about summary refs log tree commit diff stats
path: root/gba
diff options
context:
space:
mode:
Diffstat (limited to 'gba')
-rw-r--r--gba/source/blake2.c322
-rw-r--r--gba/source/blake2.h74
-rw-r--r--gba/source/serialize.c51
-rw-r--r--gba/source/sha2.c471
-rw-r--r--gba/source/sha2.h74
5 files changed, 416 insertions, 576 deletions
diff --git a/gba/source/blake2.c b/gba/source/blake2.c new file mode 100644 index 0000000..4a09c71 --- /dev/null +++ b/gba/source/blake2.c
@@ -0,0 +1,322 @@
1/*
2 BLAKE2 reference source code package - reference C implementations
3
4 Copyright 2012, Samuel Neves <sneves@dei.uc.pt>. You may use this under the
5 terms of the CC0, the OpenSSL Licence, or the Apache Public License 2.0, at
6 your option. The terms of these licenses can be found at:
7
8 - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
9 - OpenSSL license : https://www.openssl.org/source/license.html
10 - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0
11
12 More information about the BLAKE2 hash function can be found at
13 https://blake2.net.
14*/
15
16#include <stdint.h>
17#include <string.h>
18#include <stdio.h>
19
20#include "blake2.h"
21
22#define BLAKE2_INLINE
23
24static BLAKE2_INLINE uint32_t load32( const void *src )
25{
26 uint32_t w;
27 memcpy(&w, src, sizeof w);
28 return w;
29}
30
31static BLAKE2_INLINE void store16( void *dst, uint16_t w )
32{
33 memcpy(dst, &w, sizeof w);
34}
35
36static BLAKE2_INLINE void store32( void *dst, uint32_t w )
37{
38 memcpy(dst, &w, sizeof w);
39}
40
41static BLAKE2_INLINE uint32_t rotr32( const uint32_t w, const unsigned c )
42{
43 return ( w >> c ) | ( w << ( 32 - c ) );
44}
45
46/* prevents compiler optimizing out memset() */
47static BLAKE2_INLINE void secure_zero_memory(void *v, size_t n)
48{
49 static void *(*const volatile memset_v)(void *, int, size_t) = &memset;
50 memset_v(v, 0, n);
51}
52
53static const uint32_t blake2s_IV[8] =
54{
55 0x6A09E667UL, 0xBB67AE85UL, 0x3C6EF372UL, 0xA54FF53AUL,
56 0x510E527FUL, 0x9B05688CUL, 0x1F83D9ABUL, 0x5BE0CD19UL
57};
58
59static const uint8_t blake2s_sigma[10][16] =
60{
61 { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } ,
62 { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } ,
63 { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 } ,
64 { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 } ,
65 { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 } ,
66 { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 } ,
67 { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 } ,
68 { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 } ,
69 { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 } ,
70 { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 } ,
71};
72
73static void blake2s_set_lastnode( blake2s_state *S )
74{
75 S->f[1] = (uint32_t)-1;
76}
77
78/* Some helper functions, not necessarily useful */
79static int blake2s_is_lastblock( const blake2s_state *S )
80{
81 return S->f[0] != 0;
82}
83
84static void blake2s_set_lastblock( blake2s_state *S )
85{
86 if( S->last_node ) blake2s_set_lastnode( S );
87
88 S->f[0] = (uint32_t)-1;
89}
90
91static void blake2s_increment_counter( blake2s_state *S, const uint32_t inc )
92{
93 S->t[0] += inc;
94 S->t[1] += ( S->t[0] < inc );
95}
96
97static void blake2s_init0( blake2s_state *S )
98{
99 size_t i;
100 memset( S, 0, sizeof( blake2s_state ) );
101
102 for( i = 0; i < 8; ++i ) S->h[i] = blake2s_IV[i];
103}
104
105/* init2 xors IV with input parameter block */
106int blake2s_init_param( blake2s_state *S, const blake2s_param *P )
107{
108 const unsigned char *p = ( const unsigned char * )( P );
109 size_t i;
110
111 blake2s_init0( S );
112
113 /* IV XOR ParamBlock */
114 for( i = 0; i < 8; ++i )
115 S->h[i] ^= load32( &p[i * 4] );
116
117 S->outlen = P->digest_length;
118 return 0;
119}
120
121
122/* Sequential blake2s initialization */
123int blake2s_init( blake2s_state *S, size_t outlen )
124{
125 blake2s_param P[1];
126
127 /* Move interval verification here? */
128 if ( ( !outlen ) || ( outlen > BLAKE2S_OUTBYTES ) ) return -1;
129
130 P->digest_length = (uint8_t)outlen;
131 P->key_length = 0;
132 P->fanout = 1;
133 P->depth = 1;
134 store32( &P->leaf_length, 0 );
135 store32( &P->node_offset, 0 );
136 store16( &P->xof_length, 0 );
137 P->node_depth = 0;
138 P->inner_length = 0;
139 /* memset(P->reserved, 0, sizeof(P->reserved) ); */
140 memset( P->salt, 0, sizeof( P->salt ) );
141 memset( P->personal, 0, sizeof( P->personal ) );
142 return blake2s_init_param( S, P );
143}
144
145int blake2s_init_key( blake2s_state *S, size_t outlen, const void *key, size_t keylen )
146{
147 blake2s_param P[1];
148
149 if ( ( !outlen ) || ( outlen > BLAKE2S_OUTBYTES ) ) return -1;
150
151 if ( !key || !keylen || keylen > BLAKE2S_KEYBYTES ) return -1;
152
153 P->digest_length = (uint8_t)outlen;
154 P->key_length = (uint8_t)keylen;
155 P->fanout = 1;
156 P->depth = 1;
157 store32( &P->leaf_length, 0 );
158 store32( &P->node_offset, 0 );
159 store16( &P->xof_length, 0 );
160 P->node_depth = 0;
161 P->inner_length = 0;
162 /* memset(P->reserved, 0, sizeof(P->reserved) ); */
163 memset( P->salt, 0, sizeof( P->salt ) );
164 memset( P->personal, 0, sizeof( P->personal ) );
165
166 if( blake2s_init_param( S, P ) < 0 ) return -1;
167
168 {
169 uint8_t block[BLAKE2S_BLOCKBYTES];
170 memset( block, 0, BLAKE2S_BLOCKBYTES );
171 memcpy( block, key, keylen );
172 blake2s_update( S, block, BLAKE2S_BLOCKBYTES );
173 secure_zero_memory( block, BLAKE2S_BLOCKBYTES ); /* Burn the key from stack */
174 }
175 return 0;
176}
177
178#define G(r,i,a,b,c,d) \
179 do { \
180 a = a + b + m[blake2s_sigma[r][2*i+0]]; \
181 d = rotr32(d ^ a, 16); \
182 c = c + d; \
183 b = rotr32(b ^ c, 12); \
184 a = a + b + m[blake2s_sigma[r][2*i+1]]; \
185 d = rotr32(d ^ a, 8); \
186 c = c + d; \
187 b = rotr32(b ^ c, 7); \
188 } while(0)
189
190#define ROUND(r) \
191 do { \
192 G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \
193 G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \
194 G(r,2,v[ 2],v[ 6],v[10],v[14]); \
195 G(r,3,v[ 3],v[ 7],v[11],v[15]); \
196 G(r,4,v[ 0],v[ 5],v[10],v[15]); \
197 G(r,5,v[ 1],v[ 6],v[11],v[12]); \
198 G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \
199 G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \
200 } while(0)
201
202static void blake2s_compress( blake2s_state *S, const uint8_t in[BLAKE2S_BLOCKBYTES] )
203{
204 uint32_t m[16];
205 uint32_t v[16];
206 size_t i;
207
208 for( i = 0; i < 16; ++i ) {
209 m[i] = load32( in + i * sizeof( m[i] ) );
210 }
211
212 for( i = 0; i < 8; ++i ) {
213 v[i] = S->h[i];
214 }
215
216 v[ 8] = blake2s_IV[0];
217 v[ 9] = blake2s_IV[1];
218 v[10] = blake2s_IV[2];
219 v[11] = blake2s_IV[3];
220 v[12] = S->t[0] ^ blake2s_IV[4];
221 v[13] = S->t[1] ^ blake2s_IV[5];
222 v[14] = S->f[0] ^ blake2s_IV[6];
223 v[15] = S->f[1] ^ blake2s_IV[7];
224
225 ROUND( 0 );
226 ROUND( 1 );
227 ROUND( 2 );
228 ROUND( 3 );
229 ROUND( 4 );
230 ROUND( 5 );
231 ROUND( 6 );
232 ROUND( 7 );
233 ROUND( 8 );
234 ROUND( 9 );
235
236 for( i = 0; i < 8; ++i ) {
237 S->h[i] = S->h[i] ^ v[i] ^ v[i + 8];
238 }
239}
240
241#undef G
242#undef ROUND
243
244int blake2s_update( blake2s_state *S, const void *pin, size_t inlen )
245{
246 const unsigned char * in = (const unsigned char *)pin;
247 if( inlen > 0 )
248 {
249 size_t left = S->buflen;
250 size_t fill = BLAKE2S_BLOCKBYTES - left;
251 if( inlen > fill )
252 {
253 S->buflen = 0;
254 memcpy( S->buf + left, in, fill ); /* Fill buffer */
255 blake2s_increment_counter( S, BLAKE2S_BLOCKBYTES );
256 blake2s_compress( S, S->buf ); /* Compress */
257 in += fill; inlen -= fill;
258 while(inlen > BLAKE2S_BLOCKBYTES) {
259 blake2s_increment_counter(S, BLAKE2S_BLOCKBYTES);
260 blake2s_compress( S, in );
261 in += BLAKE2S_BLOCKBYTES;
262 inlen -= BLAKE2S_BLOCKBYTES;
263 }
264 }
265 memcpy( S->buf + S->buflen, in, inlen );
266 S->buflen += inlen;
267 }
268 return 0;
269}
270
271int blake2s_final( blake2s_state *S, void *out, size_t outlen )
272{
273 uint8_t buffer[BLAKE2S_OUTBYTES] = {0};
274 size_t i;
275
276 if( out == NULL || outlen < S->outlen )
277 return -1;
278
279 if( blake2s_is_lastblock( S ) )
280 return -1;
281
282 blake2s_increment_counter( S, ( uint32_t )S->buflen );
283 blake2s_set_lastblock( S );
284 memset( S->buf + S->buflen, 0, BLAKE2S_BLOCKBYTES - S->buflen ); /* Padding */
285 blake2s_compress( S, S->buf );
286
287 for( i = 0; i < 8; ++i ) // Output full hash to temp buffer
288 store32( buffer + sizeof( S->h[i] ) * i, S->h[i] );
289
290 memcpy( out, buffer, outlen );
291 //secure_zero_memory(buffer, sizeof(buffer));
292 return 0;
293}
294
295int blake2s( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen )
296{
297 blake2s_state S[1];
298
299 /* Verify parameters */
300 if ( NULL == in && inlen > 0 ) return -1;
301
302 if ( NULL == out ) return -1;
303
304 if ( NULL == key && keylen > 0) return -1;
305
306 if( !outlen || outlen > BLAKE2S_OUTBYTES ) return -1;
307
308 if( keylen > BLAKE2S_KEYBYTES ) return -1;
309
310 if( keylen > 0 )
311 {
312 if( blake2s_init_key( S, outlen, key, keylen ) < 0 ) return -1;
313 }
314 else
315 {
316 if( blake2s_init( S, outlen ) < 0 ) return -1;
317 }
318
319 blake2s_update( S, ( const uint8_t * )in, inlen );
320 blake2s_final( S, out, outlen );
321 return 0;
322}
diff --git a/gba/source/blake2.h b/gba/source/blake2.h new file mode 100644 index 0000000..ead399e --- /dev/null +++ b/gba/source/blake2.h
@@ -0,0 +1,74 @@
1/*
2 BLAKE2 reference source code package - reference C implementations
3
4 Copyright 2012, Samuel Neves <sneves@dei.uc.pt>. You may use this under the
5 terms of the CC0, the OpenSSL Licence, or the Apache Public License 2.0, at
6 your option. The terms of these licenses can be found at:
7
8 - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
9 - OpenSSL license : https://www.openssl.org/source/license.html
10 - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0
11
12 More information about the BLAKE2 hash function can be found at
13 https://blake2.net.
14*/
15#ifndef BLAKE2_H
16#define BLAKE2_H
17
18#include <stddef.h>
19#include <stdint.h>
20
21#define BLAKE2_PACKED(x) x __attribute__((packed))
22
23 enum blake2s_constant
24 {
25 BLAKE2S_BLOCKBYTES = 64,
26 BLAKE2S_OUTBYTES = 32,
27 BLAKE2S_KEYBYTES = 32,
28 BLAKE2S_SALTBYTES = 8,
29 BLAKE2S_PERSONALBYTES = 8
30 };
31
32 typedef struct blake2s_state__
33 {
34 uint32_t h[8];
35 uint32_t t[2];
36 uint32_t f[2];
37 uint8_t buf[BLAKE2S_BLOCKBYTES];
38 size_t buflen;
39 size_t outlen;
40 uint8_t last_node;
41 } blake2s_state;
42
43 BLAKE2_PACKED(struct blake2s_param__
44 {
45 uint8_t digest_length; /* 1 */
46 uint8_t key_length; /* 2 */
47 uint8_t fanout; /* 3 */
48 uint8_t depth; /* 4 */
49 uint32_t leaf_length; /* 8 */
50 uint32_t node_offset; /* 12 */
51 uint16_t xof_length; /* 14 */
52 uint8_t node_depth; /* 15 */
53 uint8_t inner_length; /* 16 */
54 /* uint8_t reserved[0]; */
55 uint8_t salt[BLAKE2S_SALTBYTES]; /* 24 */
56 uint8_t personal[BLAKE2S_PERSONALBYTES]; /* 32 */
57 });
58
59 typedef struct blake2s_param__ blake2s_param;
60
61 /* Padded structs result in a compile-time error */
62 enum {
63 BLAKE2_DUMMY_1 = 1/(sizeof(blake2s_param) == BLAKE2S_OUTBYTES)
64 };
65
66 int blake2s_init( blake2s_state *S, size_t outlen );
67 int blake2s_init_key( blake2s_state *S, size_t outlen, const void *key, size_t keylen );
68 int blake2s_init_param( blake2s_state *S, const blake2s_param *P );
69 int blake2s_update( blake2s_state *S, const void *in, size_t inlen );
70 int blake2s_final( blake2s_state *S, void *out, size_t outlen );
71
72 int blake2s( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );
73
74#endif \ No newline at end of file
diff --git a/gba/source/serialize.c b/gba/source/serialize.c index ddb156c..5c4ff8d 100644 --- a/gba/source/serialize.c +++ b/gba/source/serialize.c
@@ -10,21 +10,7 @@
10#include "basestats.h" 10#include "basestats.h"
11#include "exptables.h" 11#include "exptables.h"
12#include "dexorder.h" 12#include "dexorder.h"
13#include "sha2.h" 13#include "blake2.h"
14
15// See pokemon.h for more information about this.
16struct HashDeterminer {
17 u32 otId;
18 u32 personality;
19 u32 hpIV:5;
20 u32 attackIV:5;
21 u32 defenseIV:5;
22 u32 speedIV:5;
23 u32 spAttackIV:5;
24 u32 spDefenseIV:5;
25 u32 isShedinja:1;
26 u32 zero:1;
27};
28 14
29u32 CalculateStat( 15u32 CalculateStat(
30 u8 base, 16 u8 base,
@@ -64,22 +50,25 @@ void PokemonIntermediateInit(
64 struct PokemonSubstruct2* sub2 = GetBoxPokemonSubstruct2(bpkm); 50 struct PokemonSubstruct2* sub2 = GetBoxPokemonSubstruct2(bpkm);
65 struct PokemonSubstruct3* sub3 = GetBoxPokemonSubstruct3(bpkm); 51 struct PokemonSubstruct3* sub3 = GetBoxPokemonSubstruct3(bpkm);
66 52
67 struct HashDeterminer identifier; 53 u8 identifier[16];
68 identifier.otId = bpkm->otId; 54 identifier[0] = bpkm->otId & 0x000000FF;
69 identifier.personality = bpkm->personality; 55 identifier[1] = (bpkm->otId >> 8) & 0x000000FF;
70 identifier.hpIV = sub3->hpIV; 56 identifier[2] = (bpkm->otId >> 16) & 0x000000FF;
71 identifier.attackIV = sub3->attackIV; 57 identifier[3] = (bpkm->otId >> 24) & 0x000000FF;
72 identifier.defenseIV = sub3->defenseIV; 58 identifier[4] = bpkm->personality & 0x000000FF;
73 identifier.speedIV = sub3->speedIV; 59 identifier[5] = (bpkm->personality >> 8) & 0x000000FF;
74 identifier.spAttackIV = sub3->spAttackIV; 60 identifier[6] = (bpkm->personality >> 16) & 0x000000FF;
75 identifier.spDefenseIV = sub3->spDefenseIV; 61 identifier[7] = (bpkm->personality >> 24) & 0x000000FF;
76 identifier.isShedinja = (sub0->species == SHEDINJA_SPECIES_INDEX) ? 1 : 0; 62 identifier[8] = sub3->hpIV;
77 identifier.zero = 0; 63 identifier[9] = sub3->attackIV;
78 64 identifier[10] = sub3->defenseIV;
79 sha224( 65 identifier[11] = sub3->speedIV;
80 (const unsigned char*)&identifier, 66 identifier[12] = sub3->spAttackIV;
81 12, 67 identifier[13] = sub3->spDefenseIV;
82 (unsigned char*)pki->key); 68 identifier[14] = (sub0->species == SHEDINJA_SPECIES_INDEX) ? 1 : 0;
69 identifier[15] = 0;
70
71 blake2s((u8*)pki->key, 28, identifier, 16, 0, 0);
83 72
84 const struct SmallBaseStats* baseStats = BaseStatsForSpecies(sub0->species); 73 const struct SmallBaseStats* baseStats = BaseStatsForSpecies(sub0->species);
85 74
diff --git a/gba/source/sha2.c b/gba/source/sha2.c deleted file mode 100644 index 149c043..0000000 --- a/gba/source/sha2.c +++ /dev/null
@@ -1,471 +0,0 @@
1/*
2 * FIPS 180-2 SHA-224/256/384/512 implementation
3 * Last update: 02/02/2007
4 * Issue date: 04/30/2005
5 *
6 * Copyright (C) 2005, 2007 Olivier Gay <olivier.gay@a3.epfl.ch>
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34#if 0
35#define UNROLL_LOOPS /* Enable loops unrolling */
36#endif
37
38#include <string.h>
39
40#include "sha2.h"
41
42#define SHFR(x, n) (x >> n)
43#define ROTR(x, n) ((x >> n) | (x << ((sizeof(x) << 3) - n)))
44#define ROTL(x, n) ((x << n) | (x >> ((sizeof(x) << 3) - n)))
45#define CH(x, y, z) ((x & y) ^ (~x & z))
46#define MAJ(x, y, z) ((x & y) ^ (x & z) ^ (y & z))
47
48#define SHA256_F1(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22))
49#define SHA256_F2(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25))
50#define SHA256_F3(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ SHFR(x, 3))
51#define SHA256_F4(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ SHFR(x, 10))
52
53#define SHA512_F1(x) (ROTR(x, 28) ^ ROTR(x, 34) ^ ROTR(x, 39))
54#define SHA512_F2(x) (ROTR(x, 14) ^ ROTR(x, 18) ^ ROTR(x, 41))
55#define SHA512_F3(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHFR(x, 7))
56#define SHA512_F4(x) (ROTR(x, 19) ^ ROTR(x, 61) ^ SHFR(x, 6))
57
58#define UNPACK32(x, str) \
59{ \
60 *((str) + 3) = (uint8) ((x) ); \
61 *((str) + 2) = (uint8) ((x) >> 8); \
62 *((str) + 1) = (uint8) ((x) >> 16); \
63 *((str) + 0) = (uint8) ((x) >> 24); \
64}
65
66#define PACK32(str, x) \
67{ \
68 *(x) = ((uint32) *((str) + 3) ) \
69 | ((uint32) *((str) + 2) << 8) \
70 | ((uint32) *((str) + 1) << 16) \
71 | ((uint32) *((str) + 0) << 24); \
72}
73
74#define UNPACK64(x, str) \
75{ \
76 *((str) + 7) = (uint8) ((x) ); \
77 *((str) + 6) = (uint8) ((x) >> 8); \
78 *((str) + 5) = (uint8) ((x) >> 16); \
79 *((str) + 4) = (uint8) ((x) >> 24); \
80 *((str) + 3) = (uint8) ((x) >> 32); \
81 *((str) + 2) = (uint8) ((x) >> 40); \
82 *((str) + 1) = (uint8) ((x) >> 48); \
83 *((str) + 0) = (uint8) ((x) >> 56); \
84}
85
86#define PACK64(str, x) \
87{ \
88 *(x) = ((uint64) *((str) + 7) ) \
89 | ((uint64) *((str) + 6) << 8) \
90 | ((uint64) *((str) + 5) << 16) \
91 | ((uint64) *((str) + 4) << 24) \
92 | ((uint64) *((str) + 3) << 32) \
93 | ((uint64) *((str) + 2) << 40) \
94 | ((uint64) *((str) + 1) << 48) \
95 | ((uint64) *((str) + 0) << 56); \
96}
97
98/* Macros used for loops unrolling */
99
100#define SHA256_SCR(i) \
101{ \
102 w[i] = SHA256_F4(w[i - 2]) + w[i - 7] \
103 + SHA256_F3(w[i - 15]) + w[i - 16]; \
104}
105
106#define SHA512_SCR(i) \
107{ \
108 w[i] = SHA512_F4(w[i - 2]) + w[i - 7] \
109 + SHA512_F3(w[i - 15]) + w[i - 16]; \
110}
111
112#define SHA256_EXP(a, b, c, d, e, f, g, h, j) \
113{ \
114 t1 = wv[h] + SHA256_F2(wv[e]) + CH(wv[e], wv[f], wv[g]) \
115 + sha256_k[j] + w[j]; \
116 t2 = SHA256_F1(wv[a]) + MAJ(wv[a], wv[b], wv[c]); \
117 wv[d] += t1; \
118 wv[h] = t1 + t2; \
119}
120
121#define SHA512_EXP(a, b, c, d, e, f, g ,h, j) \
122{ \
123 t1 = wv[h] + SHA512_F2(wv[e]) + CH(wv[e], wv[f], wv[g]) \
124 + sha512_k[j] + w[j]; \
125 t2 = SHA512_F1(wv[a]) + MAJ(wv[a], wv[b], wv[c]); \
126 wv[d] += t1; \
127 wv[h] = t1 + t2; \
128}
129
130uint32 sha224_h0[8] =
131 {0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939,
132 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4};
133
134uint32 sha256_h0[8] =
135 {0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,
136 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19};
137
138uint32 sha256_k[64] =
139 {0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
140 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
141 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
142 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
143 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
144 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
145 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
146 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
147 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
148 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
149 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
150 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
151 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
152 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
153 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
154 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2};
155
156/* SHA-256 functions */
157
158void sha256_transf(sha256_ctx *ctx, const unsigned char *message,
159 unsigned int block_nb)
160{
161 uint32 w[64];
162 uint32 wv[8];
163 uint32 t1, t2;
164 const unsigned char *sub_block;
165 int i;
166
167#ifndef UNROLL_LOOPS
168 int j;
169#endif
170
171 for (i = 0; i < (int) block_nb; i++) {
172 sub_block = message + (i << 6);
173
174#ifndef UNROLL_LOOPS
175 for (j = 0; j < 16; j++) {
176 PACK32(&sub_block[j << 2], &w[j]);
177 }
178
179 for (j = 16; j < 64; j++) {
180 SHA256_SCR(j);
181 }
182
183 for (j = 0; j < 8; j++) {
184 wv[j] = ctx->h[j];
185 }
186
187 for (j = 0; j < 64; j++) {
188 t1 = wv[7] + SHA256_F2(wv[4]) + CH(wv[4], wv[5], wv[6])
189 + sha256_k[j] + w[j];
190 t2 = SHA256_F1(wv[0]) + MAJ(wv[0], wv[1], wv[2]);
191 wv[7] = wv[6];
192 wv[6] = wv[5];
193 wv[5] = wv[4];
194 wv[4] = wv[3] + t1;
195 wv[3] = wv[2];
196 wv[2] = wv[1];
197 wv[1] = wv[0];
198 wv[0] = t1 + t2;
199 }
200
201 for (j = 0; j < 8; j++) {
202 ctx->h[j] += wv[j];
203 }
204#else
205 PACK32(&sub_block[ 0], &w[ 0]); PACK32(&sub_block[ 4], &w[ 1]);
206 PACK32(&sub_block[ 8], &w[ 2]); PACK32(&sub_block[12], &w[ 3]);
207 PACK32(&sub_block[16], &w[ 4]); PACK32(&sub_block[20], &w[ 5]);
208 PACK32(&sub_block[24], &w[ 6]); PACK32(&sub_block[28], &w[ 7]);
209 PACK32(&sub_block[32], &w[ 8]); PACK32(&sub_block[36], &w[ 9]);
210 PACK32(&sub_block[40], &w[10]); PACK32(&sub_block[44], &w[11]);
211 PACK32(&sub_block[48], &w[12]); PACK32(&sub_block[52], &w[13]);
212 PACK32(&sub_block[56], &w[14]); PACK32(&sub_block[60], &w[15]);
213
214 SHA256_SCR(16); SHA256_SCR(17); SHA256_SCR(18); SHA256_SCR(19);
215 SHA256_SCR(20); SHA256_SCR(21); SHA256_SCR(22); SHA256_SCR(23);
216 SHA256_SCR(24); SHA256_SCR(25); SHA256_SCR(26); SHA256_SCR(27);
217 SHA256_SCR(28); SHA256_SCR(29); SHA256_SCR(30); SHA256_SCR(31);
218 SHA256_SCR(32); SHA256_SCR(33); SHA256_SCR(34); SHA256_SCR(35);
219 SHA256_SCR(36); SHA256_SCR(37); SHA256_SCR(38); SHA256_SCR(39);
220 SHA256_SCR(40); SHA256_SCR(41); SHA256_SCR(42); SHA256_SCR(43);
221 SHA256_SCR(44); SHA256_SCR(45); SHA256_SCR(46); SHA256_SCR(47);
222 SHA256_SCR(48); SHA256_SCR(49); SHA256_SCR(50); SHA256_SCR(51);
223 SHA256_SCR(52); SHA256_SCR(53); SHA256_SCR(54); SHA256_SCR(55);
224 SHA256_SCR(56); SHA256_SCR(57); SHA256_SCR(58); SHA256_SCR(59);
225 SHA256_SCR(60); SHA256_SCR(61); SHA256_SCR(62); SHA256_SCR(63);
226
227 wv[0] = ctx->h[0]; wv[1] = ctx->h[1];
228 wv[2] = ctx->h[2]; wv[3] = ctx->h[3];
229 wv[4] = ctx->h[4]; wv[5] = ctx->h[5];
230 wv[6] = ctx->h[6]; wv[7] = ctx->h[7];
231
232 SHA256_EXP(0,1,2,3,4,5,6,7, 0); SHA256_EXP(7,0,1,2,3,4,5,6, 1);
233 SHA256_EXP(6,7,0,1,2,3,4,5, 2); SHA256_EXP(5,6,7,0,1,2,3,4, 3);
234 SHA256_EXP(4,5,6,7,0,1,2,3, 4); SHA256_EXP(3,4,5,6,7,0,1,2, 5);
235 SHA256_EXP(2,3,4,5,6,7,0,1, 6); SHA256_EXP(1,2,3,4,5,6,7,0, 7);
236 SHA256_EXP(0,1,2,3,4,5,6,7, 8); SHA256_EXP(7,0,1,2,3,4,5,6, 9);
237 SHA256_EXP(6,7,0,1,2,3,4,5,10); SHA256_EXP(5,6,7,0,1,2,3,4,11);
238 SHA256_EXP(4,5,6,7,0,1,2,3,12); SHA256_EXP(3,4,5,6,7,0,1,2,13);
239 SHA256_EXP(2,3,4,5,6,7,0,1,14); SHA256_EXP(1,2,3,4,5,6,7,0,15);
240 SHA256_EXP(0,1,2,3,4,5,6,7,16); SHA256_EXP(7,0,1,2,3,4,5,6,17);
241 SHA256_EXP(6,7,0,1,2,3,4,5,18); SHA256_EXP(5,6,7,0,1,2,3,4,19);
242 SHA256_EXP(4,5,6,7,0,1,2,3,20); SHA256_EXP(3,4,5,6,7,0,1,2,21);
243 SHA256_EXP(2,3,4,5,6,7,0,1,22); SHA256_EXP(1,2,3,4,5,6,7,0,23);
244 SHA256_EXP(0,1,2,3,4,5,6,7,24); SHA256_EXP(7,0,1,2,3,4,5,6,25);
245 SHA256_EXP(6,7,0,1,2,3,4,5,26); SHA256_EXP(5,6,7,0,1,2,3,4,27);
246 SHA256_EXP(4,5,6,7,0,1,2,3,28); SHA256_EXP(3,4,5,6,7,0,1,2,29);
247 SHA256_EXP(2,3,4,5,6,7,0,1,30); SHA256_EXP(1,2,3,4,5,6,7,0,31);
248 SHA256_EXP(0,1,2,3,4,5,6,7,32); SHA256_EXP(7,0,1,2,3,4,5,6,33);
249 SHA256_EXP(6,7,0,1,2,3,4,5,34); SHA256_EXP(5,6,7,0,1,2,3,4,35);
250 SHA256_EXP(4,5,6,7,0,1,2,3,36); SHA256_EXP(3,4,5,6,7,0,1,2,37);
251 SHA256_EXP(2,3,4,5,6,7,0,1,38); SHA256_EXP(1,2,3,4,5,6,7,0,39);
252 SHA256_EXP(0,1,2,3,4,5,6,7,40); SHA256_EXP(7,0,1,2,3,4,5,6,41);
253 SHA256_EXP(6,7,0,1,2,3,4,5,42); SHA256_EXP(5,6,7,0,1,2,3,4,43);
254 SHA256_EXP(4,5,6,7,0,1,2,3,44); SHA256_EXP(3,4,5,6,7,0,1,2,45);
255 SHA256_EXP(2,3,4,5,6,7,0,1,46); SHA256_EXP(1,2,3,4,5,6,7,0,47);
256 SHA256_EXP(0,1,2,3,4,5,6,7,48); SHA256_EXP(7,0,1,2,3,4,5,6,49);
257 SHA256_EXP(6,7,0,1,2,3,4,5,50); SHA256_EXP(5,6,7,0,1,2,3,4,51);
258 SHA256_EXP(4,5,6,7,0,1,2,3,52); SHA256_EXP(3,4,5,6,7,0,1,2,53);
259 SHA256_EXP(2,3,4,5,6,7,0,1,54); SHA256_EXP(1,2,3,4,5,6,7,0,55);
260 SHA256_EXP(0,1,2,3,4,5,6,7,56); SHA256_EXP(7,0,1,2,3,4,5,6,57);
261 SHA256_EXP(6,7,0,1,2,3,4,5,58); SHA256_EXP(5,6,7,0,1,2,3,4,59);
262 SHA256_EXP(4,5,6,7,0,1,2,3,60); SHA256_EXP(3,4,5,6,7,0,1,2,61);
263 SHA256_EXP(2,3,4,5,6,7,0,1,62); SHA256_EXP(1,2,3,4,5,6,7,0,63);
264
265 ctx->h[0] += wv[0]; ctx->h[1] += wv[1];
266 ctx->h[2] += wv[2]; ctx->h[3] += wv[3];
267 ctx->h[4] += wv[4]; ctx->h[5] += wv[5];
268 ctx->h[6] += wv[6]; ctx->h[7] += wv[7];
269#endif /* !UNROLL_LOOPS */
270 }
271}
272
273void sha256(const unsigned char *message, unsigned int len, unsigned char *digest)
274{
275 sha256_ctx ctx;
276
277 sha256_init(&ctx);
278 sha256_update(&ctx, message, len);
279 sha256_final(&ctx, digest);
280}
281
282void sha256_init(sha256_ctx *ctx)
283{
284#ifndef UNROLL_LOOPS
285 int i;
286 for (i = 0; i < 8; i++) {
287 ctx->h[i] = sha256_h0[i];
288 }
289#else
290 ctx->h[0] = sha256_h0[0]; ctx->h[1] = sha256_h0[1];
291 ctx->h[2] = sha256_h0[2]; ctx->h[3] = sha256_h0[3];
292 ctx->h[4] = sha256_h0[4]; ctx->h[5] = sha256_h0[5];
293 ctx->h[6] = sha256_h0[6]; ctx->h[7] = sha256_h0[7];
294#endif /* !UNROLL_LOOPS */
295
296 ctx->len = 0;
297 ctx->tot_len = 0;
298}
299
300void sha256_update(sha256_ctx *ctx, const unsigned char *message,
301 unsigned int len)
302{
303 unsigned int block_nb;
304 unsigned int new_len, rem_len, tmp_len;
305 const unsigned char *shifted_message;
306
307 tmp_len = SHA256_BLOCK_SIZE - ctx->len;
308 rem_len = len < tmp_len ? len : tmp_len;
309
310 memcpy(&ctx->block[ctx->len], message, rem_len);
311
312 if (ctx->len + len < SHA256_BLOCK_SIZE) {
313 ctx->len += len;
314 return;
315 }
316
317 new_len = len - rem_len;
318 block_nb = new_len / SHA256_BLOCK_SIZE;
319
320 shifted_message = message + rem_len;
321
322 sha256_transf(ctx, ctx->block, 1);
323 sha256_transf(ctx, shifted_message, block_nb);
324
325 rem_len = new_len % SHA256_BLOCK_SIZE;
326
327 memcpy(ctx->block, &shifted_message[block_nb << 6],
328 rem_len);
329
330 ctx->len = rem_len;
331 ctx->tot_len += (block_nb + 1) << 6;
332}
333
334void sha256_final(sha256_ctx *ctx, unsigned char *digest)
335{
336 unsigned int block_nb;
337 unsigned int pm_len;
338 unsigned int len_b;
339
340#ifndef UNROLL_LOOPS
341 int i;
342#endif
343
344 block_nb = (1 + ((SHA256_BLOCK_SIZE - 9)
345 < (ctx->len % SHA256_BLOCK_SIZE)));
346
347 len_b = (ctx->tot_len + ctx->len) << 3;
348 pm_len = block_nb << 6;
349
350 memset(ctx->block + ctx->len, 0, pm_len - ctx->len);
351 ctx->block[ctx->len] = 0x80;
352 UNPACK32(len_b, ctx->block + pm_len - 4);
353
354 sha256_transf(ctx, ctx->block, block_nb);
355
356#ifndef UNROLL_LOOPS
357 for (i = 0 ; i < 8; i++) {
358 UNPACK32(ctx->h[i], &digest[i << 2]);
359 }
360#else
361 UNPACK32(ctx->h[0], &digest[ 0]);
362 UNPACK32(ctx->h[1], &digest[ 4]);
363 UNPACK32(ctx->h[2], &digest[ 8]);
364 UNPACK32(ctx->h[3], &digest[12]);
365 UNPACK32(ctx->h[4], &digest[16]);
366 UNPACK32(ctx->h[5], &digest[20]);
367 UNPACK32(ctx->h[6], &digest[24]);
368 UNPACK32(ctx->h[7], &digest[28]);
369#endif /* !UNROLL_LOOPS */
370}
371
372/* SHA-224 functions */
373
374void sha224(const unsigned char *message, unsigned int len,
375 unsigned char *digest)
376{
377 sha224_ctx ctx;
378
379 sha224_init(&ctx);
380 sha224_update(&ctx, message, len);
381 sha224_final(&ctx, digest);
382}
383
384void sha224_init(sha224_ctx *ctx)
385{
386#ifndef UNROLL_LOOPS
387 int i;
388 for (i = 0; i < 8; i++) {
389 ctx->h[i] = sha224_h0[i];
390 }
391#else
392 ctx->h[0] = sha224_h0[0]; ctx->h[1] = sha224_h0[1];
393 ctx->h[2] = sha224_h0[2]; ctx->h[3] = sha224_h0[3];
394 ctx->h[4] = sha224_h0[4]; ctx->h[5] = sha224_h0[5];
395 ctx->h[6] = sha224_h0[6]; ctx->h[7] = sha224_h0[7];
396#endif /* !UNROLL_LOOPS */
397
398 ctx->len = 0;
399 ctx->tot_len = 0;
400}
401
402void sha224_update(sha224_ctx *ctx, const unsigned char *message,
403 unsigned int len)
404{
405 unsigned int block_nb;
406 unsigned int new_len, rem_len, tmp_len;
407 const unsigned char *shifted_message;
408
409 tmp_len = SHA224_BLOCK_SIZE - ctx->len;
410 rem_len = len < tmp_len ? len : tmp_len;
411
412 memcpy(&ctx->block[ctx->len], message, rem_len);
413
414 if (ctx->len + len < SHA224_BLOCK_SIZE) {
415 ctx->len += len;
416 return;
417 }
418
419 new_len = len - rem_len;
420 block_nb = new_len / SHA224_BLOCK_SIZE;
421
422 shifted_message = message + rem_len;
423
424 sha256_transf(ctx, ctx->block, 1);
425 sha256_transf(ctx, shifted_message, block_nb);
426
427 rem_len = new_len % SHA224_BLOCK_SIZE;
428
429 memcpy(ctx->block, &shifted_message[block_nb << 6],
430 rem_len);
431
432 ctx->len = rem_len;
433 ctx->tot_len += (block_nb + 1) << 6;
434}
435
436void sha224_final(sha224_ctx *ctx, unsigned char *digest)
437{
438 unsigned int block_nb;
439 unsigned int pm_len;
440 unsigned int len_b;
441
442#ifndef UNROLL_LOOPS
443 int i;
444#endif
445
446 block_nb = (1 + ((SHA224_BLOCK_SIZE - 9)
447 < (ctx->len % SHA224_BLOCK_SIZE)));
448
449 len_b = (ctx->tot_len + ctx->len) << 3;
450 pm_len = block_nb << 6;
451
452 memset(ctx->block + ctx->len, 0, pm_len - ctx->len);
453 ctx->block[ctx->len] = 0x80;
454 UNPACK32(len_b, ctx->block + pm_len - 4);
455
456 sha256_transf(ctx, ctx->block, block_nb);
457
458#ifndef UNROLL_LOOPS
459 for (i = 0 ; i < 7; i++) {
460 UNPACK32(ctx->h[i], &digest[i << 2]);
461 }
462#else
463 UNPACK32(ctx->h[0], &digest[ 0]);
464 UNPACK32(ctx->h[1], &digest[ 4]);
465 UNPACK32(ctx->h[2], &digest[ 8]);
466 UNPACK32(ctx->h[3], &digest[12]);
467 UNPACK32(ctx->h[4], &digest[16]);
468 UNPACK32(ctx->h[5], &digest[20]);
469 UNPACK32(ctx->h[6], &digest[24]);
470#endif /* !UNROLL_LOOPS */
471}
diff --git a/gba/source/sha2.h b/gba/source/sha2.h deleted file mode 100644 index efd3059..0000000 --- a/gba/source/sha2.h +++ /dev/null
@@ -1,74 +0,0 @@
1/*
2 * FIPS 180-2 SHA-224/256/384/512 implementation
3 * Last update: 02/02/2007
4 * Issue date: 04/30/2005
5 *
6 * Copyright (C) 2005, 2007 Olivier Gay <olivier.gay@a3.epfl.ch>
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34#ifndef SHA2_H
35#define SHA2_H
36
37#define SHA224_DIGEST_SIZE ( 224 / 8)
38#define SHA256_DIGEST_SIZE ( 256 / 8)
39
40#define SHA256_BLOCK_SIZE ( 512 / 8)
41#define SHA224_BLOCK_SIZE SHA256_BLOCK_SIZE
42
43#ifndef SHA2_TYPES
44#define SHA2_TYPES
45typedef unsigned char uint8;
46typedef unsigned int uint32;
47typedef unsigned long long uint64;
48#endif
49
50typedef struct {
51 unsigned int tot_len;
52 unsigned int len;
53 unsigned char block[2 * SHA256_BLOCK_SIZE];
54 uint32 h[8];
55} sha256_ctx;
56
57typedef sha256_ctx sha224_ctx;
58
59void sha224_init(sha224_ctx *ctx);
60void sha224_update(sha224_ctx *ctx, const unsigned char *message,
61 unsigned int len);
62void sha224_final(sha224_ctx *ctx, unsigned char *digest);
63void sha224(const unsigned char *message, unsigned int len,
64 unsigned char *digest);
65
66void sha256_init(sha256_ctx * ctx);
67void sha256_update(sha256_ctx *ctx, const unsigned char *message,
68 unsigned int len);
69void sha256_final(sha256_ctx *ctx, unsigned char *digest);
70void sha256(const unsigned char *message, unsigned int len,
71 unsigned char *digest);
72
73#endif /* !SHA2_H */
74