From 26b1fd1dc483e734371bd147dc3ba5de33edcf25 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20Tvrd=C3=ADk?= <pawel.tvrdik@gmail.cz>
Date: Thu, 23 Apr 2015 15:18:27 +0200
Subject: [PATCH] Add SHA256, SHA224 hash libraries and unit tests
---
lib/Modules | 1 +
lib/sha256.c | 341 ++++++++++++++++++++++++++++++++++++++++
lib/sha256.h | 45 ++++++
lib/sha256_test.c | 162 +++++++++++++++++++
test/birdtest_support.h | 2 +
5 files changed, 551 insertions(+)
create mode 100644 lib/sha256.c
create mode 100644 lib/sha256.h
create mode 100644 lib/sha256_test.c
diff --git a/lib/Modules b/lib/Modules
index f483da23..1c63c3f3 100644
--- a/lib/Modules
+++ b/lib/Modules
@@ -1,3 +1,4 @@
+sha256.c
sha1.c
sha1.h
sha1_hmac.c
diff --git a/lib/sha256.c b/lib/sha256.c
new file mode 100644
index 00000000..a7b47155
--- /dev/null
+++ b/lib/sha256.c
@@ -0,0 +1,341 @@
+/*
+ * BIRD -- SHA256 and SHA224 Hash Functions
+ *
+ * (c) 2015 CZ.NIC z.s.p.o.
+ *
+ * Based on the code from libgcrypt-1.6.0, which is
+ * (c) 2003, 2006, 2008, 2009 Free Software Foundation, Inc.
+ *
+ * Can be freely distributed and used under the terms of the GNU GPL.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <netinet/in.h>
+
+#include "lib/sha256.h"
+#include "lib/unaligned.h"
+
+void
+sha256_init(sha256_context *ctx)
+{
+ ctx->h0 = 0x6a09e667;
+ ctx->h1 = 0xbb67ae85;
+ ctx->h2 = 0x3c6ef372;
+ ctx->h3 = 0xa54ff53a;
+ ctx->h4 = 0x510e527f;
+ ctx->h5 = 0x9b05688c;
+ ctx->h6 = 0x1f83d9ab;
+ ctx->h7 = 0x5be0cd19;
+
+ ctx->nblocks = 0;
+ ctx->nblocks_high = 0;
+ ctx->count = 0;
+}
+
+void
+sha224_init(sha224_context *ctx)
+{
+ ctx->h0 = 0xc1059ed8;
+ ctx->h1 = 0x367cd507;
+ ctx->h2 = 0x3070dd17;
+ ctx->h3 = 0xf70e5939;
+ ctx->h4 = 0xffc00b31;
+ ctx->h5 = 0x68581511;
+ ctx->h6 = 0x64f98fa7;
+ ctx->h7 = 0xbefa4fa4;
+
+ ctx->nblocks = 0;
+ ctx->nblocks_high = 0;
+ ctx->count = 0;
+}
+
+/* (4.2) same as SHA-1's F1. */
+static inline u32
+f1(u32 x, u32 y, u32 z)
+{
+ return (z ^ (x & (y ^ z)));
+}
+
+/* (4.3) same as SHA-1's F3 */
+static inline u32
+f3(u32 x, u32 y, u32 z)
+{
+ return ((x & y) | (z & (x|y)));
+}
+
+/* Bitwise rotation of an unsigned int to the right */
+static inline u32 ror(u32 x, int n)
+{
+ return ( (x >> (n&(32-1))) | (x << ((32-n)&(32-1))) );
+}
+
+/* (4.4) */
+static inline u32
+sum0(u32 x)
+{
+ return (ror(x, 2) ^ ror(x, 13) ^ ror(x, 22));
+}
+
+/* (4.5) */
+static inline u32
+sum1(u32 x)
+{
+ return (ror(x, 6) ^ ror(x, 11) ^ ror(x, 25));
+}
+
+/*
+ Transform the message X which consists of 16 32-bit-words. See FIPS
+ 180-2 for details. */
+#define S0(x) (ror((x), 7) ^ ror((x), 18) ^ ((x) >> 3)) /* (4.6) */
+#define S1(x) (ror((x), 17) ^ ror((x), 19) ^ ((x) >> 10)) /* (4.7) */
+#define R(a,b,c,d,e,f,g,h,k,w) \
+ do \
+ { \
+ t1 = (h) + sum1((e)) + f1((e),(f),(g)) + (k) + (w); \
+ t2 = sum0((a)) + f3((a),(b),(c)); \
+ h = g; \
+ g = f; \
+ f = e; \
+ e = d + t1; \
+ d = c; \
+ c = b; \
+ b = a; \
+ a = t1 + t2; \
+ } while (0)
+
+static unsigned int
+transform_blk(void *ctx, const unsigned char *data)
+{
+ sha256_context *hd = ctx;
+ static const u32 K[64] = {
+ 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
+ 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
+ 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
+ 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
+ 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
+ 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
+ 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
+ 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
+ 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
+ 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
+ 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
+ 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
+ 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
+ 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
+ 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
+ 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
+ };
+
+ u32 a,b,c,d,e,f,g,h,t1,t2;
+ u32 w[64];
+ int i;
+
+ a = hd->h0;
+ b = hd->h1;
+ c = hd->h2;
+ d = hd->h3;
+ e = hd->h4;
+ f = hd->h5;
+ g = hd->h6;
+ h = hd->h7;
+
+ for (i = 0; i < 16; i++)
+ w[i] = get_u32(data + i * 4);
+ for (; i < 64; i++)
+ w[i] = S1(w[i-2]) + w[i-7] + S0(w[i-15]) + w[i-16];
+
+ for (i = 0; i < 64;)
+ {
+ t1 = h + sum1(e) + f1(e, f, g) + K[i] + w[i];
+ t2 = sum0 (a) + f3(a, b, c);
+ d += t1;
+ h = t1 + t2;
+
+ t1 = g + sum1(d) + f1(d, e, f) + K[i+1] + w[i+1];
+ t2 = sum0 (h) + f3(h, a, b);
+ c += t1;
+ g = t1 + t2;
+
+ t1 = f + sum1(c) + f1(c, d, e) + K[i+2] + w[i+2];
+ t2 = sum0 (g) + f3(g, h, a);
+ b += t1;
+ f = t1 + t2;
+
+ t1 = e + sum1(b) + f1(b, c, d) + K[i+3] + w[i+3];
+ t2 = sum0 (f) + f3(f, g, h);
+ a += t1;
+ e = t1 + t2;
+
+ t1 = d + sum1(a) + f1(a, b, c) + K[i+4] + w[i+4];
+ t2 = sum0 (e) + f3(e, f, g);
+ h += t1;
+ d = t1 + t2;
+
+ t1 = c + sum1(h) + f1(h, a, b) + K[i+5] + w[i+5];
+ t2 = sum0 (d) + f3(d, e, f);
+ g += t1;
+ c = t1 + t2;
+
+ t1 = b + sum1(g) + f1(g, h, a) + K[i+6] + w[i+6];
+ t2 = sum0 (c) + f3(c, d, e);
+ f += t1;
+ b = t1 + t2;
+
+ t1 = a + sum1(f) + f1(f, g, h) + K[i+7] + w[i+7];
+ t2 = sum0 (b) + f3(b, c, d);
+ e += t1;
+ a = t1 + t2;
+
+ i += 8;
+ }
+
+ hd->h0 += a;
+ hd->h1 += b;
+ hd->h2 += c;
+ hd->h3 += d;
+ hd->h4 += e;
+ hd->h5 += f;
+ hd->h6 += g;
+ hd->h7 += h;
+
+ return /*burn_stack*/ 74*4+32;
+}
+#undef S0
+#undef S1
+#undef R
+
+static unsigned int
+sha256_transform(void *ctx, const unsigned char *data, size_t nblks)
+{
+ sha256_context *hd = ctx;
+ unsigned int burn;
+
+ do
+ {
+ burn = transform_blk(hd, data);
+ data += 64;
+ }
+ while (--nblks);
+
+ return burn;
+}
+
+/* Common function to write a chunk of data to the transform function
+ of a hash algorithm. Note that the use of the term "block" does
+ not imply a fixed size block. Note that we explicitly allow to use
+ this function after the context has been finalized; the result does
+ not have any meaning but writing after finalize is sometimes
+ helpful to mitigate timing attacks. */
+void
+sha256_update(sha256_context *ctx, const byte *in_buf, size_t in_len)
+{
+ unsigned int stack_burn = 0;
+ const unsigned int blocksize = 64;
+ size_t inblocks;
+
+ if (sizeof(ctx->buf) < blocksize)
+ debug("BUG: in file %s at line %d", __FILE__ , __LINE__);
+
+ if (ctx->count == blocksize) /* Flush the buffer. */
+ {
+ stack_burn = sha256_transform(ctx, ctx->buf, 1);
+ stack_burn = 0;
+ ctx->count = 0;
+ if (!++ctx->nblocks)
+ ctx->nblocks_high++;
+ }
+ if (!in_buf)
+ return;
+
+ if (ctx->count)
+ {
+ for (; in_len && ctx->count < blocksize; in_len--)
+ ctx->buf[ctx->count++] = *in_buf++;
+ sha256_update(ctx, NULL, 0);
+ if (!in_len)
+ return;
+ }
+
+ if (in_len >= blocksize)
+ {
+ inblocks = in_len / blocksize;
+ stack_burn = sha256_transform(ctx, in_buf, inblocks);
+ ctx->count = 0;
+ ctx->nblocks_high += (ctx->nblocks + inblocks < inblocks);
+ ctx->nblocks += inblocks;
+ in_len -= inblocks * blocksize;
+ in_buf += inblocks * blocksize;
+ }
+ for (; in_len && ctx->count < blocksize; in_len--)
+ ctx->buf[ctx->count++] = *in_buf++;
+}
+
+/*
+ The routine finally terminates the computation and returns the
+ digest. The handle is prepared for a new cycle, but adding bytes
+ to the handle will the destroy the returned buffer. Returns: 32
+ bytes with the message the digest. */
+byte*
+sha256_final(sha256_context *ctx)
+{
+ u32 t, th, msb, lsb;
+ byte *p;
+ unsigned int burn;
+
+ sha256_update(ctx, NULL, 0); /* flush */;
+
+ t = ctx->nblocks;
+ if (sizeof t == sizeof ctx->nblocks)
+ th = ctx->nblocks_high;
+ else
+ th = ctx->nblocks >> 32;
+
+ /* multiply by 64 to make a byte count */
+ lsb = t << 6;
+ msb = (th << 6) | (t >> 26);
+ /* add the count */
+ t = lsb;
+ if ((lsb += ctx->count) < t)
+ msb++;
+ /* multiply by 8 to make a bit count */
+ t = lsb;
+ lsb <<= 3;
+ msb <<= 3;
+ msb |= t >> 29;
+
+ if (ctx->count < 56)
+ { /* enough room */
+ ctx->buf[ctx->count++] = 0x80; /* pad */
+ while (ctx->count < 56)
+ ctx->buf[ctx->count++] = 0; /* pad */
+ }
+ else
+ { /* need one extra block */
+ ctx->buf[ctx->count++] = 0x80; /* pad character */
+ while (ctx->count < 64)
+ ctx->buf[ctx->count++] = 0;
+ sha256_update(ctx, NULL, 0); /* flush */;
+ memset (ctx->buf, 0, 56 ); /* fill next block with zeroes */
+ }
+ /* append the 64 bit count */
+ put_u32(ctx->buf + 56, msb);
+ put_u32(ctx->buf + 60, lsb);
+ burn = sha256_transform(ctx, ctx->buf, 1);
+
+ p = ctx->buf;
+
+#define X(a) do { put_u32(p, ctx->h##a); p += 4; } while(0)
+ X(0);
+ X(1);
+ X(2);
+ X(3);
+ X(4);
+ X(5);
+ X(6);
+ X(7);
+#undef X
+
+ return ctx->buf;
+}
diff --git a/lib/sha256.h b/lib/sha256.h
new file mode 100644
index 00000000..622f7603
--- /dev/null
+++ b/lib/sha256.h
@@ -0,0 +1,45 @@
+/*
+ * BIRD -- SHA256 and SHA224 Hash Functions
+ *
+ * (c) 2015 CZ.NIC z.s.p.o.
+ *
+ * Based on the code from libgcrypt-1.6.0, which is
+ * (c) 2003, 2006, 2008, 2009 Free Software Foundation, Inc.
+ *
+ * Can be freely distributed and used under the terms of the GNU GPL.
+ */
+
+#ifndef _BIRD_SHA256_H
+#define _BIRD_SHA256_H
+
+#define SHA256_SIZE 32
+#define SHA256_HEX_SIZE 65
+
+#define SHA224_SIZE 28
+#define SHA224_HEX_SIZE 57
+
+typedef struct {
+ u32 h0,h1,h2,h3,h4,h5,h6,h7;
+ byte buf[64];
+ u32 nblocks;
+ u32 nblocks_high;
+ int count;
+} sha256_context;
+typedef sha256_context sha224_context;
+
+void sha256_init(sha256_context *ctx);
+void sha256_init(sha224_context *ctx);
+
+void sha256_update(sha256_context *ctx, const byte *in_buf, size_t in_len);
+void sha224_update(sha224_context *ctx, const byte *in_buf, size_t in_len)
+{
+ sha256_update(ctx, in_buf, in_len);
+}
+
+byte* sha256_final(sha256_context *ctx);
+byte* sha224_final(sha224_context *ctx)
+{
+ return sha256_final(ctx);
+}
+
+#endif
diff --git a/lib/sha256_test.c b/lib/sha256_test.c
new file mode 100644
index 00000000..1c450a7b
--- /dev/null
+++ b/lib/sha256_test.c
@@ -0,0 +1,162 @@
+/*
+ * BIRD Library -- SHA256 and SHA224 Hash Functions Tests
+ *
+ * (c) 2015 CZ.NIC z.s.p.o.
+ *
+ * Can be freely distributed and used under the terms of the GNU GPL.
+ */
+
+#include <stdlib.h>
+
+#include "test/birdtest.h"
+#include "test/birdtest_support.h"
+#include "sysdep/config.h"
+#include "lib/sha256.h"
+#include "lib/sha256.c" /* REMOVE ME */
+
+
+static void
+byte_to_hex(char *out, const byte *in, uint len)
+{
+ int i;
+ for(i = 0; i < len; i++)
+ sprintf(out + i*2, "%02x", in[i]);
+}
+
+static void
+get_sha256(const char *str, char (*out_hash)[SHA256_HEX_SIZE])
+{
+ sha256_context ctx;
+ sha256_init(&ctx);
+ sha256_update(&ctx, str, strlen(str));
+ byte *hash = sha256_final(&ctx);
+ byte_to_hex((char*)out_hash, hash, SHA256_SIZE);
+}
+
+static void
+get_sha224(const char *str, char (*out_hash)[SHA256_HEX_SIZE])
+{
+ sha224_context ctx;
+ sha224_init(&ctx);
+ sha224_update(&ctx, str, strlen(str));
+ byte *hash = sha224_final(&ctx);
+ byte_to_hex((char*)out_hash, hash, SHA224_SIZE);
+}
+
+static int
+t_sha256(void)
+{
+ struct in_out {
+ char *in;
+ char out[SHA256_HEX_SIZE];
+ } in_out[] = {
+ {
+ .in = "",
+ .out = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
+ },
+ {
+ .in = "a",
+ .out = "ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb",
+ },
+ {
+ .in = "abc",
+ .out = "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad",
+ },
+ {
+ .in = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+ .out = "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1",
+ },
+ {
+ .in = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+ .out = "970d31b428de8fea74b16484d8a8adb2c9e1bd974d7c621fd04332bc3499f117",
+ },
+ };
+
+ bt_assert_fn_in_out(get_sha256, in_out, "'%s'", "'%s'");
+
+ return BT_SUCCESS;
+}
+
+static int
+t_sha224(void)
+{
+ struct in_out {
+ char *in;
+ char out[SHA256_HEX_SIZE];
+ } in_out[] = {
+ {
+ .in = "",
+ .out = "d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f",
+ },
+ {
+ .in = "a",
+ .out = "abd37534c7d9a2efb9465de931cd7055ffdb8879563ae98078d6d6d5",
+ },
+ {
+ .in = "abc",
+ .out = "23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7",
+ },
+ {
+ .in = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+ .out = "75388b16512776cc5dba5da1fd890150b0c6455cb4f58b1952522525",
+ },
+ {
+ .in = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+ .out = "8a75b49f36c174693ee51a3f47c845d327dea06eab343cc15e975adf",
+ },
+
+ };
+
+ bt_assert_fn_in_out(get_sha224, in_out, "'%s'", "'%s'");
+
+ return BT_SUCCESS;
+}
+
+static int
+t_sha256_concating(void)
+{
+ char hash_a[SHA256_HEX_SIZE];
+ char hash_b[SHA256_HEX_SIZE];
+
+ char *str_a = "a" "bb" "ccc" "dddd" "eeeee" "ffffff";
+ char *str_b1 = "a" ;
+ char *str_b2 = "bb" ;
+ char *str_b3 = "ccc" ;
+ char *str_b4 = "dddd" ;
+ char *str_b5 = "eeeee" ;
+ char *str_b6 = "ffffff";
+
+ sha256_context ctx_a;
+ sha256_init(&ctx_a);
+ sha256_update(&ctx_a, str_a, strlen(str_a));
+ byte *hash_a_ = sha256_final(&ctx_a);
+ byte_to_hex(hash_a, hash_a_, SHA256_SIZE);
+
+ sha256_context ctx_b;
+ sha256_init(&ctx_b);
+ sha256_update(&ctx_b, str_b1, strlen(str_b1));
+ sha256_update(&ctx_b, str_b2, strlen(str_b2));
+ sha256_update(&ctx_b, str_b3, strlen(str_b3));
+ sha256_update(&ctx_b, str_b4, strlen(str_b4));
+ sha256_update(&ctx_b, str_b5, strlen(str_b5));
+ sha256_update(&ctx_b, str_b6, strlen(str_b6));
+ byte *hash_b_ = sha256_final(&ctx_b);
+ byte_to_hex(hash_b, hash_b_, SHA256_SIZE);
+
+ int are_hash_a_b_equal = (strncmp(hash_a, hash_b, sizeof(hash_a)) == 0);
+ bt_assert_msg(are_hash_a_b_equal, "Hashes are different: \n A: %s \n B: %s ", hash_a, hash_b);
+
+ return BT_SUCCESS;
+}
+
+int
+main(int argc, char *argv[])
+{
+ bt_init(argc, argv);
+
+ bt_test_suite(t_sha256, "Testing SHA256");
+ bt_test_suite(t_sha224, "Testing SHA224");
+ bt_test_suite(t_sha256_concating, "Testing concating input string to hash process via sha256_update");
+
+ return bt_end();
+}
diff --git a/test/birdtest_support.h b/test/birdtest_support.h
index 01ee56d1..8fb76fec 100644
--- a/test/birdtest_support.h
+++ b/test/birdtest_support.h
@@ -6,6 +6,8 @@
#include "lib/xmalloc.c" /* REMOVE ME */
#include "lib/bitops.c" /* REMOVE ME */
+#define bug(msg, ...) debug("BUG: " msg, ##__VA_ARGS__)
+
void
debug(const char *msg, ...)
{