1*cf5a6c84SAndroid Build Coastguard Worker /* hash.c - Calculate various cryptographic hashes.
2*cf5a6c84SAndroid Build Coastguard Worker *
3*cf5a6c84SAndroid Build Coastguard Worker * Copyright 2012, 2021 Rob Landley <[email protected]>
4*cf5a6c84SAndroid Build Coastguard Worker *
5*cf5a6c84SAndroid Build Coastguard Worker * See http://www.ietf.org/rfc/rfc1321.txt
6*cf5a6c84SAndroid Build Coastguard Worker * and http://www.ietf.org/rfc/rfc4634.txt
7*cf5a6c84SAndroid Build Coastguard Worker */
8*cf5a6c84SAndroid Build Coastguard Worker
9*cf5a6c84SAndroid Build Coastguard Worker #include "toys.h"
10*cf5a6c84SAndroid Build Coastguard Worker
11*cf5a6c84SAndroid Build Coastguard Worker // Use external library of hand-coded assembly implementations?
12*cf5a6c84SAndroid Build Coastguard Worker #if CFG_TOYBOX_LIBCRYPTO
13*cf5a6c84SAndroid Build Coastguard Worker #include <openssl/md5.h>
14*cf5a6c84SAndroid Build Coastguard Worker #include <openssl/sha.h>
15*cf5a6c84SAndroid Build Coastguard Worker
16*cf5a6c84SAndroid Build Coastguard Worker // Initialize array tersely
17*cf5a6c84SAndroid Build Coastguard Worker #define HASH_INIT(name, prefix) { name, (void *)prefix##_Init, \
18*cf5a6c84SAndroid Build Coastguard Worker (void *)prefix##_Update, (void *)prefix##_Final, \
19*cf5a6c84SAndroid Build Coastguard Worker prefix##_DIGEST_LENGTH, }
20*cf5a6c84SAndroid Build Coastguard Worker #define SHA1_DIGEST_LENGTH SHA_DIGEST_LENGTH
21*cf5a6c84SAndroid Build Coastguard Worker
hash_by_name(int fd,char * name,char * result)22*cf5a6c84SAndroid Build Coastguard Worker void hash_by_name(int fd, char *name, char *result)
23*cf5a6c84SAndroid Build Coastguard Worker {
24*cf5a6c84SAndroid Build Coastguard Worker // Largest context
25*cf5a6c84SAndroid Build Coastguard Worker SHA512_CTX ctx;
26*cf5a6c84SAndroid Build Coastguard Worker struct hash {
27*cf5a6c84SAndroid Build Coastguard Worker char *name;
28*cf5a6c84SAndroid Build Coastguard Worker int (*init)(void *);
29*cf5a6c84SAndroid Build Coastguard Worker int (*update)(void *, void *, size_t);
30*cf5a6c84SAndroid Build Coastguard Worker int (*final)(void *, void *);
31*cf5a6c84SAndroid Build Coastguard Worker int digest_length;
32*cf5a6c84SAndroid Build Coastguard Worker } algorithms[] = {
33*cf5a6c84SAndroid Build Coastguard Worker USE_MD5SUM(HASH_INIT("md5sum", MD5),)
34*cf5a6c84SAndroid Build Coastguard Worker USE_SHA1SUM(HASH_INIT("sha1sum", SHA1),)
35*cf5a6c84SAndroid Build Coastguard Worker USE_SHA224SUM(HASH_INIT("sha224sum", SHA224),)
36*cf5a6c84SAndroid Build Coastguard Worker USE_SHA256SUM(HASH_INIT("sha256sum", SHA256),)
37*cf5a6c84SAndroid Build Coastguard Worker USE_SHA384SUM(HASH_INIT("sha384sum", SHA384),)
38*cf5a6c84SAndroid Build Coastguard Worker USE_SHA512SUM(HASH_INIT("sha512sum", SHA512),)
39*cf5a6c84SAndroid Build Coastguard Worker }, * hash;
40*cf5a6c84SAndroid Build Coastguard Worker int i;
41*cf5a6c84SAndroid Build Coastguard Worker
42*cf5a6c84SAndroid Build Coastguard Worker // This should never NOT match, so no need to check
43*cf5a6c84SAndroid Build Coastguard Worker for (i = 0; i<ARRAY_LEN(algorithms); i++)
44*cf5a6c84SAndroid Build Coastguard Worker if (!strcmp(name, algorithms[i].name)) break;
45*cf5a6c84SAndroid Build Coastguard Worker hash = algorithms+i;
46*cf5a6c84SAndroid Build Coastguard Worker
47*cf5a6c84SAndroid Build Coastguard Worker hash->init(&ctx);
48*cf5a6c84SAndroid Build Coastguard Worker for (;;) {
49*cf5a6c84SAndroid Build Coastguard Worker i = read(fd, libbuf, sizeof(libbuf));
50*cf5a6c84SAndroid Build Coastguard Worker if (i<1) break;
51*cf5a6c84SAndroid Build Coastguard Worker hash->update(&ctx, libbuf, i);
52*cf5a6c84SAndroid Build Coastguard Worker }
53*cf5a6c84SAndroid Build Coastguard Worker hash->final(libbuf+128, &ctx);
54*cf5a6c84SAndroid Build Coastguard Worker
55*cf5a6c84SAndroid Build Coastguard Worker for (i = 0; i<hash->digest_length; i++)
56*cf5a6c84SAndroid Build Coastguard Worker result += sprintf(result, "%02x", libbuf[i+128]);
57*cf5a6c84SAndroid Build Coastguard Worker }
58*cf5a6c84SAndroid Build Coastguard Worker
59*cf5a6c84SAndroid Build Coastguard Worker // Builtin implementations
60*cf5a6c84SAndroid Build Coastguard Worker #else
61*cf5a6c84SAndroid Build Coastguard Worker
62*cf5a6c84SAndroid Build Coastguard Worker struct browns {
63*cf5a6c84SAndroid Build Coastguard Worker unsigned *rconsttable32;
64*cf5a6c84SAndroid Build Coastguard Worker unsigned long long *rconsttable64; // for sha384,sha512
65*cf5a6c84SAndroid Build Coastguard Worker
66*cf5a6c84SAndroid Build Coastguard Worker // Crypto variables blanked after summing
67*cf5a6c84SAndroid Build Coastguard Worker unsigned long long count, overflow;
68*cf5a6c84SAndroid Build Coastguard Worker union {
69*cf5a6c84SAndroid Build Coastguard Worker char c[128]; // bytes, 1024 bits
70*cf5a6c84SAndroid Build Coastguard Worker unsigned i32[16]; // 512 bits for md5,sha1,sha224,sha256
71*cf5a6c84SAndroid Build Coastguard Worker unsigned long long i64[16]; // 1024 bits for sha384,sha512
72*cf5a6c84SAndroid Build Coastguard Worker } state, buffer;
73*cf5a6c84SAndroid Build Coastguard Worker };
74*cf5a6c84SAndroid Build Coastguard Worker
75*cf5a6c84SAndroid Build Coastguard Worker // Round constants. Static table for when we haven't got floating point support
76*cf5a6c84SAndroid Build Coastguard Worker #if ! CFG_TOYBOX_FLOAT
77*cf5a6c84SAndroid Build Coastguard Worker static const unsigned md5nofloat[64] = {
78*cf5a6c84SAndroid Build Coastguard Worker 0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee, 0xf57c0faf, 0x4787c62a,
79*cf5a6c84SAndroid Build Coastguard Worker 0xa8304613, 0xfd469501, 0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be,
80*cf5a6c84SAndroid Build Coastguard Worker 0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821, 0xf61e2562, 0xc040b340,
81*cf5a6c84SAndroid Build Coastguard Worker 0x265e5a51, 0xe9b6c7aa, 0xd62f105d, 0x02441453, 0xd8a1e681, 0xe7d3fbc8,
82*cf5a6c84SAndroid Build Coastguard Worker 0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed, 0xa9e3e905, 0xfcefa3f8,
83*cf5a6c84SAndroid Build Coastguard Worker 0x676f02d9, 0x8d2a4c8a, 0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c,
84*cf5a6c84SAndroid Build Coastguard Worker 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70, 0x289b7ec6, 0xeaa127fa,
85*cf5a6c84SAndroid Build Coastguard Worker 0xd4ef3085, 0x04881d05, 0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665,
86*cf5a6c84SAndroid Build Coastguard Worker 0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039, 0x655b59c3, 0x8f0ccc92,
87*cf5a6c84SAndroid Build Coastguard Worker 0xffeff47d, 0x85845dd1, 0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1,
88*cf5a6c84SAndroid Build Coastguard Worker 0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391
89*cf5a6c84SAndroid Build Coastguard Worker };
90*cf5a6c84SAndroid Build Coastguard Worker #else
91*cf5a6c84SAndroid Build Coastguard Worker #define md5nofloat 0
92*cf5a6c84SAndroid Build Coastguard Worker #endif
93*cf5a6c84SAndroid Build Coastguard Worker static unsigned long long sha512nofloat[80] = {
94*cf5a6c84SAndroid Build Coastguard Worker // we cannot calculate these 64-bit values using the readily
95*cf5a6c84SAndroid Build Coastguard Worker // available floating point data types and math functions,
96*cf5a6c84SAndroid Build Coastguard Worker // so we always use this lookup table (80 * 8 bytes)
97*cf5a6c84SAndroid Build Coastguard Worker 0x428a2f98d728ae22, 0x7137449123ef65cd, 0xb5c0fbcfec4d3b2f,
98*cf5a6c84SAndroid Build Coastguard Worker 0xe9b5dba58189dbbc, 0x3956c25bf348b538, 0x59f111f1b605d019,
99*cf5a6c84SAndroid Build Coastguard Worker 0x923f82a4af194f9b, 0xab1c5ed5da6d8118, 0xd807aa98a3030242,
100*cf5a6c84SAndroid Build Coastguard Worker 0x12835b0145706fbe, 0x243185be4ee4b28c, 0x550c7dc3d5ffb4e2,
101*cf5a6c84SAndroid Build Coastguard Worker 0x72be5d74f27b896f, 0x80deb1fe3b1696b1, 0x9bdc06a725c71235,
102*cf5a6c84SAndroid Build Coastguard Worker 0xc19bf174cf692694, 0xe49b69c19ef14ad2, 0xefbe4786384f25e3,
103*cf5a6c84SAndroid Build Coastguard Worker 0x0fc19dc68b8cd5b5, 0x240ca1cc77ac9c65, 0x2de92c6f592b0275,
104*cf5a6c84SAndroid Build Coastguard Worker 0x4a7484aa6ea6e483, 0x5cb0a9dcbd41fbd4, 0x76f988da831153b5,
105*cf5a6c84SAndroid Build Coastguard Worker 0x983e5152ee66dfab, 0xa831c66d2db43210, 0xb00327c898fb213f,
106*cf5a6c84SAndroid Build Coastguard Worker 0xbf597fc7beef0ee4, 0xc6e00bf33da88fc2, 0xd5a79147930aa725,
107*cf5a6c84SAndroid Build Coastguard Worker 0x06ca6351e003826f, 0x142929670a0e6e70, 0x27b70a8546d22ffc,
108*cf5a6c84SAndroid Build Coastguard Worker 0x2e1b21385c26c926, 0x4d2c6dfc5ac42aed, 0x53380d139d95b3df,
109*cf5a6c84SAndroid Build Coastguard Worker 0x650a73548baf63de, 0x766a0abb3c77b2a8, 0x81c2c92e47edaee6,
110*cf5a6c84SAndroid Build Coastguard Worker 0x92722c851482353b, 0xa2bfe8a14cf10364, 0xa81a664bbc423001,
111*cf5a6c84SAndroid Build Coastguard Worker 0xc24b8b70d0f89791, 0xc76c51a30654be30, 0xd192e819d6ef5218,
112*cf5a6c84SAndroid Build Coastguard Worker 0xd69906245565a910, 0xf40e35855771202a, 0x106aa07032bbd1b8,
113*cf5a6c84SAndroid Build Coastguard Worker 0x19a4c116b8d2d0c8, 0x1e376c085141ab53, 0x2748774cdf8eeb99,
114*cf5a6c84SAndroid Build Coastguard Worker 0x34b0bcb5e19b48a8, 0x391c0cb3c5c95a63, 0x4ed8aa4ae3418acb,
115*cf5a6c84SAndroid Build Coastguard Worker 0x5b9cca4f7763e373, 0x682e6ff3d6b2b8a3, 0x748f82ee5defb2fc,
116*cf5a6c84SAndroid Build Coastguard Worker 0x78a5636f43172f60, 0x84c87814a1f0ab72, 0x8cc702081a6439ec,
117*cf5a6c84SAndroid Build Coastguard Worker 0x90befffa23631e28, 0xa4506cebde82bde9, 0xbef9a3f7b2c67915,
118*cf5a6c84SAndroid Build Coastguard Worker 0xc67178f2e372532b, 0xca273eceea26619c, 0xd186b8c721c0c207,
119*cf5a6c84SAndroid Build Coastguard Worker 0xeada7dd6cde0eb1e, 0xf57d4f7fee6ed178, 0x06f067aa72176fba,
120*cf5a6c84SAndroid Build Coastguard Worker 0x0a637dc5a2c898a6, 0x113f9804bef90dae, 0x1b710b35131c471b,
121*cf5a6c84SAndroid Build Coastguard Worker 0x28db77f523047d84, 0x32caab7b40c72493, 0x3c9ebe0a15c9bebc,
122*cf5a6c84SAndroid Build Coastguard Worker 0x431d67c49c100d4c, 0x4cc5d4becb3e42b6, 0x597f299cfc657e2a,
123*cf5a6c84SAndroid Build Coastguard Worker 0x5fcb6fab3ad6faec, 0x6c44198c4a475817
124*cf5a6c84SAndroid Build Coastguard Worker };
125*cf5a6c84SAndroid Build Coastguard Worker // sha1 needs only 4 round constant values, so prefer precomputed
126*cf5a6c84SAndroid Build Coastguard Worker static const unsigned sha1rconsts[] = {
127*cf5a6c84SAndroid Build Coastguard Worker 0x5A827999, 0x6ED9EBA1, 0x8F1BBCDC, 0xCA62C1D6
128*cf5a6c84SAndroid Build Coastguard Worker };
129*cf5a6c84SAndroid Build Coastguard Worker
130*cf5a6c84SAndroid Build Coastguard Worker // bit rotations
131*cf5a6c84SAndroid Build Coastguard Worker #define rol(value, bits) (((value)<<(bits))|((value)>>(sizeof(value)*8-(bits))))
132*cf5a6c84SAndroid Build Coastguard Worker #define ror(value, bits) (((value)>>(bits))|((value)<<(sizeof(value)*8-(bits))))
133*cf5a6c84SAndroid Build Coastguard Worker
134*cf5a6c84SAndroid Build Coastguard Worker // Mix next 64 bytes of data into md5 hash
135*cf5a6c84SAndroid Build Coastguard Worker
md5_transform(struct browns * hash)136*cf5a6c84SAndroid Build Coastguard Worker static void md5_transform(struct browns *hash)
137*cf5a6c84SAndroid Build Coastguard Worker {
138*cf5a6c84SAndroid Build Coastguard Worker unsigned x[4], *b = hash->buffer.i32;
139*cf5a6c84SAndroid Build Coastguard Worker int i;
140*cf5a6c84SAndroid Build Coastguard Worker
141*cf5a6c84SAndroid Build Coastguard Worker for (i = 0; i<4; i++) x[i] = hash->state.i32[i];
142*cf5a6c84SAndroid Build Coastguard Worker for (i = 0; i<64; i++) {
143*cf5a6c84SAndroid Build Coastguard Worker unsigned in, a, rot, temp;
144*cf5a6c84SAndroid Build Coastguard Worker
145*cf5a6c84SAndroid Build Coastguard Worker a = (-i)&3;
146*cf5a6c84SAndroid Build Coastguard Worker if (i<16) {
147*cf5a6c84SAndroid Build Coastguard Worker in = i;
148*cf5a6c84SAndroid Build Coastguard Worker rot = 7+(5*(i&3));
149*cf5a6c84SAndroid Build Coastguard Worker temp = x[(a+1)&3];
150*cf5a6c84SAndroid Build Coastguard Worker temp = (temp & x[(a+2)&3]) | ((~temp) & x[(a+3)&3]);
151*cf5a6c84SAndroid Build Coastguard Worker } else if (i<32) {
152*cf5a6c84SAndroid Build Coastguard Worker in = (1+(5*i))&15;
153*cf5a6c84SAndroid Build Coastguard Worker temp = (i&3)+1;
154*cf5a6c84SAndroid Build Coastguard Worker rot = temp*5;
155*cf5a6c84SAndroid Build Coastguard Worker if (temp&2) rot--;
156*cf5a6c84SAndroid Build Coastguard Worker temp = x[(a+3)&3];
157*cf5a6c84SAndroid Build Coastguard Worker temp = (x[(a+1)&3] & temp) | (x[(a+2)&3] & ~temp);
158*cf5a6c84SAndroid Build Coastguard Worker } else if (i<48) {
159*cf5a6c84SAndroid Build Coastguard Worker in = (5+(3*(i&15)))&15;
160*cf5a6c84SAndroid Build Coastguard Worker rot = i&3;
161*cf5a6c84SAndroid Build Coastguard Worker rot = 4+(5*rot)+((rot+1)&6);
162*cf5a6c84SAndroid Build Coastguard Worker temp = x[(a+1)&3] ^ x[(a+2)&3] ^ x[(a+3)&3];
163*cf5a6c84SAndroid Build Coastguard Worker } else {
164*cf5a6c84SAndroid Build Coastguard Worker in = (7*(i&15))&15;
165*cf5a6c84SAndroid Build Coastguard Worker rot = (i&3)+1;
166*cf5a6c84SAndroid Build Coastguard Worker rot = (5*rot)+(((rot+2)&2)>>1);
167*cf5a6c84SAndroid Build Coastguard Worker temp = x[(a+2)&3] ^ (x[(a+1)&3] | ~x[(a+3)&3]);
168*cf5a6c84SAndroid Build Coastguard Worker }
169*cf5a6c84SAndroid Build Coastguard Worker temp += x[a] + SWAP_LE32(b[in]) + hash->rconsttable32[i];
170*cf5a6c84SAndroid Build Coastguard Worker x[a] = x[(a+1)&3] + ((temp<<rot) | (temp>>(32-rot)));
171*cf5a6c84SAndroid Build Coastguard Worker }
172*cf5a6c84SAndroid Build Coastguard Worker for (i = 0; i<4; i++) hash->state.i32[i] += x[i];
173*cf5a6c84SAndroid Build Coastguard Worker }
174*cf5a6c84SAndroid Build Coastguard Worker
175*cf5a6c84SAndroid Build Coastguard Worker // Mix next 64 bytes of data into sha1 hash.
176*cf5a6c84SAndroid Build Coastguard Worker
sha1_transform(struct browns * hash)177*cf5a6c84SAndroid Build Coastguard Worker static void sha1_transform(struct browns *hash)
178*cf5a6c84SAndroid Build Coastguard Worker {
179*cf5a6c84SAndroid Build Coastguard Worker int i, j, k, count;
180*cf5a6c84SAndroid Build Coastguard Worker unsigned *block = hash->buffer.i32, oldstate[5], *rot[5], *temp, work;
181*cf5a6c84SAndroid Build Coastguard Worker
182*cf5a6c84SAndroid Build Coastguard Worker // Copy context->state.i32[] to working vars
183*cf5a6c84SAndroid Build Coastguard Worker for (i = 0; i<5; i++) {
184*cf5a6c84SAndroid Build Coastguard Worker oldstate[i] = hash->state.i32[i];
185*cf5a6c84SAndroid Build Coastguard Worker rot[i] = hash->state.i32 + i;
186*cf5a6c84SAndroid Build Coastguard Worker }
187*cf5a6c84SAndroid Build Coastguard Worker if (IS_BIG_ENDIAN) for (i = 0; i<16; i++) block[i] = SWAP_LE32(block[i]);
188*cf5a6c84SAndroid Build Coastguard Worker
189*cf5a6c84SAndroid Build Coastguard Worker // 4 rounds of 20 operations each.
190*cf5a6c84SAndroid Build Coastguard Worker for (i = count = 0; i<4; i++) {
191*cf5a6c84SAndroid Build Coastguard Worker for (j = 0; j<20; j++) {
192*cf5a6c84SAndroid Build Coastguard Worker work = *rot[2] ^ *rot[3];
193*cf5a6c84SAndroid Build Coastguard Worker if (!i) work = (work & *rot[1]) ^ *rot[3];
194*cf5a6c84SAndroid Build Coastguard Worker else {
195*cf5a6c84SAndroid Build Coastguard Worker if (i==2) work = ((*rot[1]|*rot[2])&*rot[3])|(*rot[1]&*rot[2]);
196*cf5a6c84SAndroid Build Coastguard Worker else work ^= *rot[1];
197*cf5a6c84SAndroid Build Coastguard Worker }
198*cf5a6c84SAndroid Build Coastguard Worker
199*cf5a6c84SAndroid Build Coastguard Worker if (!i && j<16)
200*cf5a6c84SAndroid Build Coastguard Worker work += block[count] = (ror(block[count],8)&0xFF00FF00)
201*cf5a6c84SAndroid Build Coastguard Worker | (rol(block[count],8)&0x00FF00FF);
202*cf5a6c84SAndroid Build Coastguard Worker else
203*cf5a6c84SAndroid Build Coastguard Worker work += block[count&15] = rol(block[(count+13)&15]
204*cf5a6c84SAndroid Build Coastguard Worker ^ block[(count+8)&15] ^ block[(count+2)&15] ^ block[count&15], 1);
205*cf5a6c84SAndroid Build Coastguard Worker *rot[4] += work + rol(*rot[0],5) + sha1rconsts[i];
206*cf5a6c84SAndroid Build Coastguard Worker *rot[1] = rol(*rot[1],30);
207*cf5a6c84SAndroid Build Coastguard Worker
208*cf5a6c84SAndroid Build Coastguard Worker // Rotate by one for next time.
209*cf5a6c84SAndroid Build Coastguard Worker temp = rot[4];
210*cf5a6c84SAndroid Build Coastguard Worker for (k = 4; k; k--) rot[k] = rot[k-1];
211*cf5a6c84SAndroid Build Coastguard Worker *rot = temp;
212*cf5a6c84SAndroid Build Coastguard Worker count++;
213*cf5a6c84SAndroid Build Coastguard Worker }
214*cf5a6c84SAndroid Build Coastguard Worker }
215*cf5a6c84SAndroid Build Coastguard Worker // Add the previous values of state.i32[]
216*cf5a6c84SAndroid Build Coastguard Worker for (i = 0; i<5; i++) hash->state.i32[i] += oldstate[i];
217*cf5a6c84SAndroid Build Coastguard Worker }
218*cf5a6c84SAndroid Build Coastguard Worker
sha2_32_transform(struct browns * hash)219*cf5a6c84SAndroid Build Coastguard Worker static void sha2_32_transform(struct browns *hash)
220*cf5a6c84SAndroid Build Coastguard Worker {
221*cf5a6c84SAndroid Build Coastguard Worker unsigned block[64], s0, s1, S0, S1, ch, maj, temp1, temp2, rot[8];
222*cf5a6c84SAndroid Build Coastguard Worker int i;
223*cf5a6c84SAndroid Build Coastguard Worker
224*cf5a6c84SAndroid Build Coastguard Worker for (i = 0; i<16; i++) block[i] = SWAP_BE32(hash->buffer.i32[i]);
225*cf5a6c84SAndroid Build Coastguard Worker
226*cf5a6c84SAndroid Build Coastguard Worker // Extend the message schedule array beyond first 16 words
227*cf5a6c84SAndroid Build Coastguard Worker for (i = 16; i<64; i++) {
228*cf5a6c84SAndroid Build Coastguard Worker s0 = ror(block[i-15], 7) ^ ror(block[i-15], 18) ^ (block[i-15] >> 3);
229*cf5a6c84SAndroid Build Coastguard Worker s1 = ror(block[i-2], 17) ^ ror(block[i-2], 19) ^ (block[i-2] >> 10);
230*cf5a6c84SAndroid Build Coastguard Worker block[i] = block[i-16] + s0 + block[i-7] + s1;
231*cf5a6c84SAndroid Build Coastguard Worker }
232*cf5a6c84SAndroid Build Coastguard Worker // Copy context->state.i32[] to working vars
233*cf5a6c84SAndroid Build Coastguard Worker for (i = 0; i<8; i++) rot[i] = hash->state.i32[i];
234*cf5a6c84SAndroid Build Coastguard Worker // 64 rounds
235*cf5a6c84SAndroid Build Coastguard Worker for (i = 0; i<64; i++) {
236*cf5a6c84SAndroid Build Coastguard Worker S1 = ror(rot[4],6) ^ ror(rot[4],11) ^ ror(rot[4], 25);
237*cf5a6c84SAndroid Build Coastguard Worker ch = (rot[4] & rot[5]) ^ ((~ rot[4]) & rot[6]);
238*cf5a6c84SAndroid Build Coastguard Worker temp1 = rot[7] + S1 + ch + hash->rconsttable32[i] + block[i];
239*cf5a6c84SAndroid Build Coastguard Worker S0 = ror(rot[0],2) ^ ror(rot[0],13) ^ ror(rot[0], 22);
240*cf5a6c84SAndroid Build Coastguard Worker maj = (rot[0] & rot[1]) ^ (rot[0] & rot[2]) ^ (rot[1] & rot[2]);
241*cf5a6c84SAndroid Build Coastguard Worker temp2 = S0 + maj;
242*cf5a6c84SAndroid Build Coastguard Worker memmove(rot+1, rot, 7*sizeof(*rot));
243*cf5a6c84SAndroid Build Coastguard Worker rot[4] += temp1;
244*cf5a6c84SAndroid Build Coastguard Worker rot[0] = temp1 + temp2;
245*cf5a6c84SAndroid Build Coastguard Worker }
246*cf5a6c84SAndroid Build Coastguard Worker
247*cf5a6c84SAndroid Build Coastguard Worker // Add the previous values of state.i32[]
248*cf5a6c84SAndroid Build Coastguard Worker for (i = 0; i<8; i++) hash->state.i32[i] += rot[i];
249*cf5a6c84SAndroid Build Coastguard Worker }
250*cf5a6c84SAndroid Build Coastguard Worker
sha2_64_transform(struct browns * hash)251*cf5a6c84SAndroid Build Coastguard Worker static void sha2_64_transform(struct browns *hash)
252*cf5a6c84SAndroid Build Coastguard Worker {
253*cf5a6c84SAndroid Build Coastguard Worker unsigned long long block[80], s0, s1, S0, S1, ch, maj, temp1, temp2, rot[8];
254*cf5a6c84SAndroid Build Coastguard Worker int i;
255*cf5a6c84SAndroid Build Coastguard Worker
256*cf5a6c84SAndroid Build Coastguard Worker for (i=0; i<16; i++) block[i] = SWAP_BE64(hash->buffer.i64[i]);
257*cf5a6c84SAndroid Build Coastguard Worker
258*cf5a6c84SAndroid Build Coastguard Worker // Extend the message schedule array beyond first 16 words
259*cf5a6c84SAndroid Build Coastguard Worker for (i = 16; i<80; i++) {
260*cf5a6c84SAndroid Build Coastguard Worker s0 = ror(block[i-15], 1) ^ ror(block[i-15], 8) ^ (block[i-15] >> 7);
261*cf5a6c84SAndroid Build Coastguard Worker s1 = ror(block[i-2], 19) ^ ror(block[i-2], 61) ^ (block[i-2] >> 6);
262*cf5a6c84SAndroid Build Coastguard Worker block[i] = block[i-16] + s0 + block[i-7] + s1;
263*cf5a6c84SAndroid Build Coastguard Worker }
264*cf5a6c84SAndroid Build Coastguard Worker // Copy context->state.i64[] to working vars
265*cf5a6c84SAndroid Build Coastguard Worker for (i = 0; i<8; i++) rot[i] = hash->state.i64[i];
266*cf5a6c84SAndroid Build Coastguard Worker // 80 rounds
267*cf5a6c84SAndroid Build Coastguard Worker for (i = 0; i<80; i++) {
268*cf5a6c84SAndroid Build Coastguard Worker S1 = ror(rot[4],14) ^ ror(rot[4],18) ^ ror(rot[4], 41);
269*cf5a6c84SAndroid Build Coastguard Worker ch = (rot[4] & rot[5]) ^ ((~ rot[4]) & rot[6]);
270*cf5a6c84SAndroid Build Coastguard Worker temp1 = rot[7] + S1 + ch + hash->rconsttable64[i] + block[i];
271*cf5a6c84SAndroid Build Coastguard Worker S0 = ror(rot[0],28) ^ ror(rot[0],34) ^ ror(rot[0], 39);
272*cf5a6c84SAndroid Build Coastguard Worker maj = (rot[0] & rot[1]) ^ (rot[0] & rot[2]) ^ (rot[1] & rot[2]);
273*cf5a6c84SAndroid Build Coastguard Worker temp2 = S0 + maj;
274*cf5a6c84SAndroid Build Coastguard Worker memmove(rot+1, rot, 7*sizeof(*rot));
275*cf5a6c84SAndroid Build Coastguard Worker rot[4] += temp1;
276*cf5a6c84SAndroid Build Coastguard Worker rot[0] = temp1 + temp2;
277*cf5a6c84SAndroid Build Coastguard Worker }
278*cf5a6c84SAndroid Build Coastguard Worker
279*cf5a6c84SAndroid Build Coastguard Worker // Add the previous values of state.i64[]
280*cf5a6c84SAndroid Build Coastguard Worker for (i=0; i<8; i++) hash->state.i64[i] += rot[i];
281*cf5a6c84SAndroid Build Coastguard Worker }
282*cf5a6c84SAndroid Build Coastguard Worker
283*cf5a6c84SAndroid Build Coastguard Worker // Fill 64/128-byte (512/1024-bit) working buffer, call transform() when full.
284*cf5a6c84SAndroid Build Coastguard Worker
hash_update(char * data,unsigned int len,void (* transform)(struct browns * hash),int chunksize,struct browns * hash)285*cf5a6c84SAndroid Build Coastguard Worker static void hash_update(char *data, unsigned int len,
286*cf5a6c84SAndroid Build Coastguard Worker void (*transform)(struct browns *hash), int chunksize, struct browns *hash)
287*cf5a6c84SAndroid Build Coastguard Worker {
288*cf5a6c84SAndroid Build Coastguard Worker unsigned int i, j;
289*cf5a6c84SAndroid Build Coastguard Worker
290*cf5a6c84SAndroid Build Coastguard Worker j = hash->count & (chunksize - 1);
291*cf5a6c84SAndroid Build Coastguard Worker if (hash->count+len<hash->count) hash->overflow++;
292*cf5a6c84SAndroid Build Coastguard Worker hash->count += len;
293*cf5a6c84SAndroid Build Coastguard Worker
294*cf5a6c84SAndroid Build Coastguard Worker for (;;) {
295*cf5a6c84SAndroid Build Coastguard Worker // Grab next chunk of data, return if it's not enough to process a frame
296*cf5a6c84SAndroid Build Coastguard Worker i = chunksize - j;
297*cf5a6c84SAndroid Build Coastguard Worker if (i>len) i = len;
298*cf5a6c84SAndroid Build Coastguard Worker memcpy(hash->buffer.c+j, data, i);
299*cf5a6c84SAndroid Build Coastguard Worker if (j+i != chunksize) break;
300*cf5a6c84SAndroid Build Coastguard Worker
301*cf5a6c84SAndroid Build Coastguard Worker // Process a frame
302*cf5a6c84SAndroid Build Coastguard Worker transform(hash);
303*cf5a6c84SAndroid Build Coastguard Worker j=0;
304*cf5a6c84SAndroid Build Coastguard Worker data += i;
305*cf5a6c84SAndroid Build Coastguard Worker len -= i;
306*cf5a6c84SAndroid Build Coastguard Worker }
307*cf5a6c84SAndroid Build Coastguard Worker }
308*cf5a6c84SAndroid Build Coastguard Worker
hash_by_name(int fd,char * name,char * result)309*cf5a6c84SAndroid Build Coastguard Worker void hash_by_name(int fd, char *name, char *result)
310*cf5a6c84SAndroid Build Coastguard Worker {
311*cf5a6c84SAndroid Build Coastguard Worker unsigned long long count[2];
312*cf5a6c84SAndroid Build Coastguard Worker int i, chunksize, digestlen, method;
313*cf5a6c84SAndroid Build Coastguard Worker volatile unsigned *pp;
314*cf5a6c84SAndroid Build Coastguard Worker void (*transform)(struct browns *hash);
315*cf5a6c84SAndroid Build Coastguard Worker struct browns *hash = xzalloc(sizeof(struct browns));
316*cf5a6c84SAndroid Build Coastguard Worker char buf;
317*cf5a6c84SAndroid Build Coastguard Worker
318*cf5a6c84SAndroid Build Coastguard Worker // md5sum, sha1sum, sha224sum, sha256sum, sha384sum, sha512sum
319*cf5a6c84SAndroid Build Coastguard Worker method = stridx("us2581", name[4]);
320*cf5a6c84SAndroid Build Coastguard Worker
321*cf5a6c84SAndroid Build Coastguard Worker // Calculate table if we have floating point. Static version should drop
322*cf5a6c84SAndroid Build Coastguard Worker // out at compile time when we don't need it.
323*cf5a6c84SAndroid Build Coastguard Worker if (!method) { // MD5
324*cf5a6c84SAndroid Build Coastguard Worker if (CFG_TOYBOX_FLOAT) {
325*cf5a6c84SAndroid Build Coastguard Worker hash->rconsttable32 = xmalloc(64*4);
326*cf5a6c84SAndroid Build Coastguard Worker for (i = 0; i<64; i++) hash->rconsttable32[i] = fabs(sin(i+1))*(1LL<<32);
327*cf5a6c84SAndroid Build Coastguard Worker } else hash->rconsttable32 = (void *)md5nofloat;
328*cf5a6c84SAndroid Build Coastguard Worker } else if (name[3] == '2') { // sha224, sha256
329*cf5a6c84SAndroid Build Coastguard Worker hash->rconsttable32 = xmalloc(64*4);
330*cf5a6c84SAndroid Build Coastguard Worker for (i=0; i<64; i++) hash->rconsttable32[i] = sha512nofloat[i] >> 32;
331*cf5a6c84SAndroid Build Coastguard Worker } else hash->rconsttable64 = sha512nofloat; // sha384, sha512
332*cf5a6c84SAndroid Build Coastguard Worker
333*cf5a6c84SAndroid Build Coastguard Worker // select hash type
334*cf5a6c84SAndroid Build Coastguard Worker transform = (void *[]){md5_transform, sha1_transform, sha2_32_transform,
335*cf5a6c84SAndroid Build Coastguard Worker sha2_32_transform, sha2_64_transform, sha2_64_transform}[method];
336*cf5a6c84SAndroid Build Coastguard Worker digestlen = (char []){16, 20, 28, 32, 48, 64}[method];
337*cf5a6c84SAndroid Build Coastguard Worker chunksize = 64<<(method>=4);
338*cf5a6c84SAndroid Build Coastguard Worker if (method<=1)
339*cf5a6c84SAndroid Build Coastguard Worker memcpy(hash->state.i32, (unsigned []){0x67452301, 0xEFCDAB89, 0x98BADCFE,
340*cf5a6c84SAndroid Build Coastguard Worker 0x10325476, 0xC3D2E1F0}, 20);
341*cf5a6c84SAndroid Build Coastguard Worker else if (method==2)
342*cf5a6c84SAndroid Build Coastguard Worker memcpy(hash->state.i32, (unsigned []){0xc1059ed8, 0x367cd507, 0x3070dd17,
343*cf5a6c84SAndroid Build Coastguard Worker 0xf70e5939, 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4}, 32);
344*cf5a6c84SAndroid Build Coastguard Worker else if (method==3)
345*cf5a6c84SAndroid Build Coastguard Worker memcpy(hash->state.i32, (unsigned []){0x6a09e667, 0xbb67ae85, 0x3c6ef372,
346*cf5a6c84SAndroid Build Coastguard Worker 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19}, 32);
347*cf5a6c84SAndroid Build Coastguard Worker else if (method==4)
348*cf5a6c84SAndroid Build Coastguard Worker memcpy(hash->state.i64, (unsigned long long []){0xcbbb9d5dc1059ed8,
349*cf5a6c84SAndroid Build Coastguard Worker 0x629a292a367cd507, 0x9159015a3070dd17, 0x152fecd8f70e5939,
350*cf5a6c84SAndroid Build Coastguard Worker 0x67332667ffc00b31, 0x8eb44a8768581511, 0xdb0c2e0d64f98fa7,
351*cf5a6c84SAndroid Build Coastguard Worker 0x47b5481dbefa4fa4}, 64);
352*cf5a6c84SAndroid Build Coastguard Worker else memcpy(hash->state.i64, (unsigned long long []){0x6a09e667f3bcc908,
353*cf5a6c84SAndroid Build Coastguard Worker 0xbb67ae8584caa73b, 0x3c6ef372fe94f82b, 0xa54ff53a5f1d36f1,
354*cf5a6c84SAndroid Build Coastguard Worker 0x510e527fade682d1, 0x9b05688c2b3e6c1f, 0x1f83d9abfb41bd6b,
355*cf5a6c84SAndroid Build Coastguard Worker 0x5be0cd19137e2179}, 64);
356*cf5a6c84SAndroid Build Coastguard Worker
357*cf5a6c84SAndroid Build Coastguard Worker hash->count = 0;
358*cf5a6c84SAndroid Build Coastguard Worker for (;;) {
359*cf5a6c84SAndroid Build Coastguard Worker i = read(fd, libbuf, sizeof(libbuf));
360*cf5a6c84SAndroid Build Coastguard Worker if (i<1) break;
361*cf5a6c84SAndroid Build Coastguard Worker hash_update(libbuf, i, transform, chunksize, hash);
362*cf5a6c84SAndroid Build Coastguard Worker }
363*cf5a6c84SAndroid Build Coastguard Worker
364*cf5a6c84SAndroid Build Coastguard Worker // End the message by appending a "1" bit to the data, ending with the
365*cf5a6c84SAndroid Build Coastguard Worker // message size (in bits, big endian), and adding enough zero bits in
366*cf5a6c84SAndroid Build Coastguard Worker // between to pad to the end of the next frame.
367*cf5a6c84SAndroid Build Coastguard Worker //
368*cf5a6c84SAndroid Build Coastguard Worker // Since our input up to now has been in whole bytes, we can deal with
369*cf5a6c84SAndroid Build Coastguard Worker // bytes here too. sha384 and 512 use 128 bit counter, so track overflow.
370*cf5a6c84SAndroid Build Coastguard Worker buf = 0x80;
371*cf5a6c84SAndroid Build Coastguard Worker count[0] = (hash->overflow<<3)+(hash->count>>61);
372*cf5a6c84SAndroid Build Coastguard Worker count[1] = hash->count<<3; // convert to bits
373*cf5a6c84SAndroid Build Coastguard Worker for (i = 0; i<2; i++)
374*cf5a6c84SAndroid Build Coastguard Worker count[i] = !method ? SWAP_LE64(count[i]) : SWAP_BE64(count[i]);
375*cf5a6c84SAndroid Build Coastguard Worker i = 8<<(method>=4);
376*cf5a6c84SAndroid Build Coastguard Worker do {
377*cf5a6c84SAndroid Build Coastguard Worker hash_update(&buf, 1, transform, chunksize, hash);
378*cf5a6c84SAndroid Build Coastguard Worker buf = 0;
379*cf5a6c84SAndroid Build Coastguard Worker } while ((hash->count&(chunksize-1)) != chunksize-i);
380*cf5a6c84SAndroid Build Coastguard Worker hash_update((void *)(count+(method<4)), i, transform, chunksize, hash);
381*cf5a6c84SAndroid Build Coastguard Worker
382*cf5a6c84SAndroid Build Coastguard Worker // write digest to result
383*cf5a6c84SAndroid Build Coastguard Worker if (method>=4) for (i=0; i<digestlen/8; i++)
384*cf5a6c84SAndroid Build Coastguard Worker result += sprintf(result, "%016llx", hash->state.i64[i]);
385*cf5a6c84SAndroid Build Coastguard Worker else for (i=0; i<digestlen/4; i++)
386*cf5a6c84SAndroid Build Coastguard Worker result += sprintf(result, "%08x",
387*cf5a6c84SAndroid Build Coastguard Worker !method ? bswap_32(hash->state.i32[i]) : hash->state.i32[i]);
388*cf5a6c84SAndroid Build Coastguard Worker // Wipe variables. Cryptographer paranoia. Avoid "optimizing" out memset
389*cf5a6c84SAndroid Build Coastguard Worker // by looping on a volatile pointer.
390*cf5a6c84SAndroid Build Coastguard Worker for (pp = (void *)hash; pp-(unsigned *)hash<sizeof(*hash)/4; pp++) *pp = 0;
391*cf5a6c84SAndroid Build Coastguard Worker for (pp = (void *)libbuf; pp-(unsigned *)libbuf<sizeof(libbuf)/4; pp++)
392*cf5a6c84SAndroid Build Coastguard Worker *pp = 0;
393*cf5a6c84SAndroid Build Coastguard Worker }
394*cf5a6c84SAndroid Build Coastguard Worker #endif
395