[Forensics-changes] [yara] 101/407: Use OpenSSL to calculate hashes and change prototypes for "richhash" and "imphash"
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:28:14 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.3.0
in repository yara.
commit 2338e6cf3ae2e97f165ac405c64ac40fb87c9609
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Mon Oct 13 15:20:53 2014 +0200
Use OpenSSL to calculate hashes and change prototypes for "richhash" and "imphash"
"richhash" and "imphash" now receive no arguments and returns the hashes, instead of receiving a hash to compare with. This way you can pass the resulting hashes as arguments to other functions and is more coherent with existing functions like hash.md5()
---
libyara/Makefile.am | 7 +-
libyara/include/yara/md5.h | 34 --------
libyara/include/yara/sha256.h | 34 --------
libyara/md5.c | 189 ------------------------------------------
libyara/modules/pe.c | 90 +++++++-------------
libyara/sha256.c | 158 -----------------------------------
6 files changed, 32 insertions(+), 480 deletions(-)
diff --git a/libyara/Makefile.am b/libyara/Makefile.am
index db4316a..a9c00f6 100644
--- a/libyara/Makefile.am
+++ b/libyara/Makefile.am
@@ -48,9 +48,7 @@ yarainclude_HEADERS = \
include/yara/modules.h \
include/yara/object.h \
include/yara/strutils.h \
- include/yara/libyara.h \
- include/yara/md5.h \
- include/yara/sha256.h
+ include/yara/libyara.h
lib_LTLIBRARIES = libyara.la
@@ -76,8 +74,6 @@ libyara_la_SOURCES = \
lexer.h \
lexer.l \
libyara.c \
- md5.c \
- md5.h \
mem.c \
mem.h \
modules.c \
@@ -96,7 +92,6 @@ libyara_la_SOURCES = \
re_lexer.l \
rules.c \
scan.c \
- sha256.c \
sizedstr.h \
strutils.c \
utils.h
diff --git a/libyara/include/yara/md5.h b/libyara/include/yara/md5.h
deleted file mode 100644
index f92d251..0000000
--- a/libyara/include/yara/md5.h
+++ /dev/null
@@ -1,34 +0,0 @@
-/*********************************************************************
-* Filename: md5.h
-* Author: Brad Conte (brad AT bradconte.com)
-* Copyright:
-* Disclaimer: This code is presented "as is" without any guarantees.
-* Details: Defines the API for the corresponding MD5 implementation.
-*********************************************************************/
-
-#ifndef MD5_H
-#define MD5_H
-
-/*************************** HEADER FILES ***************************/
-#include <stddef.h>
-
-/****************************** MACROS ******************************/
-#define MD5_BLOCK_SIZE 16 // MD5 outputs a 16 byte digest
-
-/**************************** DATA TYPES ****************************/
-typedef unsigned char MD_BYTE; // 8-bit byte
-typedef unsigned int MD_WORD; // 32-bit word, change to "long" for 16-bit machines
-
-typedef struct {
- MD_BYTE data[64];
- MD_WORD datalen;
- unsigned long long bitlen;
- MD_WORD state[4];
-} MD5_CTX;
-
-/*********************** FUNCTION DECLARATIONS **********************/
-void md5_init(MD5_CTX *ctx);
-void md5_update(MD5_CTX *ctx, const MD_BYTE data[], size_t len);
-void md5_final(MD5_CTX *ctx, MD_BYTE hash[]);
-
-#endif // MD5_H
diff --git a/libyara/include/yara/sha256.h b/libyara/include/yara/sha256.h
deleted file mode 100644
index 4d824bd..0000000
--- a/libyara/include/yara/sha256.h
+++ /dev/null
@@ -1,34 +0,0 @@
-/*********************************************************************
-* Filename: sha256.h
-* Author: Brad Conte (brad AT bradconte.com)
-* Copyright:
-* Disclaimer: This code is presented "as is" without any guarantees.
-* Details: Defines the API for the corresponding SHA1 implementation.
-*********************************************************************/
-
-#ifndef SHA256_H
-#define SHA256_H
-
-/*************************** HEADER FILES ***************************/
-#include <stddef.h>
-
-/****************************** MACROS ******************************/
-#define SHA256_BLOCK_SIZE 32 // SHA256 outputs a 32 byte digest
-
-/**************************** DATA TYPES ****************************/
-typedef unsigned char SHA_BYTE; // 8-bit byte
-typedef unsigned int SHA_WORD; // 32-bit word, change to "long" for 16-bit machines
-
-typedef struct {
- SHA_BYTE data[64];
- SHA_WORD datalen;
- unsigned long long bitlen;
- SHA_WORD state[8];
-} SHA256_CTX;
-
-/*********************** FUNCTION DECLARATIONS **********************/
-void sha256_init(SHA256_CTX *ctx);
-void sha256_update(SHA256_CTX *ctx, const SHA_BYTE data[], size_t len);
-void sha256_final(SHA256_CTX *ctx, SHA_BYTE hash[]);
-
-#endif // SHA256_H
diff --git a/libyara/md5.c b/libyara/md5.c
deleted file mode 100644
index 887abcf..0000000
--- a/libyara/md5.c
+++ /dev/null
@@ -1,189 +0,0 @@
-/*********************************************************************
-* Filename: md5.c
-* Author: Brad Conte (brad AT bradconte.com)
-* Copyright:
-* Disclaimer: This code is presented "as is" without any guarantees.
-* Details: Implementation of the MD5 hashing algorithm.
- Algorithm specification can be found here:
- * http://tools.ietf.org/html/rfc1321
- This implementation uses little endian byte order.
-*********************************************************************/
-
-/*************************** HEADER FILES ***************************/
-#include <stdlib.h>
-#include <memory.h>
-#include <yara/md5.h>
-
-/****************************** MACROS ******************************/
-#define ROTLEFT(a,b) ((a << b) | (a >> (32-b)))
-
-#define F(x,y,z) ((x & y) | (~x & z))
-#define G(x,y,z) ((x & z) | (y & ~z))
-#define H(x,y,z) (x ^ y ^ z)
-#define I(x,y,z) (y ^ (x | ~z))
-
-#define FF(a,b,c,d,m,s,t) { a += F(b,c,d) + m + t; \
- a = b + ROTLEFT(a,s); }
-#define GG(a,b,c,d,m,s,t) { a += G(b,c,d) + m + t; \
- a = b + ROTLEFT(a,s); }
-#define HH(a,b,c,d,m,s,t) { a += H(b,c,d) + m + t; \
- a = b + ROTLEFT(a,s); }
-#define II(a,b,c,d,m,s,t) { a += I(b,c,d) + m + t; \
- a = b + ROTLEFT(a,s); }
-
-/*********************** FUNCTION DEFINITIONS ***********************/
-void md5_transform(MD5_CTX *ctx, const MD_BYTE data[])
-{
- MD_WORD a, b, c, d, m[16], i, j;
-
- // MD5 specifies big endian byte order, but this implementation assumes a little
- // endian byte order CPU. Reverse all the bytes upon input, and re-reverse them
- // on output (in md5_final()).
- for (i = 0, j = 0; i < 16; ++i, j += 4)
- m[i] = (data[j]) + (data[j + 1] << 8) + (data[j + 2] << 16) + (data[j + 3] << 24);
-
- a = ctx->state[0];
- b = ctx->state[1];
- c = ctx->state[2];
- d = ctx->state[3];
-
- FF(a,b,c,d,m[0], 7,0xd76aa478);
- FF(d,a,b,c,m[1], 12,0xe8c7b756);
- FF(c,d,a,b,m[2], 17,0x242070db);
- FF(b,c,d,a,m[3], 22,0xc1bdceee);
- FF(a,b,c,d,m[4], 7,0xf57c0faf);
- FF(d,a,b,c,m[5], 12,0x4787c62a);
- FF(c,d,a,b,m[6], 17,0xa8304613);
- FF(b,c,d,a,m[7], 22,0xfd469501);
- FF(a,b,c,d,m[8], 7,0x698098d8);
- FF(d,a,b,c,m[9], 12,0x8b44f7af);
- FF(c,d,a,b,m[10],17,0xffff5bb1);
- FF(b,c,d,a,m[11],22,0x895cd7be);
- FF(a,b,c,d,m[12], 7,0x6b901122);
- FF(d,a,b,c,m[13],12,0xfd987193);
- FF(c,d,a,b,m[14],17,0xa679438e);
- FF(b,c,d,a,m[15],22,0x49b40821);
-
- GG(a,b,c,d,m[1], 5,0xf61e2562);
- GG(d,a,b,c,m[6], 9,0xc040b340);
- GG(c,d,a,b,m[11],14,0x265e5a51);
- GG(b,c,d,a,m[0], 20,0xe9b6c7aa);
- GG(a,b,c,d,m[5], 5,0xd62f105d);
- GG(d,a,b,c,m[10], 9,0x02441453);
- GG(c,d,a,b,m[15],14,0xd8a1e681);
- GG(b,c,d,a,m[4], 20,0xe7d3fbc8);
- GG(a,b,c,d,m[9], 5,0x21e1cde6);
- GG(d,a,b,c,m[14], 9,0xc33707d6);
- GG(c,d,a,b,m[3], 14,0xf4d50d87);
- GG(b,c,d,a,m[8], 20,0x455a14ed);
- GG(a,b,c,d,m[13], 5,0xa9e3e905);
- GG(d,a,b,c,m[2], 9,0xfcefa3f8);
- GG(c,d,a,b,m[7], 14,0x676f02d9);
- GG(b,c,d,a,m[12],20,0x8d2a4c8a);
-
- HH(a,b,c,d,m[5], 4,0xfffa3942);
- HH(d,a,b,c,m[8], 11,0x8771f681);
- HH(c,d,a,b,m[11],16,0x6d9d6122);
- HH(b,c,d,a,m[14],23,0xfde5380c);
- HH(a,b,c,d,m[1], 4,0xa4beea44);
- HH(d,a,b,c,m[4], 11,0x4bdecfa9);
- HH(c,d,a,b,m[7], 16,0xf6bb4b60);
- HH(b,c,d,a,m[10],23,0xbebfbc70);
- HH(a,b,c,d,m[13], 4,0x289b7ec6);
- HH(d,a,b,c,m[0], 11,0xeaa127fa);
- HH(c,d,a,b,m[3], 16,0xd4ef3085);
- HH(b,c,d,a,m[6], 23,0x04881d05);
- HH(a,b,c,d,m[9], 4,0xd9d4d039);
- HH(d,a,b,c,m[12],11,0xe6db99e5);
- HH(c,d,a,b,m[15],16,0x1fa27cf8);
- HH(b,c,d,a,m[2], 23,0xc4ac5665);
-
- II(a,b,c,d,m[0], 6,0xf4292244);
- II(d,a,b,c,m[7], 10,0x432aff97);
- II(c,d,a,b,m[14],15,0xab9423a7);
- II(b,c,d,a,m[5], 21,0xfc93a039);
- II(a,b,c,d,m[12], 6,0x655b59c3);
- II(d,a,b,c,m[3], 10,0x8f0ccc92);
- II(c,d,a,b,m[10],15,0xffeff47d);
- II(b,c,d,a,m[1], 21,0x85845dd1);
- II(a,b,c,d,m[8], 6,0x6fa87e4f);
- II(d,a,b,c,m[15],10,0xfe2ce6e0);
- II(c,d,a,b,m[6], 15,0xa3014314);
- II(b,c,d,a,m[13],21,0x4e0811a1);
- II(a,b,c,d,m[4], 6,0xf7537e82);
- II(d,a,b,c,m[11],10,0xbd3af235);
- II(c,d,a,b,m[2], 15,0x2ad7d2bb);
- II(b,c,d,a,m[9], 21,0xeb86d391);
-
- ctx->state[0] += a;
- ctx->state[1] += b;
- ctx->state[2] += c;
- ctx->state[3] += d;
-}
-
-void md5_init(MD5_CTX *ctx)
-{
- ctx->datalen = 0;
- ctx->bitlen = 0;
- ctx->state[0] = 0x67452301;
- ctx->state[1] = 0xEFCDAB89;
- ctx->state[2] = 0x98BADCFE;
- ctx->state[3] = 0x10325476;
-}
-
-void md5_update(MD5_CTX *ctx, const MD_BYTE data[], size_t len)
-{
- size_t i;
-
- for (i = 0; i < len; ++i) {
- ctx->data[ctx->datalen] = data[i];
- ctx->datalen++;
- if (ctx->datalen == 64) {
- md5_transform(ctx, ctx->data);
- ctx->bitlen += 512;
- ctx->datalen = 0;
- }
- }
-}
-
-void md5_final(MD5_CTX *ctx, MD_BYTE hash[])
-{
- size_t i;
-
- i = ctx->datalen;
-
- // Pad whatever data is left in the buffer.
- if (ctx->datalen < 56) {
- ctx->data[i++] = 0x80;
- while (i < 56)
- ctx->data[i++] = 0x00;
- }
- else if (ctx->datalen >= 56) {
- ctx->data[i++] = 0x80;
- while (i < 64)
- ctx->data[i++] = 0x00;
- md5_transform(ctx, ctx->data);
- memset(ctx->data, 0, 56);
- }
-
- // Append to the padding the total message's length in bits and transform.
- ctx->bitlen += ctx->datalen * 8;
- ctx->data[56] = ctx->bitlen;
- ctx->data[57] = ctx->bitlen >> 8;
- ctx->data[58] = ctx->bitlen >> 16;
- ctx->data[59] = ctx->bitlen >> 24;
- ctx->data[60] = ctx->bitlen >> 32;
- ctx->data[61] = ctx->bitlen >> 40;
- ctx->data[62] = ctx->bitlen >> 48;
- ctx->data[63] = ctx->bitlen >> 56;
- md5_transform(ctx, ctx->data);
-
- // Since this implementation uses little endian byte ordering and MD uses big endian,
- // reverse all the bytes when copying the final state to the output hash.
- for (i = 0; i < 4; ++i) {
- hash[i] = (ctx->state[0] >> (i * 8)) & 0x000000ff;
- hash[i + 4] = (ctx->state[1] >> (i * 8)) & 0x000000ff;
- hash[i + 8] = (ctx->state[2] >> (i * 8)) & 0x000000ff;
- hash[i + 12] = (ctx->state[3] >> (i * 8)) & 0x000000ff;
- }
-}
diff --git a/libyara/modules/pe.c b/libyara/modules/pe.c
index 57b1700..5255a87 100644
--- a/libyara/modules/pe.c
+++ b/libyara/modules/pe.c
@@ -14,15 +14,16 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
-#include <yara/pe.h>
-
#include <ctype.h>
+#include <openssl/md5.h>
+#include <openssl/sha.h>
+
+#include <yara/pe.h>
#include <yara/modules.h>
-#include <yara/md5.h>
#include <yara/mem.h>
-#include <yara/sha256.h>
#include <yara/strutils.h>
+
#define MODULE_NAME pe
#define RESOURCE_TYPE_CURSOR 1
@@ -86,6 +87,7 @@ typedef struct _IMPORT_LIST
struct _IMPORT_LIST *next;
char *dll;
struct _IMPORT_FUNC_LIST *names;
+
} IMPORT_LIST, *PIMPORT_LIST;
@@ -93,6 +95,7 @@ typedef struct _IMPORT_FUNC_LIST
{
struct _IMPORT_FUNC_LIST *next;
char *name;
+
} IMPORT_FUNC_LIST, *PIMPORT_FUNC_LIST;
@@ -2340,8 +2343,6 @@ define_function(exports)
define_function(imphash)
{
- char *hash = string_argument(1);
-
YR_OBJECT* module = module();
PIMPORT_LIST cur_dll_node = NULL;
PIMPORT_FUNC_LIST cur_func_node = NULL;
@@ -2352,11 +2353,10 @@ define_function(imphash)
MD5_CTX ctx;
- unsigned char md_value[MD5_BLOCK_SIZE];
- char *final_hash;
+ unsigned char digest[MD5_DIGEST_LENGTH];
+ char digest_ascii[MD5_DIGEST_LENGTH * 2 + 1];
int first = 1;
- int result = 0;
PE* pe = (PE*) module->data;
@@ -2364,7 +2364,7 @@ define_function(imphash)
if (!pe)
return_integer(UNDEFINED);
- md5_init(&ctx);
+ MD5_Init(&ctx);
cur_dll_node = pe->imports;
@@ -2411,7 +2411,7 @@ define_function(imphash)
final_name[i] = tolower(final_name[i]);
}
- md5_update(&ctx, (MD_BYTE *) final_name, strlen(final_name));
+ MD5_Update(&ctx, final_name, strlen(final_name));
yr_free(final_name);
cur_func_node = cur_func_node->next;
@@ -2421,24 +2421,18 @@ define_function(imphash)
cur_dll_node = cur_dll_node->next;
}
- md5_final(&ctx, md_value);
-
- // Convert md_value into it's hexlified form.
- final_hash = yr_malloc((MD5_BLOCK_SIZE * 2) + 1);
-
- if (!final_hash)
- return_integer(UNDEFINED);
+ MD5_Final(digest, &ctx);
- char* p = final_hash;
+ // transform the binary digest to ascii
- for (int i = 0; i < MD5_BLOCK_SIZE; i++)
- snprintf(p + 2 * i, 3, "%02x", md_value[i]);
+ for (int i = 0; i < MD5_DIGEST_LENGTH; i++)
+ {
+ sprintf(digest_ascii + (i * 2), "%02x", digest[i]);
+ }
- if (strncasecmp(hash, final_hash, (MD5_BLOCK_SIZE * 2)) == 0)
- result = 1;
+ digest_ascii[32] = '\0';
- yr_free(final_hash);
- return_integer(result);
+ return_string(digest_ascii);
}
@@ -2448,48 +2442,26 @@ define_function(imphash)
define_function(richhash)
{
- SHA256_CTX ctx;
- unsigned char md_value[SHA256_BLOCK_SIZE];
- char *final_hash;
- char *hash = string_argument(1);
- int result = 0;
YR_OBJECT* parent = parent();
+ SHA256_CTX ctx;
- // No point in calculating the hash if the input length is wrong.
- if (strlen(hash) != SHA256_BLOCK_SIZE * 2)
- {
- return_integer(0);
- }
+ unsigned char digest[SHA256_DIGEST_LENGTH];
+ char digest_ascii[SHA256_DIGEST_LENGTH * 2 + 1];
SIZED_STRING *clear_data = get_string(parent, "clear_data");
- sha256_init(&ctx);
+ SHA256_Init(&ctx);
+ SHA256_Update(&ctx, clear_data->c_string, clear_data->length);
+ SHA256_Final(digest, &ctx);
- for (int i = 0; i < clear_data->length; i += 4)
+ for (int i = 0; i < SHA256_DIGEST_LENGTH; i++)
{
- sha256_update(&ctx, (SHA_BYTE *) ((uint32_t *) (clear_data->c_string + i)), 0x04);
+ sprintf(digest_ascii + (i * 2), "%02x", digest[i]);
}
- sha256_final(&ctx, md_value);
-
- // Convert md_value into it's hexlified form.
- final_hash = yr_malloc((SHA256_BLOCK_SIZE * 2) + 1);
-
- if (!final_hash)
- return_integer(0);
-
- for (int i = 0; i < SHA256_BLOCK_SIZE; i++)
- {
- snprintf(final_hash + (2 * i), 3, "%02x", md_value[i]);
- }
-
- if (strncasecmp(hash, final_hash, (SHA256_BLOCK_SIZE * 2)) == 0)
- {
- result = 1;
- }
+ digest_ascii[32] = '\0';
- yr_free(final_hash);
- return_integer(result);
+ return_string(digest_ascii);
}
@@ -2893,7 +2865,7 @@ begin_declarations;
declare_integer("key");
declare_string("raw_data");
declare_string("clear_data");
- declare_function("richhash", "s", "i", richhash);
+ declare_function("richhash", "", "s", richhash);
end_struct("rich_signature");
declare_function("section_index", "s", "i", section_index);
@@ -2901,7 +2873,7 @@ begin_declarations;
declare_function("imports", "ss", "i", imports);
declare_function("locale", "i", "i", locale);
declare_function("language", "i", "i", language);
- declare_function("imphash", "s", "i", imphash);
+ declare_function("imphash", "", "s", imphash);
end_declarations;
diff --git a/libyara/sha256.c b/libyara/sha256.c
deleted file mode 100644
index bc8d53f..0000000
--- a/libyara/sha256.c
+++ /dev/null
@@ -1,158 +0,0 @@
-/*********************************************************************
-* Filename: sha256.c
-* Author: Brad Conte (brad AT bradconte.com)
-* Copyright:
-* Disclaimer: This code is presented "as is" without any guarantees.
-* Details: Implementation of the SHA-256 hashing algorithm.
- SHA-256 is one of the three algorithms in the SHA2
- specification. The others, SHA-384 and SHA-512, are not
- offered in this implementation.
- Algorithm specification can be found here:
- * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf
- This implementation uses little endian byte order.
-*********************************************************************/
-
-/*************************** HEADER FILES ***************************/
-#include <stdlib.h>
-#include <memory.h>
-#include <yara/sha256.h>
-
-/****************************** MACROS ******************************/
-#define ROTLEFT(a,b) (((a) << (b)) | ((a) >> (32-(b))))
-#define ROTRIGHT(a,b) (((a) >> (b)) | ((a) << (32-(b))))
-
-#define CH(x,y,z) (((x) & (y)) ^ (~(x) & (z)))
-#define MAJ(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
-#define EP0(x) (ROTRIGHT(x,2) ^ ROTRIGHT(x,13) ^ ROTRIGHT(x,22))
-#define EP1(x) (ROTRIGHT(x,6) ^ ROTRIGHT(x,11) ^ ROTRIGHT(x,25))
-#define SIG0(x) (ROTRIGHT(x,7) ^ ROTRIGHT(x,18) ^ ((x) >> 3))
-#define SIG1(x) (ROTRIGHT(x,17) ^ ROTRIGHT(x,19) ^ ((x) >> 10))
-
-/**************************** VARIABLES *****************************/
-static const SHA_WORD k[64] = {
- 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5,0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5,
- 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3,0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174,
- 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc,0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da,
- 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7,0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967,
- 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13,0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85,
- 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3,0xd192e819,0xd6990624,0xf40e3585,0x106aa070,
- 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5,0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3,
- 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208,0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
-};
-
-/*********************** FUNCTION DEFINITIONS ***********************/
-void sha256_transform(SHA256_CTX *ctx, const SHA_BYTE data[])
-{
- SHA_WORD a, b, c, d, e, f, g, h, i, j, t1, t2, m[64];
-
- for (i = 0, j = 0; i < 16; ++i, j += 4)
- m[i] = (data[j] << 24) | (data[j + 1] << 16) | (data[j + 2] << 8) | (data[j + 3]);
- for ( ; i < 64; ++i)
- m[i] = SIG1(m[i - 2]) + m[i - 7] + SIG0(m[i - 15]) + m[i - 16];
-
- a = ctx->state[0];
- b = ctx->state[1];
- c = ctx->state[2];
- d = ctx->state[3];
- e = ctx->state[4];
- f = ctx->state[5];
- g = ctx->state[6];
- h = ctx->state[7];
-
- for (i = 0; i < 64; ++i) {
- t1 = h + EP1(e) + CH(e,f,g) + k[i] + m[i];
- t2 = EP0(a) + MAJ(a,b,c);
- h = g;
- g = f;
- f = e;
- e = d + t1;
- d = c;
- c = b;
- b = a;
- a = t1 + t2;
- }
-
- ctx->state[0] += a;
- ctx->state[1] += b;
- ctx->state[2] += c;
- ctx->state[3] += d;
- ctx->state[4] += e;
- ctx->state[5] += f;
- ctx->state[6] += g;
- ctx->state[7] += h;
-}
-
-void sha256_init(SHA256_CTX *ctx)
-{
- ctx->datalen = 0;
- ctx->bitlen = 0;
- ctx->state[0] = 0x6a09e667;
- ctx->state[1] = 0xbb67ae85;
- ctx->state[2] = 0x3c6ef372;
- ctx->state[3] = 0xa54ff53a;
- ctx->state[4] = 0x510e527f;
- ctx->state[5] = 0x9b05688c;
- ctx->state[6] = 0x1f83d9ab;
- ctx->state[7] = 0x5be0cd19;
-}
-
-void sha256_update(SHA256_CTX *ctx, const SHA_BYTE data[], size_t len)
-{
- SHA_WORD i;
-
- for (i = 0; i < len; ++i) {
- ctx->data[ctx->datalen] = data[i];
- ctx->datalen++;
- if (ctx->datalen == 64) {
- sha256_transform(ctx, ctx->data);
- ctx->bitlen += 512;
- ctx->datalen = 0;
- }
- }
-}
-
-void sha256_final(SHA256_CTX *ctx, SHA_BYTE hash[])
-{
- SHA_WORD i;
-
- i = ctx->datalen;
-
- // Pad whatever data is left in the buffer.
- if (ctx->datalen < 56) {
- ctx->data[i++] = 0x80;
- while (i < 56)
- ctx->data[i++] = 0x00;
- }
- else {
- ctx->data[i++] = 0x80;
- while (i < 64)
- ctx->data[i++] = 0x00;
- sha256_transform(ctx, ctx->data);
- memset(ctx->data, 0, 56);
- }
-
- // Append to the padding the total message's length in bits and transform.
- ctx->bitlen += ctx->datalen * 8;
- ctx->data[63] = ctx->bitlen;
- ctx->data[62] = ctx->bitlen >> 8;
- ctx->data[61] = ctx->bitlen >> 16;
- ctx->data[60] = ctx->bitlen >> 24;
- ctx->data[59] = ctx->bitlen >> 32;
- ctx->data[58] = ctx->bitlen >> 40;
- ctx->data[57] = ctx->bitlen >> 48;
- ctx->data[56] = ctx->bitlen >> 56;
- sha256_transform(ctx, ctx->data);
-
- // Since this implementation uses little endian byte ordering and SHA uses big endian,
- // reverse all the bytes when copying the final state to the output hash.
- for (i = 0; i < 4; ++i) {
- hash[i] = (ctx->state[0] >> (24 - i * 8)) & 0x000000ff;
- hash[i + 4] = (ctx->state[1] >> (24 - i * 8)) & 0x000000ff;
- hash[i + 8] = (ctx->state[2] >> (24 - i * 8)) & 0x000000ff;
- hash[i + 12] = (ctx->state[3] >> (24 - i * 8)) & 0x000000ff;
- hash[i + 16] = (ctx->state[4] >> (24 - i * 8)) & 0x000000ff;
- hash[i + 20] = (ctx->state[5] >> (24 - i * 8)) & 0x000000ff;
- hash[i + 24] = (ctx->state[6] >> (24 - i * 8)) & 0x000000ff;
- hash[i + 28] = (ctx->state[7] >> (24 - i * 8)) & 0x000000ff;
- }
-}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list