forked from KolibriOS/kolibrios
libcrash: sync with upstream.
* Implement new algorithms: - MACs: Poly1305, HMAC (SHA2_256, SHA2_512), - ciphers: ChaCha20, AES256CTR, AES256CBC. * Remove MD4 hash. * Change API (it happens). * Update crashtest example. git-svn-id: svn://kolibrios.org@9216 a494cfbc-eb01-0410-851d-a64ba20cac60
This commit is contained in:
parent
34050385a4
commit
553742f877
@ -1,5 +1,6 @@
|
||||
if tup.getconfig("NO_FASM") ~= "" then return end
|
||||
HELPERDIR = (tup.getconfig("HELPERDIR") == "") and "../../../.." or tup.getconfig("HELPERDIR")
|
||||
HELPERDIR = (tup.getconfig("HELPERDIR") == "") and "../../.." or tup.getconfig("HELPERDIR")
|
||||
tup.include(HELPERDIR .. "/use_fasm.lua")
|
||||
|
||||
tup.rule("libcrash.asm", FASM .. " %f %o " .. tup.getconfig("KPACK_CMD"), "libcrash.obj")
|
||||
tup.rule("crashtest.asm", FASM .. " %f %o " .. tup.getconfig("KPACK_CMD"), "crashtest")
|
1643
programs/develop/libraries/libcrash/cipher/aes.asm
Normal file
1643
programs/develop/libraries/libcrash/cipher/aes.asm
Normal file
File diff suppressed because it is too large
Load Diff
235
programs/develop/libraries/libcrash/cipher/aes_cbc.asm
Normal file
235
programs/develop/libraries/libcrash/cipher/aes_cbc.asm
Normal file
@ -0,0 +1,235 @@
|
||||
; libcrash -- cryptographic hash (and other) functions
|
||||
;
|
||||
; Copyright (C) <2016> Jeffrey Amelynck
|
||||
; Copyright (C) <2016,2021> Ivan Baravy
|
||||
;
|
||||
; SPDX-License-Identifier: GPL-2.0-or-later
|
||||
;
|
||||
; This program is free software: you can redistribute it and/or modify it under
|
||||
; the terms of the GNU General Public License as published by the Free Software
|
||||
; Foundation, either version 2 of the License, or (at your option) any later
|
||||
; version.
|
||||
;
|
||||
; This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
; ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
; FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
||||
;
|
||||
; You should have received a copy of the GNU General Public License along with
|
||||
; this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
struct ctx_aes_cbc
|
||||
aes ctx_aes
|
||||
cbc ctx_cbc
|
||||
crypt dd ?
|
||||
finish dd ?
|
||||
block rd CBC128_BLOCK_SIZE/4
|
||||
index dd ?
|
||||
padding dd ?
|
||||
ends
|
||||
|
||||
assert sizeof.ctx_aes_cbc <= LIBCRASH_CTX_LEN
|
||||
|
||||
; _crypt: 0/1 = encrypt/decrypt
|
||||
proc aes256cbc.init uses ebx esi edi, _ctx, _key, _iv, _flags
|
||||
mov ebx, [_ctx]
|
||||
stdcall aes256.init, ebx, [_key], [_flags]
|
||||
mov ecx, CBC128_BLOCK_SIZE/4
|
||||
mov esi, [_iv]
|
||||
lea edi, [ebx+ctx_aes_cbc.cbc.vector]
|
||||
rep movsd
|
||||
mov [ebx+ctx_aes_cbc.cbc.has_data], 0
|
||||
mov [ebx+ctx_aes_cbc.index], 0
|
||||
mov [ebx+ctx_aes_cbc.crypt], aes256cbc._.encrypt_block
|
||||
mov [ebx+ctx_aes_cbc.finish], aes256cbc._.finish_encrypt
|
||||
test [_flags], LIBCRASH_CIPHER_DECRYPT
|
||||
jz @f
|
||||
mov [ebx+ctx_aes_cbc.crypt], aes256cbc._.decrypt_block
|
||||
mov [ebx+ctx_aes_cbc.finish], aes256cbc._.finish_decrypt
|
||||
@@:
|
||||
xor eax, eax
|
||||
test [_flags], LIBCRASH_CIPHER_PADDING
|
||||
setnz al
|
||||
mov [ebx+ctx_aes_cbc.padding], eax
|
||||
ret
|
||||
endp
|
||||
|
||||
proc aes256cbc._.encrypt_block uses ebx esi edi, _ctx, _in, _out
|
||||
mov ebx, [_ctx]
|
||||
mov esi, [_in]
|
||||
lea edi, [ebx+ctx_aes_cbc.cbc.vector]
|
||||
mov ecx, CBC128_BLOCK_SIZE/4
|
||||
@@:
|
||||
lodsd
|
||||
xor [edi], eax
|
||||
add edi, 4
|
||||
dec ecx
|
||||
jnz @b
|
||||
|
||||
lea ecx, [ebx+ctx_aes_cbc.cbc.vector]
|
||||
lea edx, [ebx+ctx_aes_cbc.aes.state]
|
||||
stdcall aes.encrypt, ebx, ecx, edx
|
||||
lea esi, [ebx+ctx_aes_cbc.aes.state]
|
||||
lea edi, [ebx+ctx_aes_cbc.cbc.vector]
|
||||
mov ecx, CBC128_BLOCK_SIZE/4
|
||||
rep movsd
|
||||
lea esi, [ebx+ctx_aes_cbc.aes.state]
|
||||
mov edi, [_out]
|
||||
mov ecx, CBC128_BLOCK_SIZE/4
|
||||
rep movsd
|
||||
|
||||
mov eax, CBC128_BLOCK_SIZE
|
||||
ret
|
||||
endp
|
||||
|
||||
proc aes256cbc._.decrypt_block uses ebx esi edi, _ctx, _in, _out
|
||||
locals
|
||||
.done dd ?
|
||||
endl
|
||||
mov [.done], 0
|
||||
mov ebx, [_ctx]
|
||||
|
||||
mov ecx, [_in]
|
||||
lea edx, [ebx+ctx_aes_cbc.aes.state]
|
||||
stdcall aes.decrypt, ebx, ecx, edx
|
||||
|
||||
bts [ebx+ctx_aes_cbc.cbc.has_data], 0
|
||||
jnc @f
|
||||
lea esi, [ebx+ctx_aes_cbc.cbc.block]
|
||||
mov edi, [_out]
|
||||
mov ecx, CBC128_BLOCK_SIZE/4
|
||||
rep movsd
|
||||
add [.done], CBC128_BLOCK_SIZE
|
||||
@@:
|
||||
lea esi, [ebx+ctx_aes_cbc.aes.state]
|
||||
lea edx, [ebx+ctx_aes_cbc.cbc.vector]
|
||||
lea edi, [ebx+ctx_aes_cbc.cbc.block]
|
||||
mov ecx, CBC128_BLOCK_SIZE/4
|
||||
@@:
|
||||
lodsd
|
||||
xor eax, [edx]
|
||||
add edx, 4
|
||||
stosd
|
||||
dec ecx
|
||||
jnz @b
|
||||
|
||||
mov esi, [_in]
|
||||
lea edi, [ebx+ctx_aes_cbc.cbc.vector]
|
||||
mov ecx, CBC128_BLOCK_SIZE/4
|
||||
rep movsd
|
||||
|
||||
mov eax, [.done]
|
||||
ret
|
||||
endp
|
||||
|
||||
proc aes256cbc.update uses ebx esi edi, _ctx, _in, _len, _out
|
||||
locals
|
||||
.done dd ?
|
||||
endl
|
||||
mov [.done], 0
|
||||
.next_block:
|
||||
mov ebx, [_ctx]
|
||||
mov eax, [ebx+ctx_aes_cbc.index]
|
||||
test eax, eax
|
||||
jnz .copy_to_buf
|
||||
test [_in], LIBCRASH_ALIGN-1
|
||||
jnz .copy_to_buf
|
||||
.no_copy:
|
||||
; data is aligned, process it in place without copying
|
||||
mov ebx, [_ctx]
|
||||
cmp [_len], CBC128_BLOCK_SIZE
|
||||
jb .copy_quit
|
||||
stdcall [ebx+ctx_aes_cbc.crypt], [_ctx], [_in], [_out]
|
||||
add [_in], CBC128_BLOCK_SIZE
|
||||
add [_out], eax
|
||||
add [.done], eax
|
||||
sub [_len], CBC128_BLOCK_SIZE
|
||||
jmp .no_copy
|
||||
|
||||
.copy_to_buf:
|
||||
lea edi, [ebx+ctx_aes_cbc.block]
|
||||
add edi, [ebx+ctx_aes_cbc.index]
|
||||
mov ecx, CBC128_BLOCK_SIZE
|
||||
sub ecx, [ebx+ctx_aes_cbc.index]
|
||||
cmp [_len], ecx
|
||||
jb .copy_quit
|
||||
mov esi, [_in]
|
||||
sub [_len], ecx
|
||||
add [_in], ecx
|
||||
rep movsb
|
||||
mov [ebx+ctx_aes_cbc.index], 0
|
||||
lea esi, [ebx+ctx_aes_cbc.block]
|
||||
stdcall [ebx+ctx_aes_cbc.crypt], [_ctx], esi, [_out]
|
||||
add [.done], eax
|
||||
add [_out], eax
|
||||
jmp .next_block
|
||||
|
||||
.copy_quit:
|
||||
mov ebx, [_ctx]
|
||||
mov esi, [_in]
|
||||
lea edi, [ebx+ctx_aes_cbc.block]
|
||||
add edi, [ebx+ctx_aes_cbc.index]
|
||||
mov ecx, [_len]
|
||||
add [ebx+ctx_aes_cbc.index], ecx
|
||||
rep movsb
|
||||
.quit:
|
||||
mov eax, [.done]
|
||||
ret
|
||||
endp
|
||||
|
||||
proc aes256cbc.finish uses ebx esi edi, _ctx, _out
|
||||
mov ebx, [_ctx]
|
||||
stdcall [ebx+ctx_aes_cbc.finish], ebx, [_out]
|
||||
ret
|
||||
endp
|
||||
|
||||
proc aes256cbc._.finish_encrypt uses ebx esi edi, _ctx, _out
|
||||
mov ebx, [_ctx]
|
||||
xor eax, eax
|
||||
cmp [ebx+ctx_aes_cbc.padding], 0
|
||||
jz .no_padding
|
||||
; add padding
|
||||
lea edi, [ebx+ctx_aes_cbc.block]
|
||||
add edi, [ebx+ctx_aes_cbc.index]
|
||||
mov ecx, CBC128_BLOCK_SIZE
|
||||
sub ecx, [ebx+ctx_aes_cbc.index]
|
||||
mov eax, ecx
|
||||
rep stosb
|
||||
|
||||
lea eax, [ebx+ctx_aes_cbc.block]
|
||||
stdcall aes256cbc._.encrypt_block, [_ctx], eax, [_out]
|
||||
mov eax, CBC128_BLOCK_SIZE
|
||||
.no_padding:
|
||||
ret
|
||||
endp
|
||||
|
||||
proc aes256cbc._.finish_decrypt uses ebx esi edi, _ctx, _out
|
||||
mov ebx, [_ctx]
|
||||
xor eax, eax
|
||||
cmp eax, [ebx+ctx_aes_cbc.cbc.has_data]
|
||||
jz .done
|
||||
lea esi, [ebx+ctx_aes_cbc.cbc.block]
|
||||
mov edi, [_out]
|
||||
mov ecx, CBC128_BLOCK_SIZE
|
||||
cmp [ebx+ctx_aes_cbc.padding], eax
|
||||
jz @f
|
||||
sub cl, [esi+CBC128_BLOCK_SIZE-1]
|
||||
@@:
|
||||
mov eax, ecx
|
||||
rep movsb
|
||||
.done:
|
||||
ret
|
||||
endp
|
||||
|
||||
proc aes256cbc.oneshot _ctx, _key, _iv, _flags, _in, _len, _out
|
||||
locals
|
||||
.done dd ?
|
||||
endl
|
||||
mov [.done], 0
|
||||
stdcall aes256cbc.init, [_ctx], [_key], [_iv], [_flags]
|
||||
stdcall aes256cbc.update, [_ctx], [_in], [_len], [_out]
|
||||
add [_out], eax
|
||||
add [.done], eax
|
||||
stdcall aes256cbc.finish, [_ctx], [_out]
|
||||
add eax, [.done]
|
||||
ret
|
||||
endp
|
137
programs/develop/libraries/libcrash/cipher/aes_ctr.asm
Normal file
137
programs/develop/libraries/libcrash/cipher/aes_ctr.asm
Normal file
@ -0,0 +1,137 @@
|
||||
; libcrash -- cryptographic hash (and other) functions
|
||||
;
|
||||
; Copyright (C) <2016> Jeffrey Amelynck
|
||||
; Copyright (C) <2016,2021> Ivan Baravy
|
||||
;
|
||||
; SPDX-License-Identifier: GPL-2.0-or-later
|
||||
;
|
||||
; This program is free software: you can redistribute it and/or modify it under
|
||||
; the terms of the GNU General Public License as published by the Free Software
|
||||
; Foundation, either version 2 of the License, or (at your option) any later
|
||||
; version.
|
||||
;
|
||||
; This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
; ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
; FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
||||
;
|
||||
; You should have received a copy of the GNU General Public License along with
|
||||
; this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
struct ctx_aes_ctr
|
||||
aes ctx_aes
|
||||
ctr ctx_ctr
|
||||
ends
|
||||
|
||||
assert sizeof.ctx_aes_ctr <= LIBCRASH_CTX_LEN
|
||||
|
||||
; _crypt: 0/1 = encrypt/decrypt
|
||||
proc aes256ctr.init uses ebx, _ctx, _key, _iv, _flags
|
||||
mov ebx, [_ctx]
|
||||
stdcall aes256.init, ebx, [_key], LIBCRASH_CIPHER_ENCRYPT
|
||||
add ebx, ctx_aes_ctr.ctr
|
||||
stdcall ctr.init, [_iv]
|
||||
ret
|
||||
endp
|
||||
|
||||
proc a22es_ctr._.block_init _ctx
|
||||
mov edi, [_ctx]
|
||||
lea esi, [edi+ctx_aes_ctr.ctr.block_counter]
|
||||
mov ecx, AES_BLOCK_SIZE/4
|
||||
rep movsd
|
||||
ret
|
||||
endp
|
||||
|
||||
proc aes256ctr.update uses ebx esi edi, _ctx, _in, _len, _out
|
||||
mov eax, [_len]
|
||||
pushad
|
||||
mov ebx, [_ctx]
|
||||
mov edi, [_in]
|
||||
mov edx, [ebx+ctx_aes_ctr.ctr.partial_cnt]
|
||||
.next_chunk:
|
||||
mov ecx, [_len]
|
||||
test ecx, ecx
|
||||
jz .done
|
||||
test edx, edx
|
||||
jnz @f
|
||||
pushad
|
||||
lea ecx, [ebx+ctx_aes_ctr.ctr.block_counter]
|
||||
lea edx, [ebx+ctx_aes_ctr.aes.state]
|
||||
stdcall aes.encrypt, ebx, ecx, edx
|
||||
popad
|
||||
mov edx, AES_BLOCK_SIZE
|
||||
|
||||
pushad
|
||||
mov esi, ebx
|
||||
mov eax, dword[esi+ctx_aes_ctr.ctr.block_counter+4*0]
|
||||
mov ebx, dword[esi+ctx_aes_ctr.ctr.block_counter+4*1]
|
||||
mov ecx, dword[esi+ctx_aes_ctr.ctr.block_counter+4*2]
|
||||
mov edx, dword[esi+ctx_aes_ctr.ctr.block_counter+4*3]
|
||||
|
||||
bswap eax
|
||||
bswap ebx
|
||||
bswap ecx
|
||||
bswap edx
|
||||
|
||||
add edx, 1
|
||||
adc ecx, 0
|
||||
adc ebx, 0
|
||||
adc eax, 0
|
||||
|
||||
bswap eax
|
||||
bswap ebx
|
||||
bswap ecx
|
||||
bswap edx
|
||||
|
||||
mov dword[esi+ctx_aes_ctr.ctr.block_counter+4*0], eax
|
||||
mov dword[esi+ctx_aes_ctr.ctr.block_counter+4*1], ebx
|
||||
mov dword[esi+ctx_aes_ctr.ctr.block_counter+4*2], ecx
|
||||
mov dword[esi+ctx_aes_ctr.ctr.block_counter+4*3], edx
|
||||
popad
|
||||
|
||||
@@:
|
||||
cmp ecx, edx
|
||||
jbe @f
|
||||
mov ecx, edx
|
||||
@@:
|
||||
lea esi, [ebx+ctx_aes_ctr.aes.state]
|
||||
add esi, AES_BLOCK_SIZE
|
||||
sub esi, edx
|
||||
sub [_len], ecx
|
||||
sub edx, ecx
|
||||
push ebx
|
||||
mov edi, [_out]
|
||||
mov ebx, [_in]
|
||||
add [_in], ecx
|
||||
add [_out], ecx
|
||||
@@:
|
||||
lodsb
|
||||
xor al, [ebx]
|
||||
inc ebx
|
||||
stosb
|
||||
loop @b
|
||||
pop ebx
|
||||
jmp .next_chunk
|
||||
.done:
|
||||
mov [ebx+ctx_aes_ctr.ctr.partial_cnt], edx
|
||||
popad
|
||||
ret
|
||||
endp
|
||||
|
||||
proc aes256ctr.finish _ctx, _out
|
||||
xor eax, eax
|
||||
ret
|
||||
endp
|
||||
|
||||
proc aes256ctr.oneshot _ctx, _key, _iv, _flags, _in, _len, _out
|
||||
locals
|
||||
.done dd ?
|
||||
endl
|
||||
mov [.done], 0
|
||||
stdcall aes256ctr.init, [_ctx], [_key], [_iv], [_flags]
|
||||
stdcall aes256ctr.update, [_ctx], [_in], [_len], [_out]
|
||||
add [_out], eax
|
||||
add [.done], eax
|
||||
stdcall aes256ctr.finish, [_ctx], [_out]
|
||||
add eax, [.done]
|
||||
ret
|
||||
endp
|
204
programs/develop/libraries/libcrash/cipher/chacha20.asm
Normal file
204
programs/develop/libraries/libcrash/cipher/chacha20.asm
Normal file
@ -0,0 +1,204 @@
|
||||
; libcrash -- cryptographic hash (and other) functions
|
||||
;
|
||||
; Copyright (C) <2021> Ivan Baravy
|
||||
;
|
||||
; SPDX-License-Identifier: GPL-2.0-or-later
|
||||
;
|
||||
; This program is free software: you can redistribute it and/or modify it under
|
||||
; the terms of the GNU General Public License as published by the Free Software
|
||||
; Foundation, either version 2 of the License, or (at your option) any later
|
||||
; version.
|
||||
;
|
||||
; This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
; ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
; FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
||||
;
|
||||
; You should have received a copy of the GNU General Public License along with
|
||||
; this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
; https://datatracker.ietf.org/doc/html/rfc7539
|
||||
|
||||
CHACHA20_BLOCK_SIZE = 64
|
||||
CHACHA20_KEY_SIZE = 32
|
||||
CHACHA20_NONCE_SIZE = 12
|
||||
CHACHA20_IV_SIZE = 16
|
||||
|
||||
struct ctx_chacha20
|
||||
state rd CHACHA20_BLOCK_SIZE/4
|
||||
key rd CHACHA20_KEY_SIZE/4
|
||||
block_counter dd ?
|
||||
nonce rd CHACHA20_NONCE_SIZE/4
|
||||
partial_cnt dd ?
|
||||
ends
|
||||
|
||||
assert sizeof.ctx_chacha20 <= LIBCRASH_CTX_LEN
|
||||
|
||||
proc chacha20.init uses ebx esi edi, _ctx, _key, _iv, _flags
|
||||
mov ebx, [_ctx]
|
||||
mov esi, [_key]
|
||||
lea edi, [ebx+ctx_chacha20.key]
|
||||
mov ecx, CHACHA20_KEY_SIZE/4
|
||||
rep movsd
|
||||
mov esi, [_iv]
|
||||
lea edi, [ebx+ctx_chacha20.block_counter]
|
||||
mov ecx, CHACHA20_IV_SIZE/4
|
||||
rep movsd
|
||||
mov [ebx+ctx_chacha20.partial_cnt], 0
|
||||
ret
|
||||
endp
|
||||
|
||||
macro chacha20._.quarter_round a, b, c, d {
|
||||
; a = PLUS(a,b); d = ROTATE(XOR(d,a),16);
|
||||
mov eax, [esi+a*4]
|
||||
add eax, [esi+b*4]
|
||||
mov [esi+a*4], eax
|
||||
xor eax, [esi+d*4]
|
||||
rol eax, 16
|
||||
mov [esi+d*4], eax
|
||||
; c = PLUS(c,d); b = ROTATE(XOR(b,c),12);
|
||||
mov eax, [esi+c*4]
|
||||
add eax, [esi+d*4]
|
||||
mov [esi+c*4], eax
|
||||
xor eax, [esi+b*4]
|
||||
rol eax, 12
|
||||
mov [esi+b*4], eax
|
||||
; a = PLUS(a,b); d = ROTATE(XOR(d,a), 8);
|
||||
mov eax, [esi+a*4]
|
||||
add eax, [esi+b*4]
|
||||
mov [esi+a*4], eax
|
||||
xor eax, [esi+d*4]
|
||||
rol eax, 8
|
||||
mov [esi+d*4], eax
|
||||
; c = PLUS(c,d); b = ROTATE(XOR(b,c), 7);
|
||||
mov eax, [esi+c*4]
|
||||
add eax, [esi+d*4]
|
||||
mov [esi+c*4], eax
|
||||
xor eax, [esi+b*4]
|
||||
rol eax, 7
|
||||
mov [esi+b*4], eax
|
||||
}
|
||||
|
||||
proc chacha20._.inner_block _state
|
||||
mov esi, [_state]
|
||||
chacha20._.quarter_round 0, 4, 8, 12
|
||||
chacha20._.quarter_round 1, 5, 9, 13
|
||||
chacha20._.quarter_round 2, 6, 10, 14
|
||||
chacha20._.quarter_round 3, 7, 11, 15
|
||||
chacha20._.quarter_round 0, 5, 10, 15
|
||||
chacha20._.quarter_round 1, 6, 11, 12
|
||||
chacha20._.quarter_round 2, 7, 8, 13
|
||||
chacha20._.quarter_round 3, 4, 9, 14
|
||||
ret
|
||||
endp
|
||||
|
||||
proc chacha20._.block_init _ctx
|
||||
mov edi, [_ctx]
|
||||
lea esi, [edi+ctx_chacha20.key]
|
||||
mov [edi+ctx_chacha20.state+0*4], 'expa' ; magic
|
||||
mov [edi+ctx_chacha20.state+1*4], 'nd 3' ; constants
|
||||
mov [edi+ctx_chacha20.state+2*4], '2-by' ; from
|
||||
mov [edi+ctx_chacha20.state+3*4], 'te k' ; the RFC
|
||||
add edi, 4*4
|
||||
mov ecx, CHACHA20_BLOCK_SIZE/4-4 ; the four dwords above
|
||||
rep movsd
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
proc chacha20._.block _state
|
||||
locals
|
||||
.working_state rd CHACHA20_BLOCK_SIZE/4
|
||||
.i dd ?
|
||||
endl
|
||||
stdcall chacha20._.block_init, [_state]
|
||||
|
||||
mov esi, [_state]
|
||||
lea edi, [.working_state]
|
||||
mov ecx, CHACHA20_BLOCK_SIZE/4
|
||||
rep movsd
|
||||
|
||||
mov [.i], 10
|
||||
@@:
|
||||
lea eax, [.working_state]
|
||||
stdcall chacha20._.inner_block, eax
|
||||
dec [.i]
|
||||
jnz @b
|
||||
|
||||
lea esi, [.working_state]
|
||||
mov edi, [_state]
|
||||
mov ecx, CHACHA20_BLOCK_SIZE/4-1
|
||||
@@:
|
||||
mov eax, [esi+ecx*4]
|
||||
add [edi+ecx*4], eax
|
||||
dec ecx
|
||||
jns @b
|
||||
|
||||
ret
|
||||
endp
|
||||
|
||||
proc chacha20.update uses ebx esi edi, _ctx, _in, _len, _out
|
||||
locals
|
||||
.bytes_done dd ?
|
||||
endl
|
||||
mov eax, [_len]
|
||||
mov [.bytes_done], eax
|
||||
mov ebx, [_ctx]
|
||||
mov edx, [ebx+ctx_chacha20.partial_cnt]
|
||||
.next_chunk:
|
||||
mov ecx, [_len]
|
||||
test ecx, ecx
|
||||
jz .done
|
||||
test edx, edx
|
||||
jnz @f
|
||||
pushad
|
||||
stdcall chacha20._.block, [_ctx]
|
||||
popad
|
||||
mov edx, CHACHA20_BLOCK_SIZE
|
||||
inc [ebx+ctx_chacha20.block_counter]
|
||||
@@:
|
||||
cmp ecx, edx
|
||||
jbe @f
|
||||
mov ecx, edx
|
||||
@@:
|
||||
lea esi, [ebx+ctx_chacha20.state]
|
||||
add esi, CHACHA20_BLOCK_SIZE
|
||||
sub esi, edx
|
||||
sub [_len], ecx
|
||||
sub edx, ecx
|
||||
push ebx
|
||||
mov edi, [_out]
|
||||
mov ebx, [_in]
|
||||
add [_in], ecx
|
||||
add [_out], ecx
|
||||
@@:
|
||||
lodsb
|
||||
xor al, [ebx]
|
||||
inc ebx
|
||||
stosb
|
||||
loop @b
|
||||
pop ebx
|
||||
jmp .next_chunk
|
||||
.done:
|
||||
mov [ebx+ctx_chacha20.partial_cnt], edx
|
||||
mov eax, [.bytes_done]
|
||||
ret
|
||||
endp
|
||||
|
||||
proc chacha20.finish _ctx, _out
|
||||
xor eax, eax
|
||||
ret
|
||||
endp
|
||||
|
||||
proc chacha20.oneshot _ctx, _key, _iv, _flags, _in, _len, _out
|
||||
locals
|
||||
.done dd ?
|
||||
endl
|
||||
mov [.done], 0
|
||||
stdcall chacha20.init, [_ctx], [_key], [_iv], [_flags]
|
||||
stdcall chacha20.update, [_ctx], [_in], [_len], [_out]
|
||||
add [_out], eax
|
||||
add [.done], eax
|
||||
stdcall chacha20.finish, [_ctx], [_out]
|
||||
add eax, [.done]
|
||||
ret
|
||||
endp
|
36
programs/develop/libraries/libcrash/cipher/mode/cbc.asm
Normal file
36
programs/develop/libraries/libcrash/cipher/mode/cbc.asm
Normal file
@ -0,0 +1,36 @@
|
||||
; libcrash -- cryptographic hash (and other) functions
|
||||
;
|
||||
; Copyright (C) <2021> Ivan Baravy
|
||||
;
|
||||
; SPDX-License-Identifier: GPL-2.0-or-later
|
||||
;
|
||||
; This program is free software: you can redistribute it and/or modify it under
|
||||
; the terms of the GNU General Public License as published by the Free Software
|
||||
; Foundation, either version 2 of the License, or (at your option) any later
|
||||
; version.
|
||||
;
|
||||
; This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
; ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
; FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
||||
;
|
||||
; You should have received a copy of the GNU General Public License along with
|
||||
; this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
CBC128_BLOCK_SIZE = 128/8
|
||||
|
||||
struct ctx_cbc
|
||||
vector rd CBC128_BLOCK_SIZE/4
|
||||
block rd CBC128_BLOCK_SIZE/4
|
||||
has_data dd ?
|
||||
ends
|
||||
|
||||
; ebx = context
|
||||
proc cbc.init uses esi edi, _iv
|
||||
|
||||
mov esi, [_iv]
|
||||
lea edi, [ebx+ctx_ctr.block_counter]
|
||||
mov ecx, CTR128_BLOCK_SIZE/4
|
||||
rep movsd
|
||||
mov [ebx+ctx_ctr.partial_cnt], 0
|
||||
ret
|
||||
endp
|
34
programs/develop/libraries/libcrash/cipher/mode/ctr.asm
Normal file
34
programs/develop/libraries/libcrash/cipher/mode/ctr.asm
Normal file
@ -0,0 +1,34 @@
|
||||
; libcrash -- cryptographic hash (and other) functions
|
||||
;
|
||||
; Copyright (C) <2021> Ivan Baravy
|
||||
;
|
||||
; SPDX-License-Identifier: GPL-2.0-or-later
|
||||
;
|
||||
; This program is free software: you can redistribute it and/or modify it under
|
||||
; the terms of the GNU General Public License as published by the Free Software
|
||||
; Foundation, either version 2 of the License, or (at your option) any later
|
||||
; version.
|
||||
;
|
||||
; This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
; ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
; FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
||||
;
|
||||
; You should have received a copy of the GNU General Public License along with
|
||||
; this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
CTR128_BLOCK_SIZE = 128/8
|
||||
|
||||
struct ctx_ctr
|
||||
block_counter rd 4
|
||||
partial_cnt dd ?
|
||||
ends
|
||||
|
||||
; ebx = context
|
||||
proc ctr.init uses esi edi, _iv
|
||||
mov esi, [_iv]
|
||||
lea edi, [ebx+ctx_ctr.block_counter]
|
||||
mov ecx, CTR128_BLOCK_SIZE/4
|
||||
rep movsd
|
||||
mov [ebx+ctx_ctr.partial_cnt], 0
|
||||
ret
|
||||
endp
|
164
programs/develop/libraries/libcrash/crashtest.asm
Normal file
164
programs/develop/libraries/libcrash/crashtest.asm
Normal file
@ -0,0 +1,164 @@
|
||||
use32
|
||||
org 0x0
|
||||
db 'MENUET01'
|
||||
dd 0x01,start,i_end,e_end,e_end,0,this_file_name
|
||||
|
||||
include 'proc32.inc'
|
||||
include 'macros.inc'
|
||||
include 'dll.inc'
|
||||
;include 'debug-fdo.inc'
|
||||
include 'libcrash.inc'
|
||||
|
||||
BUFFER_SIZE = 0x1000
|
||||
|
||||
|
||||
start:
|
||||
pushfd
|
||||
pop eax
|
||||
; or eax, 1 SHL 18 ; Alignment Check flag, FIXME in libcrash
|
||||
push eax
|
||||
popfd
|
||||
|
||||
mcall 68, 11
|
||||
|
||||
stdcall dll.Load, @IMPORT
|
||||
or eax, eax
|
||||
jnz quit
|
||||
|
||||
still:
|
||||
mcall 10
|
||||
dec eax
|
||||
jz redraw
|
||||
dec eax
|
||||
jz key
|
||||
|
||||
button:
|
||||
mcall 17
|
||||
shr eax, 8
|
||||
|
||||
cmp eax, 1
|
||||
je quit
|
||||
|
||||
redraw:
|
||||
mcall 12, 1
|
||||
mcall 0, <0,900>, <0,160>, 0x34000000, 0x80000000, window_title
|
||||
|
||||
mov [f70_buf.src], 0
|
||||
invoke crash.hash, LIBCRASH_SHA2_256, read_data, 0, bin
|
||||
stdcall bin2hex, bin, SHA2_256_LEN, hex
|
||||
mcall 4, <0,0>, 0xc0ffffff, hex, 0, 0
|
||||
|
||||
invoke crash.hash_oneshot, LIBCRASH_SHA2_256, ctx, 0, i_end
|
||||
stdcall bin2hex, ctx, SHA2_256_LEN, hex
|
||||
mcall 4, <0,10>, 0xc0ffffff, hex, 0, 0
|
||||
|
||||
invoke sha2_256.oneshot, ctx, 0, i_end
|
||||
stdcall bin2hex, ctx, SHA2_256_LEN, hex
|
||||
mcall 4, <0,20>, 0xc0ffffff, hex, 0, 0
|
||||
|
||||
invoke sha2_256.init, ctx
|
||||
invoke sha2_256.update, ctx, 0, 42
|
||||
invoke sha2_256.update, ctx, 42, i_end-42
|
||||
invoke sha2_256.finish, ctx
|
||||
stdcall bin2hex, ctx, SHA2_256_LEN, hex
|
||||
mcall 4, <0,30>, 0xc0ffffff, hex, 0, 0
|
||||
|
||||
mcall 12, 2
|
||||
jmp still
|
||||
|
||||
key:
|
||||
mcall 2
|
||||
jmp still
|
||||
|
||||
|
||||
quit:
|
||||
mcall -1
|
||||
|
||||
|
||||
proc bin2hex uses esi edi, _bin, _len, _hex
|
||||
mov esi, [_bin]
|
||||
mov edi, [_hex]
|
||||
mov ecx, [_len]
|
||||
.next_byte:
|
||||
movzx eax, byte[esi]
|
||||
shr al, 4
|
||||
cmp al, 10
|
||||
sbb al, 0x69
|
||||
das
|
||||
stosb
|
||||
lodsb
|
||||
and al, 0x0f
|
||||
cmp al, 10
|
||||
sbb al, 0x69
|
||||
das
|
||||
stosb
|
||||
loop .next_byte
|
||||
mov byte[edi], 0
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
proc read_data uses ebx, _user, _buf, _len
|
||||
mov eax, [_buf]
|
||||
mov [f70_buf.dst], eax
|
||||
mov eax, [_len]
|
||||
mov [f70_buf.count], eax
|
||||
mcall 70, f70_buf
|
||||
mov eax, ebx
|
||||
cmp eax, -1
|
||||
jnz @f
|
||||
inc eax
|
||||
@@:
|
||||
add [f70_buf.src], eax
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
sz window_title, 'libcrash example',0
|
||||
|
||||
f70_buf:
|
||||
.funcnum dd 0
|
||||
.src dd 0
|
||||
dd 0
|
||||
.count dd BUFFER_SIZE
|
||||
.dst dd data_buffer
|
||||
db 0
|
||||
.fname dd this_file_name
|
||||
|
||||
|
||||
align 4
|
||||
@IMPORT:
|
||||
|
||||
library \
|
||||
libcrash, 'libcrash.obj'
|
||||
|
||||
import libcrash, \
|
||||
libcrash.init, 'lib_init', \
|
||||
crash.hash, 'crash_hash', \
|
||||
crash.hash_oneshot, 'crash_hash_oneshot', \
|
||||
crash.mac, 'crash_mac', \
|
||||
crash.mac_oneshot, 'crash_mac_oneshot', \
|
||||
crash.crypt, 'crash_crypt', \
|
||||
crash.crypt_oneshot, 'crash_crypt_oneshot', \
|
||||
sha2_256.init, 'sha2_256_init', \
|
||||
sha2_256.update, 'sha2_256_update', \
|
||||
sha2_256.finish, 'sha2_256_finish', \
|
||||
sha2_256.oneshot, 'sha2_256_oneshot', \
|
||||
hmac_sha2_256.init, 'hmac_sha2_256_init', \
|
||||
hmac_sha2_256.update, 'hmac_sha2_256_update', \
|
||||
hmac_sha2_256.finish, 'hmac_sha2_256_finish', \
|
||||
hmac_sha2_256.oneshot, 'hmac_sha2_256_oneshot', \
|
||||
aes256ctr.init, 'aes256ctr_init', \
|
||||
aes256ctr.update, 'aes256ctr_update', \
|
||||
aes256ctr.finish, 'aes256ctr_finish', \
|
||||
aes256ctr.oneshot, 'aes256ctr_oneshot'
|
||||
|
||||
i_end:
|
||||
bin rb MAX_HASH_LEN
|
||||
hex rb MAX_HASH_LEN*2+1
|
||||
data_buffer rb BUFFER_SIZE
|
||||
this_file_name rb 0x1000
|
||||
align LIBCRASH_ALIGN
|
||||
ctx rb LIBCRASH_CTX_LEN
|
||||
rb 0x1000 ;stack
|
||||
e_end:
|
@ -1,22 +1,22 @@
|
||||
; libcrash -- cryptographic hash functions
|
||||
; libcrash -- cryptographic hash (and other) functions
|
||||
;
|
||||
; Copyright (C) 2012-2013,2016,2019 Ivan Baravy (dunkaist)
|
||||
; Copyright (C) <2012-2013,2016,2019,2021> Ivan Baravy
|
||||
;
|
||||
; This program is free software: you can redistribute it and/or modify
|
||||
; it under the terms of the GNU General Public License as published by
|
||||
; the Free Software Foundation, either version 3 of the License, or
|
||||
; (at your option) any later version.
|
||||
; SPDX-License-Identifier: GPL-2.0-or-later
|
||||
;
|
||||
; This program is distributed in the hope that it will be useful,
|
||||
; but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
; GNU General Public License for more details.
|
||||
; This program is free software: you can redistribute it and/or modify it under
|
||||
; the terms of the GNU General Public License as published by the Free Software
|
||||
; Foundation, either version 2 of the License, or (at your option) any later
|
||||
; version.
|
||||
;
|
||||
; You should have received a copy of the GNU General Public License
|
||||
; along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
; This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
; ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
; FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
||||
;
|
||||
; You should have received a copy of the GNU General Public License along with
|
||||
; this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
|
||||
CRC32_HASH_SIZE = 4
|
||||
CRC32_BLOCK_SIZE = 1
|
||||
|
||||
CRC32_ALIGN = 4
|
||||
CRC32_ALIGN_MASK = CRC32_ALIGN - 1
|
||||
@ -25,11 +25,9 @@ struct ctx_crc32
|
||||
hash rd 1
|
||||
ends
|
||||
|
||||
if defined sizeof.crash_ctx
|
||||
assert sizeof.crash_ctx >= sizeof.ctx_crc32
|
||||
end if
|
||||
assert sizeof.ctx_crc32 <= LIBCRASH_CTX_LEN
|
||||
|
||||
proc crc32.init _ctx
|
||||
proc crc32.init uses ebx esi edi, _ctx
|
||||
mov ebx, [_ctx]
|
||||
lea edi, [ebx + ctx_crc32.hash]
|
||||
mov esi, crc32._.hash_init
|
||||
@ -39,7 +37,7 @@ proc crc32.init _ctx
|
||||
endp
|
||||
|
||||
|
||||
proc crc32.update _ctx, _msg, _size
|
||||
proc crc32.update uses ebx esi edi, _ctx, _msg, _size
|
||||
mov ebx, [_ctx]
|
||||
mov esi, [_msg]
|
||||
lea edi, [ebx + ctx_crc32.hash]
|
||||
@ -47,7 +45,7 @@ proc crc32.update _ctx, _msg, _size
|
||||
mov ecx, [_size]
|
||||
jecxz .quit
|
||||
|
||||
@@:
|
||||
@@:
|
||||
movzx edx, al
|
||||
xor dl, byte[esi]
|
||||
add esi, 1
|
||||
@ -57,12 +55,12 @@ proc crc32.update _ctx, _msg, _size
|
||||
jnz @b
|
||||
|
||||
stosd
|
||||
.quit:
|
||||
.quit:
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
proc crc32.final _ctx
|
||||
proc crc32.finish uses ebx esi edi, _ctx
|
||||
mov ebx, [_ctx]
|
||||
lea esi, [ebx + ctx_crc32.hash]
|
||||
mov edi, esi
|
||||
@ -77,7 +75,7 @@ endp
|
||||
proc crc32.oneshot _ctx, _data, _len
|
||||
stdcall crc32.init, [_ctx]
|
||||
stdcall crc32.update, [_ctx], [_data], [_len]
|
||||
stdcall crc32.final, [_ctx]
|
||||
stdcall crc32.finish, [_ctx]
|
||||
ret
|
||||
endp
|
||||
|
@ -1,38 +1,35 @@
|
||||
; libcrash -- cryptographic hash functions
|
||||
; libcrash -- cryptographic hash (and other) functions
|
||||
;
|
||||
; Copyright (C) 2012-2013,2016,2019 Ivan Baravy (dunkaist)
|
||||
; Copyright (C) <2012-2013,2016,2019,2021> Ivan Baravy
|
||||
;
|
||||
; This program is free software: you can redistribute it and/or modify
|
||||
; it under the terms of the GNU General Public License as published by
|
||||
; the Free Software Foundation, either version 3 of the License, or
|
||||
; (at your option) any later version.
|
||||
; SPDX-License-Identifier: GPL-2.0-or-later
|
||||
;
|
||||
; This program is distributed in the hope that it will be useful,
|
||||
; but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
; GNU General Public License for more details.
|
||||
; This program is free software: you can redistribute it and/or modify it under
|
||||
; the terms of the GNU General Public License as published by the Free Software
|
||||
; Foundation, either version 2 of the License, or (at your option) any later
|
||||
; version.
|
||||
;
|
||||
; You should have received a copy of the GNU General Public License
|
||||
; along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
; This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
; ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
; FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
||||
;
|
||||
; You should have received a copy of the GNU General Public License along with
|
||||
; this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
|
||||
MD5_HASH_SIZE = 16
|
||||
MD5_BLOCK_SIZE = 64
|
||||
|
||||
MD5_ALIGN = 4
|
||||
MD5_ALIGN_MASK = MD5_ALIGN - 1
|
||||
|
||||
struct ctx_md5
|
||||
hash rb MD5_HASH_SIZE
|
||||
hash rb MD5_LEN
|
||||
block rb MD5_BLOCK_SIZE
|
||||
index rd 1
|
||||
msglen_0 rd 1
|
||||
msglen_1 rd 1
|
||||
ends
|
||||
|
||||
if defined sizeof.crash_ctx
|
||||
assert sizeof.crash_ctx >= sizeof.ctx_md5
|
||||
end if
|
||||
assert sizeof.ctx_md5 <= LIBCRASH_CTX_LEN
|
||||
|
||||
macro md5._.f b, c, d
|
||||
{
|
||||
@ -80,11 +77,11 @@ macro md5._.round func, a, b, c, d, index, shift, ac
|
||||
}
|
||||
|
||||
|
||||
proc md5.init _ctx
|
||||
proc md5.init uses ebx esi edi, _ctx
|
||||
mov ebx, [_ctx]
|
||||
lea edi, [ebx + ctx_md5.hash]
|
||||
mov esi, md5._.hash_init
|
||||
mov ecx, MD5_HASH_SIZE/4
|
||||
mov ecx, MD5_LEN/4
|
||||
rep movsd
|
||||
xor eax, eax
|
||||
mov [ebx + ctx_md5.index], eax
|
||||
@ -180,13 +177,13 @@ proc md5._.block _hash
|
||||
endp
|
||||
|
||||
|
||||
proc md5.update _ctx, _msg, _size
|
||||
proc md5.update uses ebx esi edi, _ctx, _msg, _size
|
||||
mov ebx, [_ctx]
|
||||
mov ecx, [_size]
|
||||
add [ebx + ctx_md5.msglen_0], ecx
|
||||
adc [ebx + ctx_md5.msglen_1], 0
|
||||
|
||||
.next_block:
|
||||
.next_block:
|
||||
mov ebx, [_ctx]
|
||||
mov esi, [_msg]
|
||||
mov eax, [ebx + ctx_md5.index]
|
||||
@ -194,7 +191,7 @@ proc md5.update _ctx, _msg, _size
|
||||
jnz .copy_to_buf
|
||||
test esi, MD5_ALIGN_MASK
|
||||
jnz .copy_to_buf
|
||||
.no_copy:
|
||||
.no_copy:
|
||||
; data is aligned, hash it in place without copying
|
||||
mov ebx, [_ctx]
|
||||
cmp [_size], MD5_BLOCK_SIZE
|
||||
@ -205,7 +202,7 @@ proc md5.update _ctx, _msg, _size
|
||||
add esi, MD5_BLOCK_SIZE
|
||||
jmp .no_copy
|
||||
|
||||
.copy_to_buf:
|
||||
.copy_to_buf:
|
||||
lea edi, [ebx + ctx_md5.block]
|
||||
add edi, eax
|
||||
mov ecx, MD5_BLOCK_SIZE
|
||||
@ -221,7 +218,7 @@ proc md5.update _ctx, _msg, _size
|
||||
stdcall md5._.block, eax
|
||||
jmp .next_block
|
||||
|
||||
.copy_quit:
|
||||
.copy_quit:
|
||||
mov ebx, [_ctx]
|
||||
lea edi, [ebx + ctx_md5.block]
|
||||
mov eax, [ebx + ctx_md5.index]
|
||||
@ -230,13 +227,13 @@ proc md5.update _ctx, _msg, _size
|
||||
mov ecx, [_size]
|
||||
add [ebx + ctx_md5.index], ecx
|
||||
rep movsb
|
||||
.quit:
|
||||
.quit:
|
||||
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
proc md5.final _ctx
|
||||
proc md5.finish uses ebx esi edi, _ctx
|
||||
mov ebx, [_ctx]
|
||||
lea edi, [ebx + ctx_md5.block]
|
||||
mov ecx, [ebx + ctx_md5.msglen_0]
|
||||
@ -258,7 +255,7 @@ proc md5.final _ctx
|
||||
mov ebx, [_ctx]
|
||||
lea edi, [ebx + ctx_md5.block]
|
||||
mov ecx, MD5_BLOCK_SIZE+1
|
||||
.last:
|
||||
.last:
|
||||
dec ecx
|
||||
sub ecx, 8
|
||||
xor eax, eax
|
||||
@ -280,7 +277,7 @@ endp
|
||||
proc md5.oneshot _ctx, _data, _len
|
||||
stdcall md5.init, [_ctx]
|
||||
stdcall md5.update, [_ctx], [_data], [_len]
|
||||
stdcall md5.final, [_ctx]
|
||||
stdcall md5.finish, [_ctx]
|
||||
ret
|
||||
endp
|
||||
|
@ -1,38 +1,35 @@
|
||||
; libcrash -- cryptographic hash functions
|
||||
; libcrash -- cryptographic hash (and other) functions
|
||||
;
|
||||
; Copyright (C) 2012-2013,2016,2019 Ivan Baravy (dunkaist)
|
||||
; Copyright (C) <2012-2013,2016,2019,2021> Ivan Baravy
|
||||
;
|
||||
; This program is free software: you can redistribute it and/or modify
|
||||
; it under the terms of the GNU General Public License as published by
|
||||
; the Free Software Foundation, either version 3 of the License, or
|
||||
; (at your option) any later version.
|
||||
; SPDX-License-Identifier: GPL-2.0-or-later
|
||||
;
|
||||
; This program is distributed in the hope that it will be useful,
|
||||
; but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
; GNU General Public License for more details.
|
||||
; This program is free software: you can redistribute it and/or modify it under
|
||||
; the terms of the GNU General Public License as published by the Free Software
|
||||
; Foundation, either version 2 of the License, or (at your option) any later
|
||||
; version.
|
||||
;
|
||||
; You should have received a copy of the GNU General Public License
|
||||
; along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
; This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
; ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
; FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
||||
;
|
||||
; You should have received a copy of the GNU General Public License along with
|
||||
; this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
|
||||
SHA1_HASH_SIZE = 20
|
||||
SHA1_BLOCK_SIZE = 64
|
||||
|
||||
SHA1_ALIGN = 4
|
||||
SHA1_ALIGN_MASK = SHA1_ALIGN - 1
|
||||
|
||||
struct ctx_sha1
|
||||
hash rb SHA1_HASH_SIZE
|
||||
hash rb SHA1_LEN
|
||||
block rb SHA1_BLOCK_SIZE
|
||||
index rd 1
|
||||
msglen_0 rd 1
|
||||
msglen_1 rd 1
|
||||
ends
|
||||
|
||||
if defined sizeof.crash_ctx
|
||||
assert sizeof.crash_ctx >= sizeof.ctx_sha1
|
||||
end if
|
||||
assert sizeof.ctx_sha1 <= LIBCRASH_CTX_LEN
|
||||
|
||||
proc sha1._.f
|
||||
push ebx ecx edx
|
||||
@ -87,11 +84,11 @@ macro sha1._.round f, k, c
|
||||
}
|
||||
|
||||
|
||||
proc sha1.init _ctx
|
||||
proc sha1.init uses ebx esi edi, _ctx
|
||||
mov ebx, [_ctx]
|
||||
lea edi, [ebx + ctx_sha1.hash]
|
||||
mov esi, sha1._.hash_init
|
||||
mov ecx, SHA1_HASH_SIZE/4
|
||||
mov ecx, SHA1_LEN/4
|
||||
rep movsd
|
||||
xor eax, eax
|
||||
mov [ebx + ctx_sha1.index], eax
|
||||
@ -108,7 +105,7 @@ locals
|
||||
endl
|
||||
lea edi, [w]
|
||||
xor ecx, ecx
|
||||
@@:
|
||||
@@:
|
||||
mov eax, [esi]
|
||||
add esi, 4
|
||||
bswap eax
|
||||
@ -117,7 +114,7 @@ endl
|
||||
add ecx, 1
|
||||
cmp ecx, 16
|
||||
jne @b
|
||||
@@:
|
||||
@@:
|
||||
mov eax, [w + (ecx - 3)*4]
|
||||
xor eax, [w + (ecx - 8)*4]
|
||||
xor eax, [w + (ecx - 14)*4]
|
||||
@ -168,13 +165,13 @@ end repeat
|
||||
endp
|
||||
|
||||
|
||||
proc sha1.update _ctx, _msg, _size
|
||||
proc sha1.update uses ebx esi edi, _ctx, _msg, _size
|
||||
mov ebx, [_ctx]
|
||||
mov ecx, [_size]
|
||||
add [ebx + ctx_sha1.msglen_0], ecx
|
||||
adc [ebx + ctx_sha1.msglen_1], 0
|
||||
|
||||
.next_block:
|
||||
.next_block:
|
||||
mov ebx, [_ctx]
|
||||
mov esi, [_msg]
|
||||
mov eax, [ebx + ctx_sha1.index]
|
||||
@ -182,7 +179,7 @@ proc sha1.update _ctx, _msg, _size
|
||||
jnz .copy_to_buf
|
||||
test esi, SHA1_ALIGN_MASK
|
||||
jnz .copy_to_buf
|
||||
.no_copy:
|
||||
.no_copy:
|
||||
; data is aligned, hash it in place without copying
|
||||
mov ebx, [_ctx]
|
||||
cmp [_size], SHA1_BLOCK_SIZE
|
||||
@ -193,7 +190,7 @@ proc sha1.update _ctx, _msg, _size
|
||||
; add esi, SHA1_BLOCK_SIZE ; FIXME
|
||||
jmp .no_copy
|
||||
|
||||
.copy_to_buf:
|
||||
.copy_to_buf:
|
||||
lea edi, [ebx + ctx_sha1.block]
|
||||
add edi, eax
|
||||
mov ecx, SHA1_BLOCK_SIZE
|
||||
@ -209,7 +206,7 @@ proc sha1.update _ctx, _msg, _size
|
||||
stdcall sha1._.block, eax
|
||||
jmp .next_block
|
||||
|
||||
.copy_quit:
|
||||
.copy_quit:
|
||||
mov ebx, [_ctx]
|
||||
lea edi, [ebx + ctx_sha1.block]
|
||||
mov eax, [ebx + ctx_sha1.index]
|
||||
@ -218,13 +215,13 @@ proc sha1.update _ctx, _msg, _size
|
||||
mov ecx, [_size]
|
||||
add [ebx + ctx_sha1.index], ecx
|
||||
rep movsb
|
||||
.quit:
|
||||
.quit:
|
||||
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
proc sha1.final _ctx
|
||||
proc sha1.finish uses ebx esi edi, _ctx
|
||||
mov ebx, [_ctx]
|
||||
lea edi, [ebx + ctx_sha1.block]
|
||||
mov ecx, [ebx + ctx_sha1.msglen_0]
|
||||
@ -246,7 +243,7 @@ proc sha1.final _ctx
|
||||
mov ebx, [_ctx]
|
||||
lea edi, [ebx + ctx_sha1.block]
|
||||
mov ecx, SHA1_BLOCK_SIZE+1
|
||||
.last:
|
||||
.last:
|
||||
dec ecx
|
||||
sub ecx, 8
|
||||
xor eax, eax
|
||||
@ -275,7 +272,7 @@ proc sha1._.postprocess _ctx, _hash
|
||||
mov ecx, 5
|
||||
mov esi, [_hash]
|
||||
mov edi, esi
|
||||
@@:
|
||||
@@:
|
||||
lodsd
|
||||
bswap eax
|
||||
stosd
|
||||
@ -288,7 +285,7 @@ endp
|
||||
proc sha1.oneshot _ctx, _data, _len
|
||||
stdcall sha1.init, [_ctx]
|
||||
stdcall sha1.update, [_ctx], [_data], [_len]
|
||||
stdcall sha1.final, [_ctx]
|
||||
stdcall sha1.finish, [_ctx]
|
||||
ret
|
||||
endp
|
||||
|
436
programs/develop/libraries/libcrash/hash/sha2_224_256.asm
Normal file
436
programs/develop/libraries/libcrash/hash/sha2_224_256.asm
Normal file
@ -0,0 +1,436 @@
|
||||
; libcrash -- cryptographic hash (and other) functions
|
||||
;
|
||||
; Copyright (C) <2012-2013,2016,2019,2021> Ivan Baravy
|
||||
;
|
||||
; SPDX-License-Identifier: GPL-2.0-or-later
|
||||
;
|
||||
; This program is free software: you can redistribute it and/or modify it under
|
||||
; the terms of the GNU General Public License as published by the Free Software
|
||||
; Foundation, either version 2 of the License, or (at your option) any later
|
||||
; version.
|
||||
;
|
||||
; This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
; ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
; FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
||||
;
|
||||
; You should have received a copy of the GNU General Public License along with
|
||||
; this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
SHA2_224256_BLOCK_SIZE = 64
|
||||
SHA2_224_BLOCK_SIZE = SHA2_224256_BLOCK_SIZE
|
||||
SHA2_256_BLOCK_SIZE = SHA2_224256_BLOCK_SIZE
|
||||
|
||||
SHA2_224256_INIT_SIZE = 32
|
||||
SHA2_224256_ALIGN = 4
|
||||
SHA2_224256_ALIGN_MASK = SHA2_224256_ALIGN - 1
|
||||
|
||||
struct ctx_sha2_224256
|
||||
hash rb SHA2_224256_INIT_SIZE
|
||||
block rb SHA2_224256_BLOCK_SIZE
|
||||
index rd 1
|
||||
msglen_0 rd 1
|
||||
msglen_1 rd 1
|
||||
ends
|
||||
|
||||
assert sizeof.ctx_sha2_224256 <= LIBCRASH_CTX_LEN
|
||||
|
||||
macro sha2_224256._.chn x, y, z
|
||||
{
|
||||
mov eax, [y]
|
||||
xor eax, [z]
|
||||
and eax, [x]
|
||||
xor eax, [z]
|
||||
}
|
||||
|
||||
macro sha2_224256._.maj x, y, z
|
||||
{
|
||||
mov eax, [x]
|
||||
xor eax, [y]
|
||||
and eax, [z]
|
||||
mov ecx, [x]
|
||||
and ecx, [y]
|
||||
xor eax, ecx
|
||||
}
|
||||
|
||||
macro sha2_224256._.Sigma0 x
|
||||
{
|
||||
mov eax, x
|
||||
mov ecx, eax
|
||||
ror ecx, 2
|
||||
ror eax, 13
|
||||
xor eax, ecx
|
||||
mov ecx, x
|
||||
ror ecx, 22
|
||||
xor eax, ecx
|
||||
}
|
||||
|
||||
macro sha2_224256._.Sigma1 x
|
||||
{
|
||||
mov eax, x
|
||||
mov ecx, eax
|
||||
ror ecx, 6
|
||||
ror eax, 11
|
||||
xor eax, ecx
|
||||
mov ecx, x
|
||||
ror ecx, 25
|
||||
xor eax, ecx
|
||||
}
|
||||
|
||||
macro sha2_224256._.sigma0 x
|
||||
{
|
||||
mov eax, x
|
||||
mov ecx, eax
|
||||
ror ecx, 7
|
||||
ror eax, 18
|
||||
xor eax, ecx
|
||||
mov ecx, x
|
||||
shr ecx, 3
|
||||
xor eax, ecx
|
||||
}
|
||||
|
||||
macro sha2_224256._.sigma1 x
|
||||
{
|
||||
mov eax, x
|
||||
mov ecx, eax
|
||||
ror ecx, 17
|
||||
ror eax, 19
|
||||
xor eax, ecx
|
||||
mov ecx, x
|
||||
shr ecx, 10
|
||||
xor eax, ecx
|
||||
}
|
||||
|
||||
macro sha2_224256._.recalculate_w n
|
||||
{
|
||||
mov edx, [w + ((n-2) and 15)*4]
|
||||
sha2_224256._.sigma1 edx
|
||||
add eax, [w + ((n-7) and 15)*4]
|
||||
push eax
|
||||
mov edx, [w + ((n-15) and 15)*4]
|
||||
sha2_224256._.sigma0 edx
|
||||
pop ecx
|
||||
add eax, ecx
|
||||
add [w + (n)*4], eax
|
||||
}
|
||||
|
||||
macro sha2_224256._.round a, b, c, d, e, f, g, h, k
|
||||
{
|
||||
mov ebx, [h]
|
||||
mov edx, [e]
|
||||
sha2_224256._.Sigma1 edx
|
||||
|
||||
add ebx, eax
|
||||
sha2_224256._.chn e, f, g
|
||||
|
||||
add ebx, eax
|
||||
add ebx, [k]
|
||||
add ebx, edi
|
||||
|
||||
add [d], ebx
|
||||
|
||||
mov edx, [a]
|
||||
sha2_224256._.Sigma0 edx
|
||||
add ebx, eax
|
||||
sha2_224256._.maj a, b, c
|
||||
add eax, ebx
|
||||
mov [h], eax
|
||||
}
|
||||
|
||||
|
||||
macro sha2_224256._.round_1_16 a, b, c, d, e, f, g, h, n
|
||||
{
|
||||
|
||||
mov eax, [esi + (n)*4]
|
||||
bswap eax
|
||||
|
||||
mov dword[w + (n)*4], eax
|
||||
mov edi, eax
|
||||
sha2_224256._.round a, b, c, d, e, f, g, h, (sha2_256_table + (n)*4)
|
||||
}
|
||||
|
||||
macro sha2_224256._.round_17_64 a, b, c, d, e, f, g, h, n, rep_num
|
||||
{
|
||||
sha2_224256._.recalculate_w n
|
||||
mov edi, [w + (n)*4]
|
||||
sha2_224256._.round a, b, c, d, e, f, g, h, (sha2_256_table + (n+16*rep_num)*4)
|
||||
}
|
||||
|
||||
|
||||
proc sha2_224.init uses ebx esi edi, _ctx
|
||||
mov ebx, [_ctx]
|
||||
lea edi, [ebx + ctx_sha2_224256.hash]
|
||||
mov esi, sha2_224._.hash_init
|
||||
mov ecx, SHA2_224256_INIT_SIZE/4
|
||||
rep movsd
|
||||
xor eax, eax
|
||||
mov [ebx + ctx_sha2_224256.index], eax
|
||||
mov [ebx + ctx_sha2_224256.msglen_0], eax
|
||||
mov [ebx + ctx_sha2_224256.msglen_1], eax
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
proc sha2_256.init uses ebx esi edi, _ctx
|
||||
mov ebx, [_ctx]
|
||||
lea edi, [ebx + ctx_sha2_224256.hash]
|
||||
mov esi, sha2_256._.hash_init
|
||||
mov ecx, SHA2_224256_INIT_SIZE/4
|
||||
rep movsd
|
||||
xor eax, eax
|
||||
mov [ebx + ctx_sha2_224256.index], eax
|
||||
mov [ebx + ctx_sha2_224256.msglen_0], eax
|
||||
mov [ebx + ctx_sha2_224256.msglen_1], eax
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
proc sha2_224256._.block _hash
|
||||
locals
|
||||
w rd 64
|
||||
A rd 1
|
||||
B rd 1
|
||||
C rd 1
|
||||
D rd 1
|
||||
E rd 1
|
||||
F rd 1
|
||||
G rd 1
|
||||
H rd 1
|
||||
endl
|
||||
mov edi, [_hash]
|
||||
mov eax, [edi + 0x00]
|
||||
mov [A], eax
|
||||
mov eax, [edi + 0x04]
|
||||
mov [B], eax
|
||||
mov eax, [edi + 0x08]
|
||||
mov [C], eax
|
||||
mov eax, [edi + 0x0c]
|
||||
mov [D], eax
|
||||
mov eax, [edi + 0x10]
|
||||
mov [E], eax
|
||||
mov eax, [edi + 0x14]
|
||||
mov [F], eax
|
||||
mov eax, [edi + 0x18]
|
||||
mov [G], eax
|
||||
mov eax, [edi + 0x1c]
|
||||
mov [H], eax
|
||||
|
||||
sha2_224256._.round_1_16 A, B, C, D, E, F, G, H, 0
|
||||
sha2_224256._.round_1_16 H, A, B, C, D, E, F, G, 1
|
||||
sha2_224256._.round_1_16 G, H, A, B, C, D, E, F, 2
|
||||
sha2_224256._.round_1_16 F, G, H, A, B, C, D, E, 3
|
||||
sha2_224256._.round_1_16 E, F, G, H, A, B, C, D, 4
|
||||
sha2_224256._.round_1_16 D, E, F, G, H, A, B, C, 5
|
||||
sha2_224256._.round_1_16 C, D, E, F, G, H, A, B, 6
|
||||
sha2_224256._.round_1_16 B, C, D, E, F, G, H, A, 7
|
||||
sha2_224256._.round_1_16 A, B, C, D, E, F, G, H, 8
|
||||
sha2_224256._.round_1_16 H, A, B, C, D, E, F, G, 9
|
||||
sha2_224256._.round_1_16 G, H, A, B, C, D, E, F, 10
|
||||
sha2_224256._.round_1_16 F, G, H, A, B, C, D, E, 11
|
||||
sha2_224256._.round_1_16 E, F, G, H, A, B, C, D, 12
|
||||
sha2_224256._.round_1_16 D, E, F, G, H, A, B, C, 13
|
||||
sha2_224256._.round_1_16 C, D, E, F, G, H, A, B, 14
|
||||
sha2_224256._.round_1_16 B, C, D, E, F, G, H, A, 15
|
||||
|
||||
repeat 3
|
||||
sha2_224256._.round_17_64 A, B, C, D, E, F, G, H, 0, %
|
||||
sha2_224256._.round_17_64 H, A, B, C, D, E, F, G, 1, %
|
||||
sha2_224256._.round_17_64 G, H, A, B, C, D, E, F, 2, %
|
||||
sha2_224256._.round_17_64 F, G, H, A, B, C, D, E, 3, %
|
||||
sha2_224256._.round_17_64 E, F, G, H, A, B, C, D, 4, %
|
||||
sha2_224256._.round_17_64 D, E, F, G, H, A, B, C, 5, %
|
||||
sha2_224256._.round_17_64 C, D, E, F, G, H, A, B, 6, %
|
||||
sha2_224256._.round_17_64 B, C, D, E, F, G, H, A, 7, %
|
||||
sha2_224256._.round_17_64 A, B, C, D, E, F, G, H, 8, %
|
||||
sha2_224256._.round_17_64 H, A, B, C, D, E, F, G, 9, %
|
||||
sha2_224256._.round_17_64 G, H, A, B, C, D, E, F, 10, %
|
||||
sha2_224256._.round_17_64 F, G, H, A, B, C, D, E, 11, %
|
||||
sha2_224256._.round_17_64 E, F, G, H, A, B, C, D, 12, %
|
||||
sha2_224256._.round_17_64 D, E, F, G, H, A, B, C, 13, %
|
||||
sha2_224256._.round_17_64 C, D, E, F, G, H, A, B, 14, %
|
||||
sha2_224256._.round_17_64 B, C, D, E, F, G, H, A, 15, %
|
||||
end repeat
|
||||
|
||||
mov edi, [_hash]
|
||||
mov eax, [A]
|
||||
add [edi + 0x00], eax
|
||||
mov eax, [B]
|
||||
add [edi + 0x04], eax
|
||||
mov eax, [C]
|
||||
add [edi + 0x08], eax
|
||||
mov eax, [D]
|
||||
add [edi + 0x0c], eax
|
||||
mov eax, [E]
|
||||
add [edi + 0x10], eax
|
||||
mov eax, [F]
|
||||
add [edi + 0x14], eax
|
||||
mov eax, [G]
|
||||
add [edi + 0x18], eax
|
||||
mov eax, [H]
|
||||
add [edi + 0x1c], eax
|
||||
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
sha2_224.update = sha2_224256.update
|
||||
sha2_256.update = sha2_224256.update
|
||||
proc sha2_224256.update uses ebx esi edi, _ctx, _msg, _size
|
||||
mov ebx, [_ctx]
|
||||
mov ecx, [_size]
|
||||
add [ebx + ctx_sha2_224256.msglen_0], ecx
|
||||
adc [ebx + ctx_sha2_224256.msglen_1], 0
|
||||
|
||||
.next_block:
|
||||
mov ebx, [_ctx]
|
||||
mov esi, [_msg]
|
||||
mov eax, [ebx + ctx_sha2_224256.index]
|
||||
and eax, SHA2_224256_BLOCK_SIZE-1
|
||||
jnz .copy_to_buf
|
||||
test esi, SHA2_224256_ALIGN_MASK
|
||||
jnz .copy_to_buf
|
||||
.no_copy:
|
||||
; data is aligned, hash it in place without copying
|
||||
mov ebx, [_ctx]
|
||||
cmp [_size], SHA2_224256_BLOCK_SIZE
|
||||
jb .copy_quit
|
||||
lea eax, [ebx + ctx_sha2_224256.hash]
|
||||
stdcall sha2_224256._.block, eax
|
||||
sub [_size], SHA2_224256_BLOCK_SIZE
|
||||
add esi, SHA2_224256_BLOCK_SIZE ; FIXME
|
||||
jmp .no_copy
|
||||
|
||||
.copy_to_buf:
|
||||
lea edi, [ebx + ctx_sha2_224256.block]
|
||||
add edi, eax
|
||||
mov ecx, SHA2_224256_BLOCK_SIZE
|
||||
sub ecx, eax
|
||||
cmp [_size], ecx
|
||||
jb .copy_quit
|
||||
sub [_size], ecx
|
||||
add [_msg], ecx
|
||||
add [ebx + ctx_sha2_224256.index], ecx
|
||||
rep movsb
|
||||
lea eax, [ebx + ctx_sha2_224256.hash]
|
||||
lea esi, [ebx + ctx_sha2_224256.block]
|
||||
stdcall sha2_224256._.block, eax
|
||||
jmp .next_block
|
||||
|
||||
.copy_quit:
|
||||
mov ebx, [_ctx]
|
||||
lea edi, [ebx + ctx_sha2_224256.block]
|
||||
mov eax, [ebx + ctx_sha2_224256.index]
|
||||
and eax, SHA2_224256_BLOCK_SIZE-1
|
||||
add edi, eax
|
||||
mov ecx, [_size]
|
||||
add [ebx + ctx_sha2_224256.index], ecx
|
||||
rep movsb
|
||||
.quit:
|
||||
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
sha2_224.finish = sha2_224256.finish
|
||||
sha2_256.finish = sha2_224256.finish
|
||||
proc sha2_224256.finish uses ebx esi edi, _ctx
|
||||
mov ebx, [_ctx]
|
||||
lea edi, [ebx + ctx_sha2_224256.block]
|
||||
mov ecx, [ebx + ctx_sha2_224256.msglen_0]
|
||||
and ecx, SHA2_224256_BLOCK_SIZE-1
|
||||
add edi, ecx
|
||||
mov byte[edi], 0x80
|
||||
inc edi
|
||||
neg ecx
|
||||
add ecx, SHA2_224256_BLOCK_SIZE
|
||||
cmp ecx, 8
|
||||
ja .last
|
||||
|
||||
dec ecx
|
||||
xor eax, eax
|
||||
rep stosb
|
||||
lea esi, [ebx + ctx_sha2_224256.block]
|
||||
lea eax, [ebx + ctx_sha2_224256.hash]
|
||||
stdcall sha2_224256._.block, eax
|
||||
mov ebx, [_ctx]
|
||||
lea edi, [ebx + ctx_sha2_224256.block]
|
||||
mov ecx, SHA2_224256_BLOCK_SIZE+1
|
||||
.last:
|
||||
dec ecx
|
||||
sub ecx, 8
|
||||
xor eax, eax
|
||||
rep stosb
|
||||
mov eax, [ebx + ctx_sha2_224256.msglen_0]
|
||||
mov edx, [ebx + ctx_sha2_224256.msglen_1]
|
||||
shld edx, eax, 3
|
||||
shl eax, 3
|
||||
bswap eax
|
||||
bswap edx
|
||||
mov dword[edi], edx
|
||||
mov dword[edi+4], eax
|
||||
lea esi, [ebx + ctx_sha2_224256.block]
|
||||
lea eax, [ebx + ctx_sha2_224256.hash]
|
||||
stdcall sha2_224256._.block, eax
|
||||
|
||||
mov ebx, [_ctx]
|
||||
lea eax, [ebx + ctx_sha2_224256.hash]
|
||||
stdcall sha2_224256._.postprocess, ebx, eax
|
||||
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
proc sha2_224256._.postprocess _ctx, _hash
|
||||
mov ecx, 8
|
||||
mov esi, [_hash]
|
||||
mov edi, esi
|
||||
@@:
|
||||
lodsd
|
||||
bswap eax
|
||||
stosd
|
||||
dec ecx
|
||||
jnz @b
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
proc sha2_224.oneshot _ctx, _data, _len
|
||||
stdcall sha2_224.init, [_ctx]
|
||||
stdcall sha2_224.update, [_ctx], [_data], [_len]
|
||||
stdcall sha2_224.finish, [_ctx]
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
proc sha2_256.oneshot _ctx, _data, _len
|
||||
stdcall sha2_256.init, [_ctx]
|
||||
stdcall sha2_256.update, [_ctx], [_data], [_len]
|
||||
stdcall sha2_256.finish, [_ctx]
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
iglobal
|
||||
align SHA2_224256_ALIGN
|
||||
sha2_224._.hash_init dd 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939,\
|
||||
0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4
|
||||
|
||||
sha2_256._.hash_init dd 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,\
|
||||
0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
|
||||
|
||||
sha2_256_table dd 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,\
|
||||
0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,\
|
||||
0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,\
|
||||
0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,\
|
||||
0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,\
|
||||
0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,\
|
||||
0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,\
|
||||
0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,\
|
||||
0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,\
|
||||
0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,\
|
||||
0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,\
|
||||
0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,\
|
||||
0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,\
|
||||
0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,\
|
||||
0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,\
|
||||
0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
|
||||
endg
|
@ -1,34 +1,32 @@
|
||||
; libcrash -- cryptographic hash functions
|
||||
; libcrash -- cryptographic hash (and other) functions
|
||||
;
|
||||
; Copyright (C) 2012-2013,2016,2019 Ivan Baravy (dunkaist)
|
||||
; Copyright (C) <2012-2013,2016,2019,2021> Ivan Baravy
|
||||
;
|
||||
; This program is free software: you can redistribute it and/or modify
|
||||
; it under the terms of the GNU General Public License as published by
|
||||
; the Free Software Foundation, either version 3 of the License, or
|
||||
; (at your option) any later version.
|
||||
; SPDX-License-Identifier: GPL-2.0-or-later
|
||||
;
|
||||
; This program is distributed in the hope that it will be useful,
|
||||
; but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
; GNU General Public License for more details.
|
||||
; This program is free software: you can redistribute it and/or modify it under
|
||||
; the terms of the GNU General Public License as published by the Free Software
|
||||
; Foundation, either version 2 of the License, or (at your option) any later
|
||||
; version.
|
||||
;
|
||||
; You should have received a copy of the GNU General Public License
|
||||
; along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
; This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
; ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
; FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
||||
;
|
||||
; You should have received a copy of the GNU General Public License along with
|
||||
; this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
SHA2_384512_BLOCK_SIZE = 128
|
||||
SHA2_384_BLOCK_SIZE = SHA2_384512_BLOCK_SIZE
|
||||
SHA2_512_BLOCK_SIZE = SHA2_384512_BLOCK_SIZE
|
||||
|
||||
SHA384512_BLOCK_SIZE = 128
|
||||
SHA384_BLOCK_SIZE = SHA384512_BLOCK_SIZE
|
||||
SHA512_BLOCK_SIZE = SHA384512_BLOCK_SIZE
|
||||
SHA384_HASH_SIZE = 48
|
||||
SHA512_HASH_SIZE = 64
|
||||
SHA2_384512_INIT_SIZE = 64
|
||||
SHA2_384512_ALIGN = 16
|
||||
SHA2_384512_ALIGN_MASK = SHA2_384512_ALIGN - 1
|
||||
|
||||
SHA384512_INIT_SIZE = 64
|
||||
SHA384512_ALIGN = 16
|
||||
SHA384512_ALIGN_MASK = SHA384512_ALIGN - 1
|
||||
|
||||
struct ctx_sha384512
|
||||
hash rb SHA384512_INIT_SIZE
|
||||
block rb SHA384512_BLOCK_SIZE
|
||||
struct ctx_sha2_384512
|
||||
hash rb SHA2_384512_INIT_SIZE
|
||||
block rb SHA2_384512_BLOCK_SIZE
|
||||
index rd 1
|
||||
msglen_0 rd 1
|
||||
msglen_1 rd 1
|
||||
@ -48,11 +46,9 @@ struct ctx_sha384512
|
||||
temp rq 1
|
||||
ends
|
||||
|
||||
if defined sizeof.crash_ctx
|
||||
assert sizeof.crash_ctx >= sizeof.ctx_sha384512
|
||||
end if
|
||||
assert sizeof.ctx_sha2_384512 <= LIBCRASH_CTX_LEN
|
||||
|
||||
macro sha384512._.chn x, y, z
|
||||
macro sha2_384512._.chn x, y, z
|
||||
{
|
||||
movq mm0, [y]
|
||||
pxor mm0, [z]
|
||||
@ -60,7 +56,7 @@ macro sha384512._.chn x, y, z
|
||||
pxor mm0, [z]
|
||||
}
|
||||
|
||||
macro sha384512._.maj x, y, z
|
||||
macro sha2_384512._.maj x, y, z
|
||||
{
|
||||
movq mm0, [x]
|
||||
pxor mm0, [y]
|
||||
@ -70,7 +66,7 @@ macro sha384512._.maj x, y, z
|
||||
pxor mm0, mm2
|
||||
}
|
||||
|
||||
macro sha384512._.Sigma0 x
|
||||
macro sha2_384512._.Sigma0 x
|
||||
{
|
||||
movq mm0, x
|
||||
movq mm2, mm0
|
||||
@ -91,7 +87,7 @@ macro sha384512._.Sigma0 x
|
||||
pxor mm0, mm2
|
||||
}
|
||||
|
||||
macro sha384512._.Sigma1 x
|
||||
macro sha2_384512._.Sigma1 x
|
||||
{
|
||||
movq mm0, x
|
||||
movq mm2, mm0
|
||||
@ -112,7 +108,7 @@ macro sha384512._.Sigma1 x
|
||||
pxor mm0, mm2
|
||||
}
|
||||
|
||||
macro sha384512._.sigma0 x
|
||||
macro sha2_384512._.sigma0 x
|
||||
{
|
||||
movq mm0, x
|
||||
movq mm2, mm0
|
||||
@ -130,7 +126,7 @@ macro sha384512._.sigma0 x
|
||||
pxor mm0, mm2
|
||||
}
|
||||
|
||||
macro sha384512._.sigma1 x
|
||||
macro sha2_384512._.sigma1 x
|
||||
{
|
||||
movq mm0, x
|
||||
movq mm2, mm0
|
||||
@ -148,14 +144,14 @@ macro sha384512._.sigma1 x
|
||||
pxor mm0, mm2
|
||||
}
|
||||
|
||||
macro sha384512._.recalculate_w n
|
||||
macro sha2_384512._.recalculate_w n
|
||||
{
|
||||
movq mm3, [w + ((n-2) and 15)*8]
|
||||
sha384512._.sigma1 mm3
|
||||
sha2_384512._.sigma1 mm3
|
||||
paddq mm0, [w + ((n-7) and 15)*8]
|
||||
movq mm6, mm0
|
||||
movq mm3, [w + ((n-15) and 15)*8]
|
||||
sha384512._.sigma0 mm3
|
||||
sha2_384512._.sigma0 mm3
|
||||
movq mm2, mm6
|
||||
paddq mm0, mm2
|
||||
movq mm7, [w + (n)*8]
|
||||
@ -163,13 +159,13 @@ macro sha384512._.recalculate_w n
|
||||
movq [w + (n)*8], mm7
|
||||
}
|
||||
|
||||
macro sha384512._.round a, b, c, d, e, f, g, h, k
|
||||
macro sha2_384512._.round a, b, c, d, e, f, g, h, k
|
||||
{
|
||||
movq mm1, [h]
|
||||
movq mm3, [e]
|
||||
sha384512._.Sigma1 mm3
|
||||
sha2_384512._.Sigma1 mm3
|
||||
paddq mm1, mm0
|
||||
sha384512._.chn e, f, g
|
||||
sha2_384512._.chn e, f, g
|
||||
paddq mm1, mm0
|
||||
paddq mm1, [k]
|
||||
paddq mm1, mm5
|
||||
@ -177,15 +173,15 @@ macro sha384512._.round a, b, c, d, e, f, g, h, k
|
||||
paddq mm7, mm1
|
||||
movq [d], mm7
|
||||
movq mm3, [a]
|
||||
sha384512._.Sigma0 mm3
|
||||
sha2_384512._.Sigma0 mm3
|
||||
paddq mm1, mm0
|
||||
sha384512._.maj a, b, c
|
||||
sha2_384512._.maj a, b, c
|
||||
paddq mm0, mm1
|
||||
movq [h], mm0
|
||||
}
|
||||
|
||||
|
||||
macro sha384512._.round_1_16 a, b, c, d, e, f, g, h, n
|
||||
macro sha2_384512._.round_1_16 a, b, c, d, e, f, g, h, n
|
||||
{
|
||||
|
||||
movq mm0, [esi + (n)*8]
|
||||
@ -201,50 +197,50 @@ macro sha384512._.round_1_16 a, b, c, d, e, f, g, h, n
|
||||
movq mm0, [temp]
|
||||
movq [w + (n)*8], mm0
|
||||
movq mm5, mm0
|
||||
sha384512._.round a, b, c, d, e, f, g, h, (sha384512._.table + (n)*8)
|
||||
sha2_384512._.round a, b, c, d, e, f, g, h, (sha2_384512._.table + (n)*8)
|
||||
}
|
||||
|
||||
macro sha384512._.round_17_64 a, b, c, d, e, f, g, h, n, rep_num
|
||||
macro sha2_384512._.round_17_64 a, b, c, d, e, f, g, h, n, rep_num
|
||||
{
|
||||
sha384512._.recalculate_w n
|
||||
sha2_384512._.recalculate_w n
|
||||
movq mm5, [w + (n)*8]
|
||||
sha384512._.round a, b, c, d, e, f, g, h, (sha384512._.table + (n+16*rep_num)*8)
|
||||
sha2_384512._.round a, b, c, d, e, f, g, h, (sha2_384512._.table + (n+16*rep_num)*8)
|
||||
}
|
||||
|
||||
|
||||
proc sha384.init _ctx
|
||||
proc sha2_384.init uses ebx esi edi, _ctx
|
||||
mov ebx, [_ctx]
|
||||
lea edi, [ebx + ctx_sha384512.hash]
|
||||
mov esi, sha384._.hash_init
|
||||
mov ecx, SHA384512_INIT_SIZE/4
|
||||
lea edi, [ebx + ctx_sha2_384512.hash]
|
||||
mov esi, sha2_384._.hash_init
|
||||
mov ecx, SHA2_384512_INIT_SIZE/4
|
||||
rep movsd
|
||||
xor eax, eax
|
||||
mov [ebx + ctx_sha384512.index], eax
|
||||
mov [ebx + ctx_sha384512.msglen_0], eax
|
||||
mov [ebx + ctx_sha384512.msglen_1], eax
|
||||
mov [ebx + ctx_sha384512.msglen_2], eax
|
||||
mov [ebx + ctx_sha384512.msglen_3], eax
|
||||
mov [ebx + ctx_sha2_384512.index], eax
|
||||
mov [ebx + ctx_sha2_384512.msglen_0], eax
|
||||
mov [ebx + ctx_sha2_384512.msglen_1], eax
|
||||
mov [ebx + ctx_sha2_384512.msglen_2], eax
|
||||
mov [ebx + ctx_sha2_384512.msglen_3], eax
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
proc sha512.init _ctx
|
||||
proc sha2_512.init uses ebx esi edi, _ctx
|
||||
mov ebx, [_ctx]
|
||||
lea edi, [ebx + ctx_sha384512.hash]
|
||||
mov esi, sha512._.hash_init
|
||||
mov ecx, SHA384512_INIT_SIZE/4
|
||||
lea edi, [ebx + ctx_sha2_384512.hash]
|
||||
mov esi, sha2_512._.hash_init
|
||||
mov ecx, SHA2_384512_INIT_SIZE/4
|
||||
rep movsd
|
||||
xor eax, eax
|
||||
mov [ebx + ctx_sha384512.index], eax
|
||||
mov [ebx + ctx_sha384512.msglen_0], eax
|
||||
mov [ebx + ctx_sha384512.msglen_1], eax
|
||||
mov [ebx + ctx_sha384512.msglen_2], eax
|
||||
mov [ebx + ctx_sha384512.msglen_3], eax
|
||||
mov [ebx + ctx_sha2_384512.index], eax
|
||||
mov [ebx + ctx_sha2_384512.msglen_0], eax
|
||||
mov [ebx + ctx_sha2_384512.msglen_1], eax
|
||||
mov [ebx + ctx_sha2_384512.msglen_2], eax
|
||||
mov [ebx + ctx_sha2_384512.msglen_3], eax
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
proc sha384512._.block _hash
|
||||
proc sha2_384512._.block _hash
|
||||
;locals
|
||||
; w rq 80
|
||||
; A rq 1
|
||||
@ -257,16 +253,16 @@ proc sha384512._.block _hash
|
||||
; H rq 1
|
||||
; temp rq 1
|
||||
;endl
|
||||
w equ ebx + ctx_sha384512.w
|
||||
A equ ebx + ctx_sha384512.A
|
||||
B equ ebx + ctx_sha384512.B
|
||||
C equ ebx + ctx_sha384512.C
|
||||
D equ ebx + ctx_sha384512.D
|
||||
E equ ebx + ctx_sha384512.E
|
||||
F equ ebx + ctx_sha384512.F
|
||||
G equ ebx + ctx_sha384512.G
|
||||
H equ ebx + ctx_sha384512.H
|
||||
temp equ ebx + ctx_sha384512.temp
|
||||
w equ ebx + ctx_sha2_384512.w
|
||||
A equ ebx + ctx_sha2_384512.A
|
||||
B equ ebx + ctx_sha2_384512.B
|
||||
C equ ebx + ctx_sha2_384512.C
|
||||
D equ ebx + ctx_sha2_384512.D
|
||||
E equ ebx + ctx_sha2_384512.E
|
||||
F equ ebx + ctx_sha2_384512.F
|
||||
G equ ebx + ctx_sha2_384512.G
|
||||
H equ ebx + ctx_sha2_384512.H
|
||||
temp equ ebx + ctx_sha2_384512.temp
|
||||
|
||||
mov edi, [_hash]
|
||||
movq mm0, [edi + 0x00]
|
||||
@ -287,40 +283,40 @@ temp equ ebx + ctx_sha384512.temp
|
||||
movq [H], mm0
|
||||
|
||||
|
||||
sha384512._.round_1_16 A, B, C, D, E, F, G, H, 0
|
||||
sha384512._.round_1_16 H, A, B, C, D, E, F, G, 1
|
||||
sha384512._.round_1_16 G, H, A, B, C, D, E, F, 2
|
||||
sha384512._.round_1_16 F, G, H, A, B, C, D, E, 3
|
||||
sha384512._.round_1_16 E, F, G, H, A, B, C, D, 4
|
||||
sha384512._.round_1_16 D, E, F, G, H, A, B, C, 5
|
||||
sha384512._.round_1_16 C, D, E, F, G, H, A, B, 6
|
||||
sha384512._.round_1_16 B, C, D, E, F, G, H, A, 7
|
||||
sha384512._.round_1_16 A, B, C, D, E, F, G, H, 8
|
||||
sha384512._.round_1_16 H, A, B, C, D, E, F, G, 9
|
||||
sha384512._.round_1_16 G, H, A, B, C, D, E, F, 10
|
||||
sha384512._.round_1_16 F, G, H, A, B, C, D, E, 11
|
||||
sha384512._.round_1_16 E, F, G, H, A, B, C, D, 12
|
||||
sha384512._.round_1_16 D, E, F, G, H, A, B, C, 13
|
||||
sha384512._.round_1_16 C, D, E, F, G, H, A, B, 14
|
||||
sha384512._.round_1_16 B, C, D, E, F, G, H, A, 15
|
||||
sha2_384512._.round_1_16 A, B, C, D, E, F, G, H, 0
|
||||
sha2_384512._.round_1_16 H, A, B, C, D, E, F, G, 1
|
||||
sha2_384512._.round_1_16 G, H, A, B, C, D, E, F, 2
|
||||
sha2_384512._.round_1_16 F, G, H, A, B, C, D, E, 3
|
||||
sha2_384512._.round_1_16 E, F, G, H, A, B, C, D, 4
|
||||
sha2_384512._.round_1_16 D, E, F, G, H, A, B, C, 5
|
||||
sha2_384512._.round_1_16 C, D, E, F, G, H, A, B, 6
|
||||
sha2_384512._.round_1_16 B, C, D, E, F, G, H, A, 7
|
||||
sha2_384512._.round_1_16 A, B, C, D, E, F, G, H, 8
|
||||
sha2_384512._.round_1_16 H, A, B, C, D, E, F, G, 9
|
||||
sha2_384512._.round_1_16 G, H, A, B, C, D, E, F, 10
|
||||
sha2_384512._.round_1_16 F, G, H, A, B, C, D, E, 11
|
||||
sha2_384512._.round_1_16 E, F, G, H, A, B, C, D, 12
|
||||
sha2_384512._.round_1_16 D, E, F, G, H, A, B, C, 13
|
||||
sha2_384512._.round_1_16 C, D, E, F, G, H, A, B, 14
|
||||
sha2_384512._.round_1_16 B, C, D, E, F, G, H, A, 15
|
||||
|
||||
repeat 4
|
||||
sha384512._.round_17_64 A, B, C, D, E, F, G, H, 0, %
|
||||
sha384512._.round_17_64 H, A, B, C, D, E, F, G, 1, %
|
||||
sha384512._.round_17_64 G, H, A, B, C, D, E, F, 2, %
|
||||
sha384512._.round_17_64 F, G, H, A, B, C, D, E, 3, %
|
||||
sha384512._.round_17_64 E, F, G, H, A, B, C, D, 4, %
|
||||
sha384512._.round_17_64 D, E, F, G, H, A, B, C, 5, %
|
||||
sha384512._.round_17_64 C, D, E, F, G, H, A, B, 6, %
|
||||
sha384512._.round_17_64 B, C, D, E, F, G, H, A, 7, %
|
||||
sha384512._.round_17_64 A, B, C, D, E, F, G, H, 8, %
|
||||
sha384512._.round_17_64 H, A, B, C, D, E, F, G, 9, %
|
||||
sha384512._.round_17_64 G, H, A, B, C, D, E, F, 10, %
|
||||
sha384512._.round_17_64 F, G, H, A, B, C, D, E, 11, %
|
||||
sha384512._.round_17_64 E, F, G, H, A, B, C, D, 12, %
|
||||
sha384512._.round_17_64 D, E, F, G, H, A, B, C, 13, %
|
||||
sha384512._.round_17_64 C, D, E, F, G, H, A, B, 14, %
|
||||
sha384512._.round_17_64 B, C, D, E, F, G, H, A, 15, %
|
||||
sha2_384512._.round_17_64 A, B, C, D, E, F, G, H, 0, %
|
||||
sha2_384512._.round_17_64 H, A, B, C, D, E, F, G, 1, %
|
||||
sha2_384512._.round_17_64 G, H, A, B, C, D, E, F, 2, %
|
||||
sha2_384512._.round_17_64 F, G, H, A, B, C, D, E, 3, %
|
||||
sha2_384512._.round_17_64 E, F, G, H, A, B, C, D, 4, %
|
||||
sha2_384512._.round_17_64 D, E, F, G, H, A, B, C, 5, %
|
||||
sha2_384512._.round_17_64 C, D, E, F, G, H, A, B, 6, %
|
||||
sha2_384512._.round_17_64 B, C, D, E, F, G, H, A, 7, %
|
||||
sha2_384512._.round_17_64 A, B, C, D, E, F, G, H, 8, %
|
||||
sha2_384512._.round_17_64 H, A, B, C, D, E, F, G, 9, %
|
||||
sha2_384512._.round_17_64 G, H, A, B, C, D, E, F, 10, %
|
||||
sha2_384512._.round_17_64 F, G, H, A, B, C, D, E, 11, %
|
||||
sha2_384512._.round_17_64 E, F, G, H, A, B, C, D, 12, %
|
||||
sha2_384512._.round_17_64 D, E, F, G, H, A, B, C, 13, %
|
||||
sha2_384512._.round_17_64 C, D, E, F, G, H, A, B, 14, %
|
||||
sha2_384512._.round_17_64 B, C, D, E, F, G, H, A, 15, %
|
||||
end repeat
|
||||
|
||||
|
||||
@ -355,131 +351,131 @@ restore w,A,B,C,D,E,F,G,H,temp
|
||||
endp
|
||||
|
||||
|
||||
sha384.update = sha384512.update
|
||||
sha512.update = sha384512.update
|
||||
proc sha384512.update _ctx, _msg, _size
|
||||
sha2_384.update = sha2_384512.update
|
||||
sha2_512.update = sha2_384512.update
|
||||
proc sha2_384512.update uses ebx esi edi, _ctx, _msg, _size
|
||||
mov ebx, [_ctx]
|
||||
mov ecx, [_size]
|
||||
add [ebx + ctx_sha384512.msglen_0], ecx
|
||||
adc [ebx + ctx_sha384512.msglen_1], 0
|
||||
adc [ebx + ctx_sha384512.msglen_2], 0
|
||||
adc [ebx + ctx_sha384512.msglen_3], 0
|
||||
add [ebx + ctx_sha2_384512.msglen_0], ecx
|
||||
adc [ebx + ctx_sha2_384512.msglen_1], 0
|
||||
adc [ebx + ctx_sha2_384512.msglen_2], 0
|
||||
adc [ebx + ctx_sha2_384512.msglen_3], 0
|
||||
|
||||
.next_block:
|
||||
.next_block:
|
||||
mov ebx, [_ctx]
|
||||
mov esi, [_msg]
|
||||
mov eax, [ebx + ctx_sha384512.index]
|
||||
and eax, SHA384512_BLOCK_SIZE-1
|
||||
mov eax, [ebx + ctx_sha2_384512.index]
|
||||
and eax, SHA2_384512_BLOCK_SIZE-1
|
||||
jnz .copy_to_buf
|
||||
test esi, SHA384512_ALIGN_MASK
|
||||
test esi, SHA2_384512_ALIGN_MASK
|
||||
jnz .copy_to_buf
|
||||
.no_copy:
|
||||
.no_copy:
|
||||
; data is aligned, hash it in place without copying
|
||||
mov ebx, [_ctx]
|
||||
cmp [_size], SHA384512_BLOCK_SIZE
|
||||
cmp [_size], SHA2_384512_BLOCK_SIZE
|
||||
jb .copy_quit
|
||||
lea eax, [ebx + ctx_sha384512.hash]
|
||||
stdcall sha384512._.block, eax
|
||||
sub [_size], SHA384512_BLOCK_SIZE
|
||||
add esi, SHA384512_BLOCK_SIZE ; FIXME
|
||||
lea eax, [ebx + ctx_sha2_384512.hash]
|
||||
stdcall sha2_384512._.block, eax
|
||||
sub [_size], SHA2_384512_BLOCK_SIZE
|
||||
add esi, SHA2_384512_BLOCK_SIZE ; FIXME
|
||||
jmp .no_copy
|
||||
|
||||
.copy_to_buf:
|
||||
lea edi, [ebx + ctx_sha384512.block]
|
||||
.copy_to_buf:
|
||||
lea edi, [ebx + ctx_sha2_384512.block]
|
||||
add edi, eax
|
||||
mov ecx, SHA384512_BLOCK_SIZE
|
||||
mov ecx, SHA2_384512_BLOCK_SIZE
|
||||
sub ecx, eax
|
||||
cmp [_size], ecx
|
||||
jb .copy_quit
|
||||
sub [_size], ecx
|
||||
add [_msg], ecx
|
||||
add [ebx + ctx_sha384512.index], ecx
|
||||
add [ebx + ctx_sha2_384512.index], ecx
|
||||
rep movsb
|
||||
lea eax, [ebx + ctx_sha384512.hash]
|
||||
lea esi, [ebx + ctx_sha384512.block]
|
||||
stdcall sha384512._.block, eax
|
||||
lea eax, [ebx + ctx_sha2_384512.hash]
|
||||
lea esi, [ebx + ctx_sha2_384512.block]
|
||||
stdcall sha2_384512._.block, eax
|
||||
jmp .next_block
|
||||
|
||||
.copy_quit:
|
||||
.copy_quit:
|
||||
mov ebx, [_ctx]
|
||||
lea edi, [ebx + ctx_sha384512.block]
|
||||
mov eax, [ebx + ctx_sha384512.index]
|
||||
and eax, SHA384512_BLOCK_SIZE-1
|
||||
lea edi, [ebx + ctx_sha2_384512.block]
|
||||
mov eax, [ebx + ctx_sha2_384512.index]
|
||||
and eax, SHA2_384512_BLOCK_SIZE-1
|
||||
add edi, eax
|
||||
mov ecx, [_size]
|
||||
add [ebx + ctx_sha384512.index], ecx
|
||||
add [ebx + ctx_sha2_384512.index], ecx
|
||||
rep movsb
|
||||
.quit:
|
||||
.quit:
|
||||
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
sha384.final = sha384512.final
|
||||
sha512.final = sha384512.final
|
||||
proc sha384512.final _ctx
|
||||
sha2_384.finish = sha2_384512.finish
|
||||
sha2_512.finish = sha2_384512.finish
|
||||
proc sha2_384512.finish uses ebx esi edi, _ctx
|
||||
mov ebx, [_ctx]
|
||||
lea edi, [ebx + ctx_sha384512.block]
|
||||
mov ecx, [ebx + ctx_sha384512.msglen_0]
|
||||
and ecx, SHA384512_BLOCK_SIZE-1
|
||||
lea edi, [ebx + ctx_sha2_384512.block]
|
||||
mov ecx, [ebx + ctx_sha2_384512.msglen_0]
|
||||
and ecx, SHA2_384512_BLOCK_SIZE-1
|
||||
add edi, ecx
|
||||
mov byte[edi], 0x80
|
||||
inc edi
|
||||
neg ecx
|
||||
add ecx, SHA384512_BLOCK_SIZE
|
||||
add ecx, SHA2_384512_BLOCK_SIZE
|
||||
cmp ecx, 16
|
||||
ja .last
|
||||
|
||||
dec ecx
|
||||
xor eax, eax
|
||||
rep stosb
|
||||
lea esi, [ebx + ctx_sha384512.block]
|
||||
lea eax, [ebx + ctx_sha384512.hash]
|
||||
stdcall sha384512._.block, eax
|
||||
lea esi, [ebx + ctx_sha2_384512.block]
|
||||
lea eax, [ebx + ctx_sha2_384512.hash]
|
||||
stdcall sha2_384512._.block, eax
|
||||
mov ebx, [_ctx]
|
||||
lea edi, [ebx + ctx_sha384512.block]
|
||||
mov ecx, SHA384512_BLOCK_SIZE+1
|
||||
.last:
|
||||
lea edi, [ebx + ctx_sha2_384512.block]
|
||||
mov ecx, SHA2_384512_BLOCK_SIZE+1
|
||||
.last:
|
||||
dec ecx
|
||||
sub ecx, 16
|
||||
xor eax, eax
|
||||
rep stosb
|
||||
mov eax, [ebx + ctx_sha384512.msglen_1]
|
||||
shld [ebx + ctx_sha384512.msglen_0], eax, 3
|
||||
mov eax, [ebx + ctx_sha384512.msglen_2]
|
||||
shld [ebx + ctx_sha384512.msglen_1], eax, 3
|
||||
mov eax, [ebx + ctx_sha384512.msglen_3]
|
||||
shld [ebx + ctx_sha384512.msglen_2], eax, 3
|
||||
mov eax, [ebx + ctx_sha2_384512.msglen_1]
|
||||
shld [ebx + ctx_sha2_384512.msglen_0], eax, 3
|
||||
mov eax, [ebx + ctx_sha2_384512.msglen_2]
|
||||
shld [ebx + ctx_sha2_384512.msglen_1], eax, 3
|
||||
mov eax, [ebx + ctx_sha2_384512.msglen_3]
|
||||
shld [ebx + ctx_sha2_384512.msglen_2], eax, 3
|
||||
shl eax, 3
|
||||
bswap eax
|
||||
mov dword[edi + 0], eax
|
||||
mov eax, [ebx + ctx_sha384512.msglen_2]
|
||||
mov eax, [ebx + ctx_sha2_384512.msglen_2]
|
||||
bswap eax
|
||||
mov dword[edi + 4], eax
|
||||
mov eax, [ebx + ctx_sha384512.msglen_1]
|
||||
mov eax, [ebx + ctx_sha2_384512.msglen_1]
|
||||
bswap eax
|
||||
mov dword[edi + 8], eax
|
||||
mov eax, [ebx + ctx_sha384512.msglen_0]
|
||||
mov eax, [ebx + ctx_sha2_384512.msglen_0]
|
||||
bswap eax
|
||||
mov dword[edi + 12], eax
|
||||
mov ebx, [_ctx]
|
||||
lea esi, [ebx + ctx_sha384512.block]
|
||||
lea eax, [ebx + ctx_sha384512.hash]
|
||||
stdcall sha384512._.block, eax
|
||||
lea esi, [ebx + ctx_sha2_384512.block]
|
||||
lea eax, [ebx + ctx_sha2_384512.hash]
|
||||
stdcall sha2_384512._.block, eax
|
||||
|
||||
mov ebx, [_ctx]
|
||||
lea eax, [ebx + ctx_sha384512.hash]
|
||||
stdcall sha384512._.postprocess, ebx, eax
|
||||
lea eax, [ebx + ctx_sha2_384512.hash]
|
||||
stdcall sha2_384512._.postprocess, ebx, eax
|
||||
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
proc sha384512._.postprocess _ctx, _hash
|
||||
proc sha2_384512._.postprocess _ctx, _hash
|
||||
mov ecx, 8
|
||||
mov esi, [_hash]
|
||||
mov edi, esi
|
||||
@@:
|
||||
@@:
|
||||
lodsd
|
||||
mov ebx, eax
|
||||
lodsd
|
||||
@ -495,35 +491,35 @@ proc sha384512._.postprocess _ctx, _hash
|
||||
endp
|
||||
|
||||
|
||||
proc sha384.oneshot _ctx, _data, _len
|
||||
stdcall sha384.init, [_ctx]
|
||||
stdcall sha384.update, [_ctx], [_data], [_len]
|
||||
stdcall sha384.final, [_ctx]
|
||||
proc sha2_384.oneshot _ctx, _data, _len
|
||||
stdcall sha2_384.init, [_ctx]
|
||||
stdcall sha2_384.update, [_ctx], [_data], [_len]
|
||||
stdcall sha2_384.finish, [_ctx]
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
proc sha512.oneshot _ctx, _data, _len
|
||||
stdcall sha512.init, [_ctx]
|
||||
stdcall sha512.update, [_ctx], [_data], [_len]
|
||||
stdcall sha512.final, [_ctx]
|
||||
proc sha2_512.oneshot _ctx, _data, _len
|
||||
stdcall sha2_512.init, [_ctx]
|
||||
stdcall sha2_512.update, [_ctx], [_data], [_len]
|
||||
stdcall sha2_512.finish, [_ctx]
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
iglobal
|
||||
align SHA384512_ALIGN
|
||||
sha384._.hash_init dq 0xcbbb9d5dc1059ed8, 0x629a292a367cd507,\
|
||||
align SHA2_384512_ALIGN
|
||||
sha2_384._.hash_init dq 0xcbbb9d5dc1059ed8, 0x629a292a367cd507,\
|
||||
0x9159015a3070dd17, 0x152fecd8f70e5939,\
|
||||
0x67332667ffc00b31, 0x8eb44a8768581511,\
|
||||
0xdb0c2e0d64f98fa7, 0x47b5481dbefa4fa4
|
||||
|
||||
sha512._.hash_init dq 0x6a09e667f3bcc908, 0xbb67ae8584caa73b,\
|
||||
sha2_512._.hash_init dq 0x6a09e667f3bcc908, 0xbb67ae8584caa73b,\
|
||||
0x3c6ef372fe94f82b, 0xa54ff53a5f1d36f1,\
|
||||
0x510e527fade682d1, 0x9b05688c2b3e6c1f,\
|
||||
0x1f83d9abfb41bd6b, 0x5be0cd19137e2179
|
||||
|
||||
sha384512._.table dq 0x428a2f98d728ae22, 0x7137449123ef65cd,\
|
||||
sha2_384512._.table dq 0x428a2f98d728ae22, 0x7137449123ef65cd,\
|
||||
0xb5c0fbcfec4d3b2f, 0xe9b5dba58189dbbc,\
|
||||
0x3956c25bf348b538, 0x59f111f1b605d019,\
|
||||
0x923f82a4af194f9b, 0xab1c5ed5da6d8118,\
|
@ -1,31 +1,26 @@
|
||||
; libcrash -- cryptographic hash functions
|
||||
; libcrash -- cryptographic hash (and other) functions
|
||||
;
|
||||
; Copyright (C) 2013,2016,2019 Ivan Baravy (dunkaist)
|
||||
; Copyright (C) <2013,2016,2019,2021> Ivan Baravy
|
||||
;
|
||||
; This program is free software: you can redistribute it and/or modify
|
||||
; it under the terms of the GNU General Public License as published by
|
||||
; the Free Software Foundation, either version 3 of the License, or
|
||||
; (at your option) any later version.
|
||||
; SPDX-License-Identifier: GPL-2.0-or-later
|
||||
;
|
||||
; This program is distributed in the hope that it will be useful,
|
||||
; but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
; GNU General Public License for more details.
|
||||
; This program is free software: you can redistribute it and/or modify it under
|
||||
; the terms of the GNU General Public License as published by the Free Software
|
||||
; Foundation, either version 2 of the License, or (at your option) any later
|
||||
; version.
|
||||
;
|
||||
; You should have received a copy of the GNU General Public License
|
||||
; along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
|
||||
SHA3_224_HASH_SIZE = 28
|
||||
SHA3_256_HASH_SIZE = 32
|
||||
SHA3_384_HASH_SIZE = 48
|
||||
SHA3_512_HASH_SIZE = 64
|
||||
; This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
; ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
; FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
||||
;
|
||||
; You should have received a copy of the GNU General Public License along with
|
||||
; this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
SHA3_224_BLOCK_SIZE = 144
|
||||
SHA3_256_BLOCK_SIZE = 136
|
||||
SHA3_384_BLOCK_SIZE = 104
|
||||
SHA3_512_BLOCK_SIZE = 72
|
||||
SHA3MAX_BLOCK_SIZE = SHA3_224_BLOCK_SIZE
|
||||
SHA3_MAX_BLOCK_SIZE = SHA3_224_BLOCK_SIZE
|
||||
|
||||
SHA3_INIT_SIZE = 200
|
||||
SHA3_ALIGN = 16
|
||||
@ -34,8 +29,8 @@ SHA3_ALIGN_MASK = SHA3_ALIGN-1
|
||||
struct ctx_sha3
|
||||
hash rb SHA3_INIT_SIZE
|
||||
rb SHA3_ALIGN - (SHA3_INIT_SIZE mod SHA3_ALIGN)
|
||||
block rb SHA3MAX_BLOCK_SIZE
|
||||
rb SHA3_ALIGN - (SHA3MAX_BLOCK_SIZE mod SHA3_ALIGN)
|
||||
block rb SHA3_MAX_BLOCK_SIZE
|
||||
rb SHA3_ALIGN - (SHA3_MAX_BLOCK_SIZE mod SHA3_ALIGN)
|
||||
index rd 1
|
||||
block_size rd 1
|
||||
rounds_cnt rd 1
|
||||
@ -45,9 +40,7 @@ struct ctx_sha3
|
||||
D rq 5
|
||||
ends
|
||||
|
||||
if defined sizeof.crash_ctx
|
||||
assert sizeof.crash_ctx >= sizeof.ctx_sha3
|
||||
end if
|
||||
assert sizeof.ctx_sha3 <= LIBCRASH_CTX_LEN
|
||||
|
||||
macro sha3._.rol_xor nd, ncl, ncr
|
||||
{
|
||||
@ -263,7 +256,7 @@ end repeat
|
||||
endp
|
||||
|
||||
|
||||
proc sha3._.init _ctx
|
||||
proc sha3._.init uses edi
|
||||
mov [ebx + ctx_sha3.block_size], eax
|
||||
shr eax, 3
|
||||
dec eax
|
||||
@ -277,7 +270,7 @@ proc sha3._.init _ctx
|
||||
endp
|
||||
|
||||
|
||||
proc sha3_224.init _ctx
|
||||
proc sha3_224.init uses ebx, _ctx
|
||||
mov ebx, [_ctx]
|
||||
mov eax, SHA3_224_BLOCK_SIZE
|
||||
stdcall sha3._.init
|
||||
@ -285,7 +278,7 @@ proc sha3_224.init _ctx
|
||||
endp
|
||||
|
||||
|
||||
proc sha3_256.init _ctx
|
||||
proc sha3_256.init uses ebx, _ctx
|
||||
mov ebx, [_ctx]
|
||||
mov eax, SHA3_256_BLOCK_SIZE
|
||||
stdcall sha3._.init
|
||||
@ -293,7 +286,7 @@ proc sha3_256.init _ctx
|
||||
endp
|
||||
|
||||
|
||||
proc sha3_384.init _ctx
|
||||
proc sha3_384.init uses ebx, _ctx
|
||||
mov ebx, [_ctx]
|
||||
mov eax, SHA3_384_BLOCK_SIZE
|
||||
stdcall sha3._.init
|
||||
@ -301,7 +294,7 @@ proc sha3_384.init _ctx
|
||||
endp
|
||||
|
||||
|
||||
proc sha3_512.init _ctx
|
||||
proc sha3_512.init uses ebx, _ctx
|
||||
mov ebx, [_ctx]
|
||||
mov eax, SHA3_512_BLOCK_SIZE
|
||||
stdcall sha3._.init
|
||||
@ -330,8 +323,8 @@ sha3_224.update = sha3.update
|
||||
sha3_256.update = sha3.update
|
||||
sha3_384.update = sha3.update
|
||||
sha3_512.update = sha3.update
|
||||
proc sha3.update _ctx, _msg, _size
|
||||
.next_block:
|
||||
proc sha3.update uses ebx esi edi, _ctx, _msg, _size
|
||||
.next_block:
|
||||
mov ebx, [_ctx]
|
||||
mov esi, [_msg]
|
||||
mov eax, [ebx + ctx_sha3.index]
|
||||
@ -339,7 +332,7 @@ proc sha3.update _ctx, _msg, _size
|
||||
jnz .copy_to_buf
|
||||
test esi, SHA3_ALIGN_MASK
|
||||
jnz .copy_to_buf
|
||||
.no_copy:
|
||||
.no_copy:
|
||||
; data is aligned, hash it in place without copying
|
||||
mov ebx, [_ctx]
|
||||
mov eax, [ebx + ctx_sha3.block_size]
|
||||
@ -354,7 +347,7 @@ proc sha3.update _ctx, _msg, _size
|
||||
add esi, [ebx + ctx_sha3.block_size]
|
||||
jmp .no_copy
|
||||
|
||||
.copy_to_buf:
|
||||
.copy_to_buf:
|
||||
lea edi, [ebx + ctx_sha3.block]
|
||||
add edi, eax
|
||||
mov ecx, [ebx + ctx_sha3.block_size]
|
||||
@ -375,7 +368,7 @@ proc sha3.update _ctx, _msg, _size
|
||||
stdcall sha3._.block, eax
|
||||
jmp .next_block
|
||||
|
||||
.copy_quit:
|
||||
.copy_quit:
|
||||
mov ebx, [_ctx]
|
||||
lea edi, [ebx + ctx_sha3.block]
|
||||
mov eax, [ebx + ctx_sha3.index]
|
||||
@ -383,33 +376,22 @@ proc sha3.update _ctx, _msg, _size
|
||||
mov ecx, [_size]
|
||||
add [ebx + ctx_sha3.index], ecx
|
||||
rep movsb
|
||||
.quit:
|
||||
.quit:
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
sha3_224.final = sha3.final
|
||||
sha3_256.final = sha3.final
|
||||
sha3_384.final = sha3.final
|
||||
sha3_512.final = sha3.final
|
||||
proc sha3.final _ctx
|
||||
pushad
|
||||
sha3_224.finish = sha3.finish
|
||||
sha3_256.finish = sha3.finish
|
||||
sha3_384.finish = sha3.finish
|
||||
sha3_512.finish = sha3.finish
|
||||
proc sha3.finish uses ebx esi edi, _ctx
|
||||
mov ebx, [_ctx]
|
||||
mov eax, [ebx + ctx_sha3.index]
|
||||
xor edx, edx
|
||||
mov ecx, [ebx + ctx_sha3.block_size]
|
||||
div ecx
|
||||
sub ecx, edx
|
||||
ja @f
|
||||
add ecx, [ebx + ctx_sha3.block_size]
|
||||
@@:
|
||||
add [ebx + ctx_sha3.index], ecx
|
||||
mov eax, [ebx + ctx_sha3.block_size]
|
||||
cmp [ebx + ctx_sha3.index], eax
|
||||
jb @f
|
||||
sub [ebx + ctx_sha3.index], eax
|
||||
@@:
|
||||
|
||||
sub ecx, eax
|
||||
lea edi, [ebx+ctx_sha3.block]
|
||||
add edi, eax
|
||||
mov byte[edi], 0x06
|
||||
inc edi
|
||||
dec ecx
|
||||
@ -425,8 +407,6 @@ proc sha3.final _ctx
|
||||
mov ebx, [_ctx]
|
||||
lea eax, [ebx + ctx_sha3.hash]
|
||||
stdcall sha3._.postprocess, ebx, eax
|
||||
|
||||
popad
|
||||
ret
|
||||
endp
|
||||
|
||||
@ -440,7 +420,7 @@ endp
|
||||
proc sha3_224.oneshot _ctx, _data, _len
|
||||
stdcall sha3_224.init, [_ctx]
|
||||
stdcall sha3.update, [_ctx], [_data], [_len]
|
||||
stdcall sha3.final, [_ctx]
|
||||
stdcall sha3.finish, [_ctx]
|
||||
ret
|
||||
endp
|
||||
|
||||
@ -448,7 +428,7 @@ endp
|
||||
proc sha3_256.oneshot _ctx, _data, _len
|
||||
stdcall sha3_256.init, [_ctx]
|
||||
stdcall sha3.update, [_ctx], [_data], [_len]
|
||||
stdcall sha3.final, [_ctx]
|
||||
stdcall sha3.finish, [_ctx]
|
||||
ret
|
||||
endp
|
||||
|
||||
@ -456,7 +436,7 @@ endp
|
||||
proc sha3_384.oneshot _ctx, _data, _len
|
||||
stdcall sha3_384.init, [_ctx]
|
||||
stdcall sha3.update, [_ctx], [_data], [_len]
|
||||
stdcall sha3.final, [_ctx]
|
||||
stdcall sha3.finish, [_ctx]
|
||||
ret
|
||||
endp
|
||||
|
||||
@ -464,7 +444,7 @@ endp
|
||||
proc sha3_512.oneshot _ctx, _data, _len
|
||||
stdcall sha3_512.init, [_ctx]
|
||||
stdcall sha3.update, [_ctx], [_data], [_len]
|
||||
stdcall sha3.final, [_ctx]
|
||||
stdcall sha3.finish, [_ctx]
|
||||
ret
|
||||
endp
|
||||
|
468
programs/develop/libraries/libcrash/libcrash.asm
Normal file
468
programs/develop/libraries/libcrash/libcrash.asm
Normal file
@ -0,0 +1,468 @@
|
||||
; libcrash -- cryptographic hash (and other) functions
|
||||
;
|
||||
; Copyright (C) <2012-2014,2016,2019,2021> Ivan Baravy
|
||||
;
|
||||
; SPDX-License-Identifier: GPL-2.0-or-later
|
||||
;
|
||||
; This program is free software: you can redistribute it and/or modify it under
|
||||
; the terms of the GNU General Public License as published by the Free Software
|
||||
; Foundation, either version 2 of the License, or (at your option) any later
|
||||
; version.
|
||||
;
|
||||
; This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
; ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
; FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
||||
;
|
||||
; You should have received a copy of the GNU General Public License along with
|
||||
; this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
format MS COFF
|
||||
|
||||
public @EXPORT as 'EXPORTS'
|
||||
|
||||
include 'proc32.inc'
|
||||
include 'struct.inc'
|
||||
include 'macros.inc'
|
||||
include 'kglobals.inc'
|
||||
|
||||
purge section,mov,add,sub
|
||||
section '.flat' code readable align 16
|
||||
|
||||
include 'libcrash.inc'
|
||||
include 'hash/crc32.asm'
|
||||
include 'hash/md5.asm'
|
||||
include 'hash/sha1.asm'
|
||||
include 'hash/sha2_224_256.asm'
|
||||
include 'hash/sha2_384_512.asm'
|
||||
include 'hash/sha3.asm'
|
||||
include 'mac/poly1305.asm'
|
||||
include 'mac/hmac.asm'
|
||||
include 'cipher/chacha20.asm'
|
||||
include 'cipher/mode/ctr.asm'
|
||||
include 'cipher/mode/cbc.asm'
|
||||
include 'cipher/aes.asm'
|
||||
include 'cipher/aes_ctr.asm'
|
||||
include 'cipher/aes_cbc.asm'
|
||||
|
||||
LIBCRASH_BUF_SIZE = 0x1000
|
||||
|
||||
struct hash_item
|
||||
init dd ?
|
||||
update dd ?
|
||||
finish dd ?
|
||||
oneshot dd ?
|
||||
ctx_size dd ?
|
||||
out_size dd ?
|
||||
ends
|
||||
|
||||
struct mac_item
|
||||
init dd ?
|
||||
update dd ?
|
||||
finish dd ?
|
||||
oneshot dd ?
|
||||
ctx_size dd ?
|
||||
out_size dd ?
|
||||
ends
|
||||
|
||||
struct cipher_item ; FIXME merge *_item, why not
|
||||
init dd ?
|
||||
update dd ?
|
||||
finish dd ?
|
||||
oneshot dd ?
|
||||
ctx_size dd ?
|
||||
dd ? ; placeholder for out_size
|
||||
ends
|
||||
|
||||
; Initialize the library.
|
||||
; This must be the first called function of the library.
|
||||
; Parameters:
|
||||
; eax = function pointer to allocate memory:
|
||||
; stdcall void *alloc(size_t size)
|
||||
; ebx = function pointer to free memory:
|
||||
; stdcall void free(void *ptr)
|
||||
; Return value: none
|
||||
proc crash.init
|
||||
mov [mem.alloc], eax
|
||||
mov [mem.free], ebx
|
||||
ret
|
||||
endp
|
||||
|
||||
; Hash data read by a callback read function.
|
||||
; The function calls the read callback until it returns 0, and hashes the read
|
||||
; data with the specified algorithm. The result is written to the specified
|
||||
; buffer in binary format.
|
||||
; Parameters:
|
||||
; [_id] = ID of a hash function to use.
|
||||
; [_clbk_read] = function pointer to read data:
|
||||
; stdcall ssize_t clbk_read(void *user, void *buf, size_t size)
|
||||
; [_user] = pointer to user-specified data passed to the read callback as is.
|
||||
; [_out] = buffer pointer where a hash value is to be written to.
|
||||
; Return value:
|
||||
; binary hash value in [_out] buffer.
|
||||
proc crash.hash uses ebx esi edi, _id, _clbk_read, _user, _out
|
||||
locals
|
||||
.ctx dd ?
|
||||
.buf dd ?
|
||||
endl
|
||||
; alloc buf
|
||||
mov eax, [io_buf_size]
|
||||
add eax, LIBCRASH_MAX_PAD_LEN
|
||||
stdcall [mem.alloc], eax
|
||||
test eax, eax
|
||||
jz .quit
|
||||
mov [.buf], eax
|
||||
; alloc ctx
|
||||
mov eax, [_id]
|
||||
imul eax, sizeof.hash_item
|
||||
lea ebx, [crash._.hash_table+eax]
|
||||
stdcall [mem.alloc], [ebx+hash_item.ctx_size]
|
||||
test eax, eax
|
||||
jz .quit_free_buf
|
||||
mov [.ctx], eax
|
||||
|
||||
stdcall [ebx+hash_item.init], [.ctx]
|
||||
.update:
|
||||
stdcall [_clbk_read], [_user], [.buf], [io_buf_size]
|
||||
test eax, eax
|
||||
jz .finish
|
||||
stdcall [ebx+hash_item.update], [.ctx], [.buf], eax
|
||||
jmp .update
|
||||
.finish:
|
||||
stdcall [ebx+hash_item.finish], [.ctx]
|
||||
mov esi, [.ctx]
|
||||
mov edi, [_out]
|
||||
mov ecx, [ebx+hash_item.out_size]
|
||||
rep movsd
|
||||
.quit_free_buf_ctx:
|
||||
stdcall [mem.free], [.ctx]
|
||||
.quit_free_buf:
|
||||
stdcall [mem.free], [.buf]
|
||||
.quit:
|
||||
ret
|
||||
endp
|
||||
|
||||
; Calculate MAC of data read by a callback read function.
|
||||
; The function calls the read callback until it returns 0, and calculates a MAC
|
||||
; using a specified algorithm and a key. The result is written to the specified
|
||||
; buffer.
|
||||
; Parameters:
|
||||
; [_id] = ID of a MAC function to use.
|
||||
; [_key] = key pointer, no NULL terminator is needed
|
||||
; [_key_len] = length of the [_key] data, in bytes
|
||||
; [_clbk_read] = function pointer to read data:
|
||||
; stdcall ssize_t clbk_read(void *user, void *buf, size_t size)
|
||||
; [_user] = pointer to user-specified data passed to the read callback as is.
|
||||
; [_out] = buffer pointer where a MAC value is to be written to.
|
||||
; Return value:
|
||||
; Binary MAC value in [_out] buffer.
|
||||
proc crash.mac uses ebx esi edi, _id, _key, _key_len, _clbk_read, _user, _out
|
||||
locals
|
||||
.ctx dd ?
|
||||
.buf dd ?
|
||||
endl
|
||||
; alloc buf
|
||||
mov eax, [io_buf_size]
|
||||
add eax, LIBCRASH_MAX_PAD_LEN
|
||||
stdcall [mem.alloc], eax
|
||||
test eax, eax
|
||||
jz .quit
|
||||
mov [.buf], eax
|
||||
; alloc ctx
|
||||
mov eax, [_id]
|
||||
imul eax, sizeof.mac_item
|
||||
lea ebx, [crash._.mac_table+eax]
|
||||
stdcall [mem.alloc], [ebx+mac_item.ctx_size]
|
||||
test eax, eax
|
||||
jz .quit_free_buf
|
||||
mov [.ctx], eax
|
||||
|
||||
stdcall [ebx+mac_item.init], [.ctx], [_key], [_key_len]
|
||||
.update:
|
||||
stdcall [_clbk_read], [_user], [.buf], [io_buf_size]
|
||||
test eax, eax
|
||||
jz .finish
|
||||
stdcall [ebx+mac_item.update], [.ctx], [.buf], eax
|
||||
jmp .update
|
||||
.finish:
|
||||
stdcall [ebx+mac_item.finish], [.ctx]
|
||||
mov esi, [.ctx]
|
||||
mov edi, [_out]
|
||||
mov ecx, [ebx+mac_item.out_size]
|
||||
rep movsd
|
||||
.quit_free_buf_ctx:
|
||||
stdcall [mem.free], [.ctx]
|
||||
.quit_free_buf:
|
||||
stdcall [mem.free], [.buf]
|
||||
.quit:
|
||||
ret
|
||||
endp
|
||||
|
||||
; Encrypt or decrypt data read by a callback read function.
|
||||
; The function calls the read callback until it returns 0, and encrypts or
|
||||
; decrypts the data using a specified algorithm, a key and an input vector.
|
||||
; The result is passed to the write callback function.
|
||||
; * The maximum difference in input/output data lengths is LIBCRASH_MAX_PAD_LEN.
|
||||
; * The input and output buffers can sometimes be the same buffer depending on
|
||||
; the cipher. If unsure, use different buffers.
|
||||
; Parameters:
|
||||
; [_id] = ID of a MAC function to use.
|
||||
; [_flags] = see LIBCRASH_CIPHER_* in libcrash.inc
|
||||
; [_key] = key pointer, NULL terminated
|
||||
; [_iv] = input vector pointer, no NULL terminator is needed
|
||||
; [_clbk_read] = function pointer to read data:
|
||||
; stdcall ssize_t clbk_read(void *user, void *buf, size_t size)
|
||||
; [_user_read] = pointer to user-specified data passed to the read callback.
|
||||
; [_clbk_write] = function pointer to write data:
|
||||
; stdcall void clbk_write(void *user, void *buf, size_t size)
|
||||
; [_user_write] = pointer to user-specified data passed to the write callback.
|
||||
; Return value: none
|
||||
proc crash.crypt uses ebx esi edi, _id, _flags, _key, _iv, _clbk_read, \
|
||||
_user_read, _clbk_write, _user_write
|
||||
locals
|
||||
.ctx dd ?
|
||||
.buf dd ?
|
||||
.buf_in dd ?
|
||||
.buf_out dd ?
|
||||
endl
|
||||
; alloc buf
|
||||
mov eax, [io_buf_size]
|
||||
mov [.buf_out], eax
|
||||
shl eax, 1
|
||||
add eax, LIBCRASH_MAX_PAD_LEN
|
||||
stdcall [mem.alloc], eax
|
||||
test eax, eax
|
||||
jz .quit
|
||||
mov [.buf], eax
|
||||
mov [.buf_in], eax
|
||||
add [.buf_out], eax
|
||||
; alloc ctx
|
||||
mov eax, [_id]
|
||||
imul eax, sizeof.cipher_item
|
||||
lea ebx, [crash._.cipher_table+eax]
|
||||
stdcall [mem.alloc], [ebx+cipher_item.ctx_size]
|
||||
test eax, eax
|
||||
jz .quit_free_buf
|
||||
mov [.ctx], eax
|
||||
|
||||
stdcall [ebx+cipher_item.init], [.ctx], [_key], [_iv], [_flags]
|
||||
.update:
|
||||
stdcall [_clbk_read], [_user_read], [.buf_in], [io_buf_size]
|
||||
test eax, eax
|
||||
jz .finish
|
||||
stdcall [ebx+cipher_item.update], [.ctx], [.buf_in], eax, [.buf_out]
|
||||
stdcall [_clbk_write], [_user_write], [.buf_out], eax
|
||||
jmp .update
|
||||
.finish:
|
||||
stdcall [ebx+cipher_item.finish], [.ctx], [.buf_out]
|
||||
stdcall [_clbk_write], [_user_write], [.buf_out], eax
|
||||
.quit_free_buf_ctx:
|
||||
stdcall [mem.free], [.ctx]
|
||||
.quit_free_buf:
|
||||
stdcall [mem.free], [.buf]
|
||||
.quit:
|
||||
ret
|
||||
endp
|
||||
|
||||
; These crash.*_oneshot functions below are wrappers to <hash_name>.oneshot,
|
||||
; <mac_name>.oneshot and <cipher_name>.oneshot functions. The functions pop
|
||||
; [_id] argument from the stack and jump to the oneshot function of the
|
||||
; corresponding algorithm with all the other arguments in place.
|
||||
; You can also call <hash_name/mac_name/cipher_name>.oneshot functions directly.
|
||||
|
||||
; Hash data in a buffer.
|
||||
; The function hashes data in the specified buffer with the specified algorithm.
|
||||
; The result is written to the very beginning of the specified context buffer in
|
||||
; binary format.
|
||||
; Parameters:
|
||||
; [_id] = ID of a hash function to use.
|
||||
; [_ctx] = buffer pointer for internal use, LIBCRASH_CTX_LEN bytes is enough.
|
||||
; [_in] = pointer to input data
|
||||
; [_len] = length of input data
|
||||
; Return value:
|
||||
; binary hash value in [_ctx] buffer.
|
||||
crash.hash_oneshot: ; _id, _ctx, _in, _len
|
||||
pop eax
|
||||
xchg eax, [esp]
|
||||
imul eax, sizeof.hash_item
|
||||
lea eax, [crash._.hash_table+eax]
|
||||
jmp [eax+hash_item.oneshot]
|
||||
|
||||
; Calculate MAC of data in the buffer.
|
||||
; The function calculates a MAC of data in the specified buffer with the
|
||||
; specified algorithm and key. The result is written to the very beginning of
|
||||
; the specified context buffer in binary format.
|
||||
; Parameters:
|
||||
; [_id] = ID of a hash function to use.
|
||||
; [_ctx] = buffer pointer for internal use, LIBCRASH_CTX_LEN bytes is enough.
|
||||
; [_in] = pointer to input data
|
||||
; [_len] = length of input data
|
||||
; [_key] = key pointer, no NULL terminator is needed
|
||||
; [_key_len] = length of the [_key] data, in bytes
|
||||
; Return value:
|
||||
; binary MAC value in [_ctx] buffer.
|
||||
crash.mac_oneshot: ; _id, _ctx, _in, _len, _key, _key_len
|
||||
pop eax
|
||||
xchg eax, [esp]
|
||||
imul eax, sizeof.mac_item
|
||||
lea eax, [crash._.mac_table+eax]
|
||||
jmp [eax+mac_item.oneshot]
|
||||
|
||||
; Encrypt or decrypt data in buffer.
|
||||
; The function encrypts or decrypts data in the specified buffer using a
|
||||
; specified algorithm, a key and an input vector. The result is written to
|
||||
; another specified buffer.
|
||||
; * The input and output buffers can sometimes be the same buffer depending on
|
||||
; the cipher. If unsure, use different buffers.
|
||||
; * The maximum difference in input/output data lengths is LIBCRASH_MAX_PAD_LEN.
|
||||
; Parameters:
|
||||
; [_id] = ID of a MAC function to use.
|
||||
; [_ctx] = buffer pointer for internal use, LIBCRASH_CTX_LEN bytes is enough.
|
||||
; [_key] = key pointer, NULL terminated
|
||||
; [_iv] = input vector pointer, no NULL terminator is needed
|
||||
; [_flags] = see LIBCRASH_CIPHER_* in libcrash.inc
|
||||
; [_in] = pointer to input data
|
||||
; [_len] = length of input data
|
||||
; [_out] = pointer to output data
|
||||
; Return value: none
|
||||
crash.crypt_oneshot: ; _id, _ctx, _key, _iv, _flags, _in, _len, _out
|
||||
pop eax
|
||||
xchg eax, [esp]
|
||||
imul eax, sizeof.cipher_item
|
||||
lea eax, [crash._.cipher_table+eax]
|
||||
jmp [eax+cipher_item.oneshot]
|
||||
|
||||
section '.data' writeable align 16
|
||||
mem.alloc dd ?
|
||||
mem.free dd ?
|
||||
io_buf_size dd LIBCRASH_BUF_SIZE
|
||||
; FIXME: IDs shouldn't be indexes, should they?
|
||||
align 4
|
||||
crash._.hash_table dd \
|
||||
crc32.init, crc32.update, crc32.finish, crc32.oneshot, \
|
||||
sizeof.ctx_crc32, CRC32_LEN/4, \
|
||||
md5.init, md5.update, md5.finish, md5.oneshot, \
|
||||
sizeof.ctx_md5, MD5_LEN/4, \
|
||||
sha1.init, sha1.update, sha1.finish, sha1.oneshot, \
|
||||
sizeof.ctx_sha1, SHA1_LEN/4, \
|
||||
sha2_224.init, sha2_224.update, sha2_224.finish, sha2_224.oneshot, \
|
||||
sizeof.ctx_sha2_224256, SHA2_224_LEN/4, \
|
||||
sha2_256.init, sha2_256.update, sha2_256.finish, sha2_256.oneshot, \
|
||||
sizeof.ctx_sha2_224256, SHA2_256_LEN/4, \
|
||||
sha2_384.init, sha2_384.update, sha2_384.finish, sha2_384.oneshot, \
|
||||
sizeof.ctx_sha2_384512, SHA2_384_LEN/4, \
|
||||
sha2_512.init, sha2_512.update, sha2_512.finish, sha2_512.oneshot, \
|
||||
sizeof.ctx_sha2_384512, SHA2_512_LEN/4, \
|
||||
sha3_224.init, sha3.update, sha3.finish, sha3_224.oneshot, \
|
||||
sizeof.ctx_sha3, SHA3_224_LEN/4, \
|
||||
sha3_256.init, sha3.update, sha3.finish, sha3_256.oneshot, \
|
||||
sizeof.ctx_sha3, SHA3_256_LEN/4, \
|
||||
sha3_384.init, sha3.update, sha3.finish, sha3_384.oneshot, \
|
||||
sizeof.ctx_sha3, SHA3_384_LEN/4, \
|
||||
sha3_512.init, sha3.update, sha3.finish, sha3_512.oneshot, \
|
||||
sizeof.ctx_sha3, SHA3_512_LEN/4, \
|
||||
0
|
||||
|
||||
align 4
|
||||
crash._.mac_table dd \
|
||||
poly1305.init, poly1305.update, poly1305.finish, \
|
||||
poly1305.oneshot, sizeof.ctx_poly1305, POLY1305_LEN/4, \
|
||||
hmac_sha2_256.init, hmac_sha2_256.update, hmac_sha2_256.finish, \
|
||||
hmac_sha2_256.oneshot, sizeof.ctx_hmac, HMAC_SHA2_256_LEN/4, \
|
||||
hmac_sha2_512.init, hmac_sha2_512.update, hmac_sha2_512.finish, \
|
||||
hmac_sha2_512.oneshot, sizeof.ctx_hmac, HMAC_SHA2_512_LEN/4, \
|
||||
0
|
||||
|
||||
align 4
|
||||
crash._.cipher_table dd \
|
||||
chacha20.init, chacha20.update, chacha20.finish, chacha20.oneshot, \
|
||||
sizeof.ctx_chacha20, 0, \
|
||||
aes256ctr.init, aes256ctr.update, aes256ctr.finish, aes256ctr.oneshot, \
|
||||
sizeof.ctx_aes_ctr, 0, \
|
||||
aes256cbc.init, aes256cbc.update, aes256cbc.finish, aes256cbc.oneshot, \
|
||||
sizeof.ctx_aes_cbc, 0, \
|
||||
0
|
||||
|
||||
IncludeIGlobals
|
||||
|
||||
align 4
|
||||
@EXPORT:
|
||||
|
||||
export \
|
||||
crash.init, "lib_init", \
|
||||
crash.hash, "crash_hash", \
|
||||
crash.mac, "crash_mac", \
|
||||
crash.crypt, "crash_crypt", \
|
||||
crash.hash_oneshot, "crash_hash_oneshot", \
|
||||
crash.mac_oneshot, "crash_mac_oneshot", \
|
||||
crash.crypt_oneshot, "crash_crypt_oneshot", \
|
||||
\
|
||||
crc32.init, "crc32_init", \
|
||||
crc32.update, "crc32_update", \
|
||||
crc32.finish, "crc32_finish", \
|
||||
crc32.oneshot, "crc32_oneshot", \
|
||||
md5.init, "md5_init", \
|
||||
md5.update, "md5_update", \
|
||||
md5.finish, "md5_finish", \
|
||||
md5.oneshot, "md5_oneshot", \
|
||||
sha1.init, "sha1_init", \
|
||||
sha1.update, "sha1_update", \
|
||||
sha1.finish, "sha1_finish", \
|
||||
sha1.oneshot, "sha1_oneshot", \
|
||||
sha2_224.init, "sha2_224_init", \
|
||||
sha2_224.update, "sha2_224_update", \
|
||||
sha2_224.finish, "sha2_224_finish", \
|
||||
sha2_224.oneshot, "sha2_224_oneshot", \
|
||||
sha2_256.init, "sha2_256_init", \
|
||||
sha2_256.update, "sha2_256_update", \
|
||||
sha2_256.finish, "sha2_256_finish", \
|
||||
sha2_256.oneshot, "sha2_256_oneshot", \
|
||||
sha2_384.init, "sha2_384_init", \
|
||||
sha2_384.update, "sha2_384_update", \
|
||||
sha2_384.finish, "sha2_384_finish", \
|
||||
sha2_384.oneshot, "sha2_384_oneshot", \
|
||||
sha2_512.init, "sha2_512_init", \
|
||||
sha2_512.update, "sha2_512_update", \
|
||||
sha2_512.finish, "sha2_512_finish", \
|
||||
sha2_512.oneshot, "sha2_512_oneshot", \
|
||||
sha3_224.init, "sha3_224_init", \
|
||||
sha3_224.update, "sha3_224_update", \
|
||||
sha3_224.finish, "sha3_224_finish", \
|
||||
sha3_224.oneshot, "sha3_224_oneshot", \
|
||||
sha3_256.init, "sha3_256_init", \
|
||||
sha3_256.update, "sha3_256_update", \
|
||||
sha3_256.finish, "sha3_256_finish", \
|
||||
sha3_256.oneshot, "sha3_256_oneshot", \
|
||||
sha3_384.init, "sha3_384_init", \
|
||||
sha3_384.update, "sha3_384_update", \
|
||||
sha3_384.finish, "sha3_384_finish", \
|
||||
sha3_384.oneshot, "sha3_384_oneshot", \
|
||||
sha3_512.init, "sha3_512_init", \
|
||||
sha3_512.update, "sha3_512_update", \
|
||||
sha3_512.finish, "sha3_512_finish", \
|
||||
sha3_512.oneshot, "sha3_512_oneshot", \
|
||||
\
|
||||
poly1305.init, "poly1305_init", \
|
||||
poly1305.update, "poly1305_update", \
|
||||
poly1305.finish, "poly1305_finish", \
|
||||
poly1305.oneshot, "poly1305_oneshot", \
|
||||
hmac_sha2_256.init, "hmac_sha2_256_init", \
|
||||
hmac_sha2_256.update, "hmac_sha2_256_update", \
|
||||
hmac_sha2_256.finish, "hmac_sha2_256_finish", \
|
||||
hmac_sha2_256.oneshot, "hmac_sha2_256_oneshot", \
|
||||
hmac_sha2_512.init, "hmac_sha2_512_init", \
|
||||
hmac_sha2_512.update, "hmac_sha2_512_update", \
|
||||
hmac_sha2_512.finish, "hmac_sha2_512_finish", \
|
||||
hmac_sha2_512.oneshot, "hmac_sha2_512_oneshot", \
|
||||
\
|
||||
chacha20.init, "chacha20_init", \
|
||||
chacha20.update, "chacha20_update", \
|
||||
chacha20.finish, "chacha20_finish", \
|
||||
chacha20.oneshot, "chacha20_oneshot", \
|
||||
aes256ctr.init, "aes256ctr_init", \
|
||||
aes256ctr.update, "aes256ctr_update", \
|
||||
aes256ctr.finish, "aes256ctr_finish", \
|
||||
aes256ctr.oneshot, "aes256ctr_oneshot", \
|
||||
aes256cbc.init, "aes256cbc_init", \
|
||||
aes256cbc.update, "aes256cbc_update", \
|
||||
aes256cbc.finish, "aes256cbc_finish", \
|
||||
aes256cbc.oneshot, "aes256cbc_oneshot"
|
70
programs/develop/libraries/libcrash/libcrash.inc
Normal file
70
programs/develop/libraries/libcrash/libcrash.inc
Normal file
@ -0,0 +1,70 @@
|
||||
; libcrash -- cryptographic hash (and other) functions
|
||||
;
|
||||
; Copyright (C) <2012-2014,2016,2019,2021> Ivan Baravy
|
||||
;
|
||||
; SPDX-License-Identifier: GPL-2.0-or-later
|
||||
;
|
||||
; This program is free software: you can redistribute it and/or modify it under
|
||||
; the terms of the GNU General Public License as published by the Free Software
|
||||
; Foundation, either version 2 of the License, or (at your option) any later
|
||||
; version.
|
||||
;
|
||||
; This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
; ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
; FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
||||
;
|
||||
; You should have received a copy of the GNU General Public License along with
|
||||
; this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
LIBCRASH_ALIGN = 16 ; align your data for speed
|
||||
|
||||
; hash IDs
|
||||
LIBCRASH_CRC32 = 0
|
||||
LIBCRASH_MD5 = 1
|
||||
LIBCRASH_SHA1 = 2
|
||||
LIBCRASH_SHA2_224 = 3
|
||||
LIBCRASH_SHA2_256 = 4
|
||||
LIBCRASH_SHA2_384 = 5
|
||||
LIBCRASH_SHA2_512 = 6
|
||||
LIBCRASH_SHA3_224 = 7
|
||||
LIBCRASH_SHA3_256 = 8
|
||||
LIBCRASH_SHA3_384 = 9
|
||||
LIBCRASH_SHA3_512 = 10
|
||||
|
||||
; mac IDs
|
||||
LIBCRASH_POLY1305 = 0
|
||||
LIBCRASH_HMAC_SHA2_256 = 1
|
||||
LIBCRASH_HMAC_SHA2_512 = 2
|
||||
|
||||
; cipher IDs
|
||||
LIBCRASH_CHACHA20 = 0
|
||||
LIBCRASH_AES_256_CTR = 1
|
||||
LIBCRASH_AES_256_CBC = 2
|
||||
|
||||
; cipher flags for crash_crypt
|
||||
LIBCRASH_CIPHER_ENCRYPT = 0000b
|
||||
LIBCRASH_CIPHER_DECRYPT = 0001b
|
||||
LIBCRASH_CIPHER_PADDING = 0010b ; PKCS#5
|
||||
|
||||
; cipher output can be larger than input, e.g. for CBC mode with padding
|
||||
CBC128_MAX_PAD_LEN = 128/8
|
||||
LIBCRASH_MAX_PAD_LEN = CBC128_MAX_PAD_LEN
|
||||
|
||||
CRC32_LEN = 4
|
||||
MD5_LEN = 16
|
||||
SHA1_LEN = 20
|
||||
SHA2_224_LEN = 28
|
||||
SHA2_256_LEN = 32
|
||||
SHA2_384_LEN = 48
|
||||
SHA2_512_LEN = 64
|
||||
SHA3_224_LEN = 28
|
||||
SHA3_256_LEN = 32
|
||||
SHA3_384_LEN = 48
|
||||
SHA3_512_LEN = 64
|
||||
MAX_HASH_LEN = SHA3_512_LEN
|
||||
|
||||
POLY1305_LEN = 16
|
||||
HMAC_SHA2_256_LEN = SHA2_256_LEN
|
||||
HMAC_SHA2_512_LEN = SHA2_512_LEN
|
||||
|
||||
LIBCRASH_CTX_LEN = 0x500
|
161
programs/develop/libraries/libcrash/mac/hmac.asm
Normal file
161
programs/develop/libraries/libcrash/mac/hmac.asm
Normal file
@ -0,0 +1,161 @@
|
||||
; libcrash -- cryptographic hash (and other) functions
|
||||
;
|
||||
; Copyright (C) <2021> Ivan Baravy
|
||||
;
|
||||
; SPDX-License-Identifier: GPL-2.0-or-later
|
||||
;
|
||||
; This program is free software: you can redistribute it and/or modify it under
|
||||
; the terms of the GNU General Public License as published by the Free Software
|
||||
; Foundation, either version 2 of the License, or (at your option) any later
|
||||
; version.
|
||||
;
|
||||
; This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
; ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
; FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
||||
;
|
||||
; You should have received a copy of the GNU General Public License along with
|
||||
; this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
macro max target, [source] {
|
||||
common
|
||||
target = 0
|
||||
forward
|
||||
if target < source
|
||||
target = source
|
||||
end if
|
||||
}
|
||||
|
||||
max MAX_HMAC_HASH_CTX_SIZE, sizeof.ctx_sha2_224256, sizeof.ctx_sha2_384512
|
||||
max MAX_HMAC_HASH_BLOCK_SIZE, SHA2_224256_BLOCK_SIZE, SHA2_384512_BLOCK_SIZE
|
||||
max MAX_HMAC_HASH_LEN, SHA2_256_LEN, SHA2_512_LEN
|
||||
|
||||
struct ctx_hmac
|
||||
ctx_hash rb MAX_HMAC_HASH_CTX_SIZE
|
||||
key_pad rb MAX_HMAC_HASH_BLOCK_SIZE
|
||||
mac rd MAX_HMAC_HASH_LEN/4
|
||||
hash_init dd ?
|
||||
hash_update dd ?
|
||||
hash_finish dd ?
|
||||
hash_oneshot dd ?
|
||||
block_size dd ?
|
||||
hash_size dd ?
|
||||
ends
|
||||
|
||||
assert sizeof.ctx_hmac <= LIBCRASH_CTX_LEN
|
||||
|
||||
; ebx = _ctx
|
||||
proc hmac._.init uses ebx esi edi, _key, _key_len
|
||||
mov ecx, [_key_len]
|
||||
cmp ecx, [ebx+ctx_hmac.block_size]
|
||||
mov esi, [_key]
|
||||
jbe .pad
|
||||
; hash
|
||||
lea esi, [ebx+ctx_hmac.ctx_hash]
|
||||
stdcall [ebx+ctx_hmac.hash_oneshot], esi, [_key], [_key_len]
|
||||
mov ecx, [ebx+ctx_hmac.hash_size]
|
||||
.pad:
|
||||
lea edi, [ebx+ctx_hmac.key_pad]
|
||||
mov edx, [ebx+ctx_hmac.block_size]
|
||||
sub edx, ecx
|
||||
xor eax, eax
|
||||
rep movsb
|
||||
mov ecx, edx
|
||||
rep stosb
|
||||
|
||||
; xor with 0x36
|
||||
mov eax, 0x36363636
|
||||
lea edx, [ebx+ctx_hmac.key_pad]
|
||||
mov ecx, [ebx+ctx_hmac.block_size]
|
||||
shr ecx, 2
|
||||
@@:
|
||||
xor [edx], eax
|
||||
add edx, 4
|
||||
dec ecx
|
||||
jnz @b
|
||||
|
||||
lea esi, [ebx+ctx_hmac.ctx_hash]
|
||||
stdcall [ebx+ctx_hmac.hash_init], esi
|
||||
lea eax, [ebx+ctx_hmac.key_pad]
|
||||
stdcall [ebx+ctx_hmac.hash_update], esi, eax, [ebx+ctx_hmac.block_size]
|
||||
|
||||
; xor with 0x36 xor 0x5c
|
||||
mov eax, 0x36363636 XOR 0x5c5c5c5c
|
||||
lea edx, [ebx+ctx_hmac.key_pad]
|
||||
mov ecx, [ebx+ctx_hmac.block_size]
|
||||
shr ecx, 2
|
||||
@@:
|
||||
xor [edx], eax
|
||||
add edx, 4
|
||||
dec ecx
|
||||
jnz @b
|
||||
|
||||
ret
|
||||
endp
|
||||
|
||||
proc hmac_sha2_256.init uses ebx, _ctx, _key, _key_len
|
||||
mov ebx, [_ctx]
|
||||
mov [ebx+ctx_hmac.hash_init], sha2_256.init
|
||||
mov [ebx+ctx_hmac.hash_update], sha2_256.update
|
||||
mov [ebx+ctx_hmac.hash_finish], sha2_256.finish
|
||||
mov [ebx+ctx_hmac.hash_oneshot], sha2_256.oneshot
|
||||
mov [ebx+ctx_hmac.block_size], SHA2_256_BLOCK_SIZE
|
||||
mov [ebx+ctx_hmac.hash_size], SHA2_256_LEN
|
||||
stdcall hmac._.init, [_key], [_key_len]
|
||||
ret
|
||||
endp
|
||||
|
||||
proc hmac_sha2_512.init uses ebx, _ctx, _key, _key_len
|
||||
mov ebx, [_ctx]
|
||||
mov [ebx+ctx_hmac.hash_init], sha2_512.init
|
||||
mov [ebx+ctx_hmac.hash_update], sha2_512.update
|
||||
mov [ebx+ctx_hmac.hash_finish], sha2_512.finish
|
||||
mov [ebx+ctx_hmac.hash_oneshot], sha2_512.oneshot
|
||||
mov [ebx+ctx_hmac.block_size], SHA2_512_BLOCK_SIZE
|
||||
mov [ebx+ctx_hmac.hash_size], SHA2_512_LEN
|
||||
stdcall hmac._.init, [_key], [_key_len]
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
hmac_sha2_256.update = hmac._.update
|
||||
hmac_sha2_512.update = hmac._.update
|
||||
proc hmac._.update uses ebx esi edi, _ctx, _in, _len
|
||||
mov ebx, [_ctx]
|
||||
lea eax, [ebx+ctx_hmac.ctx_hash]
|
||||
stdcall [ebx+ctx_hmac.hash_update], eax, [_in], [_len]
|
||||
.quit:
|
||||
ret
|
||||
endp
|
||||
|
||||
hmac_sha2_256.finish = hmac._.finish
|
||||
hmac_sha2_512.finish = hmac._.finish
|
||||
proc hmac._.finish uses ebx esi edi, _ctx
|
||||
mov ebx, [_ctx]
|
||||
lea esi, [ebx+ctx_hmac.ctx_hash]
|
||||
stdcall [ebx+ctx_hmac.hash_finish], esi
|
||||
lea edi, [ebx+ctx_hmac.mac]
|
||||
mov ecx, [ebx+ctx_hmac.hash_size]
|
||||
rep movsb
|
||||
lea esi, [ebx+ctx_hmac.ctx_hash]
|
||||
stdcall [ebx+ctx_hmac.hash_init], esi
|
||||
lea eax, [ebx+ctx_hmac.key_pad]
|
||||
stdcall [ebx+ctx_hmac.hash_update], esi, eax, [ebx+ctx_hmac.block_size]
|
||||
lea eax, [ebx+ctx_hmac.mac]
|
||||
stdcall [ebx+ctx_hmac.hash_update], esi, eax, [ebx+ctx_hmac.hash_size]
|
||||
stdcall [ebx+ctx_hmac.hash_finish], esi
|
||||
ret
|
||||
endp
|
||||
|
||||
proc hmac_sha2_256.oneshot _ctx, _in, _len, _key, _key_len
|
||||
stdcall hmac_sha2_256.init, [_ctx], [_key], [_key_len]
|
||||
stdcall hmac_sha2_256.update, [_ctx], [_in], [_len]
|
||||
stdcall hmac_sha2_256.finish, [_ctx]
|
||||
ret
|
||||
endp
|
||||
|
||||
proc hmac_sha2_512.oneshot _ctx, _in, _len, _key, _key_len
|
||||
stdcall hmac_sha2_512.init, [_ctx], [_key], [_key_len]
|
||||
stdcall hmac_sha2_512.update, [_ctx], [_in], [_len]
|
||||
stdcall hmac_sha2_512.finish, [_ctx]
|
||||
ret
|
||||
endp
|
538
programs/develop/libraries/libcrash/mac/poly1305.asm
Normal file
538
programs/develop/libraries/libcrash/mac/poly1305.asm
Normal file
@ -0,0 +1,538 @@
|
||||
; libcrash -- cryptographic hash (and other) functions
|
||||
;
|
||||
; Copyright (C) <2021> Ivan Baravy
|
||||
;
|
||||
; SPDX-License-Identifier: GPL-2.0-or-later
|
||||
;
|
||||
; This program is free software: you can redistribute it and/or modify it under
|
||||
; the terms of the GNU General Public License as published by the Free Software
|
||||
; Foundation, either version 2 of the License, or (at your option) any later
|
||||
; version.
|
||||
;
|
||||
; This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
; ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
; FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
||||
;
|
||||
; You should have received a copy of the GNU General Public License along with
|
||||
; this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
; Based on rfc7539 and implementation of libressl
|
||||
|
||||
POLY1305_BLOCK_SIZE = 16
|
||||
|
||||
POLY1305_ALIGN = 16
|
||||
POLY1305_ALIGN_MASK = POLY1305_ALIGN-1
|
||||
|
||||
struct ctx_poly1305
|
||||
mac rd 5
|
||||
rd 3
|
||||
block rb POLY1305_BLOCK_SIZE
|
||||
rb POLY1305_ALIGN-(POLY1305_BLOCK_SIZE mod POLY1305_ALIGN)
|
||||
index dd ?
|
||||
block_size dd ?
|
||||
hibit dd ?
|
||||
rd 2 ; align
|
||||
; tmp vars
|
||||
r rd 5
|
||||
s rd 4
|
||||
d rd 5*2 ; 5 dq
|
||||
ends
|
||||
|
||||
assert sizeof.ctx_poly1305 <= LIBCRASH_CTX_LEN
|
||||
|
||||
proc poly1305.init uses ebx, _ctx, _key, _key_len
|
||||
mov ebx, [_ctx]
|
||||
mov [ebx+ctx_poly1305.block_size], POLY1305_BLOCK_SIZE
|
||||
mov [ebx+ctx_poly1305.hibit], 1 SHL 24
|
||||
; accumulator
|
||||
mov [ebx+ctx_poly1305.mac+0*4], 0
|
||||
mov [ebx+ctx_poly1305.mac+1*4], 0
|
||||
mov [ebx+ctx_poly1305.mac+2*4], 0
|
||||
mov [ebx+ctx_poly1305.mac+3*4], 0
|
||||
mov [ebx+ctx_poly1305.mac+4*4], 0
|
||||
; r &= 0xffffffc0ffffffc0ffffffc0fffffff
|
||||
mov ecx, [_key]
|
||||
mov eax, [ecx+0]
|
||||
and eax, 0x3ffffff
|
||||
mov [ebx+ctx_poly1305.r+0*4], eax
|
||||
mov eax, [ecx+3]
|
||||
shr eax, 2
|
||||
and eax, 0x3ffff03
|
||||
mov [ebx+ctx_poly1305.r+1*4], eax
|
||||
mov eax, [ecx+6]
|
||||
shr eax, 4
|
||||
and eax, 0x3ffc0ff
|
||||
mov [ebx+ctx_poly1305.r+2*4], eax
|
||||
mov eax, [ecx+9]
|
||||
shr eax, 6
|
||||
and eax, 0x3f03fff
|
||||
mov [ebx+ctx_poly1305.r+3*4], eax
|
||||
mov eax, [ecx+12]
|
||||
shr eax, 8
|
||||
and eax, 0xfffff
|
||||
mov [ebx+ctx_poly1305.r+4*4], eax
|
||||
; s
|
||||
mov eax, [ecx+4*4]
|
||||
mov [ebx+ctx_poly1305.s+0*4], eax
|
||||
mov eax, [ecx+5*4]
|
||||
mov [ebx+ctx_poly1305.s+1*4], eax
|
||||
mov eax, [ecx+6*4]
|
||||
mov [ebx+ctx_poly1305.s+2*4], eax
|
||||
mov eax, [ecx+7*4]
|
||||
mov [ebx+ctx_poly1305.s+3*4], eax
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
proc poly1305._.block _mac
|
||||
; mov ecx, [ebx+ctx_poly1305.rounds_cnt]
|
||||
mov edi, [_mac]
|
||||
; a += m[i]
|
||||
mov eax, [esi+0]
|
||||
and eax, 0x3ffffff
|
||||
add [ebx+ctx_poly1305.mac+0*4], eax
|
||||
mov eax, [esi+3]
|
||||
shr eax, 2
|
||||
and eax, 0x3ffffff
|
||||
add [ebx+ctx_poly1305.mac+1*4], eax
|
||||
mov eax, [esi+6]
|
||||
shr eax, 4
|
||||
and eax, 0x3ffffff
|
||||
add [ebx+ctx_poly1305.mac+2*4], eax
|
||||
mov eax, [esi+9]
|
||||
shr eax, 6
|
||||
and eax, 0x3ffffff
|
||||
add [ebx+ctx_poly1305.mac+3*4], eax
|
||||
mov eax, [esi+12]
|
||||
shr eax, 8
|
||||
or eax, [ebx+ctx_poly1305.hibit]
|
||||
add [ebx+ctx_poly1305.mac+4*4], eax
|
||||
|
||||
; a *= r
|
||||
; d0
|
||||
; r0*a0
|
||||
mov eax, [ebx+ctx_poly1305.r+0*4]
|
||||
mul [ebx+ctx_poly1305.mac+0*4]
|
||||
mov ecx, eax
|
||||
mov edi, edx
|
||||
; s4*a1
|
||||
mov eax, [ebx+ctx_poly1305.r+4*4]
|
||||
lea eax, [eax*5]
|
||||
mul [ebx+ctx_poly1305.mac+1*4]
|
||||
add ecx, eax
|
||||
adc edi, edx
|
||||
; s3*a2
|
||||
mov eax, [ebx+ctx_poly1305.r+3*4]
|
||||
lea eax, [eax*5]
|
||||
mul [ebx+ctx_poly1305.mac+2*4]
|
||||
add ecx, eax
|
||||
adc edi, edx
|
||||
; s2*a3
|
||||
mov eax, [ebx+ctx_poly1305.r+2*4]
|
||||
lea eax, [eax*5]
|
||||
mul [ebx+ctx_poly1305.mac+3*4]
|
||||
add ecx, eax
|
||||
adc edi, edx
|
||||
; s1*a4
|
||||
mov eax, [ebx+ctx_poly1305.r+1*4]
|
||||
lea eax, [eax*5]
|
||||
mul [ebx+ctx_poly1305.mac+4*4]
|
||||
add ecx, eax
|
||||
adc edi, edx
|
||||
mov [ebx+ctx_poly1305.d+0*8+0], ecx
|
||||
mov [ebx+ctx_poly1305.d+0*8+4], edi
|
||||
; d1
|
||||
; r1*a0
|
||||
mov eax, [ebx+ctx_poly1305.r+1*4]
|
||||
mul [ebx+ctx_poly1305.mac+0*4]
|
||||
mov ecx, eax
|
||||
mov edi, edx
|
||||
; r0*a1
|
||||
mov eax, [ebx+ctx_poly1305.r+0*4]
|
||||
mul [ebx+ctx_poly1305.mac+1*4]
|
||||
add ecx, eax
|
||||
adc edi, edx
|
||||
; s4*a2
|
||||
mov eax, [ebx+ctx_poly1305.r+4*4]
|
||||
lea eax, [eax*5]
|
||||
mul [ebx+ctx_poly1305.mac+2*4]
|
||||
add ecx, eax
|
||||
adc edi, edx
|
||||
; s3*a3
|
||||
mov eax, [ebx+ctx_poly1305.r+3*4]
|
||||
lea eax, [eax*5]
|
||||
mul [ebx+ctx_poly1305.mac+3*4]
|
||||
add ecx, eax
|
||||
adc edi, edx
|
||||
; s2*a4
|
||||
mov eax, [ebx+ctx_poly1305.r+2*4]
|
||||
lea eax, [eax*5]
|
||||
mul [ebx+ctx_poly1305.mac+4*4]
|
||||
add ecx, eax
|
||||
adc edi, edx
|
||||
mov [ebx+ctx_poly1305.d+1*8+0], ecx
|
||||
mov [ebx+ctx_poly1305.d+1*8+4], edi
|
||||
; d2
|
||||
; r2*a0
|
||||
mov eax, [ebx+ctx_poly1305.r+2*4]
|
||||
mul [ebx+ctx_poly1305.mac+0*4]
|
||||
mov ecx, eax
|
||||
mov edi, edx
|
||||
; r1*a1
|
||||
mov eax, [ebx+ctx_poly1305.r+1*4]
|
||||
mul [ebx+ctx_poly1305.mac+1*4]
|
||||
add ecx, eax
|
||||
adc edi, edx
|
||||
; r0*a2
|
||||
mov eax, [ebx+ctx_poly1305.r+0*4]
|
||||
mul [ebx+ctx_poly1305.mac+2*4]
|
||||
add ecx, eax
|
||||
adc edi, edx
|
||||
; s4*a3
|
||||
mov eax, [ebx+ctx_poly1305.r+4*4]
|
||||
lea eax, [eax*5]
|
||||
mul [ebx+ctx_poly1305.mac+3*4]
|
||||
add ecx, eax
|
||||
adc edi, edx
|
||||
; s3*a4
|
||||
mov eax, [ebx+ctx_poly1305.r+3*4]
|
||||
lea eax, [eax*5]
|
||||
mul [ebx+ctx_poly1305.mac+4*4]
|
||||
add ecx, eax
|
||||
adc edi, edx
|
||||
mov [ebx+ctx_poly1305.d+2*8+0], ecx
|
||||
mov [ebx+ctx_poly1305.d+2*8+4], edi
|
||||
; d3
|
||||
; r3*a0
|
||||
mov eax, [ebx+ctx_poly1305.r+3*4]
|
||||
mul [ebx+ctx_poly1305.mac+0*4]
|
||||
mov ecx, eax
|
||||
mov edi, edx
|
||||
; r2*a1
|
||||
mov eax, [ebx+ctx_poly1305.r+2*4]
|
||||
mul [ebx+ctx_poly1305.mac+1*4]
|
||||
add ecx, eax
|
||||
adc edi, edx
|
||||
; r1*a2
|
||||
mov eax, [ebx+ctx_poly1305.r+1*4]
|
||||
mul [ebx+ctx_poly1305.mac+2*4]
|
||||
add ecx, eax
|
||||
adc edi, edx
|
||||
; r0*a3
|
||||
mov eax, [ebx+ctx_poly1305.r+0*4]
|
||||
mul [ebx+ctx_poly1305.mac+3*4]
|
||||
add ecx, eax
|
||||
adc edi, edx
|
||||
; s4*a4
|
||||
mov eax, [ebx+ctx_poly1305.r+4*4]
|
||||
lea eax, [eax*5]
|
||||
mul [ebx+ctx_poly1305.mac+4*4]
|
||||
add ecx, eax
|
||||
adc edi, edx
|
||||
mov [ebx+ctx_poly1305.d+3*8+0], ecx
|
||||
mov [ebx+ctx_poly1305.d+3*8+4], edi
|
||||
; d4
|
||||
; r4*a0
|
||||
mov eax, [ebx+ctx_poly1305.r+4*4]
|
||||
mul [ebx+ctx_poly1305.mac+0*4]
|
||||
mov ecx, eax
|
||||
mov edi, edx
|
||||
; r3*a1
|
||||
mov eax, [ebx+ctx_poly1305.r+3*4]
|
||||
mul [ebx+ctx_poly1305.mac+1*4]
|
||||
add ecx, eax
|
||||
adc edi, edx
|
||||
; r2*a2
|
||||
mov eax, [ebx+ctx_poly1305.r+2*4]
|
||||
mul [ebx+ctx_poly1305.mac+2*4]
|
||||
add ecx, eax
|
||||
adc edi, edx
|
||||
; r1*a3
|
||||
mov eax, [ebx+ctx_poly1305.r+1*4]
|
||||
mul [ebx+ctx_poly1305.mac+3*4]
|
||||
add ecx, eax
|
||||
adc edi, edx
|
||||
; r0*a4
|
||||
mov eax, [ebx+ctx_poly1305.r+0*4]
|
||||
mul [ebx+ctx_poly1305.mac+4*4]
|
||||
add ecx, eax
|
||||
adc edi, edx
|
||||
mov [ebx+ctx_poly1305.d+4*8+0], ecx
|
||||
mov [ebx+ctx_poly1305.d+4*8+4], edi
|
||||
|
||||
; (partial) a %= p
|
||||
mov eax, [ebx+ctx_poly1305.d+0*8+0]
|
||||
mov edx, [ebx+ctx_poly1305.d+0*8+4]
|
||||
; d0
|
||||
mov ecx, edx
|
||||
shld ecx, eax, 6
|
||||
and eax, 0x3ffffff
|
||||
mov [ebx+ctx_poly1305.mac+0*4], eax
|
||||
mov eax, [ebx+ctx_poly1305.d+1*8+0]
|
||||
mov edx, [ebx+ctx_poly1305.d+1*8+4]
|
||||
add eax, ecx
|
||||
adc edx, 0
|
||||
; d1
|
||||
mov ecx, edx
|
||||
shld ecx, eax, 6
|
||||
and eax, 0x3ffffff
|
||||
mov [ebx+ctx_poly1305.mac+1*4], eax
|
||||
mov eax, [ebx+ctx_poly1305.d+2*8+0]
|
||||
mov edx, [ebx+ctx_poly1305.d+2*8+4]
|
||||
add eax, ecx
|
||||
adc edx, 0
|
||||
; d2
|
||||
mov ecx, edx
|
||||
shld ecx, eax, 6
|
||||
and eax, 0x3ffffff
|
||||
mov [ebx+ctx_poly1305.mac+2*4], eax
|
||||
mov eax, [ebx+ctx_poly1305.d+3*8+0]
|
||||
mov edx, [ebx+ctx_poly1305.d+3*8+4]
|
||||
add eax, ecx
|
||||
adc edx, 0
|
||||
; d3
|
||||
mov ecx, edx
|
||||
shld ecx, eax, 6
|
||||
and eax, 0x3ffffff
|
||||
mov [ebx+ctx_poly1305.mac+3*4], eax
|
||||
mov eax, [ebx+ctx_poly1305.d+4*8+0]
|
||||
mov edx, [ebx+ctx_poly1305.d+4*8+4]
|
||||
add eax, ecx
|
||||
adc edx, 0
|
||||
; d4
|
||||
mov ecx, edx
|
||||
shld ecx, eax, 6
|
||||
and eax, 0x3ffffff
|
||||
mov [ebx+ctx_poly1305.mac+4*4], eax
|
||||
lea ecx, [ecx*5]
|
||||
add ecx, [ebx+ctx_poly1305.mac+0*4]
|
||||
mov eax, ecx
|
||||
shr ecx, 26
|
||||
and eax, 0x3ffffff
|
||||
mov [ebx+ctx_poly1305.mac+0*4], eax
|
||||
add [ebx+ctx_poly1305.mac+1*4], ecx
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
|
||||
proc poly1305.update uses ebx esi edi, _ctx, _msg, _size
|
||||
.next_block:
|
||||
mov ebx, [_ctx]
|
||||
mov esi, [_msg]
|
||||
mov eax, [ebx+ctx_poly1305.index]
|
||||
test eax, eax
|
||||
jnz .copy_to_buf
|
||||
test esi, POLY1305_ALIGN_MASK
|
||||
jnz .copy_to_buf
|
||||
.no_copy:
|
||||
; data is aligned, process it in place without copying
|
||||
mov ebx, [_ctx]
|
||||
mov eax, [ebx+ctx_poly1305.block_size]
|
||||
cmp [_size], eax
|
||||
jb .copy_quit
|
||||
lea eax, [ebx+ctx_poly1305.mac]
|
||||
push ebx esi
|
||||
stdcall poly1305._.block, eax
|
||||
pop esi ebx
|
||||
mov eax, [ebx+ctx_poly1305.block_size]
|
||||
sub [_size], eax
|
||||
add esi, [ebx+ctx_poly1305.block_size]
|
||||
jmp .no_copy
|
||||
|
||||
.copy_to_buf:
|
||||
lea edi, [ebx+ctx_poly1305.block]
|
||||
add edi, eax
|
||||
mov ecx, [ebx+ctx_poly1305.block_size]
|
||||
sub ecx, eax
|
||||
cmp [_size], ecx
|
||||
jb .copy_quit
|
||||
sub [_size], ecx
|
||||
add [_msg], ecx
|
||||
add [ebx+ctx_poly1305.index], ecx
|
||||
mov eax, [ebx+ctx_poly1305.block_size]
|
||||
cmp [ebx+ctx_poly1305.index], eax
|
||||
jb @f
|
||||
sub [ebx+ctx_poly1305.index], eax
|
||||
@@:
|
||||
rep movsb
|
||||
lea eax, [ebx+ctx_poly1305.mac]
|
||||
lea esi, [ebx+ctx_poly1305.block]
|
||||
stdcall poly1305._.block, eax
|
||||
jmp .next_block
|
||||
|
||||
.copy_quit:
|
||||
mov ebx, [_ctx]
|
||||
lea edi, [ebx+ctx_poly1305.block]
|
||||
mov eax, [ebx+ctx_poly1305.index]
|
||||
add edi, eax
|
||||
mov ecx, [_size]
|
||||
add [ebx+ctx_poly1305.index], ecx
|
||||
rep movsb
|
||||
.quit:
|
||||
ret
|
||||
endp
|
||||
|
||||
proc poly1305.finish uses ebx esi edi, _ctx
|
||||
mov ebx, [_ctx]
|
||||
mov eax, [ebx+ctx_poly1305.index]
|
||||
test eax, eax
|
||||
jz .skip
|
||||
mov ecx, [ebx+ctx_poly1305.block_size]
|
||||
sub ecx, eax
|
||||
lea edi, [ebx+ctx_poly1305.block]
|
||||
add edi, eax
|
||||
mov byte[edi], 0x01
|
||||
inc edi
|
||||
dec ecx
|
||||
xor eax, eax
|
||||
rep stosb
|
||||
|
||||
mov ebx, [_ctx]
|
||||
mov [ebx+ctx_poly1305.hibit], 0
|
||||
lea esi, [ebx+ctx_poly1305.block]
|
||||
lea eax, [ebx+ctx_poly1305.mac]
|
||||
stdcall poly1305._.block, eax
|
||||
.skip:
|
||||
mov ebx, [_ctx]
|
||||
lea eax, [ebx+ctx_poly1305.mac]
|
||||
stdcall poly1305._.postprocess, ebx, eax
|
||||
|
||||
; fully carry a
|
||||
mov ecx, [ebx+ctx_poly1305.mac+1*4]
|
||||
shr ecx, 26
|
||||
and [ebx+ctx_poly1305.mac+1*4], 0x3ffffff
|
||||
add ecx, [ebx+ctx_poly1305.mac+2*4]
|
||||
mov eax, ecx
|
||||
and eax, 0x3ffffff
|
||||
shr ecx, 26
|
||||
mov [ebx+ctx_poly1305.mac+2*4], eax
|
||||
add ecx, [ebx+ctx_poly1305.mac+3*4]
|
||||
mov eax, ecx
|
||||
and eax, 0x3ffffff
|
||||
shr ecx, 26
|
||||
mov [ebx+ctx_poly1305.mac+3*4], eax
|
||||
add ecx, [ebx+ctx_poly1305.mac+4*4]
|
||||
mov eax, ecx
|
||||
and eax, 0x3ffffff
|
||||
shr ecx, 26
|
||||
mov [ebx+ctx_poly1305.mac+4*4], eax
|
||||
lea ecx, [ecx*5]
|
||||
add ecx, [ebx+ctx_poly1305.mac+0*4]
|
||||
mov eax, ecx
|
||||
and eax, 0x3ffffff
|
||||
shr ecx, 26
|
||||
mov [ebx+ctx_poly1305.mac+0*4], eax
|
||||
add [ebx+ctx_poly1305.mac+1*4], ecx
|
||||
|
||||
; compute a + -p
|
||||
mov ecx, [ebx+ctx_poly1305.mac+0*4]
|
||||
add ecx, 5
|
||||
mov eax, ecx
|
||||
and eax, 0x3ffffff
|
||||
shr ecx, 26
|
||||
mov [ebx+ctx_poly1305.r+0*4], eax
|
||||
add ecx, [ebx+ctx_poly1305.mac+1*4]
|
||||
mov eax, ecx
|
||||
and eax, 0x3ffffff
|
||||
shr ecx, 26
|
||||
mov [ebx+ctx_poly1305.r+1*4], eax
|
||||
add ecx, [ebx+ctx_poly1305.mac+2*4]
|
||||
mov eax, ecx
|
||||
and eax, 0x3ffffff
|
||||
shr ecx, 26
|
||||
mov [ebx+ctx_poly1305.r+2*4], eax
|
||||
add ecx, [ebx+ctx_poly1305.mac+3*4]
|
||||
mov eax, ecx
|
||||
and eax, 0x3ffffff
|
||||
shr ecx, 26
|
||||
mov [ebx+ctx_poly1305.r+3*4], eax
|
||||
add ecx, [ebx+ctx_poly1305.mac+4*4]
|
||||
sub ecx, 1 SHL 26
|
||||
mov [ebx+ctx_poly1305.r+4*4], ecx
|
||||
|
||||
; select a if a < p, or a + -p if a >= p
|
||||
shr ecx, 31
|
||||
dec ecx
|
||||
and [ebx+ctx_poly1305.r+0*4], ecx
|
||||
and [ebx+ctx_poly1305.r+1*4], ecx
|
||||
and [ebx+ctx_poly1305.r+2*4], ecx
|
||||
and [ebx+ctx_poly1305.r+3*4], ecx
|
||||
and [ebx+ctx_poly1305.r+4*4], ecx
|
||||
not ecx
|
||||
mov eax, [ebx+ctx_poly1305.r+0*4]
|
||||
and [ebx+ctx_poly1305.mac+0*4], ecx
|
||||
or [ebx+ctx_poly1305.mac+0*4], eax
|
||||
mov eax, [ebx+ctx_poly1305.r+1*4]
|
||||
and [ebx+ctx_poly1305.mac+1*4], ecx
|
||||
or [ebx+ctx_poly1305.mac+1*4], eax
|
||||
mov eax, [ebx+ctx_poly1305.r+2*4]
|
||||
and [ebx+ctx_poly1305.mac+2*4], ecx
|
||||
or [ebx+ctx_poly1305.mac+2*4], eax
|
||||
mov eax, [ebx+ctx_poly1305.r+3*4]
|
||||
and [ebx+ctx_poly1305.mac+3*4], ecx
|
||||
or [ebx+ctx_poly1305.mac+3*4], eax
|
||||
mov eax, [ebx+ctx_poly1305.r+4*4]
|
||||
and [ebx+ctx_poly1305.mac+4*4], ecx
|
||||
or [ebx+ctx_poly1305.mac+4*4], eax
|
||||
|
||||
; a = a % (2^128)
|
||||
; a0
|
||||
mov eax, [ebx+ctx_poly1305.mac+0*4]
|
||||
mov ecx, [ebx+ctx_poly1305.mac+1*4]
|
||||
shl ecx, 26
|
||||
or eax, ecx
|
||||
mov [ebx+ctx_poly1305.mac+0*4], eax
|
||||
; a1
|
||||
mov eax, [ebx+ctx_poly1305.mac+1*4]
|
||||
shr eax, 6
|
||||
mov ecx, [ebx+ctx_poly1305.mac+2*4]
|
||||
shl ecx, 20
|
||||
or eax, ecx
|
||||
mov [ebx+ctx_poly1305.mac+1*4], eax
|
||||
; a2
|
||||
mov eax, [ebx+ctx_poly1305.mac+2*4]
|
||||
shr eax, 12
|
||||
mov ecx, [ebx+ctx_poly1305.mac+3*4]
|
||||
shl ecx, 14
|
||||
or eax, ecx
|
||||
mov [ebx+ctx_poly1305.mac+2*4], eax
|
||||
; a3
|
||||
mov eax, [ebx+ctx_poly1305.mac+3*4]
|
||||
shr eax, 18
|
||||
mov ecx, [ebx+ctx_poly1305.mac+4*4]
|
||||
shl ecx, 8
|
||||
or eax, ecx
|
||||
mov [ebx+ctx_poly1305.mac+3*4], eax
|
||||
|
||||
; mac = (a + pad) % (2^128)
|
||||
xor edx, edx
|
||||
; a0
|
||||
mov eax, [ebx+ctx_poly1305.mac+0*4]
|
||||
add eax, [ebx+ctx_poly1305.s+0*4]
|
||||
mov [ebx+ctx_poly1305.mac+0*4], eax
|
||||
; a1
|
||||
mov eax, [ebx+ctx_poly1305.mac+1*4]
|
||||
adc eax, [ebx+ctx_poly1305.s+1*4]
|
||||
mov [ebx+ctx_poly1305.mac+1*4], eax
|
||||
; a2
|
||||
mov eax, [ebx+ctx_poly1305.mac+2*4]
|
||||
adc eax, [ebx+ctx_poly1305.s+2*4]
|
||||
mov [ebx+ctx_poly1305.mac+2*4], eax
|
||||
; a3
|
||||
mov eax, [ebx+ctx_poly1305.mac+3*4]
|
||||
adc eax, [ebx+ctx_poly1305.s+3*4]
|
||||
mov [ebx+ctx_poly1305.mac+3*4], eax
|
||||
ret
|
||||
endp
|
||||
|
||||
proc poly1305._.postprocess _ctx, _mac
|
||||
ret
|
||||
endp
|
||||
|
||||
proc poly1305.oneshot _ctx, _in, _len, _key, _key_len
|
||||
stdcall poly1305.init, [_ctx], [_key], [_key_len]
|
||||
stdcall poly1305.update, [_ctx], [_in], [_len]
|
||||
stdcall poly1305.finish, [_ctx]
|
||||
ret
|
||||
endp
|
@ -1,153 +0,0 @@
|
||||
use32
|
||||
org 0x0
|
||||
db 'MENUET01'
|
||||
dd 0x01,start,i_end,e_end,e_end,0,this_file_name
|
||||
|
||||
include '../../../../proc32.inc'
|
||||
include '../../../../macros.inc'
|
||||
include '../../../../dll.inc'
|
||||
;include '../../../../debug.inc'
|
||||
include 'libcrash.inc'
|
||||
|
||||
BUFFER_SIZE = 4096
|
||||
|
||||
|
||||
start:
|
||||
pushfd
|
||||
pop eax
|
||||
or eax, 1 SHL 18 ; Alignment Check flag
|
||||
push eax
|
||||
popfd
|
||||
|
||||
mcall 68, 11
|
||||
|
||||
stdcall dll.Load, @IMPORT
|
||||
or eax, eax
|
||||
jnz quit
|
||||
|
||||
still:
|
||||
mcall 10
|
||||
dec eax
|
||||
jz redraw
|
||||
dec eax
|
||||
jz key
|
||||
|
||||
button:
|
||||
mcall 17
|
||||
shr eax, 8
|
||||
|
||||
cmp eax, 1
|
||||
je quit
|
||||
|
||||
redraw:
|
||||
mcall 12, 1
|
||||
mcall 0, <0,900>, <0,160>, 0x34000000, 0x80000000, window_title
|
||||
|
||||
|
||||
mcall 4, < 0, 0>, 0xc0ffffff, message, , 0
|
||||
|
||||
mov [hid], 0
|
||||
mov [text_pos_y], 10
|
||||
mov [hash_name], hash_strings
|
||||
.next_hash:
|
||||
mov dword[f70_buf + 4], 0
|
||||
mov dword[msglen], 0
|
||||
mov edi, hex
|
||||
xor eax, eax
|
||||
mov ecx, 1024/4
|
||||
rep stosd
|
||||
invoke crash.hash, [hid], data_buffer, update_data_buffer, ctx
|
||||
invoke crash.bin2hex, ctx, hex, [hid]
|
||||
mov ebx, [text_pos_y]
|
||||
mcall 4, , 0xc0ffffff, [hash_name], , 0
|
||||
mov ebx, [text_pos_y]
|
||||
add ebx, 66 SHL 16
|
||||
mcall 4, , 0x40ffffff, hex, 128, 0
|
||||
add [text_pos_y], 10
|
||||
add [hash_name], 12 ; lenght of hash_strings item
|
||||
inc [hid]
|
||||
cmp [hid], LIBCRASH_SHA3_512
|
||||
jng .next_hash
|
||||
|
||||
mcall 12, 2
|
||||
jmp still
|
||||
|
||||
key:
|
||||
mcall 2
|
||||
jmp still
|
||||
|
||||
|
||||
quit:
|
||||
mcall -1
|
||||
|
||||
|
||||
proc update_data_buffer _left
|
||||
mov eax, data_buffer
|
||||
add eax, [_left]
|
||||
mov dword[f70_buf + 16], eax
|
||||
mov eax, BUFFER_SIZE
|
||||
sub eax, [_left]
|
||||
mov dword[f70_buf + 12], eax
|
||||
mcall 70, f70_buf
|
||||
mov eax, ebx
|
||||
cmp eax, -1
|
||||
jne @f
|
||||
inc eax
|
||||
@@:
|
||||
add dword[f70_buf + 4], eax
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
szZ window_title , 'libcrash example'
|
||||
szZ message , 'hash sums of this file'
|
||||
|
||||
hash_strings:
|
||||
db 'crc32 : ',0
|
||||
db 'md4 : ',0
|
||||
db 'md5 : ',0
|
||||
db 'sha1 : ',0
|
||||
db 'sha224 : ',0
|
||||
db 'sha256 : ',0
|
||||
db 'sha384 : ',0
|
||||
db 'sha512 : ',0
|
||||
db 'sha3-224 : ',0
|
||||
db 'sha3-256 : ',0
|
||||
db 'sha3-384 : ',0
|
||||
db 'sha3-512 : ',0
|
||||
|
||||
f70_buf:
|
||||
funcnum dd 0
|
||||
src dd 0
|
||||
res1 dd 0
|
||||
count dd BUFFER_SIZE
|
||||
dst dd data_buffer
|
||||
res2 db 0
|
||||
fname dd this_file_name
|
||||
|
||||
|
||||
align 4
|
||||
@IMPORT:
|
||||
|
||||
library \
|
||||
libcrash, 'libcrash.obj'
|
||||
|
||||
import libcrash , \
|
||||
libcrash.init , 'lib_init' , \
|
||||
crash.hash , 'crash_hash' , \
|
||||
crash.bin2hex , 'crash_bin2hex'
|
||||
|
||||
i_end:
|
||||
hash_name rd 1
|
||||
text_pos_y rd 1
|
||||
hash rd 50
|
||||
hid rd 1 ; hash id
|
||||
msglen rd 1
|
||||
hex rb 1024
|
||||
data_buffer rb BUFFER_SIZE
|
||||
this_file_name rb 4096
|
||||
rb 0x800 ;stack
|
||||
align 16 ; should be enough
|
||||
ctx rb 0x1000
|
||||
e_end:
|
||||
|
@ -1,178 +0,0 @@
|
||||
; libcrash -- cryptographic hash functions
|
||||
;
|
||||
; Copyright (C) 2012-2014,2016 Ivan Baravy (dunkaist)
|
||||
;
|
||||
; This program is free software: you can redistribute it and/or modify
|
||||
; it under the terms of the GNU General Public License as published by
|
||||
; the Free Software Foundation, either version 3 of the License, or
|
||||
; (at your option) any later version.
|
||||
;
|
||||
; This program is distributed in the hope that it will be useful,
|
||||
; but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
; GNU General Public License for more details.
|
||||
;
|
||||
; You should have received a copy of the GNU General Public License
|
||||
; along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
format MS COFF
|
||||
|
||||
public @EXPORT as 'EXPORTS'
|
||||
|
||||
include '../../../../struct.inc'
|
||||
include '../../../../proc32.inc'
|
||||
include '../../../../macros.inc'
|
||||
include '../../../../config.inc'
|
||||
include '../../../../kglobals.inc'
|
||||
|
||||
purge section,mov,add,sub
|
||||
section '.flat' code readable align 16
|
||||
|
||||
include 'libcrash.inc'
|
||||
include 'crc32.asm'
|
||||
include 'md4.asm'
|
||||
include 'md5.asm'
|
||||
include 'sha1.asm'
|
||||
include 'sha224_256.asm'
|
||||
include 'sha384_512.asm'
|
||||
include 'sha3.asm'
|
||||
|
||||
|
||||
proc lib_init
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
proc crash.hash _hid, _data, _callback, _ctx
|
||||
locals
|
||||
size dd ?
|
||||
endl
|
||||
mov [size], 0
|
||||
mov eax, [_hid]
|
||||
imul eax, sizeof.crash_item
|
||||
lea edx, [crash._.table + eax]
|
||||
mov ebx, [_ctx]
|
||||
|
||||
stdcall [edx + crash_item.init], [_ctx]
|
||||
|
||||
.hash:
|
||||
mov esi, [_data]
|
||||
push edx
|
||||
stdcall [edx + crash_item.update], [_ctx], [_data], [size]
|
||||
mov [size], 0
|
||||
pop edx
|
||||
|
||||
mov eax, [_callback]
|
||||
test eax, eax
|
||||
jz .quit
|
||||
push edx
|
||||
stdcall [_callback], [size]
|
||||
pop edx
|
||||
mov [size], eax
|
||||
test eax, eax
|
||||
jnz .hash
|
||||
|
||||
stdcall [edx + crash_item.final], [_ctx]
|
||||
.quit:
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
proc crash.bin2hex _bin, _hex, _hid
|
||||
mov eax, [_hid]
|
||||
imul eax, sizeof.crash_item
|
||||
mov ecx, [crash._.table + eax + crash_item.len_out]
|
||||
mov ebx, crash._.bin2hex_table
|
||||
mov esi, [_bin]
|
||||
mov edi, [_hex]
|
||||
.next_byte:
|
||||
xor eax, eax
|
||||
lodsb
|
||||
shl eax, 4
|
||||
shr al, 4
|
||||
xlatb
|
||||
xchg al, ah
|
||||
xlatb
|
||||
stosw
|
||||
dec ecx
|
||||
jnz .next_byte
|
||||
xor al, al
|
||||
stosb
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
section '.data' data readable align 16
|
||||
crash._.bin2hex_table db '0123456789abcdef'
|
||||
|
||||
crash._.table dd \
|
||||
crc32.init, crc32.update, crc32.final, crc32.oneshot, CRC32_HASH_SIZE, \
|
||||
md4.init, md4.update, md4.final, md4.oneshot, MD4_HASH_SIZE, \
|
||||
md5.init, md5.update, md5.final, md5.oneshot, MD5_HASH_SIZE, \
|
||||
sha1.init, sha1.update, sha1.final, sha1.oneshot, SHA1_HASH_SIZE, \
|
||||
sha224.init, sha224.update, sha224.final, sha224.oneshot, SHA224_HASH_SIZE, \
|
||||
sha256.init, sha256.update, sha256.final, sha256.oneshot, SHA256_HASH_SIZE, \
|
||||
sha384.init, sha384.update, sha384.final, sha384.oneshot, SHA384_HASH_SIZE, \
|
||||
sha512.init, sha512.update, sha512.final, sha512.oneshot, SHA512_HASH_SIZE, \
|
||||
sha3_224.init, sha3_224.update, sha3_224.final, sha3_224.oneshot, SHA3_224_HASH_SIZE,\
|
||||
sha3_256.init, sha3_256.update, sha3_256.final, sha3_256.oneshot, SHA3_256_HASH_SIZE,\
|
||||
sha3_384.init, sha3_384.update, sha3_384.final, sha3_384.oneshot, SHA3_384_HASH_SIZE,\
|
||||
sha3_512.init, sha3_512.update, sha3_512.final, sha3_512.oneshot, SHA3_512_HASH_SIZE
|
||||
|
||||
IncludeIGlobals
|
||||
|
||||
align 4
|
||||
@EXPORT:
|
||||
|
||||
export \
|
||||
lib_init, 'lib_init' , \
|
||||
crash.hash, 'crash_hash' , \
|
||||
crash.bin2hex, 'crash_bin2hex' , \
|
||||
crc32.init, 'crc32_init' , \
|
||||
crc32.update, 'crc32_update' , \
|
||||
crc32.final, 'crc32_final' , \
|
||||
crc32.oneshot, 'crc32_oneshot' , \
|
||||
md4.init, 'md4_init' , \
|
||||
md4.update, 'md4_update' , \
|
||||
md4.final, 'md4_final' , \
|
||||
md4.oneshot, 'md4_oneshot' , \
|
||||
md5.init, 'md5_init' , \
|
||||
md5.update, 'md5_update' , \
|
||||
md5.final, 'md5_final' , \
|
||||
md5.oneshot, 'md5_oneshot' , \
|
||||
sha1.init, 'sha1_init' , \
|
||||
sha1.update, 'sha1_update' , \
|
||||
sha1.final, 'sha1_final' , \
|
||||
sha1.oneshot, 'sha1_oneshot' , \
|
||||
sha224.init, 'sha224_init' , \
|
||||
sha224.update, 'sha224_update' , \
|
||||
sha224.final, 'sha224_final' , \
|
||||
sha224.oneshot, 'sha224_oneshot' , \
|
||||
sha256.init, 'sha256_init' , \
|
||||
sha256.update, 'sha256_update' , \
|
||||
sha256.final, 'sha256_final' , \
|
||||
sha256.oneshot, 'sha256_oneshot' , \
|
||||
sha384.init, 'sha384_init' , \
|
||||
sha384.update, 'sha384_update' , \
|
||||
sha384.final, 'sha384_final' , \
|
||||
sha384.oneshot, 'sha384_oneshot' , \
|
||||
sha512.init, 'sha512_init' , \
|
||||
sha512.update, 'sha512_update' , \
|
||||
sha512.final, 'sha512_final' , \
|
||||
sha512.oneshot, 'sha512_oneshot' , \
|
||||
sha3_224.init, 'sha3_224_init' , \
|
||||
sha3_224.update, 'sha3_224_update' , \
|
||||
sha3_224.final, 'sha3_224_final' , \
|
||||
sha3_224.oneshot, 'sha3_224_oneshot' , \
|
||||
sha3_256.init, 'sha3_256_init' , \
|
||||
sha3_256.update, 'sha3_256_update' , \
|
||||
sha3_256.final, 'sha3_256_final' , \
|
||||
sha3_256.oneshot, 'sha3_256_oneshot' , \
|
||||
sha3_384.init, 'sha3_384_init' , \
|
||||
sha3_384.update, 'sha3_384_update' , \
|
||||
sha3_384.final, 'sha3_384_final' , \
|
||||
sha3_384.oneshot, 'sha3_384_oneshot' , \
|
||||
sha3_512.init, 'sha3_512_init' , \
|
||||
sha3_512.update, 'sha3_512_update' , \
|
||||
sha3_512.final, 'sha3_512_final' , \
|
||||
sha3_512.oneshot, 'sha3_512_oneshot'
|
@ -1,81 +0,0 @@
|
||||
; libcrash -- cryptographic hash functions
|
||||
;
|
||||
; Copyright (C) 2012-2014,2016,2019 Ivan Baravy (dunkaist)
|
||||
;
|
||||
; This program is free software: you can redistribute it and/or modify
|
||||
; it under the terms of the GNU General Public License as published by
|
||||
; the Free Software Foundation, either version 3 of the License, or
|
||||
; (at your option) any later version.
|
||||
;
|
||||
; This program is distributed in the hope that it will be useful,
|
||||
; but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
; GNU General Public License for more details.
|
||||
;
|
||||
; You should have received a copy of the GNU General Public License
|
||||
; along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
|
||||
LIBCRASH_CRC32 = 0
|
||||
LIBCRASH_MD4 = 1
|
||||
LIBCRASH_MD5 = 2
|
||||
LIBCRASH_SHA1 = 3
|
||||
LIBCRASH_SHA224 = 4
|
||||
LIBCRASH_SHA256 = 5
|
||||
LIBCRASH_SHA384 = 6
|
||||
LIBCRASH_SHA512 = 7
|
||||
LIBCRASH_SHA3_224 = 8
|
||||
LIBCRASH_SHA3_256 = 9
|
||||
LIBCRASH_SHA3_384 = 10
|
||||
LIBCRASH_SHA3_512 = 11
|
||||
LIBCRASH_LAST = 11
|
||||
|
||||
|
||||
struct crash_item
|
||||
init dd ?
|
||||
update dd ?
|
||||
final dd ?
|
||||
oneshot dd ?
|
||||
len_out dd ?
|
||||
ends
|
||||
|
||||
struct crash_ctx
|
||||
hash rb 1024 ; context starts with hash data
|
||||
ends
|
||||
|
||||
|
||||
CRC32_HASH_SIZE = 4
|
||||
CRC32_BLOCK_SIZE = 1
|
||||
|
||||
MD4_HASH_SIZE = 16
|
||||
MD4_BLOCK_SIZE = 64
|
||||
|
||||
MD5_HASH_SIZE = 16
|
||||
MD5_BLOCK_SIZE = 64
|
||||
|
||||
SHA1_HASH_SIZE = 20
|
||||
SHA1_BLOCK_SIZE = 64
|
||||
|
||||
SHA224_HASH_SIZE = 28
|
||||
SHA224_BLOCK_SIZE = 64
|
||||
|
||||
SHA256_HASH_SIZE = 32
|
||||
SHA256_BLOCK_SIZE = 64
|
||||
|
||||
SHA384_HASH_SIZE = 48
|
||||
SHA384_BLOCK_SIZE = 128
|
||||
|
||||
SHA512_HASH_SIZE = 64
|
||||
SHA512_BLOCK_SIZE = 128
|
||||
|
||||
SHA3_224_HASH_SIZE = 28
|
||||
SHA3_224_BLOCK_SIZE = 144
|
||||
|
||||
SHA3_256_HASH_SIZE = 32
|
||||
SHA3_256_BLOCK_SIZE = 136
|
||||
|
||||
SHA3_384_HASH_SIZE = 48
|
||||
SHA3_384_BLOCK_SIZE = 104
|
||||
|
||||
SHA3_512_HASH_SIZE = 64
|
||||
SHA3_512_BLOCK_SIZE = 72
|
@ -1,263 +0,0 @@
|
||||
; libcrash -- cryptographic hash functions
|
||||
;
|
||||
; Copyright (C) 2012-2013,2016,2019 Ivan Baravy (dunkaist)
|
||||
;
|
||||
; This program is free software: you can redistribute it and/or modify
|
||||
; it under the terms of the GNU General Public License as published by
|
||||
; the Free Software Foundation, either version 3 of the License, or
|
||||
; (at your option) any later version.
|
||||
;
|
||||
; This program is distributed in the hope that it will be useful,
|
||||
; but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
; GNU General Public License for more details.
|
||||
;
|
||||
; You should have received a copy of the GNU General Public License
|
||||
; along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
|
||||
MD4_HASH_SIZE = 16
|
||||
MD4_BLOCK_SIZE = 64
|
||||
|
||||
MD4_ALIGN = 4
|
||||
MD4_ALIGN_MASK = MD4_ALIGN - 1
|
||||
|
||||
struct ctx_md4
|
||||
hash rb MD4_HASH_SIZE
|
||||
block rb MD4_BLOCK_SIZE
|
||||
index rd 1
|
||||
msglen_0 rd 1
|
||||
msglen_1 rd 1
|
||||
ends
|
||||
|
||||
if defined sizeof.crash_ctx
|
||||
assert sizeof.crash_ctx >= sizeof.ctx_md4
|
||||
end if
|
||||
|
||||
macro md4._.f b, c, d
|
||||
{
|
||||
mov eax, c
|
||||
xor eax, d
|
||||
and eax, b
|
||||
xor eax, d
|
||||
}
|
||||
|
||||
macro md4._.g b, c, d
|
||||
{
|
||||
push c d
|
||||
mov eax, b
|
||||
and eax, c
|
||||
and c, d
|
||||
and d, b
|
||||
or eax, c
|
||||
or eax, d
|
||||
pop d c
|
||||
}
|
||||
|
||||
macro md4._.h b, c, d
|
||||
{
|
||||
mov eax, b
|
||||
xor eax, c
|
||||
xor eax, d
|
||||
}
|
||||
|
||||
macro md4._.round func, a, b, c, d, index, shift, ac
|
||||
{
|
||||
func b, c, d
|
||||
add eax, [esi + index*4]
|
||||
lea a, [a + eax + ac]
|
||||
rol a, shift
|
||||
}
|
||||
|
||||
|
||||
proc md4.init _ctx
|
||||
mov ebx, [_ctx]
|
||||
lea edi, [ebx + ctx_md4.hash]
|
||||
mov esi, md4._.hash_init
|
||||
mov ecx, MD4_HASH_SIZE/4
|
||||
rep movsd
|
||||
xor eax, eax
|
||||
mov [ebx + ctx_md4.index], eax
|
||||
mov [ebx + ctx_md4.msglen_0], eax
|
||||
mov [ebx + ctx_md4.msglen_1], eax
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
proc md4._.block _hash
|
||||
|
||||
mov eax, [_hash]
|
||||
mov edi, [eax + 0x0]
|
||||
mov ebx, [eax + 0x4]
|
||||
mov ecx, [eax + 0x8]
|
||||
mov edx, [eax + 0xc]
|
||||
|
||||
md4._.round md4._.f, edi, ebx, ecx, edx, 0, 3, 0x00000000
|
||||
md4._.round md4._.f, edx, edi, ebx, ecx, 1, 7, 0x00000000
|
||||
md4._.round md4._.f, ecx, edx, edi, ebx, 2, 11, 0x00000000
|
||||
md4._.round md4._.f, ebx, ecx, edx, edi, 3, 19, 0x00000000
|
||||
md4._.round md4._.f, edi, ebx, ecx, edx, 4, 3, 0x00000000
|
||||
md4._.round md4._.f, edx, edi, ebx, ecx, 5, 7, 0x00000000
|
||||
md4._.round md4._.f, ecx, edx, edi, ebx, 6, 11, 0x00000000
|
||||
md4._.round md4._.f, ebx, ecx, edx, edi, 7, 19, 0x00000000
|
||||
md4._.round md4._.f, edi, ebx, ecx, edx, 8, 3, 0x00000000
|
||||
md4._.round md4._.f, edx, edi, ebx, ecx, 9, 7, 0x00000000
|
||||
md4._.round md4._.f, ecx, edx, edi, ebx, 10, 11, 0x00000000
|
||||
md4._.round md4._.f, ebx, ecx, edx, edi, 11, 19, 0x00000000
|
||||
md4._.round md4._.f, edi, ebx, ecx, edx, 12, 3, 0x00000000
|
||||
md4._.round md4._.f, edx, edi, ebx, ecx, 13, 7, 0x00000000
|
||||
md4._.round md4._.f, ecx, edx, edi, ebx, 14, 11, 0x00000000
|
||||
md4._.round md4._.f, ebx, ecx, edx, edi, 15, 19, 0x00000000
|
||||
|
||||
md4._.round md4._.g, edi, ebx, ecx, edx, 0, 3, 0x5a827999
|
||||
md4._.round md4._.g, edx, edi, ebx, ecx, 4, 5, 0x5a827999
|
||||
md4._.round md4._.g, ecx, edx, edi, ebx, 8, 9, 0x5a827999
|
||||
md4._.round md4._.g, ebx, ecx, edx, edi, 12, 13, 0x5a827999
|
||||
md4._.round md4._.g, edi, ebx, ecx, edx, 1, 3, 0x5a827999
|
||||
md4._.round md4._.g, edx, edi, ebx, ecx, 5, 5, 0x5a827999
|
||||
md4._.round md4._.g, ecx, edx, edi, ebx, 9, 9, 0x5a827999
|
||||
md4._.round md4._.g, ebx, ecx, edx, edi, 13, 13, 0x5a827999
|
||||
md4._.round md4._.g, edi, ebx, ecx, edx, 2, 3, 0x5a827999
|
||||
md4._.round md4._.g, edx, edi, ebx, ecx, 6, 5, 0x5a827999
|
||||
md4._.round md4._.g, ecx, edx, edi, ebx, 10, 9, 0x5a827999
|
||||
md4._.round md4._.g, ebx, ecx, edx, edi, 14, 13, 0x5a827999
|
||||
md4._.round md4._.g, edi, ebx, ecx, edx, 3, 3, 0x5a827999
|
||||
md4._.round md4._.g, edx, edi, ebx, ecx, 7, 5, 0x5a827999
|
||||
md4._.round md4._.g, ecx, edx, edi, ebx, 11, 9, 0x5a827999
|
||||
md4._.round md4._.g, ebx, ecx, edx, edi, 15, 13, 0x5a827999
|
||||
|
||||
md4._.round md4._.h, edi, ebx, ecx, edx, 0, 3, 0x6ed9eba1
|
||||
md4._.round md4._.h, edx, edi, ebx, ecx, 8, 9, 0x6ed9eba1
|
||||
md4._.round md4._.h, ecx, edx, edi, ebx, 4, 11, 0x6ed9eba1
|
||||
md4._.round md4._.h, ebx, ecx, edx, edi, 12, 15, 0x6ed9eba1
|
||||
md4._.round md4._.h, edi, ebx, ecx, edx, 2, 3, 0x6ed9eba1
|
||||
md4._.round md4._.h, edx, edi, ebx, ecx, 10, 9, 0x6ed9eba1
|
||||
md4._.round md4._.h, ecx, edx, edi, ebx, 6, 11, 0x6ed9eba1
|
||||
md4._.round md4._.h, ebx, ecx, edx, edi, 14, 15, 0x6ed9eba1
|
||||
md4._.round md4._.h, edi, ebx, ecx, edx, 1, 3, 0x6ed9eba1
|
||||
md4._.round md4._.h, edx, edi, ebx, ecx, 9, 9, 0x6ed9eba1
|
||||
md4._.round md4._.h, ecx, edx, edi, ebx, 5, 11, 0x6ed9eba1
|
||||
md4._.round md4._.h, ebx, ecx, edx, edi, 13, 15, 0x6ed9eba1
|
||||
md4._.round md4._.h, edi, ebx, ecx, edx, 3, 3, 0x6ed9eba1
|
||||
md4._.round md4._.h, edx, edi, ebx, ecx, 11, 9, 0x6ed9eba1
|
||||
md4._.round md4._.h, ecx, edx, edi, ebx, 7, 11, 0x6ed9eba1
|
||||
md4._.round md4._.h, ebx, ecx, edx, edi, 15, 15, 0x6ed9eba1
|
||||
|
||||
mov eax, [_hash]
|
||||
add [eax + 0x0], edi
|
||||
add [eax + 0x4], ebx
|
||||
add [eax + 0x8], ecx
|
||||
add [eax + 0xc], edx
|
||||
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
proc md4.update _ctx, _msg, _size
|
||||
mov ebx, [_ctx]
|
||||
mov ecx, [_size]
|
||||
add [ebx + ctx_md4.msglen_0], ecx
|
||||
adc [ebx + ctx_md4.msglen_1], 0
|
||||
|
||||
.next_block:
|
||||
mov ebx, [_ctx]
|
||||
mov esi, [_msg]
|
||||
mov eax, [ebx + ctx_md4.index]
|
||||
and eax, MD4_BLOCK_SIZE-1
|
||||
jnz .copy_to_buf
|
||||
test esi, MD4_ALIGN_MASK
|
||||
jnz .copy_to_buf
|
||||
.no_copy:
|
||||
; data is aligned, hash it in place without copying
|
||||
mov ebx, [_ctx]
|
||||
cmp [_size], MD4_BLOCK_SIZE
|
||||
jb .copy_quit
|
||||
lea eax, [ebx + ctx_md4.hash]
|
||||
stdcall md4._.block, eax
|
||||
sub [_size], MD4_BLOCK_SIZE
|
||||
add esi, MD4_BLOCK_SIZE
|
||||
jmp .no_copy
|
||||
|
||||
.copy_to_buf:
|
||||
lea edi, [ebx + ctx_md4.block]
|
||||
add edi, eax
|
||||
mov ecx, MD4_BLOCK_SIZE
|
||||
sub ecx, eax
|
||||
cmp [_size], ecx
|
||||
jb .copy_quit
|
||||
sub [_size], ecx
|
||||
add [_msg], ecx
|
||||
add [ebx + ctx_md4.index], ecx
|
||||
rep movsb
|
||||
lea eax, [ebx + ctx_md4.hash]
|
||||
lea esi, [ebx + ctx_md4.block]
|
||||
stdcall md4._.block, eax
|
||||
jmp .next_block
|
||||
|
||||
.copy_quit:
|
||||
mov ebx, [_ctx]
|
||||
lea edi, [ebx + ctx_md4.block]
|
||||
mov eax, [ebx + ctx_md4.index]
|
||||
and eax, MD4_BLOCK_SIZE-1
|
||||
add edi, eax
|
||||
mov ecx, [_size]
|
||||
add [ebx + ctx_md4.index], ecx
|
||||
rep movsb
|
||||
.quit:
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
proc md4.final _ctx
|
||||
mov ebx, [_ctx]
|
||||
lea edi, [ebx + ctx_md4.block]
|
||||
mov ecx, [ebx + ctx_md4.msglen_0]
|
||||
and ecx, MD4_BLOCK_SIZE-1
|
||||
add edi, ecx
|
||||
mov byte[edi], 0x80
|
||||
inc edi
|
||||
neg ecx
|
||||
add ecx, MD4_BLOCK_SIZE
|
||||
cmp ecx, 8
|
||||
ja .last
|
||||
|
||||
dec ecx
|
||||
xor eax, eax
|
||||
rep stosb
|
||||
lea esi, [ebx + ctx_md4.block]
|
||||
lea eax, [ebx + ctx_md4.hash]
|
||||
stdcall md4._.block, eax
|
||||
mov ebx, [_ctx]
|
||||
lea edi, [ebx + ctx_md4.block]
|
||||
mov ecx, MD4_BLOCK_SIZE+1
|
||||
.last:
|
||||
dec ecx
|
||||
sub ecx, 8
|
||||
xor eax, eax
|
||||
rep stosb
|
||||
mov eax, [ebx + ctx_md4.msglen_0]
|
||||
mov edx, [ebx + ctx_md4.msglen_1]
|
||||
shld edx, eax, 3
|
||||
shl eax, 3
|
||||
mov dword[edi], eax
|
||||
mov dword[edi+4], edx
|
||||
lea esi, [ebx + ctx_md4.block]
|
||||
lea eax, [ebx + ctx_md4.hash]
|
||||
stdcall md4._.block, eax
|
||||
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
proc md4.oneshot _ctx, _data, _len
|
||||
stdcall md4.init, [_ctx]
|
||||
stdcall md4.update, [_ctx], [_data], [_len]
|
||||
stdcall md4.final, [_ctx]
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
iglobal
|
||||
align MD4_ALIGN
|
||||
md4._.hash_init dd 0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0
|
||||
endg
|
@ -1,441 +0,0 @@
|
||||
; libcrash -- cryptographic hash functions
|
||||
;
|
||||
; Copyright (C) 2012-2013,2016,2019 Ivan Baravy (dunkaist)
|
||||
;
|
||||
; This program is free software: you can redistribute it and/or modify
|
||||
; it under the terms of the GNU General Public License as published by
|
||||
; the Free Software Foundation, either version 3 of the License, or
|
||||
; (at your option) any later version.
|
||||
;
|
||||
; This program is distributed in the hope that it will be useful,
|
||||
; but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
; GNU General Public License for more details.
|
||||
;
|
||||
; You should have received a copy of the GNU General Public License
|
||||
; along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
|
||||
SHA224256_BLOCK_SIZE = 64
|
||||
SHA224_BLOCK_SIZE = SHA224256_BLOCK_SIZE
|
||||
SHA256_BLOCK_SIZE = SHA224256_BLOCK_SIZE
|
||||
SHA224_HASH_SIZE = 28
|
||||
SHA256_HASH_SIZE = 32
|
||||
|
||||
SHA224256_INIT_SIZE = 32
|
||||
SHA224256_ALIGN = 4
|
||||
SHA224256_ALIGN_MASK = SHA224256_ALIGN - 1
|
||||
|
||||
struct ctx_sha224256
|
||||
hash rb SHA224256_INIT_SIZE
|
||||
block rb SHA224256_BLOCK_SIZE
|
||||
index rd 1
|
||||
msglen_0 rd 1
|
||||
msglen_1 rd 1
|
||||
ends
|
||||
|
||||
if defined sizeof.crash_ctx
|
||||
assert sizeof.crash_ctx >= sizeof.ctx_sha224256
|
||||
end if
|
||||
|
||||
|
||||
macro sha224256._.chn x, y, z
|
||||
{
|
||||
mov eax, [y]
|
||||
xor eax, [z]
|
||||
and eax, [x]
|
||||
xor eax, [z]
|
||||
}
|
||||
|
||||
macro sha224256._.maj x, y, z
|
||||
{
|
||||
mov eax, [x]
|
||||
xor eax, [y]
|
||||
and eax, [z]
|
||||
mov ecx, [x]
|
||||
and ecx, [y]
|
||||
xor eax, ecx
|
||||
}
|
||||
|
||||
macro sha224256._.Sigma0 x
|
||||
{
|
||||
mov eax, x
|
||||
mov ecx, eax
|
||||
ror ecx, 2
|
||||
ror eax, 13
|
||||
xor eax, ecx
|
||||
mov ecx, x
|
||||
ror ecx, 22
|
||||
xor eax, ecx
|
||||
}
|
||||
|
||||
macro sha224256._.Sigma1 x
|
||||
{
|
||||
mov eax, x
|
||||
mov ecx, eax
|
||||
ror ecx, 6
|
||||
ror eax, 11
|
||||
xor eax, ecx
|
||||
mov ecx, x
|
||||
ror ecx, 25
|
||||
xor eax, ecx
|
||||
}
|
||||
|
||||
macro sha224256._.sigma0 x
|
||||
{
|
||||
mov eax, x
|
||||
mov ecx, eax
|
||||
ror ecx, 7
|
||||
ror eax, 18
|
||||
xor eax, ecx
|
||||
mov ecx, x
|
||||
shr ecx, 3
|
||||
xor eax, ecx
|
||||
}
|
||||
|
||||
macro sha224256._.sigma1 x
|
||||
{
|
||||
mov eax, x
|
||||
mov ecx, eax
|
||||
ror ecx, 17
|
||||
ror eax, 19
|
||||
xor eax, ecx
|
||||
mov ecx, x
|
||||
shr ecx, 10
|
||||
xor eax, ecx
|
||||
}
|
||||
|
||||
macro sha224256._.recalculate_w n
|
||||
{
|
||||
mov edx, [w + ((n-2) and 15)*4]
|
||||
sha224256._.sigma1 edx
|
||||
add eax, [w + ((n-7) and 15)*4]
|
||||
push eax
|
||||
mov edx, [w + ((n-15) and 15)*4]
|
||||
sha224256._.sigma0 edx
|
||||
pop ecx
|
||||
add eax, ecx
|
||||
add [w + (n)*4], eax
|
||||
}
|
||||
|
||||
macro sha224256._.round a, b, c, d, e, f, g, h, k
|
||||
{
|
||||
mov ebx, [h]
|
||||
mov edx, [e]
|
||||
sha224256._.Sigma1 edx
|
||||
|
||||
add ebx, eax
|
||||
sha224256._.chn e, f, g
|
||||
|
||||
add ebx, eax
|
||||
add ebx, [k]
|
||||
add ebx, edi
|
||||
|
||||
add [d], ebx
|
||||
|
||||
mov edx, [a]
|
||||
sha224256._.Sigma0 edx
|
||||
add ebx, eax
|
||||
sha224256._.maj a, b, c
|
||||
add eax, ebx
|
||||
mov [h], eax
|
||||
}
|
||||
|
||||
|
||||
macro sha224256._.round_1_16 a, b, c, d, e, f, g, h, n
|
||||
{
|
||||
|
||||
mov eax, [esi + (n)*4]
|
||||
bswap eax
|
||||
|
||||
mov dword[w + (n)*4], eax
|
||||
mov edi, eax
|
||||
sha224256._.round a, b, c, d, e, f, g, h, (sha256_table + (n)*4)
|
||||
}
|
||||
|
||||
macro sha224256._.round_17_64 a, b, c, d, e, f, g, h, n, rep_num
|
||||
{
|
||||
sha224256._.recalculate_w n
|
||||
mov edi, [w + (n)*4]
|
||||
sha224256._.round a, b, c, d, e, f, g, h, (sha256_table + (n+16*rep_num)*4)
|
||||
}
|
||||
|
||||
|
||||
proc sha224.init _ctx
|
||||
mov ebx, [_ctx]
|
||||
lea edi, [ebx + ctx_sha224256.hash]
|
||||
mov esi, sha224._.hash_init
|
||||
mov ecx, SHA224256_INIT_SIZE/4
|
||||
rep movsd
|
||||
xor eax, eax
|
||||
mov [ebx + ctx_sha224256.index], eax
|
||||
mov [ebx + ctx_sha224256.msglen_0], eax
|
||||
mov [ebx + ctx_sha224256.msglen_1], eax
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
proc sha256.init _ctx
|
||||
mov ebx, [_ctx]
|
||||
lea edi, [ebx + ctx_sha224256.hash]
|
||||
mov esi, sha256._.hash_init
|
||||
mov ecx, SHA224256_INIT_SIZE/4
|
||||
rep movsd
|
||||
xor eax, eax
|
||||
mov [ebx + ctx_sha224256.index], eax
|
||||
mov [ebx + ctx_sha224256.msglen_0], eax
|
||||
mov [ebx + ctx_sha224256.msglen_1], eax
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
proc sha224256._.block _hash
|
||||
locals
|
||||
w rd 64
|
||||
A rd 1
|
||||
B rd 1
|
||||
C rd 1
|
||||
D rd 1
|
||||
E rd 1
|
||||
F rd 1
|
||||
G rd 1
|
||||
H rd 1
|
||||
endl
|
||||
mov edi, [_hash]
|
||||
mov eax, [edi + 0x00]
|
||||
mov [A], eax
|
||||
mov eax, [edi + 0x04]
|
||||
mov [B], eax
|
||||
mov eax, [edi + 0x08]
|
||||
mov [C], eax
|
||||
mov eax, [edi + 0x0c]
|
||||
mov [D], eax
|
||||
mov eax, [edi + 0x10]
|
||||
mov [E], eax
|
||||
mov eax, [edi + 0x14]
|
||||
mov [F], eax
|
||||
mov eax, [edi + 0x18]
|
||||
mov [G], eax
|
||||
mov eax, [edi + 0x1c]
|
||||
mov [H], eax
|
||||
|
||||
sha224256._.round_1_16 A, B, C, D, E, F, G, H, 0
|
||||
sha224256._.round_1_16 H, A, B, C, D, E, F, G, 1
|
||||
sha224256._.round_1_16 G, H, A, B, C, D, E, F, 2
|
||||
sha224256._.round_1_16 F, G, H, A, B, C, D, E, 3
|
||||
sha224256._.round_1_16 E, F, G, H, A, B, C, D, 4
|
||||
sha224256._.round_1_16 D, E, F, G, H, A, B, C, 5
|
||||
sha224256._.round_1_16 C, D, E, F, G, H, A, B, 6
|
||||
sha224256._.round_1_16 B, C, D, E, F, G, H, A, 7
|
||||
sha224256._.round_1_16 A, B, C, D, E, F, G, H, 8
|
||||
sha224256._.round_1_16 H, A, B, C, D, E, F, G, 9
|
||||
sha224256._.round_1_16 G, H, A, B, C, D, E, F, 10
|
||||
sha224256._.round_1_16 F, G, H, A, B, C, D, E, 11
|
||||
sha224256._.round_1_16 E, F, G, H, A, B, C, D, 12
|
||||
sha224256._.round_1_16 D, E, F, G, H, A, B, C, 13
|
||||
sha224256._.round_1_16 C, D, E, F, G, H, A, B, 14
|
||||
sha224256._.round_1_16 B, C, D, E, F, G, H, A, 15
|
||||
|
||||
repeat 3
|
||||
sha224256._.round_17_64 A, B, C, D, E, F, G, H, 0, %
|
||||
sha224256._.round_17_64 H, A, B, C, D, E, F, G, 1, %
|
||||
sha224256._.round_17_64 G, H, A, B, C, D, E, F, 2, %
|
||||
sha224256._.round_17_64 F, G, H, A, B, C, D, E, 3, %
|
||||
sha224256._.round_17_64 E, F, G, H, A, B, C, D, 4, %
|
||||
sha224256._.round_17_64 D, E, F, G, H, A, B, C, 5, %
|
||||
sha224256._.round_17_64 C, D, E, F, G, H, A, B, 6, %
|
||||
sha224256._.round_17_64 B, C, D, E, F, G, H, A, 7, %
|
||||
sha224256._.round_17_64 A, B, C, D, E, F, G, H, 8, %
|
||||
sha224256._.round_17_64 H, A, B, C, D, E, F, G, 9, %
|
||||
sha224256._.round_17_64 G, H, A, B, C, D, E, F, 10, %
|
||||
sha224256._.round_17_64 F, G, H, A, B, C, D, E, 11, %
|
||||
sha224256._.round_17_64 E, F, G, H, A, B, C, D, 12, %
|
||||
sha224256._.round_17_64 D, E, F, G, H, A, B, C, 13, %
|
||||
sha224256._.round_17_64 C, D, E, F, G, H, A, B, 14, %
|
||||
sha224256._.round_17_64 B, C, D, E, F, G, H, A, 15, %
|
||||
end repeat
|
||||
|
||||
mov edi, [_hash]
|
||||
mov eax, [A]
|
||||
add [edi + 0x00], eax
|
||||
mov eax, [B]
|
||||
add [edi + 0x04], eax
|
||||
mov eax, [C]
|
||||
add [edi + 0x08], eax
|
||||
mov eax, [D]
|
||||
add [edi + 0x0c], eax
|
||||
mov eax, [E]
|
||||
add [edi + 0x10], eax
|
||||
mov eax, [F]
|
||||
add [edi + 0x14], eax
|
||||
mov eax, [G]
|
||||
add [edi + 0x18], eax
|
||||
mov eax, [H]
|
||||
add [edi + 0x1c], eax
|
||||
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
sha224.update = sha224256.update
|
||||
sha256.update = sha224256.update
|
||||
proc sha224256.update _ctx, _msg, _size
|
||||
mov ebx, [_ctx]
|
||||
mov ecx, [_size]
|
||||
add [ebx + ctx_sha224256.msglen_0], ecx
|
||||
adc [ebx + ctx_sha224256.msglen_1], 0
|
||||
|
||||
.next_block:
|
||||
mov ebx, [_ctx]
|
||||
mov esi, [_msg]
|
||||
mov eax, [ebx + ctx_sha224256.index]
|
||||
and eax, SHA224256_BLOCK_SIZE-1
|
||||
jnz .copy_to_buf
|
||||
test esi, SHA224256_ALIGN_MASK
|
||||
jnz .copy_to_buf
|
||||
.no_copy:
|
||||
; data is aligned, hash it in place without copying
|
||||
mov ebx, [_ctx]
|
||||
cmp [_size], SHA224256_BLOCK_SIZE
|
||||
jb .copy_quit
|
||||
lea eax, [ebx + ctx_sha224256.hash]
|
||||
stdcall sha224256._.block, eax
|
||||
sub [_size], SHA224256_BLOCK_SIZE
|
||||
add esi, SHA224256_BLOCK_SIZE ; FIXME
|
||||
jmp .no_copy
|
||||
|
||||
.copy_to_buf:
|
||||
lea edi, [ebx + ctx_sha224256.block]
|
||||
add edi, eax
|
||||
mov ecx, SHA224256_BLOCK_SIZE
|
||||
sub ecx, eax
|
||||
cmp [_size], ecx
|
||||
jb .copy_quit
|
||||
sub [_size], ecx
|
||||
add [_msg], ecx
|
||||
add [ebx + ctx_sha224256.index], ecx
|
||||
rep movsb
|
||||
lea eax, [ebx + ctx_sha224256.hash]
|
||||
lea esi, [ebx + ctx_sha224256.block]
|
||||
stdcall sha224256._.block, eax
|
||||
jmp .next_block
|
||||
|
||||
.copy_quit:
|
||||
mov ebx, [_ctx]
|
||||
lea edi, [ebx + ctx_sha224256.block]
|
||||
mov eax, [ebx + ctx_sha224256.index]
|
||||
and eax, SHA224256_BLOCK_SIZE-1
|
||||
add edi, eax
|
||||
mov ecx, [_size]
|
||||
add [ebx + ctx_sha224256.index], ecx
|
||||
rep movsb
|
||||
.quit:
|
||||
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
sha224.final = sha224256.final
|
||||
sha256.final = sha224256.final
|
||||
proc sha224256.final _ctx
|
||||
mov ebx, [_ctx]
|
||||
lea edi, [ebx + ctx_sha224256.block]
|
||||
mov ecx, [ebx + ctx_sha224256.msglen_0]
|
||||
and ecx, SHA224256_BLOCK_SIZE-1
|
||||
add edi, ecx
|
||||
mov byte[edi], 0x80
|
||||
inc edi
|
||||
neg ecx
|
||||
add ecx, SHA224256_BLOCK_SIZE
|
||||
cmp ecx, 8
|
||||
ja .last
|
||||
|
||||
dec ecx
|
||||
xor eax, eax
|
||||
rep stosb
|
||||
lea esi, [ebx + ctx_sha224256.block]
|
||||
lea eax, [ebx + ctx_sha224256.hash]
|
||||
stdcall sha224256._.block, eax
|
||||
mov ebx, [_ctx]
|
||||
lea edi, [ebx + ctx_sha224256.block]
|
||||
mov ecx, SHA224256_BLOCK_SIZE+1
|
||||
.last:
|
||||
dec ecx
|
||||
sub ecx, 8
|
||||
xor eax, eax
|
||||
rep stosb
|
||||
mov eax, [ebx + ctx_sha224256.msglen_0]
|
||||
mov edx, [ebx + ctx_sha224256.msglen_1]
|
||||
shld edx, eax, 3
|
||||
shl eax, 3
|
||||
bswap eax
|
||||
bswap edx
|
||||
mov dword[edi], edx
|
||||
mov dword[edi+4], eax
|
||||
lea esi, [ebx + ctx_sha224256.block]
|
||||
lea eax, [ebx + ctx_sha224256.hash]
|
||||
stdcall sha224256._.block, eax
|
||||
|
||||
mov ebx, [_ctx]
|
||||
lea eax, [ebx + ctx_sha224256.hash]
|
||||
stdcall sha224256._.postprocess, ebx, eax
|
||||
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
proc sha224256._.postprocess _ctx, _hash
|
||||
mov ecx, 8
|
||||
mov esi, [_hash]
|
||||
mov edi, esi
|
||||
@@:
|
||||
lodsd
|
||||
bswap eax
|
||||
stosd
|
||||
dec ecx
|
||||
jnz @b
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
proc sha224.oneshot _ctx, _data, _len
|
||||
stdcall sha224.init, [_ctx]
|
||||
stdcall sha224.update, [_ctx], [_data], [_len]
|
||||
stdcall sha224.final, [_ctx]
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
proc sha256.oneshot _ctx, _data, _len
|
||||
stdcall sha256.init, [_ctx]
|
||||
stdcall sha256.update, [_ctx], [_data], [_len]
|
||||
stdcall sha256.final, [_ctx]
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
iglobal
|
||||
align SHA224256_ALIGN
|
||||
sha224._.hash_init dd 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939,\
|
||||
0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4
|
||||
|
||||
sha256._.hash_init dd 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,\
|
||||
0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
|
||||
|
||||
sha256_table dd 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,\
|
||||
0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,\
|
||||
0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,\
|
||||
0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,\
|
||||
0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,\
|
||||
0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,\
|
||||
0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,\
|
||||
0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,\
|
||||
0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,\
|
||||
0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,\
|
||||
0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,\
|
||||
0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,\
|
||||
0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,\
|
||||
0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,\
|
||||
0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,\
|
||||
0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
|
||||
endg
|
@ -20,10 +20,12 @@
|
||||
; To compute HMAC over the data `text' we perform
|
||||
; H(K XOR opad, H(K XOR ipad, text))
|
||||
|
||||
MD5_BLOCK_SIZE = 64
|
||||
|
||||
struct hmac_md5_context
|
||||
hash rb MD5_HASH_SIZE
|
||||
ipad_ctx crash_ctx
|
||||
opad_ctx crash_ctx
|
||||
hash rb MD5_LEN
|
||||
ipad_ctx rb LIBCRASH_CTX_LEN
|
||||
opad_ctx rb LIBCRASH_CTX_LEN
|
||||
ends
|
||||
|
||||
; We will precompute partial hashes of K XOR ipad and K XOR opad,
|
||||
|
@ -20,10 +20,12 @@
|
||||
; To compute HMAC over the data `text' we perform
|
||||
; H(K XOR opad, H(K XOR ipad, text))
|
||||
|
||||
SHA1_BLOCK_SIZE = 64
|
||||
|
||||
struct hmac_sha1_context
|
||||
hash rb SHA1_HASH_SIZE
|
||||
ipad_ctx crash_ctx
|
||||
opad_ctx crash_ctx
|
||||
hash rb SHA1_LEN
|
||||
ipad_ctx rb LIBCRASH_CTX_LEN
|
||||
opad_ctx rb LIBCRASH_CTX_LEN
|
||||
ends
|
||||
|
||||
; We will precompute partial hashes of K XOR ipad and K XOR opad,
|
||||
|
@ -20,10 +20,12 @@
|
||||
; To compute HMAC over the data `text' we perform
|
||||
; H(K XOR opad, H(K XOR ipad, text))
|
||||
|
||||
SHA2_256_BLOCK_SIZE = 64
|
||||
|
||||
struct hmac_sha256_context
|
||||
hash rb SHA256_HASH_SIZE
|
||||
ipad_ctx crash_ctx
|
||||
opad_ctx crash_ctx
|
||||
hash rb SHA2_256_LEN
|
||||
ipad_ctx rb LIBCRASH_CTX_LEN
|
||||
opad_ctx rb LIBCRASH_CTX_LEN
|
||||
ends
|
||||
|
||||
; We will precompute partial hashes of K XOR ipad and K XOR opad,
|
||||
@ -32,21 +34,21 @@ ends
|
||||
proc hmac_sha256_setkey ctx, key, key_length
|
||||
|
||||
locals
|
||||
k_temp rb SHA256_BLOCK_SIZE
|
||||
k_temp rb SHA2_256_BLOCK_SIZE
|
||||
endl
|
||||
|
||||
pusha
|
||||
|
||||
; input esi = key, ecx=key_length
|
||||
mov ecx, [key_length]
|
||||
cmp ecx, SHA256_BLOCK_SIZE
|
||||
cmp ecx, SHA2_256_BLOCK_SIZE
|
||||
ja .hash_it
|
||||
; Key is smaller then or equal to blocksize,
|
||||
; copy key to ipad
|
||||
mov esi, [key]
|
||||
lea edi, [k_temp]
|
||||
rep movsb
|
||||
mov ecx, SHA256_BLOCK_SIZE
|
||||
mov ecx, SHA2_256_BLOCK_SIZE
|
||||
sub ecx, [key_length]
|
||||
jz .finish
|
||||
; append zeros to the key
|
||||
@ -56,21 +58,21 @@ endl
|
||||
|
||||
; Given key is larger then key size, hash it
|
||||
.hash_it:
|
||||
invoke sha256_init, [ctx]
|
||||
invoke sha256_update, [ctx], [key], [key_length]
|
||||
invoke sha256_final, [ctx]
|
||||
invoke sha2_256_init, [ctx]
|
||||
invoke sha2_256_update, [ctx], [key], [key_length]
|
||||
invoke sha2_256_finish, [ctx]
|
||||
mov esi, [ctx]
|
||||
lea edi, [k_temp]
|
||||
mov ecx, SHA256_HASH_SIZE/4
|
||||
mov ecx, SHA2_256_LEN/4
|
||||
rep movsd
|
||||
xor eax, eax
|
||||
mov ecx, (SHA256_BLOCK_SIZE-SHA256_HASH_SIZE)/4
|
||||
mov ecx, (SHA2_256_BLOCK_SIZE-SHA2_256_LEN)/4
|
||||
rep stosd
|
||||
|
||||
.finish:
|
||||
; xor ipad buffer with 0x36363...
|
||||
lea esi, [k_temp]
|
||||
mov ecx, SHA256_BLOCK_SIZE/4
|
||||
mov ecx, SHA2_256_BLOCK_SIZE/4
|
||||
@@:
|
||||
xor dword[esi], 0x36363636 ; ipad constant
|
||||
add esi, 4
|
||||
@ -80,19 +82,19 @@ endl
|
||||
; Init our hash with k_xor_ipad
|
||||
mov ebx, [ctx]
|
||||
lea edi, [ebx+hmac_sha256_context.ipad_ctx]
|
||||
invoke sha256_init, edi
|
||||
invoke sha2_256_init, edi
|
||||
|
||||
lea esi, [k_temp]
|
||||
DEBUGF 1, "HASH: "
|
||||
stdcall dump_hex, esi, SHA256_BLOCK_SIZE/4
|
||||
stdcall dump_hex, esi, SHA2_256_BLOCK_SIZE/4
|
||||
|
||||
mov ebx, [ctx]
|
||||
lea edi, [ebx+hmac_sha256_context.ipad_ctx]
|
||||
invoke sha256_update, edi, esi, SHA256_BLOCK_SIZE
|
||||
invoke sha2_256_update, edi, esi, SHA2_256_BLOCK_SIZE
|
||||
|
||||
; xor opad buffer with 0x5c5c5...
|
||||
lea esi, [k_temp]
|
||||
mov ecx, SHA256_BLOCK_SIZE/4
|
||||
mov ecx, SHA2_256_BLOCK_SIZE/4
|
||||
@@:
|
||||
xor dword[esi], 0x36363636 xor 0x5c5c5c5c ; opad constant
|
||||
add esi, 4
|
||||
@ -102,15 +104,15 @@ endl
|
||||
; Init our hash with k_xor_opad
|
||||
mov ebx, [ctx]
|
||||
lea edi, [ebx+hmac_sha256_context.opad_ctx]
|
||||
invoke sha256_init, edi
|
||||
invoke sha2_256_init, edi
|
||||
|
||||
lea esi, [k_temp]
|
||||
DEBUGF 1, "HASH: "
|
||||
stdcall dump_hex, esi, SHA256_BLOCK_SIZE/4
|
||||
stdcall dump_hex, esi, SHA2_256_BLOCK_SIZE/4
|
||||
|
||||
mov ebx, [ctx]
|
||||
lea edi, [ebx+hmac_sha256_context.opad_ctx]
|
||||
invoke sha256_update, edi, esi, SHA256_BLOCK_SIZE
|
||||
invoke sha2_256_update, edi, esi, SHA2_256_BLOCK_SIZE
|
||||
|
||||
popa
|
||||
ret
|
||||
@ -124,8 +126,8 @@ endp
|
||||
proc hmac_sha256 ctx, _data, _length
|
||||
|
||||
locals
|
||||
inner_ctx crash_ctx
|
||||
outer_ctx crash_ctx
|
||||
inner_ctx rb LIBCRASH_CTX_LEN
|
||||
outer_ctx rb LIBCRASH_CTX_LEN
|
||||
endl
|
||||
|
||||
pusha
|
||||
@ -138,30 +140,30 @@ endl
|
||||
mov esi, [ctx]
|
||||
lea esi, [esi+hmac_sha256_context.ipad_ctx]
|
||||
lea edi, [inner_ctx]
|
||||
repeat (sizeof.crash_ctx)/4*2
|
||||
repeat (LIBCRASH_CTX_LEN)/4*2
|
||||
movsd
|
||||
end repeat
|
||||
|
||||
; Append provided data to inner hash and finalize
|
||||
lea ebx, [inner_ctx]
|
||||
invoke sha256_update, ebx, [_data], [_length]
|
||||
invoke sha2_256_update, ebx, [_data], [_length]
|
||||
lea ebx, [inner_ctx]
|
||||
invoke sha256_final, ebx
|
||||
invoke sha2_256_finish, ebx
|
||||
|
||||
DEBUGF 1, "Inner Hash: "
|
||||
lea esi, [inner_ctx.hash]
|
||||
stdcall dump_hex, esi, SHA256_HASH_SIZE/4
|
||||
lea esi, [inner_ctx]
|
||||
stdcall dump_hex, esi, SHA2_256_LEN/4
|
||||
|
||||
; Calculate outer hash
|
||||
lea ebx, [outer_ctx]
|
||||
lea esi, [inner_ctx.hash]
|
||||
invoke sha256_update, ebx, esi, SHA256_HASH_SIZE
|
||||
lea esi, [inner_ctx]
|
||||
invoke sha2_256_update, ebx, esi, SHA2_256_LEN
|
||||
lea ebx, [outer_ctx]
|
||||
invoke sha256_final, ebx
|
||||
invoke sha2_256_finish, ebx
|
||||
; Copy output hash to ctx structure ; FIXME
|
||||
lea esi, [outer_ctx.hash]
|
||||
lea esi, [outer_ctx]
|
||||
mov edi, [ctx]
|
||||
repeat SHA256_HASH_SIZE/4
|
||||
repeat SHA2_256_LEN/4
|
||||
movsd
|
||||
end repeat
|
||||
|
||||
|
@ -49,7 +49,7 @@ include '../../proc32.inc'
|
||||
include '../../dll.inc'
|
||||
include '../../debug-fdo.inc'
|
||||
include '../../network.inc'
|
||||
include '../../develop/libraries/libcrash/trunk/libcrash.inc'
|
||||
include '../../develop/libraries/libcrash/libcrash.inc'
|
||||
|
||||
; macros for network byte order
|
||||
macro dd_n op {
|
||||
@ -621,18 +621,18 @@ import console, \
|
||||
con_get_input, 'con_get_input'
|
||||
|
||||
import libcrash, \
|
||||
sha512_init, 'sha512_init', \
|
||||
sha512_update, 'sha512_update', \
|
||||
sha512_final, 'sha512_final',\
|
||||
sha256_init, 'sha256_init', \
|
||||
sha256_update, 'sha256_update', \
|
||||
sha256_final, 'sha256_final',\
|
||||
sha2_512_init, 'sha2_512_init', \
|
||||
sha2_512_update, 'sha2_512_update', \
|
||||
sha2_512_finish, 'sha2_512_finish',\
|
||||
sha2_256_init, 'sha2_256_init', \
|
||||
sha2_256_update, 'sha2_256_update', \
|
||||
sha2_256_finish, 'sha2_256_finish',\
|
||||
sha1_init, 'sha1_init', \
|
||||
sha1_update, 'sha1_update', \
|
||||
sha1_final, 'sha1_final', \
|
||||
sha1_finish, 'sha1_finish', \
|
||||
md5_init, 'md5_init', \
|
||||
md5_update, 'md5_update', \
|
||||
md5_final, 'md5_final'
|
||||
md5_finish, 'md5_finish'
|
||||
|
||||
import libini, \
|
||||
ini_get_str, 'ini_get_str', \
|
||||
|
@ -125,8 +125,8 @@ struct sshlib_connection
|
||||
tx_buffer ssh_packet_header
|
||||
rb PACKETSIZE-sizeof.ssh_packet_header
|
||||
|
||||
part_ex_hash_ctx crash_ctx
|
||||
session_id rb SHA256_HASH_SIZE
|
||||
part_ex_hash_ctx rb LIBCRASH_CTX_LEN
|
||||
session_id rb SHA2_256_LEN
|
||||
|
||||
algo_kex dd ?
|
||||
algo_hostkey dd ?
|
||||
|
@ -109,9 +109,9 @@ endl
|
||||
jnz .err_sock
|
||||
|
||||
; Start calculating hash
|
||||
invoke sha256_init, [ctx_ptr]
|
||||
invoke sha2_256_init, [ctx_ptr]
|
||||
; HASH: string V_C, the client's version string (CR and NL excluded)
|
||||
invoke sha256_update, [ctx_ptr], ssh_ident_ha, ssh_msg_ident.length+4-2
|
||||
invoke sha2_256_update, [ctx_ptr], ssh_ident_ha, ssh_msg_ident.length+4-2
|
||||
|
||||
; >> Send our identification string
|
||||
DEBUGF 2, "Sending ID string\n"
|
||||
@ -138,7 +138,7 @@ endl
|
||||
bswap eax
|
||||
sub edx, 4
|
||||
mov dword[edx], eax
|
||||
invoke sha256_update, [ctx_ptr], edx, ecx
|
||||
invoke sha2_256_update, [ctx_ptr], edx, ecx
|
||||
|
||||
; >> Key Exchange init
|
||||
mov eax, [con_ptr]
|
||||
@ -191,7 +191,7 @@ endl
|
||||
bswap eax
|
||||
lea esi, [esi+sshlib_connection.tx_buffer+1]
|
||||
mov dword[esi], eax
|
||||
invoke sha256_update, [ctx_ptr], esi, edx
|
||||
invoke sha2_256_update, [ctx_ptr], esi, edx
|
||||
|
||||
; << Check key exchange init of server
|
||||
stdcall sshlib_recv_packet, [con_ptr], 0
|
||||
@ -269,7 +269,7 @@ endl
|
||||
bswap eax
|
||||
lea esi, [esi+sshlib_connection.rx_buffer+1]
|
||||
mov dword[esi], eax
|
||||
invoke sha256_update, [ctx_ptr], esi, edx
|
||||
invoke sha2_256_update, [ctx_ptr], esi, edx
|
||||
|
||||
; Exchange keys with the server
|
||||
|
||||
|
@ -44,7 +44,7 @@ locals
|
||||
|
||||
K_length dd ?
|
||||
|
||||
session_id_x rb SHA256_HASH_SIZE+1
|
||||
session_id_x rb SHA2_256_LEN+1
|
||||
|
||||
str_K_S dd ? ; server public host key and certificates (K_S)
|
||||
mpint_f_big dd ? ; pointer to original
|
||||
@ -54,7 +54,7 @@ endl
|
||||
|
||||
; Allocate memory for temp variables
|
||||
|
||||
mov ecx, 7*(MAX_BITS/8+4) + 7*SHA256_HASH_SIZE + 2*sizeof.crash_ctx
|
||||
mov ecx, 7*(MAX_BITS/8+4) + 7*SHA2_256_LEN + 2*LIBCRASH_CTX_LEN
|
||||
mcall 68, 12
|
||||
test eax, eax
|
||||
jz .err_nomem
|
||||
@ -77,31 +77,31 @@ endl
|
||||
add eax, (MAX_BITS/8+4)
|
||||
|
||||
mov [k_h_ctx], eax
|
||||
add eax, sizeof.crash_ctx
|
||||
add eax, LIBCRASH_CTX_LEN
|
||||
mov [temp_ctx], eax
|
||||
add eax, sizeof.crash_ctx
|
||||
add eax, LIBCRASH_CTX_LEN
|
||||
|
||||
mov [H], eax
|
||||
add eax, SHA256_HASH_SIZE
|
||||
add eax, SHA2_256_LEN
|
||||
mov [rx_iv], eax
|
||||
add eax, SHA256_HASH_SIZE
|
||||
add eax, SHA2_256_LEN
|
||||
mov [tx_iv], eax
|
||||
add eax, SHA256_HASH_SIZE
|
||||
add eax, SHA2_256_LEN
|
||||
mov [rx_enc_key], eax
|
||||
add eax, SHA256_HASH_SIZE
|
||||
add eax, SHA2_256_LEN
|
||||
mov [tx_enc_key], eax
|
||||
add eax, SHA256_HASH_SIZE
|
||||
add eax, SHA2_256_LEN
|
||||
mov [rx_int_key], eax
|
||||
add eax, SHA256_HASH_SIZE
|
||||
add eax, SHA2_256_LEN
|
||||
mov [tx_int_key], eax
|
||||
; add eax, SHA256_HASH_SIZE
|
||||
; add eax, SHA2_256_LEN
|
||||
|
||||
; Copy the partial exchange hash to our temporary one
|
||||
|
||||
mov esi, [con_ptr]
|
||||
lea esi, [esi+sshlib_connection.part_ex_hash_ctx]
|
||||
mov edi, [temp_ctx]
|
||||
mov ecx, sizeof.crash_ctx/4
|
||||
mov ecx, LIBCRASH_CTX_LEN/4
|
||||
rep movsd
|
||||
|
||||
;----------------------------------------------
|
||||
@ -201,27 +201,27 @@ endl
|
||||
add edx, 4
|
||||
lea eax, [esi+edx]
|
||||
mov [mpint_f_big], eax
|
||||
invoke sha256_update, [temp_ctx], esi, edx
|
||||
invoke sha2_256_update, [temp_ctx], esi, edx
|
||||
|
||||
;--------------------------------------------------------------------------
|
||||
; HASH: uint32 min, minimal size in bits of an acceptable group
|
||||
; uint32 n, preferred size in bits of the group the server will send
|
||||
; uint32 max, maximal size in bits of an acceptable group
|
||||
invoke sha256_update, [temp_ctx], ssh_msg_gex_req+sizeof.ssh_packet_header-ssh_packet_header.message_code, 12
|
||||
invoke sha2_256_update, [temp_ctx], ssh_msg_gex_req+sizeof.ssh_packet_header-ssh_packet_header.message_code, 12
|
||||
|
||||
;----------------------------
|
||||
; HASH: mpint p, safe prime
|
||||
stdcall mpint_shrink, [mpint_p]
|
||||
stdcall mpint_to_big_endian, [mpint_tmp], [mpint_p]
|
||||
add eax, 4
|
||||
invoke sha256_update, [temp_ctx], [mpint_tmp], eax
|
||||
invoke sha2_256_update, [temp_ctx], [mpint_tmp], eax
|
||||
|
||||
;----------------------------------------
|
||||
; HASH: mpint g, generator for subgroup
|
||||
stdcall mpint_shrink, [mpint_g]
|
||||
stdcall mpint_to_big_endian, [mpint_tmp], [mpint_g]
|
||||
add eax, 4
|
||||
invoke sha256_update, [temp_ctx], [mpint_tmp], eax
|
||||
invoke sha2_256_update, [temp_ctx], [mpint_tmp], eax
|
||||
|
||||
;---------------------------------------------------
|
||||
; HASH: mpint e, exchange value sent by the client
|
||||
@ -230,7 +230,7 @@ endl
|
||||
mov edx, [esi]
|
||||
bswap edx
|
||||
add edx, 4
|
||||
invoke sha256_update, [temp_ctx], esi, edx
|
||||
invoke sha2_256_update, [temp_ctx], esi, edx
|
||||
|
||||
;---------------------------------------------------
|
||||
; HASH: mpint f, exchange value sent by the server
|
||||
@ -238,7 +238,7 @@ endl
|
||||
mov edx, [esi]
|
||||
bswap edx
|
||||
add edx, 4
|
||||
invoke sha256_update, [temp_ctx], esi, edx
|
||||
invoke sha2_256_update, [temp_ctx], esi, edx
|
||||
|
||||
stdcall mpint_to_little_endian, [mpint_f], [mpint_f_big]
|
||||
mov esi, [mpint_f_big]
|
||||
@ -260,19 +260,18 @@ endl
|
||||
;-----------------------------------
|
||||
; HASH: mpint K, the shared secret
|
||||
add eax, 4
|
||||
invoke sha256_update, [temp_ctx], [mpint_K_big], eax
|
||||
invoke sha2_256_update, [temp_ctx], [mpint_K_big], eax
|
||||
|
||||
;-------------------------------
|
||||
; Finalize the exchange hash (H)
|
||||
invoke sha256_final, [temp_ctx]
|
||||
invoke sha2_256_finish, [temp_ctx]
|
||||
mov esi, [temp_ctx]
|
||||
add esi, crash_ctx.hash
|
||||
mov edi, [H]
|
||||
mov ecx, SHA256_HASH_SIZE/4
|
||||
mov ecx, SHA2_256_LEN/4
|
||||
rep movsd
|
||||
|
||||
DEBUGF 1, "Exchange hash H: "
|
||||
stdcall dump_hex, [H], SHA256_HASH_SIZE/4
|
||||
stdcall dump_hex, [H], SHA2_256_LEN/4
|
||||
|
||||
;--------------------------
|
||||
; Set or get the session id
|
||||
@ -282,20 +281,20 @@ endl
|
||||
jae @f
|
||||
|
||||
; If first KEX, verify host public key
|
||||
stdcall sshlib_host_verify, [con_ptr], [str_K_S], [str_s_of_H], [H], SHA256_HASH_SIZE
|
||||
stdcall sshlib_host_verify, [con_ptr], [str_K_S], [str_s_of_H], [H], SHA2_256_LEN
|
||||
test eax, eax
|
||||
jnz .err
|
||||
|
||||
mov eax, [con_ptr]
|
||||
mov esi, [H]
|
||||
lea edi, [eax + sshlib_connection.session_id]
|
||||
mov ecx, SHA256_HASH_SIZE/4
|
||||
mov ecx, SHA2_256_LEN/4
|
||||
rep movsd
|
||||
@@:
|
||||
|
||||
lea esi, [eax + sshlib_connection.session_id]
|
||||
lea edi, [session_id_x+1]
|
||||
mov ecx, SHA256_HASH_SIZE/4
|
||||
mov ecx, SHA2_256_LEN/4
|
||||
rep movsd
|
||||
|
||||
|
||||
@ -304,126 +303,126 @@ endl
|
||||
|
||||
; First, calculate partial hash of K and H so we can re-use it for every key.
|
||||
|
||||
invoke sha256_init, [k_h_ctx]
|
||||
invoke sha2_256_init, [k_h_ctx]
|
||||
|
||||
mov ecx, [K_length]
|
||||
add ecx, 4
|
||||
invoke sha256_update, [k_h_ctx], [mpint_K_big], ecx
|
||||
invoke sha256_update, [k_h_ctx], [H], SHA256_HASH_SIZE
|
||||
invoke sha2_256_update, [k_h_ctx], [mpint_K_big], ecx
|
||||
invoke sha2_256_update, [k_h_ctx], [H], SHA2_256_LEN
|
||||
|
||||
;---------------------------------------------------------------
|
||||
; Initial IV client to server: HASH(K || H || "A" || session_id)
|
||||
|
||||
mov esi, [k_h_ctx]
|
||||
mov edi, [temp_ctx]
|
||||
mov ecx, sizeof.crash_ctx/4
|
||||
mov ecx, LIBCRASH_CTX_LEN/4
|
||||
rep movsd
|
||||
lea edx, [session_id_x]
|
||||
mov byte[edx], 'A'
|
||||
invoke sha256_update, [temp_ctx], edx, SHA256_HASH_SIZE+1
|
||||
invoke sha256_final, [temp_ctx]
|
||||
invoke sha2_256_update, [temp_ctx], edx, SHA2_256_LEN+1
|
||||
invoke sha2_256_finish, [temp_ctx]
|
||||
mov edi, [tx_iv]
|
||||
mov esi, [temp_ctx]
|
||||
mov ecx, SHA256_HASH_SIZE/4
|
||||
mov ecx, SHA2_256_LEN/4
|
||||
rep movsd
|
||||
|
||||
DEBUGF 1, "Remote IV: "
|
||||
stdcall dump_hex, [tx_iv], SHA256_HASH_SIZE/4
|
||||
stdcall dump_hex, [tx_iv], SHA2_256_LEN/4
|
||||
|
||||
;---------------------------------------------------------------
|
||||
; Initial IV server to client: HASH(K || H || "B" || session_id)
|
||||
|
||||
mov esi, [k_h_ctx]
|
||||
mov edi, [temp_ctx]
|
||||
mov ecx, sizeof.crash_ctx/4
|
||||
mov ecx, LIBCRASH_CTX_LEN/4
|
||||
rep movsd
|
||||
lea edx, [session_id_x]
|
||||
mov byte[edx], 'B'
|
||||
invoke sha256_update, [temp_ctx], edx, SHA256_HASH_SIZE+1
|
||||
invoke sha256_final, [temp_ctx]
|
||||
invoke sha2_256_update, [temp_ctx], edx, SHA2_256_LEN+1
|
||||
invoke sha2_256_finish, [temp_ctx]
|
||||
mov edi, [rx_iv]
|
||||
mov esi, [temp_ctx]
|
||||
mov ecx, SHA256_HASH_SIZE/4
|
||||
mov ecx, SHA2_256_LEN/4
|
||||
rep movsd
|
||||
|
||||
DEBUGF 1, "Local IV: "
|
||||
stdcall dump_hex, [rx_iv], SHA256_HASH_SIZE/4
|
||||
stdcall dump_hex, [rx_iv], SHA2_256_LEN/4
|
||||
|
||||
;-------------------------------------------------------------------
|
||||
; Encryption key client to server: HASH(K || H || "C" || session_id)
|
||||
|
||||
mov esi, [k_h_ctx]
|
||||
mov edi, [temp_ctx]
|
||||
mov ecx, sizeof.crash_ctx/4
|
||||
mov ecx, LIBCRASH_CTX_LEN/4
|
||||
rep movsd
|
||||
lea edx, [session_id_x]
|
||||
mov byte[edx], 'C'
|
||||
invoke sha256_update, [temp_ctx], edx, SHA256_HASH_SIZE+1
|
||||
invoke sha256_final, [temp_ctx]
|
||||
invoke sha2_256_update, [temp_ctx], edx, SHA2_256_LEN+1
|
||||
invoke sha2_256_finish, [temp_ctx]
|
||||
mov edi, [tx_enc_key]
|
||||
mov esi, [temp_ctx]
|
||||
mov ecx, SHA256_HASH_SIZE/4
|
||||
mov ecx, SHA2_256_LEN/4
|
||||
rep movsd
|
||||
|
||||
DEBUGF 1, "Remote key: "
|
||||
stdcall dump_hex, [tx_enc_key], SHA256_HASH_SIZE/4
|
||||
stdcall dump_hex, [tx_enc_key], SHA2_256_LEN/4
|
||||
|
||||
;-------------------------------------------------------------------
|
||||
; Encryption key server to client: HASH(K || H || "D" || session_id)
|
||||
|
||||
mov esi, [k_h_ctx]
|
||||
mov edi, [temp_ctx]
|
||||
mov ecx, sizeof.crash_ctx/4
|
||||
mov ecx, LIBCRASH_CTX_LEN/4
|
||||
rep movsd
|
||||
lea edx, [session_id_x]
|
||||
mov byte[edx], 'D'
|
||||
invoke sha256_update, [temp_ctx], edx, SHA256_HASH_SIZE+1
|
||||
invoke sha256_final, [temp_ctx]
|
||||
invoke sha2_256_update, [temp_ctx], edx, SHA2_256_LEN+1
|
||||
invoke sha2_256_finish, [temp_ctx]
|
||||
mov edi, [rx_enc_key]
|
||||
mov esi, [temp_ctx]
|
||||
mov ecx, SHA256_HASH_SIZE/4
|
||||
mov ecx, SHA2_256_LEN/4
|
||||
rep movsd
|
||||
|
||||
DEBUGF 1, "Local key: "
|
||||
stdcall dump_hex, [rx_enc_key], SHA256_HASH_SIZE/4
|
||||
stdcall dump_hex, [rx_enc_key], SHA2_256_LEN/4
|
||||
|
||||
;------------------------------------------------------------------
|
||||
; Integrity key client to server: HASH(K || H || "E" || session_id)
|
||||
|
||||
mov esi, [k_h_ctx]
|
||||
mov edi, [temp_ctx]
|
||||
mov ecx, sizeof.crash_ctx/4
|
||||
mov ecx, LIBCRASH_CTX_LEN/4
|
||||
rep movsd
|
||||
lea edx, [session_id_x]
|
||||
mov byte[edx], 'E'
|
||||
invoke sha256_update, [temp_ctx], edx, SHA256_HASH_SIZE+1
|
||||
invoke sha256_final, [temp_ctx]
|
||||
invoke sha2_256_update, [temp_ctx], edx, SHA2_256_LEN+1
|
||||
invoke sha2_256_finish, [temp_ctx]
|
||||
mov edi, [tx_int_key]
|
||||
mov esi, [temp_ctx]
|
||||
mov ecx, SHA256_HASH_SIZE/4
|
||||
mov ecx, SHA2_256_LEN/4
|
||||
rep movsd
|
||||
|
||||
DEBUGF 1, "Remote Integrity key: "
|
||||
stdcall dump_hex, [tx_int_key], SHA256_HASH_SIZE/4
|
||||
stdcall dump_hex, [tx_int_key], SHA2_256_LEN/4
|
||||
|
||||
;------------------------------------------------------------------
|
||||
; Integrity key server to client: HASH(K || H || "F" || session_id)
|
||||
|
||||
mov esi, [k_h_ctx]
|
||||
mov edi, [temp_ctx]
|
||||
mov ecx, sizeof.crash_ctx/4
|
||||
mov ecx, LIBCRASH_CTX_LEN/4
|
||||
rep movsd
|
||||
lea edx, [session_id_x]
|
||||
mov byte[edx], 'F'
|
||||
invoke sha256_update, [temp_ctx], edx, SHA256_HASH_SIZE+1
|
||||
invoke sha256_final, [temp_ctx]
|
||||
invoke sha2_256_update, [temp_ctx], edx, SHA2_256_LEN+1
|
||||
invoke sha2_256_finish, [temp_ctx]
|
||||
mov edi, [rx_int_key]
|
||||
mov esi, [temp_ctx]
|
||||
mov ecx, SHA256_HASH_SIZE/4
|
||||
mov ecx, SHA2_256_LEN/4
|
||||
rep movsd
|
||||
|
||||
DEBUGF 1, "Local Integrity key: "
|
||||
stdcall dump_hex, [rx_int_key] , SHA256_HASH_SIZE/4
|
||||
stdcall dump_hex, [rx_int_key] , SHA2_256_LEN/4
|
||||
|
||||
;-------------------------------------
|
||||
; << Parse Diffie-Hellman New Keys MSG
|
||||
@ -471,14 +470,14 @@ endl
|
||||
mov [ebx + sshlib_connection.tx_pad_proc], MBRandom
|
||||
|
||||
lea ecx, [ebx + sshlib_connection.rx_mac_ctx]
|
||||
stdcall hmac_sha256_setkey, ecx, [rx_int_key], SHA256_HASH_SIZE
|
||||
stdcall hmac_sha256_setkey, ecx, [rx_int_key], SHA2_256_LEN
|
||||
mov [ebx + sshlib_connection.rx_mac_proc], hmac_sha256
|
||||
mov [ebx + sshlib_connection.rx_mac_length], SHA256_HASH_SIZE
|
||||
mov [ebx + sshlib_connection.rx_mac_length], SHA2_256_LEN
|
||||
|
||||
lea ecx, [ebx + sshlib_connection.tx_mac_ctx]
|
||||
stdcall hmac_sha256_setkey, ecx, [tx_int_key], SHA256_HASH_SIZE
|
||||
stdcall hmac_sha256_setkey, ecx, [tx_int_key], SHA2_256_LEN
|
||||
mov [ebx + sshlib_connection.tx_mac_proc], hmac_sha256
|
||||
mov [ebx + sshlib_connection.tx_mac_length], SHA256_HASH_SIZE
|
||||
mov [ebx + sshlib_connection.tx_mac_length], SHA2_256_LEN
|
||||
|
||||
mov [ebx + sshlib_connection.status], SSHLIB_CON_STAT_KEX_DONE
|
||||
xor eax, eax
|
||||
@ -486,7 +485,7 @@ endl
|
||||
.err:
|
||||
push eax
|
||||
xor eax, eax
|
||||
mov ecx, (7*(MAX_BITS/8+4) + 7*SHA256_HASH_SIZE + 2*sizeof.crash_ctx)/4
|
||||
mov ecx, (7*(MAX_BITS/8+4) + 7*SHA2_256_LEN + 2*LIBCRASH_CTX_LEN)/4
|
||||
mov edi, [mpint_tmp]
|
||||
rep stosd
|
||||
|
||||
|
@ -134,11 +134,11 @@ endl
|
||||
|
||||
DEBUGF 3, "SSH: Performing RSA verification\n"
|
||||
|
||||
mcall 68, 12, sizeof.crash_ctx + 5*(MAX_BITS/8+4)
|
||||
mcall 68, 12, LIBCRASH_CTX_LEN + 5*(MAX_BITS/8+4)
|
||||
test eax, eax
|
||||
jz .err_nomem
|
||||
mov [h_ctx], eax
|
||||
add eax, sizeof.crash_ctx
|
||||
add eax, LIBCRASH_CTX_LEN
|
||||
mov [mpint_e], eax
|
||||
add eax, MAX_BITS/8+4
|
||||
mov [mpint_n], eax
|
||||
@ -211,7 +211,7 @@ endl
|
||||
; EMSA-PKCS1-v1_5
|
||||
invoke sha1_init, [h_ctx]
|
||||
invoke sha1_update, [h_ctx], [M], [message_len]
|
||||
invoke sha1_final, [h_ctx]
|
||||
invoke sha1_finish, [h_ctx]
|
||||
|
||||
mov edi, [EM_accent]
|
||||
mov al, 0x00
|
||||
@ -219,7 +219,7 @@ endl
|
||||
mov al, 0x01
|
||||
stosb
|
||||
mov ecx, [k]
|
||||
sub ecx, (rsa_sha1_T.len + 3 + SHA1_HASH_SIZE)
|
||||
sub ecx, (rsa_sha1_T.len + 3 + SHA1_LEN)
|
||||
jl .err_key
|
||||
jz @f
|
||||
mov al, 0xff
|
||||
@ -231,7 +231,7 @@ endl
|
||||
mov ecx, rsa_sha1_T.len
|
||||
rep movsb
|
||||
mov esi, [h_ctx]
|
||||
mov ecx, SHA1_HASH_SIZE
|
||||
mov ecx, SHA1_LEN
|
||||
rep movsb
|
||||
|
||||
pop esi
|
||||
@ -243,9 +243,9 @@ endl
|
||||
push esi
|
||||
|
||||
; EMSA-PKCS1-v1_5
|
||||
invoke sha256_init, [h_ctx]
|
||||
invoke sha256_update, [h_ctx], [M], [message_len]
|
||||
invoke sha256_final, [h_ctx]
|
||||
invoke sha2_256_init, [h_ctx]
|
||||
invoke sha2_256_update, [h_ctx], [M], [message_len]
|
||||
invoke sha2_256_finish, [h_ctx]
|
||||
|
||||
mov edi, [EM_accent]
|
||||
mov al, 0x00
|
||||
@ -253,7 +253,7 @@ endl
|
||||
mov al, 0x01
|
||||
stosb
|
||||
mov ecx, [k]
|
||||
sub ecx, (rsa_sha256_T.len + 3 + SHA256_HASH_SIZE)
|
||||
sub ecx, (rsa_sha256_T.len + 3 + SHA2_256_LEN)
|
||||
jl .err_key
|
||||
jz @f
|
||||
mov al, 0xff
|
||||
@ -265,7 +265,7 @@ endl
|
||||
mov ecx, rsa_sha256_T.len
|
||||
rep movsb
|
||||
mov esi, [h_ctx]
|
||||
mov ecx, SHA256_HASH_SIZE
|
||||
mov ecx, SHA2_256_LEN
|
||||
rep movsb
|
||||
|
||||
pop esi
|
||||
@ -277,9 +277,9 @@ endl
|
||||
push esi
|
||||
|
||||
; EMSA-PKCS1-v1_5
|
||||
invoke sha512_init, [h_ctx]
|
||||
invoke sha512_update, [h_ctx], [M], [message_len]
|
||||
invoke sha512_final, [h_ctx]
|
||||
invoke sha2_512_init, [h_ctx]
|
||||
invoke sha2_512_update, [h_ctx], [M], [message_len]
|
||||
invoke sha2_512_finish, [h_ctx]
|
||||
|
||||
mov edi, [EM_accent]
|
||||
mov al, 0x00
|
||||
@ -287,7 +287,7 @@ endl
|
||||
mov al, 0x01
|
||||
stosb
|
||||
mov ecx, [k]
|
||||
sub ecx, (rsa_sha512_T.len + 3 + SHA512_HASH_SIZE)
|
||||
sub ecx, (rsa_sha512_T.len + 3 + SHA2_512_LEN)
|
||||
jl .err_key
|
||||
jz @f
|
||||
mov al, 0xff
|
||||
@ -299,7 +299,7 @@ endl
|
||||
mov ecx, rsa_sha512_T.len
|
||||
rep movsb
|
||||
mov esi, [h_ctx]
|
||||
mov ecx, SHA512_HASH_SIZE
|
||||
mov ecx, SHA2_512_LEN
|
||||
rep movsb
|
||||
|
||||
pop esi
|
||||
|
Loading…
Reference in New Issue
Block a user