mirror of
https://github.com/topjohnwu/Magisk.git
synced 2024-12-21 23:47:39 +00:00
Use libmincrypt
This commit is contained in:
parent
dfee9954e0
commit
a58d3ea04d
@ -31,7 +31,7 @@ LOCAL_SHARED_LIBRARIES := libsqlite libselinux
|
||||
|
||||
LOCAL_C_INCLUDES := \
|
||||
jni/include \
|
||||
jni/external/include \
|
||||
$(EXT_PATH)/include \
|
||||
$(LIBSELINUX)
|
||||
|
||||
LOCAL_SRC_FILES := \
|
||||
@ -87,17 +87,16 @@ include $(BUILD_EXECUTABLE)
|
||||
# magiskboot
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE := magiskboot
|
||||
LOCAL_STATIC_LIBRARIES := liblzma liblz4 libbz2 libfdt
|
||||
LOCAL_STATIC_LIBRARIES := libmincrypt liblzma liblz4 libbz2 libfdt
|
||||
LOCAL_C_INCLUDES := \
|
||||
jni/include \
|
||||
jni/external/include \
|
||||
$(EXT_PATH)/include \
|
||||
$(LIBLZMA) \
|
||||
$(LIBLZ4) \
|
||||
$(LIBBZ2) \
|
||||
$(LIBFDT)
|
||||
|
||||
LOCAL_SRC_FILES := \
|
||||
external/sha1/sha1.c \
|
||||
magiskboot/main.c \
|
||||
magiskboot/bootimg.c \
|
||||
magiskboot/hexpatch.c \
|
||||
|
16
native/jni/external/Android.mk
vendored
16
native/jni/external/Android.mk
vendored
@ -3,7 +3,7 @@ LOCAL_PATH:= $(call my-dir)
|
||||
# libsqlite.so (stub)
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE:= libsqlite
|
||||
LOCAL_C_INCLUDES := jni/external/include
|
||||
LOCAL_C_INCLUDES := $(EXT_PATH)/include
|
||||
LOCAL_SRC_FILES := stubs/sqlite3_stub.c
|
||||
include $(BUILD_SHARED_LIBRARY)
|
||||
|
||||
@ -14,6 +14,20 @@ LOCAL_C_INCLUDES := $(LIBSELINUX)
|
||||
LOCAL_SRC_FILES := stubs/selinux_stub.c
|
||||
include $(BUILD_SHARED_LIBRARY)
|
||||
|
||||
# libmincrypt.a
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE:= libmincrypt
|
||||
LOCAL_C_INCLUDES := $(EXT_PATH)/include
|
||||
LOCAL_SRC_FILES := \
|
||||
mincrypt/dsa_sig.c \
|
||||
mincrypt/p256.c \
|
||||
mincrypt/p256_ec.c \
|
||||
mincrypt/p256_ecdsa.c \
|
||||
mincrypt/rsa.c \
|
||||
mincrypt/sha.c \
|
||||
mincrypt/sha256.c
|
||||
include $(BUILD_STATIC_LIBRARY)
|
||||
|
||||
# libfdt.a
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE:= libfdt
|
||||
|
43
native/jni/external/include/mincrypt/dsa_sig.h
vendored
Normal file
43
native/jni/external/include/mincrypt/dsa_sig.h
vendored
Normal file
@ -0,0 +1,43 @@
|
||||
/*
|
||||
* Copyright 2013 The Android Open Source Project
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* * Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* * Neither the name of Google Inc. nor the names of its contributors may
|
||||
* be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
||||
* EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
||||
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
||||
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifndef SYSTEM_CORE_INCLUDE_MINCRYPT_DSA_SIG_H_
|
||||
#define SYSTEM_CORE_INCLUDE_MINCRYPT_DSA_SIG_H_
|
||||
|
||||
#include "mincrypt/p256.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
// Returns 0 if input sig is not a valid ASN.1 sequence
|
||||
int dsa_sig_unpack(unsigned char* sig, int sig_len, p256_int* r_int, p256_int* s_int);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* SYSTEM_CORE_INCLUDE_MINCRYPT_DSA_SIG_H_ */
|
63
native/jni/external/include/mincrypt/hash-internal.h
vendored
Normal file
63
native/jni/external/include/mincrypt/hash-internal.h
vendored
Normal file
@ -0,0 +1,63 @@
|
||||
/*
|
||||
* Copyright 2007 The Android Open Source Project
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* * Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* * Neither the name of Google Inc. nor the names of its contributors may
|
||||
* be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
||||
* EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
||||
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
||||
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifndef SYSTEM_CORE_INCLUDE_MINCRYPT_HASH_INTERNAL_H_
|
||||
#define SYSTEM_CORE_INCLUDE_MINCRYPT_HASH_INTERNAL_H_
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif // __cplusplus
|
||||
|
||||
struct HASH_CTX; // forward decl
|
||||
|
||||
typedef struct HASH_VTAB {
|
||||
void (* const init)(struct HASH_CTX*);
|
||||
void (* const update)(struct HASH_CTX*, const void*, int);
|
||||
const uint8_t* (* const final)(struct HASH_CTX*);
|
||||
const uint8_t* (* const hash)(const void*, int, uint8_t*);
|
||||
int size;
|
||||
} HASH_VTAB;
|
||||
|
||||
typedef struct HASH_CTX {
|
||||
const HASH_VTAB * f;
|
||||
uint64_t count;
|
||||
uint8_t buf[64];
|
||||
uint32_t state[8]; // upto SHA2
|
||||
} HASH_CTX;
|
||||
|
||||
#define HASH_init(ctx) (ctx)->f->init(ctx)
|
||||
#define HASH_update(ctx, data, len) (ctx)->f->update(ctx, data, len)
|
||||
#define HASH_final(ctx) (ctx)->f->final(ctx)
|
||||
#define HASH_hash(data, len, digest) (ctx)->f->hash(data, len, digest)
|
||||
#define HASH_size(ctx) (ctx)->f->size
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif // __cplusplus
|
||||
|
||||
#endif // SYSTEM_CORE_INCLUDE_MINCRYPT_HASH_INTERNAL_H_
|
162
native/jni/external/include/mincrypt/p256.h
vendored
Normal file
162
native/jni/external/include/mincrypt/p256.h
vendored
Normal file
@ -0,0 +1,162 @@
|
||||
/*
|
||||
* Copyright 2013 The Android Open Source Project
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* * Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* * Neither the name of Google Inc. nor the names of its contributors may
|
||||
* be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
||||
* EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
||||
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
||||
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifndef SYSTEM_CORE_INCLUDE_MINCRYPT_LITE_P256_H_
|
||||
#define SYSTEM_CORE_INCLUDE_MINCRYPT_LITE_P256_H_
|
||||
|
||||
// Collection of routines manipulating 256 bit unsigned integers.
|
||||
// Just enough to implement ecdsa-p256 and related algorithms.
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#define P256_BITSPERDIGIT 32
|
||||
#define P256_NDIGITS 8
|
||||
#define P256_NBYTES 32
|
||||
|
||||
typedef int p256_err;
|
||||
typedef uint32_t p256_digit;
|
||||
typedef int32_t p256_sdigit;
|
||||
typedef uint64_t p256_ddigit;
|
||||
typedef int64_t p256_sddigit;
|
||||
|
||||
// Defining p256_int as struct to leverage struct assigment.
|
||||
typedef struct {
|
||||
p256_digit a[P256_NDIGITS];
|
||||
} p256_int;
|
||||
|
||||
extern const p256_int SECP256r1_n; // Curve order
|
||||
extern const p256_int SECP256r1_p; // Curve prime
|
||||
extern const p256_int SECP256r1_b; // Curve param
|
||||
|
||||
// Initialize a p256_int to zero.
|
||||
void p256_init(p256_int* a);
|
||||
|
||||
// Clear a p256_int to zero.
|
||||
void p256_clear(p256_int* a);
|
||||
|
||||
// Return bit. Index 0 is least significant.
|
||||
int p256_get_bit(const p256_int* a, int index);
|
||||
|
||||
// b := a % MOD
|
||||
void p256_mod(
|
||||
const p256_int* MOD,
|
||||
const p256_int* a,
|
||||
p256_int* b);
|
||||
|
||||
// c := a * (top_b | b) % MOD
|
||||
void p256_modmul(
|
||||
const p256_int* MOD,
|
||||
const p256_int* a,
|
||||
const p256_digit top_b,
|
||||
const p256_int* b,
|
||||
p256_int* c);
|
||||
|
||||
// b := 1 / a % MOD
|
||||
// MOD best be SECP256r1_n
|
||||
void p256_modinv(
|
||||
const p256_int* MOD,
|
||||
const p256_int* a,
|
||||
p256_int* b);
|
||||
|
||||
// b := 1 / a % MOD
|
||||
// MOD best be SECP256r1_n
|
||||
// Faster than p256_modinv()
|
||||
void p256_modinv_vartime(
|
||||
const p256_int* MOD,
|
||||
const p256_int* a,
|
||||
p256_int* b);
|
||||
|
||||
// b := a << (n % P256_BITSPERDIGIT)
|
||||
// Returns the bits shifted out of most significant digit.
|
||||
p256_digit p256_shl(const p256_int* a, int n, p256_int* b);
|
||||
|
||||
// b := a >> (n % P256_BITSPERDIGIT)
|
||||
void p256_shr(const p256_int* a, int n, p256_int* b);
|
||||
|
||||
int p256_is_zero(const p256_int* a);
|
||||
int p256_is_odd(const p256_int* a);
|
||||
int p256_is_even(const p256_int* a);
|
||||
|
||||
// Returns -1, 0 or 1.
|
||||
int p256_cmp(const p256_int* a, const p256_int *b);
|
||||
|
||||
// c: = a - b
|
||||
// Returns -1 on borrow.
|
||||
int p256_sub(const p256_int* a, const p256_int* b, p256_int* c);
|
||||
|
||||
// c := a + b
|
||||
// Returns 1 on carry.
|
||||
int p256_add(const p256_int* a, const p256_int* b, p256_int* c);
|
||||
|
||||
// c := a + (single digit)b
|
||||
// Returns carry 1 on carry.
|
||||
int p256_add_d(const p256_int* a, p256_digit b, p256_int* c);
|
||||
|
||||
// ec routines.
|
||||
|
||||
// {out_x,out_y} := nG
|
||||
void p256_base_point_mul(const p256_int *n,
|
||||
p256_int *out_x,
|
||||
p256_int *out_y);
|
||||
|
||||
// {out_x,out_y} := n{in_x,in_y}
|
||||
void p256_point_mul(const p256_int *n,
|
||||
const p256_int *in_x,
|
||||
const p256_int *in_y,
|
||||
p256_int *out_x,
|
||||
p256_int *out_y);
|
||||
|
||||
// {out_x,out_y} := n1G + n2{in_x,in_y}
|
||||
void p256_points_mul_vartime(
|
||||
const p256_int *n1, const p256_int *n2,
|
||||
const p256_int *in_x, const p256_int *in_y,
|
||||
p256_int *out_x, p256_int *out_y);
|
||||
|
||||
// Return whether point {x,y} is on curve.
|
||||
int p256_is_valid_point(const p256_int* x, const p256_int* y);
|
||||
|
||||
// Outputs big-endian binary form. No leading zero skips.
|
||||
void p256_to_bin(const p256_int* src, uint8_t dst[P256_NBYTES]);
|
||||
|
||||
// Reads from big-endian binary form,
|
||||
// thus pre-pad with leading zeros if short.
|
||||
void p256_from_bin(const uint8_t src[P256_NBYTES], p256_int* dst);
|
||||
|
||||
#define P256_DIGITS(x) ((x)->a)
|
||||
#define P256_DIGIT(x,y) ((x)->a[y])
|
||||
|
||||
#define P256_ZERO {{0}}
|
||||
#define P256_ONE {{1}}
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif // SYSTEM_CORE_INCLUDE_MINCRYPT_LITE_P256_H_
|
53
native/jni/external/include/mincrypt/p256_ecdsa.h
vendored
Normal file
53
native/jni/external/include/mincrypt/p256_ecdsa.h
vendored
Normal file
@ -0,0 +1,53 @@
|
||||
/*
|
||||
* Copyright 2013 The Android Open Source Project
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* * Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* * Neither the name of Google Inc. nor the names of its contributors may
|
||||
* be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
||||
* EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
||||
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
||||
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifndef SYSTEM_CORE_INCLUDE_MINCRYPT_P256_ECDSA_H_
|
||||
#define SYSTEM_CORE_INCLUDE_MINCRYPT_P256_ECDSA_H_
|
||||
|
||||
// Using current directory as relative include path here since
|
||||
// this code typically gets lifted into a variety of build systems
|
||||
// and directory structures.
|
||||
#include "p256.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
// Returns 0 if {r,s} is not a signature on message for
|
||||
// public key {key_x,key_y}.
|
||||
//
|
||||
// Note: message is a p256_int.
|
||||
// Convert from a binary string using p256_from_bin().
|
||||
int p256_ecdsa_verify(const p256_int* key_x,
|
||||
const p256_int* key_y,
|
||||
const p256_int* message,
|
||||
const p256_int* r, const p256_int* s);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif // SYSTEM_CORE_INCLUDE_MINCRYPT_P256_ECDSA_H_
|
58
native/jni/external/include/mincrypt/rsa.h
vendored
Normal file
58
native/jni/external/include/mincrypt/rsa.h
vendored
Normal file
@ -0,0 +1,58 @@
|
||||
/* rsa.h
|
||||
**
|
||||
** Copyright 2008, The Android Open Source Project
|
||||
**
|
||||
** Redistribution and use in source and binary forms, with or without
|
||||
** modification, are permitted provided that the following conditions are met:
|
||||
** * Redistributions of source code must retain the above copyright
|
||||
** notice, this list of conditions and the following disclaimer.
|
||||
** * Redistributions in binary form must reproduce the above copyright
|
||||
** notice, this list of conditions and the following disclaimer in the
|
||||
** documentation and/or other materials provided with the distribution.
|
||||
** * Neither the name of Google Inc. nor the names of its contributors may
|
||||
** be used to endorse or promote products derived from this software
|
||||
** without specific prior written permission.
|
||||
**
|
||||
** THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
|
||||
** IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
** MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
||||
** EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
** SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
** PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
||||
** OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||
** WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
||||
** OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||
** ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifndef SYSTEM_CORE_INCLUDE_MINCRYPT_RSA_H_
|
||||
#define SYSTEM_CORE_INCLUDE_MINCRYPT_RSA_H_
|
||||
|
||||
#include <inttypes.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#define RSANUMBYTES 256 /* 2048 bit key length */
|
||||
#define RSANUMWORDS (RSANUMBYTES / sizeof(uint32_t))
|
||||
|
||||
typedef struct RSAPublicKey {
|
||||
int len; /* Length of n[] in number of uint32_t */
|
||||
uint32_t n0inv; /* -1 / n[0] mod 2^32 */
|
||||
uint32_t n[RSANUMWORDS]; /* modulus as little endian array */
|
||||
uint32_t rr[RSANUMWORDS]; /* R^2 as little endian array */
|
||||
int exponent; /* 3 or 65537 */
|
||||
} RSAPublicKey;
|
||||
|
||||
int RSA_verify(const RSAPublicKey *key,
|
||||
const uint8_t* signature,
|
||||
const int len,
|
||||
const uint8_t* hash,
|
||||
const int hash_len);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif // SYSTEM_CORE_INCLUDE_MINCRYPT_RSA_H_
|
52
native/jni/external/include/mincrypt/sha.h
vendored
Normal file
52
native/jni/external/include/mincrypt/sha.h
vendored
Normal file
@ -0,0 +1,52 @@
|
||||
/*
|
||||
* Copyright 2005 The Android Open Source Project
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* * Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* * Neither the name of Google Inc. nor the names of its contributors may
|
||||
* be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
||||
* EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
||||
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
||||
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
#ifndef SYSTEM_CORE_INCLUDE_MINCRYPT_SHA1_H_
|
||||
#define SYSTEM_CORE_INCLUDE_MINCRYPT_SHA1_H_
|
||||
|
||||
#include <stdint.h>
|
||||
#include "hash-internal.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif // __cplusplus
|
||||
|
||||
typedef HASH_CTX SHA_CTX;
|
||||
|
||||
void SHA_init(SHA_CTX* ctx);
|
||||
void SHA_update(SHA_CTX* ctx, const void* data, int len);
|
||||
const uint8_t* SHA_final(SHA_CTX* ctx);
|
||||
|
||||
// Convenience method. Returns digest address.
|
||||
// NOTE: *digest needs to hold SHA_DIGEST_SIZE bytes.
|
||||
const uint8_t* SHA_hash(const void* data, int len, uint8_t* digest);
|
||||
|
||||
#define SHA_DIGEST_SIZE 20
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif // __cplusplus
|
||||
|
||||
#endif // SYSTEM_CORE_INCLUDE_MINCRYPT_SHA1_H_
|
52
native/jni/external/include/mincrypt/sha256.h
vendored
Normal file
52
native/jni/external/include/mincrypt/sha256.h
vendored
Normal file
@ -0,0 +1,52 @@
|
||||
/*
|
||||
* Copyright 2011 The Android Open Source Project
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* * Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* * Neither the name of Google Inc. nor the names of its contributors may
|
||||
* be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
||||
* EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
||||
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
||||
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifndef SYSTEM_CORE_INCLUDE_MINCRYPT_SHA256_H_
|
||||
#define SYSTEM_CORE_INCLUDE_MINCRYPT_SHA256_H_
|
||||
|
||||
#include <stdint.h>
|
||||
#include "hash-internal.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif // __cplusplus
|
||||
|
||||
typedef HASH_CTX SHA256_CTX;
|
||||
|
||||
void SHA256_init(SHA256_CTX* ctx);
|
||||
void SHA256_update(SHA256_CTX* ctx, const void* data, int len);
|
||||
const uint8_t* SHA256_final(SHA256_CTX* ctx);
|
||||
|
||||
// Convenience method. Returns digest address.
|
||||
const uint8_t* SHA256_hash(const void* data, int len, uint8_t* digest);
|
||||
|
||||
#define SHA256_DIGEST_SIZE 32
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif // __cplusplus
|
||||
|
||||
#endif // SYSTEM_CORE_INCLUDE_MINCRYPT_SHA256_H_
|
126
native/jni/external/mincrypt/dsa_sig.c
vendored
Normal file
126
native/jni/external/mincrypt/dsa_sig.c
vendored
Normal file
@ -0,0 +1,126 @@
|
||||
/*
|
||||
* Copyright 2013 The Android Open Source Project
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* * Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* * Neither the name of Google Inc. nor the names of its contributors may
|
||||
* be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
||||
* EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
||||
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
||||
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#include "mincrypt/dsa_sig.h"
|
||||
#include "mincrypt/p256.h"
|
||||
|
||||
/**
|
||||
* Trims off the leading zero bytes and copy it to a buffer aligning it to the end.
|
||||
*/
|
||||
static inline int trim_to_p256_bytes(unsigned char dst[P256_NBYTES], unsigned char *src,
|
||||
int src_len) {
|
||||
int dst_offset;
|
||||
while (*src == '\0' && src_len > 0) {
|
||||
src++;
|
||||
src_len--;
|
||||
}
|
||||
if (src_len > P256_NBYTES || src_len < 1) {
|
||||
return 0;
|
||||
}
|
||||
dst_offset = P256_NBYTES - src_len;
|
||||
memset(dst, 0, dst_offset);
|
||||
memcpy(dst + dst_offset, src, src_len);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Unpacks the ASN.1 DSA signature sequence.
|
||||
*/
|
||||
int dsa_sig_unpack(unsigned char* sig, int sig_len, p256_int* r_int, p256_int* s_int) {
|
||||
/*
|
||||
* Structure is:
|
||||
* 0x30 0xNN SEQUENCE + s_length
|
||||
* 0x02 0xNN INTEGER + r_length
|
||||
* 0xAA 0xBB .. r_length bytes of "r" (offset 4)
|
||||
* 0x02 0xNN INTEGER + s_length
|
||||
* 0xMM 0xNN .. s_length bytes of "s" (offset 6 + r_len)
|
||||
*/
|
||||
int seq_len;
|
||||
unsigned char r_bytes[P256_NBYTES];
|
||||
unsigned char s_bytes[P256_NBYTES];
|
||||
int r_len;
|
||||
int s_len;
|
||||
|
||||
memset(r_bytes, 0, sizeof(r_bytes));
|
||||
memset(s_bytes, 0, sizeof(s_bytes));
|
||||
|
||||
/*
|
||||
* Must have at least:
|
||||
* 2 bytes sequence header and length
|
||||
* 2 bytes R integer header and length
|
||||
* 1 byte of R
|
||||
* 2 bytes S integer header and length
|
||||
* 1 byte of S
|
||||
*
|
||||
* 8 bytes total
|
||||
*/
|
||||
if (sig_len < 8 || sig[0] != 0x30 || sig[2] != 0x02) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
seq_len = sig[1];
|
||||
if ((seq_len <= 0) || (seq_len + 2 != sig_len)) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
r_len = sig[3];
|
||||
/*
|
||||
* Must have at least:
|
||||
* 2 bytes for R header and length
|
||||
* 2 bytes S integer header and length
|
||||
* 1 byte of S
|
||||
*/
|
||||
if ((r_len < 1) || (r_len > seq_len - 5) || (sig[4 + r_len] != 0x02)) {
|
||||
return 0;
|
||||
}
|
||||
s_len = sig[5 + r_len];
|
||||
|
||||
/**
|
||||
* Must have:
|
||||
* 2 bytes for R header and length
|
||||
* r_len bytes for R
|
||||
* 2 bytes S integer header and length
|
||||
*/
|
||||
if ((s_len < 1) || (s_len != seq_len - 4 - r_len)) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* ASN.1 encoded integers are zero-padded for positive integers. Make sure we have
|
||||
* a correctly-sized buffer and that the resulting integer isn't too large.
|
||||
*/
|
||||
if (!trim_to_p256_bytes(r_bytes, &sig[4], r_len)
|
||||
|| !trim_to_p256_bytes(s_bytes, &sig[6 + r_len], s_len)) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
p256_from_bin(r_bytes, r_int);
|
||||
p256_from_bin(s_bytes, s_int);
|
||||
|
||||
return 1;
|
||||
}
|
373
native/jni/external/mincrypt/p256.c
vendored
Normal file
373
native/jni/external/mincrypt/p256.c
vendored
Normal file
@ -0,0 +1,373 @@
|
||||
/*
|
||||
* Copyright 2013 The Android Open Source Project
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* * Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* * Neither the name of Google Inc. nor the names of its contributors may
|
||||
* be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
||||
* EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
||||
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
||||
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
// This is an implementation of the P256 elliptic curve group. It's written to
|
||||
// be portable 32-bit, although it's still constant-time.
|
||||
//
|
||||
// WARNING: Implementing these functions in a constant-time manner is far from
|
||||
// obvious. Be careful when touching this code.
|
||||
//
|
||||
// See http://www.imperialviolet.org/2010/12/04/ecc.html ([1]) for background.
|
||||
|
||||
#include <assert.h>
|
||||
#include <stdint.h>
|
||||
#include <string.h>
|
||||
#include <stdio.h>
|
||||
|
||||
#include "mincrypt/p256.h"
|
||||
|
||||
const p256_int SECP256r1_n = // curve order
|
||||
{{0xfc632551, 0xf3b9cac2, 0xa7179e84, 0xbce6faad, -1, -1, 0, -1}};
|
||||
|
||||
const p256_int SECP256r1_p = // curve field size
|
||||
{{-1, -1, -1, 0, 0, 0, 1, -1 }};
|
||||
|
||||
const p256_int SECP256r1_b = // curve b
|
||||
{{0x27d2604b, 0x3bce3c3e, 0xcc53b0f6, 0x651d06b0,
|
||||
0x769886bc, 0xb3ebbd55, 0xaa3a93e7, 0x5ac635d8}};
|
||||
|
||||
void p256_init(p256_int* a) {
|
||||
memset(a, 0, sizeof(*a));
|
||||
}
|
||||
|
||||
void p256_clear(p256_int* a) { p256_init(a); }
|
||||
|
||||
int p256_get_bit(const p256_int* scalar, int bit) {
|
||||
return (P256_DIGIT(scalar, bit / P256_BITSPERDIGIT)
|
||||
>> (bit & (P256_BITSPERDIGIT - 1))) & 1;
|
||||
}
|
||||
|
||||
int p256_is_zero(const p256_int* a) {
|
||||
int i, result = 0;
|
||||
for (i = 0; i < P256_NDIGITS; ++i) result |= P256_DIGIT(a, i);
|
||||
return !result;
|
||||
}
|
||||
|
||||
// top, c[] += a[] * b
|
||||
// Returns new top
|
||||
static p256_digit mulAdd(const p256_int* a,
|
||||
p256_digit b,
|
||||
p256_digit top,
|
||||
p256_digit* c) {
|
||||
int i;
|
||||
p256_ddigit carry = 0;
|
||||
|
||||
for (i = 0; i < P256_NDIGITS; ++i) {
|
||||
carry += *c;
|
||||
carry += (p256_ddigit)P256_DIGIT(a, i) * b;
|
||||
*c++ = (p256_digit)carry;
|
||||
carry >>= P256_BITSPERDIGIT;
|
||||
}
|
||||
return top + (p256_digit)carry;
|
||||
}
|
||||
|
||||
// top, c[] -= top_a, a[]
|
||||
static p256_digit subTop(p256_digit top_a,
|
||||
const p256_digit* a,
|
||||
p256_digit top_c,
|
||||
p256_digit* c) {
|
||||
int i;
|
||||
p256_sddigit borrow = 0;
|
||||
|
||||
for (i = 0; i < P256_NDIGITS; ++i) {
|
||||
borrow += *c;
|
||||
borrow -= *a++;
|
||||
*c++ = (p256_digit)borrow;
|
||||
borrow >>= P256_BITSPERDIGIT;
|
||||
}
|
||||
borrow += top_c;
|
||||
borrow -= top_a;
|
||||
top_c = (p256_digit)borrow;
|
||||
assert((borrow >> P256_BITSPERDIGIT) == 0);
|
||||
return top_c;
|
||||
}
|
||||
|
||||
// top, c[] -= MOD[] & mask (0 or -1)
|
||||
// returns new top.
|
||||
static p256_digit subM(const p256_int* MOD,
|
||||
p256_digit top,
|
||||
p256_digit* c,
|
||||
p256_digit mask) {
|
||||
int i;
|
||||
p256_sddigit borrow = 0;
|
||||
for (i = 0; i < P256_NDIGITS; ++i) {
|
||||
borrow += *c;
|
||||
borrow -= P256_DIGIT(MOD, i) & mask;
|
||||
*c++ = (p256_digit)borrow;
|
||||
borrow >>= P256_BITSPERDIGIT;
|
||||
}
|
||||
return top + (p256_digit)borrow;
|
||||
}
|
||||
|
||||
// top, c[] += MOD[] & mask (0 or -1)
|
||||
// returns new top.
|
||||
static p256_digit addM(const p256_int* MOD,
|
||||
p256_digit top,
|
||||
p256_digit* c,
|
||||
p256_digit mask) {
|
||||
int i;
|
||||
p256_ddigit carry = 0;
|
||||
for (i = 0; i < P256_NDIGITS; ++i) {
|
||||
carry += *c;
|
||||
carry += P256_DIGIT(MOD, i) & mask;
|
||||
*c++ = (p256_digit)carry;
|
||||
carry >>= P256_BITSPERDIGIT;
|
||||
}
|
||||
return top + (p256_digit)carry;
|
||||
}
|
||||
|
||||
// c = a * b mod MOD. c can be a and/or b.
|
||||
void p256_modmul(const p256_int* MOD,
|
||||
const p256_int* a,
|
||||
const p256_digit top_b,
|
||||
const p256_int* b,
|
||||
p256_int* c) {
|
||||
p256_digit tmp[P256_NDIGITS * 2 + 1] = { 0 };
|
||||
p256_digit top = 0;
|
||||
int i;
|
||||
|
||||
// Multiply/add into tmp.
|
||||
for (i = 0; i < P256_NDIGITS; ++i) {
|
||||
if (i) tmp[i + P256_NDIGITS - 1] = top;
|
||||
top = mulAdd(a, P256_DIGIT(b, i), 0, tmp + i);
|
||||
}
|
||||
|
||||
// Multiply/add top digit
|
||||
tmp[i + P256_NDIGITS - 1] = top;
|
||||
top = mulAdd(a, top_b, 0, tmp + i);
|
||||
|
||||
// Reduce tmp, digit by digit.
|
||||
for (; i >= 0; --i) {
|
||||
p256_digit reducer[P256_NDIGITS] = { 0 };
|
||||
p256_digit top_reducer;
|
||||
|
||||
// top can be any value at this point.
|
||||
// Guestimate reducer as top * MOD, since msw of MOD is -1.
|
||||
top_reducer = mulAdd(MOD, top, 0, reducer);
|
||||
|
||||
// Subtract reducer from top | tmp.
|
||||
top = subTop(top_reducer, reducer, top, tmp + i);
|
||||
|
||||
// top is now either 0 or 1. Make it 0, fixed-timing.
|
||||
assert(top <= 1);
|
||||
|
||||
top = subM(MOD, top, tmp + i, ~(top - 1));
|
||||
|
||||
assert(top == 0);
|
||||
|
||||
// We have now reduced the top digit off tmp. Fetch new top digit.
|
||||
top = tmp[i + P256_NDIGITS - 1];
|
||||
}
|
||||
|
||||
// tmp might still be larger than MOD, yet same bit length.
|
||||
// Make sure it is less, fixed-timing.
|
||||
addM(MOD, 0, tmp, subM(MOD, 0, tmp, -1));
|
||||
|
||||
memcpy(c, tmp, P256_NBYTES);
|
||||
}
|
||||
int p256_is_odd(const p256_int* a) { return P256_DIGIT(a, 0) & 1; }
|
||||
int p256_is_even(const p256_int* a) { return !(P256_DIGIT(a, 0) & 1); }
|
||||
|
||||
p256_digit p256_shl(const p256_int* a, int n, p256_int* b) {
|
||||
int i;
|
||||
p256_digit top = P256_DIGIT(a, P256_NDIGITS - 1);
|
||||
|
||||
n %= P256_BITSPERDIGIT;
|
||||
for (i = P256_NDIGITS - 1; i > 0; --i) {
|
||||
p256_digit accu = (P256_DIGIT(a, i) << n);
|
||||
accu |= (P256_DIGIT(a, i - 1) >> (P256_BITSPERDIGIT - n));
|
||||
P256_DIGIT(b, i) = accu;
|
||||
}
|
||||
P256_DIGIT(b, i) = (P256_DIGIT(a, i) << n);
|
||||
|
||||
top = (p256_digit)((((p256_ddigit)top) << n) >> P256_BITSPERDIGIT);
|
||||
|
||||
return top;
|
||||
}
|
||||
|
||||
void p256_shr(const p256_int* a, int n, p256_int* b) {
|
||||
int i;
|
||||
|
||||
n %= P256_BITSPERDIGIT;
|
||||
for (i = 0; i < P256_NDIGITS - 1; ++i) {
|
||||
p256_digit accu = (P256_DIGIT(a, i) >> n);
|
||||
accu |= (P256_DIGIT(a, i + 1) << (P256_BITSPERDIGIT - n));
|
||||
P256_DIGIT(b, i) = accu;
|
||||
}
|
||||
P256_DIGIT(b, i) = (P256_DIGIT(a, i) >> n);
|
||||
}
|
||||
|
||||
static void p256_shr1(const p256_int* a, int highbit, p256_int* b) {
|
||||
int i;
|
||||
|
||||
for (i = 0; i < P256_NDIGITS - 1; ++i) {
|
||||
p256_digit accu = (P256_DIGIT(a, i) >> 1);
|
||||
accu |= (P256_DIGIT(a, i + 1) << (P256_BITSPERDIGIT - 1));
|
||||
P256_DIGIT(b, i) = accu;
|
||||
}
|
||||
P256_DIGIT(b, i) = (P256_DIGIT(a, i) >> 1) |
|
||||
(highbit << (P256_BITSPERDIGIT - 1));
|
||||
}
|
||||
|
||||
// Return -1, 0, 1 for a < b, a == b or a > b respectively.
|
||||
int p256_cmp(const p256_int* a, const p256_int* b) {
|
||||
int i;
|
||||
p256_sddigit borrow = 0;
|
||||
p256_digit notzero = 0;
|
||||
|
||||
for (i = 0; i < P256_NDIGITS; ++i) {
|
||||
borrow += (p256_sddigit)P256_DIGIT(a, i) - P256_DIGIT(b, i);
|
||||
// Track whether any result digit is ever not zero.
|
||||
// Relies on !!(non-zero) evaluating to 1, e.g., !!(-1) evaluating to 1.
|
||||
notzero |= !!((p256_digit)borrow);
|
||||
borrow >>= P256_BITSPERDIGIT;
|
||||
}
|
||||
return (int)borrow | notzero;
|
||||
}
|
||||
|
||||
// c = a - b. Returns borrow: 0 or -1.
|
||||
int p256_sub(const p256_int* a, const p256_int* b, p256_int* c) {
|
||||
int i;
|
||||
p256_sddigit borrow = 0;
|
||||
|
||||
for (i = 0; i < P256_NDIGITS; ++i) {
|
||||
borrow += (p256_sddigit)P256_DIGIT(a, i) - P256_DIGIT(b, i);
|
||||
if (c) P256_DIGIT(c, i) = (p256_digit)borrow;
|
||||
borrow >>= P256_BITSPERDIGIT;
|
||||
}
|
||||
return (int)borrow;
|
||||
}
|
||||
|
||||
// c = a + b. Returns carry: 0 or 1.
|
||||
int p256_add(const p256_int* a, const p256_int* b, p256_int* c) {
|
||||
int i;
|
||||
p256_ddigit carry = 0;
|
||||
|
||||
for (i = 0; i < P256_NDIGITS; ++i) {
|
||||
carry += (p256_ddigit)P256_DIGIT(a, i) + P256_DIGIT(b, i);
|
||||
if (c) P256_DIGIT(c, i) = (p256_digit)carry;
|
||||
carry >>= P256_BITSPERDIGIT;
|
||||
}
|
||||
return (int)carry;
|
||||
}
|
||||
|
||||
// b = a + d. Returns carry, 0 or 1.
|
||||
int p256_add_d(const p256_int* a, p256_digit d, p256_int* b) {
|
||||
int i;
|
||||
p256_ddigit carry = d;
|
||||
|
||||
for (i = 0; i < P256_NDIGITS; ++i) {
|
||||
carry += (p256_ddigit)P256_DIGIT(a, i);
|
||||
if (b) P256_DIGIT(b, i) = (p256_digit)carry;
|
||||
carry >>= P256_BITSPERDIGIT;
|
||||
}
|
||||
return (int)carry;
|
||||
}
|
||||
|
||||
// b = 1/a mod MOD, binary euclid.
|
||||
void p256_modinv_vartime(const p256_int* MOD,
|
||||
const p256_int* a,
|
||||
p256_int* b) {
|
||||
p256_int R = P256_ZERO;
|
||||
p256_int S = P256_ONE;
|
||||
p256_int U = *MOD;
|
||||
p256_int V = *a;
|
||||
|
||||
for (;;) {
|
||||
if (p256_is_even(&U)) {
|
||||
p256_shr1(&U, 0, &U);
|
||||
if (p256_is_even(&R)) {
|
||||
p256_shr1(&R, 0, &R);
|
||||
} else {
|
||||
// R = (R+MOD)/2
|
||||
p256_shr1(&R, p256_add(&R, MOD, &R), &R);
|
||||
}
|
||||
} else if (p256_is_even(&V)) {
|
||||
p256_shr1(&V, 0, &V);
|
||||
if (p256_is_even(&S)) {
|
||||
p256_shr1(&S, 0, &S);
|
||||
} else {
|
||||
// S = (S+MOD)/2
|
||||
p256_shr1(&S, p256_add(&S, MOD, &S) , &S);
|
||||
}
|
||||
} else { // U,V both odd.
|
||||
if (!p256_sub(&V, &U, NULL)) {
|
||||
p256_sub(&V, &U, &V);
|
||||
if (p256_sub(&S, &R, &S)) p256_add(&S, MOD, &S);
|
||||
if (p256_is_zero(&V)) break; // done.
|
||||
} else {
|
||||
p256_sub(&U, &V, &U);
|
||||
if (p256_sub(&R, &S, &R)) p256_add(&R, MOD, &R);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
p256_mod(MOD, &R, b);
|
||||
}
|
||||
|
||||
void p256_mod(const p256_int* MOD,
|
||||
const p256_int* in,
|
||||
p256_int* out) {
|
||||
if (out != in) *out = *in;
|
||||
addM(MOD, 0, P256_DIGITS(out), subM(MOD, 0, P256_DIGITS(out), -1));
|
||||
}
|
||||
|
||||
// Verify y^2 == x^3 - 3x + b mod p
|
||||
// and 0 < x < p and 0 < y < p
|
||||
int p256_is_valid_point(const p256_int* x, const p256_int* y) {
|
||||
p256_int y2, x3;
|
||||
|
||||
if (p256_cmp(&SECP256r1_p, x) <= 0 ||
|
||||
p256_cmp(&SECP256r1_p, y) <= 0 ||
|
||||
p256_is_zero(x) ||
|
||||
p256_is_zero(y)) return 0;
|
||||
|
||||
p256_modmul(&SECP256r1_p, y, 0, y, &y2); // y^2
|
||||
|
||||
p256_modmul(&SECP256r1_p, x, 0, x, &x3); // x^2
|
||||
p256_modmul(&SECP256r1_p, x, 0, &x3, &x3); // x^3
|
||||
if (p256_sub(&x3, x, &x3)) p256_add(&x3, &SECP256r1_p, &x3); // x^3 - x
|
||||
if (p256_sub(&x3, x, &x3)) p256_add(&x3, &SECP256r1_p, &x3); // x^3 - 2x
|
||||
if (p256_sub(&x3, x, &x3)) p256_add(&x3, &SECP256r1_p, &x3); // x^3 - 3x
|
||||
if (p256_add(&x3, &SECP256r1_b, &x3)) // x^3 - 3x + b
|
||||
p256_sub(&x3, &SECP256r1_p, &x3);
|
||||
|
||||
return p256_cmp(&y2, &x3) == 0;
|
||||
}
|
||||
|
||||
void p256_from_bin(const uint8_t src[P256_NBYTES], p256_int* dst) {
|
||||
int i;
|
||||
const uint8_t* p = &src[0];
|
||||
|
||||
for (i = P256_NDIGITS - 1; i >= 0; --i) {
|
||||
P256_DIGIT(dst, i) =
|
||||
(p[0] << 24) |
|
||||
(p[1] << 16) |
|
||||
(p[2] << 8) |
|
||||
p[3];
|
||||
p += 4;
|
||||
}
|
||||
}
|
1279
native/jni/external/mincrypt/p256_ec.c
vendored
Normal file
1279
native/jni/external/mincrypt/p256_ec.c
vendored
Normal file
File diff suppressed because it is too large
Load Diff
56
native/jni/external/mincrypt/p256_ecdsa.c
vendored
Normal file
56
native/jni/external/mincrypt/p256_ecdsa.c
vendored
Normal file
@ -0,0 +1,56 @@
|
||||
/*
|
||||
* Copyright 2013 The Android Open Source Project
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* * Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* * Neither the name of Google Inc. nor the names of its contributors may
|
||||
* be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
||||
* EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
||||
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
||||
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#include "mincrypt/p256_ecdsa.h"
|
||||
#include "mincrypt/p256.h"
|
||||
|
||||
int p256_ecdsa_verify(const p256_int* key_x, const p256_int* key_y,
|
||||
const p256_int* message,
|
||||
const p256_int* r, const p256_int* s) {
|
||||
p256_int u, v;
|
||||
|
||||
// Check public key.
|
||||
if (!p256_is_valid_point(key_x, key_y)) return 0;
|
||||
|
||||
// Check r and s are != 0 % n.
|
||||
p256_mod(&SECP256r1_n, r, &u);
|
||||
p256_mod(&SECP256r1_n, s, &v);
|
||||
if (p256_is_zero(&u) || p256_is_zero(&v)) return 0;
|
||||
|
||||
p256_modinv_vartime(&SECP256r1_n, s, &v);
|
||||
p256_modmul(&SECP256r1_n, message, 0, &v, &u); // message / s % n
|
||||
p256_modmul(&SECP256r1_n, r, 0, &v, &v); // r / s % n
|
||||
|
||||
p256_points_mul_vartime(&u, &v,
|
||||
key_x, key_y,
|
||||
&u, &v);
|
||||
|
||||
p256_mod(&SECP256r1_n, &u, &u); // (x coord % p) % n
|
||||
return p256_cmp(r, &u) == 0;
|
||||
}
|
||||
|
308
native/jni/external/mincrypt/rsa.c
vendored
Normal file
308
native/jni/external/mincrypt/rsa.c
vendored
Normal file
@ -0,0 +1,308 @@
|
||||
/* rsa.c
|
||||
**
|
||||
** Copyright 2012, The Android Open Source Project
|
||||
**
|
||||
** Redistribution and use in source and binary forms, with or without
|
||||
** modification, are permitted provided that the following conditions are met:
|
||||
** * Redistributions of source code must retain the above copyright
|
||||
** notice, this list of conditions and the following disclaimer.
|
||||
** * Redistributions in binary form must reproduce the above copyright
|
||||
** notice, this list of conditions and the following disclaimer in the
|
||||
** documentation and/or other materials provided with the distribution.
|
||||
** * Neither the name of Google Inc. nor the names of its contributors may
|
||||
** be used to endorse or promote products derived from this software
|
||||
** without specific prior written permission.
|
||||
**
|
||||
** THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
|
||||
** IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
** MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
||||
** EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
** SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
** PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
||||
** OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||
** WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
||||
** OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||
** ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "mincrypt/rsa.h"
|
||||
#include "mincrypt/sha.h"
|
||||
#include "mincrypt/sha256.h"
|
||||
|
||||
// a[] -= mod
|
||||
static void subM(const RSAPublicKey* key,
|
||||
uint32_t* a) {
|
||||
int64_t A = 0;
|
||||
int i;
|
||||
for (i = 0; i < key->len; ++i) {
|
||||
A += (uint64_t)a[i] - key->n[i];
|
||||
a[i] = (uint32_t)A;
|
||||
A >>= 32;
|
||||
}
|
||||
}
|
||||
|
||||
// return a[] >= mod
|
||||
static int geM(const RSAPublicKey* key,
|
||||
const uint32_t* a) {
|
||||
int i;
|
||||
for (i = key->len; i;) {
|
||||
--i;
|
||||
if (a[i] < key->n[i]) return 0;
|
||||
if (a[i] > key->n[i]) return 1;
|
||||
}
|
||||
return 1; // equal
|
||||
}
|
||||
|
||||
// montgomery c[] += a * b[] / R % mod
|
||||
static void montMulAdd(const RSAPublicKey* key,
|
||||
uint32_t* c,
|
||||
const uint32_t a,
|
||||
const uint32_t* b) {
|
||||
uint64_t A = (uint64_t)a * b[0] + c[0];
|
||||
uint32_t d0 = (uint32_t)A * key->n0inv;
|
||||
uint64_t B = (uint64_t)d0 * key->n[0] + (uint32_t)A;
|
||||
int i;
|
||||
|
||||
for (i = 1; i < key->len; ++i) {
|
||||
A = (A >> 32) + (uint64_t)a * b[i] + c[i];
|
||||
B = (B >> 32) + (uint64_t)d0 * key->n[i] + (uint32_t)A;
|
||||
c[i - 1] = (uint32_t)B;
|
||||
}
|
||||
|
||||
A = (A >> 32) + (B >> 32);
|
||||
|
||||
c[i - 1] = (uint32_t)A;
|
||||
|
||||
if (A >> 32) {
|
||||
subM(key, c);
|
||||
}
|
||||
}
|
||||
|
||||
// montgomery c[] = a[] * b[] / R % mod
|
||||
static void montMul(const RSAPublicKey* key,
|
||||
uint32_t* c,
|
||||
const uint32_t* a,
|
||||
const uint32_t* b) {
|
||||
int i;
|
||||
for (i = 0; i < key->len; ++i) {
|
||||
c[i] = 0;
|
||||
}
|
||||
for (i = 0; i < key->len; ++i) {
|
||||
montMulAdd(key, c, a[i], b);
|
||||
}
|
||||
}
|
||||
|
||||
// In-place public exponentiation.
|
||||
// Input and output big-endian byte array in inout.
|
||||
static void modpow(const RSAPublicKey* key,
|
||||
uint8_t* inout) {
|
||||
uint32_t a[RSANUMWORDS];
|
||||
uint32_t aR[RSANUMWORDS];
|
||||
uint32_t aaR[RSANUMWORDS];
|
||||
uint32_t* aaa = 0;
|
||||
int i;
|
||||
|
||||
// Convert from big endian byte array to little endian word array.
|
||||
for (i = 0; i < key->len; ++i) {
|
||||
uint32_t tmp =
|
||||
(inout[((key->len - 1 - i) * 4) + 0] << 24) |
|
||||
(inout[((key->len - 1 - i) * 4) + 1] << 16) |
|
||||
(inout[((key->len - 1 - i) * 4) + 2] << 8) |
|
||||
(inout[((key->len - 1 - i) * 4) + 3] << 0);
|
||||
a[i] = tmp;
|
||||
}
|
||||
|
||||
if (key->exponent == 65537) {
|
||||
aaa = aaR; // Re-use location.
|
||||
montMul(key, aR, a, key->rr); // aR = a * RR / R mod M
|
||||
for (i = 0; i < 16; i += 2) {
|
||||
montMul(key, aaR, aR, aR); // aaR = aR * aR / R mod M
|
||||
montMul(key, aR, aaR, aaR); // aR = aaR * aaR / R mod M
|
||||
}
|
||||
montMul(key, aaa, aR, a); // aaa = aR * a / R mod M
|
||||
} else if (key->exponent == 3) {
|
||||
aaa = aR; // Re-use location.
|
||||
montMul(key, aR, a, key->rr); /* aR = a * RR / R mod M */
|
||||
montMul(key, aaR, aR, aR); /* aaR = aR * aR / R mod M */
|
||||
montMul(key, aaa, aaR, a); /* aaa = aaR * a / R mod M */
|
||||
}
|
||||
|
||||
// Make sure aaa < mod; aaa is at most 1x mod too large.
|
||||
if (geM(key, aaa)) {
|
||||
subM(key, aaa);
|
||||
}
|
||||
|
||||
// Convert to bigendian byte array
|
||||
for (i = key->len - 1; i >= 0; --i) {
|
||||
uint32_t tmp = aaa[i];
|
||||
*inout++ = tmp >> 24;
|
||||
*inout++ = tmp >> 16;
|
||||
*inout++ = tmp >> 8;
|
||||
*inout++ = tmp >> 0;
|
||||
}
|
||||
}
|
||||
|
||||
// Expected PKCS1.5 signature padding bytes, for a keytool RSA signature.
|
||||
// Has the 0-length optional parameter encoded in the ASN1 (as opposed to the
|
||||
// other flavor which omits the optional parameter entirely). This code does not
|
||||
// accept signatures without the optional parameter.
|
||||
|
||||
/*
|
||||
static const uint8_t sha_padding[RSANUMBYTES] = {
|
||||
0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x21, 0x30,
|
||||
0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a,
|
||||
0x05, 0x00, 0x04, 0x14,
|
||||
|
||||
// 20 bytes of hash go here.
|
||||
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
|
||||
};
|
||||
*/
|
||||
|
||||
// SHA-1 of PKCS1.5 signature sha_padding for 2048 bit, as above.
|
||||
// At the location of the bytes of the hash all 00 are hashed.
|
||||
static const uint8_t kExpectedPadShaRsa2048[SHA_DIGEST_SIZE] = {
|
||||
0xdc, 0xbd, 0xbe, 0x42, 0xd5, 0xf5, 0xa7, 0x2e,
|
||||
0x6e, 0xfc, 0xf5, 0x5d, 0xaf, 0x9d, 0xea, 0x68,
|
||||
0x7c, 0xfb, 0xf1, 0x67
|
||||
};
|
||||
|
||||
/*
|
||||
static const uint8_t sha256_padding[RSANUMBYTES] = {
|
||||
0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x31, 0x30,
|
||||
0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65,
|
||||
0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20,
|
||||
|
||||
// 32 bytes of hash go here.
|
||||
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
|
||||
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
|
||||
};
|
||||
*/
|
||||
|
||||
// SHA-256 of PKCS1.5 signature sha256_padding for 2048 bit, as above.
|
||||
// At the location of the bytes of the hash all 00 are hashed.
|
||||
static const uint8_t kExpectedPadSha256Rsa2048[SHA256_DIGEST_SIZE] = {
|
||||
0xab, 0x28, 0x8d, 0x8a, 0xd7, 0xd9, 0x59, 0x92,
|
||||
0xba, 0xcc, 0xf8, 0x67, 0x20, 0xe1, 0x15, 0x2e,
|
||||
0x39, 0x8d, 0x80, 0x36, 0xd6, 0x6f, 0xf0, 0xfd,
|
||||
0x90, 0xe8, 0x7d, 0x8b, 0xe1, 0x7c, 0x87, 0x59,
|
||||
};
|
||||
|
||||
// Verify a 2048-bit RSA PKCS1.5 signature against an expected hash.
|
||||
// Both e=3 and e=65537 are supported. hash_len may be
|
||||
// SHA_DIGEST_SIZE (== 20) to indicate a SHA-1 hash, or
|
||||
// SHA256_DIGEST_SIZE (== 32) to indicate a SHA-256 hash. No other
|
||||
// values are supported.
|
||||
//
|
||||
// Returns 1 on successful verification, 0 on failure.
|
||||
int RSA_verify(const RSAPublicKey *key,
|
||||
const uint8_t *signature,
|
||||
const int len,
|
||||
const uint8_t *hash,
|
||||
const int hash_len) {
|
||||
uint8_t buf[RSANUMBYTES];
|
||||
int i;
|
||||
const uint8_t* padding_hash;
|
||||
|
||||
if (key->len != RSANUMWORDS) {
|
||||
return 0; // Wrong key passed in.
|
||||
}
|
||||
|
||||
if (len != sizeof(buf)) {
|
||||
return 0; // Wrong input length.
|
||||
}
|
||||
|
||||
if (hash_len != SHA_DIGEST_SIZE &&
|
||||
hash_len != SHA256_DIGEST_SIZE) {
|
||||
return 0; // Unsupported hash.
|
||||
}
|
||||
|
||||
if (key->exponent != 3 && key->exponent != 65537) {
|
||||
return 0; // Unsupported exponent.
|
||||
}
|
||||
|
||||
for (i = 0; i < len; ++i) { // Copy input to local workspace.
|
||||
buf[i] = signature[i];
|
||||
}
|
||||
|
||||
modpow(key, buf); // In-place exponentiation.
|
||||
|
||||
// Xor sha portion, so it all becomes 00 iff equal.
|
||||
for (i = len - hash_len; i < len; ++i) {
|
||||
buf[i] ^= *hash++;
|
||||
}
|
||||
|
||||
// Hash resulting buf, in-place.
|
||||
switch (hash_len) {
|
||||
case SHA_DIGEST_SIZE:
|
||||
padding_hash = kExpectedPadShaRsa2048;
|
||||
SHA_hash(buf, len, buf);
|
||||
break;
|
||||
case SHA256_DIGEST_SIZE:
|
||||
padding_hash = kExpectedPadSha256Rsa2048;
|
||||
SHA256_hash(buf, len, buf);
|
||||
break;
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
|
||||
// Compare against expected hash value.
|
||||
for (i = 0; i < hash_len; ++i) {
|
||||
if (buf[i] != padding_hash[i]) {
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
return 1; // All checked out OK.
|
||||
}
|
155
native/jni/external/mincrypt/sha.c
vendored
Normal file
155
native/jni/external/mincrypt/sha.c
vendored
Normal file
@ -0,0 +1,155 @@
|
||||
/* sha.c
|
||||
**
|
||||
** Copyright 2013, The Android Open Source Project
|
||||
**
|
||||
** Redistribution and use in source and binary forms, with or without
|
||||
** modification, are permitted provided that the following conditions are met:
|
||||
** * Redistributions of source code must retain the above copyright
|
||||
** notice, this list of conditions and the following disclaimer.
|
||||
** * Redistributions in binary form must reproduce the above copyright
|
||||
** notice, this list of conditions and the following disclaimer in the
|
||||
** documentation and/or other materials provided with the distribution.
|
||||
** * Neither the name of Google Inc. nor the names of its contributors may
|
||||
** be used to endorse or promote products derived from this software
|
||||
** without specific prior written permission.
|
||||
**
|
||||
** THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
|
||||
** IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
** MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
||||
** EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
** SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
** PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
||||
** OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||
** WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
||||
** OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||
** ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
// Optimized for minimal code size.
|
||||
|
||||
#include "mincrypt/sha.h"
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#define rol(bits, value) (((value) << (bits)) | ((value) >> (32 - (bits))))
|
||||
|
||||
static void SHA1_Transform(SHA_CTX* ctx) {
|
||||
uint32_t W[80];
|
||||
uint32_t A, B, C, D, E;
|
||||
uint8_t* p = ctx->buf;
|
||||
int t;
|
||||
|
||||
for(t = 0; t < 16; ++t) {
|
||||
uint32_t tmp = *p++ << 24;
|
||||
tmp |= *p++ << 16;
|
||||
tmp |= *p++ << 8;
|
||||
tmp |= *p++;
|
||||
W[t] = tmp;
|
||||
}
|
||||
|
||||
for(; t < 80; t++) {
|
||||
W[t] = rol(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);
|
||||
}
|
||||
|
||||
A = ctx->state[0];
|
||||
B = ctx->state[1];
|
||||
C = ctx->state[2];
|
||||
D = ctx->state[3];
|
||||
E = ctx->state[4];
|
||||
|
||||
for(t = 0; t < 80; t++) {
|
||||
uint32_t tmp = rol(5,A) + E + W[t];
|
||||
|
||||
if (t < 20)
|
||||
tmp += (D^(B&(C^D))) + 0x5A827999;
|
||||
else if ( t < 40)
|
||||
tmp += (B^C^D) + 0x6ED9EBA1;
|
||||
else if ( t < 60)
|
||||
tmp += ((B&C)|(D&(B|C))) + 0x8F1BBCDC;
|
||||
else
|
||||
tmp += (B^C^D) + 0xCA62C1D6;
|
||||
|
||||
E = D;
|
||||
D = C;
|
||||
C = rol(30,B);
|
||||
B = A;
|
||||
A = tmp;
|
||||
}
|
||||
|
||||
ctx->state[0] += A;
|
||||
ctx->state[1] += B;
|
||||
ctx->state[2] += C;
|
||||
ctx->state[3] += D;
|
||||
ctx->state[4] += E;
|
||||
}
|
||||
|
||||
static const HASH_VTAB SHA_VTAB = {
|
||||
SHA_init,
|
||||
SHA_update,
|
||||
SHA_final,
|
||||
SHA_hash,
|
||||
SHA_DIGEST_SIZE
|
||||
};
|
||||
|
||||
void SHA_init(SHA_CTX* ctx) {
|
||||
ctx->f = &SHA_VTAB;
|
||||
ctx->state[0] = 0x67452301;
|
||||
ctx->state[1] = 0xEFCDAB89;
|
||||
ctx->state[2] = 0x98BADCFE;
|
||||
ctx->state[3] = 0x10325476;
|
||||
ctx->state[4] = 0xC3D2E1F0;
|
||||
ctx->count = 0;
|
||||
}
|
||||
|
||||
|
||||
void SHA_update(SHA_CTX* ctx, const void* data, int len) {
|
||||
int i = (int) (ctx->count & 63);
|
||||
const uint8_t* p = (const uint8_t*)data;
|
||||
|
||||
ctx->count += len;
|
||||
|
||||
while (len--) {
|
||||
ctx->buf[i++] = *p++;
|
||||
if (i == 64) {
|
||||
SHA1_Transform(ctx);
|
||||
i = 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
const uint8_t* SHA_final(SHA_CTX* ctx) {
|
||||
uint8_t *p = ctx->buf;
|
||||
uint64_t cnt = ctx->count * 8;
|
||||
int i;
|
||||
|
||||
SHA_update(ctx, (uint8_t*)"\x80", 1);
|
||||
while ((ctx->count & 63) != 56) {
|
||||
SHA_update(ctx, (uint8_t*)"\0", 1);
|
||||
}
|
||||
for (i = 0; i < 8; ++i) {
|
||||
uint8_t tmp = (uint8_t) (cnt >> ((7 - i) * 8));
|
||||
SHA_update(ctx, &tmp, 1);
|
||||
}
|
||||
|
||||
for (i = 0; i < 5; i++) {
|
||||
uint32_t tmp = ctx->state[i];
|
||||
*p++ = tmp >> 24;
|
||||
*p++ = tmp >> 16;
|
||||
*p++ = tmp >> 8;
|
||||
*p++ = tmp >> 0;
|
||||
}
|
||||
|
||||
return ctx->buf;
|
||||
}
|
||||
|
||||
/* Convenience function */
|
||||
const uint8_t* SHA_hash(const void* data, int len, uint8_t* digest) {
|
||||
SHA_CTX ctx;
|
||||
SHA_init(&ctx);
|
||||
SHA_update(&ctx, data, len);
|
||||
memcpy(digest, SHA_final(&ctx), SHA_DIGEST_SIZE);
|
||||
return digest;
|
||||
}
|
184
native/jni/external/mincrypt/sha256.c
vendored
Normal file
184
native/jni/external/mincrypt/sha256.c
vendored
Normal file
@ -0,0 +1,184 @@
|
||||
/* sha256.c
|
||||
**
|
||||
** Copyright 2013, The Android Open Source Project
|
||||
**
|
||||
** Redistribution and use in source and binary forms, with or without
|
||||
** modification, are permitted provided that the following conditions are met:
|
||||
** * Redistributions of source code must retain the above copyright
|
||||
** notice, this list of conditions and the following disclaimer.
|
||||
** * Redistributions in binary form must reproduce the above copyright
|
||||
** notice, this list of conditions and the following disclaimer in the
|
||||
** documentation and/or other materials provided with the distribution.
|
||||
** * Neither the name of Google Inc. nor the names of its contributors may
|
||||
** be used to endorse or promote products derived from this software
|
||||
** without specific prior written permission.
|
||||
**
|
||||
** THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
|
||||
** IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
** MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
||||
** EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
** SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
** PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
||||
** OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||
** WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
||||
** OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||
** ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
// Optimized for minimal code size.
|
||||
|
||||
#include "mincrypt/sha256.h"
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#define ror(value, bits) (((value) >> (bits)) | ((value) << (32 - (bits))))
|
||||
#define shr(value, bits) ((value) >> (bits))
|
||||
|
||||
static const uint32_t K[64] = {
|
||||
0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
|
||||
0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
|
||||
0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
|
||||
0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
|
||||
0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
|
||||
0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
|
||||
0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
|
||||
0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
|
||||
0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
|
||||
0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
|
||||
0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
|
||||
0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
|
||||
0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
|
||||
0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
|
||||
0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
|
||||
0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 };
|
||||
|
||||
static void SHA256_Transform(SHA256_CTX* ctx) {
|
||||
uint32_t W[64];
|
||||
uint32_t A, B, C, D, E, F, G, H;
|
||||
uint8_t* p = ctx->buf;
|
||||
int t;
|
||||
|
||||
for(t = 0; t < 16; ++t) {
|
||||
uint32_t tmp = *p++ << 24;
|
||||
tmp |= *p++ << 16;
|
||||
tmp |= *p++ << 8;
|
||||
tmp |= *p++;
|
||||
W[t] = tmp;
|
||||
}
|
||||
|
||||
for(; t < 64; t++) {
|
||||
uint32_t s0 = ror(W[t-15], 7) ^ ror(W[t-15], 18) ^ shr(W[t-15], 3);
|
||||
uint32_t s1 = ror(W[t-2], 17) ^ ror(W[t-2], 19) ^ shr(W[t-2], 10);
|
||||
W[t] = W[t-16] + s0 + W[t-7] + s1;
|
||||
}
|
||||
|
||||
A = ctx->state[0];
|
||||
B = ctx->state[1];
|
||||
C = ctx->state[2];
|
||||
D = ctx->state[3];
|
||||
E = ctx->state[4];
|
||||
F = ctx->state[5];
|
||||
G = ctx->state[6];
|
||||
H = ctx->state[7];
|
||||
|
||||
for(t = 0; t < 64; t++) {
|
||||
uint32_t s0 = ror(A, 2) ^ ror(A, 13) ^ ror(A, 22);
|
||||
uint32_t maj = (A & B) ^ (A & C) ^ (B & C);
|
||||
uint32_t t2 = s0 + maj;
|
||||
uint32_t s1 = ror(E, 6) ^ ror(E, 11) ^ ror(E, 25);
|
||||
uint32_t ch = (E & F) ^ ((~E) & G);
|
||||
uint32_t t1 = H + s1 + ch + K[t] + W[t];
|
||||
|
||||
H = G;
|
||||
G = F;
|
||||
F = E;
|
||||
E = D + t1;
|
||||
D = C;
|
||||
C = B;
|
||||
B = A;
|
||||
A = t1 + t2;
|
||||
}
|
||||
|
||||
ctx->state[0] += A;
|
||||
ctx->state[1] += B;
|
||||
ctx->state[2] += C;
|
||||
ctx->state[3] += D;
|
||||
ctx->state[4] += E;
|
||||
ctx->state[5] += F;
|
||||
ctx->state[6] += G;
|
||||
ctx->state[7] += H;
|
||||
}
|
||||
|
||||
static const HASH_VTAB SHA256_VTAB = {
|
||||
SHA256_init,
|
||||
SHA256_update,
|
||||
SHA256_final,
|
||||
SHA256_hash,
|
||||
SHA256_DIGEST_SIZE
|
||||
};
|
||||
|
||||
void SHA256_init(SHA256_CTX* ctx) {
|
||||
ctx->f = &SHA256_VTAB;
|
||||
ctx->state[0] = 0x6a09e667;
|
||||
ctx->state[1] = 0xbb67ae85;
|
||||
ctx->state[2] = 0x3c6ef372;
|
||||
ctx->state[3] = 0xa54ff53a;
|
||||
ctx->state[4] = 0x510e527f;
|
||||
ctx->state[5] = 0x9b05688c;
|
||||
ctx->state[6] = 0x1f83d9ab;
|
||||
ctx->state[7] = 0x5be0cd19;
|
||||
ctx->count = 0;
|
||||
}
|
||||
|
||||
|
||||
void SHA256_update(SHA256_CTX* ctx, const void* data, int len) {
|
||||
int i = (int) (ctx->count & 63);
|
||||
const uint8_t* p = (const uint8_t*)data;
|
||||
|
||||
ctx->count += len;
|
||||
|
||||
while (len--) {
|
||||
ctx->buf[i++] = *p++;
|
||||
if (i == 64) {
|
||||
SHA256_Transform(ctx);
|
||||
i = 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
const uint8_t* SHA256_final(SHA256_CTX* ctx) {
|
||||
uint8_t *p = ctx->buf;
|
||||
uint64_t cnt = ctx->count * 8;
|
||||
int i;
|
||||
|
||||
SHA256_update(ctx, (uint8_t*)"\x80", 1);
|
||||
while ((ctx->count & 63) != 56) {
|
||||
SHA256_update(ctx, (uint8_t*)"\0", 1);
|
||||
}
|
||||
for (i = 0; i < 8; ++i) {
|
||||
uint8_t tmp = (uint8_t) (cnt >> ((7 - i) * 8));
|
||||
SHA256_update(ctx, &tmp, 1);
|
||||
}
|
||||
|
||||
for (i = 0; i < 8; i++) {
|
||||
uint32_t tmp = ctx->state[i];
|
||||
*p++ = tmp >> 24;
|
||||
*p++ = tmp >> 16;
|
||||
*p++ = tmp >> 8;
|
||||
*p++ = tmp >> 0;
|
||||
}
|
||||
|
||||
return ctx->buf;
|
||||
}
|
||||
|
||||
/* Convenience function */
|
||||
const uint8_t* SHA256_hash(const void* data, int len, uint8_t* digest) {
|
||||
SHA256_CTX ctx;
|
||||
SHA256_init(&ctx);
|
||||
SHA256_update(&ctx, data, len);
|
||||
memcpy(digest, SHA256_final(&ctx), SHA256_DIGEST_SIZE);
|
||||
return digest;
|
||||
}
|
295
native/jni/external/sha1/sha1.c
vendored
295
native/jni/external/sha1/sha1.c
vendored
@ -1,295 +0,0 @@
|
||||
/*
|
||||
SHA-1 in C
|
||||
By Steve Reid <steve@edmweb.com>
|
||||
100% Public Domain
|
||||
|
||||
Test Vectors (from FIPS PUB 180-1)
|
||||
"abc"
|
||||
A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
|
||||
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
|
||||
84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
|
||||
A million repetitions of "a"
|
||||
34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
|
||||
*/
|
||||
|
||||
/* #define LITTLE_ENDIAN * This should be #define'd already, if true. */
|
||||
/* #define SHA1HANDSOFF * Copies data before messing with it. */
|
||||
|
||||
#define SHA1HANDSOFF
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
/* for uint32_t */
|
||||
#include <stdint.h>
|
||||
|
||||
#include "sha1.h"
|
||||
|
||||
|
||||
#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
|
||||
|
||||
/* blk0() and blk() perform the initial expand. */
|
||||
/* I got the idea of expanding during the round function from SSLeay */
|
||||
#if BYTE_ORDER == LITTLE_ENDIAN
|
||||
#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \
|
||||
|(rol(block->l[i],8)&0x00FF00FF))
|
||||
#elif BYTE_ORDER == BIG_ENDIAN
|
||||
#define blk0(i) block->l[i]
|
||||
#else
|
||||
#error "Endianness not defined!"
|
||||
#endif
|
||||
#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
|
||||
^block->l[(i+2)&15]^block->l[i&15],1))
|
||||
|
||||
/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
|
||||
#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
|
||||
#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
|
||||
#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
|
||||
#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
|
||||
#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
|
||||
|
||||
|
||||
/* Hash a single 512-bit block. This is the core of the algorithm. */
|
||||
|
||||
void SHA1Transform(
|
||||
uint32_t state[5],
|
||||
const unsigned char buffer[64]
|
||||
)
|
||||
{
|
||||
uint32_t a, b, c, d, e;
|
||||
|
||||
typedef union
|
||||
{
|
||||
unsigned char c[64];
|
||||
uint32_t l[16];
|
||||
} CHAR64LONG16;
|
||||
|
||||
#ifdef SHA1HANDSOFF
|
||||
CHAR64LONG16 block[1]; /* use array to appear as a pointer */
|
||||
|
||||
memcpy(block, buffer, 64);
|
||||
#else
|
||||
/* The following had better never be used because it causes the
|
||||
* pointer-to-const buffer to be cast into a pointer to non-const.
|
||||
* And the result is written through. I threw a "const" in, hoping
|
||||
* this will cause a diagnostic.
|
||||
*/
|
||||
CHAR64LONG16 *block = (const CHAR64LONG16 *) buffer;
|
||||
#endif
|
||||
/* Copy context->state[] to working vars */
|
||||
a = state[0];
|
||||
b = state[1];
|
||||
c = state[2];
|
||||
d = state[3];
|
||||
e = state[4];
|
||||
/* 4 rounds of 20 operations each. Loop unrolled. */
|
||||
R0(a, b, c, d, e, 0);
|
||||
R0(e, a, b, c, d, 1);
|
||||
R0(d, e, a, b, c, 2);
|
||||
R0(c, d, e, a, b, 3);
|
||||
R0(b, c, d, e, a, 4);
|
||||
R0(a, b, c, d, e, 5);
|
||||
R0(e, a, b, c, d, 6);
|
||||
R0(d, e, a, b, c, 7);
|
||||
R0(c, d, e, a, b, 8);
|
||||
R0(b, c, d, e, a, 9);
|
||||
R0(a, b, c, d, e, 10);
|
||||
R0(e, a, b, c, d, 11);
|
||||
R0(d, e, a, b, c, 12);
|
||||
R0(c, d, e, a, b, 13);
|
||||
R0(b, c, d, e, a, 14);
|
||||
R0(a, b, c, d, e, 15);
|
||||
R1(e, a, b, c, d, 16);
|
||||
R1(d, e, a, b, c, 17);
|
||||
R1(c, d, e, a, b, 18);
|
||||
R1(b, c, d, e, a, 19);
|
||||
R2(a, b, c, d, e, 20);
|
||||
R2(e, a, b, c, d, 21);
|
||||
R2(d, e, a, b, c, 22);
|
||||
R2(c, d, e, a, b, 23);
|
||||
R2(b, c, d, e, a, 24);
|
||||
R2(a, b, c, d, e, 25);
|
||||
R2(e, a, b, c, d, 26);
|
||||
R2(d, e, a, b, c, 27);
|
||||
R2(c, d, e, a, b, 28);
|
||||
R2(b, c, d, e, a, 29);
|
||||
R2(a, b, c, d, e, 30);
|
||||
R2(e, a, b, c, d, 31);
|
||||
R2(d, e, a, b, c, 32);
|
||||
R2(c, d, e, a, b, 33);
|
||||
R2(b, c, d, e, a, 34);
|
||||
R2(a, b, c, d, e, 35);
|
||||
R2(e, a, b, c, d, 36);
|
||||
R2(d, e, a, b, c, 37);
|
||||
R2(c, d, e, a, b, 38);
|
||||
R2(b, c, d, e, a, 39);
|
||||
R3(a, b, c, d, e, 40);
|
||||
R3(e, a, b, c, d, 41);
|
||||
R3(d, e, a, b, c, 42);
|
||||
R3(c, d, e, a, b, 43);
|
||||
R3(b, c, d, e, a, 44);
|
||||
R3(a, b, c, d, e, 45);
|
||||
R3(e, a, b, c, d, 46);
|
||||
R3(d, e, a, b, c, 47);
|
||||
R3(c, d, e, a, b, 48);
|
||||
R3(b, c, d, e, a, 49);
|
||||
R3(a, b, c, d, e, 50);
|
||||
R3(e, a, b, c, d, 51);
|
||||
R3(d, e, a, b, c, 52);
|
||||
R3(c, d, e, a, b, 53);
|
||||
R3(b, c, d, e, a, 54);
|
||||
R3(a, b, c, d, e, 55);
|
||||
R3(e, a, b, c, d, 56);
|
||||
R3(d, e, a, b, c, 57);
|
||||
R3(c, d, e, a, b, 58);
|
||||
R3(b, c, d, e, a, 59);
|
||||
R4(a, b, c, d, e, 60);
|
||||
R4(e, a, b, c, d, 61);
|
||||
R4(d, e, a, b, c, 62);
|
||||
R4(c, d, e, a, b, 63);
|
||||
R4(b, c, d, e, a, 64);
|
||||
R4(a, b, c, d, e, 65);
|
||||
R4(e, a, b, c, d, 66);
|
||||
R4(d, e, a, b, c, 67);
|
||||
R4(c, d, e, a, b, 68);
|
||||
R4(b, c, d, e, a, 69);
|
||||
R4(a, b, c, d, e, 70);
|
||||
R4(e, a, b, c, d, 71);
|
||||
R4(d, e, a, b, c, 72);
|
||||
R4(c, d, e, a, b, 73);
|
||||
R4(b, c, d, e, a, 74);
|
||||
R4(a, b, c, d, e, 75);
|
||||
R4(e, a, b, c, d, 76);
|
||||
R4(d, e, a, b, c, 77);
|
||||
R4(c, d, e, a, b, 78);
|
||||
R4(b, c, d, e, a, 79);
|
||||
/* Add the working vars back into context.state[] */
|
||||
state[0] += a;
|
||||
state[1] += b;
|
||||
state[2] += c;
|
||||
state[3] += d;
|
||||
state[4] += e;
|
||||
/* Wipe variables */
|
||||
a = b = c = d = e = 0;
|
||||
#ifdef SHA1HANDSOFF
|
||||
memset(block, '\0', sizeof(block));
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
/* SHA1Init - Initialize new context */
|
||||
|
||||
void SHA1Init(
|
||||
SHA1_CTX * context
|
||||
)
|
||||
{
|
||||
/* SHA1 initialization constants */
|
||||
context->state[0] = 0x67452301;
|
||||
context->state[1] = 0xEFCDAB89;
|
||||
context->state[2] = 0x98BADCFE;
|
||||
context->state[3] = 0x10325476;
|
||||
context->state[4] = 0xC3D2E1F0;
|
||||
context->count[0] = context->count[1] = 0;
|
||||
}
|
||||
|
||||
|
||||
/* Run your data through this. */
|
||||
|
||||
void SHA1Update(
|
||||
SHA1_CTX * context,
|
||||
const unsigned char *data,
|
||||
uint32_t len
|
||||
)
|
||||
{
|
||||
uint32_t i;
|
||||
|
||||
uint32_t j;
|
||||
|
||||
j = context->count[0];
|
||||
if ((context->count[0] += len << 3) < j)
|
||||
context->count[1]++;
|
||||
context->count[1] += (len >> 29);
|
||||
j = (j >> 3) & 63;
|
||||
if ((j + len) > 63)
|
||||
{
|
||||
memcpy(&context->buffer[j], data, (i = 64 - j));
|
||||
SHA1Transform(context->state, context->buffer);
|
||||
for (; i + 63 < len; i += 64)
|
||||
{
|
||||
SHA1Transform(context->state, &data[i]);
|
||||
}
|
||||
j = 0;
|
||||
}
|
||||
else
|
||||
i = 0;
|
||||
memcpy(&context->buffer[j], &data[i], len - i);
|
||||
}
|
||||
|
||||
|
||||
/* Add padding and return the message digest. */
|
||||
|
||||
void SHA1Final(
|
||||
unsigned char digest[20],
|
||||
SHA1_CTX * context
|
||||
)
|
||||
{
|
||||
unsigned i;
|
||||
|
||||
unsigned char finalcount[8];
|
||||
|
||||
unsigned char c;
|
||||
|
||||
#if 0 /* untested "improvement" by DHR */
|
||||
/* Convert context->count to a sequence of bytes
|
||||
* in finalcount. Second element first, but
|
||||
* big-endian order within element.
|
||||
* But we do it all backwards.
|
||||
*/
|
||||
unsigned char *fcp = &finalcount[8];
|
||||
|
||||
for (i = 0; i < 2; i++)
|
||||
{
|
||||
uint32_t t = context->count[i];
|
||||
|
||||
int j;
|
||||
|
||||
for (j = 0; j < 4; t >>= 8, j++)
|
||||
*--fcp = (unsigned char) t}
|
||||
#else
|
||||
for (i = 0; i < 8; i++)
|
||||
{
|
||||
finalcount[i] = (unsigned char) ((context->count[(i >= 4 ? 0 : 1)] >> ((3 - (i & 3)) * 8)) & 255); /* Endian independent */
|
||||
}
|
||||
#endif
|
||||
c = 0200;
|
||||
SHA1Update(context, &c, 1);
|
||||
while ((context->count[0] & 504) != 448)
|
||||
{
|
||||
c = 0000;
|
||||
SHA1Update(context, &c, 1);
|
||||
}
|
||||
SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() */
|
||||
for (i = 0; i < 20; i++)
|
||||
{
|
||||
digest[i] = (unsigned char)
|
||||
((context->state[i >> 2] >> ((3 - (i & 3)) * 8)) & 255);
|
||||
}
|
||||
/* Wipe variables */
|
||||
memset(context, '\0', sizeof(*context));
|
||||
memset(&finalcount, '\0', sizeof(finalcount));
|
||||
}
|
||||
|
||||
void SHA1(
|
||||
char *hash_out,
|
||||
const char *str,
|
||||
int len)
|
||||
{
|
||||
SHA1_CTX ctx;
|
||||
unsigned int ii;
|
||||
|
||||
SHA1Init(&ctx);
|
||||
for (ii=0; ii<len; ii+=1)
|
||||
SHA1Update(&ctx, (const unsigned char*)str + ii, 1);
|
||||
SHA1Final((unsigned char *)hash_out, &ctx);
|
||||
hash_out[20] = '\0';
|
||||
}
|
@ -6,7 +6,7 @@
|
||||
|
||||
#include "magiskboot.h"
|
||||
#include "utils.h"
|
||||
#include "sha1.h"
|
||||
#include "mincrypt/sha.h"
|
||||
|
||||
/********************
|
||||
Patch Boot Image
|
||||
@ -126,11 +126,12 @@ int main(int argc, char *argv[]) {
|
||||
unlink(name);
|
||||
}
|
||||
} else if (argc > 2 && strcmp(argv[1], "--sha1") == 0) {
|
||||
char sha1[21], *buf;
|
||||
uint8_t sha1[SHA_DIGEST_SIZE];
|
||||
void *buf;
|
||||
size_t size;
|
||||
mmap_ro(argv[2], (void **) &buf, &size);
|
||||
SHA1(sha1, buf, size);
|
||||
for (int i = 0; i < 20; ++i)
|
||||
mmap_ro(argv[2], &buf, &size);
|
||||
SHA_hash(buf, size, sha1);
|
||||
for (int i = 0; i < SHA_DIGEST_SIZE; ++i)
|
||||
printf("%02x", sha1[i]);
|
||||
printf("\n");
|
||||
munmap(buf, size);
|
||||
|
Loading…
x
Reference in New Issue
Block a user