void ed25519_sign(unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *public_key, const unsigned char *private_key) {
sha512_context hash;
unsigned char hram[64];
unsigned char r[64];
ge_p3 R;
sha512_init(&hash);
sha512_update(&hash, private_key + 32, 32);
sha512_update(&hash, message, message_len);
sha512_final(&hash, r);
sc_reduce(r);
ge_scalarmult_base(&R, r);
ge_p3_tobytes(signature, &R);
sha512_init(&hash);
sha512_update(&hash, signature, 32);
sha512_update(&hash, public_key, 32);
sha512_update(&hash, message, message_len);
sha512_final(&hash, hram);
sc_reduce(hram);
sc_muladd(signature + 32, hram, private_key, r);
}
void _stdcall sha512_hmac(const void *k, size_t k_len, const void *d, size_t d_len, char *out)
{
sha512_ctx ctx;
unsigned char buf[SHA512_BLOCK_SIZE];
unsigned char hval[SHA512_DIGEST_SIZE];
unsigned long i;
// zero key buffer
memset(buf, 0, sizeof(buf));
// compress hmac key
if (k_len > SHA512_BLOCK_SIZE) {
sha512_init(&ctx);
sha512_hash(&ctx, (const unsigned char*)k, k_len);
sha512_done(&ctx, buf);
} else {
memcpy(buf, k, k_len);
}
// create the hash initial vector
for (i = 0; i < (SHA512_BLOCK_SIZE / 4); i++) {
((unsigned long*)buf)[i] ^= 0x36363636;
}
// hash key and data
sha512_init(&ctx);
sha512_hash(&ctx, buf, SHA512_BLOCK_SIZE);
sha512_hash(&ctx, (const unsigned char*)d, d_len);
sha512_done(&ctx, hval);
// create the second HMAC vector
for (i = 0; i < (SHA512_BLOCK_SIZE / 4); i++) {
((unsigned long*)buf)[i] ^= 0x6A6A6A6A;
}
// calculate "outer" hash
sha512_init(&ctx);
sha512_hash(&ctx, buf, SHA512_BLOCK_SIZE);
sha512_hash(&ctx, hval, SHA512_DIGEST_SIZE);
sha512_done(&ctx, (unsigned char*)out);
// test buffers size alignment at compile-time
static_assert( !(sizeof(buf) % sizeof(unsigned long)), "sizeof must be 4 byte aligned");
static_assert( !(sizeof(hval) % sizeof(unsigned long)), "sizeof must be 4 byte aligned");
static_assert( !(sizeof(ctx) % sizeof(unsigned long)), "sizeof must be 4 byte aligned");
// prevent leaks
__stosd((unsigned long*)&buf, 0, (sizeof(buf) / sizeof(unsigned long)));
__stosd((unsigned long*)&hval, 0, (sizeof(hval) / sizeof(unsigned long)));
__stosd((unsigned long*)&ctx, 0, (sizeof(ctx) / sizeof(unsigned long)));
}
static bool hmac_sha512(const char *key, size_t keylen, const char *msg, size_t msglen, char *out) {
char tmp[2 * mdlen];
sha512_context md;
if(keylen <= mdlen) {
memcpy(tmp, key, keylen);
memset(tmp + keylen, 0, mdlen - keylen);
} else {
if(sha512(key, keylen, tmp) != 0)
return false;
}
if(sha512_init(&md) != 0)
return false;
// ipad
memxor(tmp, 0x36, mdlen);
if(sha512_update(&md, tmp, mdlen) != 0)
return false;
// message
if(sha512_update(&md, msg, msglen) != 0)
return false;
if(sha512_final(&md, tmp + mdlen) != 0)
return false;
// opad
memxor(tmp, 0x36 ^ 0x5c, mdlen);
if(sha512(tmp, sizeof tmp, out) != 0)
return false;
return true;
}
int
goldilocks_derive_private_key (
struct goldilocks_private_key_t *privkey,
const unsigned char proto[GOLDI_SYMKEY_BYTES]
) {
if (!goldilocks_check_init()) {
return GOLDI_EUNINIT;
}
memcpy(&privkey->opaque[2*GOLDI_FIELD_BYTES], proto, GOLDI_SYMKEY_BYTES);
unsigned char skb[SHA512_OUTPUT_BYTES];
word_t sk[GOLDI_FIELD_WORDS];
assert(sizeof(skb) >= sizeof(sk));
struct sha512_ctx_t ctx;
struct tw_extensible_t exta;
struct field_t pk;
sha512_init(&ctx);
sha512_update(&ctx, (const unsigned char *)"derivepk", GOLDI_DIVERSIFY_BYTES);
sha512_update(&ctx, proto, GOLDI_SYMKEY_BYTES);
sha512_final(&ctx, (unsigned char *)skb);
barrett_deserialize_and_reduce(sk, skb, SHA512_OUTPUT_BYTES, &curve_prime_order);
barrett_serialize(privkey->opaque, sk, GOLDI_FIELD_BYTES);
scalarmul_fixed_base(&exta, sk, GOLDI_SCALAR_BITS, &goldilocks_global.fixed_base);
untwist_and_double_and_serialize(&pk, &exta);
field_serialize(&privkey->opaque[GOLDI_FIELD_BYTES], &pk);
return GOLDI_EOK;
}
unsigned char* sha512_MemBlock(const unsigned char* msg, size_t size, HASH_ctx* ctx)
{
sha512_init(ctx);
sha512_update(ctx, msg, size);
sha512_final(ctx, msg, size);
return ctx->SHA512_result;
}
ssh_mac_ctx ssh_mac_ctx_init(enum ssh_mac_e type){
ssh_mac_ctx ctx = malloc(sizeof(struct ssh_mac_ctx_struct));
if (ctx == NULL) {
return NULL;
}
ctx->mac_type=type;
switch(type){
case SSH_MAC_SHA1:
ctx->ctx.sha1_ctx = sha1_init();
return ctx;
case SSH_MAC_SHA256:
ctx->ctx.sha256_ctx = sha256_init();
return ctx;
case SSH_MAC_SHA384:
ctx->ctx.sha384_ctx = sha384_init();
return ctx;
case SSH_MAC_SHA512:
ctx->ctx.sha512_ctx = sha512_init();
return ctx;
default:
SAFE_FREE(ctx);
return NULL;
}
}
void sha512_hmac(const char *k, size_t k_len, const char *d, size_t d_len, char *out)
{
sha512_ctx ctx;
u8 buf[SHA512_BLOCK_SIZE];
u8 hval[SHA512_DIGEST_SIZE];
size_t i;
/* zero key buffer */
zeroauto(buf, sizeof(buf));
/* compress hmac key */
if (k_len > SHA512_BLOCK_SIZE) {
sha512_init(&ctx);
sha512_hash(&ctx, k, k_len);
sha512_done(&ctx, buf);
} else {
mincpy(buf, k, k_len);
}
/* create the hash initial vector */
for (i = 0; i < SHA512_BLOCK_SIZE; i++) {
buf[i] ^= 0x36;
}
/* hash key and data */
sha512_init(&ctx);
sha512_hash(&ctx, buf, SHA512_BLOCK_SIZE);
sha512_hash(&ctx, d, d_len);
sha512_done(&ctx, hval);
/* create the second HMAC vector */
for (i = 0; i < SHA512_BLOCK_SIZE; i++) {
buf[i] ^= 0x6A;
}
/* calculate "outer" hash */
sha512_init(&ctx);
sha512_hash(&ctx, buf, SHA512_BLOCK_SIZE);
sha512_hash(&ctx, hval, SHA512_DIGEST_SIZE);
sha512_done(&ctx, out);
/* prevent leaks */
zeroauto(buf, sizeof(buf));
zeroauto(hval, sizeof(hval));
zeroauto(&ctx, sizeof(ctx));
}
void sha512(unsigned char *digest, int len, unsigned char *hash)
{
SHA512CTX c = sha512_init();
if (c != NULL) {
sha512_update(c, digest, len);
sha512_final(hash, c);
}
}
void hmac_sha512_init(hmac_sha512_ctx *ctx, unsigned char *key,
unsigned int key_size)
{
unsigned int fill;
unsigned int num;
unsigned char *key_used;
unsigned char key_temp[SHA512_DIGEST_SIZE];
int i;
if (key_size == SHA512_BLOCK_SIZE) {
key_used = key;
num = SHA512_BLOCK_SIZE;
} else {
if (key_size > SHA512_BLOCK_SIZE){
key_used = key_temp;
num = SHA512_DIGEST_SIZE;
sha512(key, key_size, key_used);
} else { /* key_size > SHA512_BLOCK_SIZE */
key_used = key;
num = key_size;
}
fill = SHA512_BLOCK_SIZE - num;
memset(ctx->block_ipad + num, 0x36, fill);
memset(ctx->block_opad + num, 0x5c, fill);
}
for (i = 0; i < num; i++) {
ctx->block_ipad[i] = key_used[i] ^ 0x36;
ctx->block_opad[i] = key_used[i] ^ 0x5c;
}
sha512_init(&ctx->ctx_inside);
sha512_update(&ctx->ctx_inside, ctx->block_ipad, SHA512_BLOCK_SIZE);
sha512_init(&ctx->ctx_outside);
sha512_update(&ctx->ctx_outside, ctx->block_opad,
SHA512_BLOCK_SIZE);
/* for hmac_reinit */
memcpy(&ctx->ctx_inside_reinit, &ctx->ctx_inside,
sizeof(sha512_ctx));
memcpy(&ctx->ctx_outside_reinit, &ctx->ctx_outside,
sizeof(sha512_ctx));
}
void sha512(const unsigned char *message, unsigned int len,
unsigned char *digest)
{
sha512_ctx ctx;
sha512_init(&ctx);
sha512_update(&ctx, message, len);
sha512_final(&ctx, digest);
}
void SHA512Hash::Reset()
{
CoreAssert(this != NULL);
delete [] m_hash; m_hash = NULL;
delete [] m_hashString; m_hashString = NULL;
sha512_init(&m_state);
}
int main(int argc, char **argv) {
unsigned char *x;
unsigned long long xlen;
if (argv[0])
if (argv[1]) {
if (str_equal(argv[1], "-h"))
die_usage(0);
}
/* get password */
x = (unsigned char *)env_get("PASSWORD");
if (!x) { errno = 0; die_usage("$PASSWORD not set"); }
xlen = str_len((char *)x);
/* create salt */
randombytes(s, sizeof s);
/* derive key */
if (sha512hmacpbkdf2(h, sizeof h, x, xlen, s, sizeof s, ROUNDS) == -1) die_fatal("unable to derive keys", 0);
byte_zero(x, xlen);
/* create nonce */
randombytes(n, sizeof n);
uint64_pack(n, nanoseconds());
sha512(nk, (unsigned char *)MAGIC, MAGICBYTES);
crypto_block_aes256vulnerable(n, n, nk);
/* initialize */
crypto_init(&ctx, n, h, MAGIC);
randombytes(h, sizeof h);
sha512_init(&shactx);
/* write header */
if (writeall(1, MAGIC, MAGICBYTES) == -1) die_fatal("unable to write output", 0);
if (writeall(1, s, sizeof s) == -1) die_fatal("unable to write output", 0);
randombytes(s, sizeof s);
if (writeall(1, n, sizeof n) == -1) die_fatal("unable to write output", 0);
for (;;) {
inlen = readblock(in, BLOCK);
if (inlen != BLOCK) break;
if (sha512_block(&shactx, in, inlen) != 0) die_fatal("unable to compute hash", 0);
if (crypto_block(&ctx, in, inlen) != 0) die_fatal("unable to encrypt stream", 0);
if (writeall(1, in, inlen) == -1) die_fatal("unable to write output", 0);
}
if (sha512_last(&shactx, h, in, inlen) != 0) die_fatal("unable to compute hash", 0);
byte_copy(in + inlen, CHECKSUMBYTES, h);
inlen += CHECKSUMBYTES;
if (crypto_last(&ctx, in, inlen) != 0) die_fatal("unable to encrypt stream", 0);
if (writeall(1, in, inlen) == -1) die_fatal("unable to write output", 0);
if (fsyncfd(1) == -1) die_fatal("unable to write output", 0);
cleanup();
_exit(0);
}
CAMLexport value stub_sha512_init(value unit)
{
CAMLparam1(unit);
CAMLlocal1(result);
result = caml_alloc(sizeof(struct sha512_ctx), Abstract_tag);
sha512_init(GET_CTX_STRUCT(result));
CAMLreturn(result);
}
void protoshares_process_8(minerProtosharesBlock_t* block)
{
// generate mid hash using sha256 (header hash)
uint8 midHash[32];
sha256_ctx c256;
sha256_init(&c256);
sha256_update(&c256, (unsigned char*)block, 80);
sha256_final(&c256, midHash);
sha256_init(&c256);
sha256_update(&c256, (unsigned char*)midHash, 32);
sha256_final(&c256, midHash);
// init collision map
if( __collisionMap == NULL )
__collisionMap = (uint32*)malloc(sizeof(uint32)*COLLISION_TABLE_SIZE);
uint32* collisionIndices = __collisionMap;
memset(collisionIndices, 0x00, sizeof(uint32)*COLLISION_TABLE_SIZE);
// start search
// uint8 midHash[64];
uint8 tempHash[32+4];
sha512_ctx c512;
uint64 resultHashStorage[8*CACHED_HASHES];
memcpy(tempHash+4, midHash, 32);
for(uint32 n=0; n<MAX_MOMENTUM_NONCE; n += BIRTHDAYS_PER_HASH * CACHED_HASHES)
{
if( block->height != monitorCurrentBlockHeight )
break;
for(uint32 m=0; m<CACHED_HASHES; m++)
{
sha512_init(&c512);
*(uint32*)tempHash = n+m*8;
sha512_update_final(&c512, tempHash, 32+4, (unsigned char*)(resultHashStorage+8*m));
}
for(uint32 m=0; m<CACHED_HASHES; m++)
{
uint64* resultHash = resultHashStorage + 8*m;
uint32 i = n + m*8;
for(uint32 f=0; f<8; f++)
{
uint64 birthday = resultHash[f] >> (64ULL-SEARCH_SPACE_BITS);
uint32 collisionKey = (uint32)((birthday>>18) & COLLISION_KEY_MASK);
birthday %= COLLISION_TABLE_SIZE;
if( collisionIndices[birthday] )
{
if( ((collisionIndices[birthday]&COLLISION_KEY_MASK) != collisionKey) || protoshares_revalidateCollision(block, midHash, collisionIndices[birthday]&~COLLISION_KEY_MASK, i+f) == false )
{
// invalid collision -> ignore
}
}
collisionIndices[birthday] = i+f | collisionKey; // we have 6 bits available for validation
}
}
}
}
std::string BackupServerPrepareHash::hash_with_patch(IFile *f, IFile *patch)
{
sha512_init(&ctx);
chunk_patcher.ApplyPatch(f, patch);
std::string ret;
ret.resize(64);
sha512_final(&ctx, (unsigned char*)&ret[0]);
return ret;
}
void sha512_1(sha512_hash_t* dest, const void* msg, uint32_t length_b) {
sha512_ctx_t ctx;
sha512_init(&ctx);
while(length_b >= 1024) {
sha512_nextBlock(&ctx, msg);
msg = (uint8_t*)msg + 1024/8;
length_b -= 1024;
}
sha512_lastBlock(&ctx, msg, length_b);
sha512_ctx2hash(dest, &ctx);
}
int sha512(const unsigned char *message, size_t message_len, unsigned char *out)
{
sha512_context ctx;
int ret;
ret = sha512_init(&ctx);
if (ret) return ret;
ret = sha512_update(&ctx, message, message_len);
if (ret) return ret;
ret = sha512_final(&ctx, out);
if (ret) return ret;
return 0;
}
static void * sha512_ctx_alloc( void )
{
sha512_context *ctx;
ctx = (sha512_context *) polarssl_malloc( sizeof( sha512_context ) );
if( ctx == NULL )
return( NULL );
sha512_init( ctx );
return( ctx );
}
int sha512(const void *message, size_t message_len, void *out)
{
sha512_context ctx;
int ret;
if ((ret = sha512_init(&ctx)))
return ret;
if ((ret = sha512_update(&ctx, message, message_len)))
return ret;
if ((ret = sha512_final(&ctx, out)))
return ret;
return 0;
}
ssh_string SshAgentSignEcdsaSha512(uint8_t* data, int dataSize, ssh_key key, uint32_t flags)
{
// Compute the hash.
unsigned char hash[SHA384_DIGEST_LEN] = {0};
SHACTX ctx;
ctx = sha512_init();
if (ctx == NULL)
{
return NULL;
}
sha512_update(ctx, data, dataSize);
sha512_final(hash, ctx); // This release ctx.
// Sign the hash.
ECDSA_SIG* sig = NULL;
sig = ECDSA_do_sign(hash, sizeof(hash), key->ecdsa);
if (sig == NULL)
{
return NULL;
}
// Format the signature in a blob of the form:
// blobLength[ typeNameLength[ typeName ] signatureLength[ rLength[ r ] sLength[ s ] ] ]
int rMpiLength = BN_bn2mpi(sig->r, NULL);
int sMpiLength = BN_bn2mpi(sig->s, NULL);
int signatureLength = rMpiLength + sMpiLength;
int typeNameLength = 19;
int blobLength = 8 + typeNameLength + signatureLength;
uint8_t* signatureBlob = malloc(4 + blobLength);
if (signatureBlob == NULL)
{
return NULL;
}
pack32(signatureBlob, blobLength);
int index = 4;
pack32(signatureBlob + index, typeNameLength);
index += 4;
memcpy(signatureBlob + index, "ecdsa-sha2-nistp521", typeNameLength);
index += typeNameLength;
pack32(signatureBlob + 15, signatureLength);
index += 4;
BN_bn2mpi(sig->r, signatureBlob + index);
index += rMpiLength;
BN_bn2mpi(sig->s, signatureBlob + index);
return (ssh_string)signatureBlob;
}
static int sha512_monte_carlo_core (
const char *seed,
const char *checks[100]
) {
struct sha512_ctx_t sha;
sha512_init(&sha);
unsigned char md0[64],md1[64],md2[64];
int ret = hexdecode(md0,seed,64);
if (ret) {
youfail();
printf(" SHA-512 NIST Monte Carlo validation seed hex decode failure.\n");
return -1;
}
int i,j;
memcpy(md1,md0,sizeof(md1));
memcpy(md2,md0,sizeof(md1));
for (j=0; j<100; j++) {
for (i=3; i<1003; i++) {
sha512_update(&sha,md0,sizeof(md0));
sha512_update(&sha,md1,sizeof(md1));
sha512_update(&sha,md2,sizeof(md2));
memcpy(md0,md1,sizeof(md1));
memcpy(md1,md2,sizeof(md1));
sha512_final(&sha,md2);
}
ret = hexdecode(md0,checks[j],64);
if (ret) {
youfail();
printf(" SHA-512 NIST Monte Carlo validation hex decode failure at iteration %d\n", j);
return -1;
} else if (memcmp(md0,md2,sizeof(md2))) {
youfail();
printf(" SHA-512 NIST Monte Carlo validation failure at iteration %d\n", j);
hexprint(" Expected", md0, 64);
hexprint(" But got ", md2, 64);
return j+1;
}
memcpy(md0,md2,sizeof(md1));
memcpy(md1,md2,sizeof(md1));
}
return 0;
}
ssh_string SshAgentSignRsaSha512(uint8_t* data, int dataSize, ssh_key key, uint32_t flags)
{
// Compute the hash.
unsigned char hash[SHA512_DIGEST_LEN] = {0};
SHACTX ctx;
ctx = sha512_init();
if (ctx == NULL)
{
return NULL;
}
sha512_update(ctx, data, dataSize);
sha512_final(hash, ctx); // This release ctx.
// Prepare the buffer to hold the signature in a blob of the form:
// signatureBlobLength[ signatureTypeLength[ signatureType ] signatureLength[ signature ] ]
int signatureTypeLength = 12;
int signatureLength = RSA_size(key->rsa);
int signatureBlobLength = 8 + signatureTypeLength + signatureLength;
uint8_t* signatureBlob = malloc(4 + signatureBlobLength);
if (signatureBlob == NULL)
{
return NULL;
}
pack32(signatureBlob, signatureBlobLength);
int index = 4;
pack32(signatureBlob + index, signatureTypeLength);
index += 4;
memcpy(signatureBlob + index, "rsa-sha2-512", signatureTypeLength);
index += signatureTypeLength;
pack32(signatureBlob + 15, signatureLength);
index += 4;
// Sign the hash in place in the signature blob buffer.
unsigned int len;
int result = RSA_sign(NID_sha512, hash, sizeof(hash), signatureBlob + index, &len, key->rsa);
if (result != 1)
{
free(signatureBlob);
return NULL;
}
return (ssh_string)signatureBlob;
}
/**
Self-test the hash
@return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled
*/
int sha512_test(void)
{
#ifndef LTC_TEST
return CRYPT_NOP;
#else
static const struct {
char *msg;
unsigned char hash[64];
} tests[] = {
{ "abc",
{ 0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba,
0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31,
0x12, 0xe6, 0xfa, 0x4e, 0x89, 0xa9, 0x7e, 0xa2,
0x0a, 0x9e, 0xee, 0xe6, 0x4b, 0x55, 0xd3, 0x9a,
0x21, 0x92, 0x99, 0x2a, 0x27, 0x4f, 0xc1, 0xa8,
0x36, 0xba, 0x3c, 0x23, 0xa3, 0xfe, 0xeb, 0xbd,
0x45, 0x4d, 0x44, 0x23, 0x64, 0x3c, 0xe8, 0x0e,
0x2a, 0x9a, 0xc9, 0x4f, 0xa5, 0x4c, 0xa4, 0x9f }
},
{ "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
{ 0x8e, 0x95, 0x9b, 0x75, 0xda, 0xe3, 0x13, 0xda,
0x8c, 0xf4, 0xf7, 0x28, 0x14, 0xfc, 0x14, 0x3f,
0x8f, 0x77, 0x79, 0xc6, 0xeb, 0x9f, 0x7f, 0xa1,
0x72, 0x99, 0xae, 0xad, 0xb6, 0x88, 0x90, 0x18,
0x50, 0x1d, 0x28, 0x9e, 0x49, 0x00, 0xf7, 0xe4,
0x33, 0x1b, 0x99, 0xde, 0xc4, 0xb5, 0x43, 0x3a,
0xc7, 0xd3, 0x29, 0xee, 0xb6, 0xdd, 0x26, 0x54,
0x5e, 0x96, 0xe5, 0x5b, 0x87, 0x4b, 0xe9, 0x09 }
},
};
int i;
unsigned char tmp[64];
hash_state md;
for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) {
sha512_init(&md);
sha512_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg));
sha512_done(&md, tmp);
if (XMEMCMP(tmp, tests[i].hash, 64) != 0) {
return CRYPT_FAIL_TESTVECTOR;
}
}
return CRYPT_OK;
#endif
}
static int
derive_key_internal(pairing_session_t *session, const unsigned char *salt, unsigned int saltlen, unsigned char *key, unsigned int keylen)
{
sha512_context ctx;
unsigned char hash[64];
if (keylen > sizeof(hash)) {
return -1;
}
sha512_init(&ctx);
sha512_update(&ctx, salt, saltlen);
sha512_update(&ctx, session->ecdh_secret, 32);
sha512_final(&ctx, hash);
memcpy(key, hash, keylen);
return 0;
}
static void
goldilocks_derive_challenge(
word_t challenge[GOLDI_FIELD_WORDS],
const unsigned char pubkey[GOLDI_FIELD_BYTES],
const unsigned char gnonce[GOLDI_FIELD_BYTES],
const unsigned char *message,
uint64_t message_len
) {
/* challenge = H(pk, [nonceG], message). */
unsigned char sha_out[SHA512_OUTPUT_BYTES];
struct sha512_ctx_t ctx;
sha512_init(&ctx);
sha512_update(&ctx, pubkey, GOLDI_FIELD_BYTES);
sha512_update(&ctx, gnonce, GOLDI_FIELD_BYTES);
sha512_update(&ctx, message, message_len);
sha512_final(&ctx, sha_out);
barrett_deserialize_and_reduce(challenge, sha_out, sizeof(sha_out), &curve_prime_order);
}
void sha512_hash_buffer(unsigned char *ib, int ile, unsigned char *ob, unsigned int ole)
{
sha512_context ctx;
unsigned int length;
if (ole < 1)
return;
memset(ob, 0, ole);
if (ole > 64)
ole = 64;
sha512_init(&ctx);
sha512_write(&ctx, ib, ile);
SECStatus status = PK11_DigestFinal(ctx.ctx_nss, ob, &length, ole);
PR_ASSERT(length == ole);
PR_ASSERT(status == SECSuccess);
PK11_DestroyContext(ctx.ctx_nss, PR_TRUE);
DBG(DBG_CRYPT, DBG_log("NSS: sha512 final end"));
}
static inline int sha512_file(char *filename, uint8_t *digest)
{
#define BLKSIZE 4096
unsigned char buf[BLKSIZE];
int fd; ssize_t n;
struct sha512_ctx ctx;
fd = open(filename, O_RDONLY);
if (fd == -1)
return 1;
sha512_init(&ctx);
while ((n = read(fd, buf, BLKSIZE)) > 0)
sha512_update(&ctx, buf, n);
if (n == 0)
sha512_finalize(&ctx, digest);
close(fd);
return n < 0;
#undef BLKSIZE
}
static int
_digest_nettle(int algo, uint8_t* buf, size_t len,
unsigned char* res)
{
switch(algo) {
case SHA1_DIGEST_SIZE:
{
struct sha1_ctx ctx;
sha1_init(&ctx);
sha1_update(&ctx, len, buf);
sha1_digest(&ctx, SHA1_DIGEST_SIZE, res);
return 1;
}
case SHA256_DIGEST_SIZE:
{
struct sha256_ctx ctx;
sha256_init(&ctx);
sha256_update(&ctx, len, buf);
sha256_digest(&ctx, SHA256_DIGEST_SIZE, res);
return 1;
}
case SHA384_DIGEST_SIZE:
{
struct sha384_ctx ctx;
sha384_init(&ctx);
sha384_update(&ctx, len, buf);
sha384_digest(&ctx, SHA384_DIGEST_SIZE, res);
return 1;
}
case SHA512_DIGEST_SIZE:
{
struct sha512_ctx ctx;
sha512_init(&ctx);
sha512_update(&ctx, len, buf);
sha512_digest(&ctx, SHA512_DIGEST_SIZE, res);
return 1;
}
default:
break;
}
return 0;
}
std::string BackupServerPrepareHash::hash(IFile *f)
{
f->Seek(0);
unsigned char buf[4096];
_u32 rc;
sha512_init(&ctx);
do
{
rc=f->Read((char*)buf, 4096);
if(rc>0)
sha512_update(&ctx, buf, rc);
}
while(rc==4096);
std::string ret;
ret.resize(64);
sha512_final(&ctx, (unsigned char*)&ret[0]);
return ret;
}
static void rnd_pool_mix()
{
sha512_ctx sha_ctx;
int i, n;
u8 hval[SHA512_DIGEST_SIZE];
for (i = 0; i < RNG_POOL_SIZE; i += SHA512_DIGEST_SIZE)
{
sha512_init(&sha_ctx);
sha512_hash(&sha_ctx, rnd_pool, sizeof(rnd_pool));
sha512_done(&sha_ctx, hval);
for (n = 0; n < SHA512_DIGEST_SIZE; n++) {
rnd_pool[i + n] += hval[n];
}
}
/* Prevent leaks */
zeroauto(hval, sizeof(hval));
zeroauto(&sha_ctx, sizeof(sha_ctx));
}
