1 /*
2 * sha512 test based on CCAN: https://ccodearchive.net/info/crypto/sha512.html
3 *
4 * src/crypto/sha512.cpp commit f914f1a746d7f91951c1da262a4a749dd3ebfa71
5 * Copyright (c) 2014 The Bitcoin Core developers
6 * Distributed under the MIT software license, see:
7 * http://www.opensource.org/licenses/mit-license.php.
8 *
9 * SPDX-License-Identifier: MIT CC0-1.0
10 */
11 #define _GNU_SOURCE /* See feature_test_macros(7) */
12
13 #include <stdint.h>
14 #include <stdlib.h>
15 #include <stdio.h>
16 #include <unistd.h>
17 #include <ctype.h>
18 #include <stdarg.h>
19
20 /* Required portions from endian.h */
21
22 /**
23 * BSWAP_64 - reverse bytes in a constant uint64_t value.
24 * @val: constantvalue whose bytes to swap.
25 *
26 * Designed to be usable in constant-requiring initializers.
27 *
28 * Example:
29 * struct mystruct {
30 * char buf[BSWAP_64(0xff00000000000000ULL)];
31 * };
32 */
33 #define BSWAP_64(val) \
34 ((((uint64_t)(val) & 0x00000000000000ffULL) << 56) \
35 | (((uint64_t)(val) & 0x000000000000ff00ULL) << 40) \
36 | (((uint64_t)(val) & 0x0000000000ff0000ULL) << 24) \
37 | (((uint64_t)(val) & 0x00000000ff000000ULL) << 8) \
38 | (((uint64_t)(val) & 0x000000ff00000000ULL) >> 8) \
39 | (((uint64_t)(val) & 0x0000ff0000000000ULL) >> 24) \
40 | (((uint64_t)(val) & 0x00ff000000000000ULL) >> 40) \
41 | (((uint64_t)(val) & 0xff00000000000000ULL) >> 56))
42
43
44 typedef uint64_t beint64_t;
45
46 #if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
47
48 /**
49 * CPU_TO_BE64 - convert a constant uint64_t value to big-endian
50 * @native: constant to convert
51 */
52 #define CPU_TO_BE64(native) ((beint64_t)(native))
53 /**
54 * BE64_TO_CPU - convert a big-endian uint64_t constant
55 * @le_val: big-endian constant to convert
56 */
57 #define BE64_TO_CPU(le_val) ((uint64_t)(le_val))
58
59 #else /* ... HAVE_LITTLE_ENDIAN */
60 #define CPU_TO_BE64(native) ((beint64_t)BSWAP_64(native))
61 #define BE64_TO_CPU(le_val) BSWAP_64((uint64_t)le_val)
62 #endif /* HAVE_LITTE_ENDIAN */
63
64 /**
65 * cpu_to_be64 - convert a uint64_t value to big endian.
66 * @native: value to convert
67 */
cpu_to_be64(uint64_t native)68 static inline beint64_t cpu_to_be64(uint64_t native)
69 {
70 return CPU_TO_BE64(native);
71 }
72
73 /**
74 * be64_to_cpu - convert a big-endian uint64_t value
75 * @be_val: big-endian value to convert
76 */
be64_to_cpu(beint64_t be_val)77 static inline uint64_t be64_to_cpu(beint64_t be_val)
78 {
79 return BE64_TO_CPU(be_val);
80 }
81
82 /* From compiler.h */
83
84 #ifndef UNUSED
85 /**
86 * UNUSED - a parameter is unused
87 *
88 * Some compilers (eg. gcc with -W or -Wunused) warn about unused
89 * function parameters. This suppresses such warnings and indicates
90 * to the reader that it's deliberate.
91 *
92 * Example:
93 * // This is used as a callback, so needs to have this prototype.
94 * static int some_callback(void *unused UNUSED)
95 * {
96 * return 0;
97 * }
98 */
99 #define UNUSED __attribute__((__unused__))
100 #endif
101
102 /* From sha512.h */
103
104 /**
105 * struct sha512 - structure representing a completed SHA512.
106 * @u.u8: an unsigned char array.
107 * @u.u64: a 64-bit integer array.
108 *
109 * Other fields may be added to the union in future.
110 */
111 struct sha512 {
112 union {
113 uint64_t u64[8];
114 unsigned char u8[64];
115 } u;
116 };
117
118 /**
119 * sha512 - return sha512 of an object.
120 * @sha512: the sha512 to fill in
121 * @p: pointer to memory,
122 * @size: the number of bytes pointed to by @p
123 *
124 * The bytes pointed to by @p is SHA512 hashed into @sha512. This is
125 * equivalent to sha512_init(), sha512_update() then sha512_done().
126 */
127 void sha512(struct sha512 *sha, const void *p, size_t size);
128
129 /**
130 * struct sha512_ctx - structure to store running context for sha512
131 */
132 struct sha512_ctx {
133 uint64_t s[8];
134 union {
135 uint64_t u64[16];
136 unsigned char u8[128];
137 } buf;
138 size_t bytes;
139 };
140
141 /**
142 * sha512_init - initialize an SHA512 context.
143 * @ctx: the sha512_ctx to initialize
144 *
145 * This must be called before sha512_update or sha512_done, or
146 * alternately you can assign SHA512_INIT.
147 *
148 * If it was already initialized, this forgets anything which was
149 * hashed before.
150 *
151 * Example:
152 * static void hash_all(const char **arr, struct sha512 *hash)
153 * {
154 * size_t i;
155 * struct sha512_ctx ctx;
156 *
157 * sha512_init(&ctx);
158 * for (i = 0; arr[i]; i++)
159 * sha512_update(&ctx, arr[i], strlen(arr[i]));
160 * sha512_done(&ctx, hash);
161 * }
162 */
163 void sha512_init(struct sha512_ctx *ctx);
164
165 /**
166 * SHA512_INIT - initializer for an SHA512 context.
167 *
168 * This can be used to statically initialize an SHA512 context (instead
169 * of sha512_init()).
170 *
171 * Example:
172 * static void hash_all(const char **arr, struct sha512 *hash)
173 * {
174 * size_t i;
175 * struct sha512_ctx ctx = SHA512_INIT;
176 *
177 * for (i = 0; arr[i]; i++)
178 * sha512_update(&ctx, arr[i], strlen(arr[i]));
179 * sha512_done(&ctx, hash);
180 * }
181 */
182 #define SHA512_INIT \
183 { { 0x6a09e667f3bcc908ull, 0xbb67ae8584caa73bull, \
184 0x3c6ef372fe94f82bull, 0xa54ff53a5f1d36f1ull, \
185 0x510e527fade682d1ull, 0x9b05688c2b3e6c1full, \
186 0x1f83d9abfb41bd6bull, 0x5be0cd19137e2179ull }, \
187 { { 0 } }, 0 }
188
189 /**
190 * sha512_update - include some memory in the hash.
191 * @ctx: the sha512_ctx to use
192 * @p: pointer to memory,
193 * @size: the number of bytes pointed to by @p
194 *
195 * You can call this multiple times to hash more data, before calling
196 * sha512_done().
197 */
198 void sha512_update(struct sha512_ctx *ctx, const void *p, size_t size);
199
200 /**
201 * sha512_done - finish SHA512 and return the hash
202 * @ctx: the sha512_ctx to complete
203 * @res: the hash to return.
204 *
205 * Note that @ctx is *destroyed* by this, and must be reinitialized.
206 * To avoid that, pass a copy instead.
207 */
208 void sha512_done(struct sha512_ctx *sha512, struct sha512 *res);
209
210 /* From sha512.c */
211
212 /*
213 * SHA512 core code translated from the Bitcoin project's C++:
214 *
215 * src/crypto/sha512.cpp commit f914f1a746d7f91951c1da262a4a749dd3ebfa71
216 * Copyright (c) 2014 The Bitcoin Core developers
217 * Distributed under the MIT software license, see the accompanying
218 * file COPYING or http://www.opensource.org/licenses/mit-license.php.
219 */
220 /* #include <ccan/endian/endian.h> */
221 /* #include <ccan/compiler/compiler.h> */
222 #include <stdbool.h>
223 #include <assert.h>
224 #include <string.h>
225
invalidate_sha512(struct sha512_ctx * ctx)226 static void invalidate_sha512(struct sha512_ctx *ctx)
227 {
228 ctx->bytes = (size_t)-1;
229 }
230
check_sha512(struct sha512_ctx * ctx UNUSED)231 static void check_sha512(struct sha512_ctx *ctx UNUSED)
232 {
233 assert(ctx->bytes != (size_t)-1);
234 }
235
Ch(uint64_t x,uint64_t y,uint64_t z)236 static uint64_t Ch(uint64_t x, uint64_t y, uint64_t z)
237 {
238 return z ^ (x & (y ^ z));
239 }
Maj(uint64_t x,uint64_t y,uint64_t z)240 static uint64_t Maj(uint64_t x, uint64_t y, uint64_t z)
241 {
242 return (x & y) | (z & (x | y));
243 }
Sigma0(uint64_t x)244 static uint64_t Sigma0(uint64_t x)
245 {
246 return (x >> 28 | x << 36) ^ (x >> 34 | x << 30) ^ (x >> 39 | x << 25);
247 }
Sigma1(uint64_t x)248 static uint64_t Sigma1(uint64_t x)
249 {
250 return (x >> 14 | x << 50) ^ (x >> 18 | x << 46) ^ (x >> 41 | x << 23);
251 }
sigma0(uint64_t x)252 static uint64_t sigma0(uint64_t x)
253 {
254 return (x >> 1 | x << 63) ^ (x >> 8 | x << 56) ^ (x >> 7);
255 }
sigma1(uint64_t x)256 static uint64_t sigma1(uint64_t x)
257 {
258 return (x >> 19 | x << 45) ^ (x >> 61 | x << 3) ^ (x >> 6);
259 }
260
261 /** One round of SHA-512. */
Round(uint64_t a,uint64_t b,uint64_t c,uint64_t * d,uint64_t e,uint64_t f,uint64_t g,uint64_t * h,uint64_t k,uint64_t w)262 static void Round(uint64_t a, uint64_t b, uint64_t c, uint64_t *d, uint64_t e, uint64_t f, uint64_t g, uint64_t *h, uint64_t k, uint64_t w)
263 {
264 uint64_t t1 = *h + Sigma1(e) + Ch(e, f, g) + k + w;
265 uint64_t t2 = Sigma0(a) + Maj(a, b, c);
266 *d += t1;
267 *h = t1 + t2;
268 }
269
270 /** Perform one SHA-512 transformation, processing a 128-byte chunk. */
Transform(uint64_t * s,const uint64_t * chunk)271 static void Transform(uint64_t *s, const uint64_t *chunk)
272 {
273 uint64_t a = s[0], b = s[1], c = s[2], d = s[3], e = s[4], f = s[5], g = s[6], h = s[7];
274 uint64_t w0, w1, w2, w3, w4, w5, w6, w7, w8, w9, w10, w11, w12, w13, w14, w15;
275
276 Round(a, b, c, &d, e, f, g, &h, 0x428a2f98d728ae22ull, w0 = be64_to_cpu(chunk[0]));
277 Round(h, a, b, &c, d, e, f, &g, 0x7137449123ef65cdull, w1 = be64_to_cpu(chunk[1]));
278 Round(g, h, a, &b, c, d, e, &f, 0xb5c0fbcfec4d3b2full, w2 = be64_to_cpu(chunk[2]));
279 Round(f, g, h, &a, b, c, d, &e, 0xe9b5dba58189dbbcull, w3 = be64_to_cpu(chunk[3]));
280 Round(e, f, g, &h, a, b, c, &d, 0x3956c25bf348b538ull, w4 = be64_to_cpu(chunk[4]));
281 Round(d, e, f, &g, h, a, b, &c, 0x59f111f1b605d019ull, w5 = be64_to_cpu(chunk[5]));
282 Round(c, d, e, &f, g, h, a, &b, 0x923f82a4af194f9bull, w6 = be64_to_cpu(chunk[6]));
283 Round(b, c, d, &e, f, g, h, &a, 0xab1c5ed5da6d8118ull, w7 = be64_to_cpu(chunk[7]));
284 Round(a, b, c, &d, e, f, g, &h, 0xd807aa98a3030242ull, w8 = be64_to_cpu(chunk[8]));
285 Round(h, a, b, &c, d, e, f, &g, 0x12835b0145706fbeull, w9 = be64_to_cpu(chunk[9]));
286 Round(g, h, a, &b, c, d, e, &f, 0x243185be4ee4b28cull, w10 = be64_to_cpu(chunk[10]));
287 Round(f, g, h, &a, b, c, d, &e, 0x550c7dc3d5ffb4e2ull, w11 = be64_to_cpu(chunk[11]));
288 Round(e, f, g, &h, a, b, c, &d, 0x72be5d74f27b896full, w12 = be64_to_cpu(chunk[12]));
289 Round(d, e, f, &g, h, a, b, &c, 0x80deb1fe3b1696b1ull, w13 = be64_to_cpu(chunk[13]));
290 Round(c, d, e, &f, g, h, a, &b, 0x9bdc06a725c71235ull, w14 = be64_to_cpu(chunk[14]));
291 Round(b, c, d, &e, f, g, h, &a, 0xc19bf174cf692694ull, w15 = be64_to_cpu(chunk[15]));
292
293 Round(a, b, c, &d, e, f, g, &h, 0xe49b69c19ef14ad2ull, w0 += sigma1(w14) + w9 + sigma0(w1));
294 Round(h, a, b, &c, d, e, f, &g, 0xefbe4786384f25e3ull, w1 += sigma1(w15) + w10 + sigma0(w2));
295 Round(g, h, a, &b, c, d, e, &f, 0x0fc19dc68b8cd5b5ull, w2 += sigma1(w0) + w11 + sigma0(w3));
296 Round(f, g, h, &a, b, c, d, &e, 0x240ca1cc77ac9c65ull, w3 += sigma1(w1) + w12 + sigma0(w4));
297 Round(e, f, g, &h, a, b, c, &d, 0x2de92c6f592b0275ull, w4 += sigma1(w2) + w13 + sigma0(w5));
298 Round(d, e, f, &g, h, a, b, &c, 0x4a7484aa6ea6e483ull, w5 += sigma1(w3) + w14 + sigma0(w6));
299 Round(c, d, e, &f, g, h, a, &b, 0x5cb0a9dcbd41fbd4ull, w6 += sigma1(w4) + w15 + sigma0(w7));
300 Round(b, c, d, &e, f, g, h, &a, 0x76f988da831153b5ull, w7 += sigma1(w5) + w0 + sigma0(w8));
301 Round(a, b, c, &d, e, f, g, &h, 0x983e5152ee66dfabull, w8 += sigma1(w6) + w1 + sigma0(w9));
302 Round(h, a, b, &c, d, e, f, &g, 0xa831c66d2db43210ull, w9 += sigma1(w7) + w2 + sigma0(w10));
303 Round(g, h, a, &b, c, d, e, &f, 0xb00327c898fb213full, w10 += sigma1(w8) + w3 + sigma0(w11));
304 Round(f, g, h, &a, b, c, d, &e, 0xbf597fc7beef0ee4ull, w11 += sigma1(w9) + w4 + sigma0(w12));
305 Round(e, f, g, &h, a, b, c, &d, 0xc6e00bf33da88fc2ull, w12 += sigma1(w10) + w5 + sigma0(w13));
306 Round(d, e, f, &g, h, a, b, &c, 0xd5a79147930aa725ull, w13 += sigma1(w11) + w6 + sigma0(w14));
307 Round(c, d, e, &f, g, h, a, &b, 0x06ca6351e003826full, w14 += sigma1(w12) + w7 + sigma0(w15));
308 Round(b, c, d, &e, f, g, h, &a, 0x142929670a0e6e70ull, w15 += sigma1(w13) + w8 + sigma0(w0));
309
310 Round(a, b, c, &d, e, f, g, &h, 0x27b70a8546d22ffcull, w0 += sigma1(w14) + w9 + sigma0(w1));
311 Round(h, a, b, &c, d, e, f, &g, 0x2e1b21385c26c926ull, w1 += sigma1(w15) + w10 + sigma0(w2));
312 Round(g, h, a, &b, c, d, e, &f, 0x4d2c6dfc5ac42aedull, w2 += sigma1(w0) + w11 + sigma0(w3));
313 Round(f, g, h, &a, b, c, d, &e, 0x53380d139d95b3dfull, w3 += sigma1(w1) + w12 + sigma0(w4));
314 Round(e, f, g, &h, a, b, c, &d, 0x650a73548baf63deull, w4 += sigma1(w2) + w13 + sigma0(w5));
315 Round(d, e, f, &g, h, a, b, &c, 0x766a0abb3c77b2a8ull, w5 += sigma1(w3) + w14 + sigma0(w6));
316 Round(c, d, e, &f, g, h, a, &b, 0x81c2c92e47edaee6ull, w6 += sigma1(w4) + w15 + sigma0(w7));
317 Round(b, c, d, &e, f, g, h, &a, 0x92722c851482353bull, w7 += sigma1(w5) + w0 + sigma0(w8));
318 Round(a, b, c, &d, e, f, g, &h, 0xa2bfe8a14cf10364ull, w8 += sigma1(w6) + w1 + sigma0(w9));
319 Round(h, a, b, &c, d, e, f, &g, 0xa81a664bbc423001ull, w9 += sigma1(w7) + w2 + sigma0(w10));
320 Round(g, h, a, &b, c, d, e, &f, 0xc24b8b70d0f89791ull, w10 += sigma1(w8) + w3 + sigma0(w11));
321 Round(f, g, h, &a, b, c, d, &e, 0xc76c51a30654be30ull, w11 += sigma1(w9) + w4 + sigma0(w12));
322 Round(e, f, g, &h, a, b, c, &d, 0xd192e819d6ef5218ull, w12 += sigma1(w10) + w5 + sigma0(w13));
323 Round(d, e, f, &g, h, a, b, &c, 0xd69906245565a910ull, w13 += sigma1(w11) + w6 + sigma0(w14));
324 Round(c, d, e, &f, g, h, a, &b, 0xf40e35855771202aull, w14 += sigma1(w12) + w7 + sigma0(w15));
325 Round(b, c, d, &e, f, g, h, &a, 0x106aa07032bbd1b8ull, w15 += sigma1(w13) + w8 + sigma0(w0));
326
327 Round(a, b, c, &d, e, f, g, &h, 0x19a4c116b8d2d0c8ull, w0 += sigma1(w14) + w9 + sigma0(w1));
328 Round(h, a, b, &c, d, e, f, &g, 0x1e376c085141ab53ull, w1 += sigma1(w15) + w10 + sigma0(w2));
329 Round(g, h, a, &b, c, d, e, &f, 0x2748774cdf8eeb99ull, w2 += sigma1(w0) + w11 + sigma0(w3));
330 Round(f, g, h, &a, b, c, d, &e, 0x34b0bcb5e19b48a8ull, w3 += sigma1(w1) + w12 + sigma0(w4));
331 Round(e, f, g, &h, a, b, c, &d, 0x391c0cb3c5c95a63ull, w4 += sigma1(w2) + w13 + sigma0(w5));
332 Round(d, e, f, &g, h, a, b, &c, 0x4ed8aa4ae3418acbull, w5 += sigma1(w3) + w14 + sigma0(w6));
333 Round(c, d, e, &f, g, h, a, &b, 0x5b9cca4f7763e373ull, w6 += sigma1(w4) + w15 + sigma0(w7));
334 Round(b, c, d, &e, f, g, h, &a, 0x682e6ff3d6b2b8a3ull, w7 += sigma1(w5) + w0 + sigma0(w8));
335 Round(a, b, c, &d, e, f, g, &h, 0x748f82ee5defb2fcull, w8 += sigma1(w6) + w1 + sigma0(w9));
336 Round(h, a, b, &c, d, e, f, &g, 0x78a5636f43172f60ull, w9 += sigma1(w7) + w2 + sigma0(w10));
337 Round(g, h, a, &b, c, d, e, &f, 0x84c87814a1f0ab72ull, w10 += sigma1(w8) + w3 + sigma0(w11));
338 Round(f, g, h, &a, b, c, d, &e, 0x8cc702081a6439ecull, w11 += sigma1(w9) + w4 + sigma0(w12));
339 Round(e, f, g, &h, a, b, c, &d, 0x90befffa23631e28ull, w12 += sigma1(w10) + w5 + sigma0(w13));
340 Round(d, e, f, &g, h, a, b, &c, 0xa4506cebde82bde9ull, w13 += sigma1(w11) + w6 + sigma0(w14));
341 Round(c, d, e, &f, g, h, a, &b, 0xbef9a3f7b2c67915ull, w14 += sigma1(w12) + w7 + sigma0(w15));
342 Round(b, c, d, &e, f, g, h, &a, 0xc67178f2e372532bull, w15 += sigma1(w13) + w8 + sigma0(w0));
343
344 Round(a, b, c, &d, e, f, g, &h, 0xca273eceea26619cull, w0 += sigma1(w14) + w9 + sigma0(w1));
345 Round(h, a, b, &c, d, e, f, &g, 0xd186b8c721c0c207ull, w1 += sigma1(w15) + w10 + sigma0(w2));
346 Round(g, h, a, &b, c, d, e, &f, 0xeada7dd6cde0eb1eull, w2 += sigma1(w0) + w11 + sigma0(w3));
347 Round(f, g, h, &a, b, c, d, &e, 0xf57d4f7fee6ed178ull, w3 += sigma1(w1) + w12 + sigma0(w4));
348 Round(e, f, g, &h, a, b, c, &d, 0x06f067aa72176fbaull, w4 += sigma1(w2) + w13 + sigma0(w5));
349 Round(d, e, f, &g, h, a, b, &c, 0x0a637dc5a2c898a6ull, w5 += sigma1(w3) + w14 + sigma0(w6));
350 Round(c, d, e, &f, g, h, a, &b, 0x113f9804bef90daeull, w6 += sigma1(w4) + w15 + sigma0(w7));
351 Round(b, c, d, &e, f, g, h, &a, 0x1b710b35131c471bull, w7 += sigma1(w5) + w0 + sigma0(w8));
352 Round(a, b, c, &d, e, f, g, &h, 0x28db77f523047d84ull, w8 += sigma1(w6) + w1 + sigma0(w9));
353 Round(h, a, b, &c, d, e, f, &g, 0x32caab7b40c72493ull, w9 += sigma1(w7) + w2 + sigma0(w10));
354 Round(g, h, a, &b, c, d, e, &f, 0x3c9ebe0a15c9bebcull, w10 += sigma1(w8) + w3 + sigma0(w11));
355 Round(f, g, h, &a, b, c, d, &e, 0x431d67c49c100d4cull, w11 += sigma1(w9) + w4 + sigma0(w12));
356 Round(e, f, g, &h, a, b, c, &d, 0x4cc5d4becb3e42b6ull, w12 += sigma1(w10) + w5 + sigma0(w13));
357 Round(d, e, f, &g, h, a, b, &c, 0x597f299cfc657e2aull, w13 += sigma1(w11) + w6 + sigma0(w14));
358 Round(c, d, e, &f, g, h, a, &b, 0x5fcb6fab3ad6faecull, w14 + sigma1(w12) + w7 + sigma0(w15));
359 Round(b, c, d, &e, f, g, h, &a, 0x6c44198c4a475817ull, w15 + sigma1(w13) + w8 + sigma0(w0));
360
361 s[0] += a;
362 s[1] += b;
363 s[2] += c;
364 s[3] += d;
365 s[4] += e;
366 s[5] += f;
367 s[6] += g;
368 s[7] += h;
369 }
370
alignment_ok(const void * p UNUSED,size_t n UNUSED)371 static bool alignment_ok(const void *p UNUSED, size_t n UNUSED)
372 {
373 #if HAVE_UNALIGNED_ACCESS
374 return true;
375 #else
376 return ((size_t)p % n == 0);
377 #endif
378 }
379
add(struct sha512_ctx * ctx,const void * p,size_t len)380 static void add(struct sha512_ctx *ctx, const void *p, size_t len)
381 {
382 const unsigned char *data = p;
383 size_t bufsize = ctx->bytes % 128;
384
385 if (bufsize + len >= 128) {
386 /* Fill the buffer, and process it. */
387 memcpy(ctx->buf.u8 + bufsize, data, 128 - bufsize);
388 ctx->bytes += 128 - bufsize;
389 data += 128 - bufsize;
390 len -= 128 - bufsize;
391 Transform(ctx->s, ctx->buf.u64);
392 bufsize = 0;
393 }
394
395 while (len >= 128) {
396 /* Process full chunks directly from the source. */
397 if (alignment_ok(data, sizeof(uint64_t)))
398 Transform(ctx->s, (const uint64_t *)data);
399 else {
400 memcpy(ctx->buf.u8, data, sizeof(ctx->buf));
401 Transform(ctx->s, ctx->buf.u64);
402 }
403 ctx->bytes += 128;
404 data += 128;
405 len -= 128;
406 }
407
408 if (len) {
409 /* Fill the buffer with what remains. */
410 memcpy(ctx->buf.u8 + bufsize, data, len);
411 ctx->bytes += len;
412 }
413 }
414
sha512_init(struct sha512_ctx * ctx)415 void sha512_init(struct sha512_ctx *ctx)
416 {
417 struct sha512_ctx init = SHA512_INIT;
418 *ctx = init;
419 }
420
sha512_update(struct sha512_ctx * ctx,const void * p,size_t size)421 void sha512_update(struct sha512_ctx *ctx, const void *p, size_t size)
422 {
423 check_sha512(ctx);
424 add(ctx, p, size);
425 }
426
sha512_done(struct sha512_ctx * ctx,struct sha512 * res)427 void sha512_done(struct sha512_ctx *ctx, struct sha512 *res)
428 {
429 static const unsigned char pad[128] = { 0x80 };
430 uint64_t sizedesc[2] = { 0, 0 };
431 size_t i;
432
433 sizedesc[1] = cpu_to_be64((uint64_t)ctx->bytes << 3);
434
435 /* Add '1' bit to terminate, then all 0 bits, up to next block - 16. */
436 add(ctx, pad, 1 + ((256 - 16 - (ctx->bytes % 128) - 1) % 128));
437 /* Add number of bits of data (big endian) */
438 add(ctx, sizedesc, sizeof(sizedesc));
439 for (i = 0; i < sizeof(ctx->s) / sizeof(ctx->s[0]); i++)
440 res->u.u64[i] = cpu_to_be64(ctx->s[i]);
441 invalidate_sha512(ctx);
442 }
443
sha512(struct sha512 * sha,const void * p,size_t size)444 void sha512(struct sha512 *sha, const void *p, size_t size)
445 {
446 struct sha512_ctx ctx;
447
448 sha512_init(&ctx);
449 sha512_update(&ctx, p, size);
450 sha512_done(&ctx, sha);
451 }
452
453 /* From hex.h */
454 /**
455 * hex_decode - Unpack a hex string.
456 * @str: the hexadecimal string
457 * @slen: the length of @str
458 * @buf: the buffer to write the data into
459 * @bufsize: the length of @buf
460 *
461 * Returns false if there are any characters which aren't 0-9, a-f or A-F,
462 * of the string wasn't the right length for @bufsize.
463 *
464 * Example:
465 * unsigned char data[20];
466 *
467 * if (!hex_decode(argv[1], strlen(argv[1]), data, 20))
468 * printf("String is malformed!\n");
469 */
470 bool hex_decode(const char *str, size_t slen, void *buf, size_t bufsize);
471
472 /**
473 * hex_encode - Create a nul-terminated hex string
474 * @buf: the buffer to read the data from
475 * @bufsize: the length of @buf
476 * @dest: the string to fill
477 * @destsize: the max size of the string
478 *
479 * Returns true if the string, including terminator, fit in @destsize;
480 *
481 * Example:
482 * unsigned char buf[] = { 0x1F, 0x2F };
483 * char str[5];
484 *
485 * if (!hex_encode(buf, sizeof(buf), str, sizeof(str)))
486 * abort();
487 */
488 bool hex_encode(const void *buf, size_t bufsize, char *dest, size_t destsize);
489
490 /**
491 * hex_str_size - Calculate how big a nul-terminated hex string is
492 * @bytes: bytes of data to represent
493 *
494 * Example:
495 * unsigned char buf[] = { 0x1F, 0x2F };
496 * char str[hex_str_size(sizeof(buf))];
497 *
498 * hex_encode(buf, sizeof(buf), str, sizeof(str));
499 */
hex_str_size(size_t bytes)500 static inline size_t hex_str_size(size_t bytes)
501 {
502 return 2 * bytes + 1;
503 }
504
505 /* From hex.c */
char_to_hex(unsigned char * val,char c)506 static bool char_to_hex(unsigned char *val, char c)
507 {
508 if (c >= '0' && c <= '9') {
509 *val = c - '0';
510 return true;
511 }
512 if (c >= 'a' && c <= 'f') {
513 *val = c - 'a' + 10;
514 return true;
515 }
516 if (c >= 'A' && c <= 'F') {
517 *val = c - 'A' + 10;
518 return true;
519 }
520 return false;
521 }
522
hex_decode(const char * str,size_t slen,void * buf,size_t bufsize)523 bool hex_decode(const char *str, size_t slen, void *buf, size_t bufsize)
524 {
525 unsigned char v1, v2;
526 unsigned char *p = buf;
527
528 while (slen > 1) {
529 if (!char_to_hex(&v1, str[0]) || !char_to_hex(&v2, str[1]))
530 return false;
531 if (!bufsize)
532 return false;
533 *(p++) = (v1 << 4) | v2;
534 str += 2;
535 slen -= 2;
536 bufsize--;
537 }
538 return slen == 0 && bufsize == 0;
539 }
540
hexchar(unsigned int val)541 static char hexchar(unsigned int val)
542 {
543 if (val < 10)
544 return '0' + val;
545 if (val < 16)
546 return 'a' + val - 10;
547 abort();
548 }
549
hex_encode(const void * buf,size_t bufsize,char * dest,size_t destsize)550 bool hex_encode(const void *buf, size_t bufsize, char *dest, size_t destsize)
551 {
552 size_t i;
553
554 if (destsize < hex_str_size(bufsize))
555 return false;
556
557 for (i = 0; i < bufsize; i++) {
558 unsigned int c = ((const unsigned char *)buf)[i];
559 *(dest++) = hexchar(c >> 4);
560 *(dest++) = hexchar(c & 0xF);
561 }
562 *dest = '\0';
563
564 return true;
565 }
566
567 /* From tap.h */
568 /**
569 * plan_tests - announce the number of tests you plan to run
570 * @tests: the number of tests
571 *
572 * This should be the first call in your test program: it allows tracing
573 * of failures which mean that not all tests are run.
574 *
575 * If you don't know how many tests will actually be run, assume all of them
576 * and use skip() if you don't actually run some tests.
577 *
578 * Example:
579 * plan_tests(13);
580 */
581 void plan_tests(unsigned int tests);
582
583 /**
584 * ok1 - Simple conditional test
585 * @e: the expression which we expect to be true.
586 *
587 * This is the simplest kind of test: if the expression is true, the
588 * test passes. The name of the test which is printed will simply be
589 * file name, line number, and the expression itself.
590 *
591 * Example:
592 * ok1(somefunc() == 1);
593 */
594 # define ok1(e) ((e) ? \
595 _gen_result(1, __func__, __FILE__, __LINE__, "%s", #e) : \
596 _gen_result(0, __func__, __FILE__, __LINE__, "%s", #e))
597
598 /**
599 * exit_status - the value that main should return.
600 *
601 * For maximum compatibility your test program should return a particular exit
602 * code (ie. 0 if all tests were run, and every test which was expected to
603 * succeed succeeded).
604 *
605 * Example:
606 * exit(exit_status());
607 */
608 int exit_status(void);
609
610 /**
611 * tap_fail_callback - function to call when we fail
612 *
613 * This can be used to ease debugging, or exit on the first failure.
614 */
615 void (*tap_fail_callback)(void);
616
617 /* From tap.c */
618
619 static int no_plan = 0;
620 static int skip_all = 0;
621 static int have_plan = 0;
622 static unsigned int test_count = 0; /* Number of tests that have been run */
623 static unsigned int e_tests = 0; /* Expected number of tests to run */
624 static unsigned int failures = 0; /* Number of tests that failed */
625 static char *todo_msg = NULL;
626 static const char *todo_msg_fixed = "libtap malloc issue";
627 static int todo = 0;
628 static int test_died = 0;
629 static int test_pid;
630
631 static void
_expected_tests(unsigned int tests)632 _expected_tests(unsigned int tests)
633 {
634 printf("1..%d\n", tests);
635 e_tests = tests;
636 }
637
638 static void
diagv(const char * fmt,va_list ap)639 diagv(const char *fmt, va_list ap)
640 {
641 fputs("# ", stdout);
642 vfprintf(stdout, fmt, ap);
643 fputs("\n", stdout);
644 }
645
646 static void
_diag(const char * fmt,...)647 _diag(const char *fmt, ...)
648 {
649 va_list ap;
650 va_start(ap, fmt);
651 diagv(fmt, ap);
652 va_end(ap);
653 }
654
655 /*
656 * Generate a test result.
657 *
658 * ok -- boolean, indicates whether or not the test passed.
659 * test_name -- the name of the test, may be NULL
660 * test_comment -- a comment to print afterwards, may be NULL
661 */
662 unsigned int
_gen_result(int ok,const char * func,const char * file,unsigned int line,const char * test_name,...)663 _gen_result(int ok, const char *func, const char *file, unsigned int line,
664 const char *test_name, ...)
665 {
666 va_list ap;
667 char *local_test_name = NULL;
668 char *c;
669 int name_is_digits;
670
671 test_count++;
672
673 /* Start by taking the test name and performing any printf()
674 expansions on it */
675 if(test_name != NULL) {
676 va_start(ap, test_name);
677 if (vasprintf(&local_test_name, test_name, ap) < 0)
678 local_test_name = NULL;
679 va_end(ap);
680
681 /* Make sure the test name contains more than digits
682 and spaces. Emit an error message and exit if it
683 does */
684 if(local_test_name) {
685 name_is_digits = 1;
686 for(c = local_test_name; *c != '\0'; c++) {
687 if(!isdigit((unsigned char)*c)
688 && !isspace((unsigned char)*c)) {
689 name_is_digits = 0;
690 break;
691 }
692 }
693
694 if(name_is_digits) {
695 _diag(" You named your test '%s'. You shouldn't use numbers for your test names.", local_test_name);
696 _diag(" Very confusing.");
697 }
698 }
699 }
700
701 if(!ok) {
702 printf("not ");
703 failures++;
704 }
705
706 printf("ok %d", test_count);
707
708 if(test_name != NULL) {
709 printf(" - ");
710
711 /* Print the test name, escaping any '#' characters it
712 might contain */
713 if(local_test_name != NULL) {
714 flockfile(stdout);
715 for(c = local_test_name; *c != '\0'; c++) {
716 if(*c == '#')
717 fputc('\\', stdout);
718 fputc((int)*c, stdout);
719 }
720 funlockfile(stdout);
721 } else { /* vasprintf() failed, use a fixed message */
722 printf("%s", todo_msg_fixed);
723 }
724 }
725
726 /* If we're in a todo_start() block then flag the test as being
727 TODO. todo_msg should contain the message to print at this
728 point. If it's NULL then asprintf() failed, and we should
729 use the fixed message.
730
731 This is not counted as a failure, so decrement the counter if
732 the test failed. */
733 if(todo) {
734 printf(" # TODO %s", todo_msg ? todo_msg : todo_msg_fixed);
735 if(!ok)
736 failures--;
737 }
738
739 printf("\n");
740
741 if(!ok)
742 _diag(" Failed %stest (%s:%s() at line %d)",
743 todo ? "(TODO) " : "", file, func, line);
744
745 free(local_test_name);
746
747 if (!ok && tap_fail_callback)
748 tap_fail_callback();
749
750 /* We only care (when testing) that ok is positive, but here we
751 specifically only want to return 1 or 0 */
752 return ok ? 1 : 0;
753 }
754
755 /*
756 * Cleanup at the end of the run, produce any final output that might be
757 * required.
758 */
759 static void
_cleanup(void)760 _cleanup(void)
761 {
762 /* If we forked, don't do cleanup in child! */
763 if (getpid() != test_pid)
764 return;
765
766 /* If plan_no_plan() wasn't called, and we don't have a plan,
767 and we're not skipping everything, then something happened
768 before we could produce any output */
769 if(!no_plan && !have_plan && !skip_all) {
770 _diag("Looks like your test died before it could output anything.");
771 return;
772 }
773
774 if(test_died) {
775 _diag("Looks like your test died just after %d.", test_count);
776 return;
777 }
778
779
780 /* No plan provided, but now we know how many tests were run, and can
781 print the header at the end */
782 if(!skip_all && (no_plan || !have_plan)) {
783 printf("1..%d\n", test_count);
784 }
785
786 if((have_plan && !no_plan) && e_tests < test_count) {
787 _diag("Looks like you planned %d tests but ran %d extra.",
788 e_tests, test_count - e_tests);
789 return;
790 }
791
792 if((have_plan || !no_plan) && e_tests > test_count) {
793 _diag("Looks like you planned %d tests but only ran %d.",
794 e_tests, test_count);
795 if(failures) {
796 _diag("Looks like you failed %d tests of %d run.",
797 failures, test_count);
798 }
799 return;
800 }
801
802 if(failures)
803 _diag("Looks like you failed %d tests of %d.",
804 failures, test_count);
805
806 }
807
808 /*
809 * Initialise the TAP library. Will only do so once, however many times it's
810 * called.
811 */
812 static void
_tap_init(void)813 _tap_init(void)
814 {
815 static int run_once = 0;
816
817 if(!run_once) {
818 test_pid = getpid();
819 atexit(_cleanup);
820
821 /* stdout needs to be unbuffered so that the output appears
822 in the same place relative to stderr output as it does
823 with Test::Harness */
824 // setbuf(stdout, 0);
825 run_once = 1;
826 }
827 }
828
829 /*
830 * Note the number of tests that will be run.
831 */
832 void
plan_tests(unsigned int tests)833 plan_tests(unsigned int tests)
834 {
835
836 _tap_init();
837
838 if(have_plan != 0) {
839 fprintf(stderr, "You tried to plan twice!\n");
840 test_died = 1;
841 exit(255);
842 }
843
844 if(tests == 0) {
845 fprintf(stderr, "You said to run 0 tests! You've got to run something.\n");
846 test_died = 1;
847 exit(255);
848 }
849
850 have_plan = 1;
851
852 _expected_tests(tests);
853 }
854
855 static int
exit_status_(void)856 exit_status_(void)
857 {
858 /* If there's no plan, just return the number of failures */
859 if(no_plan || !have_plan) {
860 return failures;
861 }
862
863 /* Ran too many tests? Return the number of tests that were run
864 that shouldn't have been */
865 if(e_tests < test_count) {
866 return test_count - e_tests;
867 }
868
869 /* Return the number of tests that failed + the number of tests
870 that weren't run */
871 return failures + e_tests - test_count;
872 }
873
874 int
exit_status(void)875 exit_status(void)
876 {
877 int r = exit_status_();
878 if (r > 255)
879 r = 255;
880 return r;
881 }
882
883 /* From run-test-vectors.c */
884
885 /* Test vectors. */
886 struct test {
887 const char *vector;
888 size_t repetitions;
889 const char *expected;
890 };
891
892 static const char ZEROES[] =
893 "0000000000000000000000000000000000000000000000000000000000000000"
894 "0000000000000000000000000000000000000000000000000000000000000000";
895
896 static struct test tests[] = {
897 /* http://csrc.nist.gov/groups/STM/cavp/secure-hashing.html ShortMsg */
898 { "21", 1,
899 "3831a6a6155e509dee59a7f451eb35324d8f8f2df6e3708894740f98fdee2388"
900 "9f4de5adb0c5010dfb555cda77c8ab5dc902094c52de3278f35a75ebc25f093a" },
901 { "9083", 1,
902 "55586ebba48768aeb323655ab6f4298fc9f670964fc2e5f2731e34dfa4b0c09e"
903 "6e1e12e3d7286b3145c61c2047fb1a2a1297f36da64160b31fa4c8c2cddd2fb4" },
904 { "0a55db", 1,
905 "7952585e5330cb247d72bae696fc8a6b0f7d0804577e347d99bc1b11e52f3849"
906 "85a428449382306a89261ae143c2f3fb613804ab20b42dc097e5bf4a96ef919b" },
907 { "23be86d5", 1,
908 "76d42c8eadea35a69990c63a762f330614a4699977f058adb988f406fb0be8f2"
909 "ea3dce3a2bbd1d827b70b9b299ae6f9e5058ee97b50bd4922d6d37ddc761f8eb" },
910 { "eb0ca946c1", 1,
911 "d39ecedfe6e705a821aee4f58bfc489c3d9433eb4ac1b03a97e321a2586b40dd"
912 "0522f40fa5aef36afff591a78c916bfc6d1ca515c4983dd8695b1ec7951d723e" },
913 { "38667f39277b", 1,
914 "85708b8ff05d974d6af0801c152b95f5fa5c06af9a35230c5bea2752f031f9bd"
915 "84bd844717b3add308a70dc777f90813c20b47b16385664eefc88449f04f2131" },
916 { "b39f71aaa8a108", 1,
917 "258b8efa05b4a06b1e63c7a3f925c5ef11fa03e3d47d631bf4d474983783d8c0"
918 "b09449009e842fc9fa15de586c67cf8955a17d790b20f41dadf67ee8cdcdfce6" },
919 { "dc28484ebfd293d62ac759d5754bdf502423e4d419fa79020805134b2ce3dff7"
920 "38c7556c91d810adbad8dd210f041296b73c2185d4646c97fc0a5b69ed49ac8c"
921 "7ced0bd1cfd7e3c3cca47374d189247da6811a40b0ab097067ed4ad40ade2e47"
922 "91e39204e398b3204971445822a1be0dd93af8", 1,
923 "615115d2e8b62e345adaa4bdb95395a3b4fe27d71c4a111b86c1841463c5f03d"
924 "6b20d164a39948ab08ae060720d05c10f6022e5c8caf2fa3bca2e04d9c539ded" },
925 { "fd2203e467574e834ab07c9097ae164532f24be1eb5d88f1af7748ceff0d2c67"
926 "a21f4e4097f9d3bb4e9fbf97186e0db6db0100230a52b453d421f8ab9c9a6043"
927 "aa3295ea20d2f06a2f37470d8a99075f1b8a8336f6228cf08b5942fc1fb4299c"
928 "7d2480e8e82bce175540bdfad7752bc95b577f229515394f3ae5cec870a4b2f8",
929 1,
930 "a21b1077d52b27ac545af63b32746c6e3c51cb0cb9f281eb9f3580a6d4996d5c"
931 "9917d2a6e484627a9d5a06fa1b25327a9d710e027387fc3e07d7c4d14c6086cc" },
932 /* http://www.di-mgt.com.au/sha_testvectors.html */
933 { ZEROES, 1,
934 "7be9fda48f4179e611c698a73cff09faf72869431efee6eaad14de0cb44bbf66"
935 "503f752b7a8eb17083355f3ce6eb7d2806f236b25af96a24e22b887405c20081" }
936 };
937
xmalloc(size_t size)938 static void *xmalloc(size_t size)
939 {
940 char * ret;
941 ret = malloc(size);
942 if (ret == NULL) {
943 perror("malloc");
944 abort();
945 }
946 return ret;
947 }
948
do_test(const struct test * t)949 static bool do_test(const struct test *t)
950 {
951 struct sha512 h;
952 char got[128 + 1];
953 bool passed;
954 size_t i, vector_len = strlen(t->vector) / 2;
955 void *vector = xmalloc(vector_len);
956
957 hex_decode(t->vector, vector_len * 2, vector, vector_len);
958
959 for (i = 0; i < t->repetitions; i++) {
960 sha512(&h, vector, vector_len);
961 if (t->repetitions > 1)
962 memcpy(vector, &h, sizeof(h));
963 }
964
965 hex_encode(&h, sizeof(h), got, sizeof(got));
966
967 passed = strcmp(t->expected, got) == 0;
968 free(vector);
969 return passed;
970 }
971
main(void)972 int main(void)
973 {
974 const size_t num_tests = sizeof(tests) / sizeof(tests[0]);
975 size_t i;
976
977 /* This is how many tests you plan to run */
978 plan_tests(num_tests);
979
980 for (i = 0; i < num_tests; i++)
981 ok1(do_test(&tests[i]));
982
983 /* This exits depending on whether all tests passed */
984 return exit_status();
985 }
986