|
---|
610 | d = data;
|
---|
611 | buffer = hexdigest;
|
---|
612 | for (i = 0; i < SHA256_DIGEST_LENGTH; i++) {
|
---|
613 | *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
|
---|
614 | *buffer++ = sha2_hex_digits[*d & 0x0f];
|
---|
615 | d++;
|
---|
616 | }
|
---|
617 | *buffer = (char)0;
|
---|
618 | CuAssertStrEquals(tc, hexdigest, "d7a8fbb307d7809469ca9abcb0082e4f8d5651e46d3cdb762d02d0bf37c9e592");
|
---|
619 |
|
---|
620 | strcpy((char*)data, "The quick brown fox jumps over the lazy dog."); len = strlen((char*)data);
|
---|
621 | b64 = SHA256_Data(data, len, b64digest);
|
---|
622 | CuAssertPtrNotNull(tc, b64);
|
---|
623 |
|
---|
624 | len = strlen((char*)b64);
|
---|
625 | sh_util_base64_dec (data, (unsigned char*)b64, len);
|
---|
626 | d = data;
|
---|
627 | buffer = hexdigest;
|
---|
628 | for (i = 0; i < SHA256_DIGEST_LENGTH; i++) {
|
---|
629 | *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
|
---|
630 | *buffer++ = sha2_hex_digits[*d & 0x0f];
|
---|
631 | d++;
|
---|
632 | }
|
---|
633 | *buffer = (char)0;
|
---|
634 | CuAssertStrEquals(tc, hexdigest, "ef537f25c895bfa782526529a9b63d97aa631564d5d789c2b765448c8635fb6c");
|
---|
635 |
|
---|
636 | }
|
---|
637 |
|
---|
638 | #endif
|
---|