diff --git a/lib/libmd/Makefile b/lib/libmd/Makefile --- a/lib/libmd/Makefile +++ b/lib/libmd/Makefile @@ -13,7 +13,7 @@ sha0c.c sha0hl.c sha1c.c sha1hl.c \ sha224hl.c sha256c.c sha256hl.c \ sha384hl.c \ - sha512c.c sha512hl.c sha512thl.c \ + sha512c.c sha512hl.c sha512t224hl.c sha512t256hl.c \ skein.c skein_block.c \ skein256hl.c skein512hl.c skein1024hl.c INCS= md4.h md5.h ripemd.h sha.h sha224.h sha256.h sha384.h sha512.h \ @@ -54,6 +54,10 @@ MLINKS+=sha512.3 SHA512_Final.3 sha512.3 SHA512_End.3 MLINKS+=sha512.3 SHA512_File.3 sha512.3 SHA512_FileChunk.3 MLINKS+=sha512.3 SHA512_Data.3 +MLINKS+=sha512.3 SHA512_224_Init.3 sha512.3 SHA512_224_Update.3 +MLINKS+=sha512.3 SHA512_224_Final.3 sha512.3 SHA512_224_End.3 +MLINKS+=sha512.3 SHA512_224_File.3 sha512.3 SHA512_224_FileChunk.3 +MLINKS+=sha512.3 SHA512_224_Data.3 MLINKS+=sha512.3 SHA512_256_Init.3 sha512.3 SHA512_256_Update.3 MLINKS+=sha512.3 SHA512_256_Final.3 sha512.3 SHA512_256_End.3 MLINKS+=sha512.3 SHA512_256_File.3 sha512.3 SHA512_256_FileChunk.3 @@ -76,7 +80,9 @@ sha0.ref sha0hl.c sha1.ref sha1hl.c shadriver \ sha224.ref sha256.ref sha224hl.c sha256hl.c \ sha384hl.c sha384.ref \ - sha512.ref sha512hl.c sha512t256.ref sha512thl.c \ + sha512.ref sha512hl.c \ + sha512t224.ref sha512t224hl.c \ + sha512t256.ref sha512t256hl.c \ skein256hl.c skein512hl.c skein1024hl.c \ skein256.ref skein512.ref skein1024.ref \ skeindriver @@ -184,7 +190,14 @@ -e 's/SHA512__/SHA512_/g' \ ${.ALLSRC}) > ${.TARGET} -sha512thl.c: mdXhl.c +sha512t224hl.c: mdXhl.c + (echo '#define LENGTH 28'; \ + sed -e 's/mdX/sha512t/g' -e 's/MDX/SHA512_224_/g' \ + -e 's/SHA512_224__/SHA512_224_/g' \ + -e 's/SHA512_224_CTX/SHA512_CTX/g' \ + ${.ALLSRC}) > ${.TARGET} + +sha512t256hl.c: mdXhl.c (echo '#define LENGTH 32'; \ sed -e 's/mdX/sha512t/g' -e 's/MDX/SHA512_256_/g' \ -e 's/SHA512_256__/SHA512_256_/g' \ @@ -328,6 +341,21 @@ @echo 'SHA-512 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ '72ec1ef1124a45b047e8b7c75a932195135bb61de24ec0d1914042246e0aec3a2354e093d76f3048b456764346900cb130d2a4fd5dd16abb5e30bcb850dee843' >> ${.TARGET} +sha512t224.ref: + echo 'SHA-512224 test suite:' > ${.TARGET} + @echo 'SHA-512224 ("") =' \ + '6ed0dd02806fa89e25de060c19d3ac86cabb87d6a0ddd05c333b84f4' >> ${.TARGET} + @echo 'SHA-512224 ("abc") =' \ + '4634270f707b6a54daae7530460842e20e37ed265ceee9a43e8924aa' >> ${.TARGET} + @echo 'SHA-512224 ("message digest") =' \ + 'ad1a4db188fe57064f4f24609d2a83cd0afb9b398eb2fcaeaae2c564' >> ${.TARGET} + @echo 'SHA-512224 ("abcdefghijklmnopqrstuvwxyz") =' \ + 'ff83148aa07ec30655c1b40aff86141c0215fe2a54f767d3f38743d8' >> ${.TARGET} + @echo 'SHA-512224 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ + 'a8b4b9174b99ffc67d6f49be9981587b96441051e16e6dd036b140d3' >> ${.TARGET} + @echo 'SHA-512224 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ + 'ae988faaa47e401a45f704d1272d99702458fea2ddc6582827556dd2' >> ${.TARGET} + sha512t256.ref: echo 'SHA-512256 test suite:' > ${.TARGET} @echo 'SHA-512256 ("") =' \ @@ -400,7 +428,7 @@ 'cf21a613620e6c119eca31fdfaad449a8e02f95ca256c21d2a105f8e4157048f9fe1e897893ea18b64e0e37cb07d5ac947f27ba544caf7cbc1ad094e675aed77a366270f7eb7f46543bccfa61c526fd628408058ed00ed566ac35a9761d002e629c4fb0d430b2f4ad016fcc49c44d2981c4002da0eecc42144160e2eaea4855a' >> ${.TARGET} test: md4.ref md5.ref sha0.ref rmd160.ref sha1.ref sha224.ref sha256.ref sha384.ref \ - sha512.ref sha512t256.ref skein256.ref skein512.ref skein1024.ref + sha512.ref sha512t224.ref sha512t256.ref skein256.ref skein512.ref skein1024.ref @${ECHO} if any of these test fail, the code produces wrong results @${ECHO} and should NOT be used. ${CC} ${CFLAGS} ${LDFLAGS} -DMD=4 -o mddriver ${.CURDIR}/mddriver.c libmd.a @@ -432,6 +460,10 @@ ${CC} ${CFLAGS} ${LDFLAGS} -DSHA=512 -o shadriver ${.CURDIR}/shadriver.c libmd.a ./shadriver | cmp sha512.ref - @${ECHO} SHA-512 passed test + ${CC} ${CFLAGS} ${LDFLAGS} -DSHA=512224 -o shadriver ${.CURDIR}/shadriver.c libmd.a + ./shadriver | cmp sha512t224.ref - + @${ECHO} SHA-512t224 passed test + -rm -f shadriver ${CC} ${CFLAGS} ${LDFLAGS} -DSHA=512256 -o shadriver ${.CURDIR}/shadriver.c libmd.a ./shadriver | cmp sha512t256.ref - @${ECHO} SHA-512t256 passed test diff --git a/lib/libmd/mdX.3 b/lib/libmd/mdX.3 --- a/lib/libmd/mdX.3 +++ b/lib/libmd/mdX.3 @@ -95,8 +95,7 @@ .Fn MDXFinal which converts the return value to a 33-character (including the terminating '\e0') -.Tn ASCII -string which represents the 128 bits in hexadecimal. +ASCII string which represents the 128 bits in hexadecimal. .Pp The .Fn MDXFile @@ -201,15 +200,12 @@ .Fx 2.0 . .Sh AUTHORS The original MDX routines were developed by -.Tn RSA -Data Security, Inc., and published in the above references. +RSA Data Security, Inc., and published in the above references. This code is derived directly from these implementations by .An Poul-Henning Kamp Aq Mt phk@FreeBSD.org . .Pp Phk ristede runen. .Sh BUGS -The -.Tn MD5 -algorithm has been proven to be vulnerable to practical collision +The MD5 algorithm has been proven to be vulnerable to practical collision attacks and should not be relied upon to produce unique outputs, .Em nor should they be used as part of a cryptographic signature scheme. diff --git a/lib/libmd/ripemd.3 b/lib/libmd/ripemd.3 --- a/lib/libmd/ripemd.3 +++ b/lib/libmd/ripemd.3 @@ -75,8 +75,7 @@ .Fn RIPEMD160_Final which converts the return value to a 41-character (including the terminating '\e0') -.Tn ASCII -string which represents the 160 bits in hexadecimal. +ASCII string which represents the 160 bits in hexadecimal. .Pp The .Fn RIPEMD160_File @@ -156,9 +155,7 @@ .Fx 4.0 . .Sh AUTHORS The core hash routines were implemented by Eric Young based on the -published -.Tn RIPEMD160 -specification. +published RIPEMD160 specification. .Sh BUGS No method is known to exist which finds two files having the same hash value, nor to find a file with a specific hash value. diff --git a/lib/libmd/sha.3 b/lib/libmd/sha.3 --- a/lib/libmd/sha.3 +++ b/lib/libmd/sha.3 @@ -76,16 +76,9 @@ .Dq fingerprint of the input-data, which does not disclose the actual input. .Pp -.Tn SHA -(or -.Tn SHA-0 ) -is the original Secure Hash Algorithm specified in -.Tn FIPS -160. -It was quickly proven insecure, and has been superseded by -.Tn SHA-1 . -.Tn SHA-0 -is included for compatibility purposes only. +SHA (or SHA-0) is the original Secure Hash Algorithm specified in FIPS 160. +It was quickly proven insecure, and has been superseded by SHA-1. +SHA-0 is included for compatibility purposes only. .Pp The .Fn SHA1_Init , @@ -109,8 +102,7 @@ .Fn SHA1_Final which converts the return value to a 41-character (including the terminating '\e0') -.Tn ASCII -string which represents the 160 bits in hexadecimal. +ASCII string which represents the 160 bits in hexadecimal. .Pp .Fn SHA1_File calculates the digest of a file, and uses @@ -188,23 +180,15 @@ .Sh AUTHORS The core hash routines were implemented by Eric Young based on the published -.Tn FIPS -standards. +FIPS standards. .Sh BUGS -The -.Tn SHA1 -algorithm has been proven to be vulnerable to practical collision +The SHA1 algorithm has been proven to be vulnerable to practical collision attacks and should not be relied upon to produce unique outputs, .Em nor should it be used as part of a new cryptographic signature scheme. .Pp -The -.Tn IA32 -(Intel) implementation of -.Tn SHA-1 -makes heavy use of the +The IA32 (Intel) implementation of SHA-1 makes heavy use of the .Ql bswapl instruction, which is not present on the original 80386. -Attempts to use -.Tn SHA-1 -on those processors will cause an illegal instruction trap. +Attempts to use SHA-1 on those processors will cause an illegal +instruction trap. (Arguably, the kernel should simply emulate this instruction.) diff --git a/lib/libmd/sha256.3 b/lib/libmd/sha256.3 --- a/lib/libmd/sha256.3 +++ b/lib/libmd/sha256.3 @@ -97,8 +97,7 @@ .Fn SHA256_Final which converts the return value to a 65-character (including the terminating '\e0') -.Tn ASCII -string which represents the 256 bits in hexadecimal. +ASCII string which represents the 256 bits in hexadecimal. .Pp .Fn SHA256_File calculates the digest of a file, and uses @@ -178,9 +177,7 @@ .Fx 6.0 . .Sh AUTHORS The core hash routines were implemented by Colin Percival based on -the published -.Tn FIPS 180-2 -standard. +the published FIPS 180-2 standard. .Sh BUGS No method is known to exist which finds two files having the same hash value, nor to find a file with a specific hash value. diff --git a/lib/libmd/sha512.3 b/lib/libmd/sha512.3 --- a/lib/libmd/sha512.3 +++ b/lib/libmd/sha512.3 @@ -9,7 +9,7 @@ .\" From: Id: mdX.3,v 1.14 1999/02/11 20:31:49 wollman Exp .\" $FreeBSD$ .\" -.Dd May 21, 2019 +.Dd February 3, 2023 .Dt SHA512 3 .Os .Sh NAME @@ -27,6 +27,13 @@ .Nm SHA384_File , .Nm SHA384_FileChunk , .Nm SHA384_Data , +.Nm SHA512_224_Init , +.Nm SHA512_224_Update , +.Nm SHA512_224_Final , +.Nm SHA512_224_End , +.Nm SHA512_224_File , +.Nm SHA512_224_FileChunk , +.Nm SHA512_224_Data .Nm SHA512_256_Init , .Nm SHA512_256_Update , .Nm SHA512_256_Final , @@ -71,6 +78,20 @@ .Fn SHA384_Data "const unsigned char *data" "unsigned int len" "char *buf" .In sha512t.h .Ft void +.Fn SHA512_224_Init "SHA512_CTX *context" +.Ft void +.Fn SHA512_224_Update "SHA512_CTX *context" "const unsigned char *data" "size_t len" +.Ft void +.Fn SHA512_224_Final "unsigned char digest[32]" "SHA512_CTX *context" +.Ft "char *" +.Fn SHA512_224_End "SHA512_CTX *context" "char *buf" +.Ft "char *" +.Fn SHA512_224_File "const char *filename" "char *buf" +.Ft "char *" +.Fn SHA512_224_FileChunk "const char *filename" "char *buf" "off_t offset" "off_t length" +.Ft "char *" +.Fn SHA512_224_Data "const unsigned char *data" "unsigned int len" "char *buf" +.Ft void .Fn SHA512_256_Init "SHA512_CTX *context" .Ft void .Fn SHA512_256_Update "SHA512_CTX *context" "const unsigned char *data" "size_t len" @@ -119,8 +140,7 @@ .Fn SHA512_Final which converts the return value to a 129-character (including the terminating '\e0') -.Tn ASCII -string which represents the 512 bits in hexadecimal. +ASCII string which represents the 512 bits in hexadecimal. .Pp .Fn SHA512_File calculates the digest of a file, and uses @@ -167,29 +187,43 @@ argument is non-null it must point to at least 129 characters of buffer space. .Pp The -.Li SHA384_ +.Li SHA384_ , +.Li SHA512_224 , and .Li SHA512_256_ functions are identical to the .Li SHA512_ functions except they use a different initial hash value and the output is -truncated to 384 bits and 256 bits respectively. +truncated to 384, 224, and 256 bits respectively. .Pp .Fn SHA384_End is a wrapper for .Fn SHA384_Final which converts the return value to a 97-character (including the terminating '\e0') +ASCII string which represents the 384 bits in hexadecimal. +.Pp +.Fn SHA512_224_End +is a wrapper for +.Fn SHA512_Final +which converts the return value to a 57-character +(including the terminating '\e0') +ASCII string which represents the 224 bits in hexadecimal. +.Pp +.Fn SHA512_224_End +is a wrapper for +.Fn SHA512_Final +which converts the return value to a 57-character +(including the terminating '\e0') .Tn ASCII -string which represents the 384 bits in hexadecimal. +string which represents the 224 bits in hexadecimal. .Pp .Fn SHA512_256_End is a wrapper for .Fn SHA512_Final which converts the return value to a 65-character (including the terminating '\e0') -.Tn ASCII -string which represents the 256 bits in hexadecimal. +ASCII string which represents the 256 bits in hexadecimal. .Sh ERRORS The .Fn SHA512_End @@ -223,9 +257,7 @@ .Fx 9.0 . .Sh AUTHORS The core hash routines were implemented by Colin Percival based on -the published -.Tn FIPS 180-2 -standard. +the published FIPS 180-2 standard. .Sh BUGS No method is known to exist which finds two files having the same hash value, nor to find a file with a specific hash value. diff --git a/lib/libmd/shadriver.c b/lib/libmd/shadriver.c --- a/lib/libmd/shadriver.c +++ b/lib/libmd/shadriver.c @@ -51,6 +51,9 @@ #elif SHA == 512 #undef SHA_Data #define SHA_Data SHA512_Data +#elif SHA == 512224 +#undef SHA_Data +#define SHA_Data SHA512_224_Data #elif SHA == 512256 #undef SHA_Data #define SHA_Data SHA512_256_Data diff --git a/lib/libmd/skein.3 b/lib/libmd/skein.3 --- a/lib/libmd/skein.3 +++ b/lib/libmd/skein.3 @@ -133,8 +133,7 @@ .Fn SKEIN256_Final which converts the return value to a 33-character (including the terminating '\e0') -.Tn ASCII -string which represents the 256 bits in hexadecimal. +ASCII string which represents the 256 bits in hexadecimal. .Pp .Fn SKEIN256_File calculates the digest of a file, and uses diff --git a/sbin/md5/tests/algorithms.txt b/sbin/md5/tests/algorithms.txt --- a/sbin/md5/tests/algorithms.txt +++ b/sbin/md5/tests/algorithms.txt @@ -5,6 +5,7 @@ sha256 sha384 sha512 +sha512t224 sha512t256 skein1024 skein256 diff --git a/sbin/md5/tests/self-test.sha512t224.chk b/sbin/md5/tests/self-test.sha512t224.chk new file mode 100644 --- /dev/null +++ b/sbin/md5/tests/self-test.sha512t224.chk @@ -0,0 +1,9 @@ +SHA512t224 test suite: +SHA512t224 ("") = 6ed0dd02806fa89e25de060c19d3ac86cabb87d6a0ddd05c333b84f4 - verified correct +SHA512t224 ("a") = d5cdb9ccc769a5121d4175f2bfdd13d6310e0d3d361ea75d82108327 - verified correct +SHA512t224 ("abc") = 4634270f707b6a54daae7530460842e20e37ed265ceee9a43e8924aa - verified correct +SHA512t224 ("message digest") = ad1a4db188fe57064f4f24609d2a83cd0afb9b398eb2fcaeaae2c564 - verified correct +SHA512t224 ("abcdefghijklmnopqrstuvwxyz") = ff83148aa07ec30655c1b40aff86141c0215fe2a54f767d3f38743d8 - verified correct +SHA512t224 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") = a8b4b9174b99ffc67d6f49be9981587b96441051e16e6dd036b140d3 - verified correct +SHA512t224 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") = ae988faaa47e401a45f704d1272d99702458fea2ddc6582827556dd2 - verified correct +SHA512t224 ("MD5 has not yet (2001-09-03) been broken, but sufficient attacks have been made that its security is in some doubt") = b3c3b945249b0c8c94aba76ea887bcaad5401665a1fbeb384af4d06b - verified correct diff --git a/sbin/md5/tests/sha512t224.digest b/sbin/md5/tests/sha512t224.digest new file mode 100644 --- /dev/null +++ b/sbin/md5/tests/sha512t224.digest @@ -0,0 +1,8 @@ +SHA512t224 (1.inp) = 6ed0dd02806fa89e25de060c19d3ac86cabb87d6a0ddd05c333b84f4 +SHA512t224 (2.inp) = d5cdb9ccc769a5121d4175f2bfdd13d6310e0d3d361ea75d82108327 +SHA512t224 (3.inp) = 4634270f707b6a54daae7530460842e20e37ed265ceee9a43e8924aa +SHA512t224 (4.inp) = ad1a4db188fe57064f4f24609d2a83cd0afb9b398eb2fcaeaae2c564 +SHA512t224 (5.inp) = ff83148aa07ec30655c1b40aff86141c0215fe2a54f767d3f38743d8 +SHA512t224 (6.inp) = a8b4b9174b99ffc67d6f49be9981587b96441051e16e6dd036b140d3 +SHA512t224 (7.inp) = ae988faaa47e401a45f704d1272d99702458fea2ddc6582827556dd2 +SHA512t224 (8.inp) = b3c3b945249b0c8c94aba76ea887bcaad5401665a1fbeb384af4d06b diff --git a/sbin/md5/tests/sha512t224sum.digest b/sbin/md5/tests/sha512t224sum.digest new file mode 100644 --- /dev/null +++ b/sbin/md5/tests/sha512t224sum.digest @@ -0,0 +1,8 @@ +6ed0dd02806fa89e25de060c19d3ac86cabb87d6a0ddd05c333b84f4 1.inp +d5cdb9ccc769a5121d4175f2bfdd13d6310e0d3d361ea75d82108327 2.inp +4634270f707b6a54daae7530460842e20e37ed265ceee9a43e8924aa 3.inp +ad1a4db188fe57064f4f24609d2a83cd0afb9b398eb2fcaeaae2c564 4.inp +ff83148aa07ec30655c1b40aff86141c0215fe2a54f767d3f38743d8 5.inp +a8b4b9174b99ffc67d6f49be9981587b96441051e16e6dd036b140d3 6.inp +ae988faaa47e401a45f704d1272d99702458fea2ddc6582827556dd2 7.inp +b3c3b945249b0c8c94aba76ea887bcaad5401665a1fbeb384af4d06b 8.inp