libcrash: sync with upstream.

* Implement new algorithms:
  - MACs: Poly1305, HMAC (SHA2_256, SHA2_512),
  - ciphers: ChaCha20, AES256CTR, AES256CBC.
* Remove MD4 hash.
* Change API (it happens).
* Update crashtest example.


git-svn-id: svn://kolibrios.org@9216 a494cfbc-eb01-0410-851d-a64ba20cac60
This commit is contained in:
Ivan Baravy 2021-10-15 00:52:46 +00:00
parent 34050385a4
commit 553742f877
31 changed files with 4605 additions and 1621 deletions

View File

@ -1,5 +1,6 @@
if tup.getconfig("NO_FASM") ~= "" then return end
HELPERDIR = (tup.getconfig("HELPERDIR") == "") and "../../../.." or tup.getconfig("HELPERDIR")
HELPERDIR = (tup.getconfig("HELPERDIR") == "") and "../../.." or tup.getconfig("HELPERDIR")
tup.include(HELPERDIR .. "/use_fasm.lua")
tup.rule("libcrash.asm", FASM .. " %f %o " .. tup.getconfig("KPACK_CMD"), "libcrash.obj")
tup.rule("crashtest.asm", FASM .. " %f %o " .. tup.getconfig("KPACK_CMD"), "crashtest")

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,235 @@
; libcrash -- cryptographic hash (and other) functions
;
; Copyright (C) <2016> Jeffrey Amelynck
; Copyright (C) <2016,2021> Ivan Baravy
;
; SPDX-License-Identifier: GPL-2.0-or-later
;
; This program is free software: you can redistribute it and/or modify it under
; the terms of the GNU General Public License as published by the Free Software
; Foundation, either version 2 of the License, or (at your option) any later
; version.
;
; This program is distributed in the hope that it will be useful, but WITHOUT
; ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
; FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License along with
; this program. If not, see <http://www.gnu.org/licenses/>.
struct ctx_aes_cbc
aes ctx_aes
cbc ctx_cbc
crypt dd ?
finish dd ?
block rd CBC128_BLOCK_SIZE/4
index dd ?
padding dd ?
ends
assert sizeof.ctx_aes_cbc <= LIBCRASH_CTX_LEN
; _crypt: 0/1 = encrypt/decrypt
proc aes256cbc.init uses ebx esi edi, _ctx, _key, _iv, _flags
mov ebx, [_ctx]
stdcall aes256.init, ebx, [_key], [_flags]
mov ecx, CBC128_BLOCK_SIZE/4
mov esi, [_iv]
lea edi, [ebx+ctx_aes_cbc.cbc.vector]
rep movsd
mov [ebx+ctx_aes_cbc.cbc.has_data], 0
mov [ebx+ctx_aes_cbc.index], 0
mov [ebx+ctx_aes_cbc.crypt], aes256cbc._.encrypt_block
mov [ebx+ctx_aes_cbc.finish], aes256cbc._.finish_encrypt
test [_flags], LIBCRASH_CIPHER_DECRYPT
jz @f
mov [ebx+ctx_aes_cbc.crypt], aes256cbc._.decrypt_block
mov [ebx+ctx_aes_cbc.finish], aes256cbc._.finish_decrypt
@@:
xor eax, eax
test [_flags], LIBCRASH_CIPHER_PADDING
setnz al
mov [ebx+ctx_aes_cbc.padding], eax
ret
endp
proc aes256cbc._.encrypt_block uses ebx esi edi, _ctx, _in, _out
mov ebx, [_ctx]
mov esi, [_in]
lea edi, [ebx+ctx_aes_cbc.cbc.vector]
mov ecx, CBC128_BLOCK_SIZE/4
@@:
lodsd
xor [edi], eax
add edi, 4
dec ecx
jnz @b
lea ecx, [ebx+ctx_aes_cbc.cbc.vector]
lea edx, [ebx+ctx_aes_cbc.aes.state]
stdcall aes.encrypt, ebx, ecx, edx
lea esi, [ebx+ctx_aes_cbc.aes.state]
lea edi, [ebx+ctx_aes_cbc.cbc.vector]
mov ecx, CBC128_BLOCK_SIZE/4
rep movsd
lea esi, [ebx+ctx_aes_cbc.aes.state]
mov edi, [_out]
mov ecx, CBC128_BLOCK_SIZE/4
rep movsd
mov eax, CBC128_BLOCK_SIZE
ret
endp
proc aes256cbc._.decrypt_block uses ebx esi edi, _ctx, _in, _out
locals
.done dd ?
endl
mov [.done], 0
mov ebx, [_ctx]
mov ecx, [_in]
lea edx, [ebx+ctx_aes_cbc.aes.state]
stdcall aes.decrypt, ebx, ecx, edx
bts [ebx+ctx_aes_cbc.cbc.has_data], 0
jnc @f
lea esi, [ebx+ctx_aes_cbc.cbc.block]
mov edi, [_out]
mov ecx, CBC128_BLOCK_SIZE/4
rep movsd
add [.done], CBC128_BLOCK_SIZE
@@:
lea esi, [ebx+ctx_aes_cbc.aes.state]
lea edx, [ebx+ctx_aes_cbc.cbc.vector]
lea edi, [ebx+ctx_aes_cbc.cbc.block]
mov ecx, CBC128_BLOCK_SIZE/4
@@:
lodsd
xor eax, [edx]
add edx, 4
stosd
dec ecx
jnz @b
mov esi, [_in]
lea edi, [ebx+ctx_aes_cbc.cbc.vector]
mov ecx, CBC128_BLOCK_SIZE/4
rep movsd
mov eax, [.done]
ret
endp
proc aes256cbc.update uses ebx esi edi, _ctx, _in, _len, _out
locals
.done dd ?
endl
mov [.done], 0
.next_block:
mov ebx, [_ctx]
mov eax, [ebx+ctx_aes_cbc.index]
test eax, eax
jnz .copy_to_buf
test [_in], LIBCRASH_ALIGN-1
jnz .copy_to_buf
.no_copy:
; data is aligned, process it in place without copying
mov ebx, [_ctx]
cmp [_len], CBC128_BLOCK_SIZE
jb .copy_quit
stdcall [ebx+ctx_aes_cbc.crypt], [_ctx], [_in], [_out]
add [_in], CBC128_BLOCK_SIZE
add [_out], eax
add [.done], eax
sub [_len], CBC128_BLOCK_SIZE
jmp .no_copy
.copy_to_buf:
lea edi, [ebx+ctx_aes_cbc.block]
add edi, [ebx+ctx_aes_cbc.index]
mov ecx, CBC128_BLOCK_SIZE
sub ecx, [ebx+ctx_aes_cbc.index]
cmp [_len], ecx
jb .copy_quit
mov esi, [_in]
sub [_len], ecx
add [_in], ecx
rep movsb
mov [ebx+ctx_aes_cbc.index], 0
lea esi, [ebx+ctx_aes_cbc.block]
stdcall [ebx+ctx_aes_cbc.crypt], [_ctx], esi, [_out]
add [.done], eax
add [_out], eax
jmp .next_block
.copy_quit:
mov ebx, [_ctx]
mov esi, [_in]
lea edi, [ebx+ctx_aes_cbc.block]
add edi, [ebx+ctx_aes_cbc.index]
mov ecx, [_len]
add [ebx+ctx_aes_cbc.index], ecx
rep movsb
.quit:
mov eax, [.done]
ret
endp
proc aes256cbc.finish uses ebx esi edi, _ctx, _out
mov ebx, [_ctx]
stdcall [ebx+ctx_aes_cbc.finish], ebx, [_out]
ret
endp
proc aes256cbc._.finish_encrypt uses ebx esi edi, _ctx, _out
mov ebx, [_ctx]
xor eax, eax
cmp [ebx+ctx_aes_cbc.padding], 0
jz .no_padding
; add padding
lea edi, [ebx+ctx_aes_cbc.block]
add edi, [ebx+ctx_aes_cbc.index]
mov ecx, CBC128_BLOCK_SIZE
sub ecx, [ebx+ctx_aes_cbc.index]
mov eax, ecx
rep stosb
lea eax, [ebx+ctx_aes_cbc.block]
stdcall aes256cbc._.encrypt_block, [_ctx], eax, [_out]
mov eax, CBC128_BLOCK_SIZE
.no_padding:
ret
endp
proc aes256cbc._.finish_decrypt uses ebx esi edi, _ctx, _out
mov ebx, [_ctx]
xor eax, eax
cmp eax, [ebx+ctx_aes_cbc.cbc.has_data]
jz .done
lea esi, [ebx+ctx_aes_cbc.cbc.block]
mov edi, [_out]
mov ecx, CBC128_BLOCK_SIZE
cmp [ebx+ctx_aes_cbc.padding], eax
jz @f
sub cl, [esi+CBC128_BLOCK_SIZE-1]
@@:
mov eax, ecx
rep movsb
.done:
ret
endp
proc aes256cbc.oneshot _ctx, _key, _iv, _flags, _in, _len, _out
locals
.done dd ?
endl
mov [.done], 0
stdcall aes256cbc.init, [_ctx], [_key], [_iv], [_flags]
stdcall aes256cbc.update, [_ctx], [_in], [_len], [_out]
add [_out], eax
add [.done], eax
stdcall aes256cbc.finish, [_ctx], [_out]
add eax, [.done]
ret
endp

View File

@ -0,0 +1,137 @@
; libcrash -- cryptographic hash (and other) functions
;
; Copyright (C) <2016> Jeffrey Amelynck
; Copyright (C) <2016,2021> Ivan Baravy
;
; SPDX-License-Identifier: GPL-2.0-or-later
;
; This program is free software: you can redistribute it and/or modify it under
; the terms of the GNU General Public License as published by the Free Software
; Foundation, either version 2 of the License, or (at your option) any later
; version.
;
; This program is distributed in the hope that it will be useful, but WITHOUT
; ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
; FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License along with
; this program. If not, see <http://www.gnu.org/licenses/>.
struct ctx_aes_ctr
aes ctx_aes
ctr ctx_ctr
ends
assert sizeof.ctx_aes_ctr <= LIBCRASH_CTX_LEN
; _crypt: 0/1 = encrypt/decrypt
proc aes256ctr.init uses ebx, _ctx, _key, _iv, _flags
mov ebx, [_ctx]
stdcall aes256.init, ebx, [_key], LIBCRASH_CIPHER_ENCRYPT
add ebx, ctx_aes_ctr.ctr
stdcall ctr.init, [_iv]
ret
endp
proc a22es_ctr._.block_init _ctx
mov edi, [_ctx]
lea esi, [edi+ctx_aes_ctr.ctr.block_counter]
mov ecx, AES_BLOCK_SIZE/4
rep movsd
ret
endp
proc aes256ctr.update uses ebx esi edi, _ctx, _in, _len, _out
mov eax, [_len]
pushad
mov ebx, [_ctx]
mov edi, [_in]
mov edx, [ebx+ctx_aes_ctr.ctr.partial_cnt]
.next_chunk:
mov ecx, [_len]
test ecx, ecx
jz .done
test edx, edx
jnz @f
pushad
lea ecx, [ebx+ctx_aes_ctr.ctr.block_counter]
lea edx, [ebx+ctx_aes_ctr.aes.state]
stdcall aes.encrypt, ebx, ecx, edx
popad
mov edx, AES_BLOCK_SIZE
pushad
mov esi, ebx
mov eax, dword[esi+ctx_aes_ctr.ctr.block_counter+4*0]
mov ebx, dword[esi+ctx_aes_ctr.ctr.block_counter+4*1]
mov ecx, dword[esi+ctx_aes_ctr.ctr.block_counter+4*2]
mov edx, dword[esi+ctx_aes_ctr.ctr.block_counter+4*3]
bswap eax
bswap ebx
bswap ecx
bswap edx
add edx, 1
adc ecx, 0
adc ebx, 0
adc eax, 0
bswap eax
bswap ebx
bswap ecx
bswap edx
mov dword[esi+ctx_aes_ctr.ctr.block_counter+4*0], eax
mov dword[esi+ctx_aes_ctr.ctr.block_counter+4*1], ebx
mov dword[esi+ctx_aes_ctr.ctr.block_counter+4*2], ecx
mov dword[esi+ctx_aes_ctr.ctr.block_counter+4*3], edx
popad
@@:
cmp ecx, edx
jbe @f
mov ecx, edx
@@:
lea esi, [ebx+ctx_aes_ctr.aes.state]
add esi, AES_BLOCK_SIZE
sub esi, edx
sub [_len], ecx
sub edx, ecx
push ebx
mov edi, [_out]
mov ebx, [_in]
add [_in], ecx
add [_out], ecx
@@:
lodsb
xor al, [ebx]
inc ebx
stosb
loop @b
pop ebx
jmp .next_chunk
.done:
mov [ebx+ctx_aes_ctr.ctr.partial_cnt], edx
popad
ret
endp
proc aes256ctr.finish _ctx, _out
xor eax, eax
ret
endp
proc aes256ctr.oneshot _ctx, _key, _iv, _flags, _in, _len, _out
locals
.done dd ?
endl
mov [.done], 0
stdcall aes256ctr.init, [_ctx], [_key], [_iv], [_flags]
stdcall aes256ctr.update, [_ctx], [_in], [_len], [_out]
add [_out], eax
add [.done], eax
stdcall aes256ctr.finish, [_ctx], [_out]
add eax, [.done]
ret
endp

View File

@ -0,0 +1,204 @@
; libcrash -- cryptographic hash (and other) functions
;
; Copyright (C) <2021> Ivan Baravy
;
; SPDX-License-Identifier: GPL-2.0-or-later
;
; This program is free software: you can redistribute it and/or modify it under
; the terms of the GNU General Public License as published by the Free Software
; Foundation, either version 2 of the License, or (at your option) any later
; version.
;
; This program is distributed in the hope that it will be useful, but WITHOUT
; ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
; FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License along with
; this program. If not, see <http://www.gnu.org/licenses/>.
; https://datatracker.ietf.org/doc/html/rfc7539
CHACHA20_BLOCK_SIZE = 64
CHACHA20_KEY_SIZE = 32
CHACHA20_NONCE_SIZE = 12
CHACHA20_IV_SIZE = 16
struct ctx_chacha20
state rd CHACHA20_BLOCK_SIZE/4
key rd CHACHA20_KEY_SIZE/4
block_counter dd ?
nonce rd CHACHA20_NONCE_SIZE/4
partial_cnt dd ?
ends
assert sizeof.ctx_chacha20 <= LIBCRASH_CTX_LEN
proc chacha20.init uses ebx esi edi, _ctx, _key, _iv, _flags
mov ebx, [_ctx]
mov esi, [_key]
lea edi, [ebx+ctx_chacha20.key]
mov ecx, CHACHA20_KEY_SIZE/4
rep movsd
mov esi, [_iv]
lea edi, [ebx+ctx_chacha20.block_counter]
mov ecx, CHACHA20_IV_SIZE/4
rep movsd
mov [ebx+ctx_chacha20.partial_cnt], 0
ret
endp
macro chacha20._.quarter_round a, b, c, d {
; a = PLUS(a,b); d = ROTATE(XOR(d,a),16);
mov eax, [esi+a*4]
add eax, [esi+b*4]
mov [esi+a*4], eax
xor eax, [esi+d*4]
rol eax, 16
mov [esi+d*4], eax
; c = PLUS(c,d); b = ROTATE(XOR(b,c),12);
mov eax, [esi+c*4]
add eax, [esi+d*4]
mov [esi+c*4], eax
xor eax, [esi+b*4]
rol eax, 12
mov [esi+b*4], eax
; a = PLUS(a,b); d = ROTATE(XOR(d,a), 8);
mov eax, [esi+a*4]
add eax, [esi+b*4]
mov [esi+a*4], eax
xor eax, [esi+d*4]
rol eax, 8
mov [esi+d*4], eax
; c = PLUS(c,d); b = ROTATE(XOR(b,c), 7);
mov eax, [esi+c*4]
add eax, [esi+d*4]
mov [esi+c*4], eax
xor eax, [esi+b*4]
rol eax, 7
mov [esi+b*4], eax
}
proc chacha20._.inner_block _state
mov esi, [_state]
chacha20._.quarter_round 0, 4, 8, 12
chacha20._.quarter_round 1, 5, 9, 13
chacha20._.quarter_round 2, 6, 10, 14
chacha20._.quarter_round 3, 7, 11, 15
chacha20._.quarter_round 0, 5, 10, 15
chacha20._.quarter_round 1, 6, 11, 12
chacha20._.quarter_round 2, 7, 8, 13
chacha20._.quarter_round 3, 4, 9, 14
ret
endp
proc chacha20._.block_init _ctx
mov edi, [_ctx]
lea esi, [edi+ctx_chacha20.key]
mov [edi+ctx_chacha20.state+0*4], 'expa' ; magic
mov [edi+ctx_chacha20.state+1*4], 'nd 3' ; constants
mov [edi+ctx_chacha20.state+2*4], '2-by' ; from
mov [edi+ctx_chacha20.state+3*4], 'te k' ; the RFC
add edi, 4*4
mov ecx, CHACHA20_BLOCK_SIZE/4-4 ; the four dwords above
rep movsd
ret
endp
proc chacha20._.block _state
locals
.working_state rd CHACHA20_BLOCK_SIZE/4
.i dd ?
endl
stdcall chacha20._.block_init, [_state]
mov esi, [_state]
lea edi, [.working_state]
mov ecx, CHACHA20_BLOCK_SIZE/4
rep movsd
mov [.i], 10
@@:
lea eax, [.working_state]
stdcall chacha20._.inner_block, eax
dec [.i]
jnz @b
lea esi, [.working_state]
mov edi, [_state]
mov ecx, CHACHA20_BLOCK_SIZE/4-1
@@:
mov eax, [esi+ecx*4]
add [edi+ecx*4], eax
dec ecx
jns @b
ret
endp
proc chacha20.update uses ebx esi edi, _ctx, _in, _len, _out
locals
.bytes_done dd ?
endl
mov eax, [_len]
mov [.bytes_done], eax
mov ebx, [_ctx]
mov edx, [ebx+ctx_chacha20.partial_cnt]
.next_chunk:
mov ecx, [_len]
test ecx, ecx
jz .done
test edx, edx
jnz @f
pushad
stdcall chacha20._.block, [_ctx]
popad
mov edx, CHACHA20_BLOCK_SIZE
inc [ebx+ctx_chacha20.block_counter]
@@:
cmp ecx, edx
jbe @f
mov ecx, edx
@@:
lea esi, [ebx+ctx_chacha20.state]
add esi, CHACHA20_BLOCK_SIZE
sub esi, edx
sub [_len], ecx
sub edx, ecx
push ebx
mov edi, [_out]
mov ebx, [_in]
add [_in], ecx
add [_out], ecx
@@:
lodsb
xor al, [ebx]
inc ebx
stosb
loop @b
pop ebx
jmp .next_chunk
.done:
mov [ebx+ctx_chacha20.partial_cnt], edx
mov eax, [.bytes_done]
ret
endp
proc chacha20.finish _ctx, _out
xor eax, eax
ret
endp
proc chacha20.oneshot _ctx, _key, _iv, _flags, _in, _len, _out
locals
.done dd ?
endl
mov [.done], 0
stdcall chacha20.init, [_ctx], [_key], [_iv], [_flags]
stdcall chacha20.update, [_ctx], [_in], [_len], [_out]
add [_out], eax
add [.done], eax
stdcall chacha20.finish, [_ctx], [_out]
add eax, [.done]
ret
endp

View File

@ -0,0 +1,36 @@
; libcrash -- cryptographic hash (and other) functions
;
; Copyright (C) <2021> Ivan Baravy
;
; SPDX-License-Identifier: GPL-2.0-or-later
;
; This program is free software: you can redistribute it and/or modify it under
; the terms of the GNU General Public License as published by the Free Software
; Foundation, either version 2 of the License, or (at your option) any later
; version.
;
; This program is distributed in the hope that it will be useful, but WITHOUT
; ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
; FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License along with
; this program. If not, see <http://www.gnu.org/licenses/>.
CBC128_BLOCK_SIZE = 128/8
struct ctx_cbc
vector rd CBC128_BLOCK_SIZE/4
block rd CBC128_BLOCK_SIZE/4
has_data dd ?
ends
; ebx = context
proc cbc.init uses esi edi, _iv
mov esi, [_iv]
lea edi, [ebx+ctx_ctr.block_counter]
mov ecx, CTR128_BLOCK_SIZE/4
rep movsd
mov [ebx+ctx_ctr.partial_cnt], 0
ret
endp

View File

@ -0,0 +1,34 @@
; libcrash -- cryptographic hash (and other) functions
;
; Copyright (C) <2021> Ivan Baravy
;
; SPDX-License-Identifier: GPL-2.0-or-later
;
; This program is free software: you can redistribute it and/or modify it under
; the terms of the GNU General Public License as published by the Free Software
; Foundation, either version 2 of the License, or (at your option) any later
; version.
;
; This program is distributed in the hope that it will be useful, but WITHOUT
; ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
; FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License along with
; this program. If not, see <http://www.gnu.org/licenses/>.
CTR128_BLOCK_SIZE = 128/8
struct ctx_ctr
block_counter rd 4
partial_cnt dd ?
ends
; ebx = context
proc ctr.init uses esi edi, _iv
mov esi, [_iv]
lea edi, [ebx+ctx_ctr.block_counter]
mov ecx, CTR128_BLOCK_SIZE/4
rep movsd
mov [ebx+ctx_ctr.partial_cnt], 0
ret
endp

View File

@ -0,0 +1,164 @@
use32
org 0x0
db 'MENUET01'
dd 0x01,start,i_end,e_end,e_end,0,this_file_name
include 'proc32.inc'
include 'macros.inc'
include 'dll.inc'
;include 'debug-fdo.inc'
include 'libcrash.inc'
BUFFER_SIZE = 0x1000
start:
pushfd
pop eax
; or eax, 1 SHL 18 ; Alignment Check flag, FIXME in libcrash
push eax
popfd
mcall 68, 11
stdcall dll.Load, @IMPORT
or eax, eax
jnz quit
still:
mcall 10
dec eax
jz redraw
dec eax
jz key
button:
mcall 17
shr eax, 8
cmp eax, 1
je quit
redraw:
mcall 12, 1
mcall 0, <0,900>, <0,160>, 0x34000000, 0x80000000, window_title
mov [f70_buf.src], 0
invoke crash.hash, LIBCRASH_SHA2_256, read_data, 0, bin
stdcall bin2hex, bin, SHA2_256_LEN, hex
mcall 4, <0,0>, 0xc0ffffff, hex, 0, 0
invoke crash.hash_oneshot, LIBCRASH_SHA2_256, ctx, 0, i_end
stdcall bin2hex, ctx, SHA2_256_LEN, hex
mcall 4, <0,10>, 0xc0ffffff, hex, 0, 0
invoke sha2_256.oneshot, ctx, 0, i_end
stdcall bin2hex, ctx, SHA2_256_LEN, hex
mcall 4, <0,20>, 0xc0ffffff, hex, 0, 0
invoke sha2_256.init, ctx
invoke sha2_256.update, ctx, 0, 42
invoke sha2_256.update, ctx, 42, i_end-42
invoke sha2_256.finish, ctx
stdcall bin2hex, ctx, SHA2_256_LEN, hex
mcall 4, <0,30>, 0xc0ffffff, hex, 0, 0
mcall 12, 2
jmp still
key:
mcall 2
jmp still
quit:
mcall -1
proc bin2hex uses esi edi, _bin, _len, _hex
mov esi, [_bin]
mov edi, [_hex]
mov ecx, [_len]
.next_byte:
movzx eax, byte[esi]
shr al, 4
cmp al, 10
sbb al, 0x69
das
stosb
lodsb
and al, 0x0f
cmp al, 10
sbb al, 0x69
das
stosb
loop .next_byte
mov byte[edi], 0
ret
endp
proc read_data uses ebx, _user, _buf, _len
mov eax, [_buf]
mov [f70_buf.dst], eax
mov eax, [_len]
mov [f70_buf.count], eax
mcall 70, f70_buf
mov eax, ebx
cmp eax, -1
jnz @f
inc eax
@@:
add [f70_buf.src], eax
ret
endp
sz window_title, 'libcrash example',0
f70_buf:
.funcnum dd 0
.src dd 0
dd 0
.count dd BUFFER_SIZE
.dst dd data_buffer
db 0
.fname dd this_file_name
align 4
@IMPORT:
library \
libcrash, 'libcrash.obj'
import libcrash, \
libcrash.init, 'lib_init', \
crash.hash, 'crash_hash', \
crash.hash_oneshot, 'crash_hash_oneshot', \
crash.mac, 'crash_mac', \
crash.mac_oneshot, 'crash_mac_oneshot', \
crash.crypt, 'crash_crypt', \
crash.crypt_oneshot, 'crash_crypt_oneshot', \
sha2_256.init, 'sha2_256_init', \
sha2_256.update, 'sha2_256_update', \
sha2_256.finish, 'sha2_256_finish', \
sha2_256.oneshot, 'sha2_256_oneshot', \
hmac_sha2_256.init, 'hmac_sha2_256_init', \
hmac_sha2_256.update, 'hmac_sha2_256_update', \
hmac_sha2_256.finish, 'hmac_sha2_256_finish', \
hmac_sha2_256.oneshot, 'hmac_sha2_256_oneshot', \
aes256ctr.init, 'aes256ctr_init', \
aes256ctr.update, 'aes256ctr_update', \
aes256ctr.finish, 'aes256ctr_finish', \
aes256ctr.oneshot, 'aes256ctr_oneshot'
i_end:
bin rb MAX_HASH_LEN
hex rb MAX_HASH_LEN*2+1
data_buffer rb BUFFER_SIZE
this_file_name rb 0x1000
align LIBCRASH_ALIGN
ctx rb LIBCRASH_CTX_LEN
rb 0x1000 ;stack
e_end:

View File

@ -1,22 +1,22 @@
; libcrash -- cryptographic hash functions
; libcrash -- cryptographic hash (and other) functions
;
; Copyright (C) 2012-2013,2016,2019 Ivan Baravy (dunkaist)
; Copyright (C) <2012-2013,2016,2019,2021> Ivan Baravy
;
; This program is free software: you can redistribute it and/or modify
; it under the terms of the GNU General Public License as published by
; the Free Software Foundation, either version 3 of the License, or
; (at your option) any later version.
; SPDX-License-Identifier: GPL-2.0-or-later
;
; This program is distributed in the hope that it will be useful,
; but WITHOUT ANY WARRANTY; without even the implied warranty of
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
; GNU General Public License for more details.
; This program is free software: you can redistribute it and/or modify it under
; the terms of the GNU General Public License as published by the Free Software
; Foundation, either version 2 of the License, or (at your option) any later
; version.
;
; You should have received a copy of the GNU General Public License
; along with this program. If not, see <http://www.gnu.org/licenses/>.
; This program is distributed in the hope that it will be useful, but WITHOUT
; ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
; FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License along with
; this program. If not, see <http://www.gnu.org/licenses/>.
CRC32_HASH_SIZE = 4
CRC32_BLOCK_SIZE = 1
CRC32_ALIGN = 4
CRC32_ALIGN_MASK = CRC32_ALIGN - 1
@ -25,11 +25,9 @@ struct ctx_crc32
hash rd 1
ends
if defined sizeof.crash_ctx
assert sizeof.crash_ctx >= sizeof.ctx_crc32
end if
assert sizeof.ctx_crc32 <= LIBCRASH_CTX_LEN
proc crc32.init _ctx
proc crc32.init uses ebx esi edi, _ctx
mov ebx, [_ctx]
lea edi, [ebx + ctx_crc32.hash]
mov esi, crc32._.hash_init
@ -39,7 +37,7 @@ proc crc32.init _ctx
endp
proc crc32.update _ctx, _msg, _size
proc crc32.update uses ebx esi edi, _ctx, _msg, _size
mov ebx, [_ctx]
mov esi, [_msg]
lea edi, [ebx + ctx_crc32.hash]
@ -47,7 +45,7 @@ proc crc32.update _ctx, _msg, _size
mov ecx, [_size]
jecxz .quit
@@:
@@:
movzx edx, al
xor dl, byte[esi]
add esi, 1
@ -57,12 +55,12 @@ proc crc32.update _ctx, _msg, _size
jnz @b
stosd
.quit:
.quit:
ret
endp
proc crc32.final _ctx
proc crc32.finish uses ebx esi edi, _ctx
mov ebx, [_ctx]
lea esi, [ebx + ctx_crc32.hash]
mov edi, esi
@ -77,7 +75,7 @@ endp
proc crc32.oneshot _ctx, _data, _len
stdcall crc32.init, [_ctx]
stdcall crc32.update, [_ctx], [_data], [_len]
stdcall crc32.final, [_ctx]
stdcall crc32.finish, [_ctx]
ret
endp

View File

@ -1,38 +1,35 @@
; libcrash -- cryptographic hash functions
; libcrash -- cryptographic hash (and other) functions
;
; Copyright (C) 2012-2013,2016,2019 Ivan Baravy (dunkaist)
; Copyright (C) <2012-2013,2016,2019,2021> Ivan Baravy
;
; This program is free software: you can redistribute it and/or modify
; it under the terms of the GNU General Public License as published by
; the Free Software Foundation, either version 3 of the License, or
; (at your option) any later version.
; SPDX-License-Identifier: GPL-2.0-or-later
;
; This program is distributed in the hope that it will be useful,
; but WITHOUT ANY WARRANTY; without even the implied warranty of
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
; GNU General Public License for more details.
; This program is free software: you can redistribute it and/or modify it under
; the terms of the GNU General Public License as published by the Free Software
; Foundation, either version 2 of the License, or (at your option) any later
; version.
;
; You should have received a copy of the GNU General Public License
; along with this program. If not, see <http://www.gnu.org/licenses/>.
; This program is distributed in the hope that it will be useful, but WITHOUT
; ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
; FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License along with
; this program. If not, see <http://www.gnu.org/licenses/>.
MD5_HASH_SIZE = 16
MD5_BLOCK_SIZE = 64
MD5_ALIGN = 4
MD5_ALIGN_MASK = MD5_ALIGN - 1
struct ctx_md5
hash rb MD5_HASH_SIZE
hash rb MD5_LEN
block rb MD5_BLOCK_SIZE
index rd 1
msglen_0 rd 1
msglen_1 rd 1
ends
if defined sizeof.crash_ctx
assert sizeof.crash_ctx >= sizeof.ctx_md5
end if
assert sizeof.ctx_md5 <= LIBCRASH_CTX_LEN
macro md5._.f b, c, d
{
@ -80,11 +77,11 @@ macro md5._.round func, a, b, c, d, index, shift, ac
}
proc md5.init _ctx
proc md5.init uses ebx esi edi, _ctx
mov ebx, [_ctx]
lea edi, [ebx + ctx_md5.hash]
mov esi, md5._.hash_init
mov ecx, MD5_HASH_SIZE/4
mov ecx, MD5_LEN/4
rep movsd
xor eax, eax
mov [ebx + ctx_md5.index], eax
@ -180,13 +177,13 @@ proc md5._.block _hash
endp
proc md5.update _ctx, _msg, _size
proc md5.update uses ebx esi edi, _ctx, _msg, _size
mov ebx, [_ctx]
mov ecx, [_size]
add [ebx + ctx_md5.msglen_0], ecx
adc [ebx + ctx_md5.msglen_1], 0
.next_block:
.next_block:
mov ebx, [_ctx]
mov esi, [_msg]
mov eax, [ebx + ctx_md5.index]
@ -194,7 +191,7 @@ proc md5.update _ctx, _msg, _size
jnz .copy_to_buf
test esi, MD5_ALIGN_MASK
jnz .copy_to_buf
.no_copy:
.no_copy:
; data is aligned, hash it in place without copying
mov ebx, [_ctx]
cmp [_size], MD5_BLOCK_SIZE
@ -205,7 +202,7 @@ proc md5.update _ctx, _msg, _size
add esi, MD5_BLOCK_SIZE
jmp .no_copy
.copy_to_buf:
.copy_to_buf:
lea edi, [ebx + ctx_md5.block]
add edi, eax
mov ecx, MD5_BLOCK_SIZE
@ -221,7 +218,7 @@ proc md5.update _ctx, _msg, _size
stdcall md5._.block, eax
jmp .next_block
.copy_quit:
.copy_quit:
mov ebx, [_ctx]
lea edi, [ebx + ctx_md5.block]
mov eax, [ebx + ctx_md5.index]
@ -230,13 +227,13 @@ proc md5.update _ctx, _msg, _size
mov ecx, [_size]
add [ebx + ctx_md5.index], ecx
rep movsb
.quit:
.quit:
ret
endp
proc md5.final _ctx
proc md5.finish uses ebx esi edi, _ctx
mov ebx, [_ctx]
lea edi, [ebx + ctx_md5.block]
mov ecx, [ebx + ctx_md5.msglen_0]
@ -258,7 +255,7 @@ proc md5.final _ctx
mov ebx, [_ctx]
lea edi, [ebx + ctx_md5.block]
mov ecx, MD5_BLOCK_SIZE+1
.last:
.last:
dec ecx
sub ecx, 8
xor eax, eax
@ -280,7 +277,7 @@ endp
proc md5.oneshot _ctx, _data, _len
stdcall md5.init, [_ctx]
stdcall md5.update, [_ctx], [_data], [_len]
stdcall md5.final, [_ctx]
stdcall md5.finish, [_ctx]
ret
endp

View File

@ -1,38 +1,35 @@
; libcrash -- cryptographic hash functions
; libcrash -- cryptographic hash (and other) functions
;
; Copyright (C) 2012-2013,2016,2019 Ivan Baravy (dunkaist)
; Copyright (C) <2012-2013,2016,2019,2021> Ivan Baravy
;
; This program is free software: you can redistribute it and/or modify
; it under the terms of the GNU General Public License as published by
; the Free Software Foundation, either version 3 of the License, or
; (at your option) any later version.
; SPDX-License-Identifier: GPL-2.0-or-later
;
; This program is distributed in the hope that it will be useful,
; but WITHOUT ANY WARRANTY; without even the implied warranty of
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
; GNU General Public License for more details.
; This program is free software: you can redistribute it and/or modify it under
; the terms of the GNU General Public License as published by the Free Software
; Foundation, either version 2 of the License, or (at your option) any later
; version.
;
; You should have received a copy of the GNU General Public License
; along with this program. If not, see <http://www.gnu.org/licenses/>.
; This program is distributed in the hope that it will be useful, but WITHOUT
; ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
; FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License along with
; this program. If not, see <http://www.gnu.org/licenses/>.
SHA1_HASH_SIZE = 20
SHA1_BLOCK_SIZE = 64
SHA1_ALIGN = 4
SHA1_ALIGN_MASK = SHA1_ALIGN - 1
struct ctx_sha1
hash rb SHA1_HASH_SIZE
hash rb SHA1_LEN
block rb SHA1_BLOCK_SIZE
index rd 1
msglen_0 rd 1
msglen_1 rd 1
ends
if defined sizeof.crash_ctx
assert sizeof.crash_ctx >= sizeof.ctx_sha1
end if
assert sizeof.ctx_sha1 <= LIBCRASH_CTX_LEN
proc sha1._.f
push ebx ecx edx
@ -87,11 +84,11 @@ macro sha1._.round f, k, c
}
proc sha1.init _ctx
proc sha1.init uses ebx esi edi, _ctx
mov ebx, [_ctx]
lea edi, [ebx + ctx_sha1.hash]
mov esi, sha1._.hash_init
mov ecx, SHA1_HASH_SIZE/4
mov ecx, SHA1_LEN/4
rep movsd
xor eax, eax
mov [ebx + ctx_sha1.index], eax
@ -108,7 +105,7 @@ locals
endl
lea edi, [w]
xor ecx, ecx
@@:
@@:
mov eax, [esi]
add esi, 4
bswap eax
@ -117,7 +114,7 @@ endl
add ecx, 1
cmp ecx, 16
jne @b
@@:
@@:
mov eax, [w + (ecx - 3)*4]
xor eax, [w + (ecx - 8)*4]
xor eax, [w + (ecx - 14)*4]
@ -168,13 +165,13 @@ end repeat
endp
proc sha1.update _ctx, _msg, _size
proc sha1.update uses ebx esi edi, _ctx, _msg, _size
mov ebx, [_ctx]
mov ecx, [_size]
add [ebx + ctx_sha1.msglen_0], ecx
adc [ebx + ctx_sha1.msglen_1], 0
.next_block:
.next_block:
mov ebx, [_ctx]
mov esi, [_msg]
mov eax, [ebx + ctx_sha1.index]
@ -182,7 +179,7 @@ proc sha1.update _ctx, _msg, _size
jnz .copy_to_buf
test esi, SHA1_ALIGN_MASK
jnz .copy_to_buf
.no_copy:
.no_copy:
; data is aligned, hash it in place without copying
mov ebx, [_ctx]
cmp [_size], SHA1_BLOCK_SIZE
@ -193,7 +190,7 @@ proc sha1.update _ctx, _msg, _size
; add esi, SHA1_BLOCK_SIZE ; FIXME
jmp .no_copy
.copy_to_buf:
.copy_to_buf:
lea edi, [ebx + ctx_sha1.block]
add edi, eax
mov ecx, SHA1_BLOCK_SIZE
@ -209,7 +206,7 @@ proc sha1.update _ctx, _msg, _size
stdcall sha1._.block, eax
jmp .next_block
.copy_quit:
.copy_quit:
mov ebx, [_ctx]
lea edi, [ebx + ctx_sha1.block]
mov eax, [ebx + ctx_sha1.index]
@ -218,13 +215,13 @@ proc sha1.update _ctx, _msg, _size
mov ecx, [_size]
add [ebx + ctx_sha1.index], ecx
rep movsb
.quit:
.quit:
ret
endp
proc sha1.final _ctx
proc sha1.finish uses ebx esi edi, _ctx
mov ebx, [_ctx]
lea edi, [ebx + ctx_sha1.block]
mov ecx, [ebx + ctx_sha1.msglen_0]
@ -246,7 +243,7 @@ proc sha1.final _ctx
mov ebx, [_ctx]
lea edi, [ebx + ctx_sha1.block]
mov ecx, SHA1_BLOCK_SIZE+1
.last:
.last:
dec ecx
sub ecx, 8
xor eax, eax
@ -275,7 +272,7 @@ proc sha1._.postprocess _ctx, _hash
mov ecx, 5
mov esi, [_hash]
mov edi, esi
@@:
@@:
lodsd
bswap eax
stosd
@ -288,7 +285,7 @@ endp
proc sha1.oneshot _ctx, _data, _len
stdcall sha1.init, [_ctx]
stdcall sha1.update, [_ctx], [_data], [_len]
stdcall sha1.final, [_ctx]
stdcall sha1.finish, [_ctx]
ret
endp

View File

@ -0,0 +1,436 @@
; libcrash -- cryptographic hash (and other) functions
;
; Copyright (C) <2012-2013,2016,2019,2021> Ivan Baravy
;
; SPDX-License-Identifier: GPL-2.0-or-later
;
; This program is free software: you can redistribute it and/or modify it under
; the terms of the GNU General Public License as published by the Free Software
; Foundation, either version 2 of the License, or (at your option) any later
; version.
;
; This program is distributed in the hope that it will be useful, but WITHOUT
; ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
; FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License along with
; this program. If not, see <http://www.gnu.org/licenses/>.
SHA2_224256_BLOCK_SIZE = 64
SHA2_224_BLOCK_SIZE = SHA2_224256_BLOCK_SIZE
SHA2_256_BLOCK_SIZE = SHA2_224256_BLOCK_SIZE
SHA2_224256_INIT_SIZE = 32
SHA2_224256_ALIGN = 4
SHA2_224256_ALIGN_MASK = SHA2_224256_ALIGN - 1
struct ctx_sha2_224256
hash rb SHA2_224256_INIT_SIZE
block rb SHA2_224256_BLOCK_SIZE
index rd 1
msglen_0 rd 1
msglen_1 rd 1
ends
assert sizeof.ctx_sha2_224256 <= LIBCRASH_CTX_LEN
macro sha2_224256._.chn x, y, z
{
mov eax, [y]
xor eax, [z]
and eax, [x]
xor eax, [z]
}
macro sha2_224256._.maj x, y, z
{
mov eax, [x]
xor eax, [y]
and eax, [z]
mov ecx, [x]
and ecx, [y]
xor eax, ecx
}
macro sha2_224256._.Sigma0 x
{
mov eax, x
mov ecx, eax
ror ecx, 2
ror eax, 13
xor eax, ecx
mov ecx, x
ror ecx, 22
xor eax, ecx
}
macro sha2_224256._.Sigma1 x
{
mov eax, x
mov ecx, eax
ror ecx, 6
ror eax, 11
xor eax, ecx
mov ecx, x
ror ecx, 25
xor eax, ecx
}
macro sha2_224256._.sigma0 x
{
mov eax, x
mov ecx, eax
ror ecx, 7
ror eax, 18
xor eax, ecx
mov ecx, x
shr ecx, 3
xor eax, ecx
}
macro sha2_224256._.sigma1 x
{
mov eax, x
mov ecx, eax
ror ecx, 17
ror eax, 19
xor eax, ecx
mov ecx, x
shr ecx, 10
xor eax, ecx
}
macro sha2_224256._.recalculate_w n
{
mov edx, [w + ((n-2) and 15)*4]
sha2_224256._.sigma1 edx
add eax, [w + ((n-7) and 15)*4]
push eax
mov edx, [w + ((n-15) and 15)*4]
sha2_224256._.sigma0 edx
pop ecx
add eax, ecx
add [w + (n)*4], eax
}
macro sha2_224256._.round a, b, c, d, e, f, g, h, k
{
mov ebx, [h]
mov edx, [e]
sha2_224256._.Sigma1 edx
add ebx, eax
sha2_224256._.chn e, f, g
add ebx, eax
add ebx, [k]
add ebx, edi
add [d], ebx
mov edx, [a]
sha2_224256._.Sigma0 edx
add ebx, eax
sha2_224256._.maj a, b, c
add eax, ebx
mov [h], eax
}
macro sha2_224256._.round_1_16 a, b, c, d, e, f, g, h, n
{
mov eax, [esi + (n)*4]
bswap eax
mov dword[w + (n)*4], eax
mov edi, eax
sha2_224256._.round a, b, c, d, e, f, g, h, (sha2_256_table + (n)*4)
}
macro sha2_224256._.round_17_64 a, b, c, d, e, f, g, h, n, rep_num
{
sha2_224256._.recalculate_w n
mov edi, [w + (n)*4]
sha2_224256._.round a, b, c, d, e, f, g, h, (sha2_256_table + (n+16*rep_num)*4)
}
proc sha2_224.init uses ebx esi edi, _ctx
mov ebx, [_ctx]
lea edi, [ebx + ctx_sha2_224256.hash]
mov esi, sha2_224._.hash_init
mov ecx, SHA2_224256_INIT_SIZE/4
rep movsd
xor eax, eax
mov [ebx + ctx_sha2_224256.index], eax
mov [ebx + ctx_sha2_224256.msglen_0], eax
mov [ebx + ctx_sha2_224256.msglen_1], eax
ret
endp
proc sha2_256.init uses ebx esi edi, _ctx
mov ebx, [_ctx]
lea edi, [ebx + ctx_sha2_224256.hash]
mov esi, sha2_256._.hash_init
mov ecx, SHA2_224256_INIT_SIZE/4
rep movsd
xor eax, eax
mov [ebx + ctx_sha2_224256.index], eax
mov [ebx + ctx_sha2_224256.msglen_0], eax
mov [ebx + ctx_sha2_224256.msglen_1], eax
ret
endp
proc sha2_224256._.block _hash
locals
w rd 64
A rd 1
B rd 1
C rd 1
D rd 1
E rd 1
F rd 1
G rd 1
H rd 1
endl
mov edi, [_hash]
mov eax, [edi + 0x00]
mov [A], eax
mov eax, [edi + 0x04]
mov [B], eax
mov eax, [edi + 0x08]
mov [C], eax
mov eax, [edi + 0x0c]
mov [D], eax
mov eax, [edi + 0x10]
mov [E], eax
mov eax, [edi + 0x14]
mov [F], eax
mov eax, [edi + 0x18]
mov [G], eax
mov eax, [edi + 0x1c]
mov [H], eax
sha2_224256._.round_1_16 A, B, C, D, E, F, G, H, 0
sha2_224256._.round_1_16 H, A, B, C, D, E, F, G, 1
sha2_224256._.round_1_16 G, H, A, B, C, D, E, F, 2
sha2_224256._.round_1_16 F, G, H, A, B, C, D, E, 3
sha2_224256._.round_1_16 E, F, G, H, A, B, C, D, 4
sha2_224256._.round_1_16 D, E, F, G, H, A, B, C, 5
sha2_224256._.round_1_16 C, D, E, F, G, H, A, B, 6
sha2_224256._.round_1_16 B, C, D, E, F, G, H, A, 7
sha2_224256._.round_1_16 A, B, C, D, E, F, G, H, 8
sha2_224256._.round_1_16 H, A, B, C, D, E, F, G, 9
sha2_224256._.round_1_16 G, H, A, B, C, D, E, F, 10
sha2_224256._.round_1_16 F, G, H, A, B, C, D, E, 11
sha2_224256._.round_1_16 E, F, G, H, A, B, C, D, 12
sha2_224256._.round_1_16 D, E, F, G, H, A, B, C, 13
sha2_224256._.round_1_16 C, D, E, F, G, H, A, B, 14
sha2_224256._.round_1_16 B, C, D, E, F, G, H, A, 15
repeat 3
sha2_224256._.round_17_64 A, B, C, D, E, F, G, H, 0, %
sha2_224256._.round_17_64 H, A, B, C, D, E, F, G, 1, %
sha2_224256._.round_17_64 G, H, A, B, C, D, E, F, 2, %
sha2_224256._.round_17_64 F, G, H, A, B, C, D, E, 3, %
sha2_224256._.round_17_64 E, F, G, H, A, B, C, D, 4, %
sha2_224256._.round_17_64 D, E, F, G, H, A, B, C, 5, %
sha2_224256._.round_17_64 C, D, E, F, G, H, A, B, 6, %
sha2_224256._.round_17_64 B, C, D, E, F, G, H, A, 7, %
sha2_224256._.round_17_64 A, B, C, D, E, F, G, H, 8, %
sha2_224256._.round_17_64 H, A, B, C, D, E, F, G, 9, %
sha2_224256._.round_17_64 G, H, A, B, C, D, E, F, 10, %
sha2_224256._.round_17_64 F, G, H, A, B, C, D, E, 11, %
sha2_224256._.round_17_64 E, F, G, H, A, B, C, D, 12, %
sha2_224256._.round_17_64 D, E, F, G, H, A, B, C, 13, %
sha2_224256._.round_17_64 C, D, E, F, G, H, A, B, 14, %
sha2_224256._.round_17_64 B, C, D, E, F, G, H, A, 15, %
end repeat
mov edi, [_hash]
mov eax, [A]
add [edi + 0x00], eax
mov eax, [B]
add [edi + 0x04], eax
mov eax, [C]
add [edi + 0x08], eax
mov eax, [D]
add [edi + 0x0c], eax
mov eax, [E]
add [edi + 0x10], eax
mov eax, [F]
add [edi + 0x14], eax
mov eax, [G]
add [edi + 0x18], eax
mov eax, [H]
add [edi + 0x1c], eax
ret
endp
sha2_224.update = sha2_224256.update
sha2_256.update = sha2_224256.update
proc sha2_224256.update uses ebx esi edi, _ctx, _msg, _size
mov ebx, [_ctx]
mov ecx, [_size]
add [ebx + ctx_sha2_224256.msglen_0], ecx
adc [ebx + ctx_sha2_224256.msglen_1], 0
.next_block:
mov ebx, [_ctx]
mov esi, [_msg]
mov eax, [ebx + ctx_sha2_224256.index]
and eax, SHA2_224256_BLOCK_SIZE-1
jnz .copy_to_buf
test esi, SHA2_224256_ALIGN_MASK
jnz .copy_to_buf
.no_copy:
; data is aligned, hash it in place without copying
mov ebx, [_ctx]
cmp [_size], SHA2_224256_BLOCK_SIZE
jb .copy_quit
lea eax, [ebx + ctx_sha2_224256.hash]
stdcall sha2_224256._.block, eax
sub [_size], SHA2_224256_BLOCK_SIZE
add esi, SHA2_224256_BLOCK_SIZE ; FIXME
jmp .no_copy
.copy_to_buf:
lea edi, [ebx + ctx_sha2_224256.block]
add edi, eax
mov ecx, SHA2_224256_BLOCK_SIZE
sub ecx, eax
cmp [_size], ecx
jb .copy_quit
sub [_size], ecx
add [_msg], ecx
add [ebx + ctx_sha2_224256.index], ecx
rep movsb
lea eax, [ebx + ctx_sha2_224256.hash]
lea esi, [ebx + ctx_sha2_224256.block]
stdcall sha2_224256._.block, eax
jmp .next_block
.copy_quit:
mov ebx, [_ctx]
lea edi, [ebx + ctx_sha2_224256.block]
mov eax, [ebx + ctx_sha2_224256.index]
and eax, SHA2_224256_BLOCK_SIZE-1
add edi, eax
mov ecx, [_size]
add [ebx + ctx_sha2_224256.index], ecx
rep movsb
.quit:
ret
endp
sha2_224.finish = sha2_224256.finish
sha2_256.finish = sha2_224256.finish
proc sha2_224256.finish uses ebx esi edi, _ctx
mov ebx, [_ctx]
lea edi, [ebx + ctx_sha2_224256.block]
mov ecx, [ebx + ctx_sha2_224256.msglen_0]
and ecx, SHA2_224256_BLOCK_SIZE-1
add edi, ecx
mov byte[edi], 0x80
inc edi
neg ecx
add ecx, SHA2_224256_BLOCK_SIZE
cmp ecx, 8
ja .last
dec ecx
xor eax, eax
rep stosb
lea esi, [ebx + ctx_sha2_224256.block]
lea eax, [ebx + ctx_sha2_224256.hash]
stdcall sha2_224256._.block, eax
mov ebx, [_ctx]
lea edi, [ebx + ctx_sha2_224256.block]
mov ecx, SHA2_224256_BLOCK_SIZE+1
.last:
dec ecx
sub ecx, 8
xor eax, eax
rep stosb
mov eax, [ebx + ctx_sha2_224256.msglen_0]
mov edx, [ebx + ctx_sha2_224256.msglen_1]
shld edx, eax, 3
shl eax, 3
bswap eax
bswap edx
mov dword[edi], edx
mov dword[edi+4], eax
lea esi, [ebx + ctx_sha2_224256.block]
lea eax, [ebx + ctx_sha2_224256.hash]
stdcall sha2_224256._.block, eax
mov ebx, [_ctx]
lea eax, [ebx + ctx_sha2_224256.hash]
stdcall sha2_224256._.postprocess, ebx, eax
ret
endp
proc sha2_224256._.postprocess _ctx, _hash
mov ecx, 8
mov esi, [_hash]
mov edi, esi
@@:
lodsd
bswap eax
stosd
dec ecx
jnz @b
ret
endp
proc sha2_224.oneshot _ctx, _data, _len
stdcall sha2_224.init, [_ctx]
stdcall sha2_224.update, [_ctx], [_data], [_len]
stdcall sha2_224.finish, [_ctx]
ret
endp
proc sha2_256.oneshot _ctx, _data, _len
stdcall sha2_256.init, [_ctx]
stdcall sha2_256.update, [_ctx], [_data], [_len]
stdcall sha2_256.finish, [_ctx]
ret
endp
iglobal
align SHA2_224256_ALIGN
sha2_224._.hash_init dd 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939,\
0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4
sha2_256._.hash_init dd 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,\
0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
sha2_256_table dd 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,\
0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,\
0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,\
0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,\
0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,\
0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,\
0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,\
0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,\
0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,\
0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,\
0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,\
0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,\
0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,\
0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,\
0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,\
0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
endg

View File

@ -1,34 +1,32 @@
; libcrash -- cryptographic hash functions
; libcrash -- cryptographic hash (and other) functions
;
; Copyright (C) 2012-2013,2016,2019 Ivan Baravy (dunkaist)
; Copyright (C) <2012-2013,2016,2019,2021> Ivan Baravy
;
; This program is free software: you can redistribute it and/or modify
; it under the terms of the GNU General Public License as published by
; the Free Software Foundation, either version 3 of the License, or
; (at your option) any later version.
; SPDX-License-Identifier: GPL-2.0-or-later
;
; This program is distributed in the hope that it will be useful,
; but WITHOUT ANY WARRANTY; without even the implied warranty of
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
; GNU General Public License for more details.
; This program is free software: you can redistribute it and/or modify it under
; the terms of the GNU General Public License as published by the Free Software
; Foundation, either version 2 of the License, or (at your option) any later
; version.
;
; You should have received a copy of the GNU General Public License
; along with this program. If not, see <http://www.gnu.org/licenses/>.
; This program is distributed in the hope that it will be useful, but WITHOUT
; ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
; FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License along with
; this program. If not, see <http://www.gnu.org/licenses/>.
SHA2_384512_BLOCK_SIZE = 128
SHA2_384_BLOCK_SIZE = SHA2_384512_BLOCK_SIZE
SHA2_512_BLOCK_SIZE = SHA2_384512_BLOCK_SIZE
SHA384512_BLOCK_SIZE = 128
SHA384_BLOCK_SIZE = SHA384512_BLOCK_SIZE
SHA512_BLOCK_SIZE = SHA384512_BLOCK_SIZE
SHA384_HASH_SIZE = 48
SHA512_HASH_SIZE = 64
SHA2_384512_INIT_SIZE = 64
SHA2_384512_ALIGN = 16
SHA2_384512_ALIGN_MASK = SHA2_384512_ALIGN - 1
SHA384512_INIT_SIZE = 64
SHA384512_ALIGN = 16
SHA384512_ALIGN_MASK = SHA384512_ALIGN - 1
struct ctx_sha384512
hash rb SHA384512_INIT_SIZE
block rb SHA384512_BLOCK_SIZE
struct ctx_sha2_384512
hash rb SHA2_384512_INIT_SIZE
block rb SHA2_384512_BLOCK_SIZE
index rd 1
msglen_0 rd 1
msglen_1 rd 1
@ -48,11 +46,9 @@ struct ctx_sha384512
temp rq 1
ends
if defined sizeof.crash_ctx
assert sizeof.crash_ctx >= sizeof.ctx_sha384512
end if
assert sizeof.ctx_sha2_384512 <= LIBCRASH_CTX_LEN
macro sha384512._.chn x, y, z
macro sha2_384512._.chn x, y, z
{
movq mm0, [y]
pxor mm0, [z]
@ -60,7 +56,7 @@ macro sha384512._.chn x, y, z
pxor mm0, [z]
}
macro sha384512._.maj x, y, z
macro sha2_384512._.maj x, y, z
{
movq mm0, [x]
pxor mm0, [y]
@ -70,7 +66,7 @@ macro sha384512._.maj x, y, z
pxor mm0, mm2
}
macro sha384512._.Sigma0 x
macro sha2_384512._.Sigma0 x
{
movq mm0, x
movq mm2, mm0
@ -91,7 +87,7 @@ macro sha384512._.Sigma0 x
pxor mm0, mm2
}
macro sha384512._.Sigma1 x
macro sha2_384512._.Sigma1 x
{
movq mm0, x
movq mm2, mm0
@ -112,7 +108,7 @@ macro sha384512._.Sigma1 x
pxor mm0, mm2
}
macro sha384512._.sigma0 x
macro sha2_384512._.sigma0 x
{
movq mm0, x
movq mm2, mm0
@ -130,7 +126,7 @@ macro sha384512._.sigma0 x
pxor mm0, mm2
}
macro sha384512._.sigma1 x
macro sha2_384512._.sigma1 x
{
movq mm0, x
movq mm2, mm0
@ -148,14 +144,14 @@ macro sha384512._.sigma1 x
pxor mm0, mm2
}
macro sha384512._.recalculate_w n
macro sha2_384512._.recalculate_w n
{
movq mm3, [w + ((n-2) and 15)*8]
sha384512._.sigma1 mm3
sha2_384512._.sigma1 mm3
paddq mm0, [w + ((n-7) and 15)*8]
movq mm6, mm0
movq mm3, [w + ((n-15) and 15)*8]
sha384512._.sigma0 mm3
sha2_384512._.sigma0 mm3
movq mm2, mm6
paddq mm0, mm2
movq mm7, [w + (n)*8]
@ -163,13 +159,13 @@ macro sha384512._.recalculate_w n
movq [w + (n)*8], mm7
}
macro sha384512._.round a, b, c, d, e, f, g, h, k
macro sha2_384512._.round a, b, c, d, e, f, g, h, k
{
movq mm1, [h]
movq mm3, [e]
sha384512._.Sigma1 mm3
sha2_384512._.Sigma1 mm3
paddq mm1, mm0
sha384512._.chn e, f, g
sha2_384512._.chn e, f, g
paddq mm1, mm0
paddq mm1, [k]
paddq mm1, mm5
@ -177,15 +173,15 @@ macro sha384512._.round a, b, c, d, e, f, g, h, k
paddq mm7, mm1
movq [d], mm7
movq mm3, [a]
sha384512._.Sigma0 mm3
sha2_384512._.Sigma0 mm3
paddq mm1, mm0
sha384512._.maj a, b, c
sha2_384512._.maj a, b, c
paddq mm0, mm1
movq [h], mm0
}
macro sha384512._.round_1_16 a, b, c, d, e, f, g, h, n
macro sha2_384512._.round_1_16 a, b, c, d, e, f, g, h, n
{
movq mm0, [esi + (n)*8]
@ -201,50 +197,50 @@ macro sha384512._.round_1_16 a, b, c, d, e, f, g, h, n
movq mm0, [temp]
movq [w + (n)*8], mm0
movq mm5, mm0
sha384512._.round a, b, c, d, e, f, g, h, (sha384512._.table + (n)*8)
sha2_384512._.round a, b, c, d, e, f, g, h, (sha2_384512._.table + (n)*8)
}
macro sha384512._.round_17_64 a, b, c, d, e, f, g, h, n, rep_num
macro sha2_384512._.round_17_64 a, b, c, d, e, f, g, h, n, rep_num
{
sha384512._.recalculate_w n
sha2_384512._.recalculate_w n
movq mm5, [w + (n)*8]
sha384512._.round a, b, c, d, e, f, g, h, (sha384512._.table + (n+16*rep_num)*8)
sha2_384512._.round a, b, c, d, e, f, g, h, (sha2_384512._.table + (n+16*rep_num)*8)
}
proc sha384.init _ctx
proc sha2_384.init uses ebx esi edi, _ctx
mov ebx, [_ctx]
lea edi, [ebx + ctx_sha384512.hash]
mov esi, sha384._.hash_init
mov ecx, SHA384512_INIT_SIZE/4
lea edi, [ebx + ctx_sha2_384512.hash]
mov esi, sha2_384._.hash_init
mov ecx, SHA2_384512_INIT_SIZE/4
rep movsd
xor eax, eax
mov [ebx + ctx_sha384512.index], eax
mov [ebx + ctx_sha384512.msglen_0], eax
mov [ebx + ctx_sha384512.msglen_1], eax
mov [ebx + ctx_sha384512.msglen_2], eax
mov [ebx + ctx_sha384512.msglen_3], eax
mov [ebx + ctx_sha2_384512.index], eax
mov [ebx + ctx_sha2_384512.msglen_0], eax
mov [ebx + ctx_sha2_384512.msglen_1], eax
mov [ebx + ctx_sha2_384512.msglen_2], eax
mov [ebx + ctx_sha2_384512.msglen_3], eax
ret
endp
proc sha512.init _ctx
proc sha2_512.init uses ebx esi edi, _ctx
mov ebx, [_ctx]
lea edi, [ebx + ctx_sha384512.hash]
mov esi, sha512._.hash_init
mov ecx, SHA384512_INIT_SIZE/4
lea edi, [ebx + ctx_sha2_384512.hash]
mov esi, sha2_512._.hash_init
mov ecx, SHA2_384512_INIT_SIZE/4
rep movsd
xor eax, eax
mov [ebx + ctx_sha384512.index], eax
mov [ebx + ctx_sha384512.msglen_0], eax
mov [ebx + ctx_sha384512.msglen_1], eax
mov [ebx + ctx_sha384512.msglen_2], eax
mov [ebx + ctx_sha384512.msglen_3], eax
mov [ebx + ctx_sha2_384512.index], eax
mov [ebx + ctx_sha2_384512.msglen_0], eax
mov [ebx + ctx_sha2_384512.msglen_1], eax
mov [ebx + ctx_sha2_384512.msglen_2], eax
mov [ebx + ctx_sha2_384512.msglen_3], eax
ret
endp
proc sha384512._.block _hash
proc sha2_384512._.block _hash
;locals
; w rq 80
; A rq 1
@ -257,16 +253,16 @@ proc sha384512._.block _hash
; H rq 1
; temp rq 1
;endl
w equ ebx + ctx_sha384512.w
A equ ebx + ctx_sha384512.A
B equ ebx + ctx_sha384512.B
C equ ebx + ctx_sha384512.C
D equ ebx + ctx_sha384512.D
E equ ebx + ctx_sha384512.E
F equ ebx + ctx_sha384512.F
G equ ebx + ctx_sha384512.G
H equ ebx + ctx_sha384512.H
temp equ ebx + ctx_sha384512.temp
w equ ebx + ctx_sha2_384512.w
A equ ebx + ctx_sha2_384512.A
B equ ebx + ctx_sha2_384512.B
C equ ebx + ctx_sha2_384512.C
D equ ebx + ctx_sha2_384512.D
E equ ebx + ctx_sha2_384512.E
F equ ebx + ctx_sha2_384512.F
G equ ebx + ctx_sha2_384512.G
H equ ebx + ctx_sha2_384512.H
temp equ ebx + ctx_sha2_384512.temp
mov edi, [_hash]
movq mm0, [edi + 0x00]
@ -287,40 +283,40 @@ temp equ ebx + ctx_sha384512.temp
movq [H], mm0
sha384512._.round_1_16 A, B, C, D, E, F, G, H, 0
sha384512._.round_1_16 H, A, B, C, D, E, F, G, 1
sha384512._.round_1_16 G, H, A, B, C, D, E, F, 2
sha384512._.round_1_16 F, G, H, A, B, C, D, E, 3
sha384512._.round_1_16 E, F, G, H, A, B, C, D, 4
sha384512._.round_1_16 D, E, F, G, H, A, B, C, 5
sha384512._.round_1_16 C, D, E, F, G, H, A, B, 6
sha384512._.round_1_16 B, C, D, E, F, G, H, A, 7
sha384512._.round_1_16 A, B, C, D, E, F, G, H, 8
sha384512._.round_1_16 H, A, B, C, D, E, F, G, 9
sha384512._.round_1_16 G, H, A, B, C, D, E, F, 10
sha384512._.round_1_16 F, G, H, A, B, C, D, E, 11
sha384512._.round_1_16 E, F, G, H, A, B, C, D, 12
sha384512._.round_1_16 D, E, F, G, H, A, B, C, 13
sha384512._.round_1_16 C, D, E, F, G, H, A, B, 14
sha384512._.round_1_16 B, C, D, E, F, G, H, A, 15
sha2_384512._.round_1_16 A, B, C, D, E, F, G, H, 0
sha2_384512._.round_1_16 H, A, B, C, D, E, F, G, 1
sha2_384512._.round_1_16 G, H, A, B, C, D, E, F, 2
sha2_384512._.round_1_16 F, G, H, A, B, C, D, E, 3
sha2_384512._.round_1_16 E, F, G, H, A, B, C, D, 4
sha2_384512._.round_1_16 D, E, F, G, H, A, B, C, 5
sha2_384512._.round_1_16 C, D, E, F, G, H, A, B, 6
sha2_384512._.round_1_16 B, C, D, E, F, G, H, A, 7
sha2_384512._.round_1_16 A, B, C, D, E, F, G, H, 8
sha2_384512._.round_1_16 H, A, B, C, D, E, F, G, 9
sha2_384512._.round_1_16 G, H, A, B, C, D, E, F, 10
sha2_384512._.round_1_16 F, G, H, A, B, C, D, E, 11
sha2_384512._.round_1_16 E, F, G, H, A, B, C, D, 12
sha2_384512._.round_1_16 D, E, F, G, H, A, B, C, 13
sha2_384512._.round_1_16 C, D, E, F, G, H, A, B, 14
sha2_384512._.round_1_16 B, C, D, E, F, G, H, A, 15
repeat 4
sha384512._.round_17_64 A, B, C, D, E, F, G, H, 0, %
sha384512._.round_17_64 H, A, B, C, D, E, F, G, 1, %
sha384512._.round_17_64 G, H, A, B, C, D, E, F, 2, %
sha384512._.round_17_64 F, G, H, A, B, C, D, E, 3, %
sha384512._.round_17_64 E, F, G, H, A, B, C, D, 4, %
sha384512._.round_17_64 D, E, F, G, H, A, B, C, 5, %
sha384512._.round_17_64 C, D, E, F, G, H, A, B, 6, %
sha384512._.round_17_64 B, C, D, E, F, G, H, A, 7, %
sha384512._.round_17_64 A, B, C, D, E, F, G, H, 8, %
sha384512._.round_17_64 H, A, B, C, D, E, F, G, 9, %
sha384512._.round_17_64 G, H, A, B, C, D, E, F, 10, %
sha384512._.round_17_64 F, G, H, A, B, C, D, E, 11, %
sha384512._.round_17_64 E, F, G, H, A, B, C, D, 12, %
sha384512._.round_17_64 D, E, F, G, H, A, B, C, 13, %
sha384512._.round_17_64 C, D, E, F, G, H, A, B, 14, %
sha384512._.round_17_64 B, C, D, E, F, G, H, A, 15, %
sha2_384512._.round_17_64 A, B, C, D, E, F, G, H, 0, %
sha2_384512._.round_17_64 H, A, B, C, D, E, F, G, 1, %
sha2_384512._.round_17_64 G, H, A, B, C, D, E, F, 2, %
sha2_384512._.round_17_64 F, G, H, A, B, C, D, E, 3, %
sha2_384512._.round_17_64 E, F, G, H, A, B, C, D, 4, %
sha2_384512._.round_17_64 D, E, F, G, H, A, B, C, 5, %
sha2_384512._.round_17_64 C, D, E, F, G, H, A, B, 6, %
sha2_384512._.round_17_64 B, C, D, E, F, G, H, A, 7, %
sha2_384512._.round_17_64 A, B, C, D, E, F, G, H, 8, %
sha2_384512._.round_17_64 H, A, B, C, D, E, F, G, 9, %
sha2_384512._.round_17_64 G, H, A, B, C, D, E, F, 10, %
sha2_384512._.round_17_64 F, G, H, A, B, C, D, E, 11, %
sha2_384512._.round_17_64 E, F, G, H, A, B, C, D, 12, %
sha2_384512._.round_17_64 D, E, F, G, H, A, B, C, 13, %
sha2_384512._.round_17_64 C, D, E, F, G, H, A, B, 14, %
sha2_384512._.round_17_64 B, C, D, E, F, G, H, A, 15, %
end repeat
@ -355,131 +351,131 @@ restore w,A,B,C,D,E,F,G,H,temp
endp
sha384.update = sha384512.update
sha512.update = sha384512.update
proc sha384512.update _ctx, _msg, _size
sha2_384.update = sha2_384512.update
sha2_512.update = sha2_384512.update
proc sha2_384512.update uses ebx esi edi, _ctx, _msg, _size
mov ebx, [_ctx]
mov ecx, [_size]
add [ebx + ctx_sha384512.msglen_0], ecx
adc [ebx + ctx_sha384512.msglen_1], 0
adc [ebx + ctx_sha384512.msglen_2], 0
adc [ebx + ctx_sha384512.msglen_3], 0
add [ebx + ctx_sha2_384512.msglen_0], ecx
adc [ebx + ctx_sha2_384512.msglen_1], 0
adc [ebx + ctx_sha2_384512.msglen_2], 0
adc [ebx + ctx_sha2_384512.msglen_3], 0
.next_block:
.next_block:
mov ebx, [_ctx]
mov esi, [_msg]
mov eax, [ebx + ctx_sha384512.index]
and eax, SHA384512_BLOCK_SIZE-1
mov eax, [ebx + ctx_sha2_384512.index]
and eax, SHA2_384512_BLOCK_SIZE-1
jnz .copy_to_buf
test esi, SHA384512_ALIGN_MASK
test esi, SHA2_384512_ALIGN_MASK
jnz .copy_to_buf
.no_copy:
.no_copy:
; data is aligned, hash it in place without copying
mov ebx, [_ctx]
cmp [_size], SHA384512_BLOCK_SIZE
cmp [_size], SHA2_384512_BLOCK_SIZE
jb .copy_quit
lea eax, [ebx + ctx_sha384512.hash]
stdcall sha384512._.block, eax
sub [_size], SHA384512_BLOCK_SIZE
add esi, SHA384512_BLOCK_SIZE ; FIXME
lea eax, [ebx + ctx_sha2_384512.hash]
stdcall sha2_384512._.block, eax
sub [_size], SHA2_384512_BLOCK_SIZE
add esi, SHA2_384512_BLOCK_SIZE ; FIXME
jmp .no_copy
.copy_to_buf:
lea edi, [ebx + ctx_sha384512.block]
.copy_to_buf:
lea edi, [ebx + ctx_sha2_384512.block]
add edi, eax
mov ecx, SHA384512_BLOCK_SIZE
mov ecx, SHA2_384512_BLOCK_SIZE
sub ecx, eax
cmp [_size], ecx
jb .copy_quit
sub [_size], ecx
add [_msg], ecx
add [ebx + ctx_sha384512.index], ecx
add [ebx + ctx_sha2_384512.index], ecx
rep movsb
lea eax, [ebx + ctx_sha384512.hash]
lea esi, [ebx + ctx_sha384512.block]
stdcall sha384512._.block, eax
lea eax, [ebx + ctx_sha2_384512.hash]
lea esi, [ebx + ctx_sha2_384512.block]
stdcall sha2_384512._.block, eax
jmp .next_block
.copy_quit:
.copy_quit:
mov ebx, [_ctx]
lea edi, [ebx + ctx_sha384512.block]
mov eax, [ebx + ctx_sha384512.index]
and eax, SHA384512_BLOCK_SIZE-1
lea edi, [ebx + ctx_sha2_384512.block]
mov eax, [ebx + ctx_sha2_384512.index]
and eax, SHA2_384512_BLOCK_SIZE-1
add edi, eax
mov ecx, [_size]
add [ebx + ctx_sha384512.index], ecx
add [ebx + ctx_sha2_384512.index], ecx
rep movsb
.quit:
.quit:
ret
endp
sha384.final = sha384512.final
sha512.final = sha384512.final
proc sha384512.final _ctx
sha2_384.finish = sha2_384512.finish
sha2_512.finish = sha2_384512.finish
proc sha2_384512.finish uses ebx esi edi, _ctx
mov ebx, [_ctx]
lea edi, [ebx + ctx_sha384512.block]
mov ecx, [ebx + ctx_sha384512.msglen_0]
and ecx, SHA384512_BLOCK_SIZE-1
lea edi, [ebx + ctx_sha2_384512.block]
mov ecx, [ebx + ctx_sha2_384512.msglen_0]
and ecx, SHA2_384512_BLOCK_SIZE-1
add edi, ecx
mov byte[edi], 0x80
inc edi
neg ecx
add ecx, SHA384512_BLOCK_SIZE
add ecx, SHA2_384512_BLOCK_SIZE
cmp ecx, 16
ja .last
dec ecx
xor eax, eax
rep stosb
lea esi, [ebx + ctx_sha384512.block]
lea eax, [ebx + ctx_sha384512.hash]
stdcall sha384512._.block, eax
lea esi, [ebx + ctx_sha2_384512.block]
lea eax, [ebx + ctx_sha2_384512.hash]
stdcall sha2_384512._.block, eax
mov ebx, [_ctx]
lea edi, [ebx + ctx_sha384512.block]
mov ecx, SHA384512_BLOCK_SIZE+1
.last:
lea edi, [ebx + ctx_sha2_384512.block]
mov ecx, SHA2_384512_BLOCK_SIZE+1
.last:
dec ecx
sub ecx, 16
xor eax, eax
rep stosb
mov eax, [ebx + ctx_sha384512.msglen_1]
shld [ebx + ctx_sha384512.msglen_0], eax, 3
mov eax, [ebx + ctx_sha384512.msglen_2]
shld [ebx + ctx_sha384512.msglen_1], eax, 3
mov eax, [ebx + ctx_sha384512.msglen_3]
shld [ebx + ctx_sha384512.msglen_2], eax, 3
mov eax, [ebx + ctx_sha2_384512.msglen_1]
shld [ebx + ctx_sha2_384512.msglen_0], eax, 3
mov eax, [ebx + ctx_sha2_384512.msglen_2]
shld [ebx + ctx_sha2_384512.msglen_1], eax, 3
mov eax, [ebx + ctx_sha2_384512.msglen_3]
shld [ebx + ctx_sha2_384512.msglen_2], eax, 3
shl eax, 3
bswap eax
mov dword[edi + 0], eax
mov eax, [ebx + ctx_sha384512.msglen_2]
mov eax, [ebx + ctx_sha2_384512.msglen_2]
bswap eax
mov dword[edi + 4], eax
mov eax, [ebx + ctx_sha384512.msglen_1]
mov eax, [ebx + ctx_sha2_384512.msglen_1]
bswap eax
mov dword[edi + 8], eax
mov eax, [ebx + ctx_sha384512.msglen_0]
mov eax, [ebx + ctx_sha2_384512.msglen_0]
bswap eax
mov dword[edi + 12], eax
mov ebx, [_ctx]
lea esi, [ebx + ctx_sha384512.block]
lea eax, [ebx + ctx_sha384512.hash]
stdcall sha384512._.block, eax
lea esi, [ebx + ctx_sha2_384512.block]
lea eax, [ebx + ctx_sha2_384512.hash]
stdcall sha2_384512._.block, eax
mov ebx, [_ctx]
lea eax, [ebx + ctx_sha384512.hash]
stdcall sha384512._.postprocess, ebx, eax
lea eax, [ebx + ctx_sha2_384512.hash]
stdcall sha2_384512._.postprocess, ebx, eax
ret
endp
proc sha384512._.postprocess _ctx, _hash
proc sha2_384512._.postprocess _ctx, _hash
mov ecx, 8
mov esi, [_hash]
mov edi, esi
@@:
@@:
lodsd
mov ebx, eax
lodsd
@ -495,35 +491,35 @@ proc sha384512._.postprocess _ctx, _hash
endp
proc sha384.oneshot _ctx, _data, _len
stdcall sha384.init, [_ctx]
stdcall sha384.update, [_ctx], [_data], [_len]
stdcall sha384.final, [_ctx]
proc sha2_384.oneshot _ctx, _data, _len
stdcall sha2_384.init, [_ctx]
stdcall sha2_384.update, [_ctx], [_data], [_len]
stdcall sha2_384.finish, [_ctx]
ret
endp
proc sha512.oneshot _ctx, _data, _len
stdcall sha512.init, [_ctx]
stdcall sha512.update, [_ctx], [_data], [_len]
stdcall sha512.final, [_ctx]
proc sha2_512.oneshot _ctx, _data, _len
stdcall sha2_512.init, [_ctx]
stdcall sha2_512.update, [_ctx], [_data], [_len]
stdcall sha2_512.finish, [_ctx]
ret
endp
iglobal
align SHA384512_ALIGN
sha384._.hash_init dq 0xcbbb9d5dc1059ed8, 0x629a292a367cd507,\
align SHA2_384512_ALIGN
sha2_384._.hash_init dq 0xcbbb9d5dc1059ed8, 0x629a292a367cd507,\
0x9159015a3070dd17, 0x152fecd8f70e5939,\
0x67332667ffc00b31, 0x8eb44a8768581511,\
0xdb0c2e0d64f98fa7, 0x47b5481dbefa4fa4
sha512._.hash_init dq 0x6a09e667f3bcc908, 0xbb67ae8584caa73b,\
sha2_512._.hash_init dq 0x6a09e667f3bcc908, 0xbb67ae8584caa73b,\
0x3c6ef372fe94f82b, 0xa54ff53a5f1d36f1,\
0x510e527fade682d1, 0x9b05688c2b3e6c1f,\
0x1f83d9abfb41bd6b, 0x5be0cd19137e2179
sha384512._.table dq 0x428a2f98d728ae22, 0x7137449123ef65cd,\
sha2_384512._.table dq 0x428a2f98d728ae22, 0x7137449123ef65cd,\
0xb5c0fbcfec4d3b2f, 0xe9b5dba58189dbbc,\
0x3956c25bf348b538, 0x59f111f1b605d019,\
0x923f82a4af194f9b, 0xab1c5ed5da6d8118,\

View File

@ -1,31 +1,26 @@
; libcrash -- cryptographic hash functions
; libcrash -- cryptographic hash (and other) functions
;
; Copyright (C) 2013,2016,2019 Ivan Baravy (dunkaist)
; Copyright (C) <2013,2016,2019,2021> Ivan Baravy
;
; This program is free software: you can redistribute it and/or modify
; it under the terms of the GNU General Public License as published by
; the Free Software Foundation, either version 3 of the License, or
; (at your option) any later version.
; SPDX-License-Identifier: GPL-2.0-or-later
;
; This program is distributed in the hope that it will be useful,
; but WITHOUT ANY WARRANTY; without even the implied warranty of
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
; GNU General Public License for more details.
; This program is free software: you can redistribute it and/or modify it under
; the terms of the GNU General Public License as published by the Free Software
; Foundation, either version 2 of the License, or (at your option) any later
; version.
;
; You should have received a copy of the GNU General Public License
; along with this program. If not, see <http://www.gnu.org/licenses/>.
SHA3_224_HASH_SIZE = 28
SHA3_256_HASH_SIZE = 32
SHA3_384_HASH_SIZE = 48
SHA3_512_HASH_SIZE = 64
; This program is distributed in the hope that it will be useful, but WITHOUT
; ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
; FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License along with
; this program. If not, see <http://www.gnu.org/licenses/>.
SHA3_224_BLOCK_SIZE = 144
SHA3_256_BLOCK_SIZE = 136
SHA3_384_BLOCK_SIZE = 104
SHA3_512_BLOCK_SIZE = 72
SHA3MAX_BLOCK_SIZE = SHA3_224_BLOCK_SIZE
SHA3_MAX_BLOCK_SIZE = SHA3_224_BLOCK_SIZE
SHA3_INIT_SIZE = 200
SHA3_ALIGN = 16
@ -34,8 +29,8 @@ SHA3_ALIGN_MASK = SHA3_ALIGN-1
struct ctx_sha3
hash rb SHA3_INIT_SIZE
rb SHA3_ALIGN - (SHA3_INIT_SIZE mod SHA3_ALIGN)
block rb SHA3MAX_BLOCK_SIZE
rb SHA3_ALIGN - (SHA3MAX_BLOCK_SIZE mod SHA3_ALIGN)
block rb SHA3_MAX_BLOCK_SIZE
rb SHA3_ALIGN - (SHA3_MAX_BLOCK_SIZE mod SHA3_ALIGN)
index rd 1
block_size rd 1
rounds_cnt rd 1
@ -45,9 +40,7 @@ struct ctx_sha3
D rq 5
ends
if defined sizeof.crash_ctx
assert sizeof.crash_ctx >= sizeof.ctx_sha3
end if
assert sizeof.ctx_sha3 <= LIBCRASH_CTX_LEN
macro sha3._.rol_xor nd, ncl, ncr
{
@ -263,7 +256,7 @@ end repeat
endp
proc sha3._.init _ctx
proc sha3._.init uses edi
mov [ebx + ctx_sha3.block_size], eax
shr eax, 3
dec eax
@ -277,7 +270,7 @@ proc sha3._.init _ctx
endp
proc sha3_224.init _ctx
proc sha3_224.init uses ebx, _ctx
mov ebx, [_ctx]
mov eax, SHA3_224_BLOCK_SIZE
stdcall sha3._.init
@ -285,7 +278,7 @@ proc sha3_224.init _ctx
endp
proc sha3_256.init _ctx
proc sha3_256.init uses ebx, _ctx
mov ebx, [_ctx]
mov eax, SHA3_256_BLOCK_SIZE
stdcall sha3._.init
@ -293,7 +286,7 @@ proc sha3_256.init _ctx
endp
proc sha3_384.init _ctx
proc sha3_384.init uses ebx, _ctx
mov ebx, [_ctx]
mov eax, SHA3_384_BLOCK_SIZE
stdcall sha3._.init
@ -301,7 +294,7 @@ proc sha3_384.init _ctx
endp
proc sha3_512.init _ctx
proc sha3_512.init uses ebx, _ctx
mov ebx, [_ctx]
mov eax, SHA3_512_BLOCK_SIZE
stdcall sha3._.init
@ -330,8 +323,8 @@ sha3_224.update = sha3.update
sha3_256.update = sha3.update
sha3_384.update = sha3.update
sha3_512.update = sha3.update
proc sha3.update _ctx, _msg, _size
.next_block:
proc sha3.update uses ebx esi edi, _ctx, _msg, _size
.next_block:
mov ebx, [_ctx]
mov esi, [_msg]
mov eax, [ebx + ctx_sha3.index]
@ -339,7 +332,7 @@ proc sha3.update _ctx, _msg, _size
jnz .copy_to_buf
test esi, SHA3_ALIGN_MASK
jnz .copy_to_buf
.no_copy:
.no_copy:
; data is aligned, hash it in place without copying
mov ebx, [_ctx]
mov eax, [ebx + ctx_sha3.block_size]
@ -354,7 +347,7 @@ proc sha3.update _ctx, _msg, _size
add esi, [ebx + ctx_sha3.block_size]
jmp .no_copy
.copy_to_buf:
.copy_to_buf:
lea edi, [ebx + ctx_sha3.block]
add edi, eax
mov ecx, [ebx + ctx_sha3.block_size]
@ -375,7 +368,7 @@ proc sha3.update _ctx, _msg, _size
stdcall sha3._.block, eax
jmp .next_block
.copy_quit:
.copy_quit:
mov ebx, [_ctx]
lea edi, [ebx + ctx_sha3.block]
mov eax, [ebx + ctx_sha3.index]
@ -383,33 +376,22 @@ proc sha3.update _ctx, _msg, _size
mov ecx, [_size]
add [ebx + ctx_sha3.index], ecx
rep movsb
.quit:
.quit:
ret
endp
sha3_224.final = sha3.final
sha3_256.final = sha3.final
sha3_384.final = sha3.final
sha3_512.final = sha3.final
proc sha3.final _ctx
pushad
sha3_224.finish = sha3.finish
sha3_256.finish = sha3.finish
sha3_384.finish = sha3.finish
sha3_512.finish = sha3.finish
proc sha3.finish uses ebx esi edi, _ctx
mov ebx, [_ctx]
mov eax, [ebx + ctx_sha3.index]
xor edx, edx
mov ecx, [ebx + ctx_sha3.block_size]
div ecx
sub ecx, edx
ja @f
add ecx, [ebx + ctx_sha3.block_size]
@@:
add [ebx + ctx_sha3.index], ecx
mov eax, [ebx + ctx_sha3.block_size]
cmp [ebx + ctx_sha3.index], eax
jb @f
sub [ebx + ctx_sha3.index], eax
@@:
sub ecx, eax
lea edi, [ebx+ctx_sha3.block]
add edi, eax
mov byte[edi], 0x06
inc edi
dec ecx
@ -425,8 +407,6 @@ proc sha3.final _ctx
mov ebx, [_ctx]
lea eax, [ebx + ctx_sha3.hash]
stdcall sha3._.postprocess, ebx, eax
popad
ret
endp
@ -440,7 +420,7 @@ endp
proc sha3_224.oneshot _ctx, _data, _len
stdcall sha3_224.init, [_ctx]
stdcall sha3.update, [_ctx], [_data], [_len]
stdcall sha3.final, [_ctx]
stdcall sha3.finish, [_ctx]
ret
endp
@ -448,7 +428,7 @@ endp
proc sha3_256.oneshot _ctx, _data, _len
stdcall sha3_256.init, [_ctx]
stdcall sha3.update, [_ctx], [_data], [_len]
stdcall sha3.final, [_ctx]
stdcall sha3.finish, [_ctx]
ret
endp
@ -456,7 +436,7 @@ endp
proc sha3_384.oneshot _ctx, _data, _len
stdcall sha3_384.init, [_ctx]
stdcall sha3.update, [_ctx], [_data], [_len]
stdcall sha3.final, [_ctx]
stdcall sha3.finish, [_ctx]
ret
endp
@ -464,7 +444,7 @@ endp
proc sha3_512.oneshot _ctx, _data, _len
stdcall sha3_512.init, [_ctx]
stdcall sha3.update, [_ctx], [_data], [_len]
stdcall sha3.final, [_ctx]
stdcall sha3.finish, [_ctx]
ret
endp

View File

@ -0,0 +1,468 @@
; libcrash -- cryptographic hash (and other) functions
;
; Copyright (C) <2012-2014,2016,2019,2021> Ivan Baravy
;
; SPDX-License-Identifier: GPL-2.0-or-later
;
; This program is free software: you can redistribute it and/or modify it under
; the terms of the GNU General Public License as published by the Free Software
; Foundation, either version 2 of the License, or (at your option) any later
; version.
;
; This program is distributed in the hope that it will be useful, but WITHOUT
; ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
; FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License along with
; this program. If not, see <http://www.gnu.org/licenses/>.
format MS COFF
public @EXPORT as 'EXPORTS'
include 'proc32.inc'
include 'struct.inc'
include 'macros.inc'
include 'kglobals.inc'
purge section,mov,add,sub
section '.flat' code readable align 16
include 'libcrash.inc'
include 'hash/crc32.asm'
include 'hash/md5.asm'
include 'hash/sha1.asm'
include 'hash/sha2_224_256.asm'
include 'hash/sha2_384_512.asm'
include 'hash/sha3.asm'
include 'mac/poly1305.asm'
include 'mac/hmac.asm'
include 'cipher/chacha20.asm'
include 'cipher/mode/ctr.asm'
include 'cipher/mode/cbc.asm'
include 'cipher/aes.asm'
include 'cipher/aes_ctr.asm'
include 'cipher/aes_cbc.asm'
LIBCRASH_BUF_SIZE = 0x1000
struct hash_item
init dd ?
update dd ?
finish dd ?
oneshot dd ?
ctx_size dd ?
out_size dd ?
ends
struct mac_item
init dd ?
update dd ?
finish dd ?
oneshot dd ?
ctx_size dd ?
out_size dd ?
ends
struct cipher_item ; FIXME merge *_item, why not
init dd ?
update dd ?
finish dd ?
oneshot dd ?
ctx_size dd ?
dd ? ; placeholder for out_size
ends
; Initialize the library.
; This must be the first called function of the library.
; Parameters:
; eax = function pointer to allocate memory:
; stdcall void *alloc(size_t size)
; ebx = function pointer to free memory:
; stdcall void free(void *ptr)
; Return value: none
proc crash.init
mov [mem.alloc], eax
mov [mem.free], ebx
ret
endp
; Hash data read by a callback read function.
; The function calls the read callback until it returns 0, and hashes the read
; data with the specified algorithm. The result is written to the specified
; buffer in binary format.
; Parameters:
; [_id] = ID of a hash function to use.
; [_clbk_read] = function pointer to read data:
; stdcall ssize_t clbk_read(void *user, void *buf, size_t size)
; [_user] = pointer to user-specified data passed to the read callback as is.
; [_out] = buffer pointer where a hash value is to be written to.
; Return value:
; binary hash value in [_out] buffer.
proc crash.hash uses ebx esi edi, _id, _clbk_read, _user, _out
locals
.ctx dd ?
.buf dd ?
endl
; alloc buf
mov eax, [io_buf_size]
add eax, LIBCRASH_MAX_PAD_LEN
stdcall [mem.alloc], eax
test eax, eax
jz .quit
mov [.buf], eax
; alloc ctx
mov eax, [_id]
imul eax, sizeof.hash_item
lea ebx, [crash._.hash_table+eax]
stdcall [mem.alloc], [ebx+hash_item.ctx_size]
test eax, eax
jz .quit_free_buf
mov [.ctx], eax
stdcall [ebx+hash_item.init], [.ctx]
.update:
stdcall [_clbk_read], [_user], [.buf], [io_buf_size]
test eax, eax
jz .finish
stdcall [ebx+hash_item.update], [.ctx], [.buf], eax
jmp .update
.finish:
stdcall [ebx+hash_item.finish], [.ctx]
mov esi, [.ctx]
mov edi, [_out]
mov ecx, [ebx+hash_item.out_size]
rep movsd
.quit_free_buf_ctx:
stdcall [mem.free], [.ctx]
.quit_free_buf:
stdcall [mem.free], [.buf]
.quit:
ret
endp
; Calculate MAC of data read by a callback read function.
; The function calls the read callback until it returns 0, and calculates a MAC
; using a specified algorithm and a key. The result is written to the specified
; buffer.
; Parameters:
; [_id] = ID of a MAC function to use.
; [_key] = key pointer, no NULL terminator is needed
; [_key_len] = length of the [_key] data, in bytes
; [_clbk_read] = function pointer to read data:
; stdcall ssize_t clbk_read(void *user, void *buf, size_t size)
; [_user] = pointer to user-specified data passed to the read callback as is.
; [_out] = buffer pointer where a MAC value is to be written to.
; Return value:
; Binary MAC value in [_out] buffer.
proc crash.mac uses ebx esi edi, _id, _key, _key_len, _clbk_read, _user, _out
locals
.ctx dd ?
.buf dd ?
endl
; alloc buf
mov eax, [io_buf_size]
add eax, LIBCRASH_MAX_PAD_LEN
stdcall [mem.alloc], eax
test eax, eax
jz .quit
mov [.buf], eax
; alloc ctx
mov eax, [_id]
imul eax, sizeof.mac_item
lea ebx, [crash._.mac_table+eax]
stdcall [mem.alloc], [ebx+mac_item.ctx_size]
test eax, eax
jz .quit_free_buf
mov [.ctx], eax
stdcall [ebx+mac_item.init], [.ctx], [_key], [_key_len]
.update:
stdcall [_clbk_read], [_user], [.buf], [io_buf_size]
test eax, eax
jz .finish
stdcall [ebx+mac_item.update], [.ctx], [.buf], eax
jmp .update
.finish:
stdcall [ebx+mac_item.finish], [.ctx]
mov esi, [.ctx]
mov edi, [_out]
mov ecx, [ebx+mac_item.out_size]
rep movsd
.quit_free_buf_ctx:
stdcall [mem.free], [.ctx]
.quit_free_buf:
stdcall [mem.free], [.buf]
.quit:
ret
endp
; Encrypt or decrypt data read by a callback read function.
; The function calls the read callback until it returns 0, and encrypts or
; decrypts the data using a specified algorithm, a key and an input vector.
; The result is passed to the write callback function.
; * The maximum difference in input/output data lengths is LIBCRASH_MAX_PAD_LEN.
; * The input and output buffers can sometimes be the same buffer depending on
; the cipher. If unsure, use different buffers.
; Parameters:
; [_id] = ID of a MAC function to use.
; [_flags] = see LIBCRASH_CIPHER_* in libcrash.inc
; [_key] = key pointer, NULL terminated
; [_iv] = input vector pointer, no NULL terminator is needed
; [_clbk_read] = function pointer to read data:
; stdcall ssize_t clbk_read(void *user, void *buf, size_t size)
; [_user_read] = pointer to user-specified data passed to the read callback.
; [_clbk_write] = function pointer to write data:
; stdcall void clbk_write(void *user, void *buf, size_t size)
; [_user_write] = pointer to user-specified data passed to the write callback.
; Return value: none
proc crash.crypt uses ebx esi edi, _id, _flags, _key, _iv, _clbk_read, \
_user_read, _clbk_write, _user_write
locals
.ctx dd ?
.buf dd ?
.buf_in dd ?
.buf_out dd ?
endl
; alloc buf
mov eax, [io_buf_size]
mov [.buf_out], eax
shl eax, 1
add eax, LIBCRASH_MAX_PAD_LEN
stdcall [mem.alloc], eax
test eax, eax
jz .quit
mov [.buf], eax
mov [.buf_in], eax
add [.buf_out], eax
; alloc ctx
mov eax, [_id]
imul eax, sizeof.cipher_item
lea ebx, [crash._.cipher_table+eax]
stdcall [mem.alloc], [ebx+cipher_item.ctx_size]
test eax, eax
jz .quit_free_buf
mov [.ctx], eax
stdcall [ebx+cipher_item.init], [.ctx], [_key], [_iv], [_flags]
.update:
stdcall [_clbk_read], [_user_read], [.buf_in], [io_buf_size]
test eax, eax
jz .finish
stdcall [ebx+cipher_item.update], [.ctx], [.buf_in], eax, [.buf_out]
stdcall [_clbk_write], [_user_write], [.buf_out], eax
jmp .update
.finish:
stdcall [ebx+cipher_item.finish], [.ctx], [.buf_out]
stdcall [_clbk_write], [_user_write], [.buf_out], eax
.quit_free_buf_ctx:
stdcall [mem.free], [.ctx]
.quit_free_buf:
stdcall [mem.free], [.buf]
.quit:
ret
endp
; These crash.*_oneshot functions below are wrappers to <hash_name>.oneshot,
; <mac_name>.oneshot and <cipher_name>.oneshot functions. The functions pop
; [_id] argument from the stack and jump to the oneshot function of the
; corresponding algorithm with all the other arguments in place.
; You can also call <hash_name/mac_name/cipher_name>.oneshot functions directly.
; Hash data in a buffer.
; The function hashes data in the specified buffer with the specified algorithm.
; The result is written to the very beginning of the specified context buffer in
; binary format.
; Parameters:
; [_id] = ID of a hash function to use.
; [_ctx] = buffer pointer for internal use, LIBCRASH_CTX_LEN bytes is enough.
; [_in] = pointer to input data
; [_len] = length of input data
; Return value:
; binary hash value in [_ctx] buffer.
crash.hash_oneshot: ; _id, _ctx, _in, _len
pop eax
xchg eax, [esp]
imul eax, sizeof.hash_item
lea eax, [crash._.hash_table+eax]
jmp [eax+hash_item.oneshot]
; Calculate MAC of data in the buffer.
; The function calculates a MAC of data in the specified buffer with the
; specified algorithm and key. The result is written to the very beginning of
; the specified context buffer in binary format.
; Parameters:
; [_id] = ID of a hash function to use.
; [_ctx] = buffer pointer for internal use, LIBCRASH_CTX_LEN bytes is enough.
; [_in] = pointer to input data
; [_len] = length of input data
; [_key] = key pointer, no NULL terminator is needed
; [_key_len] = length of the [_key] data, in bytes
; Return value:
; binary MAC value in [_ctx] buffer.
crash.mac_oneshot: ; _id, _ctx, _in, _len, _key, _key_len
pop eax
xchg eax, [esp]
imul eax, sizeof.mac_item
lea eax, [crash._.mac_table+eax]
jmp [eax+mac_item.oneshot]
; Encrypt or decrypt data in buffer.
; The function encrypts or decrypts data in the specified buffer using a
; specified algorithm, a key and an input vector. The result is written to
; another specified buffer.
; * The input and output buffers can sometimes be the same buffer depending on
; the cipher. If unsure, use different buffers.
; * The maximum difference in input/output data lengths is LIBCRASH_MAX_PAD_LEN.
; Parameters:
; [_id] = ID of a MAC function to use.
; [_ctx] = buffer pointer for internal use, LIBCRASH_CTX_LEN bytes is enough.
; [_key] = key pointer, NULL terminated
; [_iv] = input vector pointer, no NULL terminator is needed
; [_flags] = see LIBCRASH_CIPHER_* in libcrash.inc
; [_in] = pointer to input data
; [_len] = length of input data
; [_out] = pointer to output data
; Return value: none
crash.crypt_oneshot: ; _id, _ctx, _key, _iv, _flags, _in, _len, _out
pop eax
xchg eax, [esp]
imul eax, sizeof.cipher_item
lea eax, [crash._.cipher_table+eax]
jmp [eax+cipher_item.oneshot]
section '.data' writeable align 16
mem.alloc dd ?
mem.free dd ?
io_buf_size dd LIBCRASH_BUF_SIZE
; FIXME: IDs shouldn't be indexes, should they?
align 4
crash._.hash_table dd \
crc32.init, crc32.update, crc32.finish, crc32.oneshot, \
sizeof.ctx_crc32, CRC32_LEN/4, \
md5.init, md5.update, md5.finish, md5.oneshot, \
sizeof.ctx_md5, MD5_LEN/4, \
sha1.init, sha1.update, sha1.finish, sha1.oneshot, \
sizeof.ctx_sha1, SHA1_LEN/4, \
sha2_224.init, sha2_224.update, sha2_224.finish, sha2_224.oneshot, \
sizeof.ctx_sha2_224256, SHA2_224_LEN/4, \
sha2_256.init, sha2_256.update, sha2_256.finish, sha2_256.oneshot, \
sizeof.ctx_sha2_224256, SHA2_256_LEN/4, \
sha2_384.init, sha2_384.update, sha2_384.finish, sha2_384.oneshot, \
sizeof.ctx_sha2_384512, SHA2_384_LEN/4, \
sha2_512.init, sha2_512.update, sha2_512.finish, sha2_512.oneshot, \
sizeof.ctx_sha2_384512, SHA2_512_LEN/4, \
sha3_224.init, sha3.update, sha3.finish, sha3_224.oneshot, \
sizeof.ctx_sha3, SHA3_224_LEN/4, \
sha3_256.init, sha3.update, sha3.finish, sha3_256.oneshot, \
sizeof.ctx_sha3, SHA3_256_LEN/4, \
sha3_384.init, sha3.update, sha3.finish, sha3_384.oneshot, \
sizeof.ctx_sha3, SHA3_384_LEN/4, \
sha3_512.init, sha3.update, sha3.finish, sha3_512.oneshot, \
sizeof.ctx_sha3, SHA3_512_LEN/4, \
0
align 4
crash._.mac_table dd \
poly1305.init, poly1305.update, poly1305.finish, \
poly1305.oneshot, sizeof.ctx_poly1305, POLY1305_LEN/4, \
hmac_sha2_256.init, hmac_sha2_256.update, hmac_sha2_256.finish, \
hmac_sha2_256.oneshot, sizeof.ctx_hmac, HMAC_SHA2_256_LEN/4, \
hmac_sha2_512.init, hmac_sha2_512.update, hmac_sha2_512.finish, \
hmac_sha2_512.oneshot, sizeof.ctx_hmac, HMAC_SHA2_512_LEN/4, \
0
align 4
crash._.cipher_table dd \
chacha20.init, chacha20.update, chacha20.finish, chacha20.oneshot, \
sizeof.ctx_chacha20, 0, \
aes256ctr.init, aes256ctr.update, aes256ctr.finish, aes256ctr.oneshot, \
sizeof.ctx_aes_ctr, 0, \
aes256cbc.init, aes256cbc.update, aes256cbc.finish, aes256cbc.oneshot, \
sizeof.ctx_aes_cbc, 0, \
0
IncludeIGlobals
align 4
@EXPORT:
export \
crash.init, "lib_init", \
crash.hash, "crash_hash", \
crash.mac, "crash_mac", \
crash.crypt, "crash_crypt", \
crash.hash_oneshot, "crash_hash_oneshot", \
crash.mac_oneshot, "crash_mac_oneshot", \
crash.crypt_oneshot, "crash_crypt_oneshot", \
\
crc32.init, "crc32_init", \
crc32.update, "crc32_update", \
crc32.finish, "crc32_finish", \
crc32.oneshot, "crc32_oneshot", \
md5.init, "md5_init", \
md5.update, "md5_update", \
md5.finish, "md5_finish", \
md5.oneshot, "md5_oneshot", \
sha1.init, "sha1_init", \
sha1.update, "sha1_update", \
sha1.finish, "sha1_finish", \
sha1.oneshot, "sha1_oneshot", \
sha2_224.init, "sha2_224_init", \
sha2_224.update, "sha2_224_update", \
sha2_224.finish, "sha2_224_finish", \
sha2_224.oneshot, "sha2_224_oneshot", \
sha2_256.init, "sha2_256_init", \
sha2_256.update, "sha2_256_update", \
sha2_256.finish, "sha2_256_finish", \
sha2_256.oneshot, "sha2_256_oneshot", \
sha2_384.init, "sha2_384_init", \
sha2_384.update, "sha2_384_update", \
sha2_384.finish, "sha2_384_finish", \
sha2_384.oneshot, "sha2_384_oneshot", \
sha2_512.init, "sha2_512_init", \
sha2_512.update, "sha2_512_update", \
sha2_512.finish, "sha2_512_finish", \
sha2_512.oneshot, "sha2_512_oneshot", \
sha3_224.init, "sha3_224_init", \
sha3_224.update, "sha3_224_update", \
sha3_224.finish, "sha3_224_finish", \
sha3_224.oneshot, "sha3_224_oneshot", \
sha3_256.init, "sha3_256_init", \
sha3_256.update, "sha3_256_update", \
sha3_256.finish, "sha3_256_finish", \
sha3_256.oneshot, "sha3_256_oneshot", \
sha3_384.init, "sha3_384_init", \
sha3_384.update, "sha3_384_update", \
sha3_384.finish, "sha3_384_finish", \
sha3_384.oneshot, "sha3_384_oneshot", \
sha3_512.init, "sha3_512_init", \
sha3_512.update, "sha3_512_update", \
sha3_512.finish, "sha3_512_finish", \
sha3_512.oneshot, "sha3_512_oneshot", \
\
poly1305.init, "poly1305_init", \
poly1305.update, "poly1305_update", \
poly1305.finish, "poly1305_finish", \
poly1305.oneshot, "poly1305_oneshot", \
hmac_sha2_256.init, "hmac_sha2_256_init", \
hmac_sha2_256.update, "hmac_sha2_256_update", \
hmac_sha2_256.finish, "hmac_sha2_256_finish", \
hmac_sha2_256.oneshot, "hmac_sha2_256_oneshot", \
hmac_sha2_512.init, "hmac_sha2_512_init", \
hmac_sha2_512.update, "hmac_sha2_512_update", \
hmac_sha2_512.finish, "hmac_sha2_512_finish", \
hmac_sha2_512.oneshot, "hmac_sha2_512_oneshot", \
\
chacha20.init, "chacha20_init", \
chacha20.update, "chacha20_update", \
chacha20.finish, "chacha20_finish", \
chacha20.oneshot, "chacha20_oneshot", \
aes256ctr.init, "aes256ctr_init", \
aes256ctr.update, "aes256ctr_update", \
aes256ctr.finish, "aes256ctr_finish", \
aes256ctr.oneshot, "aes256ctr_oneshot", \
aes256cbc.init, "aes256cbc_init", \
aes256cbc.update, "aes256cbc_update", \
aes256cbc.finish, "aes256cbc_finish", \
aes256cbc.oneshot, "aes256cbc_oneshot"

View File

@ -0,0 +1,70 @@
; libcrash -- cryptographic hash (and other) functions
;
; Copyright (C) <2012-2014,2016,2019,2021> Ivan Baravy
;
; SPDX-License-Identifier: GPL-2.0-or-later
;
; This program is free software: you can redistribute it and/or modify it under
; the terms of the GNU General Public License as published by the Free Software
; Foundation, either version 2 of the License, or (at your option) any later
; version.
;
; This program is distributed in the hope that it will be useful, but WITHOUT
; ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
; FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License along with
; this program. If not, see <http://www.gnu.org/licenses/>.
LIBCRASH_ALIGN = 16 ; align your data for speed
; hash IDs
LIBCRASH_CRC32 = 0
LIBCRASH_MD5 = 1
LIBCRASH_SHA1 = 2
LIBCRASH_SHA2_224 = 3
LIBCRASH_SHA2_256 = 4
LIBCRASH_SHA2_384 = 5
LIBCRASH_SHA2_512 = 6
LIBCRASH_SHA3_224 = 7
LIBCRASH_SHA3_256 = 8
LIBCRASH_SHA3_384 = 9
LIBCRASH_SHA3_512 = 10
; mac IDs
LIBCRASH_POLY1305 = 0
LIBCRASH_HMAC_SHA2_256 = 1
LIBCRASH_HMAC_SHA2_512 = 2
; cipher IDs
LIBCRASH_CHACHA20 = 0
LIBCRASH_AES_256_CTR = 1
LIBCRASH_AES_256_CBC = 2
; cipher flags for crash_crypt
LIBCRASH_CIPHER_ENCRYPT = 0000b
LIBCRASH_CIPHER_DECRYPT = 0001b
LIBCRASH_CIPHER_PADDING = 0010b ; PKCS#5
; cipher output can be larger than input, e.g. for CBC mode with padding
CBC128_MAX_PAD_LEN = 128/8
LIBCRASH_MAX_PAD_LEN = CBC128_MAX_PAD_LEN
CRC32_LEN = 4
MD5_LEN = 16
SHA1_LEN = 20
SHA2_224_LEN = 28
SHA2_256_LEN = 32
SHA2_384_LEN = 48
SHA2_512_LEN = 64
SHA3_224_LEN = 28
SHA3_256_LEN = 32
SHA3_384_LEN = 48
SHA3_512_LEN = 64
MAX_HASH_LEN = SHA3_512_LEN
POLY1305_LEN = 16
HMAC_SHA2_256_LEN = SHA2_256_LEN
HMAC_SHA2_512_LEN = SHA2_512_LEN
LIBCRASH_CTX_LEN = 0x500

View File

@ -0,0 +1,161 @@
; libcrash -- cryptographic hash (and other) functions
;
; Copyright (C) <2021> Ivan Baravy
;
; SPDX-License-Identifier: GPL-2.0-or-later
;
; This program is free software: you can redistribute it and/or modify it under
; the terms of the GNU General Public License as published by the Free Software
; Foundation, either version 2 of the License, or (at your option) any later
; version.
;
; This program is distributed in the hope that it will be useful, but WITHOUT
; ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
; FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License along with
; this program. If not, see <http://www.gnu.org/licenses/>.
macro max target, [source] {
common
target = 0
forward
if target < source
target = source
end if
}
max MAX_HMAC_HASH_CTX_SIZE, sizeof.ctx_sha2_224256, sizeof.ctx_sha2_384512
max MAX_HMAC_HASH_BLOCK_SIZE, SHA2_224256_BLOCK_SIZE, SHA2_384512_BLOCK_SIZE
max MAX_HMAC_HASH_LEN, SHA2_256_LEN, SHA2_512_LEN
struct ctx_hmac
ctx_hash rb MAX_HMAC_HASH_CTX_SIZE
key_pad rb MAX_HMAC_HASH_BLOCK_SIZE
mac rd MAX_HMAC_HASH_LEN/4
hash_init dd ?
hash_update dd ?
hash_finish dd ?
hash_oneshot dd ?
block_size dd ?
hash_size dd ?
ends
assert sizeof.ctx_hmac <= LIBCRASH_CTX_LEN
; ebx = _ctx
proc hmac._.init uses ebx esi edi, _key, _key_len
mov ecx, [_key_len]
cmp ecx, [ebx+ctx_hmac.block_size]
mov esi, [_key]
jbe .pad
; hash
lea esi, [ebx+ctx_hmac.ctx_hash]
stdcall [ebx+ctx_hmac.hash_oneshot], esi, [_key], [_key_len]
mov ecx, [ebx+ctx_hmac.hash_size]
.pad:
lea edi, [ebx+ctx_hmac.key_pad]
mov edx, [ebx+ctx_hmac.block_size]
sub edx, ecx
xor eax, eax
rep movsb
mov ecx, edx
rep stosb
; xor with 0x36
mov eax, 0x36363636
lea edx, [ebx+ctx_hmac.key_pad]
mov ecx, [ebx+ctx_hmac.block_size]
shr ecx, 2
@@:
xor [edx], eax
add edx, 4
dec ecx
jnz @b
lea esi, [ebx+ctx_hmac.ctx_hash]
stdcall [ebx+ctx_hmac.hash_init], esi
lea eax, [ebx+ctx_hmac.key_pad]
stdcall [ebx+ctx_hmac.hash_update], esi, eax, [ebx+ctx_hmac.block_size]
; xor with 0x36 xor 0x5c
mov eax, 0x36363636 XOR 0x5c5c5c5c
lea edx, [ebx+ctx_hmac.key_pad]
mov ecx, [ebx+ctx_hmac.block_size]
shr ecx, 2
@@:
xor [edx], eax
add edx, 4
dec ecx
jnz @b
ret
endp
proc hmac_sha2_256.init uses ebx, _ctx, _key, _key_len
mov ebx, [_ctx]
mov [ebx+ctx_hmac.hash_init], sha2_256.init
mov [ebx+ctx_hmac.hash_update], sha2_256.update
mov [ebx+ctx_hmac.hash_finish], sha2_256.finish
mov [ebx+ctx_hmac.hash_oneshot], sha2_256.oneshot
mov [ebx+ctx_hmac.block_size], SHA2_256_BLOCK_SIZE
mov [ebx+ctx_hmac.hash_size], SHA2_256_LEN
stdcall hmac._.init, [_key], [_key_len]
ret
endp
proc hmac_sha2_512.init uses ebx, _ctx, _key, _key_len
mov ebx, [_ctx]
mov [ebx+ctx_hmac.hash_init], sha2_512.init
mov [ebx+ctx_hmac.hash_update], sha2_512.update
mov [ebx+ctx_hmac.hash_finish], sha2_512.finish
mov [ebx+ctx_hmac.hash_oneshot], sha2_512.oneshot
mov [ebx+ctx_hmac.block_size], SHA2_512_BLOCK_SIZE
mov [ebx+ctx_hmac.hash_size], SHA2_512_LEN
stdcall hmac._.init, [_key], [_key_len]
ret
endp
hmac_sha2_256.update = hmac._.update
hmac_sha2_512.update = hmac._.update
proc hmac._.update uses ebx esi edi, _ctx, _in, _len
mov ebx, [_ctx]
lea eax, [ebx+ctx_hmac.ctx_hash]
stdcall [ebx+ctx_hmac.hash_update], eax, [_in], [_len]
.quit:
ret
endp
hmac_sha2_256.finish = hmac._.finish
hmac_sha2_512.finish = hmac._.finish
proc hmac._.finish uses ebx esi edi, _ctx
mov ebx, [_ctx]
lea esi, [ebx+ctx_hmac.ctx_hash]
stdcall [ebx+ctx_hmac.hash_finish], esi
lea edi, [ebx+ctx_hmac.mac]
mov ecx, [ebx+ctx_hmac.hash_size]
rep movsb
lea esi, [ebx+ctx_hmac.ctx_hash]
stdcall [ebx+ctx_hmac.hash_init], esi
lea eax, [ebx+ctx_hmac.key_pad]
stdcall [ebx+ctx_hmac.hash_update], esi, eax, [ebx+ctx_hmac.block_size]
lea eax, [ebx+ctx_hmac.mac]
stdcall [ebx+ctx_hmac.hash_update], esi, eax, [ebx+ctx_hmac.hash_size]
stdcall [ebx+ctx_hmac.hash_finish], esi
ret
endp
proc hmac_sha2_256.oneshot _ctx, _in, _len, _key, _key_len
stdcall hmac_sha2_256.init, [_ctx], [_key], [_key_len]
stdcall hmac_sha2_256.update, [_ctx], [_in], [_len]
stdcall hmac_sha2_256.finish, [_ctx]
ret
endp
proc hmac_sha2_512.oneshot _ctx, _in, _len, _key, _key_len
stdcall hmac_sha2_512.init, [_ctx], [_key], [_key_len]
stdcall hmac_sha2_512.update, [_ctx], [_in], [_len]
stdcall hmac_sha2_512.finish, [_ctx]
ret
endp

View File

@ -0,0 +1,538 @@
; libcrash -- cryptographic hash (and other) functions
;
; Copyright (C) <2021> Ivan Baravy
;
; SPDX-License-Identifier: GPL-2.0-or-later
;
; This program is free software: you can redistribute it and/or modify it under
; the terms of the GNU General Public License as published by the Free Software
; Foundation, either version 2 of the License, or (at your option) any later
; version.
;
; This program is distributed in the hope that it will be useful, but WITHOUT
; ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
; FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License along with
; this program. If not, see <http://www.gnu.org/licenses/>.
; Based on rfc7539 and implementation of libressl
POLY1305_BLOCK_SIZE = 16
POLY1305_ALIGN = 16
POLY1305_ALIGN_MASK = POLY1305_ALIGN-1
struct ctx_poly1305
mac rd 5
rd 3
block rb POLY1305_BLOCK_SIZE
rb POLY1305_ALIGN-(POLY1305_BLOCK_SIZE mod POLY1305_ALIGN)
index dd ?
block_size dd ?
hibit dd ?
rd 2 ; align
; tmp vars
r rd 5
s rd 4
d rd 5*2 ; 5 dq
ends
assert sizeof.ctx_poly1305 <= LIBCRASH_CTX_LEN
proc poly1305.init uses ebx, _ctx, _key, _key_len
mov ebx, [_ctx]
mov [ebx+ctx_poly1305.block_size], POLY1305_BLOCK_SIZE
mov [ebx+ctx_poly1305.hibit], 1 SHL 24
; accumulator
mov [ebx+ctx_poly1305.mac+0*4], 0
mov [ebx+ctx_poly1305.mac+1*4], 0
mov [ebx+ctx_poly1305.mac+2*4], 0
mov [ebx+ctx_poly1305.mac+3*4], 0
mov [ebx+ctx_poly1305.mac+4*4], 0
; r &= 0xffffffc0ffffffc0ffffffc0fffffff
mov ecx, [_key]
mov eax, [ecx+0]
and eax, 0x3ffffff
mov [ebx+ctx_poly1305.r+0*4], eax
mov eax, [ecx+3]
shr eax, 2
and eax, 0x3ffff03
mov [ebx+ctx_poly1305.r+1*4], eax
mov eax, [ecx+6]
shr eax, 4
and eax, 0x3ffc0ff
mov [ebx+ctx_poly1305.r+2*4], eax
mov eax, [ecx+9]
shr eax, 6
and eax, 0x3f03fff
mov [ebx+ctx_poly1305.r+3*4], eax
mov eax, [ecx+12]
shr eax, 8
and eax, 0xfffff
mov [ebx+ctx_poly1305.r+4*4], eax
; s
mov eax, [ecx+4*4]
mov [ebx+ctx_poly1305.s+0*4], eax
mov eax, [ecx+5*4]
mov [ebx+ctx_poly1305.s+1*4], eax
mov eax, [ecx+6*4]
mov [ebx+ctx_poly1305.s+2*4], eax
mov eax, [ecx+7*4]
mov [ebx+ctx_poly1305.s+3*4], eax
ret
endp
proc poly1305._.block _mac
; mov ecx, [ebx+ctx_poly1305.rounds_cnt]
mov edi, [_mac]
; a += m[i]
mov eax, [esi+0]
and eax, 0x3ffffff
add [ebx+ctx_poly1305.mac+0*4], eax
mov eax, [esi+3]
shr eax, 2
and eax, 0x3ffffff
add [ebx+ctx_poly1305.mac+1*4], eax
mov eax, [esi+6]
shr eax, 4
and eax, 0x3ffffff
add [ebx+ctx_poly1305.mac+2*4], eax
mov eax, [esi+9]
shr eax, 6
and eax, 0x3ffffff
add [ebx+ctx_poly1305.mac+3*4], eax
mov eax, [esi+12]
shr eax, 8
or eax, [ebx+ctx_poly1305.hibit]
add [ebx+ctx_poly1305.mac+4*4], eax
; a *= r
; d0
; r0*a0
mov eax, [ebx+ctx_poly1305.r+0*4]
mul [ebx+ctx_poly1305.mac+0*4]
mov ecx, eax
mov edi, edx
; s4*a1
mov eax, [ebx+ctx_poly1305.r+4*4]
lea eax, [eax*5]
mul [ebx+ctx_poly1305.mac+1*4]
add ecx, eax
adc edi, edx
; s3*a2
mov eax, [ebx+ctx_poly1305.r+3*4]
lea eax, [eax*5]
mul [ebx+ctx_poly1305.mac+2*4]
add ecx, eax
adc edi, edx
; s2*a3
mov eax, [ebx+ctx_poly1305.r+2*4]
lea eax, [eax*5]
mul [ebx+ctx_poly1305.mac+3*4]
add ecx, eax
adc edi, edx
; s1*a4
mov eax, [ebx+ctx_poly1305.r+1*4]
lea eax, [eax*5]
mul [ebx+ctx_poly1305.mac+4*4]
add ecx, eax
adc edi, edx
mov [ebx+ctx_poly1305.d+0*8+0], ecx
mov [ebx+ctx_poly1305.d+0*8+4], edi
; d1
; r1*a0
mov eax, [ebx+ctx_poly1305.r+1*4]
mul [ebx+ctx_poly1305.mac+0*4]
mov ecx, eax
mov edi, edx
; r0*a1
mov eax, [ebx+ctx_poly1305.r+0*4]
mul [ebx+ctx_poly1305.mac+1*4]
add ecx, eax
adc edi, edx
; s4*a2
mov eax, [ebx+ctx_poly1305.r+4*4]
lea eax, [eax*5]
mul [ebx+ctx_poly1305.mac+2*4]
add ecx, eax
adc edi, edx
; s3*a3
mov eax, [ebx+ctx_poly1305.r+3*4]
lea eax, [eax*5]
mul [ebx+ctx_poly1305.mac+3*4]
add ecx, eax
adc edi, edx
; s2*a4
mov eax, [ebx+ctx_poly1305.r+2*4]
lea eax, [eax*5]
mul [ebx+ctx_poly1305.mac+4*4]
add ecx, eax
adc edi, edx
mov [ebx+ctx_poly1305.d+1*8+0], ecx
mov [ebx+ctx_poly1305.d+1*8+4], edi
; d2
; r2*a0
mov eax, [ebx+ctx_poly1305.r+2*4]
mul [ebx+ctx_poly1305.mac+0*4]
mov ecx, eax
mov edi, edx
; r1*a1
mov eax, [ebx+ctx_poly1305.r+1*4]
mul [ebx+ctx_poly1305.mac+1*4]
add ecx, eax
adc edi, edx
; r0*a2
mov eax, [ebx+ctx_poly1305.r+0*4]
mul [ebx+ctx_poly1305.mac+2*4]
add ecx, eax
adc edi, edx
; s4*a3
mov eax, [ebx+ctx_poly1305.r+4*4]
lea eax, [eax*5]
mul [ebx+ctx_poly1305.mac+3*4]
add ecx, eax
adc edi, edx
; s3*a4
mov eax, [ebx+ctx_poly1305.r+3*4]
lea eax, [eax*5]
mul [ebx+ctx_poly1305.mac+4*4]
add ecx, eax
adc edi, edx
mov [ebx+ctx_poly1305.d+2*8+0], ecx
mov [ebx+ctx_poly1305.d+2*8+4], edi
; d3
; r3*a0
mov eax, [ebx+ctx_poly1305.r+3*4]
mul [ebx+ctx_poly1305.mac+0*4]
mov ecx, eax
mov edi, edx
; r2*a1
mov eax, [ebx+ctx_poly1305.r+2*4]
mul [ebx+ctx_poly1305.mac+1*4]
add ecx, eax
adc edi, edx
; r1*a2
mov eax, [ebx+ctx_poly1305.r+1*4]
mul [ebx+ctx_poly1305.mac+2*4]
add ecx, eax
adc edi, edx
; r0*a3
mov eax, [ebx+ctx_poly1305.r+0*4]
mul [ebx+ctx_poly1305.mac+3*4]
add ecx, eax
adc edi, edx
; s4*a4
mov eax, [ebx+ctx_poly1305.r+4*4]
lea eax, [eax*5]
mul [ebx+ctx_poly1305.mac+4*4]
add ecx, eax
adc edi, edx
mov [ebx+ctx_poly1305.d+3*8+0], ecx
mov [ebx+ctx_poly1305.d+3*8+4], edi
; d4
; r4*a0
mov eax, [ebx+ctx_poly1305.r+4*4]
mul [ebx+ctx_poly1305.mac+0*4]
mov ecx, eax
mov edi, edx
; r3*a1
mov eax, [ebx+ctx_poly1305.r+3*4]
mul [ebx+ctx_poly1305.mac+1*4]
add ecx, eax
adc edi, edx
; r2*a2
mov eax, [ebx+ctx_poly1305.r+2*4]
mul [ebx+ctx_poly1305.mac+2*4]
add ecx, eax
adc edi, edx
; r1*a3
mov eax, [ebx+ctx_poly1305.r+1*4]
mul [ebx+ctx_poly1305.mac+3*4]
add ecx, eax
adc edi, edx
; r0*a4
mov eax, [ebx+ctx_poly1305.r+0*4]
mul [ebx+ctx_poly1305.mac+4*4]
add ecx, eax
adc edi, edx
mov [ebx+ctx_poly1305.d+4*8+0], ecx
mov [ebx+ctx_poly1305.d+4*8+4], edi
; (partial) a %= p
mov eax, [ebx+ctx_poly1305.d+0*8+0]
mov edx, [ebx+ctx_poly1305.d+0*8+4]
; d0
mov ecx, edx
shld ecx, eax, 6
and eax, 0x3ffffff
mov [ebx+ctx_poly1305.mac+0*4], eax
mov eax, [ebx+ctx_poly1305.d+1*8+0]
mov edx, [ebx+ctx_poly1305.d+1*8+4]
add eax, ecx
adc edx, 0
; d1
mov ecx, edx
shld ecx, eax, 6
and eax, 0x3ffffff
mov [ebx+ctx_poly1305.mac+1*4], eax
mov eax, [ebx+ctx_poly1305.d+2*8+0]
mov edx, [ebx+ctx_poly1305.d+2*8+4]
add eax, ecx
adc edx, 0
; d2
mov ecx, edx
shld ecx, eax, 6
and eax, 0x3ffffff
mov [ebx+ctx_poly1305.mac+2*4], eax
mov eax, [ebx+ctx_poly1305.d+3*8+0]
mov edx, [ebx+ctx_poly1305.d+3*8+4]
add eax, ecx
adc edx, 0
; d3
mov ecx, edx
shld ecx, eax, 6
and eax, 0x3ffffff
mov [ebx+ctx_poly1305.mac+3*4], eax
mov eax, [ebx+ctx_poly1305.d+4*8+0]
mov edx, [ebx+ctx_poly1305.d+4*8+4]
add eax, ecx
adc edx, 0
; d4
mov ecx, edx
shld ecx, eax, 6
and eax, 0x3ffffff
mov [ebx+ctx_poly1305.mac+4*4], eax
lea ecx, [ecx*5]
add ecx, [ebx+ctx_poly1305.mac+0*4]
mov eax, ecx
shr ecx, 26
and eax, 0x3ffffff
mov [ebx+ctx_poly1305.mac+0*4], eax
add [ebx+ctx_poly1305.mac+1*4], ecx
ret
endp
proc poly1305.update uses ebx esi edi, _ctx, _msg, _size
.next_block:
mov ebx, [_ctx]
mov esi, [_msg]
mov eax, [ebx+ctx_poly1305.index]
test eax, eax
jnz .copy_to_buf
test esi, POLY1305_ALIGN_MASK
jnz .copy_to_buf
.no_copy:
; data is aligned, process it in place without copying
mov ebx, [_ctx]
mov eax, [ebx+ctx_poly1305.block_size]
cmp [_size], eax
jb .copy_quit
lea eax, [ebx+ctx_poly1305.mac]
push ebx esi
stdcall poly1305._.block, eax
pop esi ebx
mov eax, [ebx+ctx_poly1305.block_size]
sub [_size], eax
add esi, [ebx+ctx_poly1305.block_size]
jmp .no_copy
.copy_to_buf:
lea edi, [ebx+ctx_poly1305.block]
add edi, eax
mov ecx, [ebx+ctx_poly1305.block_size]
sub ecx, eax
cmp [_size], ecx
jb .copy_quit
sub [_size], ecx
add [_msg], ecx
add [ebx+ctx_poly1305.index], ecx
mov eax, [ebx+ctx_poly1305.block_size]
cmp [ebx+ctx_poly1305.index], eax
jb @f
sub [ebx+ctx_poly1305.index], eax
@@:
rep movsb
lea eax, [ebx+ctx_poly1305.mac]
lea esi, [ebx+ctx_poly1305.block]
stdcall poly1305._.block, eax
jmp .next_block
.copy_quit:
mov ebx, [_ctx]
lea edi, [ebx+ctx_poly1305.block]
mov eax, [ebx+ctx_poly1305.index]
add edi, eax
mov ecx, [_size]
add [ebx+ctx_poly1305.index], ecx
rep movsb
.quit:
ret
endp
proc poly1305.finish uses ebx esi edi, _ctx
mov ebx, [_ctx]
mov eax, [ebx+ctx_poly1305.index]
test eax, eax
jz .skip
mov ecx, [ebx+ctx_poly1305.block_size]
sub ecx, eax
lea edi, [ebx+ctx_poly1305.block]
add edi, eax
mov byte[edi], 0x01
inc edi
dec ecx
xor eax, eax
rep stosb
mov ebx, [_ctx]
mov [ebx+ctx_poly1305.hibit], 0
lea esi, [ebx+ctx_poly1305.block]
lea eax, [ebx+ctx_poly1305.mac]
stdcall poly1305._.block, eax
.skip:
mov ebx, [_ctx]
lea eax, [ebx+ctx_poly1305.mac]
stdcall poly1305._.postprocess, ebx, eax
; fully carry a
mov ecx, [ebx+ctx_poly1305.mac+1*4]
shr ecx, 26
and [ebx+ctx_poly1305.mac+1*4], 0x3ffffff
add ecx, [ebx+ctx_poly1305.mac+2*4]
mov eax, ecx
and eax, 0x3ffffff
shr ecx, 26
mov [ebx+ctx_poly1305.mac+2*4], eax
add ecx, [ebx+ctx_poly1305.mac+3*4]
mov eax, ecx
and eax, 0x3ffffff
shr ecx, 26
mov [ebx+ctx_poly1305.mac+3*4], eax
add ecx, [ebx+ctx_poly1305.mac+4*4]
mov eax, ecx
and eax, 0x3ffffff
shr ecx, 26
mov [ebx+ctx_poly1305.mac+4*4], eax
lea ecx, [ecx*5]
add ecx, [ebx+ctx_poly1305.mac+0*4]
mov eax, ecx
and eax, 0x3ffffff
shr ecx, 26
mov [ebx+ctx_poly1305.mac+0*4], eax
add [ebx+ctx_poly1305.mac+1*4], ecx
; compute a + -p
mov ecx, [ebx+ctx_poly1305.mac+0*4]
add ecx, 5
mov eax, ecx
and eax, 0x3ffffff
shr ecx, 26
mov [ebx+ctx_poly1305.r+0*4], eax
add ecx, [ebx+ctx_poly1305.mac+1*4]
mov eax, ecx
and eax, 0x3ffffff
shr ecx, 26
mov [ebx+ctx_poly1305.r+1*4], eax
add ecx, [ebx+ctx_poly1305.mac+2*4]
mov eax, ecx
and eax, 0x3ffffff
shr ecx, 26
mov [ebx+ctx_poly1305.r+2*4], eax
add ecx, [ebx+ctx_poly1305.mac+3*4]
mov eax, ecx
and eax, 0x3ffffff
shr ecx, 26
mov [ebx+ctx_poly1305.r+3*4], eax
add ecx, [ebx+ctx_poly1305.mac+4*4]
sub ecx, 1 SHL 26
mov [ebx+ctx_poly1305.r+4*4], ecx
; select a if a < p, or a + -p if a >= p
shr ecx, 31
dec ecx
and [ebx+ctx_poly1305.r+0*4], ecx
and [ebx+ctx_poly1305.r+1*4], ecx
and [ebx+ctx_poly1305.r+2*4], ecx
and [ebx+ctx_poly1305.r+3*4], ecx
and [ebx+ctx_poly1305.r+4*4], ecx
not ecx
mov eax, [ebx+ctx_poly1305.r+0*4]
and [ebx+ctx_poly1305.mac+0*4], ecx
or [ebx+ctx_poly1305.mac+0*4], eax
mov eax, [ebx+ctx_poly1305.r+1*4]
and [ebx+ctx_poly1305.mac+1*4], ecx
or [ebx+ctx_poly1305.mac+1*4], eax
mov eax, [ebx+ctx_poly1305.r+2*4]
and [ebx+ctx_poly1305.mac+2*4], ecx
or [ebx+ctx_poly1305.mac+2*4], eax
mov eax, [ebx+ctx_poly1305.r+3*4]
and [ebx+ctx_poly1305.mac+3*4], ecx
or [ebx+ctx_poly1305.mac+3*4], eax
mov eax, [ebx+ctx_poly1305.r+4*4]
and [ebx+ctx_poly1305.mac+4*4], ecx
or [ebx+ctx_poly1305.mac+4*4], eax
; a = a % (2^128)
; a0
mov eax, [ebx+ctx_poly1305.mac+0*4]
mov ecx, [ebx+ctx_poly1305.mac+1*4]
shl ecx, 26
or eax, ecx
mov [ebx+ctx_poly1305.mac+0*4], eax
; a1
mov eax, [ebx+ctx_poly1305.mac+1*4]
shr eax, 6
mov ecx, [ebx+ctx_poly1305.mac+2*4]
shl ecx, 20
or eax, ecx
mov [ebx+ctx_poly1305.mac+1*4], eax
; a2
mov eax, [ebx+ctx_poly1305.mac+2*4]
shr eax, 12
mov ecx, [ebx+ctx_poly1305.mac+3*4]
shl ecx, 14
or eax, ecx
mov [ebx+ctx_poly1305.mac+2*4], eax
; a3
mov eax, [ebx+ctx_poly1305.mac+3*4]
shr eax, 18
mov ecx, [ebx+ctx_poly1305.mac+4*4]
shl ecx, 8
or eax, ecx
mov [ebx+ctx_poly1305.mac+3*4], eax
; mac = (a + pad) % (2^128)
xor edx, edx
; a0
mov eax, [ebx+ctx_poly1305.mac+0*4]
add eax, [ebx+ctx_poly1305.s+0*4]
mov [ebx+ctx_poly1305.mac+0*4], eax
; a1
mov eax, [ebx+ctx_poly1305.mac+1*4]
adc eax, [ebx+ctx_poly1305.s+1*4]
mov [ebx+ctx_poly1305.mac+1*4], eax
; a2
mov eax, [ebx+ctx_poly1305.mac+2*4]
adc eax, [ebx+ctx_poly1305.s+2*4]
mov [ebx+ctx_poly1305.mac+2*4], eax
; a3
mov eax, [ebx+ctx_poly1305.mac+3*4]
adc eax, [ebx+ctx_poly1305.s+3*4]
mov [ebx+ctx_poly1305.mac+3*4], eax
ret
endp
proc poly1305._.postprocess _ctx, _mac
ret
endp
proc poly1305.oneshot _ctx, _in, _len, _key, _key_len
stdcall poly1305.init, [_ctx], [_key], [_key_len]
stdcall poly1305.update, [_ctx], [_in], [_len]
stdcall poly1305.finish, [_ctx]
ret
endp

View File

@ -1,153 +0,0 @@
use32
org 0x0
db 'MENUET01'
dd 0x01,start,i_end,e_end,e_end,0,this_file_name
include '../../../../proc32.inc'
include '../../../../macros.inc'
include '../../../../dll.inc'
;include '../../../../debug.inc'
include 'libcrash.inc'
BUFFER_SIZE = 4096
start:
pushfd
pop eax
or eax, 1 SHL 18 ; Alignment Check flag
push eax
popfd
mcall 68, 11
stdcall dll.Load, @IMPORT
or eax, eax
jnz quit
still:
mcall 10
dec eax
jz redraw
dec eax
jz key
button:
mcall 17
shr eax, 8
cmp eax, 1
je quit
redraw:
mcall 12, 1
mcall 0, <0,900>, <0,160>, 0x34000000, 0x80000000, window_title
mcall 4, < 0, 0>, 0xc0ffffff, message, , 0
mov [hid], 0
mov [text_pos_y], 10
mov [hash_name], hash_strings
.next_hash:
mov dword[f70_buf + 4], 0
mov dword[msglen], 0
mov edi, hex
xor eax, eax
mov ecx, 1024/4
rep stosd
invoke crash.hash, [hid], data_buffer, update_data_buffer, ctx
invoke crash.bin2hex, ctx, hex, [hid]
mov ebx, [text_pos_y]
mcall 4, , 0xc0ffffff, [hash_name], , 0
mov ebx, [text_pos_y]
add ebx, 66 SHL 16
mcall 4, , 0x40ffffff, hex, 128, 0
add [text_pos_y], 10
add [hash_name], 12 ; lenght of hash_strings item
inc [hid]
cmp [hid], LIBCRASH_SHA3_512
jng .next_hash
mcall 12, 2
jmp still
key:
mcall 2
jmp still
quit:
mcall -1
proc update_data_buffer _left
mov eax, data_buffer
add eax, [_left]
mov dword[f70_buf + 16], eax
mov eax, BUFFER_SIZE
sub eax, [_left]
mov dword[f70_buf + 12], eax
mcall 70, f70_buf
mov eax, ebx
cmp eax, -1
jne @f
inc eax
@@:
add dword[f70_buf + 4], eax
ret
endp
szZ window_title , 'libcrash example'
szZ message , 'hash sums of this file'
hash_strings:
db 'crc32 : ',0
db 'md4 : ',0
db 'md5 : ',0
db 'sha1 : ',0
db 'sha224 : ',0
db 'sha256 : ',0
db 'sha384 : ',0
db 'sha512 : ',0
db 'sha3-224 : ',0
db 'sha3-256 : ',0
db 'sha3-384 : ',0
db 'sha3-512 : ',0
f70_buf:
funcnum dd 0
src dd 0
res1 dd 0
count dd BUFFER_SIZE
dst dd data_buffer
res2 db 0
fname dd this_file_name
align 4
@IMPORT:
library \
libcrash, 'libcrash.obj'
import libcrash , \
libcrash.init , 'lib_init' , \
crash.hash , 'crash_hash' , \
crash.bin2hex , 'crash_bin2hex'
i_end:
hash_name rd 1
text_pos_y rd 1
hash rd 50
hid rd 1 ; hash id
msglen rd 1
hex rb 1024
data_buffer rb BUFFER_SIZE
this_file_name rb 4096
rb 0x800 ;stack
align 16 ; should be enough
ctx rb 0x1000
e_end:

View File

@ -1,178 +0,0 @@
; libcrash -- cryptographic hash functions
;
; Copyright (C) 2012-2014,2016 Ivan Baravy (dunkaist)
;
; This program is free software: you can redistribute it and/or modify
; it under the terms of the GNU General Public License as published by
; the Free Software Foundation, either version 3 of the License, or
; (at your option) any later version.
;
; This program is distributed in the hope that it will be useful,
; but WITHOUT ANY WARRANTY; without even the implied warranty of
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
; GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License
; along with this program. If not, see <http://www.gnu.org/licenses/>.
format MS COFF
public @EXPORT as 'EXPORTS'
include '../../../../struct.inc'
include '../../../../proc32.inc'
include '../../../../macros.inc'
include '../../../../config.inc'
include '../../../../kglobals.inc'
purge section,mov,add,sub
section '.flat' code readable align 16
include 'libcrash.inc'
include 'crc32.asm'
include 'md4.asm'
include 'md5.asm'
include 'sha1.asm'
include 'sha224_256.asm'
include 'sha384_512.asm'
include 'sha3.asm'
proc lib_init
ret
endp
proc crash.hash _hid, _data, _callback, _ctx
locals
size dd ?
endl
mov [size], 0
mov eax, [_hid]
imul eax, sizeof.crash_item
lea edx, [crash._.table + eax]
mov ebx, [_ctx]
stdcall [edx + crash_item.init], [_ctx]
.hash:
mov esi, [_data]
push edx
stdcall [edx + crash_item.update], [_ctx], [_data], [size]
mov [size], 0
pop edx
mov eax, [_callback]
test eax, eax
jz .quit
push edx
stdcall [_callback], [size]
pop edx
mov [size], eax
test eax, eax
jnz .hash
stdcall [edx + crash_item.final], [_ctx]
.quit:
ret
endp
proc crash.bin2hex _bin, _hex, _hid
mov eax, [_hid]
imul eax, sizeof.crash_item
mov ecx, [crash._.table + eax + crash_item.len_out]
mov ebx, crash._.bin2hex_table
mov esi, [_bin]
mov edi, [_hex]
.next_byte:
xor eax, eax
lodsb
shl eax, 4
shr al, 4
xlatb
xchg al, ah
xlatb
stosw
dec ecx
jnz .next_byte
xor al, al
stosb
ret
endp
section '.data' data readable align 16
crash._.bin2hex_table db '0123456789abcdef'
crash._.table dd \
crc32.init, crc32.update, crc32.final, crc32.oneshot, CRC32_HASH_SIZE, \
md4.init, md4.update, md4.final, md4.oneshot, MD4_HASH_SIZE, \
md5.init, md5.update, md5.final, md5.oneshot, MD5_HASH_SIZE, \
sha1.init, sha1.update, sha1.final, sha1.oneshot, SHA1_HASH_SIZE, \
sha224.init, sha224.update, sha224.final, sha224.oneshot, SHA224_HASH_SIZE, \
sha256.init, sha256.update, sha256.final, sha256.oneshot, SHA256_HASH_SIZE, \
sha384.init, sha384.update, sha384.final, sha384.oneshot, SHA384_HASH_SIZE, \
sha512.init, sha512.update, sha512.final, sha512.oneshot, SHA512_HASH_SIZE, \
sha3_224.init, sha3_224.update, sha3_224.final, sha3_224.oneshot, SHA3_224_HASH_SIZE,\
sha3_256.init, sha3_256.update, sha3_256.final, sha3_256.oneshot, SHA3_256_HASH_SIZE,\
sha3_384.init, sha3_384.update, sha3_384.final, sha3_384.oneshot, SHA3_384_HASH_SIZE,\
sha3_512.init, sha3_512.update, sha3_512.final, sha3_512.oneshot, SHA3_512_HASH_SIZE
IncludeIGlobals
align 4
@EXPORT:
export \
lib_init, 'lib_init' , \
crash.hash, 'crash_hash' , \
crash.bin2hex, 'crash_bin2hex' , \
crc32.init, 'crc32_init' , \
crc32.update, 'crc32_update' , \
crc32.final, 'crc32_final' , \
crc32.oneshot, 'crc32_oneshot' , \
md4.init, 'md4_init' , \
md4.update, 'md4_update' , \
md4.final, 'md4_final' , \
md4.oneshot, 'md4_oneshot' , \
md5.init, 'md5_init' , \
md5.update, 'md5_update' , \
md5.final, 'md5_final' , \
md5.oneshot, 'md5_oneshot' , \
sha1.init, 'sha1_init' , \
sha1.update, 'sha1_update' , \
sha1.final, 'sha1_final' , \
sha1.oneshot, 'sha1_oneshot' , \
sha224.init, 'sha224_init' , \
sha224.update, 'sha224_update' , \
sha224.final, 'sha224_final' , \
sha224.oneshot, 'sha224_oneshot' , \
sha256.init, 'sha256_init' , \
sha256.update, 'sha256_update' , \
sha256.final, 'sha256_final' , \
sha256.oneshot, 'sha256_oneshot' , \
sha384.init, 'sha384_init' , \
sha384.update, 'sha384_update' , \
sha384.final, 'sha384_final' , \
sha384.oneshot, 'sha384_oneshot' , \
sha512.init, 'sha512_init' , \
sha512.update, 'sha512_update' , \
sha512.final, 'sha512_final' , \
sha512.oneshot, 'sha512_oneshot' , \
sha3_224.init, 'sha3_224_init' , \
sha3_224.update, 'sha3_224_update' , \
sha3_224.final, 'sha3_224_final' , \
sha3_224.oneshot, 'sha3_224_oneshot' , \
sha3_256.init, 'sha3_256_init' , \
sha3_256.update, 'sha3_256_update' , \
sha3_256.final, 'sha3_256_final' , \
sha3_256.oneshot, 'sha3_256_oneshot' , \
sha3_384.init, 'sha3_384_init' , \
sha3_384.update, 'sha3_384_update' , \
sha3_384.final, 'sha3_384_final' , \
sha3_384.oneshot, 'sha3_384_oneshot' , \
sha3_512.init, 'sha3_512_init' , \
sha3_512.update, 'sha3_512_update' , \
sha3_512.final, 'sha3_512_final' , \
sha3_512.oneshot, 'sha3_512_oneshot'

View File

@ -1,81 +0,0 @@
; libcrash -- cryptographic hash functions
;
; Copyright (C) 2012-2014,2016,2019 Ivan Baravy (dunkaist)
;
; This program is free software: you can redistribute it and/or modify
; it under the terms of the GNU General Public License as published by
; the Free Software Foundation, either version 3 of the License, or
; (at your option) any later version.
;
; This program is distributed in the hope that it will be useful,
; but WITHOUT ANY WARRANTY; without even the implied warranty of
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
; GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License
; along with this program. If not, see <http://www.gnu.org/licenses/>.
LIBCRASH_CRC32 = 0
LIBCRASH_MD4 = 1
LIBCRASH_MD5 = 2
LIBCRASH_SHA1 = 3
LIBCRASH_SHA224 = 4
LIBCRASH_SHA256 = 5
LIBCRASH_SHA384 = 6
LIBCRASH_SHA512 = 7
LIBCRASH_SHA3_224 = 8
LIBCRASH_SHA3_256 = 9
LIBCRASH_SHA3_384 = 10
LIBCRASH_SHA3_512 = 11
LIBCRASH_LAST = 11
struct crash_item
init dd ?
update dd ?
final dd ?
oneshot dd ?
len_out dd ?
ends
struct crash_ctx
hash rb 1024 ; context starts with hash data
ends
CRC32_HASH_SIZE = 4
CRC32_BLOCK_SIZE = 1
MD4_HASH_SIZE = 16
MD4_BLOCK_SIZE = 64
MD5_HASH_SIZE = 16
MD5_BLOCK_SIZE = 64
SHA1_HASH_SIZE = 20
SHA1_BLOCK_SIZE = 64
SHA224_HASH_SIZE = 28
SHA224_BLOCK_SIZE = 64
SHA256_HASH_SIZE = 32
SHA256_BLOCK_SIZE = 64
SHA384_HASH_SIZE = 48
SHA384_BLOCK_SIZE = 128
SHA512_HASH_SIZE = 64
SHA512_BLOCK_SIZE = 128
SHA3_224_HASH_SIZE = 28
SHA3_224_BLOCK_SIZE = 144
SHA3_256_HASH_SIZE = 32
SHA3_256_BLOCK_SIZE = 136
SHA3_384_HASH_SIZE = 48
SHA3_384_BLOCK_SIZE = 104
SHA3_512_HASH_SIZE = 64
SHA3_512_BLOCK_SIZE = 72

View File

@ -1,263 +0,0 @@
; libcrash -- cryptographic hash functions
;
; Copyright (C) 2012-2013,2016,2019 Ivan Baravy (dunkaist)
;
; This program is free software: you can redistribute it and/or modify
; it under the terms of the GNU General Public License as published by
; the Free Software Foundation, either version 3 of the License, or
; (at your option) any later version.
;
; This program is distributed in the hope that it will be useful,
; but WITHOUT ANY WARRANTY; without even the implied warranty of
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
; GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License
; along with this program. If not, see <http://www.gnu.org/licenses/>.
MD4_HASH_SIZE = 16
MD4_BLOCK_SIZE = 64
MD4_ALIGN = 4
MD4_ALIGN_MASK = MD4_ALIGN - 1
struct ctx_md4
hash rb MD4_HASH_SIZE
block rb MD4_BLOCK_SIZE
index rd 1
msglen_0 rd 1
msglen_1 rd 1
ends
if defined sizeof.crash_ctx
assert sizeof.crash_ctx >= sizeof.ctx_md4
end if
macro md4._.f b, c, d
{
mov eax, c
xor eax, d
and eax, b
xor eax, d
}
macro md4._.g b, c, d
{
push c d
mov eax, b
and eax, c
and c, d
and d, b
or eax, c
or eax, d
pop d c
}
macro md4._.h b, c, d
{
mov eax, b
xor eax, c
xor eax, d
}
macro md4._.round func, a, b, c, d, index, shift, ac
{
func b, c, d
add eax, [esi + index*4]
lea a, [a + eax + ac]
rol a, shift
}
proc md4.init _ctx
mov ebx, [_ctx]
lea edi, [ebx + ctx_md4.hash]
mov esi, md4._.hash_init
mov ecx, MD4_HASH_SIZE/4
rep movsd
xor eax, eax
mov [ebx + ctx_md4.index], eax
mov [ebx + ctx_md4.msglen_0], eax
mov [ebx + ctx_md4.msglen_1], eax
ret
endp
proc md4._.block _hash
mov eax, [_hash]
mov edi, [eax + 0x0]
mov ebx, [eax + 0x4]
mov ecx, [eax + 0x8]
mov edx, [eax + 0xc]
md4._.round md4._.f, edi, ebx, ecx, edx, 0, 3, 0x00000000
md4._.round md4._.f, edx, edi, ebx, ecx, 1, 7, 0x00000000
md4._.round md4._.f, ecx, edx, edi, ebx, 2, 11, 0x00000000
md4._.round md4._.f, ebx, ecx, edx, edi, 3, 19, 0x00000000
md4._.round md4._.f, edi, ebx, ecx, edx, 4, 3, 0x00000000
md4._.round md4._.f, edx, edi, ebx, ecx, 5, 7, 0x00000000
md4._.round md4._.f, ecx, edx, edi, ebx, 6, 11, 0x00000000
md4._.round md4._.f, ebx, ecx, edx, edi, 7, 19, 0x00000000
md4._.round md4._.f, edi, ebx, ecx, edx, 8, 3, 0x00000000
md4._.round md4._.f, edx, edi, ebx, ecx, 9, 7, 0x00000000
md4._.round md4._.f, ecx, edx, edi, ebx, 10, 11, 0x00000000
md4._.round md4._.f, ebx, ecx, edx, edi, 11, 19, 0x00000000
md4._.round md4._.f, edi, ebx, ecx, edx, 12, 3, 0x00000000
md4._.round md4._.f, edx, edi, ebx, ecx, 13, 7, 0x00000000
md4._.round md4._.f, ecx, edx, edi, ebx, 14, 11, 0x00000000
md4._.round md4._.f, ebx, ecx, edx, edi, 15, 19, 0x00000000
md4._.round md4._.g, edi, ebx, ecx, edx, 0, 3, 0x5a827999
md4._.round md4._.g, edx, edi, ebx, ecx, 4, 5, 0x5a827999
md4._.round md4._.g, ecx, edx, edi, ebx, 8, 9, 0x5a827999
md4._.round md4._.g, ebx, ecx, edx, edi, 12, 13, 0x5a827999
md4._.round md4._.g, edi, ebx, ecx, edx, 1, 3, 0x5a827999
md4._.round md4._.g, edx, edi, ebx, ecx, 5, 5, 0x5a827999
md4._.round md4._.g, ecx, edx, edi, ebx, 9, 9, 0x5a827999
md4._.round md4._.g, ebx, ecx, edx, edi, 13, 13, 0x5a827999
md4._.round md4._.g, edi, ebx, ecx, edx, 2, 3, 0x5a827999
md4._.round md4._.g, edx, edi, ebx, ecx, 6, 5, 0x5a827999
md4._.round md4._.g, ecx, edx, edi, ebx, 10, 9, 0x5a827999
md4._.round md4._.g, ebx, ecx, edx, edi, 14, 13, 0x5a827999
md4._.round md4._.g, edi, ebx, ecx, edx, 3, 3, 0x5a827999
md4._.round md4._.g, edx, edi, ebx, ecx, 7, 5, 0x5a827999
md4._.round md4._.g, ecx, edx, edi, ebx, 11, 9, 0x5a827999
md4._.round md4._.g, ebx, ecx, edx, edi, 15, 13, 0x5a827999
md4._.round md4._.h, edi, ebx, ecx, edx, 0, 3, 0x6ed9eba1
md4._.round md4._.h, edx, edi, ebx, ecx, 8, 9, 0x6ed9eba1
md4._.round md4._.h, ecx, edx, edi, ebx, 4, 11, 0x6ed9eba1
md4._.round md4._.h, ebx, ecx, edx, edi, 12, 15, 0x6ed9eba1
md4._.round md4._.h, edi, ebx, ecx, edx, 2, 3, 0x6ed9eba1
md4._.round md4._.h, edx, edi, ebx, ecx, 10, 9, 0x6ed9eba1
md4._.round md4._.h, ecx, edx, edi, ebx, 6, 11, 0x6ed9eba1
md4._.round md4._.h, ebx, ecx, edx, edi, 14, 15, 0x6ed9eba1
md4._.round md4._.h, edi, ebx, ecx, edx, 1, 3, 0x6ed9eba1
md4._.round md4._.h, edx, edi, ebx, ecx, 9, 9, 0x6ed9eba1
md4._.round md4._.h, ecx, edx, edi, ebx, 5, 11, 0x6ed9eba1
md4._.round md4._.h, ebx, ecx, edx, edi, 13, 15, 0x6ed9eba1
md4._.round md4._.h, edi, ebx, ecx, edx, 3, 3, 0x6ed9eba1
md4._.round md4._.h, edx, edi, ebx, ecx, 11, 9, 0x6ed9eba1
md4._.round md4._.h, ecx, edx, edi, ebx, 7, 11, 0x6ed9eba1
md4._.round md4._.h, ebx, ecx, edx, edi, 15, 15, 0x6ed9eba1
mov eax, [_hash]
add [eax + 0x0], edi
add [eax + 0x4], ebx
add [eax + 0x8], ecx
add [eax + 0xc], edx
ret
endp
proc md4.update _ctx, _msg, _size
mov ebx, [_ctx]
mov ecx, [_size]
add [ebx + ctx_md4.msglen_0], ecx
adc [ebx + ctx_md4.msglen_1], 0
.next_block:
mov ebx, [_ctx]
mov esi, [_msg]
mov eax, [ebx + ctx_md4.index]
and eax, MD4_BLOCK_SIZE-1
jnz .copy_to_buf
test esi, MD4_ALIGN_MASK
jnz .copy_to_buf
.no_copy:
; data is aligned, hash it in place without copying
mov ebx, [_ctx]
cmp [_size], MD4_BLOCK_SIZE
jb .copy_quit
lea eax, [ebx + ctx_md4.hash]
stdcall md4._.block, eax
sub [_size], MD4_BLOCK_SIZE
add esi, MD4_BLOCK_SIZE
jmp .no_copy
.copy_to_buf:
lea edi, [ebx + ctx_md4.block]
add edi, eax
mov ecx, MD4_BLOCK_SIZE
sub ecx, eax
cmp [_size], ecx
jb .copy_quit
sub [_size], ecx
add [_msg], ecx
add [ebx + ctx_md4.index], ecx
rep movsb
lea eax, [ebx + ctx_md4.hash]
lea esi, [ebx + ctx_md4.block]
stdcall md4._.block, eax
jmp .next_block
.copy_quit:
mov ebx, [_ctx]
lea edi, [ebx + ctx_md4.block]
mov eax, [ebx + ctx_md4.index]
and eax, MD4_BLOCK_SIZE-1
add edi, eax
mov ecx, [_size]
add [ebx + ctx_md4.index], ecx
rep movsb
.quit:
ret
endp
proc md4.final _ctx
mov ebx, [_ctx]
lea edi, [ebx + ctx_md4.block]
mov ecx, [ebx + ctx_md4.msglen_0]
and ecx, MD4_BLOCK_SIZE-1
add edi, ecx
mov byte[edi], 0x80
inc edi
neg ecx
add ecx, MD4_BLOCK_SIZE
cmp ecx, 8
ja .last
dec ecx
xor eax, eax
rep stosb
lea esi, [ebx + ctx_md4.block]
lea eax, [ebx + ctx_md4.hash]
stdcall md4._.block, eax
mov ebx, [_ctx]
lea edi, [ebx + ctx_md4.block]
mov ecx, MD4_BLOCK_SIZE+1
.last:
dec ecx
sub ecx, 8
xor eax, eax
rep stosb
mov eax, [ebx + ctx_md4.msglen_0]
mov edx, [ebx + ctx_md4.msglen_1]
shld edx, eax, 3
shl eax, 3
mov dword[edi], eax
mov dword[edi+4], edx
lea esi, [ebx + ctx_md4.block]
lea eax, [ebx + ctx_md4.hash]
stdcall md4._.block, eax
ret
endp
proc md4.oneshot _ctx, _data, _len
stdcall md4.init, [_ctx]
stdcall md4.update, [_ctx], [_data], [_len]
stdcall md4.final, [_ctx]
ret
endp
iglobal
align MD4_ALIGN
md4._.hash_init dd 0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0
endg

View File

@ -1,441 +0,0 @@
; libcrash -- cryptographic hash functions
;
; Copyright (C) 2012-2013,2016,2019 Ivan Baravy (dunkaist)
;
; This program is free software: you can redistribute it and/or modify
; it under the terms of the GNU General Public License as published by
; the Free Software Foundation, either version 3 of the License, or
; (at your option) any later version.
;
; This program is distributed in the hope that it will be useful,
; but WITHOUT ANY WARRANTY; without even the implied warranty of
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
; GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License
; along with this program. If not, see <http://www.gnu.org/licenses/>.
SHA224256_BLOCK_SIZE = 64
SHA224_BLOCK_SIZE = SHA224256_BLOCK_SIZE
SHA256_BLOCK_SIZE = SHA224256_BLOCK_SIZE
SHA224_HASH_SIZE = 28
SHA256_HASH_SIZE = 32
SHA224256_INIT_SIZE = 32
SHA224256_ALIGN = 4
SHA224256_ALIGN_MASK = SHA224256_ALIGN - 1
struct ctx_sha224256
hash rb SHA224256_INIT_SIZE
block rb SHA224256_BLOCK_SIZE
index rd 1
msglen_0 rd 1
msglen_1 rd 1
ends
if defined sizeof.crash_ctx
assert sizeof.crash_ctx >= sizeof.ctx_sha224256
end if
macro sha224256._.chn x, y, z
{
mov eax, [y]
xor eax, [z]
and eax, [x]
xor eax, [z]
}
macro sha224256._.maj x, y, z
{
mov eax, [x]
xor eax, [y]
and eax, [z]
mov ecx, [x]
and ecx, [y]
xor eax, ecx
}
macro sha224256._.Sigma0 x
{
mov eax, x
mov ecx, eax
ror ecx, 2
ror eax, 13
xor eax, ecx
mov ecx, x
ror ecx, 22
xor eax, ecx
}
macro sha224256._.Sigma1 x
{
mov eax, x
mov ecx, eax
ror ecx, 6
ror eax, 11
xor eax, ecx
mov ecx, x
ror ecx, 25
xor eax, ecx
}
macro sha224256._.sigma0 x
{
mov eax, x
mov ecx, eax
ror ecx, 7
ror eax, 18
xor eax, ecx
mov ecx, x
shr ecx, 3
xor eax, ecx
}
macro sha224256._.sigma1 x
{
mov eax, x
mov ecx, eax
ror ecx, 17
ror eax, 19
xor eax, ecx
mov ecx, x
shr ecx, 10
xor eax, ecx
}
macro sha224256._.recalculate_w n
{
mov edx, [w + ((n-2) and 15)*4]
sha224256._.sigma1 edx
add eax, [w + ((n-7) and 15)*4]
push eax
mov edx, [w + ((n-15) and 15)*4]
sha224256._.sigma0 edx
pop ecx
add eax, ecx
add [w + (n)*4], eax
}
macro sha224256._.round a, b, c, d, e, f, g, h, k
{
mov ebx, [h]
mov edx, [e]
sha224256._.Sigma1 edx
add ebx, eax
sha224256._.chn e, f, g
add ebx, eax
add ebx, [k]
add ebx, edi
add [d], ebx
mov edx, [a]
sha224256._.Sigma0 edx
add ebx, eax
sha224256._.maj a, b, c
add eax, ebx
mov [h], eax
}
macro sha224256._.round_1_16 a, b, c, d, e, f, g, h, n
{
mov eax, [esi + (n)*4]
bswap eax
mov dword[w + (n)*4], eax
mov edi, eax
sha224256._.round a, b, c, d, e, f, g, h, (sha256_table + (n)*4)
}
macro sha224256._.round_17_64 a, b, c, d, e, f, g, h, n, rep_num
{
sha224256._.recalculate_w n
mov edi, [w + (n)*4]
sha224256._.round a, b, c, d, e, f, g, h, (sha256_table + (n+16*rep_num)*4)
}
proc sha224.init _ctx
mov ebx, [_ctx]
lea edi, [ebx + ctx_sha224256.hash]
mov esi, sha224._.hash_init
mov ecx, SHA224256_INIT_SIZE/4
rep movsd
xor eax, eax
mov [ebx + ctx_sha224256.index], eax
mov [ebx + ctx_sha224256.msglen_0], eax
mov [ebx + ctx_sha224256.msglen_1], eax
ret
endp
proc sha256.init _ctx
mov ebx, [_ctx]
lea edi, [ebx + ctx_sha224256.hash]
mov esi, sha256._.hash_init
mov ecx, SHA224256_INIT_SIZE/4
rep movsd
xor eax, eax
mov [ebx + ctx_sha224256.index], eax
mov [ebx + ctx_sha224256.msglen_0], eax
mov [ebx + ctx_sha224256.msglen_1], eax
ret
endp
proc sha224256._.block _hash
locals
w rd 64
A rd 1
B rd 1
C rd 1
D rd 1
E rd 1
F rd 1
G rd 1
H rd 1
endl
mov edi, [_hash]
mov eax, [edi + 0x00]
mov [A], eax
mov eax, [edi + 0x04]
mov [B], eax
mov eax, [edi + 0x08]
mov [C], eax
mov eax, [edi + 0x0c]
mov [D], eax
mov eax, [edi + 0x10]
mov [E], eax
mov eax, [edi + 0x14]
mov [F], eax
mov eax, [edi + 0x18]
mov [G], eax
mov eax, [edi + 0x1c]
mov [H], eax
sha224256._.round_1_16 A, B, C, D, E, F, G, H, 0
sha224256._.round_1_16 H, A, B, C, D, E, F, G, 1
sha224256._.round_1_16 G, H, A, B, C, D, E, F, 2
sha224256._.round_1_16 F, G, H, A, B, C, D, E, 3
sha224256._.round_1_16 E, F, G, H, A, B, C, D, 4
sha224256._.round_1_16 D, E, F, G, H, A, B, C, 5
sha224256._.round_1_16 C, D, E, F, G, H, A, B, 6
sha224256._.round_1_16 B, C, D, E, F, G, H, A, 7
sha224256._.round_1_16 A, B, C, D, E, F, G, H, 8
sha224256._.round_1_16 H, A, B, C, D, E, F, G, 9
sha224256._.round_1_16 G, H, A, B, C, D, E, F, 10
sha224256._.round_1_16 F, G, H, A, B, C, D, E, 11
sha224256._.round_1_16 E, F, G, H, A, B, C, D, 12
sha224256._.round_1_16 D, E, F, G, H, A, B, C, 13
sha224256._.round_1_16 C, D, E, F, G, H, A, B, 14
sha224256._.round_1_16 B, C, D, E, F, G, H, A, 15
repeat 3
sha224256._.round_17_64 A, B, C, D, E, F, G, H, 0, %
sha224256._.round_17_64 H, A, B, C, D, E, F, G, 1, %
sha224256._.round_17_64 G, H, A, B, C, D, E, F, 2, %
sha224256._.round_17_64 F, G, H, A, B, C, D, E, 3, %
sha224256._.round_17_64 E, F, G, H, A, B, C, D, 4, %
sha224256._.round_17_64 D, E, F, G, H, A, B, C, 5, %
sha224256._.round_17_64 C, D, E, F, G, H, A, B, 6, %
sha224256._.round_17_64 B, C, D, E, F, G, H, A, 7, %
sha224256._.round_17_64 A, B, C, D, E, F, G, H, 8, %
sha224256._.round_17_64 H, A, B, C, D, E, F, G, 9, %
sha224256._.round_17_64 G, H, A, B, C, D, E, F, 10, %
sha224256._.round_17_64 F, G, H, A, B, C, D, E, 11, %
sha224256._.round_17_64 E, F, G, H, A, B, C, D, 12, %
sha224256._.round_17_64 D, E, F, G, H, A, B, C, 13, %
sha224256._.round_17_64 C, D, E, F, G, H, A, B, 14, %
sha224256._.round_17_64 B, C, D, E, F, G, H, A, 15, %
end repeat
mov edi, [_hash]
mov eax, [A]
add [edi + 0x00], eax
mov eax, [B]
add [edi + 0x04], eax
mov eax, [C]
add [edi + 0x08], eax
mov eax, [D]
add [edi + 0x0c], eax
mov eax, [E]
add [edi + 0x10], eax
mov eax, [F]
add [edi + 0x14], eax
mov eax, [G]
add [edi + 0x18], eax
mov eax, [H]
add [edi + 0x1c], eax
ret
endp
sha224.update = sha224256.update
sha256.update = sha224256.update
proc sha224256.update _ctx, _msg, _size
mov ebx, [_ctx]
mov ecx, [_size]
add [ebx + ctx_sha224256.msglen_0], ecx
adc [ebx + ctx_sha224256.msglen_1], 0
.next_block:
mov ebx, [_ctx]
mov esi, [_msg]
mov eax, [ebx + ctx_sha224256.index]
and eax, SHA224256_BLOCK_SIZE-1
jnz .copy_to_buf
test esi, SHA224256_ALIGN_MASK
jnz .copy_to_buf
.no_copy:
; data is aligned, hash it in place without copying
mov ebx, [_ctx]
cmp [_size], SHA224256_BLOCK_SIZE
jb .copy_quit
lea eax, [ebx + ctx_sha224256.hash]
stdcall sha224256._.block, eax
sub [_size], SHA224256_BLOCK_SIZE
add esi, SHA224256_BLOCK_SIZE ; FIXME
jmp .no_copy
.copy_to_buf:
lea edi, [ebx + ctx_sha224256.block]
add edi, eax
mov ecx, SHA224256_BLOCK_SIZE
sub ecx, eax
cmp [_size], ecx
jb .copy_quit
sub [_size], ecx
add [_msg], ecx
add [ebx + ctx_sha224256.index], ecx
rep movsb
lea eax, [ebx + ctx_sha224256.hash]
lea esi, [ebx + ctx_sha224256.block]
stdcall sha224256._.block, eax
jmp .next_block
.copy_quit:
mov ebx, [_ctx]
lea edi, [ebx + ctx_sha224256.block]
mov eax, [ebx + ctx_sha224256.index]
and eax, SHA224256_BLOCK_SIZE-1
add edi, eax
mov ecx, [_size]
add [ebx + ctx_sha224256.index], ecx
rep movsb
.quit:
ret
endp
sha224.final = sha224256.final
sha256.final = sha224256.final
proc sha224256.final _ctx
mov ebx, [_ctx]
lea edi, [ebx + ctx_sha224256.block]
mov ecx, [ebx + ctx_sha224256.msglen_0]
and ecx, SHA224256_BLOCK_SIZE-1
add edi, ecx
mov byte[edi], 0x80
inc edi
neg ecx
add ecx, SHA224256_BLOCK_SIZE
cmp ecx, 8
ja .last
dec ecx
xor eax, eax
rep stosb
lea esi, [ebx + ctx_sha224256.block]
lea eax, [ebx + ctx_sha224256.hash]
stdcall sha224256._.block, eax
mov ebx, [_ctx]
lea edi, [ebx + ctx_sha224256.block]
mov ecx, SHA224256_BLOCK_SIZE+1
.last:
dec ecx
sub ecx, 8
xor eax, eax
rep stosb
mov eax, [ebx + ctx_sha224256.msglen_0]
mov edx, [ebx + ctx_sha224256.msglen_1]
shld edx, eax, 3
shl eax, 3
bswap eax
bswap edx
mov dword[edi], edx
mov dword[edi+4], eax
lea esi, [ebx + ctx_sha224256.block]
lea eax, [ebx + ctx_sha224256.hash]
stdcall sha224256._.block, eax
mov ebx, [_ctx]
lea eax, [ebx + ctx_sha224256.hash]
stdcall sha224256._.postprocess, ebx, eax
ret
endp
proc sha224256._.postprocess _ctx, _hash
mov ecx, 8
mov esi, [_hash]
mov edi, esi
@@:
lodsd
bswap eax
stosd
dec ecx
jnz @b
ret
endp
proc sha224.oneshot _ctx, _data, _len
stdcall sha224.init, [_ctx]
stdcall sha224.update, [_ctx], [_data], [_len]
stdcall sha224.final, [_ctx]
ret
endp
proc sha256.oneshot _ctx, _data, _len
stdcall sha256.init, [_ctx]
stdcall sha256.update, [_ctx], [_data], [_len]
stdcall sha256.final, [_ctx]
ret
endp
iglobal
align SHA224256_ALIGN
sha224._.hash_init dd 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939,\
0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4
sha256._.hash_init dd 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,\
0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
sha256_table dd 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,\
0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,\
0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,\
0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,\
0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,\
0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,\
0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,\
0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,\
0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,\
0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,\
0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,\
0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,\
0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,\
0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,\
0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,\
0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
endg

View File

@ -20,10 +20,12 @@
; To compute HMAC over the data `text' we perform
; H(K XOR opad, H(K XOR ipad, text))
MD5_BLOCK_SIZE = 64
struct hmac_md5_context
hash rb MD5_HASH_SIZE
ipad_ctx crash_ctx
opad_ctx crash_ctx
hash rb MD5_LEN
ipad_ctx rb LIBCRASH_CTX_LEN
opad_ctx rb LIBCRASH_CTX_LEN
ends
; We will precompute partial hashes of K XOR ipad and K XOR opad,

View File

@ -20,10 +20,12 @@
; To compute HMAC over the data `text' we perform
; H(K XOR opad, H(K XOR ipad, text))
SHA1_BLOCK_SIZE = 64
struct hmac_sha1_context
hash rb SHA1_HASH_SIZE
ipad_ctx crash_ctx
opad_ctx crash_ctx
hash rb SHA1_LEN
ipad_ctx rb LIBCRASH_CTX_LEN
opad_ctx rb LIBCRASH_CTX_LEN
ends
; We will precompute partial hashes of K XOR ipad and K XOR opad,

View File

@ -20,10 +20,12 @@
; To compute HMAC over the data `text' we perform
; H(K XOR opad, H(K XOR ipad, text))
SHA2_256_BLOCK_SIZE = 64
struct hmac_sha256_context
hash rb SHA256_HASH_SIZE
ipad_ctx crash_ctx
opad_ctx crash_ctx
hash rb SHA2_256_LEN
ipad_ctx rb LIBCRASH_CTX_LEN
opad_ctx rb LIBCRASH_CTX_LEN
ends
; We will precompute partial hashes of K XOR ipad and K XOR opad,
@ -32,21 +34,21 @@ ends
proc hmac_sha256_setkey ctx, key, key_length
locals
k_temp rb SHA256_BLOCK_SIZE
k_temp rb SHA2_256_BLOCK_SIZE
endl
pusha
; input esi = key, ecx=key_length
mov ecx, [key_length]
cmp ecx, SHA256_BLOCK_SIZE
cmp ecx, SHA2_256_BLOCK_SIZE
ja .hash_it
; Key is smaller then or equal to blocksize,
; copy key to ipad
mov esi, [key]
lea edi, [k_temp]
rep movsb
mov ecx, SHA256_BLOCK_SIZE
mov ecx, SHA2_256_BLOCK_SIZE
sub ecx, [key_length]
jz .finish
; append zeros to the key
@ -56,21 +58,21 @@ endl
; Given key is larger then key size, hash it
.hash_it:
invoke sha256_init, [ctx]
invoke sha256_update, [ctx], [key], [key_length]
invoke sha256_final, [ctx]
invoke sha2_256_init, [ctx]
invoke sha2_256_update, [ctx], [key], [key_length]
invoke sha2_256_finish, [ctx]
mov esi, [ctx]
lea edi, [k_temp]
mov ecx, SHA256_HASH_SIZE/4
mov ecx, SHA2_256_LEN/4
rep movsd
xor eax, eax
mov ecx, (SHA256_BLOCK_SIZE-SHA256_HASH_SIZE)/4
mov ecx, (SHA2_256_BLOCK_SIZE-SHA2_256_LEN)/4
rep stosd
.finish:
; xor ipad buffer with 0x36363...
lea esi, [k_temp]
mov ecx, SHA256_BLOCK_SIZE/4
mov ecx, SHA2_256_BLOCK_SIZE/4
@@:
xor dword[esi], 0x36363636 ; ipad constant
add esi, 4
@ -80,19 +82,19 @@ endl
; Init our hash with k_xor_ipad
mov ebx, [ctx]
lea edi, [ebx+hmac_sha256_context.ipad_ctx]
invoke sha256_init, edi
invoke sha2_256_init, edi
lea esi, [k_temp]
DEBUGF 1, "HASH: "
stdcall dump_hex, esi, SHA256_BLOCK_SIZE/4
stdcall dump_hex, esi, SHA2_256_BLOCK_SIZE/4
mov ebx, [ctx]
lea edi, [ebx+hmac_sha256_context.ipad_ctx]
invoke sha256_update, edi, esi, SHA256_BLOCK_SIZE
invoke sha2_256_update, edi, esi, SHA2_256_BLOCK_SIZE
; xor opad buffer with 0x5c5c5...
lea esi, [k_temp]
mov ecx, SHA256_BLOCK_SIZE/4
mov ecx, SHA2_256_BLOCK_SIZE/4
@@:
xor dword[esi], 0x36363636 xor 0x5c5c5c5c ; opad constant
add esi, 4
@ -102,15 +104,15 @@ endl
; Init our hash with k_xor_opad
mov ebx, [ctx]
lea edi, [ebx+hmac_sha256_context.opad_ctx]
invoke sha256_init, edi
invoke sha2_256_init, edi
lea esi, [k_temp]
DEBUGF 1, "HASH: "
stdcall dump_hex, esi, SHA256_BLOCK_SIZE/4
stdcall dump_hex, esi, SHA2_256_BLOCK_SIZE/4
mov ebx, [ctx]
lea edi, [ebx+hmac_sha256_context.opad_ctx]
invoke sha256_update, edi, esi, SHA256_BLOCK_SIZE
invoke sha2_256_update, edi, esi, SHA2_256_BLOCK_SIZE
popa
ret
@ -124,8 +126,8 @@ endp
proc hmac_sha256 ctx, _data, _length
locals
inner_ctx crash_ctx
outer_ctx crash_ctx
inner_ctx rb LIBCRASH_CTX_LEN
outer_ctx rb LIBCRASH_CTX_LEN
endl
pusha
@ -138,30 +140,30 @@ endl
mov esi, [ctx]
lea esi, [esi+hmac_sha256_context.ipad_ctx]
lea edi, [inner_ctx]
repeat (sizeof.crash_ctx)/4*2
repeat (LIBCRASH_CTX_LEN)/4*2
movsd
end repeat
; Append provided data to inner hash and finalize
lea ebx, [inner_ctx]
invoke sha256_update, ebx, [_data], [_length]
invoke sha2_256_update, ebx, [_data], [_length]
lea ebx, [inner_ctx]
invoke sha256_final, ebx
invoke sha2_256_finish, ebx
DEBUGF 1, "Inner Hash: "
lea esi, [inner_ctx.hash]
stdcall dump_hex, esi, SHA256_HASH_SIZE/4
lea esi, [inner_ctx]
stdcall dump_hex, esi, SHA2_256_LEN/4
; Calculate outer hash
lea ebx, [outer_ctx]
lea esi, [inner_ctx.hash]
invoke sha256_update, ebx, esi, SHA256_HASH_SIZE
lea esi, [inner_ctx]
invoke sha2_256_update, ebx, esi, SHA2_256_LEN
lea ebx, [outer_ctx]
invoke sha256_final, ebx
invoke sha2_256_finish, ebx
; Copy output hash to ctx structure ; FIXME
lea esi, [outer_ctx.hash]
lea esi, [outer_ctx]
mov edi, [ctx]
repeat SHA256_HASH_SIZE/4
repeat SHA2_256_LEN/4
movsd
end repeat

View File

@ -49,7 +49,7 @@ include '../../proc32.inc'
include '../../dll.inc'
include '../../debug-fdo.inc'
include '../../network.inc'
include '../../develop/libraries/libcrash/trunk/libcrash.inc'
include '../../develop/libraries/libcrash/libcrash.inc'
; macros for network byte order
macro dd_n op {
@ -621,18 +621,18 @@ import console, \
con_get_input, 'con_get_input'
import libcrash, \
sha512_init, 'sha512_init', \
sha512_update, 'sha512_update', \
sha512_final, 'sha512_final',\
sha256_init, 'sha256_init', \
sha256_update, 'sha256_update', \
sha256_final, 'sha256_final',\
sha2_512_init, 'sha2_512_init', \
sha2_512_update, 'sha2_512_update', \
sha2_512_finish, 'sha2_512_finish',\
sha2_256_init, 'sha2_256_init', \
sha2_256_update, 'sha2_256_update', \
sha2_256_finish, 'sha2_256_finish',\
sha1_init, 'sha1_init', \
sha1_update, 'sha1_update', \
sha1_final, 'sha1_final', \
sha1_finish, 'sha1_finish', \
md5_init, 'md5_init', \
md5_update, 'md5_update', \
md5_final, 'md5_final'
md5_finish, 'md5_finish'
import libini, \
ini_get_str, 'ini_get_str', \

View File

@ -125,8 +125,8 @@ struct sshlib_connection
tx_buffer ssh_packet_header
rb PACKETSIZE-sizeof.ssh_packet_header
part_ex_hash_ctx crash_ctx
session_id rb SHA256_HASH_SIZE
part_ex_hash_ctx rb LIBCRASH_CTX_LEN
session_id rb SHA2_256_LEN
algo_kex dd ?
algo_hostkey dd ?

View File

@ -109,9 +109,9 @@ endl
jnz .err_sock
; Start calculating hash
invoke sha256_init, [ctx_ptr]
invoke sha2_256_init, [ctx_ptr]
; HASH: string V_C, the client's version string (CR and NL excluded)
invoke sha256_update, [ctx_ptr], ssh_ident_ha, ssh_msg_ident.length+4-2
invoke sha2_256_update, [ctx_ptr], ssh_ident_ha, ssh_msg_ident.length+4-2
; >> Send our identification string
DEBUGF 2, "Sending ID string\n"
@ -138,7 +138,7 @@ endl
bswap eax
sub edx, 4
mov dword[edx], eax
invoke sha256_update, [ctx_ptr], edx, ecx
invoke sha2_256_update, [ctx_ptr], edx, ecx
; >> Key Exchange init
mov eax, [con_ptr]
@ -191,7 +191,7 @@ endl
bswap eax
lea esi, [esi+sshlib_connection.tx_buffer+1]
mov dword[esi], eax
invoke sha256_update, [ctx_ptr], esi, edx
invoke sha2_256_update, [ctx_ptr], esi, edx
; << Check key exchange init of server
stdcall sshlib_recv_packet, [con_ptr], 0
@ -269,7 +269,7 @@ endl
bswap eax
lea esi, [esi+sshlib_connection.rx_buffer+1]
mov dword[esi], eax
invoke sha256_update, [ctx_ptr], esi, edx
invoke sha2_256_update, [ctx_ptr], esi, edx
; Exchange keys with the server

View File

@ -44,7 +44,7 @@ locals
K_length dd ?
session_id_x rb SHA256_HASH_SIZE+1
session_id_x rb SHA2_256_LEN+1
str_K_S dd ? ; server public host key and certificates (K_S)
mpint_f_big dd ? ; pointer to original
@ -54,7 +54,7 @@ endl
; Allocate memory for temp variables
mov ecx, 7*(MAX_BITS/8+4) + 7*SHA256_HASH_SIZE + 2*sizeof.crash_ctx
mov ecx, 7*(MAX_BITS/8+4) + 7*SHA2_256_LEN + 2*LIBCRASH_CTX_LEN
mcall 68, 12
test eax, eax
jz .err_nomem
@ -77,31 +77,31 @@ endl
add eax, (MAX_BITS/8+4)
mov [k_h_ctx], eax
add eax, sizeof.crash_ctx
add eax, LIBCRASH_CTX_LEN
mov [temp_ctx], eax
add eax, sizeof.crash_ctx
add eax, LIBCRASH_CTX_LEN
mov [H], eax
add eax, SHA256_HASH_SIZE
add eax, SHA2_256_LEN
mov [rx_iv], eax
add eax, SHA256_HASH_SIZE
add eax, SHA2_256_LEN
mov [tx_iv], eax
add eax, SHA256_HASH_SIZE
add eax, SHA2_256_LEN
mov [rx_enc_key], eax
add eax, SHA256_HASH_SIZE
add eax, SHA2_256_LEN
mov [tx_enc_key], eax
add eax, SHA256_HASH_SIZE
add eax, SHA2_256_LEN
mov [rx_int_key], eax
add eax, SHA256_HASH_SIZE
add eax, SHA2_256_LEN
mov [tx_int_key], eax
; add eax, SHA256_HASH_SIZE
; add eax, SHA2_256_LEN
; Copy the partial exchange hash to our temporary one
mov esi, [con_ptr]
lea esi, [esi+sshlib_connection.part_ex_hash_ctx]
mov edi, [temp_ctx]
mov ecx, sizeof.crash_ctx/4
mov ecx, LIBCRASH_CTX_LEN/4
rep movsd
;----------------------------------------------
@ -201,27 +201,27 @@ endl
add edx, 4
lea eax, [esi+edx]
mov [mpint_f_big], eax
invoke sha256_update, [temp_ctx], esi, edx
invoke sha2_256_update, [temp_ctx], esi, edx
;--------------------------------------------------------------------------
; HASH: uint32 min, minimal size in bits of an acceptable group
; uint32 n, preferred size in bits of the group the server will send
; uint32 max, maximal size in bits of an acceptable group
invoke sha256_update, [temp_ctx], ssh_msg_gex_req+sizeof.ssh_packet_header-ssh_packet_header.message_code, 12
invoke sha2_256_update, [temp_ctx], ssh_msg_gex_req+sizeof.ssh_packet_header-ssh_packet_header.message_code, 12
;----------------------------
; HASH: mpint p, safe prime
stdcall mpint_shrink, [mpint_p]
stdcall mpint_to_big_endian, [mpint_tmp], [mpint_p]
add eax, 4
invoke sha256_update, [temp_ctx], [mpint_tmp], eax
invoke sha2_256_update, [temp_ctx], [mpint_tmp], eax
;----------------------------------------
; HASH: mpint g, generator for subgroup
stdcall mpint_shrink, [mpint_g]
stdcall mpint_to_big_endian, [mpint_tmp], [mpint_g]
add eax, 4
invoke sha256_update, [temp_ctx], [mpint_tmp], eax
invoke sha2_256_update, [temp_ctx], [mpint_tmp], eax
;---------------------------------------------------
; HASH: mpint e, exchange value sent by the client
@ -230,7 +230,7 @@ endl
mov edx, [esi]
bswap edx
add edx, 4
invoke sha256_update, [temp_ctx], esi, edx
invoke sha2_256_update, [temp_ctx], esi, edx
;---------------------------------------------------
; HASH: mpint f, exchange value sent by the server
@ -238,7 +238,7 @@ endl
mov edx, [esi]
bswap edx
add edx, 4
invoke sha256_update, [temp_ctx], esi, edx
invoke sha2_256_update, [temp_ctx], esi, edx
stdcall mpint_to_little_endian, [mpint_f], [mpint_f_big]
mov esi, [mpint_f_big]
@ -260,19 +260,18 @@ endl
;-----------------------------------
; HASH: mpint K, the shared secret
add eax, 4
invoke sha256_update, [temp_ctx], [mpint_K_big], eax
invoke sha2_256_update, [temp_ctx], [mpint_K_big], eax
;-------------------------------
; Finalize the exchange hash (H)
invoke sha256_final, [temp_ctx]
invoke sha2_256_finish, [temp_ctx]
mov esi, [temp_ctx]
add esi, crash_ctx.hash
mov edi, [H]
mov ecx, SHA256_HASH_SIZE/4
mov ecx, SHA2_256_LEN/4
rep movsd
DEBUGF 1, "Exchange hash H: "
stdcall dump_hex, [H], SHA256_HASH_SIZE/4
stdcall dump_hex, [H], SHA2_256_LEN/4
;--------------------------
; Set or get the session id
@ -282,20 +281,20 @@ endl
jae @f
; If first KEX, verify host public key
stdcall sshlib_host_verify, [con_ptr], [str_K_S], [str_s_of_H], [H], SHA256_HASH_SIZE
stdcall sshlib_host_verify, [con_ptr], [str_K_S], [str_s_of_H], [H], SHA2_256_LEN
test eax, eax
jnz .err
mov eax, [con_ptr]
mov esi, [H]
lea edi, [eax + sshlib_connection.session_id]
mov ecx, SHA256_HASH_SIZE/4
mov ecx, SHA2_256_LEN/4
rep movsd
@@:
lea esi, [eax + sshlib_connection.session_id]
lea edi, [session_id_x+1]
mov ecx, SHA256_HASH_SIZE/4
mov ecx, SHA2_256_LEN/4
rep movsd
@ -304,126 +303,126 @@ endl
; First, calculate partial hash of K and H so we can re-use it for every key.
invoke sha256_init, [k_h_ctx]
invoke sha2_256_init, [k_h_ctx]
mov ecx, [K_length]
add ecx, 4
invoke sha256_update, [k_h_ctx], [mpint_K_big], ecx
invoke sha256_update, [k_h_ctx], [H], SHA256_HASH_SIZE
invoke sha2_256_update, [k_h_ctx], [mpint_K_big], ecx
invoke sha2_256_update, [k_h_ctx], [H], SHA2_256_LEN
;---------------------------------------------------------------
; Initial IV client to server: HASH(K || H || "A" || session_id)
mov esi, [k_h_ctx]
mov edi, [temp_ctx]
mov ecx, sizeof.crash_ctx/4
mov ecx, LIBCRASH_CTX_LEN/4
rep movsd
lea edx, [session_id_x]
mov byte[edx], 'A'
invoke sha256_update, [temp_ctx], edx, SHA256_HASH_SIZE+1
invoke sha256_final, [temp_ctx]
invoke sha2_256_update, [temp_ctx], edx, SHA2_256_LEN+1
invoke sha2_256_finish, [temp_ctx]
mov edi, [tx_iv]
mov esi, [temp_ctx]
mov ecx, SHA256_HASH_SIZE/4
mov ecx, SHA2_256_LEN/4
rep movsd
DEBUGF 1, "Remote IV: "
stdcall dump_hex, [tx_iv], SHA256_HASH_SIZE/4
stdcall dump_hex, [tx_iv], SHA2_256_LEN/4
;---------------------------------------------------------------
; Initial IV server to client: HASH(K || H || "B" || session_id)
mov esi, [k_h_ctx]
mov edi, [temp_ctx]
mov ecx, sizeof.crash_ctx/4
mov ecx, LIBCRASH_CTX_LEN/4
rep movsd
lea edx, [session_id_x]
mov byte[edx], 'B'
invoke sha256_update, [temp_ctx], edx, SHA256_HASH_SIZE+1
invoke sha256_final, [temp_ctx]
invoke sha2_256_update, [temp_ctx], edx, SHA2_256_LEN+1
invoke sha2_256_finish, [temp_ctx]
mov edi, [rx_iv]
mov esi, [temp_ctx]
mov ecx, SHA256_HASH_SIZE/4
mov ecx, SHA2_256_LEN/4
rep movsd
DEBUGF 1, "Local IV: "
stdcall dump_hex, [rx_iv], SHA256_HASH_SIZE/4
stdcall dump_hex, [rx_iv], SHA2_256_LEN/4
;-------------------------------------------------------------------
; Encryption key client to server: HASH(K || H || "C" || session_id)
mov esi, [k_h_ctx]
mov edi, [temp_ctx]
mov ecx, sizeof.crash_ctx/4
mov ecx, LIBCRASH_CTX_LEN/4
rep movsd
lea edx, [session_id_x]
mov byte[edx], 'C'
invoke sha256_update, [temp_ctx], edx, SHA256_HASH_SIZE+1
invoke sha256_final, [temp_ctx]
invoke sha2_256_update, [temp_ctx], edx, SHA2_256_LEN+1
invoke sha2_256_finish, [temp_ctx]
mov edi, [tx_enc_key]
mov esi, [temp_ctx]
mov ecx, SHA256_HASH_SIZE/4
mov ecx, SHA2_256_LEN/4
rep movsd
DEBUGF 1, "Remote key: "
stdcall dump_hex, [tx_enc_key], SHA256_HASH_SIZE/4
stdcall dump_hex, [tx_enc_key], SHA2_256_LEN/4
;-------------------------------------------------------------------
; Encryption key server to client: HASH(K || H || "D" || session_id)
mov esi, [k_h_ctx]
mov edi, [temp_ctx]
mov ecx, sizeof.crash_ctx/4
mov ecx, LIBCRASH_CTX_LEN/4
rep movsd
lea edx, [session_id_x]
mov byte[edx], 'D'
invoke sha256_update, [temp_ctx], edx, SHA256_HASH_SIZE+1
invoke sha256_final, [temp_ctx]
invoke sha2_256_update, [temp_ctx], edx, SHA2_256_LEN+1
invoke sha2_256_finish, [temp_ctx]
mov edi, [rx_enc_key]
mov esi, [temp_ctx]
mov ecx, SHA256_HASH_SIZE/4
mov ecx, SHA2_256_LEN/4
rep movsd
DEBUGF 1, "Local key: "
stdcall dump_hex, [rx_enc_key], SHA256_HASH_SIZE/4
stdcall dump_hex, [rx_enc_key], SHA2_256_LEN/4
;------------------------------------------------------------------
; Integrity key client to server: HASH(K || H || "E" || session_id)
mov esi, [k_h_ctx]
mov edi, [temp_ctx]
mov ecx, sizeof.crash_ctx/4
mov ecx, LIBCRASH_CTX_LEN/4
rep movsd
lea edx, [session_id_x]
mov byte[edx], 'E'
invoke sha256_update, [temp_ctx], edx, SHA256_HASH_SIZE+1
invoke sha256_final, [temp_ctx]
invoke sha2_256_update, [temp_ctx], edx, SHA2_256_LEN+1
invoke sha2_256_finish, [temp_ctx]
mov edi, [tx_int_key]
mov esi, [temp_ctx]
mov ecx, SHA256_HASH_SIZE/4
mov ecx, SHA2_256_LEN/4
rep movsd
DEBUGF 1, "Remote Integrity key: "
stdcall dump_hex, [tx_int_key], SHA256_HASH_SIZE/4
stdcall dump_hex, [tx_int_key], SHA2_256_LEN/4
;------------------------------------------------------------------
; Integrity key server to client: HASH(K || H || "F" || session_id)
mov esi, [k_h_ctx]
mov edi, [temp_ctx]
mov ecx, sizeof.crash_ctx/4
mov ecx, LIBCRASH_CTX_LEN/4
rep movsd
lea edx, [session_id_x]
mov byte[edx], 'F'
invoke sha256_update, [temp_ctx], edx, SHA256_HASH_SIZE+1
invoke sha256_final, [temp_ctx]
invoke sha2_256_update, [temp_ctx], edx, SHA2_256_LEN+1
invoke sha2_256_finish, [temp_ctx]
mov edi, [rx_int_key]
mov esi, [temp_ctx]
mov ecx, SHA256_HASH_SIZE/4
mov ecx, SHA2_256_LEN/4
rep movsd
DEBUGF 1, "Local Integrity key: "
stdcall dump_hex, [rx_int_key] , SHA256_HASH_SIZE/4
stdcall dump_hex, [rx_int_key] , SHA2_256_LEN/4
;-------------------------------------
; << Parse Diffie-Hellman New Keys MSG
@ -471,14 +470,14 @@ endl
mov [ebx + sshlib_connection.tx_pad_proc], MBRandom
lea ecx, [ebx + sshlib_connection.rx_mac_ctx]
stdcall hmac_sha256_setkey, ecx, [rx_int_key], SHA256_HASH_SIZE
stdcall hmac_sha256_setkey, ecx, [rx_int_key], SHA2_256_LEN
mov [ebx + sshlib_connection.rx_mac_proc], hmac_sha256
mov [ebx + sshlib_connection.rx_mac_length], SHA256_HASH_SIZE
mov [ebx + sshlib_connection.rx_mac_length], SHA2_256_LEN
lea ecx, [ebx + sshlib_connection.tx_mac_ctx]
stdcall hmac_sha256_setkey, ecx, [tx_int_key], SHA256_HASH_SIZE
stdcall hmac_sha256_setkey, ecx, [tx_int_key], SHA2_256_LEN
mov [ebx + sshlib_connection.tx_mac_proc], hmac_sha256
mov [ebx + sshlib_connection.tx_mac_length], SHA256_HASH_SIZE
mov [ebx + sshlib_connection.tx_mac_length], SHA2_256_LEN
mov [ebx + sshlib_connection.status], SSHLIB_CON_STAT_KEX_DONE
xor eax, eax
@ -486,7 +485,7 @@ endl
.err:
push eax
xor eax, eax
mov ecx, (7*(MAX_BITS/8+4) + 7*SHA256_HASH_SIZE + 2*sizeof.crash_ctx)/4
mov ecx, (7*(MAX_BITS/8+4) + 7*SHA2_256_LEN + 2*LIBCRASH_CTX_LEN)/4
mov edi, [mpint_tmp]
rep stosd

View File

@ -134,11 +134,11 @@ endl
DEBUGF 3, "SSH: Performing RSA verification\n"
mcall 68, 12, sizeof.crash_ctx + 5*(MAX_BITS/8+4)
mcall 68, 12, LIBCRASH_CTX_LEN + 5*(MAX_BITS/8+4)
test eax, eax
jz .err_nomem
mov [h_ctx], eax
add eax, sizeof.crash_ctx
add eax, LIBCRASH_CTX_LEN
mov [mpint_e], eax
add eax, MAX_BITS/8+4
mov [mpint_n], eax
@ -211,7 +211,7 @@ endl
; EMSA-PKCS1-v1_5
invoke sha1_init, [h_ctx]
invoke sha1_update, [h_ctx], [M], [message_len]
invoke sha1_final, [h_ctx]
invoke sha1_finish, [h_ctx]
mov edi, [EM_accent]
mov al, 0x00
@ -219,7 +219,7 @@ endl
mov al, 0x01
stosb
mov ecx, [k]
sub ecx, (rsa_sha1_T.len + 3 + SHA1_HASH_SIZE)
sub ecx, (rsa_sha1_T.len + 3 + SHA1_LEN)
jl .err_key
jz @f
mov al, 0xff
@ -231,7 +231,7 @@ endl
mov ecx, rsa_sha1_T.len
rep movsb
mov esi, [h_ctx]
mov ecx, SHA1_HASH_SIZE
mov ecx, SHA1_LEN
rep movsb
pop esi
@ -243,9 +243,9 @@ endl
push esi
; EMSA-PKCS1-v1_5
invoke sha256_init, [h_ctx]
invoke sha256_update, [h_ctx], [M], [message_len]
invoke sha256_final, [h_ctx]
invoke sha2_256_init, [h_ctx]
invoke sha2_256_update, [h_ctx], [M], [message_len]
invoke sha2_256_finish, [h_ctx]
mov edi, [EM_accent]
mov al, 0x00
@ -253,7 +253,7 @@ endl
mov al, 0x01
stosb
mov ecx, [k]
sub ecx, (rsa_sha256_T.len + 3 + SHA256_HASH_SIZE)
sub ecx, (rsa_sha256_T.len + 3 + SHA2_256_LEN)
jl .err_key
jz @f
mov al, 0xff
@ -265,7 +265,7 @@ endl
mov ecx, rsa_sha256_T.len
rep movsb
mov esi, [h_ctx]
mov ecx, SHA256_HASH_SIZE
mov ecx, SHA2_256_LEN
rep movsb
pop esi
@ -277,9 +277,9 @@ endl
push esi
; EMSA-PKCS1-v1_5
invoke sha512_init, [h_ctx]
invoke sha512_update, [h_ctx], [M], [message_len]
invoke sha512_final, [h_ctx]
invoke sha2_512_init, [h_ctx]
invoke sha2_512_update, [h_ctx], [M], [message_len]
invoke sha2_512_finish, [h_ctx]
mov edi, [EM_accent]
mov al, 0x00
@ -287,7 +287,7 @@ endl
mov al, 0x01
stosb
mov ecx, [k]
sub ecx, (rsa_sha512_T.len + 3 + SHA512_HASH_SIZE)
sub ecx, (rsa_sha512_T.len + 3 + SHA2_512_LEN)
jl .err_key
jz @f
mov al, 0xff
@ -299,7 +299,7 @@ endl
mov ecx, rsa_sha512_T.len
rep movsb
mov esi, [h_ctx]
mov ecx, SHA512_HASH_SIZE
mov ecx, SHA2_512_LEN
rep movsb
pop esi