Index: lib/libcrypt/Makefile =================================================================== --- lib/libcrypt/Makefile +++ lib/libcrypt/Makefile @@ -29,6 +29,7 @@ .for sym in MD4Init MD4Final MD4Update MD4Pad \ MD5Init MD5Final MD5Update MD5Pad \ SHA256_Init SHA256_Final SHA256_Update \ + SHA384_Init SHA384_Final SHA384_Update \ SHA512_Init SHA512_Final SHA512_Update CFLAGS+= -D${sym}=__${sym} .endfor Index: lib/libmd/Makefile =================================================================== --- lib/libmd/Makefile +++ lib/libmd/Makefile @@ -7,8 +7,9 @@ rmd160c.c rmd160hl.c \ sha0c.c sha0hl.c sha1c.c sha1hl.c \ sha256c.c sha256hl.c \ + sha384hl.c \ sha512c.c sha512hl.c -INCS= md4.h md5.h ripemd.h sha.h sha256.h sha512.h +INCS= md4.h md5.h ripemd.h sha.h sha256.h sha384.h sha512.h WARNS?= 0 @@ -33,6 +34,10 @@ MLINKS+=sha256.3 SHA256_Final.3 sha256.3 SHA256_End.3 MLINKS+=sha256.3 SHA256_File.3 sha256.3 SHA256_FileChunk.3 MLINKS+=sha256.3 SHA256_Data.3 +MLINKS+=sha512.3 SHA384_Init.3 sha512.3 SHA384_Update.3 +MLINKS+=sha512.3 SHA384_Final.3 sha512.3 SHA384_End.3 +MLINKS+=sha512.3 SHA384_File.3 sha512.3 SHA384_FileChunk.3 +MLINKS+=sha512.3 SHA384_Data.3 sha512.3 sha384.3 MLINKS+=sha512.3 SHA512_Init.3 sha512.3 SHA512_Update.3 MLINKS+=sha512.3 SHA512_Final.3 sha512.3 SHA512_End.3 MLINKS+=sha512.3 SHA512_File.3 sha512.3 SHA512_FileChunk.3 @@ -40,7 +45,8 @@ CLEANFILES+= md[245]hl.c md[245].ref md[245].3 mddriver \ rmd160.ref rmd160hl.c rmddriver \ sha0.ref sha0hl.c sha1.ref sha1hl.c shadriver \ - sha256.ref sha256hl.c sha512.ref sha512hl.c + sha256.ref sha256hl.c sha384hl.c sha384.ref \ + sha512.ref sha512hl.c # Define WEAK_REFS to provide weak aliases for libmd symbols # @@ -88,6 +94,12 @@ -e 's/SHA256__/SHA256_/g' \ ${.ALLSRC}) > ${.TARGET} +sha384hl.c: mdXhl.c + (echo '#define LENGTH 48'; \ + sed -e 's/mdX/sha384/g' -e 's/MDX/SHA384_/g' \ + -e 's/SHA384__/SHA384_/g' \ + ${.ALLSRC}) > ${.TARGET} + sha512hl.c: mdXhl.c (echo '#define LENGTH 64'; \ sed -e 's/mdX/sha512/g' -e 's/MDX/SHA512_/g' \ @@ -168,6 +180,21 @@ @echo 'SHA-256 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ 'f371bc4a311f2b009eef952dd83ca80e2b60026c8e935592d0f9c308453c813e' >> ${.TARGET} +sha384.ref: + echo 'SHA-384 test suite:' > ${.TARGET} + @echo 'SHA-384 ("") =' \ + '38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b' >> ${.TARGET} + @echo 'SHA-384 ("abc") =' \ + 'cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7' >> ${.TARGET} + @echo 'SHA-384 ("message digest") =' \ + '473ed35167ec1f5d8e550368a3db39be54639f828868e9454c239fc8b52e3c61dbd0d8b4de1390c256dcbb5d5fd99cd5' >> ${.TARGET} + @echo 'SHA-384 ("abcdefghijklmnopqrstuvwxyz") =' \ + 'feb67349df3db6f5924815d6c3dc133f091809213731fe5c7b5f4999e463479ff2877f5f2936fa63bb43784b12f3ebb4' >> ${.TARGET} + @echo 'SHA-384 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ + '1761336e3f7cbfe51deb137f026f89e01a448e3b1fafa64039c1464ee8732f11a5341a6f41e0c202294736ed64db1a84' >> ${.TARGET} + @echo 'SHA-384 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ + 'b12932b0627d1c060942f5447764155655bd4da0c9afa6dd9b9ef53129af1b8fb0195996d2de9ca0df9d821ffee67026' >> ${.TARGET} + sha512.ref: echo 'SHA-512 test suite:' > ${.TARGET} @echo 'SHA-512 ("") =' \ @@ -196,7 +223,8 @@ @echo 'RIPEMD160 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ '9b752e45573d4b39f4dbd3323cab82bf63326bfb' >> ${.TARGET} -test: md4.ref md5.ref sha0.ref rmd160.ref sha1.ref sha256.ref sha512.ref +test: md4.ref md5.ref sha0.ref rmd160.ref sha1.ref sha256.ref sha384.ref \ + sha512.ref @${ECHO} if any of these test fail, the code produces wrong results @${ECHO} and should NOT be used. ${CC} ${CFLAGS} ${LDFLAGS} -DMD=4 -o mddriver ${.CURDIR}/mddriver.c libmd.a @@ -219,6 +247,9 @@ ${CC} ${CFLAGS} ${LDFLAGS} -DSHA=256 -o shadriver ${.CURDIR}/shadriver.c libmd.a ./shadriver | cmp sha256.ref - @${ECHO} SHA-256 passed test + ${CC} ${CFLAGS} ${LDFLAGS} -DSHA=384 -o shadriver ${.CURDIR}/shadriver.c libmd.a + ./shadriver | cmp sha384.ref - + @${ECHO} SHA-384 passed test ${CC} ${CFLAGS} ${LDFLAGS} -DSHA=512 -o shadriver ${.CURDIR}/shadriver.c libmd.a ./shadriver | cmp sha512.ref - @${ECHO} SHA-512 passed test Index: lib/libmd/sha512.h =================================================================== --- lib/libmd/sha512.h +++ lib/libmd/sha512.h @@ -1,82 +0,0 @@ -/*- - * Copyright 2005 Colin Percival - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $FreeBSD$ - */ - -#ifndef _SHA512_H_ -#define _SHA512_H_ - -#include - -typedef struct SHA512Context { - uint64_t state[8]; - uint64_t count[2]; - unsigned char buf[128]; -} SHA512_CTX; - -__BEGIN_DECLS - -/* Ensure libmd symbols do not clash with libcrypto */ - -#ifndef SHA512_Init -#define SHA512_Init _libmd_SHA512_Init -#endif -#ifndef SHA512_Update -#define SHA512_Update _libmd_SHA512_Update -#endif -#ifndef SHA512_Final -#define SHA512_Final _libmd_SHA512_Final -#endif -#ifndef SHA512_End -#define SHA512_End _libmd_SHA512_End -#endif -#ifndef SHA512_File -#define SHA512_File _libmd_SHA512_File -#endif -#ifndef SHA512_FileChunk -#define SHA512_FileChunk _libmd_SHA512_FileChunk -#endif -#ifndef SHA512_Data -#define SHA512_Data _libmd_SHA512_Data -#endif - -#ifndef SHA512_Transform -#define SHA512_Transform _libmd_SHA512_Transform -#endif -#ifndef SHA512_version -#define SHA512_version _libmd_SHA512_version -#endif - -void SHA512_Init(SHA512_CTX *); -void SHA512_Update(SHA512_CTX *, const void *, size_t); -void SHA512_Final(unsigned char [64], SHA512_CTX *); -char *SHA512_End(SHA512_CTX *, char *); -char *SHA512_File(const char *, char *); -char *SHA512_FileChunk(const char *, char *, off_t, off_t); -char *SHA512_Data(const void *, unsigned int, char *); -__END_DECLS - -#endif /* !_SHA512_H_ */ Index: lib/libmd/sha512.3 =================================================================== --- lib/libmd/sha512.3 +++ lib/libmd/sha512.3 @@ -9,7 +9,7 @@ .\" From: Id: mdX.3,v 1.14 1999/02/11 20:31:49 wollman Exp .\" $FreeBSD$ .\" -.Dd March 28, 2014 +.Dd October 17, 2015 .Dt SHA512 3 .Os .Sh NAME @@ -19,8 +19,15 @@ .Nm SHA512_End , .Nm SHA512_File , .Nm SHA512_FileChunk , -.Nm SHA512_Data -.Nd calculate the FIPS 180-2 ``SHA-512'' message digest +.Nm SHA512_Data , +.Nm SHA384_Init , +.Nm SHA384_Update , +.Nm SHA384_Final , +.Nm SHA384_End , +.Nm SHA384_File , +.Nm SHA384_FileChunk , +.Nm SHA384_Data +.Nd calculate the FIPS 180-4 ``SHA-512'' family of message digests .Sh LIBRARY .Lb libmd .Sh SYNOPSIS @@ -40,6 +47,20 @@ .Fn SHA512_FileChunk "const char *filename" "char *buf" "off_t offset" "off_t length" .Ft "char *" .Fn SHA512_Data "const unsigned char *data" "unsigned int len" "char *buf" +.Ft void +.Fn SHA384_Init "SHA384_CTX *context" +.Ft void +.Fn SHA384_Update "SHA384_CTX *context" "const unsigned char *data" "size_t len" +.Ft void +.Fn SHA384_Final "unsigned char digest[48]" "SHA384_CTX *context" +.Ft "char *" +.Fn SHA384_End "SHA384_CTX *context" "char *buf" +.Ft "char *" +.Fn SHA384_File "const char *filename" "char *buf" +.Ft "char *" +.Fn SHA384_FileChunk "const char *filename" "char *buf" "off_t offset" "off_t length" +.Ft "char *" +.Fn SHA384_Data "const unsigned char *data" "unsigned int len" "char *buf" .Sh DESCRIPTION The .Li SHA512_ @@ -119,6 +140,21 @@ If the .Fa buf argument is non-null it must point to at least 65 characters of buffer space. +.Pp +The +.Li SHA384_ +functions are identical to the +.Li SHA512_ +functions except they use a different initial hash value and the output is +truncated to 384 bits. +.Pp +.Fn SHA384_End +is a wrapper for +.Fn SHA384_Final +which converts the return value to a 49-character +(including the terminating '\e0') +.Tn ASCII +string which represents the 384 bits in hexadecimal. .Sh SEE ALSO .Xr md4 3 , .Xr md5 3 , Index: lib/libmd/sha512c.c =================================================================== --- lib/libmd/sha512c.c +++ lib/libmd/sha512c.c @@ -1,335 +0,0 @@ -/*- - * Copyright 2005 Colin Percival - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include -__FBSDID("$FreeBSD$"); - -#include -#include - -#include - -#include "sha512.h" - -#if BYTE_ORDER == BIG_ENDIAN - -/* Copy a vector of big-endian uint64_t into a vector of bytes */ -#define be64enc_vect(dst, src, len) \ - memcpy((void *)dst, (const void *)src, (size_t)len) - -/* Copy a vector of bytes into a vector of big-endian uint64_t */ -#define be64dec_vect(dst, src, len) \ - memcpy((void *)dst, (const void *)src, (size_t)len) - -#else /* BYTE_ORDER != BIG_ENDIAN */ - -/* - * Encode a length len/4 vector of (uint64_t) into a length len vector of - * (unsigned char) in big-endian form. Assumes len is a multiple of 8. - */ -static void -be64enc_vect(unsigned char *dst, const uint64_t *src, size_t len) -{ - size_t i; - - for (i = 0; i < len / 8; i++) - be64enc(dst + i * 8, src[i]); -} - -/* - * Decode a big-endian length len vector of (unsigned char) into a length - * len/4 vector of (uint64_t). Assumes len is a multiple of 8. - */ -static void -be64dec_vect(uint64_t *dst, const unsigned char *src, size_t len) -{ - size_t i; - - for (i = 0; i < len / 8; i++) - dst[i] = be64dec(src + i * 8); -} - -#endif /* BYTE_ORDER != BIG_ENDIAN */ - -/* Elementary functions used by SHA512 */ -#define Ch(x, y, z) ((x & (y ^ z)) ^ z) -#define Maj(x, y, z) ((x & (y | z)) | (y & z)) -#define SHR(x, n) (x >> n) -#define ROTR(x, n) ((x >> n) | (x << (64 - n))) -#define S0(x) (ROTR(x, 28) ^ ROTR(x, 34) ^ ROTR(x, 39)) -#define S1(x) (ROTR(x, 14) ^ ROTR(x, 18) ^ ROTR(x, 41)) -#define s0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x, 7)) -#define s1(x) (ROTR(x, 19) ^ ROTR(x, 61) ^ SHR(x, 6)) - -/* SHA512 round function */ -#define RND(a, b, c, d, e, f, g, h, k) \ - t0 = h + S1(e) + Ch(e, f, g) + k; \ - t1 = S0(a) + Maj(a, b, c); \ - d += t0; \ - h = t0 + t1; - -/* Adjusted round function for rotating state */ -#define RNDr(S, W, i, k) \ - RND(S[(80 - i) % 8], S[(81 - i) % 8], \ - S[(82 - i) % 8], S[(83 - i) % 8], \ - S[(84 - i) % 8], S[(85 - i) % 8], \ - S[(86 - i) % 8], S[(87 - i) % 8], \ - W[i] + k) - -/* - * SHA512 block compression function. The 512-bit state is transformed via - * the 512-bit input block to produce a new state. - */ -static void -SHA512_Transform(uint64_t * state, const unsigned char block[128]) -{ - uint64_t W[80]; - uint64_t S[8]; - uint64_t t0, t1; - int i; - - /* 1. Prepare message schedule W. */ - be64dec_vect(W, block, 128); - for (i = 16; i < 80; i++) - W[i] = s1(W[i - 2]) + W[i - 7] + s0(W[i - 15]) + W[i - 16]; - - /* 2. Initialize working variables. */ - memcpy(S, state, 64); - - /* 3. Mix. */ - RNDr(S, W, 0, 0x428a2f98d728ae22ULL); - RNDr(S, W, 1, 0x7137449123ef65cdULL); - RNDr(S, W, 2, 0xb5c0fbcfec4d3b2fULL); - RNDr(S, W, 3, 0xe9b5dba58189dbbcULL); - RNDr(S, W, 4, 0x3956c25bf348b538ULL); - RNDr(S, W, 5, 0x59f111f1b605d019ULL); - RNDr(S, W, 6, 0x923f82a4af194f9bULL); - RNDr(S, W, 7, 0xab1c5ed5da6d8118ULL); - RNDr(S, W, 8, 0xd807aa98a3030242ULL); - RNDr(S, W, 9, 0x12835b0145706fbeULL); - RNDr(S, W, 10, 0x243185be4ee4b28cULL); - RNDr(S, W, 11, 0x550c7dc3d5ffb4e2ULL); - RNDr(S, W, 12, 0x72be5d74f27b896fULL); - RNDr(S, W, 13, 0x80deb1fe3b1696b1ULL); - RNDr(S, W, 14, 0x9bdc06a725c71235ULL); - RNDr(S, W, 15, 0xc19bf174cf692694ULL); - RNDr(S, W, 16, 0xe49b69c19ef14ad2ULL); - RNDr(S, W, 17, 0xefbe4786384f25e3ULL); - RNDr(S, W, 18, 0x0fc19dc68b8cd5b5ULL); - RNDr(S, W, 19, 0x240ca1cc77ac9c65ULL); - RNDr(S, W, 20, 0x2de92c6f592b0275ULL); - RNDr(S, W, 21, 0x4a7484aa6ea6e483ULL); - RNDr(S, W, 22, 0x5cb0a9dcbd41fbd4ULL); - RNDr(S, W, 23, 0x76f988da831153b5ULL); - RNDr(S, W, 24, 0x983e5152ee66dfabULL); - RNDr(S, W, 25, 0xa831c66d2db43210ULL); - RNDr(S, W, 26, 0xb00327c898fb213fULL); - RNDr(S, W, 27, 0xbf597fc7beef0ee4ULL); - RNDr(S, W, 28, 0xc6e00bf33da88fc2ULL); - RNDr(S, W, 29, 0xd5a79147930aa725ULL); - RNDr(S, W, 30, 0x06ca6351e003826fULL); - RNDr(S, W, 31, 0x142929670a0e6e70ULL); - RNDr(S, W, 32, 0x27b70a8546d22ffcULL); - RNDr(S, W, 33, 0x2e1b21385c26c926ULL); - RNDr(S, W, 34, 0x4d2c6dfc5ac42aedULL); - RNDr(S, W, 35, 0x53380d139d95b3dfULL); - RNDr(S, W, 36, 0x650a73548baf63deULL); - RNDr(S, W, 37, 0x766a0abb3c77b2a8ULL); - RNDr(S, W, 38, 0x81c2c92e47edaee6ULL); - RNDr(S, W, 39, 0x92722c851482353bULL); - RNDr(S, W, 40, 0xa2bfe8a14cf10364ULL); - RNDr(S, W, 41, 0xa81a664bbc423001ULL); - RNDr(S, W, 42, 0xc24b8b70d0f89791ULL); - RNDr(S, W, 43, 0xc76c51a30654be30ULL); - RNDr(S, W, 44, 0xd192e819d6ef5218ULL); - RNDr(S, W, 45, 0xd69906245565a910ULL); - RNDr(S, W, 46, 0xf40e35855771202aULL); - RNDr(S, W, 47, 0x106aa07032bbd1b8ULL); - RNDr(S, W, 48, 0x19a4c116b8d2d0c8ULL); - RNDr(S, W, 49, 0x1e376c085141ab53ULL); - RNDr(S, W, 50, 0x2748774cdf8eeb99ULL); - RNDr(S, W, 51, 0x34b0bcb5e19b48a8ULL); - RNDr(S, W, 52, 0x391c0cb3c5c95a63ULL); - RNDr(S, W, 53, 0x4ed8aa4ae3418acbULL); - RNDr(S, W, 54, 0x5b9cca4f7763e373ULL); - RNDr(S, W, 55, 0x682e6ff3d6b2b8a3ULL); - RNDr(S, W, 56, 0x748f82ee5defb2fcULL); - RNDr(S, W, 57, 0x78a5636f43172f60ULL); - RNDr(S, W, 58, 0x84c87814a1f0ab72ULL); - RNDr(S, W, 59, 0x8cc702081a6439ecULL); - RNDr(S, W, 60, 0x90befffa23631e28ULL); - RNDr(S, W, 61, 0xa4506cebde82bde9ULL); - RNDr(S, W, 62, 0xbef9a3f7b2c67915ULL); - RNDr(S, W, 63, 0xc67178f2e372532bULL); - RNDr(S, W, 64, 0xca273eceea26619cULL); - RNDr(S, W, 65, 0xd186b8c721c0c207ULL); - RNDr(S, W, 66, 0xeada7dd6cde0eb1eULL); - RNDr(S, W, 67, 0xf57d4f7fee6ed178ULL); - RNDr(S, W, 68, 0x06f067aa72176fbaULL); - RNDr(S, W, 69, 0x0a637dc5a2c898a6ULL); - RNDr(S, W, 70, 0x113f9804bef90daeULL); - RNDr(S, W, 71, 0x1b710b35131c471bULL); - RNDr(S, W, 72, 0x28db77f523047d84ULL); - RNDr(S, W, 73, 0x32caab7b40c72493ULL); - RNDr(S, W, 74, 0x3c9ebe0a15c9bebcULL); - RNDr(S, W, 75, 0x431d67c49c100d4cULL); - RNDr(S, W, 76, 0x4cc5d4becb3e42b6ULL); - RNDr(S, W, 77, 0x597f299cfc657e2aULL); - RNDr(S, W, 78, 0x5fcb6fab3ad6faecULL); - RNDr(S, W, 79, 0x6c44198c4a475817ULL); - - /* 4. Mix local working variables into global state */ - for (i = 0; i < 8; i++) - state[i] += S[i]; -} - -static unsigned char PAD[128] = { - 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; - -/* Add padding and terminating bit-count. */ -static void -SHA512_Pad(SHA512_CTX * ctx) -{ - unsigned char len[16]; - uint64_t r, plen; - - /* - * Convert length to a vector of bytes -- we do this now rather - * than later because the length will change after we pad. - */ - be64enc_vect(len, ctx->count, 16); - - /* Add 1--128 bytes so that the resulting length is 112 mod 128 */ - r = (ctx->count[1] >> 3) & 0x7f; - plen = (r < 112) ? (112 - r) : (240 - r); - SHA512_Update(ctx, PAD, (size_t)plen); - - /* Add the terminating bit-count */ - SHA512_Update(ctx, len, 16); -} - -/* SHA-512 initialization. Begins a SHA-512 operation. */ -void -SHA512_Init(SHA512_CTX * ctx) -{ - - /* Zero bits processed so far */ - ctx->count[0] = ctx->count[1] = 0; - - /* Magic initialization constants */ - ctx->state[0] = 0x6a09e667f3bcc908ULL; - ctx->state[1] = 0xbb67ae8584caa73bULL; - ctx->state[2] = 0x3c6ef372fe94f82bULL; - ctx->state[3] = 0xa54ff53a5f1d36f1ULL; - ctx->state[4] = 0x510e527fade682d1ULL; - ctx->state[5] = 0x9b05688c2b3e6c1fULL; - ctx->state[6] = 0x1f83d9abfb41bd6bULL; - ctx->state[7] = 0x5be0cd19137e2179ULL; -} - -/* Add bytes into the hash */ -void -SHA512_Update(SHA512_CTX * ctx, const void *in, size_t len) -{ - uint64_t bitlen[2]; - uint64_t r; - const unsigned char *src = in; - - /* Number of bytes left in the buffer from previous updates */ - r = (ctx->count[1] >> 3) & 0x7f; - - /* Convert the length into a number of bits */ - bitlen[1] = ((uint64_t)len) << 3; - bitlen[0] = ((uint64_t)len) >> 61; - - /* Update number of bits */ - if ((ctx->count[1] += bitlen[1]) < bitlen[1]) - ctx->count[0]++; - ctx->count[0] += bitlen[0]; - - /* Handle the case where we don't need to perform any transforms */ - if (len < 128 - r) { - memcpy(&ctx->buf[r], src, len); - return; - } - - /* Finish the current block */ - memcpy(&ctx->buf[r], src, 128 - r); - SHA512_Transform(ctx->state, ctx->buf); - src += 128 - r; - len -= 128 - r; - - /* Perform complete blocks */ - while (len >= 128) { - SHA512_Transform(ctx->state, src); - src += 128; - len -= 128; - } - - /* Copy left over data into buffer */ - memcpy(ctx->buf, src, len); -} - -/* - * SHA-512 finalization. Pads the input data, exports the hash value, - * and clears the context state. - */ -void -SHA512_Final(unsigned char digest[64], SHA512_CTX * ctx) -{ - - /* Add padding */ - SHA512_Pad(ctx); - - /* Write the hash */ - be64enc_vect(digest, ctx->state, 64); - - /* Clear the context state */ - memset((void *)ctx, 0, sizeof(*ctx)); -} - -#ifdef WEAK_REFS -/* When building libmd, provide weak references. Note: this is not - activated in the context of compiling these sources for internal - use in libcrypt. - */ -#undef SHA512_Init -__weak_reference(_libmd_SHA512_Init, SHA512_Init); -#undef SHA512_Update -__weak_reference(_libmd_SHA512_Update, SHA512_Update); -#undef SHA512_Final -__weak_reference(_libmd_SHA512_Final, SHA512_Final); -#undef SHA512_Transform -__weak_reference(_libmd_SHA512_Transform, SHA512_Transform); -#endif Index: lib/libmd/shadriver.c =================================================================== --- lib/libmd/shadriver.c +++ lib/libmd/shadriver.c @@ -22,6 +22,7 @@ #include "sha.h" #include "sha256.h" +#include "sha384.h" #include "sha512.h" /* The following makes SHA default to SHA-1 if it has not already been @@ -36,6 +37,9 @@ #elif SHA == 256 #undef SHA_Data #define SHA_Data SHA256_Data +#elif SHA == 384 +#undef SHA_Data +#define SHA_Data SHA384_Data #elif SHA == 512 #undef SHA_Data #define SHA_Data SHA512_Data Index: sbin/gbde/Makefile =================================================================== --- sbin/gbde/Makefile +++ sbin/gbde/Makefile @@ -4,7 +4,7 @@ SRCS= gbde.c template.c SRCS+= rijndael-alg-fst.c SRCS+= rijndael-api-fst.c -SRCS+= sha2.c +SRCS+= sha512c.c SRCS+= g_bde_lock.c # rijndael-fst.c does evil casting things which can results in warnings, Index: sbin/gbde/gbde.c =================================================================== --- sbin/gbde/gbde.c +++ sbin/gbde/gbde.c @@ -84,7 +84,7 @@ #include #include #include -#include +#include #include #include Index: sbin/geom/class/eli/Makefile =================================================================== --- sbin/geom/class/eli/Makefile +++ sbin/geom/class/eli/Makefile @@ -6,7 +6,8 @@ SRCS= g_eli_crypto.c SRCS+= g_eli_key.c SRCS+= pkcs5v2.c -SRCS+= sha2.c +SRCS+= sha256c.c +SRCS+= sha512c.c LIBADD= md crypto Index: sbin/md5/Makefile =================================================================== --- sbin/md5/Makefile +++ sbin/md5/Makefile @@ -6,11 +6,13 @@ LINKS= ${BINDIR}/md5 ${BINDIR}/rmd160 \ ${BINDIR}/md5 ${BINDIR}/sha1 \ ${BINDIR}/md5 ${BINDIR}/sha256 \ + ${BINDIR}/md5 ${BINDIR}/sha384 \ ${BINDIR}/md5 ${BINDIR}/sha512 MLINKS= md5.1 rmd160.1 \ md5.1 sha1.1 \ md5.1 sha256.1 \ + md5.1 sha384.1 \ md5.1 sha512.1 LIBADD= md Index: sbin/md5/md5.1 =================================================================== --- sbin/md5/md5.1 +++ sbin/md5/md5.1 @@ -1,9 +1,9 @@ .\" $FreeBSD$ -.Dd May 17, 2014 +.Dd October 17, 2015 .Dt MD5 1 .Os .Sh NAME -.Nm md5 , sha1 , sha256 , sha512, rmd160 +.Nm md5 , sha1 , sha256 , sha384 , sha512, rmd160 .Nd calculate a message-digest fingerprint (checksum) for a file .Sh SYNOPSIS .Nm md5 @@ -21,6 +21,11 @@ .Op Fl c Ar string .Op Fl s Ar string .Op Ar +.Nm sha384 +.Op Fl pqrtx +.Op Fl c Ar string +.Op Fl s Ar string +.Op Ar .Nm sha512 .Op Fl pqrtx .Op Fl c Ar string @@ -33,7 +38,7 @@ .Op Ar .Sh DESCRIPTION The -.Nm md5 , sha1 , sha256 , sha512 +.Nm md5 , sha1 , sha256 , sha384 , sha512 and .Nm rmd160 utilities take as input a message of arbitrary length and produce as @@ -46,7 +51,7 @@ produce two messages having the same message digest, or to produce any message having a given prespecified target message digest. The -.Tn MD5 , SHA-1 , SHA-256 , SHA-512 +.Tn MD5 , SHA-1 , SHA-256 , SHA-384 , SHA-512 and .Tn RIPEMD-160 algorithms are intended for digital signature applications, where a @@ -123,6 +128,7 @@ .Xr ripemd 3 , .Xr sha 3 , .Xr sha256 3 , +.Xr sha384 3 , .Xr sha512 3 .Rs .%A R. Rivest Index: sbin/md5/md5.c =================================================================== --- sbin/md5/md5.c +++ sbin/md5/md5.c @@ -28,6 +28,7 @@ #include #include #include +#include #include #include #include @@ -55,6 +56,7 @@ extern const char *MD5TestOutput[MDTESTCOUNT]; extern const char *SHA1_TestOutput[MDTESTCOUNT]; extern const char *SHA256_TestOutput[MDTESTCOUNT]; +extern const char *SHA384_TestOutput[MDTESTCOUNT]; extern const char *SHA512_TestOutput[MDTESTCOUNT]; extern const char *RIPEMD160_TestOutput[MDTESTCOUNT]; @@ -80,6 +82,7 @@ MD5_CTX md5; SHA1_CTX sha1; SHA256_CTX sha256; + SHA384_CTX sha384; SHA512_CTX sha512; RIPEMD160_CTX ripemd160; } DIGEST_CTX; @@ -101,6 +104,9 @@ { "sha256", "SHA256", &SHA256_TestOutput, (DIGEST_Init*)&SHA256_Init, (DIGEST_Update*)&SHA256_Update, (DIGEST_End*)&SHA256_End, &SHA256_Data, &SHA256_File }, + { "sha384", "SHA384", &SHA384_TestOutput, (DIGEST_Init*)&SHA384_Init, + (DIGEST_Update*)&SHA384_Update, (DIGEST_End*)&SHA384_End, + &SHA384_Data, &SHA384_File }, { "sha512", "SHA512", &SHA512_TestOutput, (DIGEST_Init*)&SHA512_Init, (DIGEST_Update*)&SHA512_Update, (DIGEST_End*)&SHA512_End, &SHA512_Data, &SHA512_File }, @@ -327,6 +333,17 @@ "e6eae09f10ad4122a0e2a4075761d185a272ebd9f5aa489e998ff2f09cbfdd9f" }; +const char *SHA384_TestOutput[MDTESTCOUNT] = { + "38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b", + "54a59b9f22b0b80880d8427e548b7c23abd873486e1f035dce9cd697e85175033caa88e6d57bc35efae0b5afd3145f31", + "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7", + "473ed35167ec1f5d8e550368a3db39be54639f828868e9454c239fc8b52e3c61dbd0d8b4de1390c256dcbb5d5fd99cd5", + "feb67349df3db6f5924815d6c3dc133f091809213731fe5c7b5f4999e463479ff2877f5f2936fa63bb43784b12f3ebb4", + "1761336e3f7cbfe51deb137f026f89e01a448e3b1fafa64039c1464ee8732f11a5341a6f41e0c202294736ed64db1a84", + "b12932b0627d1c060942f5447764155655bd4da0c9afa6dd9b9ef53129af1b8fb0195996d2de9ca0df9d821ffee67026", + "99428d401bf4abcd4ee0695248c9858b7503853acfae21a9cffa7855f46d1395ef38596fcd06d5a8c32d41a839cc5dfb" +}; + const char *SHA512_TestOutput[MDTESTCOUNT] = { "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e", "1f40fc92da241694750979ee6cf582f2d5d7d28e18335de05abc54d0560e0f5302860c652bf08d560252aa5e74210546f369fbbbce8c12cfc7957b2652fe9a75", Index: sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sha256.c =================================================================== --- sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sha256.c +++ sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sha256.c @@ -28,7 +28,7 @@ #include #include #ifdef _KERNEL -#include +#include #else #include #endif Index: sys/conf/files =================================================================== --- sys/conf/files +++ sys/conf/files @@ -556,10 +556,9 @@ crypto/rijndael/rijndael-api.c optional crypto | ipsec | wlan_ccmp crypto/sha1.c optional carp | crypto | ipsec | \ netgraph_mppc_encryption | sctp -crypto/sha2/sha2.c optional crypto | geom_bde | ipsec | random !random_loadable | \ - sctp | zfs crypto/sha2/sha256c.c optional crypto | geom_bde | ipsec | random !random_loadable | \ sctp | zfs +crypto/sha2/sha512c.c optional crypto | geom_bde | ipsec | zfs crypto/siphash/siphash.c optional inet | inet6 crypto/siphash/siphash_test.c optional inet | inet6 ddb/db_access.c optional ddb Index: sys/crypto/sha2/sha2.h =================================================================== --- sys/crypto/sha2/sha2.h +++ /dev/null @@ -1,89 +0,0 @@ -/* $FreeBSD$ */ -/* $KAME: sha2.h,v 1.5 2007/06/14 12:09:41 itojun Exp $ */ - -/* - * sha2.h - * - * Version 1.0.0beta1 - * - * Written by Aaron D. Gifford - * - * Copyright 2000 Aaron D. Gifford. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the copyright holder nor the names of contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTOR(S) ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTOR(S) BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - */ - -#ifndef __SHA2_H__ -#define __SHA2_H__ - -#ifdef __cplusplus -extern "C" { -#endif - - -/*** SHA-256/384/512 Various Length Definitions ***********************/ -#define SHA256_BLOCK_LENGTH 64 -#define SHA256_DIGEST_LENGTH 32 -#define SHA256_DIGEST_STRING_LENGTH (SHA256_DIGEST_LENGTH * 2 + 1) -#define SHA384_BLOCK_LENGTH 128 -#define SHA384_DIGEST_LENGTH 48 -#define SHA384_DIGEST_STRING_LENGTH (SHA384_DIGEST_LENGTH * 2 + 1) -#define SHA512_BLOCK_LENGTH 128 -#define SHA512_DIGEST_LENGTH 64 -#define SHA512_DIGEST_STRING_LENGTH (SHA512_DIGEST_LENGTH * 2 + 1) - - -/*** SHA-384/512 Context Structures *******************************/ -typedef struct _SHA512_CTX { - uint64_t state[8]; - uint64_t bitcount[2]; - uint8_t buffer[SHA512_BLOCK_LENGTH]; -} SHA512_CTX; - -typedef SHA512_CTX SHA384_CTX; - - -/*** SHA-384/512 Function Prototypes ******************************/ - -void SHA384_Init(SHA384_CTX*); -void SHA384_Update(SHA384_CTX*, const u_int8_t*, size_t); -void SHA384_Final(u_int8_t[SHA384_DIGEST_LENGTH], SHA384_CTX*); -char* SHA384_End(SHA384_CTX*, char[SHA384_DIGEST_STRING_LENGTH]); -char* SHA384_Data(const u_int8_t*, size_t, char[SHA384_DIGEST_STRING_LENGTH]); - -void SHA512_Init(SHA512_CTX*); -void SHA512_Update(SHA512_CTX*, const u_int8_t*, size_t); -void SHA512_Final(u_int8_t[SHA512_DIGEST_LENGTH], SHA512_CTX*); -char* SHA512_End(SHA512_CTX*, char[SHA512_DIGEST_STRING_LENGTH]); -char* SHA512_Data(const u_int8_t*, size_t, char[SHA512_DIGEST_STRING_LENGTH]); - -#ifdef __cplusplus -} -#endif /* __cplusplus */ - -#include "sha256.h" - -#endif /* __SHA2_H__ */ Index: sys/crypto/sha2/sha2.c =================================================================== --- sys/crypto/sha2/sha2.c +++ /dev/null @@ -1,708 +0,0 @@ -/* $KAME: sha2.c,v 1.11 2004/06/02 09:52:45 itojun Exp $ */ - -/* - * sha2.c - * - * Version 1.0.0beta1 - * - * Written by Aaron D. Gifford - * - * Copyright 2000 Aaron D. Gifford. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the copyright holder nor the names of contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTOR(S) ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTOR(S) BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - */ - -#include -__FBSDID("$FreeBSD$"); - -#include -#include -#ifdef _KERNEL -#include -#else -#include -#endif -#include -#include - -/* - * ASSERT NOTE: - * Some sanity checking code is included using assert(). On my FreeBSD - * system, this additional code can be removed by compiling with NDEBUG - * defined. Check your own systems manpage on assert() to see how to - * compile WITHOUT the sanity checking code on your system. - * - * UNROLLED TRANSFORM LOOP NOTE: - * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform - * loop version for the hash transform rounds (defined using macros - * later in this file). Either define on the command line, for example: - * - * cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c - * - * or define below: - * - * #define SHA2_UNROLL_TRANSFORM - * - */ - -#if defined(_KERNEL) && defined(__FreeBSD__) -#define assert(x) -#else -#include -#endif - - -/*** SHA-256/384/512 Machine Architecture Definitions *****************/ -/* - * BYTE_ORDER NOTE: - * - * Please make sure that your system defines BYTE_ORDER. If your - * architecture is little-endian, make sure it also defines - * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are - * equivilent. - * - * If your system does not define the above, then you can do so by - * hand like this: - * - * #define LITTLE_ENDIAN 1234 - * #define BIG_ENDIAN 4321 - * - * And for little-endian machines, add: - * - * #define BYTE_ORDER LITTLE_ENDIAN - * - * Or for big-endian machines: - * - * #define BYTE_ORDER BIG_ENDIAN - * - * The FreeBSD machine this was written on defines BYTE_ORDER - * appropriately by including (which in turn includes - * where the appropriate definitions are actually - * made). - */ -#if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN) -#error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN -#endif - -/* - * Define the followingsha2_* types to types of the correct length on - * the native archtecture. Most BSD systems and Linux define u_intXX_t - * types. Machines with very recent ANSI C headers, can use the - * uintXX_t definintions from inttypes.h by defining SHA2_USE_INTTYPES_H - * during compile or in the sha.h header file. - * - * Machines that support neither u_intXX_t nor inttypes.h's uintXX_t - * will need to define these three typedefs below (and the appropriate - * ones in sha.h too) by hand according to their system architecture. - * - * Thank you, Jun-ichiro itojun Hagino, for suggesting using u_intXX_t - * types and pointing out recent ANSI C support for uintXX_t in inttypes.h. - */ -typedef uint8_t sha2_byte; /* Exactly 1 byte */ -typedef uint32_t sha2_word32; /* Exactly 4 bytes */ -typedef uint64_t sha2_word64; /* Exactly 8 bytes */ - - -/*** SHA-256/384/512 Various Length Definitions ***********************/ -/* NOTE: Most of these are in sha2.h */ -#define SHA256_SHORT_BLOCK_LENGTH (SHA256_BLOCK_LENGTH - 8) -#define SHA384_SHORT_BLOCK_LENGTH (SHA384_BLOCK_LENGTH - 16) -#define SHA512_SHORT_BLOCK_LENGTH (SHA512_BLOCK_LENGTH - 16) - - -/*** ENDIAN REVERSAL MACROS *******************************************/ -#if BYTE_ORDER == LITTLE_ENDIAN -#define REVERSE32(w,x) { \ - sha2_word32 tmp = (w); \ - tmp = (tmp >> 16) | (tmp << 16); \ - (x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \ -} -#define REVERSE64(w,x) { \ - sha2_word64 tmp = (w); \ - tmp = (tmp >> 32) | (tmp << 32); \ - tmp = ((tmp & 0xff00ff00ff00ff00ULL) >> 8) | \ - ((tmp & 0x00ff00ff00ff00ffULL) << 8); \ - (x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) | \ - ((tmp & 0x0000ffff0000ffffULL) << 16); \ -} -#endif /* BYTE_ORDER == LITTLE_ENDIAN */ - -/* - * Macro for incrementally adding the unsigned 64-bit integer n to the - * unsigned 128-bit integer (represented using a two-element array of - * 64-bit words): - */ -#define ADDINC128(w,n) { \ - (w)[0] += (sha2_word64)(n); \ - if ((w)[0] < (n)) { \ - (w)[1]++; \ - } \ -} - -/*** THE SIX LOGICAL FUNCTIONS ****************************************/ -/* - * Bit shifting and rotation (used by the six SHA-XYZ logical functions: - * - * NOTE: The naming of R and S appears backwards here (R is a SHIFT and - * S is a ROTATION) because the SHA-256/384/512 description document - * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this - * same "backwards" definition. - */ -/* Shift-right (used in SHA-256, SHA-384, and SHA-512): */ -#define R(b,x) ((x) >> (b)) -/* 64-bit Rotate-right (used in SHA-384 and SHA-512): */ -#define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b)))) - -/* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */ -#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) -#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) - -/* Four of six logical functions used in SHA-384 and SHA-512: */ -#define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x))) -#define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x))) -#define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x))) -#define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x))) - -/*** INTERNAL FUNCTION PROTOTYPES *************************************/ -/* NOTE: These should not be accessed directly from outside this - * library -- they are intended for private internal visibility/use - * only. - */ -static void SHA512_Last(SHA512_CTX*); -static void SHA512_Transform(SHA512_CTX*, const sha2_word64*); - - -/*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/ -/* Hash constant words K for SHA-384 and SHA-512: */ -static const sha2_word64 K512[80] = { - 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, - 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, - 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, - 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, - 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, - 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, - 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, - 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, - 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, - 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, - 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, - 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, - 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, - 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, - 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, - 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, - 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, - 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, - 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, - 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, - 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, - 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, - 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, - 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, - 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, - 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, - 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, - 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, - 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, - 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, - 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, - 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, - 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, - 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, - 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, - 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, - 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, - 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, - 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, - 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL -}; - -/* Initial hash value H for SHA-384 */ -static const sha2_word64 sha384_initial_hash_value[8] = { - 0xcbbb9d5dc1059ed8ULL, - 0x629a292a367cd507ULL, - 0x9159015a3070dd17ULL, - 0x152fecd8f70e5939ULL, - 0x67332667ffc00b31ULL, - 0x8eb44a8768581511ULL, - 0xdb0c2e0d64f98fa7ULL, - 0x47b5481dbefa4fa4ULL -}; - -/* Initial hash value H for SHA-512 */ -static const sha2_word64 sha512_initial_hash_value[8] = { - 0x6a09e667f3bcc908ULL, - 0xbb67ae8584caa73bULL, - 0x3c6ef372fe94f82bULL, - 0xa54ff53a5f1d36f1ULL, - 0x510e527fade682d1ULL, - 0x9b05688c2b3e6c1fULL, - 0x1f83d9abfb41bd6bULL, - 0x5be0cd19137e2179ULL -}; - -/* - * Constant used by SHA256/384/512_End() functions for converting the - * digest to a readable hexadecimal character string: - */ -static const char *sha2_hex_digits = "0123456789abcdef"; - - -/*** SHA-256: *********************************************************/ -char *SHA256_End(SHA256_CTX* context, char buffer[]) { - sha2_byte digest[SHA256_DIGEST_LENGTH], *d = digest; - int i; - - /* Sanity check: */ - assert(context != (SHA256_CTX*)0); - - if (buffer != (char*)0) { - SHA256_Final(digest, context); - - for (i = 0; i < SHA256_DIGEST_LENGTH; i++) { - *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; - *buffer++ = sha2_hex_digits[*d & 0x0f]; - d++; - } - *buffer = (char)0; - } else { - bzero(context, sizeof(*context)); - } - bzero(digest, SHA256_DIGEST_LENGTH); - return buffer; -} - -char* SHA256_Data(const void *data, unsigned int len, char *digest) { - SHA256_CTX context; - - SHA256_Init(&context); - SHA256_Update(&context, data, len); - return SHA256_End(&context, digest); -} - - -/*** SHA-512: *********************************************************/ -void SHA512_Init(SHA512_CTX* context) { - if (context == (SHA512_CTX*)0) { - return; - } - bcopy(sha512_initial_hash_value, context->state, SHA512_DIGEST_LENGTH); - bzero(context->buffer, SHA512_BLOCK_LENGTH); - context->bitcount[0] = context->bitcount[1] = 0; -} - -#ifdef SHA2_UNROLL_TRANSFORM - -/* Unrolled SHA-512 round macros: */ -#if BYTE_ORDER == LITTLE_ENDIAN - -#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \ - REVERSE64(*data++, W512[j]); \ - T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \ - K512[j] + W512[j]; \ - (d) += T1, \ - (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)), \ - j++ - - -#else /* BYTE_ORDER == LITTLE_ENDIAN */ - -#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \ - T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \ - K512[j] + (W512[j] = *data++); \ - (d) += T1; \ - (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \ - j++ - -#endif /* BYTE_ORDER == LITTLE_ENDIAN */ - -#define ROUND512(a,b,c,d,e,f,g,h) \ - s0 = W512[(j+1)&0x0f]; \ - s0 = sigma0_512(s0); \ - s1 = W512[(j+14)&0x0f]; \ - s1 = sigma1_512(s1); \ - T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \ - (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \ - (d) += T1; \ - (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \ - j++ - -static void SHA512_Transform(SHA512_CTX* context, const sha2_word64* data) { - sha2_word64 a, b, c, d, e, f, g, h, s0, s1; - sha2_word64 T1, *W512 = (sha2_word64*)context->buffer; - int j; - - /* Initialize registers with the prev. intermediate value */ - a = context->state[0]; - b = context->state[1]; - c = context->state[2]; - d = context->state[3]; - e = context->state[4]; - f = context->state[5]; - g = context->state[6]; - h = context->state[7]; - - j = 0; - do { - ROUND512_0_TO_15(a,b,c,d,e,f,g,h); - ROUND512_0_TO_15(h,a,b,c,d,e,f,g); - ROUND512_0_TO_15(g,h,a,b,c,d,e,f); - ROUND512_0_TO_15(f,g,h,a,b,c,d,e); - ROUND512_0_TO_15(e,f,g,h,a,b,c,d); - ROUND512_0_TO_15(d,e,f,g,h,a,b,c); - ROUND512_0_TO_15(c,d,e,f,g,h,a,b); - ROUND512_0_TO_15(b,c,d,e,f,g,h,a); - } while (j < 16); - - /* Now for the remaining rounds up to 79: */ - do { - ROUND512(a,b,c,d,e,f,g,h); - ROUND512(h,a,b,c,d,e,f,g); - ROUND512(g,h,a,b,c,d,e,f); - ROUND512(f,g,h,a,b,c,d,e); - ROUND512(e,f,g,h,a,b,c,d); - ROUND512(d,e,f,g,h,a,b,c); - ROUND512(c,d,e,f,g,h,a,b); - ROUND512(b,c,d,e,f,g,h,a); - } while (j < 80); - - /* Compute the current intermediate hash value */ - context->state[0] += a; - context->state[1] += b; - context->state[2] += c; - context->state[3] += d; - context->state[4] += e; - context->state[5] += f; - context->state[6] += g; - context->state[7] += h; - - /* Clean up */ - a = b = c = d = e = f = g = h = T1 = 0; -} - -#else /* SHA2_UNROLL_TRANSFORM */ - -static void SHA512_Transform(SHA512_CTX* context, const sha2_word64* data) { - sha2_word64 a, b, c, d, e, f, g, h, s0, s1; - sha2_word64 T1 = 0, T2 = 0, *W512 = (sha2_word64*)context->buffer; - int j; - - /* Initialize registers with the prev. intermediate value */ - a = context->state[0]; - b = context->state[1]; - c = context->state[2]; - d = context->state[3]; - e = context->state[4]; - f = context->state[5]; - g = context->state[6]; - h = context->state[7]; - - j = 0; - do { -#if BYTE_ORDER == LITTLE_ENDIAN - /* Convert TO host byte order */ - REVERSE64(*data++, W512[j]); - /* Apply the SHA-512 compression function to update a..h */ - T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j]; -#else /* BYTE_ORDER == LITTLE_ENDIAN */ - /* Apply the SHA-512 compression function to update a..h with copy */ - T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++); -#endif /* BYTE_ORDER == LITTLE_ENDIAN */ - T2 = Sigma0_512(a) + Maj(a, b, c); - h = g; - g = f; - f = e; - e = d + T1; - d = c; - c = b; - b = a; - a = T1 + T2; - - j++; - } while (j < 16); - - do { - /* Part of the message block expansion: */ - s0 = W512[(j+1)&0x0f]; - s0 = sigma0_512(s0); - s1 = W512[(j+14)&0x0f]; - s1 = sigma1_512(s1); - - /* Apply the SHA-512 compression function to update a..h */ - T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + - (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); - T2 = Sigma0_512(a) + Maj(a, b, c); - h = g; - g = f; - f = e; - e = d + T1; - d = c; - c = b; - b = a; - a = T1 + T2; - - j++; - } while (j < 80); - - /* Compute the current intermediate hash value */ - context->state[0] += a; - context->state[1] += b; - context->state[2] += c; - context->state[3] += d; - context->state[4] += e; - context->state[5] += f; - context->state[6] += g; - context->state[7] += h; - - /* Clean up */ - a = b = c = d = e = f = g = h = T1 = T2 = 0; -} - -#endif /* SHA2_UNROLL_TRANSFORM */ - -void SHA512_Update(SHA512_CTX* context, const sha2_byte *data, size_t len) { - unsigned int freespace, usedspace; - - if (len == 0) { - /* Calling with no data is valid - we do nothing */ - return; - } - - /* Sanity check: */ - assert(context != (SHA512_CTX*)0 && data != (sha2_byte*)0); - - usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH; - if (usedspace > 0) { - /* Calculate how much free space is available in the buffer */ - freespace = SHA512_BLOCK_LENGTH - usedspace; - - if (len >= freespace) { - /* Fill the buffer completely and process it */ - bcopy(data, &context->buffer[usedspace], freespace); - ADDINC128(context->bitcount, freespace << 3); - len -= freespace; - data += freespace; - SHA512_Transform(context, (sha2_word64*)context->buffer); - } else { - /* The buffer is not yet full */ - bcopy(data, &context->buffer[usedspace], len); - ADDINC128(context->bitcount, len << 3); - /* Clean up: */ - usedspace = freespace = 0; - return; - } - } - while (len >= SHA512_BLOCK_LENGTH) { - /* Process as many complete blocks as we can */ - SHA512_Transform(context, (const sha2_word64*)data); - ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3); - len -= SHA512_BLOCK_LENGTH; - data += SHA512_BLOCK_LENGTH; - } - if (len > 0) { - /* There's left-overs, so save 'em */ - bcopy(data, context->buffer, len); - ADDINC128(context->bitcount, len << 3); - } - /* Clean up: */ - usedspace = freespace = 0; -} - -static void SHA512_Last(SHA512_CTX* context) { - unsigned int usedspace; - - usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH; -#if BYTE_ORDER == LITTLE_ENDIAN - /* Convert FROM host byte order */ - REVERSE64(context->bitcount[0],context->bitcount[0]); - REVERSE64(context->bitcount[1],context->bitcount[1]); -#endif - if (usedspace > 0) { - /* Begin padding with a 1 bit: */ - context->buffer[usedspace++] = 0x80; - - if (usedspace <= SHA512_SHORT_BLOCK_LENGTH) { - /* Set-up for the last transform: */ - bzero(&context->buffer[usedspace], SHA512_SHORT_BLOCK_LENGTH - usedspace); - } else { - if (usedspace < SHA512_BLOCK_LENGTH) { - bzero(&context->buffer[usedspace], SHA512_BLOCK_LENGTH - usedspace); - } - /* Do second-to-last transform: */ - SHA512_Transform(context, (sha2_word64*)context->buffer); - - /* And set-up for the last transform: */ - bzero(context->buffer, SHA512_BLOCK_LENGTH - 2); - } - } else { - /* Prepare for final transform: */ - bzero(context->buffer, SHA512_SHORT_BLOCK_LENGTH); - - /* Begin padding with a 1 bit: */ - *context->buffer = 0x80; - } - /* Store the length of input data (in bits): */ - *(sha2_word64*)&context->buffer[SHA512_SHORT_BLOCK_LENGTH] = context->bitcount[1]; - *(sha2_word64*)&context->buffer[SHA512_SHORT_BLOCK_LENGTH+8] = context->bitcount[0]; - - /* Final transform: */ - SHA512_Transform(context, (sha2_word64*)context->buffer); -} - -void SHA512_Final(sha2_byte digest[], SHA512_CTX* context) { - sha2_word64 *d = (sha2_word64*)digest; - - /* Sanity check: */ - assert(context != (SHA512_CTX*)0); - - /* If no digest buffer is passed, we don't bother doing this: */ - if (digest != (sha2_byte*)0) { - SHA512_Last(context); - - /* Save the hash data for output: */ -#if BYTE_ORDER == LITTLE_ENDIAN - { - /* Convert TO host byte order */ - int j; - for (j = 0; j < 8; j++) { - REVERSE64(context->state[j],context->state[j]); - *d++ = context->state[j]; - } - } -#else - bcopy(context->state, d, SHA512_DIGEST_LENGTH); -#endif - } - - /* Zero out state data */ - bzero(context, sizeof(*context)); -} - -char *SHA512_End(SHA512_CTX* context, char buffer[]) { - sha2_byte digest[SHA512_DIGEST_LENGTH], *d = digest; - int i; - - /* Sanity check: */ - assert(context != (SHA512_CTX*)0); - - if (buffer != (char*)0) { - SHA512_Final(digest, context); - - for (i = 0; i < SHA512_DIGEST_LENGTH; i++) { - *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; - *buffer++ = sha2_hex_digits[*d & 0x0f]; - d++; - } - *buffer = (char)0; - } else { - bzero(context, sizeof(*context)); - } - bzero(digest, SHA512_DIGEST_LENGTH); - return buffer; -} - -char* SHA512_Data(const sha2_byte* data, size_t len, char digest[SHA512_DIGEST_STRING_LENGTH]) { - SHA512_CTX context; - - SHA512_Init(&context); - SHA512_Update(&context, data, len); - return SHA512_End(&context, digest); -} - - -/*** SHA-384: *********************************************************/ -void SHA384_Init(SHA384_CTX* context) { - if (context == (SHA384_CTX*)0) { - return; - } - bcopy(sha384_initial_hash_value, context->state, SHA512_DIGEST_LENGTH); - bzero(context->buffer, SHA384_BLOCK_LENGTH); - context->bitcount[0] = context->bitcount[1] = 0; -} - -void SHA384_Update(SHA384_CTX* context, const sha2_byte* data, size_t len) { - SHA512_Update((SHA512_CTX*)context, data, len); -} - -void SHA384_Final(sha2_byte digest[], SHA384_CTX* context) { - sha2_word64 *d = (sha2_word64*)digest; - - /* Sanity check: */ - assert(context != (SHA384_CTX*)0); - - /* If no digest buffer is passed, we don't bother doing this: */ - if (digest != (sha2_byte*)0) { - SHA512_Last((SHA512_CTX*)context); - - /* Save the hash data for output: */ -#if BYTE_ORDER == LITTLE_ENDIAN - { - /* Convert TO host byte order */ - int j; - for (j = 0; j < 6; j++) { - REVERSE64(context->state[j],context->state[j]); - *d++ = context->state[j]; - } - } -#else - bcopy(context->state, d, SHA384_DIGEST_LENGTH); -#endif - } - - /* Zero out state data */ - bzero(context, sizeof(*context)); -} - -char *SHA384_End(SHA384_CTX* context, char buffer[]) { - sha2_byte digest[SHA384_DIGEST_LENGTH], *d = digest; - int i; - - /* Sanity check: */ - assert(context != (SHA384_CTX*)0); - - if (buffer != (char*)0) { - SHA384_Final(digest, context); - - for (i = 0; i < SHA384_DIGEST_LENGTH; i++) { - *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; - *buffer++ = sha2_hex_digits[*d & 0x0f]; - d++; - } - *buffer = (char)0; - } else { - bzero(context, sizeof(*context)); - } - bzero(digest, SHA384_DIGEST_LENGTH); - return buffer; -} - -char* SHA384_Data(const sha2_byte* data, size_t len, char digest[SHA384_DIGEST_STRING_LENGTH]) { - SHA384_CTX context; - - SHA384_Init(&context); - SHA384_Update(&context, data, len); - return SHA384_End(&context, digest); -} Index: sys/crypto/sha2/sha256.h =================================================================== --- sys/crypto/sha2/sha256.h +++ sys/crypto/sha2/sha256.h @@ -33,10 +33,14 @@ #include #endif +#define SHA256_BLOCK_LENGTH 64 +#define SHA256_DIGEST_LENGTH 32 +#define SHA256_DIGEST_STRING_LENGTH (SHA256_DIGEST_LENGTH * 2 + 1) + typedef struct SHA256Context { uint32_t state[8]; uint64_t count; - uint8_t buf[64]; + uint8_t buf[SHA256_BLOCK_LENGTH]; } SHA256_CTX; __BEGIN_DECLS @@ -74,10 +78,10 @@ void SHA256_Init(SHA256_CTX *); void SHA256_Update(SHA256_CTX *, const void *, size_t); -void SHA256_Final(unsigned char [32], SHA256_CTX *); +void SHA256_Final(unsigned char [SHA256_DIGEST_LENGTH], SHA256_CTX *); +#ifndef _KERNEL char *SHA256_End(SHA256_CTX *, char *); char *SHA256_Data(const void *, unsigned int, char *); -#ifndef _KERNEL char *SHA256_File(const char *, char *); char *SHA256_FileChunk(const char *, char *, off_t, off_t); #endif Index: sys/crypto/sha2/sha384.h =================================================================== --- /dev/null +++ sys/crypto/sha2/sha384.h @@ -0,0 +1,87 @@ +/*- + * Copyright 2005 Colin Percival + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#ifndef _SHA384_H_ +#define _SHA384_H_ + +#ifndef _KERNEL +#include +#endif + +#define SHA384_BLOCK_LENGTH 128 +#define SHA384_DIGEST_LENGTH 48 +#define SHA384_DIGEST_STRING_LENGTH (SHA384_DIGEST_LENGTH * 2 + 1) + +typedef struct SHA384Context { + uint64_t state[8]; + uint64_t count[2]; + uint8_t buf[SHA384_BLOCK_LENGTH]; +} SHA384_CTX; + +__BEGIN_DECLS + +/* Ensure libmd symbols do not clash with libcrypto */ +#ifndef SHA384_Init +#define SHA384_Init _libmd_SHA384_Init +#endif +#ifndef SHA384_Update +#define SHA384_Update _libmd_SHA384_Update +#endif +#ifndef SHA384_Final +#define SHA384_Final _libmd_SHA384_Final +#endif +#ifndef SHA384_End +#define SHA384_End _libmd_SHA384_End +#endif +#ifndef SHA384_File +#define SHA384_File _libmd_SHA384_File +#endif +#ifndef SHA384_FileChunk +#define SHA384_FileChunk _libmd_SHA384_FileChunk +#endif +#ifndef SHA384_Data +#define SHA384_Data _libmd_SHA384_Data +#endif + +#ifndef SHA384_version +#define SHA384_version _libmd_SHA384_version +#endif + +void SHA384_Init(SHA384_CTX *); +void SHA384_Update(SHA384_CTX *, const void *, size_t); +void SHA384_Final(unsigned char [SHA384_DIGEST_LENGTH], SHA384_CTX *); +#ifndef _KERNEL +char *SHA384_End(SHA384_CTX *, char *); +char *SHA384_Data(const void *, unsigned int, char *); +char *SHA384_File(const char *, char *); +char *SHA384_FileChunk(const char *, char *, off_t, off_t); +#endif + +__END_DECLS + +#endif /* !_SHA384_H_ */ Index: sys/crypto/sha2/sha512.h =================================================================== --- sys/crypto/sha2/sha512.h +++ sys/crypto/sha2/sha512.h @@ -29,18 +29,23 @@ #ifndef _SHA512_H_ #define _SHA512_H_ +#ifndef _KERNEL #include +#endif + +#define SHA512_BLOCK_LENGTH 128 +#define SHA512_DIGEST_LENGTH 64 +#define SHA512_DIGEST_STRING_LENGTH (SHA512_DIGEST_LENGTH * 2 + 1) typedef struct SHA512Context { uint64_t state[8]; uint64_t count[2]; - unsigned char buf[128]; + uint8_t buf[SHA512_BLOCK_LENGTH]; } SHA512_CTX; __BEGIN_DECLS /* Ensure libmd symbols do not clash with libcrypto */ - #ifndef SHA512_Init #define SHA512_Init _libmd_SHA512_Init #endif @@ -72,11 +77,14 @@ void SHA512_Init(SHA512_CTX *); void SHA512_Update(SHA512_CTX *, const void *, size_t); -void SHA512_Final(unsigned char [64], SHA512_CTX *); +void SHA512_Final(unsigned char [SHA512_DIGEST_LENGTH], SHA512_CTX *); +#ifndef _KERNEL char *SHA512_End(SHA512_CTX *, char *); +char *SHA512_Data(const void *, unsigned int, char *); char *SHA512_File(const char *, char *); char *SHA512_FileChunk(const char *, char *, off_t, off_t); -char *SHA512_Data(const void *, unsigned int, char *); +#endif + __END_DECLS #endif /* !_SHA512_H_ */ Index: sys/crypto/sha2/sha512c.c =================================================================== --- sys/crypto/sha2/sha512c.c +++ sys/crypto/sha2/sha512c.c @@ -30,9 +30,14 @@ #include #include +#ifdef _KERNEL +#include +#else #include +#endif #include "sha512.h" +#include "sha384.h" #if BYTE_ORDER == BIG_ENDIAN @@ -104,7 +109,7 @@ * the 512-bit input block to produce a new state. */ static void -SHA512_Transform(uint64_t * state, const unsigned char block[128]) +SHA512_Transform(uint64_t * state, const unsigned char block[SHA512_BLOCK_LENGTH]) { uint64_t W[80]; uint64_t S[8]; @@ -112,12 +117,12 @@ int i; /* 1. Prepare message schedule W. */ - be64dec_vect(W, block, 128); + be64dec_vect(W, block, SHA512_BLOCK_LENGTH); for (i = 16; i < 80; i++) W[i] = s1(W[i - 2]) + W[i - 7] + s0(W[i - 15]) + W[i - 16]; /* 2. Initialize working variables. */ - memcpy(S, state, 64); + memcpy(S, state, SHA512_DIGEST_LENGTH); /* 3. Mix. */ RNDr(S, W, 0, 0x428a2f98d728ae22ULL); @@ -206,7 +211,7 @@ state[i] += S[i]; } -static unsigned char PAD[128] = { +static unsigned char PAD[SHA512_BLOCK_LENGTH] = { 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -279,22 +284,22 @@ ctx->count[0] += bitlen[0]; /* Handle the case where we don't need to perform any transforms */ - if (len < 128 - r) { + if (len < SHA512_BLOCK_LENGTH - r) { memcpy(&ctx->buf[r], src, len); return; } /* Finish the current block */ - memcpy(&ctx->buf[r], src, 128 - r); + memcpy(&ctx->buf[r], src, SHA512_BLOCK_LENGTH - r); SHA512_Transform(ctx->state, ctx->buf); - src += 128 - r; - len -= 128 - r; + src += SHA512_BLOCK_LENGTH - r; + len -= SHA512_BLOCK_LENGTH - r; /* Perform complete blocks */ - while (len >= 128) { + while (len >= SHA512_BLOCK_LENGTH) { SHA512_Transform(ctx->state, src); - src += 128; - len -= 128; + src += SHA512_BLOCK_LENGTH; + len -= SHA512_BLOCK_LENGTH; } /* Copy left over data into buffer */ @@ -306,14 +311,64 @@ * and clears the context state. */ void -SHA512_Final(unsigned char digest[64], SHA512_CTX * ctx) +SHA512_Final(unsigned char digest[SHA512_DIGEST_LENGTH], SHA512_CTX * ctx) { /* Add padding */ SHA512_Pad(ctx); /* Write the hash */ - be64enc_vect(digest, ctx->state, 64); + be64enc_vect(digest, ctx->state, SHA512_DIGEST_LENGTH); + + /* Clear the context state */ + memset((void *)ctx, 0, sizeof(*ctx)); +} + +/*** SHA-384: *********************************************************/ +/* + * the SHA384 and SHA512 transforms are identical, so SHA384 is skipped + */ + +/* SHA-384 initialization. Begins a SHA-384 operation. */ +void +SHA384_Init(SHA384_CTX * ctx) +{ + + /* Zero bits processed so far */ + ctx->count[0] = ctx->count[1] = 0; + + /* Magic initialization constants */ + ctx->state[0] = 0xcbbb9d5dc1059ed8ULL; + ctx->state[1] = 0x629a292a367cd507ULL; + ctx->state[2] = 0x9159015a3070dd17ULL; + ctx->state[3] = 0x152fecd8f70e5939ULL; + ctx->state[4] = 0x67332667ffc00b31ULL; + ctx->state[5] = 0x8eb44a8768581511ULL; + ctx->state[6] = 0xdb0c2e0d64f98fa7ULL; + ctx->state[7] = 0x47b5481dbefa4fa4ULL; +} + +/* Add bytes into the SHA-384 hash */ +void +SHA384_Update(SHA384_CTX * ctx, const void *in, size_t len) +{ + + SHA512_Update((SHA512_CTX *)ctx, in, len); +} + +/* + * SHA-384 finalization. Pads the input data, exports the hash value, + * and clears the context state. + */ +void +SHA384_Final(unsigned char digest[SHA384_DIGEST_LENGTH], SHA384_CTX * ctx) +{ + + /* Add padding */ + SHA512_Pad((SHA512_CTX *)ctx); + + /* Write the hash */ + be64enc_vect(digest, ctx->state, SHA384_DIGEST_LENGTH); /* Clear the context state */ memset((void *)ctx, 0, sizeof(*ctx)); @@ -332,4 +387,11 @@ __weak_reference(_libmd_SHA512_Final, SHA512_Final); #undef SHA512_Transform __weak_reference(_libmd_SHA512_Transform, SHA512_Transform); + +#undef SHA384_Init +__weak_reference(_libmd_SHA384_Init, SHA384_Init); +#undef SHA384_Update +__weak_reference(_libmd_SHA384_Update, SHA384_Update); +#undef SHA384_Final +__weak_reference(_libmd_SHA384_Final, SHA384_Final); #endif Index: sys/dev/random/build.sh =================================================================== --- sys/dev/random/build.sh +++ sys/dev/random/build.sh @@ -42,7 +42,6 @@ hash.c \ ../../crypto/rijndael/rijndael-api-fst.c \ ../../crypto/rijndael/rijndael-alg-fst.c \ - ../../crypto/sha2/sha2.c \ ../../crypto/sha2/sha256c.c \ -lz \ -o yunit_test @@ -53,7 +52,6 @@ hash.c \ ../../crypto/rijndael/rijndael-api-fst.c \ ../../crypto/rijndael/rijndael-alg-fst.c \ - ../../crypto/sha2/sha2.c \ ../../crypto/sha2/sha256c.c \ -lz \ -o funit_test Index: sys/dev/random/fortuna.c =================================================================== --- sys/dev/random/fortuna.c +++ sys/dev/random/fortuna.c @@ -50,7 +50,7 @@ #include #include -#include +#include #include #include @@ -68,7 +68,7 @@ #include "unit_test.h" #include -#include +#include #include #include Index: sys/dev/random/hash.c =================================================================== --- sys/dev/random/hash.c +++ sys/dev/random/hash.c @@ -43,7 +43,7 @@ #endif /* _KERNEL */ #include -#include +#include #include Index: sys/dev/random/other_algorithm.c =================================================================== --- sys/dev/random/other_algorithm.c +++ sys/dev/random/other_algorithm.c @@ -55,7 +55,7 @@ #include #include -#include +#include #include #include Index: sys/dev/random/randomdev.c =================================================================== --- sys/dev/random/randomdev.c +++ sys/dev/random/randomdev.c @@ -50,7 +50,7 @@ #include #include -#include +#include #include #include Index: sys/dev/random/unit_test.c =================================================================== --- sys/dev/random/unit_test.c +++ sys/dev/random/unit_test.c @@ -36,7 +36,7 @@ hash.c \ ../../crypto/rijndael/rijndael-api-fst.c \ ../../crypto/rijndael/rijndael-alg-fst.c \ - ../../crypto/sha2/sha2.c \ + ../../crypto/sha2/sha256c.c \ -lz \ -o unit_test ./unit_test Index: sys/dev/random/yarrow.c =================================================================== --- sys/dev/random/yarrow.c +++ sys/dev/random/yarrow.c @@ -41,7 +41,7 @@ #include #include -#include +#include #include #include @@ -60,7 +60,7 @@ #include "unit_test.h" #include -#include +#include #include #include Index: sys/geom/bde/g_bde.c =================================================================== --- sys/geom/bde/g_bde.c +++ sys/geom/bde/g_bde.c @@ -44,7 +44,7 @@ #include #include -#include +#include #include #include #define BDE_CLASS_NAME "BDE" Index: sys/geom/bde/g_bde_crypt.c =================================================================== --- sys/geom/bde/g_bde_crypt.c +++ sys/geom/bde/g_bde_crypt.c @@ -47,7 +47,7 @@ #include #include -#include +#include #include #include Index: sys/geom/bde/g_bde_lock.c =================================================================== --- sys/geom/bde/g_bde_lock.c +++ sys/geom/bde/g_bde_lock.c @@ -58,7 +58,7 @@ #endif #include -#include +#include #include #include Index: sys/geom/bde/g_bde_work.c =================================================================== --- sys/geom/bde/g_bde_work.c +++ sys/geom/bde/g_bde_work.c @@ -71,7 +71,7 @@ #include #include -#include +#include #include #include Index: sys/geom/eli/g_eli.h =================================================================== --- sys/geom/eli/g_eli.h +++ sys/geom/eli/g_eli.h @@ -32,7 +32,8 @@ #include #include #include -#include +#include +#include #include #ifdef _KERNEL #include Index: sys/modules/crypto/Makefile =================================================================== --- sys/modules/crypto/Makefile +++ sys/modules/crypto/Makefile @@ -16,7 +16,7 @@ SRCS += skipjack.c bf_enc.c bf_ecb.c bf_skey.c SRCS += camellia.c camellia-api.c SRCS += des_ecb.c des_enc.c des_setkey.c -SRCS += sha1.c sha2.c sha256c.c +SRCS += sha1.c sha256c.c sha512c.c SRCS += siphash.c SRCS += gmac.c gfmult.c SRCS += opt_param.h cryptodev_if.h bus_if.h device_if.h Index: sys/modules/geom/geom_bde/Makefile =================================================================== --- sys/modules/geom/geom_bde/Makefile +++ sys/modules/geom/geom_bde/Makefile @@ -6,6 +6,6 @@ KMOD= geom_bde SRCS= g_bde.c g_bde_crypt.c g_bde_lock.c g_bde_work.c -SRCS+= rijndael-alg-fst.c rijndael-api-fst.c sha2.c sha256c.c +SRCS+= rijndael-alg-fst.c rijndael-api-fst.c sha256c.c sha512c.c .include Index: sys/modules/zfs/Makefile =================================================================== --- sys/modules/zfs/Makefile +++ sys/modules/zfs/Makefile @@ -68,7 +68,7 @@ SRCS+= zutil.c .PATH: ${SYSDIR}/crypto/sha2 -SRCS+= sha2.c sha256c.c +SRCS+= sha256c.c sha512c.c .PATH: ${SUNW}/common/zfs .include "${SUNW}/uts/common/Makefile.files" Index: sys/netinet/sctp_os_bsd.h =================================================================== --- sys/netinet/sctp_os_bsd.h +++ sys/netinet/sctp_os_bsd.h @@ -104,7 +104,7 @@ #include #include -#include +#include #ifndef in6pcb #define in6pcb inpcb Index: sys/opencrypto/xform.h =================================================================== --- sys/opencrypto/xform.h +++ sys/opencrypto/xform.h @@ -33,7 +33,9 @@ #include #include -#include +#include +#include +#include #include #include