summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGeorge Hazan <george.hazan@gmail.com>2013-11-16 14:29:31 +0000
committerGeorge Hazan <george.hazan@gmail.com>2013-11-16 14:29:31 +0000
commit1e097cca2844cf509937eafa88e4b37f703c4e7e (patch)
tree2ab83d3c353063fc6ae599178b516eb48bddc339
parent04f4f57b6a3f5f516f3700d63ee924ca51b6b042 (diff)
StdCrypt:
- stronger randomizer; - ability to validate passwords; - anti-brutforce key encryption git-svn-id: http://svn.miranda-ng.org/main/trunk@6919 1316c22d-e87f-b044-9b9b-93d7a3e3ba9c
-rw-r--r--include/m_crypto.h4
-rw-r--r--src/core/stdcrypt/Rijndael.cpp30
-rw-r--r--src/core/stdcrypt/Rijndael.h6
-rw-r--r--src/core/stdcrypt/commonheaders.h3
-rw-r--r--src/core/stdcrypt/encrypt.cpp73
-rw-r--r--src/core/stdcrypt/stdcrypt.h6
-rw-r--r--src/core/stdcrypt/stdcrypt_10.vcxproj6
-rw-r--r--src/core/stdcrypt/stdcrypt_10.vcxproj.filters3
-rw-r--r--src/core/stdcrypt/stdcrypt_11.vcxproj6
-rw-r--r--src/core/stdcrypt/stdcrypt_11.vcxproj.filters3
-rw-r--r--src/core/stdcrypt/stdcrypt_12.vcxproj6
-rw-r--r--src/core/stdcrypt/stdcrypt_12.vcxproj.filters3
-rw-r--r--src/core/stdcrypt/utils.cpp361
13 files changed, 461 insertions, 49 deletions
diff --git a/include/m_crypto.h b/include/m_crypto.h
index 87e2a61614..1634f7c93e 100644
--- a/include/m_crypto.h
+++ b/include/m_crypto.h
@@ -35,9 +35,9 @@ struct MICryptoEngine
// get/set the instance key
STDMETHOD_(size_t, getKeyLength)(void) PURE;
STDMETHOD_(bool, getKey)(BYTE *pKey, size_t cbKeyLen) PURE;
- STDMETHOD_(int, setKey)(const BYTE *pKey, size_t cbKeyLen) PURE;
+ STDMETHOD_(bool, setKey)(const BYTE *pKey, size_t cbKeyLen) PURE;
- STDMETHOD_(void, generateKey)(void)PURE; // creates a new key inside
+ STDMETHOD_(bool, generateKey)(void)PURE; // creates a new key inside
STDMETHOD_(void, purgeKey)(void)PURE; // purges a key from memory
// sets the master password (in utf-8)
diff --git a/src/core/stdcrypt/Rijndael.cpp b/src/core/stdcrypt/Rijndael.cpp
index 150589f83b..fd9cf84d83 100644
--- a/src/core/stdcrypt/Rijndael.cpp
+++ b/src/core/stdcrypt/Rijndael.cpp
@@ -951,7 +951,7 @@ CRijndael::~CRijndael()
// chain - initial chain block
// keylength - 16, 24 or 32 bytes
// blockSize - The block size in bytes of this Rijndael (16, 24 or 32 bytes).
-int CRijndael::MakeKey(char const* key, char const* chain, int keylength, int blockSize)
+int CRijndael::MakeKey(BYTE const* key, char const* chain, int keylength, int blockSize)
{
if (NULL == key)
return 1;
@@ -992,12 +992,12 @@ int CRijndael::MakeKey(char const* key, char const* chain, int keylength, int bl
int KC = m_keylength / 4;
//Copy user material bytes into temporary ints
int* pi = tk;
- char const* pc = key;
+ BYTE const* pc = key;
for (i = 0; i < KC; i++) {
- *pi = (unsigned char)*(pc++) << 24;
- *pi |= (unsigned char)*(pc++) << 16;
- *pi |= (unsigned char)*(pc++) << 8;
- *(pi++) |= (unsigned char)*(pc++);
+ *pi = *(pc++) << 24;
+ *pi |= *(pc++) << 16;
+ *pi |= *(pc++) << 8;
+ *(pi++) |= *(pc++);
}
//Copy values into round key arrays
int t = 0;
@@ -1296,7 +1296,7 @@ void CRijndael::DecryptBlock(char const* in, char* result)
}
}
-int CRijndael::Encrypt(char const* in, char* result, size_t n)
+int CRijndael::Encrypt(void const* in, void* result, size_t n)
{
if (!m_bKeyInit)
return 1;
@@ -1305,11 +1305,10 @@ int CRijndael::Encrypt(char const* in, char* result, size_t n)
if (0 == n || n%m_blockSize != 0)
return 2;
- int i;
- char const* pin;
- char* presult;
+ char const* pin = (char const*)in;
+ char* presult = (char*)result;
- for (i = 0, pin = in, presult = result; i < n / m_blockSize; i++) {
+ for (int i = 0; i < n / m_blockSize; i++) {
Xor(m_chain, pin);
EncryptBlock(m_chain, presult);
memcpy(m_chain, presult, m_blockSize);
@@ -1319,7 +1318,7 @@ int CRijndael::Encrypt(char const* in, char* result, size_t n)
return 0;
}
-int CRijndael::Decrypt(char const* in, char* result, size_t n)
+int CRijndael::Decrypt(void const* in, void* result, size_t n)
{
if (!m_bKeyInit)
return 1;
@@ -1327,11 +1326,10 @@ int CRijndael::Decrypt(char const* in, char* result, size_t n)
if (0 == n || n%m_blockSize != 0)
return 2;
- int i;
- char const* pin;
- char* presult;
+ char const* pin = (char const*)in;
+ char* presult = (char*)result;
- for (i = 0, pin = in, presult = result; i < n / m_blockSize; i++) {
+ for (int i = 0; i < n / m_blockSize; i++) {
DecryptBlock(pin, presult);
Xor(presult, m_chain);
memcpy(m_chain, pin, m_blockSize);
diff --git a/src/core/stdcrypt/Rijndael.h b/src/core/stdcrypt/Rijndael.h
index a904259eb5..a69409b929 100644
--- a/src/core/stdcrypt/Rijndael.h
+++ b/src/core/stdcrypt/Rijndael.h
@@ -33,7 +33,7 @@ public:
// chain - initial chain block
// keylength - 16, 24 or 32 bytes
// blockSize - The block size in bytes of this Rijndael (16, 24 or 32 bytes).
- int MakeKey(char const* key, char const* chain, int keylength, int blockSize);
+ int MakeKey(BYTE const* key, char const* chain, int keylength, int blockSize);
private:
//Auxiliary Function
@@ -66,9 +66,9 @@ public:
// result - The plaintext generated from a ciphertext using the session key.
void DecryptBlock(char const* in, char* result);
- int Encrypt(char const* in, char* result, size_t n);
+ int Encrypt(void const* in, void* result, size_t n);
- int Decrypt(char const* in, char* result, size_t n);
+ int Decrypt(void const* in, void* result, size_t n);
//Get Key Length
int GetKeyLength()
diff --git a/src/core/stdcrypt/commonheaders.h b/src/core/stdcrypt/commonheaders.h
index f89df739dd..37168497d8 100644
--- a/src/core/stdcrypt/commonheaders.h
+++ b/src/core/stdcrypt/commonheaders.h
@@ -76,3 +76,6 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#include "stdcrypt.h"
extern HINSTANCE hInst;
+
+bool getRandomBytes(BYTE *buf, size_t bufLen);
+void slow_hash(const void *buf, size_t bufLen, BYTE tmpHash[32]);
diff --git a/src/core/stdcrypt/encrypt.cpp b/src/core/stdcrypt/encrypt.cpp
index 7414d999f3..00e52935d8 100644
--- a/src/core/stdcrypt/encrypt.cpp
+++ b/src/core/stdcrypt/encrypt.cpp
@@ -23,6 +23,15 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#include "commonheaders.h"
+#include "..\..\..\plugins\zlib\src\zlib.h"
+
+struct ExternalKey
+{
+ BYTE m_key[KEY_LENGTH];
+ DWORD m_crc32;
+ BYTE slack[BLOCK_SIZE - sizeof(DWORD)];
+};
+
CStdCrypt::CStdCrypt() :
m_password("Miranda")
{}
@@ -34,47 +43,61 @@ void CStdCrypt::destroy()
size_t CStdCrypt::getKeyLength()
{
- return KEY_LENGTH;
+ return sizeof(ExternalKey);
}
bool CStdCrypt::getKey(BYTE *pKey, size_t cbKeyLen)
{
- if (!m_valid || cbKeyLen < KEY_LENGTH)
+ if (!m_valid || cbKeyLen < sizeof(ExternalKey))
return false;
- memcpy(pKey, m_key, sizeof(m_key));
- if (cbKeyLen > KEY_LENGTH)
- memset(pKey + KEY_LENGTH, 0, cbKeyLen - KEY_LENGTH);
+ ExternalKey tmp = { 0 };
+ memcpy(&tmp.m_key, m_key, KEY_LENGTH);
+ tmp.m_crc32 = crc32(0xAbbaDead, (LPCBYTE)m_password.GetString(), m_password.GetLength());
+ getRandomBytes(tmp.slack, sizeof(tmp.slack));
+
+ BYTE tmpHash[32];
+ slow_hash(m_password, m_password.GetLength(), tmpHash);
+
+ CRijndael tmpAes;
+ tmpAes.MakeKey(tmpHash, tmpAes.sm_chain0, KEY_LENGTH, BLOCK_SIZE);
+ tmpAes.Encrypt(&tmp, pKey, sizeof(tmp));
return true;
}
-int CStdCrypt::setKey(const BYTE *pKey, size_t cbKeyLen)
+bool CStdCrypt::setKey(const BYTE *pKey, size_t cbKeyLen)
{
- if (cbKeyLen > KEY_LENGTH)
- return false;
-
- memcpy(m_key, pKey, cbKeyLen);
- if (cbKeyLen < KEY_LENGTH)
- memset(m_key + cbKeyLen, 0, KEY_LENGTH - cbKeyLen);
+ ExternalKey tmp = { 0 };
+
+ // full external key. decode & check password
+ if (cbKeyLen == sizeof(tmp)) {
+ BYTE tmpHash[32];
+ slow_hash(m_password, m_password.GetLength(), tmpHash);
+
+ CRijndael tmpAes;
+ tmpAes.MakeKey(tmpHash, tmpAes.sm_chain0, KEY_LENGTH, BLOCK_SIZE);
+ tmpAes.Decrypt(pKey, &tmp, sizeof(tmp));
+ if (tmp.m_crc32 != crc32(0xAbbaDead, (LPCBYTE)m_password.GetString(), m_password.GetLength()))
+ return false;
+ }
+ // new key. simply copy it
+ else if (cbKeyLen == KEY_LENGTH) {
+ memcpy(&tmp.m_key, pKey, KEY_LENGTH);
+ }
+ else return false;
+ memcpy(m_key, &tmp.m_key, KEY_LENGTH);
m_aes.MakeKey(m_key, m_password, KEY_LENGTH, BLOCK_SIZE);
- m_valid = true;
- return 0;
+ return m_valid = true;
}
-void CStdCrypt::generateKey(void)
+bool CStdCrypt::generateKey(void)
{
- LARGE_INTEGER counter;
- QueryPerformanceCounter(&counter);
- srand(counter.LowPart);
-
- for (int i = 0; i < sizeof(m_key); i++) {
- m_key[i] = (BYTE)rand();
- Sleep(0);
- }
+ BYTE tmp[KEY_LENGTH];
+ if (!getRandomBytes(tmp, sizeof(tmp)))
+ return false;
- m_aes.MakeKey(m_key, m_password, KEY_LENGTH, BLOCK_SIZE);
- m_valid = true;
+ return setKey(tmp, sizeof(tmp));
}
void CStdCrypt::purgeKey(void)
diff --git a/src/core/stdcrypt/stdcrypt.h b/src/core/stdcrypt/stdcrypt.h
index f685152461..c9a3a72315 100644
--- a/src/core/stdcrypt/stdcrypt.h
+++ b/src/core/stdcrypt/stdcrypt.h
@@ -31,7 +31,7 @@ struct CStdCrypt : public MICryptoEngine, public MZeroedObject
BOOL m_valid;
CMStringA m_password;
- char m_key[KEY_LENGTH];
+ BYTE m_key[KEY_LENGTH];
CRijndael m_aes;
STDMETHODIMP_(void) destroy();
@@ -39,9 +39,9 @@ struct CStdCrypt : public MICryptoEngine, public MZeroedObject
// get/set the instance key
STDMETHODIMP_(size_t) getKeyLength(void);
STDMETHODIMP_(bool) getKey(BYTE *pKey, size_t cbKeyLen);
- STDMETHODIMP_(int) setKey(const BYTE *pKey, size_t cbKeyLen);
+ STDMETHODIMP_(bool) setKey(const BYTE *pKey, size_t cbKeyLen);
- STDMETHODIMP_(void) generateKey(void); // creates a new key inside
+ STDMETHODIMP_(bool) generateKey(void); // creates a new key inside
STDMETHODIMP_(void) purgeKey(void); // purges a key from memory
// sets the master password (in utf-8)
diff --git a/src/core/stdcrypt/stdcrypt_10.vcxproj b/src/core/stdcrypt/stdcrypt_10.vcxproj
index 8f190d3c66..4d5c61ade3 100644
--- a/src/core/stdcrypt/stdcrypt_10.vcxproj
+++ b/src/core/stdcrypt/stdcrypt_10.vcxproj
@@ -208,6 +208,7 @@
<ClCompile Include="encrypt.cpp" />
<ClCompile Include="main.cpp" />
<ClCompile Include="Rijndael.cpp" />
+ <ClCompile Include="utils.cpp" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="..\..\..\include\m_crypto.h" />
@@ -220,6 +221,11 @@
<ResourceCompile Include="resource.rc" />
<ResourceCompile Include="version.rc" />
</ItemGroup>
+ <ItemGroup>
+ <ProjectReference Include="..\..\..\plugins\Zlib\zlib_10.vcxproj">
+ <Project>{e2a369cd-eda3-414f-8ad0-e732cd7ee68c}</Project>
+ </ProjectReference>
+ </ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
diff --git a/src/core/stdcrypt/stdcrypt_10.vcxproj.filters b/src/core/stdcrypt/stdcrypt_10.vcxproj.filters
index 3976d8f7be..970fd73212 100644
--- a/src/core/stdcrypt/stdcrypt_10.vcxproj.filters
+++ b/src/core/stdcrypt/stdcrypt_10.vcxproj.filters
@@ -27,6 +27,9 @@
<ClCompile Include="Rijndael.cpp">
<Filter>Source Files</Filter>
</ClCompile>
+ <ClCompile Include="utils.cpp">
+ <Filter>Source Files</Filter>
+ </ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="..\stdplug.h">
diff --git a/src/core/stdcrypt/stdcrypt_11.vcxproj b/src/core/stdcrypt/stdcrypt_11.vcxproj
index 387bea51e3..84aa88e8f7 100644
--- a/src/core/stdcrypt/stdcrypt_11.vcxproj
+++ b/src/core/stdcrypt/stdcrypt_11.vcxproj
@@ -211,6 +211,7 @@
<ClCompile Include="encrypt.cpp" />
<ClCompile Include="main.cpp" />
<ClCompile Include="Rijndael.cpp" />
+ <ClCompile Include="utils.cpp" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="..\..\..\include\m_crypto.h" />
@@ -223,6 +224,11 @@
<ResourceCompile Include="resource.rc" />
<ResourceCompile Include="version.rc" />
</ItemGroup>
+ <ItemGroup>
+ <ProjectReference Include="..\..\..\plugins\Zlib\zlib_11.vcxproj">
+ <Project>{e2a369cd-eda3-414f-8ad0-e732cd7ee68c}</Project>
+ </ProjectReference>
+ </ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
diff --git a/src/core/stdcrypt/stdcrypt_11.vcxproj.filters b/src/core/stdcrypt/stdcrypt_11.vcxproj.filters
index 3976d8f7be..970fd73212 100644
--- a/src/core/stdcrypt/stdcrypt_11.vcxproj.filters
+++ b/src/core/stdcrypt/stdcrypt_11.vcxproj.filters
@@ -27,6 +27,9 @@
<ClCompile Include="Rijndael.cpp">
<Filter>Source Files</Filter>
</ClCompile>
+ <ClCompile Include="utils.cpp">
+ <Filter>Source Files</Filter>
+ </ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="..\stdplug.h">
diff --git a/src/core/stdcrypt/stdcrypt_12.vcxproj b/src/core/stdcrypt/stdcrypt_12.vcxproj
index 1ba2bf66ef..a80aca86c6 100644
--- a/src/core/stdcrypt/stdcrypt_12.vcxproj
+++ b/src/core/stdcrypt/stdcrypt_12.vcxproj
@@ -211,6 +211,7 @@
<ClCompile Include="encrypt.cpp" />
<ClCompile Include="main.cpp" />
<ClCompile Include="Rijndael.cpp" />
+ <ClCompile Include="utils.cpp" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="..\..\..\include\m_crypto.h" />
@@ -223,6 +224,11 @@
<ResourceCompile Include="resource.rc" />
<ResourceCompile Include="version.rc" />
</ItemGroup>
+ <ItemGroup>
+ <ProjectReference Include="..\..\..\plugins\Zlib\zlib_12.vcxproj">
+ <Project>{e2a369cd-eda3-414f-8ad0-e732cd7ee68c}</Project>
+ </ProjectReference>
+ </ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
diff --git a/src/core/stdcrypt/stdcrypt_12.vcxproj.filters b/src/core/stdcrypt/stdcrypt_12.vcxproj.filters
index 3976d8f7be..970fd73212 100644
--- a/src/core/stdcrypt/stdcrypt_12.vcxproj.filters
+++ b/src/core/stdcrypt/stdcrypt_12.vcxproj.filters
@@ -27,6 +27,9 @@
<ClCompile Include="Rijndael.cpp">
<Filter>Source Files</Filter>
</ClCompile>
+ <ClCompile Include="utils.cpp">
+ <Filter>Source Files</Filter>
+ </ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="..\stdplug.h">
diff --git a/src/core/stdcrypt/utils.cpp b/src/core/stdcrypt/utils.cpp
new file mode 100644
index 0000000000..c9bdb70c43
--- /dev/null
+++ b/src/core/stdcrypt/utils.cpp
@@ -0,0 +1,361 @@
+/*
+
+Miranda NG: the free IM client for Microsoft* Windows*
+
+Copyright (C) 2012-13 Miranda NG project,
+all portions of this codebase are copyrighted to the people
+listed in contributors.txt.
+
+This program is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation; either version 2
+of the License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+*/
+
+#include "commonheaders.h"
+
+bool getRandomBytes(BYTE *buf, size_t bufLen)
+{
+ // try to use Intel hardware randomizer first
+ HCRYPTPROV hProvider = NULL;
+ if (::CryptAcquireContext(&hProvider, NULL, _T("Intel Hardware Cryptographic Service Provider"), PROV_INTEL_SEC, 0)) {
+ ::CryptGenRandom(hProvider, DWORD(bufLen), buf);
+ ::CryptReleaseContext(hProvider, 0);
+ }
+ // no luck? try to use RSA
+ else if (::CryptAcquireContext(&hProvider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
+ ::CryptGenRandom(hProvider, DWORD(bufLen), buf);
+ ::CryptReleaseContext(hProvider, 0);
+ }
+ // no luck? try to use Windows NT RTL
+ else {
+ typedef BOOL(WINAPI *pfnGetRandom)(PVOID RandomBuffer, ULONG RandomBufferLength);
+ pfnGetRandom fnGetRandom = (pfnGetRandom)GetProcAddress(GetModuleHandleA("advapi32.dll"), "SystemFunction036");
+ if (fnGetRandom == NULL)
+ return false;
+
+ fnGetRandom(buf, DWORD(bufLen));
+ }
+ return true;
+}
+
+/////////////////////////////////////////////////////////////////////////////////////////
+
+struct SHA256_CONTEXT
+{
+ UINT32 h0, h1, h2, h3, h4, h5, h6, h7;
+ UINT32 nblocks;
+ BYTE buf[64];
+ int count;
+};
+
+static void sha256_init(SHA256_CONTEXT *hd)
+{
+ hd->h0 = 0x6a09e667;
+ hd->h1 = 0xbb67ae85;
+ hd->h2 = 0x3c6ef372;
+ hd->h3 = 0xa54ff53a;
+ hd->h4 = 0x510e527f;
+ hd->h5 = 0x9b05688c;
+ hd->h6 = 0x1f83d9ab;
+ hd->h7 = 0x5be0cd19;
+
+ hd->nblocks = 0;
+ hd->count = 0;
+}
+
+/*
+Transform the message X which consists of 16 32-bit-words. See FIPS
+180-2 for details. */
+#define ror(x,n) ( ((x) >> (n)) | ((x) << (32-(n))) )
+#define S0(x) (ror ((x), 7) ^ ror ((x), 18) ^ ((x) >> 3)) /* (4.6) */
+#define S1(x) (ror ((x), 17) ^ ror ((x), 19) ^ ((x) >> 10)) /* (4.7) */
+#define R(a,b,c,d,e,f,g,h,k,w) do \
+{ \
+ t1 = (h)+Sum1((e)) + Cho((e), (f), (g)) + (k)+(w); \
+ t2 = Sum0((a)) + Maj((a), (b), (c)); \
+ h = g; \
+ g = f; \
+ f = e; \
+ e = d + t1; \
+ d = c; \
+ c = b; \
+ b = a; \
+ a = t1 + t2; \
+} while (0)
+
+/* (4.2) same as SHA-1's F1. */
+static inline UINT32
+Cho(UINT32 x, UINT32 y, UINT32 z)
+{
+ return (z ^ (x & (y ^ z)));
+}
+
+/* (4.3) same as SHA-1's F3 */
+static inline UINT32
+Maj(UINT32 x, UINT32 y, UINT32 z)
+{
+ return ((x & y) | (z & (x | y)));
+}
+
+/* (4.4) */
+static inline UINT32 Sum0(UINT32 x)
+{
+ return (ror(x, 2) ^ ror(x, 13) ^ ror(x, 22));
+}
+
+/* (4.5) */
+static inline UINT32
+Sum1(UINT32 x)
+{
+ return (ror(x, 6) ^ ror(x, 11) ^ ror(x, 25));
+}
+
+
+static void transform(SHA256_CONTEXT *hd, const unsigned char *data)
+{
+ static const UINT32 K[64] = {
+ 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
+ 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
+ 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
+ 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
+ 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
+ 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
+ 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
+ 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
+ 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
+ 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
+ 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
+ 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
+ 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
+ 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
+ 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
+ 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
+ };
+
+ UINT32 a, b, c, d, e, f, g, h, t1, t2;
+ UINT32 x[16];
+ UINT32 w[64];
+ int i;
+
+ a = hd->h0;
+ b = hd->h1;
+ c = hd->h2;
+ d = hd->h3;
+ e = hd->h4;
+ f = hd->h5;
+ g = hd->h6;
+ h = hd->h7;
+
+#ifdef WORDS_BIGENDIAN
+ memcpy(x, data, 64);
+#else
+ {
+ BYTE *p2;
+
+ for (i = 0, p2 = (BYTE*)x; i < 16; i++, p2 += 4) {
+ p2[3] = *data++;
+ p2[2] = *data++;
+ p2[1] = *data++;
+ p2[0] = *data++;
+ }
+ }
+#endif
+
+ for (i = 0; i < 16; i++)
+ w[i] = x[i];
+ for (; i < 64; i++)
+ w[i] = S1(w[i - 2]) + w[i - 7] + S0(w[i - 15]) + w[i - 16];
+
+ for (i = 0; i < 64;)
+ {
+#if 0
+ R(a, b, c, d, e, f, g, h, K[i], w[i]);
+ i++;
+#else
+ t1 = h + Sum1(e) + Cho(e, f, g) + K[i] + w[i];
+ t2 = Sum0(a) + Maj(a, b, c);
+ d += t1;
+ h = t1 + t2;
+
+ t1 = g + Sum1(d) + Cho(d, e, f) + K[i + 1] + w[i + 1];
+ t2 = Sum0(h) + Maj(h, a, b);
+ c += t1;
+ g = t1 + t2;
+
+ t1 = f + Sum1(c) + Cho(c, d, e) + K[i + 2] + w[i + 2];
+ t2 = Sum0(g) + Maj(g, h, a);
+ b += t1;
+ f = t1 + t2;
+
+ t1 = e + Sum1(b) + Cho(b, c, d) + K[i + 3] + w[i + 3];
+ t2 = Sum0(f) + Maj(f, g, h);
+ a += t1;
+ e = t1 + t2;
+
+ t1 = d + Sum1(a) + Cho(a, b, c) + K[i + 4] + w[i + 4];
+ t2 = Sum0(e) + Maj(e, f, g);
+ h += t1;
+ d = t1 + t2;
+
+ t1 = c + Sum1(h) + Cho(h, a, b) + K[i + 5] + w[i + 5];
+ t2 = Sum0(d) + Maj(d, e, f);
+ g += t1;
+ c = t1 + t2;
+
+ t1 = b + Sum1(g) + Cho(g, h, a) + K[i + 6] + w[i + 6];
+ t2 = Sum0(c) + Maj(c, d, e);
+ f += t1;
+ b = t1 + t2;
+
+ t1 = a + Sum1(f) + Cho(f, g, h) + K[i + 7] + w[i + 7];
+ t2 = Sum0(b) + Maj(b, c, d);
+ e += t1;
+ a = t1 + t2;
+
+ i += 8;
+#endif
+ }
+
+ hd->h0 += a;
+ hd->h1 += b;
+ hd->h2 += c;
+ hd->h3 += d;
+ hd->h4 += e;
+ hd->h5 += f;
+ hd->h6 += g;
+ hd->h7 += h;
+}
+#undef S0
+#undef S1
+#undef R
+
+
+/* Update the message digest with the contents of INBUF with length
+INLEN. */
+static void sha256_write(SHA256_CONTEXT *hd, const void *inbuf_arg, size_t inlen)
+{
+ const unsigned char *inbuf = (const unsigned char *)inbuf_arg;
+
+ if (hd->count == 64)
+ { /* flush the buffer */
+ transform(hd, hd->buf);
+ hd->count = 0;
+ hd->nblocks++;
+ }
+ if (!inbuf)
+ return;
+ if (hd->count)
+ {
+ for (; inlen && hd->count < 64; inlen--)
+ hd->buf[hd->count++] = *inbuf++;
+ sha256_write(hd, NULL, 0);
+ if (!inlen)
+ return;
+ }
+
+ while (inlen >= 64)
+ {
+ transform(hd, inbuf);
+ hd->count = 0;
+ hd->nblocks++;
+ inlen -= 64;
+ inbuf += 64;
+ }
+ for (; inlen && hd->count < 64; inlen--)
+ hd->buf[hd->count++] = *inbuf++;
+}
+
+
+/*
+The routine finally terminates the computation and returns the
+digest. The handle is prepared for a new cycle, but adding bytes
+to the handle will the destroy the returned buffer. Returns: 32
+bytes with the message the digest. */
+static void sha256_final(SHA256_CONTEXT *hd, BYTE tmpHash[32])
+{
+ UINT32 t, msb, lsb;
+
+ sha256_write(hd, NULL, 0); /* flush */;
+
+ t = hd->nblocks;
+ /* multiply by 64 to make a BYTE count */
+ lsb = t << 6;
+ msb = t >> 26;
+ /* add the count */
+ t = lsb;
+ if ((lsb += hd->count) < t)
+ msb++;
+ /* multiply by 8 to make a bit count */
+ t = lsb;
+ lsb <<= 3;
+ msb <<= 3;
+ msb |= t >> 29;
+
+ if (hd->count < 56)
+ { /* enough room */
+ hd->buf[hd->count++] = 0x80; /* pad */
+ while (hd->count < 56)
+ hd->buf[hd->count++] = 0; /* pad */
+ }
+ else
+ { /* need one extra block */
+ hd->buf[hd->count++] = 0x80; /* pad character */
+ while (hd->count < 64)
+ hd->buf[hd->count++] = 0;
+ sha256_write(hd, NULL, 0); /* flush */;
+ memset(hd->buf, 0, 56); /* fill next block with zeroes */
+ }
+ /* append the 64 bit count */
+ hd->buf[56] = msb >> 24;
+ hd->buf[57] = msb >> 16;
+ hd->buf[58] = msb >> 8;
+ hd->buf[59] = msb;
+ hd->buf[60] = lsb >> 24;
+ hd->buf[61] = lsb >> 16;
+ hd->buf[62] = lsb >> 8;
+ hd->buf[63] = lsb;
+ transform(hd, hd->buf);
+
+ BYTE *p = tmpHash;
+#ifdef WORDS_BIGENDIAN
+#define X(a) do { *(UINT32*)p = hd->h##a ; p += 4; } while(0)
+#else /* little endian */
+#define X(a) do { *p++ = hd->h##a >> 24; *p++ = hd->h##a >> 16; \
+ *p++ = hd->h##a >> 8; *p++ = hd->h##a; } while (0)
+#endif
+ X(0);
+ X(1);
+ X(2);
+ X(3);
+ X(4);
+ X(5);
+ X(6);
+ X(7);
+#undef X
+}
+
+static void make_sha256(const void *buf, size_t bufLen, BYTE tmpHash[32])
+{
+ SHA256_CONTEXT tmp;
+ sha256_init(&tmp);
+ sha256_write(&tmp, buf, bufLen);
+ sha256_final(&tmp, tmpHash);
+}
+
+void slow_hash(const void *buf, size_t bufLen, BYTE tmpHash[32])
+{
+ make_sha256(buf, bufLen, tmpHash);
+
+ for (int i = 0; i < 50000; i++)
+ make_sha256(tmpHash, sizeof(tmpHash), tmpHash);
+}