From e3a95f95e7ed9a06a15979f421647d647f376f1f Mon Sep 17 00:00:00 2001 From: cem Date: Mon, 9 Jul 2018 08:19:04 +0000 Subject: [PATCH] Integrate SHA2-224 with userspace components The double compilation of the kernel sources in libmd and libcrypt is baffling, but add yet another define hack to prevent duplicate symbols. Add documentation and SHA2-224 test cases to libmd. Integrate with the md5(1) command, document, and add more test cases; self-tests pass. --- lib/libcrypt/Makefile | 1 + lib/libmd/Makefile | 38 +++++++++++++++++++++---- lib/libmd/sha256.3 | 30 ++++++++++++++++++-- lib/libmd/shadriver.c | 4 +++ sbin/md5/Makefile | 2 ++ sbin/md5/md5.1 | 66 ++++++++----------------------------------- sbin/md5/md5.c | 17 +++++++++++ 7 files changed, 96 insertions(+), 62 deletions(-) diff --git a/lib/libcrypt/Makefile b/lib/libcrypt/Makefile index 611b42ab038c..1aa4c66d9cc7 100644 --- a/lib/libcrypt/Makefile +++ b/lib/libcrypt/Makefile @@ -31,6 +31,7 @@ CFLAGS+= -I${.CURDIR} -DHAS_DES -DHAS_BLOWFISH .for sym in MD4Init MD4Final MD4Update MD4Pad \ MD5Init MD5Final MD5Update MD5Pad \ + SHA224_Init SHA224_Final SHA224_Update \ SHA256_Init SHA256_Final SHA256_Update \ SHA512_224_Init SHA512_224_Final SHA512_224_Update \ SHA512_256_Init SHA512_256_Final SHA512_256_Update \ diff --git a/lib/libmd/Makefile b/lib/libmd/Makefile index 98c352917dba..2fc24d90043d 100644 --- a/lib/libmd/Makefile +++ b/lib/libmd/Makefile @@ -7,13 +7,13 @@ SHLIBDIR?= /lib SRCS= md4c.c md5c.c md4hl.c md5hl.c \ rmd160c.c rmd160hl.c \ sha0c.c sha0hl.c sha1c.c sha1hl.c \ - sha256c.c sha256hl.c \ + sha224hl.c sha256c.c sha256hl.c \ sha384hl.c \ sha512c.c sha512hl.c sha512thl.c \ skein.c skein_block.c \ skein256hl.c skein512hl.c skein1024hl.c -INCS= md4.h md5.h ripemd.h sha.h sha256.h sha384.h sha512.h sha512t.h \ - skein.h skein_port.h skein_freebsd.h skein_iv.h +INCS= md4.h md5.h ripemd.h sha.h sha224.h sha256.h sha384.h sha512.h \ + sha512t.h skein.h skein_port.h skein_freebsd.h skein_iv.h WARNS?= 0 @@ -34,6 +34,10 @@ MLINKS+=sha.3 SHA_Data.3 MLINKS+=sha.3 SHA1_Init.3 sha.3 SHA1_Update.3 sha.3 SHA1_Final.3 MLINKS+=sha.3 SHA1_End.3 sha.3 SHA1_File.3 sha.3 SHA1_FileChunk.3 MLINKS+=sha.3 SHA1_Data.3 +MLINKS+=sha256.3 SHA224_Init.3 sha256.3 SHA224_Update.3 +MLINKS+=sha256.3 SHA224_Final.3 sha256.3 SHA224_End.3 +MLINKS+=sha256.3 SHA224_File.3 sha256.3 SHA224_FileChunk.3 +MLINKS+=sha256.3 SHA224_Data.3 MLINKS+=sha256.3 SHA256_Init.3 sha256.3 SHA256_Update.3 MLINKS+=sha256.3 SHA256_Final.3 sha256.3 SHA256_End.3 MLINKS+=sha256.3 SHA256_File.3 sha256.3 SHA256_FileChunk.3 @@ -66,7 +70,8 @@ MLINKS+=skein.3 SKEIN1024_Data.3 skein.3 skein1024.3 CLEANFILES+= md[245]hl.c md[245].ref md[245].3 mddriver \ rmd160.ref rmd160hl.c rmddriver \ sha0.ref sha0hl.c sha1.ref sha1hl.c shadriver \ - sha256.ref sha256hl.c sha384hl.c sha384.ref \ + sha224.ref sha256.ref sha224hl.c sha256hl.c \ + sha384hl.c sha384.ref \ sha512.ref sha512hl.c sha512t256.ref sha512thl.c \ skein256hl.c skein512hl.c skein1024hl.c \ skein256.ref skein512.ref skein1024.ref \ @@ -130,6 +135,12 @@ sha1hl.c: mdXhl.c sed -e 's/mdX/sha/g' -e 's/MDX/SHA1_/g' -e 's/SHA1__/SHA1_/g' \ ${.ALLSRC}) > ${.TARGET} +sha224hl.c: mdXhl.c + (echo '#define LENGTH 28'; \ + sed -e 's/mdX/sha224/g' -e 's/MDX/SHA224_/g' \ + -e 's/SHA224__/SHA224_/g' \ + ${.ALLSRC}) > ${.TARGET} + sha256hl.c: mdXhl.c (echo '#define LENGTH 32'; \ sed -e 's/mdX/sha256/g' -e 's/MDX/SHA256_/g' \ @@ -234,6 +245,20 @@ sha1.ref: @echo 'SHA-1 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ '50abf5706a150990a08b2c5ea40fa0e585554732' >> ${.TARGET} +sha224.ref: + echo 'SHA-224 test suite:' > ${.TARGET} + @echo 'SHA-224 ("") = d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f' >> ${.TARGET} + @echo 'SHA-224 ("abc") =' \ + '23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7' >> ${.TARGET} + @echo 'SHA-224 ("message digest") =' \ + '2cb21c83ae2f004de7e81c3c7019cbcb65b71ab656b22d6d0c39b8eb' >> ${.TARGET} + @echo 'SHA-224 ("abcdefghijklmnopqrstuvwxyz") =' \ + '45a5f72c39c5cff2522eb3429799e49e5f44b356ef926bcf390dccc2' >> ${.TARGET} + @echo 'SHA-224 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ + 'bff72b4fcb7d75e5632900ac5f90d219e05e97a7bde72e740db393d9' >> ${.TARGET} + @echo 'SHA-224 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ + 'b50aecbe4e9bb0b57bc5f3ae760a8e01db24f203fb3cdcd13148046e' >> ${.TARGET} + sha256.ref: echo 'SHA-256 test suite:' > ${.TARGET} @echo 'SHA-256 ("") = e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855' >> ${.TARGET} @@ -349,7 +374,7 @@ skein1024.ref: @echo 'SKEIN1024 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ 'cf21a613620e6c119eca31fdfaad449a8e02f95ca256c21d2a105f8e4157048f9fe1e897893ea18b64e0e37cb07d5ac947f27ba544caf7cbc1ad094e675aed77a366270f7eb7f46543bccfa61c526fd628408058ed00ed566ac35a9761d002e629c4fb0d430b2f4ad016fcc49c44d2981c4002da0eecc42144160e2eaea4855a' >> ${.TARGET} -test: md4.ref md5.ref sha0.ref rmd160.ref sha1.ref sha256.ref sha384.ref \ +test: md4.ref md5.ref sha0.ref rmd160.ref sha1.ref sha224.ref sha256.ref sha384.ref \ sha512.ref sha512t256.ref skein256.ref skein512.ref skein1024.ref @${ECHO} if any of these test fail, the code produces wrong results @${ECHO} and should NOT be used. @@ -370,6 +395,9 @@ test: md4.ref md5.ref sha0.ref rmd160.ref sha1.ref sha256.ref sha384.ref \ ${CC} ${CFLAGS} ${LDFLAGS} -DSHA=1 -o shadriver ${.CURDIR}/shadriver.c libmd.a ./shadriver | cmp sha1.ref - @${ECHO} SHA-1 passed test + ${CC} ${CFLAGS} ${LDFLAGS} -DSHA=224 -o shadriver ${.CURDIR}/shadriver.c libmd.a + ./shadriver | cmp sha224.ref - + @${ECHO} SHA-224 passed test ${CC} ${CFLAGS} ${LDFLAGS} -DSHA=256 -o shadriver ${.CURDIR}/shadriver.c libmd.a ./shadriver | cmp sha256.ref - @${ECHO} SHA-256 passed test diff --git a/lib/libmd/sha256.3 b/lib/libmd/sha256.3 index 530c64416df0..25bbb1220486 100644 --- a/lib/libmd/sha256.3 +++ b/lib/libmd/sha256.3 @@ -9,10 +9,17 @@ .\" From: Id: mdX.3,v 1.14 1999/02/11 20:31:49 wollman Exp .\" $FreeBSD$ .\" -.Dd April 26, 2016 +.Dd July 9, 2018 .Dt SHA256 3 .Os .Sh NAME +.Nm SHA224_Init , +.Nm SHA224_Update , +.Nm SHA224_Final , +.Nm SHA224_End , +.Nm SHA224_File , +.Nm SHA224_FileChunk , +.Nm SHA224_Data , .Nm SHA256_Init , .Nm SHA256_Update , .Nm SHA256_Final , @@ -20,11 +27,26 @@ .Nm SHA256_File , .Nm SHA256_FileChunk , .Nm SHA256_Data -.Nd calculate the FIPS 180-2 ``SHA-256'' message digest +.Nd calculate the FIPS 180-2 ``SHA-256'' (or SHA-224) message digest .Sh LIBRARY .Lb libmd .Sh SYNOPSIS .In sys/types.h +.In sha224.h +.Ft void +.Fn SHA224_Init "SHA224_CTX *context" +.Ft void +.Fn SHA224_Update "SHA224_CTX *context" "const unsigned char *data" "size_t len" +.Ft void +.Fn SHA224_Final "unsigned char digest[32]" "SHA224_CTX *context" +.Ft "char *" +.Fn SHA224_End "SHA224_CTX *context" "char *buf" +.Ft "char *" +.Fn SHA224_File "const char *filename" "char *buf" +.Ft "char *" +.Fn SHA224_FileChunk "const char *filename" "char *buf" "off_t offset" "off_t length" +.Ft "char *" +.Fn SHA224_Data "const unsigned char *data" "unsigned int len" "char *buf" .In sha256.h .Ft void .Fn SHA256_Init "SHA256_CTX *context" @@ -119,12 +141,14 @@ after use. If the .Fa buf argument is non-null it must point to at least 65 characters of buffer space. +.Pp +SHA224 is identical SHA256, except it has slightly different initialization +vectors, and is truncated to a shorter digest. .Sh SEE ALSO .Xr md4 3 , .Xr md5 3 , .Xr ripemd 3 , .Xr sha 3 , -.Xr sha256 3 , .Xr sha512 3 , .Xr skein 3 .Sh HISTORY diff --git a/lib/libmd/shadriver.c b/lib/libmd/shadriver.c index a0472f016364..f5026eb3cc5d 100644 --- a/lib/libmd/shadriver.c +++ b/lib/libmd/shadriver.c @@ -24,6 +24,7 @@ __FBSDID("$FreeBSD$"); #include #include "sha.h" +#include "sha224.h" #include "sha256.h" #include "sha384.h" #include "sha512.h" @@ -38,6 +39,9 @@ __FBSDID("$FreeBSD$"); #if SHA == 1 #undef SHA_Data #define SHA_Data SHA1_Data +#elif SHA == 224 +#undef SHA_Data +#define SHA_Data SHA224_Data #elif SHA == 256 #undef SHA_Data #define SHA_Data SHA256_Data diff --git a/sbin/md5/Makefile b/sbin/md5/Makefile index cb643ea18bef..c284be13161b 100644 --- a/sbin/md5/Makefile +++ b/sbin/md5/Makefile @@ -6,6 +6,7 @@ PROG= md5 LINKS= ${BINDIR}/md5 ${BINDIR}/rmd160 \ ${BINDIR}/md5 ${BINDIR}/sha1 \ + ${BINDIR}/md5 ${BINDIR}/sha224 \ ${BINDIR}/md5 ${BINDIR}/sha256 \ ${BINDIR}/md5 ${BINDIR}/sha384 \ ${BINDIR}/md5 ${BINDIR}/sha512 \ @@ -16,6 +17,7 @@ LINKS= ${BINDIR}/md5 ${BINDIR}/rmd160 \ MLINKS= md5.1 rmd160.1 \ md5.1 sha1.1 \ + md5.1 sha224.1 \ md5.1 sha256.1 \ md5.1 sha384.1 \ md5.1 sha512.1 \ diff --git a/sbin/md5/md5.1 b/sbin/md5/md5.1 index 2c2566b71aab..1cf0db333b74 100644 --- a/sbin/md5/md5.1 +++ b/sbin/md5/md5.1 @@ -1,65 +1,22 @@ .\" $FreeBSD$ -.Dd March 2, 2017 +.Dd July 9, 2018 .Dt MD5 1 .Os .Sh NAME -.Nm md5 , sha1 , sha256 , sha384 , sha512 , sha512t256 , rmd160 , +.Nm md5 , sha1 , sha224 , sha256 , sha384 , sha512 , sha512t256 , rmd160 , .Nm skein256 , skein512 , skein1024 .Nd calculate a message-digest fingerprint (checksum) for a file .Sh SYNOPSIS -.Nm md5 -.Op Fl pqrtx -.Op Fl c Ar string -.Op Fl s Ar string -.Op Ar -.Nm sha1 -.Op Fl pqrtx -.Op Fl c Ar string -.Op Fl s Ar string -.Op Ar -.Nm sha256 -.Op Fl pqrtx -.Op Fl c Ar string -.Op Fl s Ar string -.Op Ar -.Nm sha384 -.Op Fl pqrtx -.Op Fl c Ar string -.Op Fl s Ar string -.Op Ar -.Nm sha512 -.Op Fl pqrtx -.Op Fl c Ar string -.Op Fl s Ar string -.Op Ar -.Nm sha512t256 -.Op Fl pqrtx -.Op Fl c Ar string -.Op Fl s Ar string -.Op Ar -.Nm rmd160 -.Op Fl pqrtx -.Op Fl c Ar string -.Op Fl s Ar string -.Op Ar -.Nm skein256 -.Op Fl pqrtx -.Op Fl c Ar string -.Op Fl s Ar string -.Op Ar -.Nm skein512 -.Op Fl pqrtx -.Op Fl c Ar string -.Op Fl s Ar string -.Op Ar -.Nm skein1024 +.Nm .Op Fl pqrtx .Op Fl c Ar string .Op Fl s Ar string .Op Ar +.Pp +(All other hashes have the same options and usage.) .Sh DESCRIPTION The -.Nm md5 , sha1 , sha256 , sha384 , sha512, sha512t256, rmd160, +.Nm md5 , sha1 , sha224 , sha256 , sha384 , sha512, sha512t256, rmd160, .Nm skein256, skein512, and .Nm skein1024 @@ -73,7 +30,7 @@ It is conjectured that it is computationally infeasible to produce two messages having the same message digest, or to produce any message having a given prespecified target message digest. The -.Tn MD5 , SHA-1 , SHA-256 , SHA-384 , SHA-512, RIPEMD-160, +.Tn SHA-224 , SHA-256 , SHA-384 , SHA-512, RIPEMD-160, and .Tn SKEIN algorithms are intended for digital signature applications, where a @@ -89,8 +46,8 @@ The and .Tn SHA-1 algorithms have been proven to be vulnerable to practical collision -attacks and should not be relied upon to produce unique outputs, nor -should they be used as part of a cryptographic signature scheme. +attacks and should not be relied upon to produce unique outputs, +.Em nor should they be used as part of a cryptographic signature scheme. As of 2017-03-02, there is no publicly known method to .Em reverse either algorithm, i.e. to find an input that produces a specific @@ -143,8 +100,8 @@ Run a built-in test script. .El .Sh EXIT STATUS The -.Nm md5 , sha1 , sha256 , sha512, sha512t256, rmd160, -.Nm skein256, skein512, +.Nm md5 , sha1 , sha224 , sha256 , sha512 , sha512t256 , rmd160 , +.Nm skein256 , skein512, and .Nm skein1024 utilities exit 0 on success, @@ -157,6 +114,7 @@ option. .Xr md5 3 , .Xr ripemd 3 , .Xr sha 3 , +.Xr sha224 3 , .Xr sha256 3 , .Xr sha384 3 , .Xr sha512 3 , diff --git a/sbin/md5/md5.c b/sbin/md5/md5.c index 06f322a65fb1..9880c77ae0d5 100644 --- a/sbin/md5/md5.c +++ b/sbin/md5/md5.c @@ -29,6 +29,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include #include @@ -59,6 +60,7 @@ typedef char *(DIGEST_End)(void *, char *); extern const char *MD5TestOutput[MDTESTCOUNT]; extern const char *SHA1_TestOutput[MDTESTCOUNT]; +extern const char *SHA224_TestOutput[MDTESTCOUNT]; extern const char *SHA256_TestOutput[MDTESTCOUNT]; extern const char *SHA384_TestOutput[MDTESTCOUNT]; extern const char *SHA512_TestOutput[MDTESTCOUNT]; @@ -89,6 +91,7 @@ static void usage(const Algorithm_t *); typedef union { MD5_CTX md5; SHA1_CTX sha1; + SHA224_CTX sha224; SHA256_CTX sha256; SHA384_CTX sha384; SHA512_CTX sha512; @@ -112,6 +115,9 @@ static const struct Algorithm_t Algorithm[] = { { "sha1", "SHA1", &SHA1_TestOutput, (DIGEST_Init*)&SHA1_Init, (DIGEST_Update*)&SHA1_Update, (DIGEST_End*)&SHA1_End, &SHA1_Data, &SHA1_Fd }, + { "sha224", "SHA224", &SHA224_TestOutput, (DIGEST_Init*)&SHA224_Init, + (DIGEST_Update*)&SHA224_Update, (DIGEST_End*)&SHA224_End, + &SHA224_Data, &SHA224_Fd }, { "sha256", "SHA256", &SHA256_TestOutput, (DIGEST_Init*)&SHA256_Init, (DIGEST_Update*)&SHA256_Update, (DIGEST_End*)&SHA256_End, &SHA256_Data, &SHA256_Fd }, @@ -368,6 +374,17 @@ const char *SHA1_TestOutput[MDTESTCOUNT] = { "18eca4333979c4181199b7b4fab8786d16cf2846" }; +const char *SHA224_TestOutput[MDTESTCOUNT] = { + "d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f", + "abd37534c7d9a2efb9465de931cd7055ffdb8879563ae98078d6d6d5", + "23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7", + "2cb21c83ae2f004de7e81c3c7019cbcb65b71ab656b22d6d0c39b8eb", + "45a5f72c39c5cff2522eb3429799e49e5f44b356ef926bcf390dccc2", + "bff72b4fcb7d75e5632900ac5f90d219e05e97a7bde72e740db393d9", + "b50aecbe4e9bb0b57bc5f3ae760a8e01db24f203fb3cdcd13148046e", + "5ae55f3779c8a1204210d7ed7689f661fbe140f96f272ab79e19d470" +}; + const char *SHA256_TestOutput[MDTESTCOUNT] = { "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb",