From aeb17a716bc5307311b34d017e0fa6b5547dc62f Mon Sep 17 00:00:00 2001 From: tedu <> Date: Sat, 3 Sep 2016 16:25:03 +0000 Subject: [PATCH] Add functions for SHA512/256. The standard says you're supposed to start with different magic numbers, so we need to add some functions instead of just asking the user to truncate as desired. Sigh. SHA512 is quite a bit faster than SHA256 on 64 bit CPUs, but 256 bit hashes are usually quite sufficient. Best of both. ok deraadt tom --- src/lib/libc/hash/Makefile.inc | 11 ++++++-- src/lib/libc/hash/sha2.c | 51 +++++++++++++++++++++++++++++++++- 2 files changed, 58 insertions(+), 4 deletions(-) diff --git a/src/lib/libc/hash/Makefile.inc b/src/lib/libc/hash/Makefile.inc index 56444ea5..2baaf390 100644 --- a/src/lib/libc/hash/Makefile.inc +++ b/src/lib/libc/hash/Makefile.inc @@ -1,9 +1,9 @@ -# $OpenBSD: Makefile.inc,v 1.23 2016/03/30 06:38:41 jmc Exp $ +# $OpenBSD: Makefile.inc,v 1.24 2016/09/03 16:25:03 tedu Exp $ # hash functions .PATH: ${LIBCSRCDIR}/hash -HELPER= md5hl.c rmd160hl.c sha1hl.c sha224hl.c sha256hl.c sha384hl.c sha512hl.c +HELPER= md5hl.c rmd160hl.c sha1hl.c sha224hl.c sha256hl.c sha384hl.c sha512hl.c sha512_256hl.c SRCS+= md5.c rmd160.c sha1.c sha2.c ${HELPER} siphash.c MAN+= md5.3 rmd160.3 sha1.3 sha2.3 SipHash24.3 @@ -38,4 +38,9 @@ sha512hl.c: helper.c -e 's/HASH/SHA512/g' \ -e 's/SHA[0-9][0-9][0-9]_CTX/SHA2_CTX/g' $> > $@ -beforedepend: md5hl.c rmd160hl.c sha1hl.c sha256hl.c sha384hl.c sha512hl.c +sha512_256hl.c: helper.c + sed -e 's/hashinc/sha2.h/g' \ + -e 's/HASH/SHA512_256/g' \ + -e 's/SHA512_256_CTX/SHA2_CTX/g' $> > $@ + +beforedepend: md5hl.c rmd160hl.c sha1hl.c sha256hl.c sha384hl.c sha512hl.c sha512_256hl.c diff --git a/src/lib/libc/hash/sha2.c b/src/lib/libc/hash/sha2.c index 16486bcb..ec13e444 100644 --- a/src/lib/libc/hash/sha2.c +++ b/src/lib/libc/hash/sha2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sha2.c,v 1.24 2015/09/11 09:18:27 guenther Exp $ */ +/* $OpenBSD: sha2.c,v 1.25 2016/09/03 16:25:03 tedu Exp $ */ /* * FILE: sha2.c @@ -288,6 +288,18 @@ static const u_int64_t sha384_initial_hash_value[8] = { 0x47b5481dbefa4fa4ULL }; +/* Initial hash value H for SHA-512-256 */ +static const u_int64_t sha512_256_initial_hash_value[8] = { + 0x22312194fc2bf72cULL, + 0x9f555fa3c84c64c2ULL, + 0x2393b86b6f53b151ULL, + 0x963877195940eabdULL, + 0x96283ee2a88effe3ULL, + 0xbe5e1e2553863992ULL, + 0x2b0199fc2c85b8aaULL, + 0x0eb72ddc81c52ca2ULL +}; + /*** SHA-224: *********************************************************/ void SHA224Init(SHA2_CTX *context) @@ -923,4 +935,41 @@ SHA384Final(u_int8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *context) explicit_bzero(context, sizeof(*context)); } DEF_WEAK(SHA384Final); + +/*** SHA-512/256: *********************************************************/ +void +SHA512_256Init(SHA2_CTX *context) +{ + memcpy(context->state.st64, sha512_256_initial_hash_value, + sizeof(sha512_256_initial_hash_value)); + memset(context->buffer, 0, sizeof(context->buffer)); + context->bitcount[0] = context->bitcount[1] = 0; +} +DEF_WEAK(SHA512_256Init); + +MAKE_CLONE(SHA512_256Transform, SHA512Transform); +MAKE_CLONE(SHA512_256Update, SHA512Update); +MAKE_CLONE(SHA512_256Pad, SHA512Pad); +DEF_WEAK(SHA512_256Transform); +DEF_WEAK(SHA512_256Update); +DEF_WEAK(SHA512_256Pad); + +void +SHA512_256Final(u_int8_t digest[SHA512_256_DIGEST_LENGTH], SHA2_CTX *context) +{ + SHA512_256Pad(context); + +#if BYTE_ORDER == LITTLE_ENDIAN + int i; + + /* Convert TO host byte order */ + for (i = 0; i < 4; i++) + BE_64_TO_8(digest + i * 8, context->state.st64[i]); +#else + memcpy(digest, context->state.st64, SHA512_256_DIGEST_LENGTH); +#endif + /* Zero out state data */ + explicit_bzero(context, sizeof(*context)); +} +DEF_WEAK(SHA512_256Final); #endif /* !defined(SHA2_SMALL) */