In light of the recent 2^69 operation collision-finding attack on SHA1,

add support for SHA256.

Tested on:	i386, sparc64
Tested using:	NIST test vectors, built-in tests
X-MFC-after:	5.4-RELEASE
This commit is contained in:
Colin Percival 2005-03-09 19:23:04 +00:00
parent 3765fba6c1
commit 186c183c23
7 changed files with 546 additions and 10 deletions

View File

@ -4,10 +4,11 @@ LIB= md
SHLIBDIR?= /lib
SRCS= md2c.c md4c.c md5c.c md2hl.c md4hl.c md5hl.c \
rmd160c.c rmd160hl.c \
sha0c.c sha0hl.c sha1c.c sha1hl.c
INCS= md2.h md4.h md5.h ripemd.h sha.h
sha0c.c sha0hl.c sha1c.c sha1hl.c \
sha256c.c sha256hl.c
INCS= md2.h md4.h md5.h ripemd.h sha.h sha256.h
MAN+= md2.3 md4.3 md5.3 ripemd.3 sha.3
MAN+= md2.3 md4.3 md5.3 ripemd.3 sha.3 sha256.3
MLINKS+=md2.3 MD2Init.3 md2.3 MD2Update.3 md2.3 MD2Final.3
MLINKS+=md2.3 MD2End.3 md2.3 MD2File.3 md2.3 MD2FileChunk.3
MLINKS+=md2.3 MD2Data.3
@ -27,9 +28,14 @@ MLINKS+=sha.3 SHA_Data.3
MLINKS+=sha.3 SHA1_Init.3 sha.3 SHA1_Update.3 sha.3 SHA1_Final.3
MLINKS+=sha.3 SHA1_End.3 sha.3 SHA1_File.3 sha.3 SHA1_FileChunk.3
MLINKS+=sha.3 SHA1_Data.3
MLINKS+=sha256.3 SHA256_Init.3 sha256.3 SHA256_Update.3
MLINKS+=sha256.3 SHA256_Final.3 sha256.3 SHA256_End.3
MLINKS+=sha256.3 SHA256_File.3 sha256.3 SHA256_FileChunk.3
MLINKS+=sha256.3 SHA256_Data.3
CLEANFILES+= md[245]hl.c md[245].ref md[245].3 mddriver \
rmd160.ref rmd160hl.c rmddriver \
sha0.ref sha0hl.c sha1.ref sha1hl.c shadriver
sha0.ref sha0hl.c sha1.ref sha1hl.c shadriver \
sha256.ref sha256hl.c
CFLAGS+= -I${.CURDIR}
.PATH: ${.CURDIR}/${MACHINE_ARCH}
@ -64,6 +70,12 @@ sha1hl.c: mdXhl.c
sed -e 's/mdX/sha/g' -e 's/MDX/SHA1_/g' -e 's/SHA1__/SHA1_/g' \
${.ALLSRC}) > ${.TARGET}
sha256hl.c: mdXhl.c
(echo '#define LENGTH 32'; \
sed -e 's/mdX/sha256/g' -e 's/MDX/SHA256_/g' \
-e 's/SHA256__/SHA256_/g' \
${.ALLSRC}) > ${.TARGET}
rmd160hl.c: mdXhl.c
(echo '#define LENGTH 20'; \
sed -e 's/mdX/ripemd/g' -e 's/MDX/RIPEMD160_/g' \
@ -132,6 +144,15 @@ sha1.ref:
echo 'SHA-1 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \
'50abf5706a150990a08b2c5ea40fa0e585554732' ) > ${.TARGET}
sha256.ref:
echo 'SHA-256 test suite:' > ${.TARGET}
@echo 'SHA-256 ("") = e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855' >> ${.TARGET}
@echo 'SHA-256 ("abc") = ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad' >> ${.TARGET}
@echo 'SHA-256 ("message digest") = f7846f55cf23e14eebeab5b4e1550cad5b509e3348fbc4efa3a1413d393cb650' >> ${.TARGET}
@echo 'SHA-256 ("abcdefghijklmnopqrstuvwxyz") = 71c480df93d6ae2f1efad1447c66c9525e316218cf51fc8d9ed832f2daf18b73' >> ${.TARGET}
@echo 'SHA-256 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") = db4bfcbd4da0cd85a60c3c37d3fbd8805c77f15fc6b1fdfe614ee0a7c8fdb4c0' >> ${.TARGET}
@echo 'SHA-256 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") = f371bc4a311f2b009eef952dd83ca80e2b60026c8e935592d0f9c308453c813e' >> ${.TARGET}
rmd160.ref:
(echo 'RIPEMD160 test suite:'; \
echo 'RIPEMD160 ("") = 9c1185a5c5e9fc54612808977ee8f548b2258d31'; \
@ -145,7 +166,7 @@ rmd160.ref:
echo 'RIPEMD160 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \
'9b752e45573d4b39f4dbd3323cab82bf63326bfb' ) > ${.TARGET}
test: md2.ref md4.ref md5.ref sha0.ref rmd160.ref sha1.ref
test: md2.ref md4.ref md5.ref sha0.ref rmd160.ref sha1.ref sha256.ref
@${ECHO} if any of these test fail, the code produces wrong results
@${ECHO} and should NOT be used.
${CC} ${CFLAGS} ${LDFLAGS} -DMD=2 -o mddriver ${.CURDIR}/mddriver.c -L. -lmd
@ -168,6 +189,9 @@ test: md2.ref md4.ref md5.ref sha0.ref rmd160.ref sha1.ref
${CC} ${CFLAGS} ${LDFLAGS} -DSHA=1 -o shadriver ${.CURDIR}/shadriver.c -L. -lmd
./shadriver | cmp sha1.ref -
@${ECHO} SHA-1 passed test
${CC} ${CFLAGS} ${LDFLAGS} -DSHA=256 -o shadriver ${.CURDIR}/shadriver.c -L. -lmd
./shadriver | cmp sha256.ref -
@${ECHO} SHA-256 passed test
-rm -f shadriver
.include <bsd.lib.mk>

140
lib/libmd/sha256.3 Normal file
View File

@ -0,0 +1,140 @@
.\"
.\" ----------------------------------------------------------------------------
.\" "THE BEER-WARE LICENSE" (Revision 42):
.\" <phk@FreeBSD.org> wrote this file. As long as you retain this notice you
.\" can do whatever you want with this stuff. If we meet some day, and you think
.\" this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp
.\" ----------------------------------------------------------------------------
.\"
.\" From: Id: mdX.3,v 1.14 1999/02/11 20:31:49 wollman Exp
.\" $FreeBSD$
.\"
.Dd March 9, 2005
.Dt SHA256 3
.Os
.Sh NAME
.Nm SHA256_Init ,
.Nm SHA256_Update ,
.Nm SHA256_Final ,
.Nm SHA256_End ,
.Nm SHA256_File ,
.Nm SHA256_FileChunk ,
.Nm SHA256_Data
.Nd calculate the FIPS 180-2 ``SHA-256'' message digest
.Sh LIBRARY
.Lb libmd
.Sh SYNOPSIS
.In sys/types.h
.In sha256.h
.Ft void
.Fn SHA256_Init "SHA_CTX *context"
.Ft void
.Fn SHA256_Update "SHA_CTX *context" "const unsigned char *data" "size_t len"
.Ft void
.Fn SHA256_Final "unsigned char digest[32]" "SHA_CTX *context"
.Ft "char *"
.Fn SHA256_End "SHA_CTX *context" "char *buf"
.Ft "char *"
.Fn SHA256_File "const char *filename" "char *buf"
.Ft "char *"
.Fn SHA256_FileChunk "const char *filename" "char *buf" "off_t offset" "off_t length"
.Ft "char *"
.Fn SHA256_Data "const unsigned char *data" "unsigned int len" "char *buf"
.Sh DESCRIPTION
The
.Li SHA256_
functions calculate a 256-bit cryptographic checksum (digest)
for any number of input bytes.
A cryptographic checksum is a one-way
hash function; that is, it is computationally impractical to find
the input corresponding to a particular output.
This net result is
a
.Dq fingerprint
of the input-data, which does not disclose the actual input.
.Pp
The
.Fn SHA256_Init ,
.Fn SHA256_Update ,
and
.Fn SHA256_Final
functions are the core functions.
Allocate an
.Vt SHA256_CTX ,
initialize it with
.Fn SHA256_Init ,
run over the data with
.Fn SHA256_Update ,
and finally extract the result using
.Fn SHA256_Final .
.Pp
.Fn SHA256_End
is a wrapper for
.Fn SHA256_Final
which converts the return value to a 65-character
(including the terminating '\e0')
.Tn ASCII
string which represents the 256 bits in hexadecimal.
.Pp
.Fn SHA256_File
calculates the digest of a file, and uses
.Fn SHA256_End
to return the result.
If the file cannot be opened, a null pointer is returned.
.Fn SHA256_FileChunk
is similar to
.Fn SHA256_File ,
but it only calculates the digest over a byte-range of the file specified,
starting at
.Fa offset
and spanning
.Fa length
bytes.
If the
.Fa length
parameter is specified as 0, or more than the length of the remaining part
of the file,
.Fn SHA256_FileChunk
calculates the digest from
.Fa offset
to the end of file.
.Fn SHA256_Data
calculates the digest of a chunk of data in memory, and uses
.Fn SHA256_End
to return the result.
.Pp
When using
.Fn SHA256_End ,
.Fn SHA256_File ,
or
.Fn SHA256_Data ,
the
.Fa buf
argument can be a null pointer, in which case the returned string
is allocated with
.Xr malloc 3
and subsequently must be explicitly deallocated using
.Xr free 3
after use.
If the
.Fa buf
argument is non-null it must point to at least 65 characters of buffer space.
.Sh SEE ALSO
.Xr md2 3 ,
.Xr md4 3 ,
.Xr md5 3 ,
.Xr ripemd 3 ,
.Xr sha 3
.Sh HISTORY
These functions appeared in
.Fx 4.0 .
.Sh AUTHORS
The core hash routines were implemented by Colin Percival based on
the published
.Tn FIPS 180-2
standard.
.Sh BUGS
No method is known to exist which finds two files having the same hash value,
nor to find a file with a specific hash value.
There is on the other hand no guarantee that such a method does not exist.

50
lib/libmd/sha256.h Normal file
View File

@ -0,0 +1,50 @@
/*-
* Copyright 2005 Colin Percival
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $FreeBSD$
*/
#ifndef _SHA256_H_
#define _SHA256_H_
#include <sys/types.h>
typedef struct SHA256Context {
uint32_t state[8];
uint32_t count[2];
unsigned char buf[64];
} SHA256_CTX;
__BEGIN_DECLS
void SHA256_Init(SHA256_CTX *);
void SHA256_Update(SHA256_CTX *, const unsigned char *, size_t);
void SHA256_Final(unsigned char [32], SHA256_CTX *);
char *SHA256_End(SHA256_CTX *, char *);
char *SHA256_File(const char *, char *);
char *SHA256_FileChunk(const char *, char *, off_t, off_t);
char *SHA256_Data(const unsigned char *, unsigned int, char *);
__END_DECLS
#endif /* !_SHA256_H_ */

299
lib/libmd/sha256c.c Normal file
View File

@ -0,0 +1,299 @@
/*-
* Copyright 2005 Colin Percival
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/endian.h>
#include <sys/types.h>
#include <string.h>
#include "sha256.h"
#if BYTE_ORDER == BIG_ENDIAN
/* Copy a vector of big-endian uint32_t into a vector of bytes */
#define be32enc_vect(dst, src, len) \
memcpy((void *)dst, (const void *)src, (size_t)len)
/* Copy a vector of bytes into a vector of big-endian uint32_t */
#define be32dec_vect(dst, src, len) \
memcpy((void *)dst, (const void *)src, (size_t)len)
#else /* BYTE_ORDER != BIG_ENDIAN */
/*
* Encode a length len/4 vector of (uint32_t) into a length len vector of
* (unsigned char) in big-endian form. Assumes len is a multiple of 4.
*/
static void
be32enc_vect(unsigned char *dst, const uint32_t *src, size_t len)
{
size_t i;
for (i = 0; i < len / 4; i++)
be32enc(dst + i * 4, src[i]);
}
/*
* Decode a big-endian length len vector of (unsigned char) into a length
* len/4 vector of (uint32_t). Assumes len is a multiple of 4.
*/
static void
be32dec_vect(uint32_t *dst, const unsigned char *src, size_t len)
{
size_t i;
for (i = 0; i < len / 4; i++)
dst[i] = be32dec(src + i * 4);
}
#endif /* BYTE_ORDER != BIG_ENDIAN */
/* Elementary functions used by SHA256 */
#define Ch(x, y, z) ((x & (y ^ z)) ^ z)
#define Maj(x, y, z) ((x & (y | z)) | (y & z))
#define SHR(x, n) (x >> n)
#define ROTR(x, n) ((x >> n) | (x << (32 - n)))
#define S0(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22))
#define S1(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25))
#define s0(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ SHR(x, 3))
#define s1(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ SHR(x, 10))
/* SHA256 round function */
#define RND(a, b, c, d, e, f, g, h, k) \
t0 = h + S1(e) + Ch(e, f, g) + k; \
t1 = S0(a) + Maj(a, b, c); \
d += t0; \
h = t0 + t1;
/* Adjusted round function for rotating state */
#define RNDr(S, W, i, k) \
RND(S[(64 - i) % 8], S[(65 - i) % 8], \
S[(66 - i) % 8], S[(67 - i) % 8], \
S[(68 - i) % 8], S[(69 - i) % 8], \
S[(70 - i) % 8], S[(71 - i) % 8], \
W[i] + k)
/*
* SHA256 block compression function. The 256-bit state is transformed via
* the 512-bit input block to produce a new state.
*/
static void
SHA256_Transform(uint32_t * state, const unsigned char block[64])
{
uint32_t W[64];
uint32_t S[8];
uint32_t t0, t1;
int i;
/* 1. Prepare message schedule W. */
be32dec_vect(W, block, 64);
for (i = 16; i < 64; i++)
W[i] = s1(W[i - 2]) + W[i - 7] + s0(W[i - 15]) + W[i - 16];
/* 2. Initialize working variables. */
memcpy(S, state, 32);
/* 3. Mix. */
RNDr(S, W, 0, 0x428a2f98);
RNDr(S, W, 1, 0x71374491);
RNDr(S, W, 2, 0xb5c0fbcf);
RNDr(S, W, 3, 0xe9b5dba5);
RNDr(S, W, 4, 0x3956c25b);
RNDr(S, W, 5, 0x59f111f1);
RNDr(S, W, 6, 0x923f82a4);
RNDr(S, W, 7, 0xab1c5ed5);
RNDr(S, W, 8, 0xd807aa98);
RNDr(S, W, 9, 0x12835b01);
RNDr(S, W, 10, 0x243185be);
RNDr(S, W, 11, 0x550c7dc3);
RNDr(S, W, 12, 0x72be5d74);
RNDr(S, W, 13, 0x80deb1fe);
RNDr(S, W, 14, 0x9bdc06a7);
RNDr(S, W, 15, 0xc19bf174);
RNDr(S, W, 16, 0xe49b69c1);
RNDr(S, W, 17, 0xefbe4786);
RNDr(S, W, 18, 0x0fc19dc6);
RNDr(S, W, 19, 0x240ca1cc);
RNDr(S, W, 20, 0x2de92c6f);
RNDr(S, W, 21, 0x4a7484aa);
RNDr(S, W, 22, 0x5cb0a9dc);
RNDr(S, W, 23, 0x76f988da);
RNDr(S, W, 24, 0x983e5152);
RNDr(S, W, 25, 0xa831c66d);
RNDr(S, W, 26, 0xb00327c8);
RNDr(S, W, 27, 0xbf597fc7);
RNDr(S, W, 28, 0xc6e00bf3);
RNDr(S, W, 29, 0xd5a79147);
RNDr(S, W, 30, 0x06ca6351);
RNDr(S, W, 31, 0x14292967);
RNDr(S, W, 32, 0x27b70a85);
RNDr(S, W, 33, 0x2e1b2138);
RNDr(S, W, 34, 0x4d2c6dfc);
RNDr(S, W, 35, 0x53380d13);
RNDr(S, W, 36, 0x650a7354);
RNDr(S, W, 37, 0x766a0abb);
RNDr(S, W, 38, 0x81c2c92e);
RNDr(S, W, 39, 0x92722c85);
RNDr(S, W, 40, 0xa2bfe8a1);
RNDr(S, W, 41, 0xa81a664b);
RNDr(S, W, 42, 0xc24b8b70);
RNDr(S, W, 43, 0xc76c51a3);
RNDr(S, W, 44, 0xd192e819);
RNDr(S, W, 45, 0xd6990624);
RNDr(S, W, 46, 0xf40e3585);
RNDr(S, W, 47, 0x106aa070);
RNDr(S, W, 48, 0x19a4c116);
RNDr(S, W, 49, 0x1e376c08);
RNDr(S, W, 50, 0x2748774c);
RNDr(S, W, 51, 0x34b0bcb5);
RNDr(S, W, 52, 0x391c0cb3);
RNDr(S, W, 53, 0x4ed8aa4a);
RNDr(S, W, 54, 0x5b9cca4f);
RNDr(S, W, 55, 0x682e6ff3);
RNDr(S, W, 56, 0x748f82ee);
RNDr(S, W, 57, 0x78a5636f);
RNDr(S, W, 58, 0x84c87814);
RNDr(S, W, 59, 0x8cc70208);
RNDr(S, W, 60, 0x90befffa);
RNDr(S, W, 61, 0xa4506ceb);
RNDr(S, W, 62, 0xbef9a3f7);
RNDr(S, W, 63, 0xc67178f2);
/* 4. Mix local working variables into global state */
for (i = 0; i < 8; i++)
state[i] += S[i];
}
static unsigned char PAD[64] = {
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
/* Add padding and terminating bit-count. */
static void
SHA256_Pad(SHA256_CTX * ctx)
{
unsigned char len[8];
uint32_t r, plen;
/*
* Convert length to a vector of bytes -- we do this now rather
* than later because the length will change after we pad.
*/
be32enc_vect(len, ctx->count, 8);
/* Add 1--64 bytes so that the resulting length is 56 mod 64 */
r = (ctx->count[1] >> 3) & 0x3f;
plen = (r < 56) ? (56 - r) : (120 - r);
SHA256_Update(ctx, PAD, (size_t)plen);
/* Add the terminating bit-count */
SHA256_Update(ctx, len, 8);
}
/* SHA-256 initialization. Begins a SHA-256 operation. */
void
SHA256_Init(SHA256_CTX * ctx)
{
/* Zero bits processed so far */
ctx->count[0] = ctx->count[1] = 0;
/* Magic initialization constants */
ctx->state[0] = 0x6A09E667;
ctx->state[1] = 0xBB67AE85;
ctx->state[2] = 0x3C6EF372;
ctx->state[3] = 0xA54FF53A;
ctx->state[4] = 0x510E527F;
ctx->state[5] = 0x9B05688C;
ctx->state[6] = 0x1F83D9AB;
ctx->state[7] = 0x5BE0CD19;
}
/* Add bytes into the hash */
void
SHA256_Update(SHA256_CTX * ctx, const unsigned char *src, size_t len)
{
uint32_t bitlen[2];
uint32_t r;
/* Number of bytes left in the buffer from previous updates */
r = (ctx->count[1] >> 3) & 0x3f;
/* Convert the length into a number of bits */
bitlen[1] = ((uint32_t)len) << 3;
bitlen[0] = (uint32_t)(len >> 29);
/* Update number of bits */
if ((ctx->count[1] += bitlen[1]) < bitlen[1])
ctx->count[0]++;
ctx->count[0] += bitlen[0];
/* Handle the case where we don't need to perform any transforms */
if (len < 64 - r) {
memcpy(&ctx->buf[r], src, len);
return;
}
/* Finish the current block */
memcpy(&ctx->buf[r], src, 64 - r);
SHA256_Transform(ctx->state, ctx->buf);
src += 64 - r;
len -= 64 - r;
/* Perform complete blocks */
while (len >= 64) {
SHA256_Transform(ctx->state, src);
src += 64;
len -= 64;
}
/* Copy left over data into buffer */
memcpy(ctx->buf, src, len);
}
/*
* SHA-256 finalization. Pads the input data, exports the hash value,
* and clears the context state.
*/
void
SHA256_Final(unsigned char digest[32], SHA256_CTX * ctx)
{
/* Add padding */
SHA256_Pad(ctx);
/* Write the hash */
be32enc_vect(digest, ctx->state, 32);
/* Clear the context state */
memset((void *)ctx, 0, sizeof(*ctx));
}

View File

@ -29,8 +29,11 @@ __FBSDID("$FreeBSD$");
#include <time.h>
#include <string.h>
#include "sha.h"
#include "sha256.h"
#if SHA == 1
#define SHA_Data SHA1_Data
#elif SHA == 256
#define SHA_Data SHA256_Data
#endif
/* Digests a string and prints the result.
@ -38,7 +41,7 @@ __FBSDID("$FreeBSD$");
static void SHAString (string)
char *string;
{
char buf[2*20+1];
char buf[2*32+1];
printf ("SHA-%d (\"%s\") = %s\n",
SHA, string, SHA_Data(string,strlen(string),buf));

View File

@ -4,10 +4,12 @@
PROG= md5
LINKS= ${BINDIR}/md5 ${BINDIR}/rmd160 \
${BINDIR}/md5 ${BINDIR}/sha1
${BINDIR}/md5 ${BINDIR}/sha1 \
${BINDIR}/md5 ${BINDIR}/sha256
MLINKS= md5.1 rmd160.1 \
md5.1 sha1.1
md5.1 sha1.1 \
md5.1 sha256.1
WARNS?= 6
WFORMAT?= 1

View File

@ -27,6 +27,7 @@ __FBSDID("$FreeBSD$");
#include <md5.h>
#include <ripemd.h>
#include <sha.h>
#include <sha256.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@ -50,6 +51,7 @@ typedef char *(DIGEST_End)(void *, char *);
extern const char *MD5TestOutput[MDTESTCOUNT];
extern const char *SHA1_TestOutput[MDTESTCOUNT];
extern const char *SHA256_TestOutput[MDTESTCOUNT];
extern const char *RIPEMD160_TestOutput[MDTESTCOUNT];
typedef struct Algorithm_t {
@ -73,11 +75,13 @@ static void usage(Algorithm_t *);
typedef union {
MD5_CTX md5;
SHA1_CTX sha1;
SHA256_CTX sha256;
RIPEMD160_CTX ripemd160;
} DIGEST_CTX;
/* max(MD5_DIGEST_LENGTH, SHA_DIGEST_LENGTH, RIPEMD160_DIGEST_LENGTH)*2+1 */
#define HEX_DIGEST_LENGTH 41
/* max(MD5_DIGEST_LENGTH, SHA_DIGEST_LENGTH,
SHA256_DIGEST_LENGTH, RIPEMD160_DIGEST_LENGTH)*2+1 */
#define HEX_DIGEST_LENGTH 65
/* algorithm function table */
@ -88,6 +92,9 @@ struct Algorithm_t Algorithm[] = {
{ "sha1", "SHA1", &SHA1_TestOutput, (DIGEST_Init*)&SHA1_Init,
(DIGEST_Update*)&SHA1_Update, (DIGEST_End*)&SHA1_End,
&SHA1_Data, &SHA1_File },
{ "sha256", "SHA256", &SHA256_TestOutput, (DIGEST_Init*)&SHA256_Init,
(DIGEST_Update*)&SHA256_Update, (DIGEST_End*)&SHA256_End,
&SHA256_Data, &SHA256_File },
{ "rmd160", "RMD160", &RIPEMD160_TestOutput,
(DIGEST_Init*)&RIPEMD160_Init, (DIGEST_Update*)&RIPEMD160_Update,
(DIGEST_End*)&RIPEMD160_End, &RIPEMD160_Data, &RIPEMD160_File }
@ -279,6 +286,17 @@ const char *SHA1_TestOutput[MDTESTCOUNT] = {
"18eca4333979c4181199b7b4fab8786d16cf2846"
};
const char *SHA256_TestOutput[MDTESTCOUNT] = {
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb",
"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad",
"f7846f55cf23e14eebeab5b4e1550cad5b509e3348fbc4efa3a1413d393cb650",
"71c480df93d6ae2f1efad1447c66c9525e316218cf51fc8d9ed832f2daf18b73",
"db4bfcbd4da0cd85a60c3c37d3fbd8805c77f15fc6b1fdfe614ee0a7c8fdb4c0",
"f371bc4a311f2b009eef952dd83ca80e2b60026c8e935592d0f9c308453c813e",
"e6eae09f10ad4122a0e2a4075761d185a272ebd9f5aa489e998ff2f09cbfdd9f"
};
const char *RIPEMD160_TestOutput[MDTESTCOUNT] = {
"9c1185a5c5e9fc54612808977ee8f548b2258d31",
"0bdc9d2d256b3ee9daae347be6f4dc835a467ffe",