Index: head/lib/libcrypt/Makefile =================================================================== --- head/lib/libcrypt/Makefile (revision 300902) +++ head/lib/libcrypt/Makefile (revision 300903) @@ -1,48 +1,50 @@ # # $FreeBSD$ # PACKAGE=lib${LIB} SHLIBDIR?= /lib .include SHLIB_MAJOR= 5 LIB= crypt .PATH: ${.CURDIR}/../libmd ${.CURDIR}/../../sys/crypto/sha2 SRCS= crypt.c misc.c \ crypt-md5.c md5c.c \ crypt-nthash.c md4c.c \ crypt-sha256.c sha256c.c \ crypt-sha512.c sha512c.c MAN= crypt.3 MLINKS= crypt.3 crypt_get_format.3 crypt.3 crypt_set_format.3 CFLAGS+= -I${.CURDIR}/../libmd -I${.CURDIR}/../libutil \ -I${.CURDIR}/../../sys/crypto/sha2 # Pull in the strong crypto, if it is present. .if exists(${.CURDIR}/../../secure/lib/libcrypt) && ${MK_CRYPT} != "no" .PATH: ${.CURDIR}/../../secure/lib/libcrypt SRCS+= crypt-des.c crypt-blowfish.c blowfish.c CFLAGS+= -I${.CURDIR} -DHAS_DES -DHAS_BLOWFISH .endif .for sym in MD4Init MD4Final MD4Update MD4Pad \ MD5Init MD5Final MD5Update MD5Pad \ SHA256_Init SHA256_Final SHA256_Update \ + SHA512_224_Init SHA512_224_Final SHA512_224_Update \ + SHA512_256_Init SHA512_256_Final SHA512_256_Update \ SHA384_Init SHA384_Final SHA384_Update \ SHA512_Init SHA512_Final SHA512_Update CFLAGS+= -D${sym}=__${sym} .endfor WARNS?= 2 PRECIOUSLIB= .if ${MK_TESTS} != "no" SUBDIR+= tests .endif .include .include Index: head/lib/libmd/Makefile =================================================================== --- head/lib/libmd/Makefile (revision 300902) +++ head/lib/libmd/Makefile (revision 300903) @@ -1,259 +1,288 @@ # $FreeBSD$ PACKAGE=lib${LIB} LIB= md SHLIB_MAJOR= 6 SHLIBDIR?= /lib SRCS= md4c.c md5c.c md4hl.c md5hl.c \ rmd160c.c rmd160hl.c \ sha0c.c sha0hl.c sha1c.c sha1hl.c \ sha256c.c sha256hl.c \ sha384hl.c \ - sha512c.c sha512hl.c -INCS= md4.h md5.h ripemd.h sha.h sha256.h sha384.h sha512.h + sha512c.c sha512hl.c sha512thl.c +INCS= md4.h md5.h ripemd.h sha.h sha256.h sha384.h sha512.h sha512t.h WARNS?= 0 MAN+= md4.3 md5.3 ripemd.3 sha.3 sha256.3 sha512.3 MLINKS+=md4.3 MD4Init.3 md4.3 MD4Update.3 md4.3 MD4Final.3 MLINKS+=md4.3 MD4End.3 md4.3 MD4File.3 md4.3 MD4FileChunk.3 MLINKS+=md4.3 MD4Data.3 MLINKS+=md5.3 MD5Init.3 md5.3 MD5Update.3 md5.3 MD5Final.3 MLINKS+=md5.3 MD5End.3 md5.3 MD5File.3 md5.3 MD5FileChunk.3 MLINKS+=md5.3 MD5Data.3 MLINKS+=ripemd.3 RIPEMD160_Init.3 ripemd.3 RIPEMD160_Update.3 MLINKS+=ripemd.3 RIPEMD160_Final.3 ripemd.3 RIPEMD160_Data.3 MLINKS+=ripemd.3 RIPEMD160_End.3 ripemd.3 RIPEMD160_File.3 MLINKS+=ripemd.3 RIPEMD160_FileChunk.3 MLINKS+=sha.3 SHA_Init.3 sha.3 SHA_Update.3 sha.3 SHA_Final.3 MLINKS+=sha.3 SHA_End.3 sha.3 SHA_File.3 sha.3 SHA_FileChunk.3 MLINKS+=sha.3 SHA_Data.3 MLINKS+=sha.3 SHA1_Init.3 sha.3 SHA1_Update.3 sha.3 SHA1_Final.3 MLINKS+=sha.3 SHA1_End.3 sha.3 SHA1_File.3 sha.3 SHA1_FileChunk.3 MLINKS+=sha.3 SHA1_Data.3 MLINKS+=sha256.3 SHA256_Init.3 sha256.3 SHA256_Update.3 MLINKS+=sha256.3 SHA256_Final.3 sha256.3 SHA256_End.3 MLINKS+=sha256.3 SHA256_File.3 sha256.3 SHA256_FileChunk.3 MLINKS+=sha256.3 SHA256_Data.3 MLINKS+=sha512.3 SHA384_Init.3 sha512.3 SHA384_Update.3 MLINKS+=sha512.3 SHA384_Final.3 sha512.3 SHA384_End.3 MLINKS+=sha512.3 SHA384_File.3 sha512.3 SHA384_FileChunk.3 MLINKS+=sha512.3 SHA384_Data.3 sha512.3 sha384.3 MLINKS+=sha512.3 SHA512_Init.3 sha512.3 SHA512_Update.3 MLINKS+=sha512.3 SHA512_Final.3 sha512.3 SHA512_End.3 MLINKS+=sha512.3 SHA512_File.3 sha512.3 SHA512_FileChunk.3 MLINKS+=sha512.3 SHA512_Data.3 +MLINKS+=sha512.3 SHA512_256_Init.3 sha512.3 SHA512_256_Update.3 +MLINKS+=sha512.3 SHA512_256_Final.3 sha512.3 SHA512_256_End.3 +MLINKS+=sha512.3 SHA512_256_File.3 sha512.3 SHA512_256_FileChunk.3 +MLINKS+=sha512.3 SHA512_256_Data.3 CLEANFILES+= md[245]hl.c md[245].ref md[245].3 mddriver \ rmd160.ref rmd160hl.c rmddriver \ sha0.ref sha0hl.c sha1.ref sha1hl.c shadriver \ sha256.ref sha256hl.c sha384hl.c sha384.ref \ - sha512.ref sha512hl.c + sha512.ref sha512hl.c sha512t256.ref sha512thl.c # Define WEAK_REFS to provide weak aliases for libmd symbols # # Note that the same sources are also used internally by libcrypt, # in which case: # * macros are used to rename symbols to libcrypt internal names # * no weak aliases are generated CFLAGS+= -I${.CURDIR} -I${.CURDIR}/../../sys/crypto/sha2 CFLAGS+= -DWEAK_REFS .PATH: ${.CURDIR}/${MACHINE_ARCH} ${.CURDIR}/../../sys/crypto/sha2 .if exists(${MACHINE_ARCH}/sha.S) SRCS+= sha.S CFLAGS+= -DSHA1_ASM .endif .if exists(${MACHINE_ARCH}/rmd160.S) SRCS+= rmd160.S CFLAGS+= -DRMD160_ASM .endif .if exists(${MACHINE_ARCH}/sha.S) || exists(${MACHINE_ARCH}/rmd160.S) ACFLAGS+= -DELF -Wa,--noexecstack .endif md4hl.c: mdXhl.c (echo '#define LENGTH 16'; \ sed -e 's/mdX/md4/g' -e 's/MDX/MD4/g' ${.ALLSRC}) > ${.TARGET} md5hl.c: mdXhl.c (echo '#define LENGTH 16'; \ sed -e 's/mdX/md5/g' -e 's/MDX/MD5/g' ${.ALLSRC}) > ${.TARGET} sha0hl.c: mdXhl.c (echo '#define LENGTH 20'; \ sed -e 's/mdX/sha/g' -e 's/MDX/SHA_/g' -e 's/SHA__/SHA_/g' \ ${.ALLSRC}) > ${.TARGET} sha1hl.c: mdXhl.c (echo '#define LENGTH 20'; \ sed -e 's/mdX/sha/g' -e 's/MDX/SHA1_/g' -e 's/SHA1__/SHA1_/g' \ ${.ALLSRC}) > ${.TARGET} sha256hl.c: mdXhl.c (echo '#define LENGTH 32'; \ sed -e 's/mdX/sha256/g' -e 's/MDX/SHA256_/g' \ -e 's/SHA256__/SHA256_/g' \ ${.ALLSRC}) > ${.TARGET} sha384hl.c: mdXhl.c (echo '#define LENGTH 48'; \ sed -e 's/mdX/sha384/g' -e 's/MDX/SHA384_/g' \ -e 's/SHA384__/SHA384_/g' \ ${.ALLSRC}) > ${.TARGET} sha512hl.c: mdXhl.c (echo '#define LENGTH 64'; \ sed -e 's/mdX/sha512/g' -e 's/MDX/SHA512_/g' \ -e 's/SHA512__/SHA512_/g' \ ${.ALLSRC}) > ${.TARGET} +sha512thl.c: mdXhl.c + (echo '#define LENGTH 32'; \ + sed -e 's/mdX/sha512t/g' -e 's/MDX/SHA512_256_/g' \ + -e 's/SHA512_256__/SHA512_256_/g' \ + -e 's/SHA512_256_CTX/SHA512_CTX/g' \ + ${.ALLSRC}) > ${.TARGET} + rmd160hl.c: mdXhl.c (echo '#define LENGTH 20'; \ sed -e 's/mdX/ripemd/g' -e 's/MDX/RIPEMD160_/g' \ -e 's/RIPEMD160__/RIPEMD160_/g' \ ${.ALLSRC}) > ${.TARGET} .for i in 2 4 5 md${i}.3: ${.CURDIR}/mdX.3 sed -e "s/mdX/md${i}/g" -e "s/MDX/MD${i}/g" ${.ALLSRC} > ${.TARGET} cat ${.CURDIR}/md${i}.copyright >> ${.TARGET} .endfor md4.ref: echo 'MD4 test suite:' > ${.TARGET} @echo 'MD4 ("") = 31d6cfe0d16ae931b73c59d7e0c089c0' >> ${.TARGET} @echo 'MD4 ("a") = bde52cb31de33e46245e05fbdbd6fb24' >> ${.TARGET} @echo 'MD4 ("abc") = a448017aaf21d8525fc10ae87aa6729d' >> ${.TARGET} @echo 'MD4 ("message digest") = d9130a8164549fe818874806e1c7014b' >> ${.TARGET} @echo 'MD4 ("abcdefghijklmnopqrstuvwxyz") = d79e1c308aa5bbcdeea8ed63df412da9' >> ${.TARGET} @echo 'MD4 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ '043f8582f241db351ce627e153e7f0e4' >> ${.TARGET} @echo 'MD4 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ 'e33b4ddc9c38f2199c3e7b164fcc0536' >> ${.TARGET} md5.ref: echo 'MD5 test suite:' > ${.TARGET} @echo 'MD5 ("") = d41d8cd98f00b204e9800998ecf8427e' >> ${.TARGET} @echo 'MD5 ("a") = 0cc175b9c0f1b6a831c399e269772661' >> ${.TARGET} @echo 'MD5 ("abc") = 900150983cd24fb0d6963f7d28e17f72' >> ${.TARGET} @echo 'MD5 ("message digest") = f96b697d7cb7938d525a2f31aaf161d0' >> ${.TARGET} @echo 'MD5 ("abcdefghijklmnopqrstuvwxyz") = c3fcd3d76192e4007dfb496cca67e13b' >> ${.TARGET} @echo 'MD5 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") = d174ab98d277d9f5a5611c2c9f419d9f' >> ${.TARGET} @echo 'MD5 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") = 57edf4a22be3c955ac49da2e2107b67a' >> ${.TARGET} sha0.ref: echo 'SHA-0 test suite:' > ${.TARGET} @echo 'SHA-0 ("") = f96cea198ad1dd5617ac084a3d92c6107708c0ef' >> ${.TARGET} @echo 'SHA-0 ("abc") = 0164b8a914cd2a5e74c4f7ff082c4d97f1edf880' >> ${.TARGET} @echo 'SHA-0 ("message digest") =' \ 'c1b0f222d150ebb9aa36a40cafdc8bcbed830b14' >> ${.TARGET} @echo 'SHA-0 ("abcdefghijklmnopqrstuvwxyz") =' \ 'b40ce07a430cfd3c033039b9fe9afec95dc1bdcd' >> ${.TARGET} @echo 'SHA-0 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ '79e966f7a3a990df33e40e3d7f8f18d2caebadfa' >> ${.TARGET} @echo 'SHA-0 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ '4aa29d14d171522ece47bee8957e35a41f3e9cff' >> ${.TARGET} sha1.ref: echo 'SHA-1 test suite:' > ${.TARGET} @echo 'SHA-1 ("") = da39a3ee5e6b4b0d3255bfef95601890afd80709' >> ${.TARGET} @echo 'SHA-1 ("abc") = a9993e364706816aba3e25717850c26c9cd0d89d' >> ${.TARGET} @echo 'SHA-1 ("message digest") =' \ 'c12252ceda8be8994d5fa0290a47231c1d16aae3' >> ${.TARGET} @echo 'SHA-1 ("abcdefghijklmnopqrstuvwxyz") =' \ '32d10c7b8cf96570ca04ce37f2a19d84240d3a89' >> ${.TARGET} @echo 'SHA-1 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ '761c457bf73b14d27e9e9265c46f4b4dda11f940' >> ${.TARGET} @echo 'SHA-1 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ '50abf5706a150990a08b2c5ea40fa0e585554732' >> ${.TARGET} sha256.ref: echo 'SHA-256 test suite:' > ${.TARGET} @echo 'SHA-256 ("") = e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855' >> ${.TARGET} @echo 'SHA-256 ("abc") =' \ 'ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad' >> ${.TARGET} @echo 'SHA-256 ("message digest") =' \ 'f7846f55cf23e14eebeab5b4e1550cad5b509e3348fbc4efa3a1413d393cb650' >> ${.TARGET} @echo 'SHA-256 ("abcdefghijklmnopqrstuvwxyz") =' \ '71c480df93d6ae2f1efad1447c66c9525e316218cf51fc8d9ed832f2daf18b73' >> ${.TARGET} @echo 'SHA-256 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ 'db4bfcbd4da0cd85a60c3c37d3fbd8805c77f15fc6b1fdfe614ee0a7c8fdb4c0' >> ${.TARGET} @echo 'SHA-256 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ 'f371bc4a311f2b009eef952dd83ca80e2b60026c8e935592d0f9c308453c813e' >> ${.TARGET} sha384.ref: echo 'SHA-384 test suite:' > ${.TARGET} @echo 'SHA-384 ("") =' \ '38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b' >> ${.TARGET} @echo 'SHA-384 ("abc") =' \ 'cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7' >> ${.TARGET} @echo 'SHA-384 ("message digest") =' \ '473ed35167ec1f5d8e550368a3db39be54639f828868e9454c239fc8b52e3c61dbd0d8b4de1390c256dcbb5d5fd99cd5' >> ${.TARGET} @echo 'SHA-384 ("abcdefghijklmnopqrstuvwxyz") =' \ 'feb67349df3db6f5924815d6c3dc133f091809213731fe5c7b5f4999e463479ff2877f5f2936fa63bb43784b12f3ebb4' >> ${.TARGET} @echo 'SHA-384 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ '1761336e3f7cbfe51deb137f026f89e01a448e3b1fafa64039c1464ee8732f11a5341a6f41e0c202294736ed64db1a84' >> ${.TARGET} @echo 'SHA-384 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ 'b12932b0627d1c060942f5447764155655bd4da0c9afa6dd9b9ef53129af1b8fb0195996d2de9ca0df9d821ffee67026' >> ${.TARGET} sha512.ref: echo 'SHA-512 test suite:' > ${.TARGET} @echo 'SHA-512 ("") =' \ 'cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e' >> ${.TARGET} @echo 'SHA-512 ("abc") =' \ 'ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f' >> ${.TARGET} @echo 'SHA-512 ("message digest") =' \ '107dbf389d9e9f71a3a95f6c055b9251bc5268c2be16d6c13492ea45b0199f3309e16455ab1e96118e8a905d5597b72038ddb372a89826046de66687bb420e7c' >> ${.TARGET} @echo 'SHA-512 ("abcdefghijklmnopqrstuvwxyz") =' \ '4dbff86cc2ca1bae1e16468a05cb9881c97f1753bce3619034898faa1aabe429955a1bf8ec483d7421fe3c1646613a59ed5441fb0f321389f77f48a879c7b1f1' >> ${.TARGET} @echo 'SHA-512 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ '1e07be23c26a86ea37ea810c8ec7809352515a970e9253c26f536cfc7a9996c45c8370583e0a78fa4a90041d71a4ceab7423f19c71b9d5a3e01249f0bebd5894' >> ${.TARGET} @echo 'SHA-512 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ '72ec1ef1124a45b047e8b7c75a932195135bb61de24ec0d1914042246e0aec3a2354e093d76f3048b456764346900cb130d2a4fd5dd16abb5e30bcb850dee843' >> ${.TARGET} +sha512t256.ref: + echo 'SHA-512256 test suite:' > ${.TARGET} + @echo 'SHA-512256 ("") =' \ + 'c672b8d1ef56ed28ab87c3622c5114069bdd3ad7b8f9737498d0c01ecef0967a' >> ${.TARGET} + @echo 'SHA-512256 ("abc") =' \ + '53048e2681941ef99b2e29b76b4c7dabe4c2d0c634fc6d46e0e2f13107e7af23' >> ${.TARGET} + @echo 'SHA-512256 ("message digest") =' \ + '0cf471fd17ed69d990daf3433c89b16d63dec1bb9cb42a6094604ee5d7b4e9fb' >> ${.TARGET} + @echo 'SHA-512256 ("abcdefghijklmnopqrstuvwxyz") =' \ + 'fc3189443f9c268f626aea08a756abe7b726b05f701cb08222312ccfd6710a26' >> ${.TARGET} + @echo 'SHA-512256 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ + 'cdf1cc0effe26ecc0c13758f7b4a48e000615df241284185c39eb05d355bb9c8' >> ${.TARGET} + @echo 'SHA-512256 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ + '2c9fdbc0c90bdd87612ee8455474f9044850241dc105b1e8b94b8ddf5fac9148' >> ${.TARGET} + rmd160.ref: echo 'RIPEMD160 test suite:' > ${.TARGET} @echo 'RIPEMD160 ("") = 9c1185a5c5e9fc54612808977ee8f548b2258d31' >> ${.TARGET} @echo 'RIPEMD160 ("abc") = 8eb208f7e05d987a9b044a8e98c6b087f15a0bfc' >> ${.TARGET} @echo 'RIPEMD160 ("message digest") =' \ '5d0689ef49d2fae572b881b123a85ffa21595f36' >> ${.TARGET} @echo 'RIPEMD160 ("abcdefghijklmnopqrstuvwxyz") =' \ 'f71c27109c692c1b56bbdceb5b9d2865b3708dbc' >> ${.TARGET} @echo 'RIPEMD160 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ 'b0e20b6e3116640286ed3a87a5713079b21f5189' >> ${.TARGET} @echo 'RIPEMD160 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ '9b752e45573d4b39f4dbd3323cab82bf63326bfb' >> ${.TARGET} test: md4.ref md5.ref sha0.ref rmd160.ref sha1.ref sha256.ref sha384.ref \ - sha512.ref + sha512.ref sha512t256.ref @${ECHO} if any of these test fail, the code produces wrong results @${ECHO} and should NOT be used. ${CC} ${CFLAGS} ${LDFLAGS} -DMD=4 -o mddriver ${.CURDIR}/mddriver.c libmd.a ./mddriver | cmp md4.ref - @${ECHO} MD4 passed test ${CC} ${CFLAGS} ${LDFLAGS} -DMD=5 -o mddriver ${.CURDIR}/mddriver.c libmd.a ./mddriver | cmp md5.ref - @${ECHO} MD5 passed test -rm -f mddriver ${CC} ${CFLAGS} ${LDFLAGS} -o rmddriver ${.CURDIR}/rmddriver.c libmd.a ./rmddriver | cmp rmd160.ref - @${ECHO} RIPEMD160 passed test -rm -f rmddriver ${CC} ${CFLAGS} ${LDFLAGS} -DSHA=0 -o shadriver ${.CURDIR}/shadriver.c libmd.a ./shadriver | cmp sha0.ref - @${ECHO} SHA-0 passed test ${CC} ${CFLAGS} ${LDFLAGS} -DSHA=1 -o shadriver ${.CURDIR}/shadriver.c libmd.a ./shadriver | cmp sha1.ref - @${ECHO} SHA-1 passed test ${CC} ${CFLAGS} ${LDFLAGS} -DSHA=256 -o shadriver ${.CURDIR}/shadriver.c libmd.a ./shadriver | cmp sha256.ref - @${ECHO} SHA-256 passed test ${CC} ${CFLAGS} ${LDFLAGS} -DSHA=384 -o shadriver ${.CURDIR}/shadriver.c libmd.a ./shadriver | cmp sha384.ref - @${ECHO} SHA-384 passed test ${CC} ${CFLAGS} ${LDFLAGS} -DSHA=512 -o shadriver ${.CURDIR}/shadriver.c libmd.a ./shadriver | cmp sha512.ref - @${ECHO} SHA-512 passed test + ${CC} ${CFLAGS} ${LDFLAGS} -DSHA=512256 -o shadriver ${.CURDIR}/shadriver.c libmd.a + ./shadriver | cmp sha512t256.ref - + @${ECHO} SHA-512t256 passed test -rm -f shadriver .include Index: head/lib/libmd/sha512.3 =================================================================== --- head/lib/libmd/sha512.3 (revision 300902) +++ head/lib/libmd/sha512.3 (revision 300903) @@ -1,174 +1,207 @@ .\" .\" ---------------------------------------------------------------------------- .\" "THE BEER-WARE LICENSE" (Revision 42): .\" wrote this file. As long as you retain this notice you .\" can do whatever you want with this stuff. If we meet some day, and you think .\" this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp .\" ---------------------------------------------------------------------------- .\" .\" From: Id: mdX.3,v 1.14 1999/02/11 20:31:49 wollman Exp .\" $FreeBSD$ .\" -.Dd October 17, 2015 +.Dd April 22, 2016 .Dt SHA512 3 .Os .Sh NAME .Nm SHA512_Init , .Nm SHA512_Update , .Nm SHA512_Final , .Nm SHA512_End , .Nm SHA512_File , .Nm SHA512_FileChunk , .Nm SHA512_Data , .Nm SHA384_Init , .Nm SHA384_Update , .Nm SHA384_Final , .Nm SHA384_End , .Nm SHA384_File , .Nm SHA384_FileChunk , -.Nm SHA384_Data +.Nm SHA384_Data, +.Nm SHA512_256_Init , +.Nm SHA512_256_Update , +.Nm SHA512_256_Final , +.Nm SHA512_256_End , +.Nm SHA512_256_File , +.Nm SHA512_256_FileChunk , +.Nm SHA512_256_Data .Nd calculate the FIPS 180-4 ``SHA-512'' family of message digests .Sh LIBRARY .Lb libmd .Sh SYNOPSIS .In sys/types.h .In sha512.h .Ft void .Fn SHA512_Init "SHA512_CTX *context" .Ft void .Fn SHA512_Update "SHA512_CTX *context" "const unsigned char *data" "size_t len" .Ft void .Fn SHA512_Final "unsigned char digest[64]" "SHA512_CTX *context" .Ft "char *" .Fn SHA512_End "SHA512_CTX *context" "char *buf" .Ft "char *" .Fn SHA512_File "const char *filename" "char *buf" .Ft "char *" .Fn SHA512_FileChunk "const char *filename" "char *buf" "off_t offset" "off_t length" .Ft "char *" .Fn SHA512_Data "const unsigned char *data" "unsigned int len" "char *buf" +.In sha384.h .Ft void .Fn SHA384_Init "SHA384_CTX *context" .Ft void .Fn SHA384_Update "SHA384_CTX *context" "const unsigned char *data" "size_t len" .Ft void .Fn SHA384_Final "unsigned char digest[48]" "SHA384_CTX *context" .Ft "char *" .Fn SHA384_End "SHA384_CTX *context" "char *buf" .Ft "char *" .Fn SHA384_File "const char *filename" "char *buf" .Ft "char *" .Fn SHA384_FileChunk "const char *filename" "char *buf" "off_t offset" "off_t length" .Ft "char *" .Fn SHA384_Data "const unsigned char *data" "unsigned int len" "char *buf" +.In sha512t.h +.Ft void +.Fn SHA512_256_Init "SHA512_CTX *context" +.Ft void +.Fn SHA512_256_Update "SHA512_CTX *context" "const unsigned char *data" "size_t len" +.Ft void +.Fn SHA512_256_Final "unsigned char digest[32]" "SHA512_CTX *context" +.Ft "char *" +.Fn SHA512_256_End "SHA512_CTX *context" "char *buf" +.Ft "char *" +.Fn SHA512_256_File "const char *filename" "char *buf" +.Ft "char *" +.Fn SHA512_256_FileChunk "const char *filename" "char *buf" "off_t offset" "off_t length" +.Ft "char *" +.Fn SHA512_256_Data "const unsigned char *data" "unsigned int len" "char *buf" .Sh DESCRIPTION The .Li SHA512_ functions calculate a 512-bit cryptographic checksum (digest) for any number of input bytes. A cryptographic checksum is a one-way hash function; that is, it is computationally impractical to find the input corresponding to a particular output. This net result is a .Dq fingerprint of the input-data, which does not disclose the actual input. .Pp The .Fn SHA512_Init , .Fn SHA512_Update , and .Fn SHA512_Final functions are the core functions. Allocate an .Vt SHA512_CTX , initialize it with .Fn SHA512_Init , run over the data with .Fn SHA512_Update , and finally extract the result using .Fn SHA512_Final . .Pp .Fn SHA512_End is a wrapper for .Fn SHA512_Final -which converts the return value to a 65-character +which converts the return value to a 129-character (including the terminating '\e0') .Tn ASCII string which represents the 512 bits in hexadecimal. .Pp .Fn SHA512_File calculates the digest of a file, and uses .Fn SHA512_End to return the result. If the file cannot be opened, a null pointer is returned. .Fn SHA512_FileChunk is similar to .Fn SHA512_File , but it only calculates the digest over a byte-range of the file specified, starting at .Fa offset and spanning .Fa length bytes. If the .Fa length parameter is specified as 0, or more than the length of the remaining part of the file, .Fn SHA512_FileChunk calculates the digest from .Fa offset to the end of file. .Fn SHA512_Data calculates the digest of a chunk of data in memory, and uses .Fn SHA512_End to return the result. .Pp When using .Fn SHA512_End , .Fn SHA512_File , or .Fn SHA512_Data , the .Fa buf argument can be a null pointer, in which case the returned string is allocated with .Xr malloc 3 and subsequently must be explicitly deallocated using .Xr free 3 after use. If the .Fa buf -argument is non-null it must point to at least 65 characters of buffer space. +argument is non-null it must point to at least 129 characters of buffer space. .Pp The .Li SHA384_ +and +.Li SHA512_256_ functions are identical to the .Li SHA512_ functions except they use a different initial hash value and the output is -truncated to 384 bits. +truncated to 384 bits and 256 bits respectively. .Pp .Fn SHA384_End is a wrapper for .Fn SHA384_Final -which converts the return value to a 49-character +which converts the return value to a 97-character (including the terminating '\e0') .Tn ASCII string which represents the 384 bits in hexadecimal. +.Pp +.Fn SHA512_256_End +is a wrapper for +.Fn SHA512_Final +which converts the return value to a 65-character +(including the terminating '\e0') +.Tn ASCII +string which represents the 256 bits in hexadecimal. .Sh SEE ALSO .Xr md4 3 , .Xr md5 3 , .Xr ripemd 3 , .Xr sha 3 .Sh HISTORY These functions appeared in .Fx 9.0 . .Sh AUTHORS The core hash routines were implemented by Colin Percival based on the published .Tn FIPS 180-2 standard. .Sh BUGS No method is known to exist which finds two files having the same hash value, nor to find a file with a specific hash value. There is on the other hand no guarantee that such a method does not exist. Index: head/lib/libmd/shadriver.c =================================================================== --- head/lib/libmd/shadriver.c (revision 300902) +++ head/lib/libmd/shadriver.c (revision 300903) @@ -1,74 +1,78 @@ /* SHADRIVER.C - test driver for SHA-1 (and SHA-2) */ /* Copyright (C) 1990-2, RSA Data Security, Inc. Created 1990. All rights * reserved. * * RSA Data Security, Inc. makes no representations concerning either the * merchantability of this software or the suitability of this software for * any particular purpose. It is provided "as is" without express or implied * warranty of any kind. * * These notices must be retained in any copies of any part of this * documentation and/or software. */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include "sha.h" #include "sha256.h" #include "sha384.h" #include "sha512.h" +#include "sha512t.h" /* The following makes SHA default to SHA-1 if it has not already been * defined with C compiler flags. */ #ifndef SHA #define SHA 1 #endif #if SHA == 1 #undef SHA_Data #define SHA_Data SHA1_Data #elif SHA == 256 #undef SHA_Data #define SHA_Data SHA256_Data #elif SHA == 384 #undef SHA_Data #define SHA_Data SHA384_Data #elif SHA == 512 #undef SHA_Data #define SHA_Data SHA512_Data +#elif SHA == 512256 +#undef SHA_Data +#define SHA_Data SHA512_256_Data #endif /* Digests a string and prints the result. */ static void SHAString(char *string) { char buf[2*64 + 1]; printf("SHA-%d (\"%s\") = %s\n", SHA, string, SHA_Data(string, strlen(string), buf)); } /* Digests a reference suite of strings and prints the results. */ int main(void) { printf("SHA-%d test suite:\n", SHA); SHAString(""); SHAString("abc"); SHAString("message digest"); SHAString("abcdefghijklmnopqrstuvwxyz"); SHAString("ABCDEFGHIJKLMNOPQRSTUVWXYZ" "abcdefghijklmnopqrstuvwxyz0123456789"); SHAString("1234567890123456789012345678901234567890" "1234567890123456789012345678901234567890"); return 0; } Index: head/sbin/md5/Makefile =================================================================== --- head/sbin/md5/Makefile (revision 300902) +++ head/sbin/md5/Makefile (revision 300903) @@ -1,21 +1,23 @@ # @(#)Makefile 8.1 (Berkeley) 6/9/93 # $FreeBSD$ PACKAGE=runtime PROG= md5 LINKS= ${BINDIR}/md5 ${BINDIR}/rmd160 \ ${BINDIR}/md5 ${BINDIR}/sha1 \ ${BINDIR}/md5 ${BINDIR}/sha256 \ ${BINDIR}/md5 ${BINDIR}/sha384 \ - ${BINDIR}/md5 ${BINDIR}/sha512 + ${BINDIR}/md5 ${BINDIR}/sha512 \ + ${BINDIR}/md5 ${BINDIR}/sha512t256 MLINKS= md5.1 rmd160.1 \ md5.1 sha1.1 \ md5.1 sha256.1 \ md5.1 sha384.1 \ - md5.1 sha512.1 + md5.1 sha512.1 \ + md5.1 sha512t256.1 LIBADD= md .include Index: head/sbin/md5/md5.1 =================================================================== --- head/sbin/md5/md5.1 (revision 300902) +++ head/sbin/md5/md5.1 (revision 300903) @@ -1,163 +1,177 @@ .\" $FreeBSD$ -.Dd October 17, 2015 +.Dd April 22, 2016 .Dt MD5 1 .Os .Sh NAME -.Nm md5 , sha1 , sha256 , sha384 , sha512, rmd160 +.Nm md5 , sha1 , sha256 , sha384 , sha512, sha512t256, rmd160 .Nd calculate a message-digest fingerprint (checksum) for a file .Sh SYNOPSIS .Nm md5 .Op Fl pqrtx .Op Fl c Ar string .Op Fl s Ar string .Op Ar .Nm sha1 .Op Fl pqrtx .Op Fl c Ar string .Op Fl s Ar string .Op Ar .Nm sha256 .Op Fl pqrtx .Op Fl c Ar string .Op Fl s Ar string .Op Ar .Nm sha384 .Op Fl pqrtx .Op Fl c Ar string .Op Fl s Ar string .Op Ar .Nm sha512 .Op Fl pqrtx .Op Fl c Ar string .Op Fl s Ar string .Op Ar +.Nm sha512t256 +.Op Fl pqrtx +.Op Fl c Ar string +.Op Fl s Ar string +.Op Ar .Nm rmd160 .Op Fl pqrtx .Op Fl c Ar string .Op Fl s Ar string .Op Ar .Sh DESCRIPTION The -.Nm md5 , sha1 , sha256 , sha384 , sha512 +.Nm md5 , sha1 , sha256 , sha384 , sha512, sha512t256 and .Nm rmd160 utilities take as input a message of arbitrary length and produce as output a .Dq fingerprint or .Dq message digest of the input. It is conjectured that it is computationally infeasible to produce two messages having the same message digest, or to produce any message having a given prespecified target message digest. The .Tn MD5 , SHA-1 , SHA-256 , SHA-384 , SHA-512 and .Tn RIPEMD-160 algorithms are intended for digital signature applications, where a large file must be .Dq compressed in a secure manner before being encrypted with a private (secret) key under a public-key cryptosystem such as .Tn RSA . .Pp .Tn MD5 has been completely broken as far as finding collisions is concerned, and should not be relied upon to produce unique outputs. This also means that .Tn MD5 should not be used as part of a cryptographic signature scheme. At the current time (2014-05-17) there is no publicly known method to .Dq reverse MD5, i.e., to find an input given a hash value. .Pp .Tn SHA-1 currently (2014-05-17) has no known collisions, but an attack has been found which is faster than a brute-force search, placing the security of .Tn SHA-1 in doubt. .Pp -It is recommended that all new applications use +.Tn SHA-512t256 +is a version of +.Tn SHA-512 +truncated to only 256 bits. +On 64-bit hardware, this algorithm is approximately 50% faster than .Tn SHA-256 +but with the same level of security. +The hashes are not interchangeable. +.Pp +It is recommended that all new applications use +.Tn SHA-512 instead of one of the other hash functions. .Pp The following options may be used in any combination and must precede any files named on the command line. The hexadecimal checksum of each file listed on the command line is printed after the options are processed. .Bl -tag -width indent .It Fl c Ar string Compare the digest of the file against this string. .Pq Note that this option is not yet useful if multiple files are specified. .It Fl s Ar string Print a checksum of the given .Ar string . .It Fl p Echo stdin to stdout and append the checksum to stdout. .It Fl q Quiet mode \(em only the checksum is printed out. Overrides the .Fl r option. .It Fl r Reverses the format of the output. This helps with visual diffs. Does nothing when combined with the .Fl ptx options. .It Fl t Run a built-in time trial. .It Fl x Run a built-in test script. .El .Sh EXIT STATUS The -.Nm md5 , sha1 , sha256 , sha512 +.Nm md5 , sha1 , sha256 , sha512, sha512t256 and .Nm rmd160 utilities exit 0 on success, 1 if at least one of the input files could not be read, and 2 if at least one file does not have the same hash as the .Fl c option. .Sh SEE ALSO .Xr cksum 1 , .Xr md5 3 , .Xr ripemd 3 , .Xr sha 3 , .Xr sha256 3 , .Xr sha384 3 , .Xr sha512 3 .Rs .%A R. Rivest .%T The MD5 Message-Digest Algorithm .%O RFC1321 .Re .Rs .%A J. Burrows .%T The Secure Hash Standard .%O FIPS PUB 180-2 .Re .Rs .%A D. Eastlake and P. Jones .%T US Secure Hash Algorithm 1 .%O RFC 3174 .Re .Pp RIPEMD-160 is part of the ISO draft standard .Qq ISO/IEC DIS 10118-3 on dedicated hash functions. .Pp Secure Hash Standard (SHS): .Pa http://csrc.nist.gov/cryptval/shs.html . .Pp The RIPEMD-160 page: .Pa http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html . .Sh ACKNOWLEDGMENTS This program is placed in the public domain for free general use by RSA Data Security. .Pp Support for SHA-1 and RIPEMD-160 has been added by .An Oliver Eikemeier Aq Mt eik@FreeBSD.org . Index: head/sbin/md5/md5.c =================================================================== --- head/sbin/md5/md5.c (revision 300902) +++ head/sbin/md5/md5.c (revision 300903) @@ -1,412 +1,428 @@ /* * Derived from: * * MDDRIVER.C - test driver for MD2, MD4 and MD5 */ /* * Copyright (C) 1990-2, RSA Data Security, Inc. Created 1990. All * rights reserved. * * RSA Data Security, Inc. makes no representations concerning either * the merchantability of this software or the suitability of this * software for any particular purpose. It is provided "as is" * without express or implied warranty of any kind. * * These notices must be retained in any copies of any part of this * documentation and/or software. */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include +#include #include #include #include #include #include /* * Length of test block, number of test blocks. */ #define TEST_BLOCK_LEN 10000 #define TEST_BLOCK_COUNT 100000 #define MDTESTCOUNT 8 static int qflag; static int rflag; static int sflag; static char* checkAgainst; static int checksFailed; typedef void (DIGEST_Init)(void *); typedef void (DIGEST_Update)(void *, const unsigned char *, size_t); typedef char *(DIGEST_End)(void *, char *); extern const char *MD5TestOutput[MDTESTCOUNT]; extern const char *SHA1_TestOutput[MDTESTCOUNT]; extern const char *SHA256_TestOutput[MDTESTCOUNT]; extern const char *SHA384_TestOutput[MDTESTCOUNT]; extern const char *SHA512_TestOutput[MDTESTCOUNT]; +extern const char *SHA512t256_TestOutput[MDTESTCOUNT]; extern const char *RIPEMD160_TestOutput[MDTESTCOUNT]; typedef struct Algorithm_t { const char *progname; const char *name; const char *(*TestOutput)[MDTESTCOUNT]; DIGEST_Init *Init; DIGEST_Update *Update; DIGEST_End *End; char *(*Data)(const void *, unsigned int, char *); char *(*File)(const char *, char *); } Algorithm_t; static void MD5_Update(MD5_CTX *, const unsigned char *, size_t); static void MDString(const Algorithm_t *, const char *); static void MDTimeTrial(const Algorithm_t *); static void MDTestSuite(const Algorithm_t *); static void MDFilter(const Algorithm_t *, int); static void usage(const Algorithm_t *); typedef union { MD5_CTX md5; SHA1_CTX sha1; SHA256_CTX sha256; SHA384_CTX sha384; SHA512_CTX sha512; RIPEMD160_CTX ripemd160; } DIGEST_CTX; /* max(MD5_DIGEST_LENGTH, SHA_DIGEST_LENGTH, SHA256_DIGEST_LENGTH, SHA512_DIGEST_LENGTH, RIPEMD160_DIGEST_LENGTH)*2+1 */ #define HEX_DIGEST_LENGTH 129 /* algorithm function table */ static const struct Algorithm_t Algorithm[] = { { "md5", "MD5", &MD5TestOutput, (DIGEST_Init*)&MD5Init, (DIGEST_Update*)&MD5_Update, (DIGEST_End*)&MD5End, &MD5Data, &MD5File }, { "sha1", "SHA1", &SHA1_TestOutput, (DIGEST_Init*)&SHA1_Init, (DIGEST_Update*)&SHA1_Update, (DIGEST_End*)&SHA1_End, &SHA1_Data, &SHA1_File }, { "sha256", "SHA256", &SHA256_TestOutput, (DIGEST_Init*)&SHA256_Init, (DIGEST_Update*)&SHA256_Update, (DIGEST_End*)&SHA256_End, &SHA256_Data, &SHA256_File }, { "sha384", "SHA384", &SHA384_TestOutput, (DIGEST_Init*)&SHA384_Init, (DIGEST_Update*)&SHA384_Update, (DIGEST_End*)&SHA384_End, &SHA384_Data, &SHA384_File }, { "sha512", "SHA512", &SHA512_TestOutput, (DIGEST_Init*)&SHA512_Init, (DIGEST_Update*)&SHA512_Update, (DIGEST_End*)&SHA512_End, &SHA512_Data, &SHA512_File }, + { "sha512t256", "SHA512t256", &SHA512t256_TestOutput, (DIGEST_Init*)&SHA512_256_Init, + (DIGEST_Update*)&SHA512_256_Update, (DIGEST_End*)&SHA512_256_End, + &SHA512_256_Data, &SHA512_256_File }, { "rmd160", "RMD160", &RIPEMD160_TestOutput, (DIGEST_Init*)&RIPEMD160_Init, (DIGEST_Update*)&RIPEMD160_Update, (DIGEST_End*)&RIPEMD160_End, &RIPEMD160_Data, &RIPEMD160_File } }; static void MD5_Update(MD5_CTX *c, const unsigned char *data, size_t len) { MD5Update(c, data, len); } /* Main driver. Arguments (may be any combination): -sstring - digests string -t - runs time trial -x - runs test script filename - digests file (none) - digests standard input */ int main(int argc, char *argv[]) { int ch; char *p; char buf[HEX_DIGEST_LENGTH]; int failed; unsigned digest; const char* progname; if ((progname = strrchr(argv[0], '/')) == NULL) progname = argv[0]; else progname++; for (digest = 0; digest < sizeof(Algorithm)/sizeof(*Algorithm); digest++) if (strcasecmp(Algorithm[digest].progname, progname) == 0) break; if (digest == sizeof(Algorithm)/sizeof(*Algorithm)) digest = 0; failed = 0; checkAgainst = NULL; checksFailed = 0; while ((ch = getopt(argc, argv, "c:pqrs:tx")) != -1) switch (ch) { case 'c': checkAgainst = optarg; break; case 'p': MDFilter(&Algorithm[digest], 1); break; case 'q': qflag = 1; break; case 'r': rflag = 1; break; case 's': sflag = 1; MDString(&Algorithm[digest], optarg); break; case 't': MDTimeTrial(&Algorithm[digest]); break; case 'x': MDTestSuite(&Algorithm[digest]); break; default: usage(&Algorithm[digest]); } argc -= optind; argv += optind; if (*argv) { do { p = Algorithm[digest].File(*argv, buf); if (!p) { warn("%s", *argv); failed++; } else { if (qflag) printf("%s", p); else if (rflag) printf("%s %s", p, *argv); else printf("%s (%s) = %s", Algorithm[digest].name, *argv, p); if (checkAgainst && strcmp(checkAgainst,p)) { checksFailed++; if (!qflag) printf(" [ Failed ]"); } printf("\n"); } } while (*++argv); } else if (!sflag && (optind == 1 || qflag || rflag)) MDFilter(&Algorithm[digest], 0); if (failed != 0) return (1); if (checksFailed != 0) return (2); return (0); } /* * Digests a string and prints the result. */ static void MDString(const Algorithm_t *alg, const char *string) { size_t len = strlen(string); char buf[HEX_DIGEST_LENGTH]; alg->Data(string,len,buf); if (qflag) printf("%s", buf); else if (rflag) printf("%s \"%s\"", buf, string); else printf("%s (\"%s\") = %s", alg->name, string, buf); if (checkAgainst && strcmp(buf,checkAgainst)) { checksFailed++; if (!qflag) printf(" [ failed ]"); } printf("\n"); } /* * Measures the time to digest TEST_BLOCK_COUNT TEST_BLOCK_LEN-byte blocks. */ static void MDTimeTrial(const Algorithm_t *alg) { DIGEST_CTX context; struct rusage before, after; struct timeval total; float seconds; unsigned char block[TEST_BLOCK_LEN]; unsigned int i; char *p, buf[HEX_DIGEST_LENGTH]; printf("%s time trial. Digesting %d %d-byte blocks ...", alg->name, TEST_BLOCK_COUNT, TEST_BLOCK_LEN); fflush(stdout); /* Initialize block */ for (i = 0; i < TEST_BLOCK_LEN; i++) block[i] = (unsigned char) (i & 0xff); /* Start timer */ getrusage(RUSAGE_SELF, &before); /* Digest blocks */ alg->Init(&context); for (i = 0; i < TEST_BLOCK_COUNT; i++) alg->Update(&context, block, TEST_BLOCK_LEN); p = alg->End(&context, buf); /* Stop timer */ getrusage(RUSAGE_SELF, &after); timersub(&after.ru_utime, &before.ru_utime, &total); seconds = total.tv_sec + (float) total.tv_usec / 1000000; printf(" done\n"); printf("Digest = %s", p); printf("\nTime = %f seconds\n", seconds); printf("Speed = %f bytes/second\n", (float) TEST_BLOCK_LEN * (float) TEST_BLOCK_COUNT / seconds); } /* * Digests a reference suite of strings and prints the results. */ static const char *MDTestInput[MDTESTCOUNT] = { "", "a", "abc", "message digest", "abcdefghijklmnopqrstuvwxyz", "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", "12345678901234567890123456789012345678901234567890123456789012345678901234567890", "MD5 has not yet (2001-09-03) been broken, but sufficient attacks have been made \ that its security is in some doubt" }; const char *MD5TestOutput[MDTESTCOUNT] = { "d41d8cd98f00b204e9800998ecf8427e", "0cc175b9c0f1b6a831c399e269772661", "900150983cd24fb0d6963f7d28e17f72", "f96b697d7cb7938d525a2f31aaf161d0", "c3fcd3d76192e4007dfb496cca67e13b", "d174ab98d277d9f5a5611c2c9f419d9f", "57edf4a22be3c955ac49da2e2107b67a", "b50663f41d44d92171cb9976bc118538" }; const char *SHA1_TestOutput[MDTESTCOUNT] = { "da39a3ee5e6b4b0d3255bfef95601890afd80709", "86f7e437faa5a7fce15d1ddcb9eaeaea377667b8", "a9993e364706816aba3e25717850c26c9cd0d89d", "c12252ceda8be8994d5fa0290a47231c1d16aae3", "32d10c7b8cf96570ca04ce37f2a19d84240d3a89", "761c457bf73b14d27e9e9265c46f4b4dda11f940", "50abf5706a150990a08b2c5ea40fa0e585554732", "18eca4333979c4181199b7b4fab8786d16cf2846" }; const char *SHA256_TestOutput[MDTESTCOUNT] = { "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb", "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad", "f7846f55cf23e14eebeab5b4e1550cad5b509e3348fbc4efa3a1413d393cb650", "71c480df93d6ae2f1efad1447c66c9525e316218cf51fc8d9ed832f2daf18b73", "db4bfcbd4da0cd85a60c3c37d3fbd8805c77f15fc6b1fdfe614ee0a7c8fdb4c0", "f371bc4a311f2b009eef952dd83ca80e2b60026c8e935592d0f9c308453c813e", "e6eae09f10ad4122a0e2a4075761d185a272ebd9f5aa489e998ff2f09cbfdd9f" }; const char *SHA384_TestOutput[MDTESTCOUNT] = { "38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b", "54a59b9f22b0b80880d8427e548b7c23abd873486e1f035dce9cd697e85175033caa88e6d57bc35efae0b5afd3145f31", "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7", "473ed35167ec1f5d8e550368a3db39be54639f828868e9454c239fc8b52e3c61dbd0d8b4de1390c256dcbb5d5fd99cd5", "feb67349df3db6f5924815d6c3dc133f091809213731fe5c7b5f4999e463479ff2877f5f2936fa63bb43784b12f3ebb4", "1761336e3f7cbfe51deb137f026f89e01a448e3b1fafa64039c1464ee8732f11a5341a6f41e0c202294736ed64db1a84", "b12932b0627d1c060942f5447764155655bd4da0c9afa6dd9b9ef53129af1b8fb0195996d2de9ca0df9d821ffee67026", "99428d401bf4abcd4ee0695248c9858b7503853acfae21a9cffa7855f46d1395ef38596fcd06d5a8c32d41a839cc5dfb" }; const char *SHA512_TestOutput[MDTESTCOUNT] = { "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e", "1f40fc92da241694750979ee6cf582f2d5d7d28e18335de05abc54d0560e0f5302860c652bf08d560252aa5e74210546f369fbbbce8c12cfc7957b2652fe9a75", "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f", "107dbf389d9e9f71a3a95f6c055b9251bc5268c2be16d6c13492ea45b0199f3309e16455ab1e96118e8a905d5597b72038ddb372a89826046de66687bb420e7c", "4dbff86cc2ca1bae1e16468a05cb9881c97f1753bce3619034898faa1aabe429955a1bf8ec483d7421fe3c1646613a59ed5441fb0f321389f77f48a879c7b1f1", "1e07be23c26a86ea37ea810c8ec7809352515a970e9253c26f536cfc7a9996c45c8370583e0a78fa4a90041d71a4ceab7423f19c71b9d5a3e01249f0bebd5894", "72ec1ef1124a45b047e8b7c75a932195135bb61de24ec0d1914042246e0aec3a2354e093d76f3048b456764346900cb130d2a4fd5dd16abb5e30bcb850dee843", "e8a835195e039708b13d9131e025f4441dbdc521ce625f245a436dcd762f54bf5cb298d96235e6c6a304e087ec8189b9512cbdf6427737ea82793460c367b9c3" +}; + +const char *SHA512t256_TestOutput[MDTESTCOUNT] = { + "c672b8d1ef56ed28ab87c3622c5114069bdd3ad7b8f9737498d0c01ecef0967a", + "455e518824bc0601f9fb858ff5c37d417d67c2f8e0df2babe4808858aea830f8", + "53048e2681941ef99b2e29b76b4c7dabe4c2d0c634fc6d46e0e2f13107e7af23", + "0cf471fd17ed69d990daf3433c89b16d63dec1bb9cb42a6094604ee5d7b4e9fb", + "fc3189443f9c268f626aea08a756abe7b726b05f701cb08222312ccfd6710a26", + "cdf1cc0effe26ecc0c13758f7b4a48e000615df241284185c39eb05d355bb9c8", + "2c9fdbc0c90bdd87612ee8455474f9044850241dc105b1e8b94b8ddf5fac9148", + "dd095fc859b336c30a52548b3dc59fcc0d1be8616ebcf3368fad23107db2d736" }; const char *RIPEMD160_TestOutput[MDTESTCOUNT] = { "9c1185a5c5e9fc54612808977ee8f548b2258d31", "0bdc9d2d256b3ee9daae347be6f4dc835a467ffe", "8eb208f7e05d987a9b044a8e98c6b087f15a0bfc", "5d0689ef49d2fae572b881b123a85ffa21595f36", "f71c27109c692c1b56bbdceb5b9d2865b3708dbc", "b0e20b6e3116640286ed3a87a5713079b21f5189", "9b752e45573d4b39f4dbd3323cab82bf63326bfb", "5feb69c6bf7c29d95715ad55f57d8ac5b2b7dd32" }; static void MDTestSuite(const Algorithm_t *alg) { int i; char buffer[HEX_DIGEST_LENGTH]; printf("%s test suite:\n", alg->name); for (i = 0; i < MDTESTCOUNT; i++) { (*alg->Data)(MDTestInput[i], strlen(MDTestInput[i]), buffer); printf("%s (\"%s\") = %s", alg->name, MDTestInput[i], buffer); if (strcmp(buffer, (*alg->TestOutput)[i]) == 0) printf(" - verified correct\n"); else printf(" - INCORRECT RESULT!\n"); } } /* * Digests the standard input and prints the result. */ static void MDFilter(const Algorithm_t *alg, int tee) { DIGEST_CTX context; unsigned int len; unsigned char buffer[BUFSIZ]; char buf[HEX_DIGEST_LENGTH]; alg->Init(&context); while ((len = fread(buffer, 1, BUFSIZ, stdin))) { if (tee && len != fwrite(buffer, 1, len, stdout)) err(1, "stdout"); alg->Update(&context, buffer, len); } printf("%s\n", alg->End(&context, buf)); } static void usage(const Algorithm_t *alg) { fprintf(stderr, "usage: %s [-pqrtx] [-c string] [-s string] [files ...]\n", alg->progname); exit(1); } Index: head/sys/crypto/sha2/sha512c.c =================================================================== --- head/sys/crypto/sha2/sha512c.c (revision 300902) +++ head/sys/crypto/sha2/sha512c.c (revision 300903) @@ -1,397 +1,495 @@ /*- * Copyright 2005 Colin Percival + * Copyright (c) 2015 Allan Jude * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include __FBSDID("$FreeBSD$"); #include #include #ifdef _KERNEL #include #else #include #endif #include "sha512.h" +#include "sha512t.h" #include "sha384.h" #if BYTE_ORDER == BIG_ENDIAN /* Copy a vector of big-endian uint64_t into a vector of bytes */ #define be64enc_vect(dst, src, len) \ memcpy((void *)dst, (const void *)src, (size_t)len) /* Copy a vector of bytes into a vector of big-endian uint64_t */ #define be64dec_vect(dst, src, len) \ memcpy((void *)dst, (const void *)src, (size_t)len) #else /* BYTE_ORDER != BIG_ENDIAN */ /* * Encode a length len/4 vector of (uint64_t) into a length len vector of * (unsigned char) in big-endian form. Assumes len is a multiple of 8. */ static void be64enc_vect(unsigned char *dst, const uint64_t *src, size_t len) { size_t i; for (i = 0; i < len / 8; i++) be64enc(dst + i * 8, src[i]); } /* * Decode a big-endian length len vector of (unsigned char) into a length * len/4 vector of (uint64_t). Assumes len is a multiple of 8. */ static void be64dec_vect(uint64_t *dst, const unsigned char *src, size_t len) { size_t i; for (i = 0; i < len / 8; i++) dst[i] = be64dec(src + i * 8); } #endif /* BYTE_ORDER != BIG_ENDIAN */ /* Elementary functions used by SHA512 */ #define Ch(x, y, z) ((x & (y ^ z)) ^ z) #define Maj(x, y, z) ((x & (y | z)) | (y & z)) #define SHR(x, n) (x >> n) #define ROTR(x, n) ((x >> n) | (x << (64 - n))) #define S0(x) (ROTR(x, 28) ^ ROTR(x, 34) ^ ROTR(x, 39)) #define S1(x) (ROTR(x, 14) ^ ROTR(x, 18) ^ ROTR(x, 41)) #define s0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x, 7)) #define s1(x) (ROTR(x, 19) ^ ROTR(x, 61) ^ SHR(x, 6)) /* SHA512 round function */ #define RND(a, b, c, d, e, f, g, h, k) \ t0 = h + S1(e) + Ch(e, f, g) + k; \ t1 = S0(a) + Maj(a, b, c); \ d += t0; \ h = t0 + t1; /* Adjusted round function for rotating state */ #define RNDr(S, W, i, k) \ RND(S[(80 - i) % 8], S[(81 - i) % 8], \ S[(82 - i) % 8], S[(83 - i) % 8], \ S[(84 - i) % 8], S[(85 - i) % 8], \ S[(86 - i) % 8], S[(87 - i) % 8], \ W[i] + k) /* * SHA512 block compression function. The 512-bit state is transformed via * the 512-bit input block to produce a new state. */ static void SHA512_Transform(uint64_t * state, const unsigned char block[SHA512_BLOCK_LENGTH]) { uint64_t W[80]; uint64_t S[8]; uint64_t t0, t1; int i; /* 1. Prepare message schedule W. */ be64dec_vect(W, block, SHA512_BLOCK_LENGTH); for (i = 16; i < 80; i++) W[i] = s1(W[i - 2]) + W[i - 7] + s0(W[i - 15]) + W[i - 16]; /* 2. Initialize working variables. */ memcpy(S, state, SHA512_DIGEST_LENGTH); /* 3. Mix. */ RNDr(S, W, 0, 0x428a2f98d728ae22ULL); RNDr(S, W, 1, 0x7137449123ef65cdULL); RNDr(S, W, 2, 0xb5c0fbcfec4d3b2fULL); RNDr(S, W, 3, 0xe9b5dba58189dbbcULL); RNDr(S, W, 4, 0x3956c25bf348b538ULL); RNDr(S, W, 5, 0x59f111f1b605d019ULL); RNDr(S, W, 6, 0x923f82a4af194f9bULL); RNDr(S, W, 7, 0xab1c5ed5da6d8118ULL); RNDr(S, W, 8, 0xd807aa98a3030242ULL); RNDr(S, W, 9, 0x12835b0145706fbeULL); RNDr(S, W, 10, 0x243185be4ee4b28cULL); RNDr(S, W, 11, 0x550c7dc3d5ffb4e2ULL); RNDr(S, W, 12, 0x72be5d74f27b896fULL); RNDr(S, W, 13, 0x80deb1fe3b1696b1ULL); RNDr(S, W, 14, 0x9bdc06a725c71235ULL); RNDr(S, W, 15, 0xc19bf174cf692694ULL); RNDr(S, W, 16, 0xe49b69c19ef14ad2ULL); RNDr(S, W, 17, 0xefbe4786384f25e3ULL); RNDr(S, W, 18, 0x0fc19dc68b8cd5b5ULL); RNDr(S, W, 19, 0x240ca1cc77ac9c65ULL); RNDr(S, W, 20, 0x2de92c6f592b0275ULL); RNDr(S, W, 21, 0x4a7484aa6ea6e483ULL); RNDr(S, W, 22, 0x5cb0a9dcbd41fbd4ULL); RNDr(S, W, 23, 0x76f988da831153b5ULL); RNDr(S, W, 24, 0x983e5152ee66dfabULL); RNDr(S, W, 25, 0xa831c66d2db43210ULL); RNDr(S, W, 26, 0xb00327c898fb213fULL); RNDr(S, W, 27, 0xbf597fc7beef0ee4ULL); RNDr(S, W, 28, 0xc6e00bf33da88fc2ULL); RNDr(S, W, 29, 0xd5a79147930aa725ULL); RNDr(S, W, 30, 0x06ca6351e003826fULL); RNDr(S, W, 31, 0x142929670a0e6e70ULL); RNDr(S, W, 32, 0x27b70a8546d22ffcULL); RNDr(S, W, 33, 0x2e1b21385c26c926ULL); RNDr(S, W, 34, 0x4d2c6dfc5ac42aedULL); RNDr(S, W, 35, 0x53380d139d95b3dfULL); RNDr(S, W, 36, 0x650a73548baf63deULL); RNDr(S, W, 37, 0x766a0abb3c77b2a8ULL); RNDr(S, W, 38, 0x81c2c92e47edaee6ULL); RNDr(S, W, 39, 0x92722c851482353bULL); RNDr(S, W, 40, 0xa2bfe8a14cf10364ULL); RNDr(S, W, 41, 0xa81a664bbc423001ULL); RNDr(S, W, 42, 0xc24b8b70d0f89791ULL); RNDr(S, W, 43, 0xc76c51a30654be30ULL); RNDr(S, W, 44, 0xd192e819d6ef5218ULL); RNDr(S, W, 45, 0xd69906245565a910ULL); RNDr(S, W, 46, 0xf40e35855771202aULL); RNDr(S, W, 47, 0x106aa07032bbd1b8ULL); RNDr(S, W, 48, 0x19a4c116b8d2d0c8ULL); RNDr(S, W, 49, 0x1e376c085141ab53ULL); RNDr(S, W, 50, 0x2748774cdf8eeb99ULL); RNDr(S, W, 51, 0x34b0bcb5e19b48a8ULL); RNDr(S, W, 52, 0x391c0cb3c5c95a63ULL); RNDr(S, W, 53, 0x4ed8aa4ae3418acbULL); RNDr(S, W, 54, 0x5b9cca4f7763e373ULL); RNDr(S, W, 55, 0x682e6ff3d6b2b8a3ULL); RNDr(S, W, 56, 0x748f82ee5defb2fcULL); RNDr(S, W, 57, 0x78a5636f43172f60ULL); RNDr(S, W, 58, 0x84c87814a1f0ab72ULL); RNDr(S, W, 59, 0x8cc702081a6439ecULL); RNDr(S, W, 60, 0x90befffa23631e28ULL); RNDr(S, W, 61, 0xa4506cebde82bde9ULL); RNDr(S, W, 62, 0xbef9a3f7b2c67915ULL); RNDr(S, W, 63, 0xc67178f2e372532bULL); RNDr(S, W, 64, 0xca273eceea26619cULL); RNDr(S, W, 65, 0xd186b8c721c0c207ULL); RNDr(S, W, 66, 0xeada7dd6cde0eb1eULL); RNDr(S, W, 67, 0xf57d4f7fee6ed178ULL); RNDr(S, W, 68, 0x06f067aa72176fbaULL); RNDr(S, W, 69, 0x0a637dc5a2c898a6ULL); RNDr(S, W, 70, 0x113f9804bef90daeULL); RNDr(S, W, 71, 0x1b710b35131c471bULL); RNDr(S, W, 72, 0x28db77f523047d84ULL); RNDr(S, W, 73, 0x32caab7b40c72493ULL); RNDr(S, W, 74, 0x3c9ebe0a15c9bebcULL); RNDr(S, W, 75, 0x431d67c49c100d4cULL); RNDr(S, W, 76, 0x4cc5d4becb3e42b6ULL); RNDr(S, W, 77, 0x597f299cfc657e2aULL); RNDr(S, W, 78, 0x5fcb6fab3ad6faecULL); RNDr(S, W, 79, 0x6c44198c4a475817ULL); /* 4. Mix local working variables into global state */ for (i = 0; i < 8; i++) state[i] += S[i]; } static unsigned char PAD[SHA512_BLOCK_LENGTH] = { 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; /* Add padding and terminating bit-count. */ static void SHA512_Pad(SHA512_CTX * ctx) { unsigned char len[16]; uint64_t r, plen; /* * Convert length to a vector of bytes -- we do this now rather * than later because the length will change after we pad. */ be64enc_vect(len, ctx->count, 16); /* Add 1--128 bytes so that the resulting length is 112 mod 128 */ r = (ctx->count[1] >> 3) & 0x7f; plen = (r < 112) ? (112 - r) : (240 - r); SHA512_Update(ctx, PAD, (size_t)plen); /* Add the terminating bit-count */ SHA512_Update(ctx, len, 16); } /* SHA-512 initialization. Begins a SHA-512 operation. */ void SHA512_Init(SHA512_CTX * ctx) { /* Zero bits processed so far */ ctx->count[0] = ctx->count[1] = 0; /* Magic initialization constants */ ctx->state[0] = 0x6a09e667f3bcc908ULL; ctx->state[1] = 0xbb67ae8584caa73bULL; ctx->state[2] = 0x3c6ef372fe94f82bULL; ctx->state[3] = 0xa54ff53a5f1d36f1ULL; ctx->state[4] = 0x510e527fade682d1ULL; ctx->state[5] = 0x9b05688c2b3e6c1fULL; ctx->state[6] = 0x1f83d9abfb41bd6bULL; ctx->state[7] = 0x5be0cd19137e2179ULL; } /* Add bytes into the hash */ void SHA512_Update(SHA512_CTX * ctx, const void *in, size_t len) { uint64_t bitlen[2]; uint64_t r; const unsigned char *src = in; /* Number of bytes left in the buffer from previous updates */ r = (ctx->count[1] >> 3) & 0x7f; /* Convert the length into a number of bits */ bitlen[1] = ((uint64_t)len) << 3; bitlen[0] = ((uint64_t)len) >> 61; /* Update number of bits */ if ((ctx->count[1] += bitlen[1]) < bitlen[1]) ctx->count[0]++; ctx->count[0] += bitlen[0]; /* Handle the case where we don't need to perform any transforms */ if (len < SHA512_BLOCK_LENGTH - r) { memcpy(&ctx->buf[r], src, len); return; } /* Finish the current block */ memcpy(&ctx->buf[r], src, SHA512_BLOCK_LENGTH - r); SHA512_Transform(ctx->state, ctx->buf); src += SHA512_BLOCK_LENGTH - r; len -= SHA512_BLOCK_LENGTH - r; /* Perform complete blocks */ while (len >= SHA512_BLOCK_LENGTH) { SHA512_Transform(ctx->state, src); src += SHA512_BLOCK_LENGTH; len -= SHA512_BLOCK_LENGTH; } /* Copy left over data into buffer */ memcpy(ctx->buf, src, len); } /* * SHA-512 finalization. Pads the input data, exports the hash value, * and clears the context state. */ void SHA512_Final(unsigned char digest[static SHA512_DIGEST_LENGTH], SHA512_CTX *ctx) { /* Add padding */ SHA512_Pad(ctx); /* Write the hash */ be64enc_vect(digest, ctx->state, SHA512_DIGEST_LENGTH); /* Clear the context state */ memset(ctx, 0, sizeof(*ctx)); } +/*** SHA-512t: *********************************************************/ +/* + * the SHA512t transforms are identical to SHA512 so reuse the existing function + */ +void +SHA512_224_Init(SHA512_CTX * ctx) +{ + + /* Zero bits processed so far */ + ctx->count[0] = ctx->count[1] = 0; + + /* Magic initialization constants */ + ctx->state[0] = 0x8c3d37c819544da2ULL; + ctx->state[1] = 0x73e1996689dcd4d6ULL; + ctx->state[2] = 0x1dfab7ae32ff9c82ULL; + ctx->state[3] = 0x679dd514582f9fcfULL; + ctx->state[4] = 0x0f6d2b697bd44da8ULL; + ctx->state[5] = 0x77e36f7304c48942ULL; + ctx->state[6] = 0x3f9d85a86a1d36c8ULL; + ctx->state[7] = 0x1112e6ad91d692a1ULL; +} + +void +SHA512_224_Update(SHA512_CTX * ctx, const void *in, size_t len) +{ + + SHA512_Update(ctx, in, len); +} + +void +SHA512_224_Final(unsigned char digest[static SHA512_224_DIGEST_LENGTH], SHA512_CTX * ctx) +{ + + /* Add padding */ + SHA512_Pad(ctx); + + /* Write the hash */ + be64enc_vect(digest, ctx->state, SHA512_224_DIGEST_LENGTH); + + /* Clear the context state */ + memset(ctx, 0, sizeof(*ctx)); +} + +void +SHA512_256_Init(SHA512_CTX * ctx) +{ + + /* Zero bits processed so far */ + ctx->count[0] = ctx->count[1] = 0; + + /* Magic initialization constants */ + ctx->state[0] = 0x22312194fc2bf72cULL; + ctx->state[1] = 0x9f555fa3c84c64c2ULL; + ctx->state[2] = 0x2393b86b6f53b151ULL; + ctx->state[3] = 0x963877195940eabdULL; + ctx->state[4] = 0x96283ee2a88effe3ULL; + ctx->state[5] = 0xbe5e1e2553863992ULL; + ctx->state[6] = 0x2b0199fc2c85b8aaULL; + ctx->state[7] = 0x0eb72ddc81c52ca2ULL; +} + +void +SHA512_256_Update(SHA512_CTX * ctx, const void *in, size_t len) +{ + + SHA512_Update(ctx, in, len); +} + +void +SHA512_256_Final(unsigned char digest[static SHA512_256_DIGEST_LENGTH], SHA512_CTX * ctx) +{ + + /* Add padding */ + SHA512_Pad(ctx); + + /* Write the hash */ + be64enc_vect(digest, ctx->state, SHA512_256_DIGEST_LENGTH); + + /* Clear the context state */ + memset(ctx, 0, sizeof(*ctx)); +} + /*** SHA-384: *********************************************************/ /* * the SHA384 and SHA512 transforms are identical, so SHA384 is skipped */ /* SHA-384 initialization. Begins a SHA-384 operation. */ void SHA384_Init(SHA384_CTX * ctx) { /* Zero bits processed so far */ ctx->count[0] = ctx->count[1] = 0; /* Magic initialization constants */ ctx->state[0] = 0xcbbb9d5dc1059ed8ULL; ctx->state[1] = 0x629a292a367cd507ULL; ctx->state[2] = 0x9159015a3070dd17ULL; ctx->state[3] = 0x152fecd8f70e5939ULL; ctx->state[4] = 0x67332667ffc00b31ULL; ctx->state[5] = 0x8eb44a8768581511ULL; ctx->state[6] = 0xdb0c2e0d64f98fa7ULL; ctx->state[7] = 0x47b5481dbefa4fa4ULL; } /* Add bytes into the SHA-384 hash */ void SHA384_Update(SHA384_CTX * ctx, const void *in, size_t len) { SHA512_Update((SHA512_CTX *)ctx, in, len); } /* * SHA-384 finalization. Pads the input data, exports the hash value, * and clears the context state. */ void SHA384_Final(unsigned char digest[static SHA384_DIGEST_LENGTH], SHA384_CTX *ctx) { /* Add padding */ SHA512_Pad((SHA512_CTX *)ctx); /* Write the hash */ be64enc_vect(digest, ctx->state, SHA384_DIGEST_LENGTH); /* Clear the context state */ memset(ctx, 0, sizeof(*ctx)); } #ifdef WEAK_REFS /* When building libmd, provide weak references. Note: this is not activated in the context of compiling these sources for internal use in libcrypt. */ #undef SHA512_Init __weak_reference(_libmd_SHA512_Init, SHA512_Init); #undef SHA512_Update __weak_reference(_libmd_SHA512_Update, SHA512_Update); #undef SHA512_Final __weak_reference(_libmd_SHA512_Final, SHA512_Final); #undef SHA512_Transform __weak_reference(_libmd_SHA512_Transform, SHA512_Transform); + +#undef SHA512_224_Init +__weak_reference(_libmd_SHA512_224_Init, SHA512_224_Init); +#undef SHA512_224_Update +__weak_reference(_libmd_SHA512_224_Update, SHA512_224_Update); +#undef SHA512_224_Final +__weak_reference(_libmd_SHA512_224_Final, SHA512_224_Final); + +#undef SHA512_256_Init +__weak_reference(_libmd_SHA512_256_Init, SHA512_256_Init); +#undef SHA512_256_Update +__weak_reference(_libmd_SHA512_256_Update, SHA512_256_Update); +#undef SHA512_256_Final +__weak_reference(_libmd_SHA512_256_Final, SHA512_256_Final); #undef SHA384_Init __weak_reference(_libmd_SHA384_Init, SHA384_Init); #undef SHA384_Update __weak_reference(_libmd_SHA384_Update, SHA384_Update); #undef SHA384_Final __weak_reference(_libmd_SHA384_Final, SHA384_Final); #endif Index: head/sys/crypto/sha2/sha512t.h =================================================================== --- head/sys/crypto/sha2/sha512t.h (nonexistent) +++ head/sys/crypto/sha2/sha512t.h (revision 300903) @@ -0,0 +1,125 @@ +/*- + * Copyright (c) 2015 Allan Jude + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#ifndef _SHA512T_H_ +#define _SHA512T_H_ + +#include "sha512.h" + +#ifndef _KERNEL +#include +#endif + +#define SHA512_224_DIGEST_LENGTH 28 +#define SHA512_224_DIGEST_STRING_LENGTH (SHA512_224_DIGEST_LENGTH * 2 + 1) +#define SHA512_256_DIGEST_LENGTH 32 +#define SHA512_256_DIGEST_STRING_LENGTH (SHA512_256_DIGEST_LENGTH * 2 + 1) + +__BEGIN_DECLS + +/* Ensure libmd symbols do not clash with libcrypto */ +#ifndef SHA512_224_Init +#define SHA512_224_Init _libmd_SHA512_224_Init +#endif +#ifndef SHA512_224_Update +#define SHA512_224_Update _libmd_SHA512_224_Update +#endif +#ifndef SHA512_224_Final +#define SHA512_224_Final _libmd_SHA512_224_Final +#endif +#ifndef SHA512_224_End +#define SHA512_224_End _libmd_SHA512_224_End +#endif +#ifndef SHA512_224_File +#define SHA512_224_File _libmd_SHA512_224_File +#endif +#ifndef SHA512_224_FileChunk +#define SHA512_224_FileChunk _libmd_SHA512_224_FileChunk +#endif +#ifndef SHA512_224_Data +#define SHA512_224_Data _libmd_SHA512_224_Data +#endif + +#ifndef SHA512_224_Transform +#define SHA512_224_Transform _libmd_SHA512_224_Transform +#endif +#ifndef SHA512_224_version +#define SHA512_224_version _libmd_SHA512_224_version +#endif + +#ifndef SHA512_256_Init +#define SHA512_256_Init _libmd_SHA512_256_Init +#endif +#ifndef SHA512_256_Update +#define SHA512_256_Update _libmd_SHA512_256_Update +#endif +#ifndef SHA512_256_Final +#define SHA512_256_Final _libmd_SHA512_256_Final +#endif +#ifndef SHA512_256_End +#define SHA512_256_End _libmd_SHA512_256_End +#endif +#ifndef SHA512_256_File +#define SHA512_256_File _libmd_SHA512_256_File +#endif +#ifndef SHA512_256_FileChunk +#define SHA512_256_FileChunk _libmd_SHA512_256_FileChunk +#endif +#ifndef SHA512_256_Data +#define SHA512_256_Data _libmd_SHA512_256_Data +#endif + +#ifndef SHA512_256_Transform +#define SHA512_256_Transform _libmd_SHA512_256_Transform +#endif +#ifndef SHA512_256_version +#define SHA512_256_version _libmd_SHA512_256_version +#endif + +void SHA512_224_Init(SHA512_CTX *); +void SHA512_224_Update(SHA512_CTX *, const void *, size_t); +void SHA512_224_Final(unsigned char [static SHA512_224_DIGEST_LENGTH], SHA512_CTX *); +#ifndef _KERNEL +char *SHA512_224_End(SHA512_CTX *, char *); +char *SHA512_224_Data(const void *, unsigned int, char *); +char *SHA512_224_File(const char *, char *); +char *SHA512_224_FileChunk(const char *, char *, off_t, off_t); +#endif +void SHA512_256_Init(SHA512_CTX *); +void SHA512_256_Update(SHA512_CTX *, const void *, size_t); +void SHA512_256_Final(unsigned char [static SHA512_256_DIGEST_LENGTH], SHA512_CTX *); +#ifndef _KERNEL +char *SHA512_256_End(SHA512_CTX *, char *); +char *SHA512_256_Data(const void *, unsigned int, char *); +char *SHA512_256_File(const char *, char *); +char *SHA512_256_FileChunk(const char *, char *, off_t, off_t); +#endif + +__END_DECLS + +#endif /* !_SHA512T_H_ */ Property changes on: head/sys/crypto/sha2/sha512t.h ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property