1 /* 2 * sha512 test based on CCAN: https://ccodearchive.net/info/crypto/sha512.html 3 * 4 * src/crypto/sha512.cpp commit f914f1a746d7f91951c1da262a4a749dd3ebfa71 5 * Copyright (c) 2014 The Bitcoin Core developers 6 * Distributed under the MIT software license, see: 7 * http://www.opensource.org/licenses/mit-license.php. 8 * 9 * SPDX-License-Identifier: MIT CC0-1.0 10 */ 11 #define _GNU_SOURCE /* See feature_test_macros(7) */ 12 13 #include <stdint.h> 14 #include <stdlib.h> 15 #include <stdio.h> 16 #include <unistd.h> 17 #include <ctype.h> 18 #include <stdarg.h> 19 20 /* Required portions from endian.h */ 21 22 /** 23 * BSWAP_64 - reverse bytes in a constant uint64_t value. 24 * @val: constantvalue whose bytes to swap. 25 * 26 * Designed to be usable in constant-requiring initializers. 27 * 28 * Example: 29 * struct mystruct { 30 * char buf[BSWAP_64(0xff00000000000000ULL)]; 31 * }; 32 */ 33 #define BSWAP_64(val) \ 34 ((((uint64_t)(val) & 0x00000000000000ffULL) << 56) \ 35 | (((uint64_t)(val) & 0x000000000000ff00ULL) << 40) \ 36 | (((uint64_t)(val) & 0x0000000000ff0000ULL) << 24) \ 37 | (((uint64_t)(val) & 0x00000000ff000000ULL) << 8) \ 38 | (((uint64_t)(val) & 0x000000ff00000000ULL) >> 8) \ 39 | (((uint64_t)(val) & 0x0000ff0000000000ULL) >> 24) \ 40 | (((uint64_t)(val) & 0x00ff000000000000ULL) >> 40) \ 41 | (((uint64_t)(val) & 0xff00000000000000ULL) >> 56)) 42 43 44 typedef uint64_t beint64_t; 45 46 #if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ 47 48 /** 49 * CPU_TO_BE64 - convert a constant uint64_t value to big-endian 50 * @native: constant to convert 51 */ 52 #define CPU_TO_BE64(native) ((beint64_t)(native)) 53 /** 54 * BE64_TO_CPU - convert a big-endian uint64_t constant 55 * @le_val: big-endian constant to convert 56 */ 57 #define BE64_TO_CPU(le_val) ((uint64_t)(le_val)) 58 59 #else /* ... HAVE_LITTLE_ENDIAN */ 60 #define CPU_TO_BE64(native) ((beint64_t)BSWAP_64(native)) 61 #define BE64_TO_CPU(le_val) BSWAP_64((uint64_t)le_val) 62 #endif /* HAVE_LITTE_ENDIAN */ 63 64 /** 65 * cpu_to_be64 - convert a uint64_t value to big endian. 66 * @native: value to convert 67 */ 68 static inline beint64_t cpu_to_be64(uint64_t native) 69 { 70 return CPU_TO_BE64(native); 71 } 72 73 /** 74 * be64_to_cpu - convert a big-endian uint64_t value 75 * @be_val: big-endian value to convert 76 */ 77 static inline uint64_t be64_to_cpu(beint64_t be_val) 78 { 79 return BE64_TO_CPU(be_val); 80 } 81 82 /* From compiler.h */ 83 84 #ifndef UNUSED 85 /** 86 * UNUSED - a parameter is unused 87 * 88 * Some compilers (eg. gcc with -W or -Wunused) warn about unused 89 * function parameters. This suppresses such warnings and indicates 90 * to the reader that it's deliberate. 91 * 92 * Example: 93 * // This is used as a callback, so needs to have this prototype. 94 * static int some_callback(void *unused UNUSED) 95 * { 96 * return 0; 97 * } 98 */ 99 #define UNUSED __attribute__((__unused__)) 100 #endif 101 102 /* From sha512.h */ 103 104 /** 105 * struct sha512 - structure representing a completed SHA512. 106 * @u.u8: an unsigned char array. 107 * @u.u64: a 64-bit integer array. 108 * 109 * Other fields may be added to the union in future. 110 */ 111 struct sha512 { 112 union { 113 uint64_t u64[8]; 114 unsigned char u8[64]; 115 } u; 116 }; 117 118 /** 119 * sha512 - return sha512 of an object. 120 * @sha512: the sha512 to fill in 121 * @p: pointer to memory, 122 * @size: the number of bytes pointed to by @p 123 * 124 * The bytes pointed to by @p is SHA512 hashed into @sha512. This is 125 * equivalent to sha512_init(), sha512_update() then sha512_done(). 126 */ 127 void sha512(struct sha512 *sha, const void *p, size_t size); 128 129 /** 130 * struct sha512_ctx - structure to store running context for sha512 131 */ 132 struct sha512_ctx { 133 uint64_t s[8]; 134 union { 135 uint64_t u64[16]; 136 unsigned char u8[128]; 137 } buf; 138 size_t bytes; 139 }; 140 141 /** 142 * sha512_init - initialize an SHA512 context. 143 * @ctx: the sha512_ctx to initialize 144 * 145 * This must be called before sha512_update or sha512_done, or 146 * alternately you can assign SHA512_INIT. 147 * 148 * If it was already initialized, this forgets anything which was 149 * hashed before. 150 * 151 * Example: 152 * static void hash_all(const char **arr, struct sha512 *hash) 153 * { 154 * size_t i; 155 * struct sha512_ctx ctx; 156 * 157 * sha512_init(&ctx); 158 * for (i = 0; arr[i]; i++) 159 * sha512_update(&ctx, arr[i], strlen(arr[i])); 160 * sha512_done(&ctx, hash); 161 * } 162 */ 163 void sha512_init(struct sha512_ctx *ctx); 164 165 /** 166 * SHA512_INIT - initializer for an SHA512 context. 167 * 168 * This can be used to statically initialize an SHA512 context (instead 169 * of sha512_init()). 170 * 171 * Example: 172 * static void hash_all(const char **arr, struct sha512 *hash) 173 * { 174 * size_t i; 175 * struct sha512_ctx ctx = SHA512_INIT; 176 * 177 * for (i = 0; arr[i]; i++) 178 * sha512_update(&ctx, arr[i], strlen(arr[i])); 179 * sha512_done(&ctx, hash); 180 * } 181 */ 182 #define SHA512_INIT \ 183 { { 0x6a09e667f3bcc908ull, 0xbb67ae8584caa73bull, \ 184 0x3c6ef372fe94f82bull, 0xa54ff53a5f1d36f1ull, \ 185 0x510e527fade682d1ull, 0x9b05688c2b3e6c1full, \ 186 0x1f83d9abfb41bd6bull, 0x5be0cd19137e2179ull }, \ 187 { { 0 } }, 0 } 188 189 /** 190 * sha512_update - include some memory in the hash. 191 * @ctx: the sha512_ctx to use 192 * @p: pointer to memory, 193 * @size: the number of bytes pointed to by @p 194 * 195 * You can call this multiple times to hash more data, before calling 196 * sha512_done(). 197 */ 198 void sha512_update(struct sha512_ctx *ctx, const void *p, size_t size); 199 200 /** 201 * sha512_done - finish SHA512 and return the hash 202 * @ctx: the sha512_ctx to complete 203 * @res: the hash to return. 204 * 205 * Note that @ctx is *destroyed* by this, and must be reinitialized. 206 * To avoid that, pass a copy instead. 207 */ 208 void sha512_done(struct sha512_ctx *sha512, struct sha512 *res); 209 210 /* From sha512.c */ 211 212 /* 213 * SHA512 core code translated from the Bitcoin project's C++: 214 * 215 * src/crypto/sha512.cpp commit f914f1a746d7f91951c1da262a4a749dd3ebfa71 216 * Copyright (c) 2014 The Bitcoin Core developers 217 * Distributed under the MIT software license, see the accompanying 218 * file COPYING or http://www.opensource.org/licenses/mit-license.php. 219 */ 220 /* #include <ccan/endian/endian.h> */ 221 /* #include <ccan/compiler/compiler.h> */ 222 #include <stdbool.h> 223 #include <assert.h> 224 #include <string.h> 225 226 static void invalidate_sha512(struct sha512_ctx *ctx) 227 { 228 ctx->bytes = (size_t)-1; 229 } 230 231 static void check_sha512(struct sha512_ctx *ctx UNUSED) 232 { 233 assert(ctx->bytes != (size_t)-1); 234 } 235 236 static uint64_t Ch(uint64_t x, uint64_t y, uint64_t z) 237 { 238 return z ^ (x & (y ^ z)); 239 } 240 static uint64_t Maj(uint64_t x, uint64_t y, uint64_t z) 241 { 242 return (x & y) | (z & (x | y)); 243 } 244 static uint64_t Sigma0(uint64_t x) 245 { 246 return (x >> 28 | x << 36) ^ (x >> 34 | x << 30) ^ (x >> 39 | x << 25); 247 } 248 static uint64_t Sigma1(uint64_t x) 249 { 250 return (x >> 14 | x << 50) ^ (x >> 18 | x << 46) ^ (x >> 41 | x << 23); 251 } 252 static uint64_t sigma0(uint64_t x) 253 { 254 return (x >> 1 | x << 63) ^ (x >> 8 | x << 56) ^ (x >> 7); 255 } 256 static uint64_t sigma1(uint64_t x) 257 { 258 return (x >> 19 | x << 45) ^ (x >> 61 | x << 3) ^ (x >> 6); 259 } 260 261 /** One round of SHA-512. */ 262 static void Round(uint64_t a, uint64_t b, uint64_t c, uint64_t *d, uint64_t e, uint64_t f, uint64_t g, uint64_t *h, uint64_t k, uint64_t w) 263 { 264 uint64_t t1 = *h + Sigma1(e) + Ch(e, f, g) + k + w; 265 uint64_t t2 = Sigma0(a) + Maj(a, b, c); 266 *d += t1; 267 *h = t1 + t2; 268 } 269 270 /** Perform one SHA-512 transformation, processing a 128-byte chunk. */ 271 static void Transform(uint64_t *s, const uint64_t *chunk) 272 { 273 uint64_t a = s[0], b = s[1], c = s[2], d = s[3], e = s[4], f = s[5], g = s[6], h = s[7]; 274 uint64_t w0, w1, w2, w3, w4, w5, w6, w7, w8, w9, w10, w11, w12, w13, w14, w15; 275 276 Round(a, b, c, &d, e, f, g, &h, 0x428a2f98d728ae22ull, w0 = be64_to_cpu(chunk[0])); 277 Round(h, a, b, &c, d, e, f, &g, 0x7137449123ef65cdull, w1 = be64_to_cpu(chunk[1])); 278 Round(g, h, a, &b, c, d, e, &f, 0xb5c0fbcfec4d3b2full, w2 = be64_to_cpu(chunk[2])); 279 Round(f, g, h, &a, b, c, d, &e, 0xe9b5dba58189dbbcull, w3 = be64_to_cpu(chunk[3])); 280 Round(e, f, g, &h, a, b, c, &d, 0x3956c25bf348b538ull, w4 = be64_to_cpu(chunk[4])); 281 Round(d, e, f, &g, h, a, b, &c, 0x59f111f1b605d019ull, w5 = be64_to_cpu(chunk[5])); 282 Round(c, d, e, &f, g, h, a, &b, 0x923f82a4af194f9bull, w6 = be64_to_cpu(chunk[6])); 283 Round(b, c, d, &e, f, g, h, &a, 0xab1c5ed5da6d8118ull, w7 = be64_to_cpu(chunk[7])); 284 Round(a, b, c, &d, e, f, g, &h, 0xd807aa98a3030242ull, w8 = be64_to_cpu(chunk[8])); 285 Round(h, a, b, &c, d, e, f, &g, 0x12835b0145706fbeull, w9 = be64_to_cpu(chunk[9])); 286 Round(g, h, a, &b, c, d, e, &f, 0x243185be4ee4b28cull, w10 = be64_to_cpu(chunk[10])); 287 Round(f, g, h, &a, b, c, d, &e, 0x550c7dc3d5ffb4e2ull, w11 = be64_to_cpu(chunk[11])); 288 Round(e, f, g, &h, a, b, c, &d, 0x72be5d74f27b896full, w12 = be64_to_cpu(chunk[12])); 289 Round(d, e, f, &g, h, a, b, &c, 0x80deb1fe3b1696b1ull, w13 = be64_to_cpu(chunk[13])); 290 Round(c, d, e, &f, g, h, a, &b, 0x9bdc06a725c71235ull, w14 = be64_to_cpu(chunk[14])); 291 Round(b, c, d, &e, f, g, h, &a, 0xc19bf174cf692694ull, w15 = be64_to_cpu(chunk[15])); 292 293 Round(a, b, c, &d, e, f, g, &h, 0xe49b69c19ef14ad2ull, w0 += sigma1(w14) + w9 + sigma0(w1)); 294 Round(h, a, b, &c, d, e, f, &g, 0xefbe4786384f25e3ull, w1 += sigma1(w15) + w10 + sigma0(w2)); 295 Round(g, h, a, &b, c, d, e, &f, 0x0fc19dc68b8cd5b5ull, w2 += sigma1(w0) + w11 + sigma0(w3)); 296 Round(f, g, h, &a, b, c, d, &e, 0x240ca1cc77ac9c65ull, w3 += sigma1(w1) + w12 + sigma0(w4)); 297 Round(e, f, g, &h, a, b, c, &d, 0x2de92c6f592b0275ull, w4 += sigma1(w2) + w13 + sigma0(w5)); 298 Round(d, e, f, &g, h, a, b, &c, 0x4a7484aa6ea6e483ull, w5 += sigma1(w3) + w14 + sigma0(w6)); 299 Round(c, d, e, &f, g, h, a, &b, 0x5cb0a9dcbd41fbd4ull, w6 += sigma1(w4) + w15 + sigma0(w7)); 300 Round(b, c, d, &e, f, g, h, &a, 0x76f988da831153b5ull, w7 += sigma1(w5) + w0 + sigma0(w8)); 301 Round(a, b, c, &d, e, f, g, &h, 0x983e5152ee66dfabull, w8 += sigma1(w6) + w1 + sigma0(w9)); 302 Round(h, a, b, &c, d, e, f, &g, 0xa831c66d2db43210ull, w9 += sigma1(w7) + w2 + sigma0(w10)); 303 Round(g, h, a, &b, c, d, e, &f, 0xb00327c898fb213full, w10 += sigma1(w8) + w3 + sigma0(w11)); 304 Round(f, g, h, &a, b, c, d, &e, 0xbf597fc7beef0ee4ull, w11 += sigma1(w9) + w4 + sigma0(w12)); 305 Round(e, f, g, &h, a, b, c, &d, 0xc6e00bf33da88fc2ull, w12 += sigma1(w10) + w5 + sigma0(w13)); 306 Round(d, e, f, &g, h, a, b, &c, 0xd5a79147930aa725ull, w13 += sigma1(w11) + w6 + sigma0(w14)); 307 Round(c, d, e, &f, g, h, a, &b, 0x06ca6351e003826full, w14 += sigma1(w12) + w7 + sigma0(w15)); 308 Round(b, c, d, &e, f, g, h, &a, 0x142929670a0e6e70ull, w15 += sigma1(w13) + w8 + sigma0(w0)); 309 310 Round(a, b, c, &d, e, f, g, &h, 0x27b70a8546d22ffcull, w0 += sigma1(w14) + w9 + sigma0(w1)); 311 Round(h, a, b, &c, d, e, f, &g, 0x2e1b21385c26c926ull, w1 += sigma1(w15) + w10 + sigma0(w2)); 312 Round(g, h, a, &b, c, d, e, &f, 0x4d2c6dfc5ac42aedull, w2 += sigma1(w0) + w11 + sigma0(w3)); 313 Round(f, g, h, &a, b, c, d, &e, 0x53380d139d95b3dfull, w3 += sigma1(w1) + w12 + sigma0(w4)); 314 Round(e, f, g, &h, a, b, c, &d, 0x650a73548baf63deull, w4 += sigma1(w2) + w13 + sigma0(w5)); 315 Round(d, e, f, &g, h, a, b, &c, 0x766a0abb3c77b2a8ull, w5 += sigma1(w3) + w14 + sigma0(w6)); 316 Round(c, d, e, &f, g, h, a, &b, 0x81c2c92e47edaee6ull, w6 += sigma1(w4) + w15 + sigma0(w7)); 317 Round(b, c, d, &e, f, g, h, &a, 0x92722c851482353bull, w7 += sigma1(w5) + w0 + sigma0(w8)); 318 Round(a, b, c, &d, e, f, g, &h, 0xa2bfe8a14cf10364ull, w8 += sigma1(w6) + w1 + sigma0(w9)); 319 Round(h, a, b, &c, d, e, f, &g, 0xa81a664bbc423001ull, w9 += sigma1(w7) + w2 + sigma0(w10)); 320 Round(g, h, a, &b, c, d, e, &f, 0xc24b8b70d0f89791ull, w10 += sigma1(w8) + w3 + sigma0(w11)); 321 Round(f, g, h, &a, b, c, d, &e, 0xc76c51a30654be30ull, w11 += sigma1(w9) + w4 + sigma0(w12)); 322 Round(e, f, g, &h, a, b, c, &d, 0xd192e819d6ef5218ull, w12 += sigma1(w10) + w5 + sigma0(w13)); 323 Round(d, e, f, &g, h, a, b, &c, 0xd69906245565a910ull, w13 += sigma1(w11) + w6 + sigma0(w14)); 324 Round(c, d, e, &f, g, h, a, &b, 0xf40e35855771202aull, w14 += sigma1(w12) + w7 + sigma0(w15)); 325 Round(b, c, d, &e, f, g, h, &a, 0x106aa07032bbd1b8ull, w15 += sigma1(w13) + w8 + sigma0(w0)); 326 327 Round(a, b, c, &d, e, f, g, &h, 0x19a4c116b8d2d0c8ull, w0 += sigma1(w14) + w9 + sigma0(w1)); 328 Round(h, a, b, &c, d, e, f, &g, 0x1e376c085141ab53ull, w1 += sigma1(w15) + w10 + sigma0(w2)); 329 Round(g, h, a, &b, c, d, e, &f, 0x2748774cdf8eeb99ull, w2 += sigma1(w0) + w11 + sigma0(w3)); 330 Round(f, g, h, &a, b, c, d, &e, 0x34b0bcb5e19b48a8ull, w3 += sigma1(w1) + w12 + sigma0(w4)); 331 Round(e, f, g, &h, a, b, c, &d, 0x391c0cb3c5c95a63ull, w4 += sigma1(w2) + w13 + sigma0(w5)); 332 Round(d, e, f, &g, h, a, b, &c, 0x4ed8aa4ae3418acbull, w5 += sigma1(w3) + w14 + sigma0(w6)); 333 Round(c, d, e, &f, g, h, a, &b, 0x5b9cca4f7763e373ull, w6 += sigma1(w4) + w15 + sigma0(w7)); 334 Round(b, c, d, &e, f, g, h, &a, 0x682e6ff3d6b2b8a3ull, w7 += sigma1(w5) + w0 + sigma0(w8)); 335 Round(a, b, c, &d, e, f, g, &h, 0x748f82ee5defb2fcull, w8 += sigma1(w6) + w1 + sigma0(w9)); 336 Round(h, a, b, &c, d, e, f, &g, 0x78a5636f43172f60ull, w9 += sigma1(w7) + w2 + sigma0(w10)); 337 Round(g, h, a, &b, c, d, e, &f, 0x84c87814a1f0ab72ull, w10 += sigma1(w8) + w3 + sigma0(w11)); 338 Round(f, g, h, &a, b, c, d, &e, 0x8cc702081a6439ecull, w11 += sigma1(w9) + w4 + sigma0(w12)); 339 Round(e, f, g, &h, a, b, c, &d, 0x90befffa23631e28ull, w12 += sigma1(w10) + w5 + sigma0(w13)); 340 Round(d, e, f, &g, h, a, b, &c, 0xa4506cebde82bde9ull, w13 += sigma1(w11) + w6 + sigma0(w14)); 341 Round(c, d, e, &f, g, h, a, &b, 0xbef9a3f7b2c67915ull, w14 += sigma1(w12) + w7 + sigma0(w15)); 342 Round(b, c, d, &e, f, g, h, &a, 0xc67178f2e372532bull, w15 += sigma1(w13) + w8 + sigma0(w0)); 343 344 Round(a, b, c, &d, e, f, g, &h, 0xca273eceea26619cull, w0 += sigma1(w14) + w9 + sigma0(w1)); 345 Round(h, a, b, &c, d, e, f, &g, 0xd186b8c721c0c207ull, w1 += sigma1(w15) + w10 + sigma0(w2)); 346 Round(g, h, a, &b, c, d, e, &f, 0xeada7dd6cde0eb1eull, w2 += sigma1(w0) + w11 + sigma0(w3)); 347 Round(f, g, h, &a, b, c, d, &e, 0xf57d4f7fee6ed178ull, w3 += sigma1(w1) + w12 + sigma0(w4)); 348 Round(e, f, g, &h, a, b, c, &d, 0x06f067aa72176fbaull, w4 += sigma1(w2) + w13 + sigma0(w5)); 349 Round(d, e, f, &g, h, a, b, &c, 0x0a637dc5a2c898a6ull, w5 += sigma1(w3) + w14 + sigma0(w6)); 350 Round(c, d, e, &f, g, h, a, &b, 0x113f9804bef90daeull, w6 += sigma1(w4) + w15 + sigma0(w7)); 351 Round(b, c, d, &e, f, g, h, &a, 0x1b710b35131c471bull, w7 += sigma1(w5) + w0 + sigma0(w8)); 352 Round(a, b, c, &d, e, f, g, &h, 0x28db77f523047d84ull, w8 += sigma1(w6) + w1 + sigma0(w9)); 353 Round(h, a, b, &c, d, e, f, &g, 0x32caab7b40c72493ull, w9 += sigma1(w7) + w2 + sigma0(w10)); 354 Round(g, h, a, &b, c, d, e, &f, 0x3c9ebe0a15c9bebcull, w10 += sigma1(w8) + w3 + sigma0(w11)); 355 Round(f, g, h, &a, b, c, d, &e, 0x431d67c49c100d4cull, w11 += sigma1(w9) + w4 + sigma0(w12)); 356 Round(e, f, g, &h, a, b, c, &d, 0x4cc5d4becb3e42b6ull, w12 += sigma1(w10) + w5 + sigma0(w13)); 357 Round(d, e, f, &g, h, a, b, &c, 0x597f299cfc657e2aull, w13 += sigma1(w11) + w6 + sigma0(w14)); 358 Round(c, d, e, &f, g, h, a, &b, 0x5fcb6fab3ad6faecull, w14 + sigma1(w12) + w7 + sigma0(w15)); 359 Round(b, c, d, &e, f, g, h, &a, 0x6c44198c4a475817ull, w15 + sigma1(w13) + w8 + sigma0(w0)); 360 361 s[0] += a; 362 s[1] += b; 363 s[2] += c; 364 s[3] += d; 365 s[4] += e; 366 s[5] += f; 367 s[6] += g; 368 s[7] += h; 369 } 370 371 static bool alignment_ok(const void *p UNUSED, size_t n UNUSED) 372 { 373 #if HAVE_UNALIGNED_ACCESS 374 return true; 375 #else 376 return ((size_t)p % n == 0); 377 #endif 378 } 379 380 static void add(struct sha512_ctx *ctx, const void *p, size_t len) 381 { 382 const unsigned char *data = p; 383 size_t bufsize = ctx->bytes % 128; 384 385 if (bufsize + len >= 128) { 386 /* Fill the buffer, and process it. */ 387 memcpy(ctx->buf.u8 + bufsize, data, 128 - bufsize); 388 ctx->bytes += 128 - bufsize; 389 data += 128 - bufsize; 390 len -= 128 - bufsize; 391 Transform(ctx->s, ctx->buf.u64); 392 bufsize = 0; 393 } 394 395 while (len >= 128) { 396 /* Process full chunks directly from the source. */ 397 if (alignment_ok(data, sizeof(uint64_t))) 398 Transform(ctx->s, (const uint64_t *)data); 399 else { 400 memcpy(ctx->buf.u8, data, sizeof(ctx->buf)); 401 Transform(ctx->s, ctx->buf.u64); 402 } 403 ctx->bytes += 128; 404 data += 128; 405 len -= 128; 406 } 407 408 if (len) { 409 /* Fill the buffer with what remains. */ 410 memcpy(ctx->buf.u8 + bufsize, data, len); 411 ctx->bytes += len; 412 } 413 } 414 415 void sha512_init(struct sha512_ctx *ctx) 416 { 417 struct sha512_ctx init = SHA512_INIT; 418 *ctx = init; 419 } 420 421 void sha512_update(struct sha512_ctx *ctx, const void *p, size_t size) 422 { 423 check_sha512(ctx); 424 add(ctx, p, size); 425 } 426 427 void sha512_done(struct sha512_ctx *ctx, struct sha512 *res) 428 { 429 static const unsigned char pad[128] = { 0x80 }; 430 uint64_t sizedesc[2] = { 0, 0 }; 431 size_t i; 432 433 sizedesc[1] = cpu_to_be64((uint64_t)ctx->bytes << 3); 434 435 /* Add '1' bit to terminate, then all 0 bits, up to next block - 16. */ 436 add(ctx, pad, 1 + ((256 - 16 - (ctx->bytes % 128) - 1) % 128)); 437 /* Add number of bits of data (big endian) */ 438 add(ctx, sizedesc, sizeof(sizedesc)); 439 for (i = 0; i < sizeof(ctx->s) / sizeof(ctx->s[0]); i++) 440 res->u.u64[i] = cpu_to_be64(ctx->s[i]); 441 invalidate_sha512(ctx); 442 } 443 444 void sha512(struct sha512 *sha, const void *p, size_t size) 445 { 446 struct sha512_ctx ctx; 447 448 sha512_init(&ctx); 449 sha512_update(&ctx, p, size); 450 sha512_done(&ctx, sha); 451 } 452 453 /* From hex.h */ 454 /** 455 * hex_decode - Unpack a hex string. 456 * @str: the hexidecimal string 457 * @slen: the length of @str 458 * @buf: the buffer to write the data into 459 * @bufsize: the length of @buf 460 * 461 * Returns false if there are any characters which aren't 0-9, a-f or A-F, 462 * of the string wasn't the right length for @bufsize. 463 * 464 * Example: 465 * unsigned char data[20]; 466 * 467 * if (!hex_decode(argv[1], strlen(argv[1]), data, 20)) 468 * printf("String is malformed!\n"); 469 */ 470 bool hex_decode(const char *str, size_t slen, void *buf, size_t bufsize); 471 472 /** 473 * hex_encode - Create a nul-terminated hex string 474 * @buf: the buffer to read the data from 475 * @bufsize: the length of @buf 476 * @dest: the string to fill 477 * @destsize: the max size of the string 478 * 479 * Returns true if the string, including terminator, fit in @destsize; 480 * 481 * Example: 482 * unsigned char buf[] = { 0x1F, 0x2F }; 483 * char str[5]; 484 * 485 * if (!hex_encode(buf, sizeof(buf), str, sizeof(str))) 486 * abort(); 487 */ 488 bool hex_encode(const void *buf, size_t bufsize, char *dest, size_t destsize); 489 490 /** 491 * hex_str_size - Calculate how big a nul-terminated hex string is 492 * @bytes: bytes of data to represent 493 * 494 * Example: 495 * unsigned char buf[] = { 0x1F, 0x2F }; 496 * char str[hex_str_size(sizeof(buf))]; 497 * 498 * hex_encode(buf, sizeof(buf), str, sizeof(str)); 499 */ 500 static inline size_t hex_str_size(size_t bytes) 501 { 502 return 2 * bytes + 1; 503 } 504 505 /* From hex.c */ 506 static bool char_to_hex(unsigned char *val, char c) 507 { 508 if (c >= '0' && c <= '9') { 509 *val = c - '0'; 510 return true; 511 } 512 if (c >= 'a' && c <= 'f') { 513 *val = c - 'a' + 10; 514 return true; 515 } 516 if (c >= 'A' && c <= 'F') { 517 *val = c - 'A' + 10; 518 return true; 519 } 520 return false; 521 } 522 523 bool hex_decode(const char *str, size_t slen, void *buf, size_t bufsize) 524 { 525 unsigned char v1, v2; 526 unsigned char *p = buf; 527 528 while (slen > 1) { 529 if (!char_to_hex(&v1, str[0]) || !char_to_hex(&v2, str[1])) 530 return false; 531 if (!bufsize) 532 return false; 533 *(p++) = (v1 << 4) | v2; 534 str += 2; 535 slen -= 2; 536 bufsize--; 537 } 538 return slen == 0 && bufsize == 0; 539 } 540 541 static char hexchar(unsigned int val) 542 { 543 if (val < 10) 544 return '0' + val; 545 if (val < 16) 546 return 'a' + val - 10; 547 abort(); 548 } 549 550 bool hex_encode(const void *buf, size_t bufsize, char *dest, size_t destsize) 551 { 552 size_t i; 553 554 if (destsize < hex_str_size(bufsize)) 555 return false; 556 557 for (i = 0; i < bufsize; i++) { 558 unsigned int c = ((const unsigned char *)buf)[i]; 559 *(dest++) = hexchar(c >> 4); 560 *(dest++) = hexchar(c & 0xF); 561 } 562 *dest = '\0'; 563 564 return true; 565 } 566 567 /* From tap.h */ 568 /** 569 * plan_tests - announce the number of tests you plan to run 570 * @tests: the number of tests 571 * 572 * This should be the first call in your test program: it allows tracing 573 * of failures which mean that not all tests are run. 574 * 575 * If you don't know how many tests will actually be run, assume all of them 576 * and use skip() if you don't actually run some tests. 577 * 578 * Example: 579 * plan_tests(13); 580 */ 581 void plan_tests(unsigned int tests); 582 583 /** 584 * ok1 - Simple conditional test 585 * @e: the expression which we expect to be true. 586 * 587 * This is the simplest kind of test: if the expression is true, the 588 * test passes. The name of the test which is printed will simply be 589 * file name, line number, and the expression itself. 590 * 591 * Example: 592 * ok1(somefunc() == 1); 593 */ 594 # define ok1(e) ((e) ? \ 595 _gen_result(1, __func__, __FILE__, __LINE__, "%s", #e) : \ 596 _gen_result(0, __func__, __FILE__, __LINE__, "%s", #e)) 597 598 /** 599 * exit_status - the value that main should return. 600 * 601 * For maximum compatibility your test program should return a particular exit 602 * code (ie. 0 if all tests were run, and every test which was expected to 603 * succeed succeeded). 604 * 605 * Example: 606 * exit(exit_status()); 607 */ 608 int exit_status(void); 609 610 /** 611 * tap_fail_callback - function to call when we fail 612 * 613 * This can be used to ease debugging, or exit on the first failure. 614 */ 615 void (*tap_fail_callback)(void); 616 617 /* From tap.c */ 618 619 static int no_plan = 0; 620 static int skip_all = 0; 621 static int have_plan = 0; 622 static unsigned int test_count = 0; /* Number of tests that have been run */ 623 static unsigned int e_tests = 0; /* Expected number of tests to run */ 624 static unsigned int failures = 0; /* Number of tests that failed */ 625 static char *todo_msg = NULL; 626 static const char *todo_msg_fixed = "libtap malloc issue"; 627 static int todo = 0; 628 static int test_died = 0; 629 static int test_pid; 630 631 static void 632 _expected_tests(unsigned int tests) 633 { 634 printf("1..%d\n", tests); 635 e_tests = tests; 636 } 637 638 static void 639 diagv(const char *fmt, va_list ap) 640 { 641 fputs("# ", stdout); 642 vfprintf(stdout, fmt, ap); 643 fputs("\n", stdout); 644 } 645 646 static void 647 _diag(const char *fmt, ...) 648 { 649 va_list ap; 650 va_start(ap, fmt); 651 diagv(fmt, ap); 652 va_end(ap); 653 } 654 655 /* 656 * Generate a test result. 657 * 658 * ok -- boolean, indicates whether or not the test passed. 659 * test_name -- the name of the test, may be NULL 660 * test_comment -- a comment to print afterwards, may be NULL 661 */ 662 unsigned int 663 _gen_result(int ok, const char *func, const char *file, unsigned int line, 664 const char *test_name, ...) 665 { 666 va_list ap; 667 char *local_test_name = NULL; 668 char *c; 669 int name_is_digits; 670 671 test_count++; 672 673 /* Start by taking the test name and performing any printf() 674 expansions on it */ 675 if(test_name != NULL) { 676 va_start(ap, test_name); 677 if (vasprintf(&local_test_name, test_name, ap) < 0) 678 local_test_name = NULL; 679 va_end(ap); 680 681 /* Make sure the test name contains more than digits 682 and spaces. Emit an error message and exit if it 683 does */ 684 if(local_test_name) { 685 name_is_digits = 1; 686 for(c = local_test_name; *c != '\0'; c++) { 687 if(!isdigit((unsigned char)*c) 688 && !isspace((unsigned char)*c)) { 689 name_is_digits = 0; 690 break; 691 } 692 } 693 694 if(name_is_digits) { 695 _diag(" You named your test '%s'. You shouldn't use numbers for your test names.", local_test_name); 696 _diag(" Very confusing."); 697 } 698 } 699 } 700 701 if(!ok) { 702 printf("not "); 703 failures++; 704 } 705 706 printf("ok %d", test_count); 707 708 if(test_name != NULL) { 709 printf(" - "); 710 711 /* Print the test name, escaping any '#' characters it 712 might contain */ 713 if(local_test_name != NULL) { 714 flockfile(stdout); 715 for(c = local_test_name; *c != '\0'; c++) { 716 if(*c == '#') 717 fputc('\\', stdout); 718 fputc((int)*c, stdout); 719 } 720 funlockfile(stdout); 721 } else { /* vasprintf() failed, use a fixed message */ 722 printf("%s", todo_msg_fixed); 723 } 724 } 725 726 /* If we're in a todo_start() block then flag the test as being 727 TODO. todo_msg should contain the message to print at this 728 point. If it's NULL then asprintf() failed, and we should 729 use the fixed message. 730 731 This is not counted as a failure, so decrement the counter if 732 the test failed. */ 733 if(todo) { 734 printf(" # TODO %s", todo_msg ? todo_msg : todo_msg_fixed); 735 if(!ok) 736 failures--; 737 } 738 739 printf("\n"); 740 741 if(!ok) 742 _diag(" Failed %stest (%s:%s() at line %d)", 743 todo ? "(TODO) " : "", file, func, line); 744 745 free(local_test_name); 746 747 if (!ok && tap_fail_callback) 748 tap_fail_callback(); 749 750 /* We only care (when testing) that ok is positive, but here we 751 specifically only want to return 1 or 0 */ 752 return ok ? 1 : 0; 753 } 754 755 /* 756 * Cleanup at the end of the run, produce any final output that might be 757 * required. 758 */ 759 static void 760 _cleanup(void) 761 { 762 /* If we forked, don't do cleanup in child! */ 763 if (getpid() != test_pid) 764 return; 765 766 /* If plan_no_plan() wasn't called, and we don't have a plan, 767 and we're not skipping everything, then something happened 768 before we could produce any output */ 769 if(!no_plan && !have_plan && !skip_all) { 770 _diag("Looks like your test died before it could output anything."); 771 return; 772 } 773 774 if(test_died) { 775 _diag("Looks like your test died just after %d.", test_count); 776 return; 777 } 778 779 780 /* No plan provided, but now we know how many tests were run, and can 781 print the header at the end */ 782 if(!skip_all && (no_plan || !have_plan)) { 783 printf("1..%d\n", test_count); 784 } 785 786 if((have_plan && !no_plan) && e_tests < test_count) { 787 _diag("Looks like you planned %d tests but ran %d extra.", 788 e_tests, test_count - e_tests); 789 return; 790 } 791 792 if((have_plan || !no_plan) && e_tests > test_count) { 793 _diag("Looks like you planned %d tests but only ran %d.", 794 e_tests, test_count); 795 if(failures) { 796 _diag("Looks like you failed %d tests of %d run.", 797 failures, test_count); 798 } 799 return; 800 } 801 802 if(failures) 803 _diag("Looks like you failed %d tests of %d.", 804 failures, test_count); 805 806 } 807 808 /* 809 * Initialise the TAP library. Will only do so once, however many times it's 810 * called. 811 */ 812 static void 813 _tap_init(void) 814 { 815 static int run_once = 0; 816 817 if(!run_once) { 818 test_pid = getpid(); 819 atexit(_cleanup); 820 821 /* stdout needs to be unbuffered so that the output appears 822 in the same place relative to stderr output as it does 823 with Test::Harness */ 824 // setbuf(stdout, 0); 825 run_once = 1; 826 } 827 } 828 829 /* 830 * Note the number of tests that will be run. 831 */ 832 void 833 plan_tests(unsigned int tests) 834 { 835 836 _tap_init(); 837 838 if(have_plan != 0) { 839 fprintf(stderr, "You tried to plan twice!\n"); 840 test_died = 1; 841 exit(255); 842 } 843 844 if(tests == 0) { 845 fprintf(stderr, "You said to run 0 tests! You've got to run something.\n"); 846 test_died = 1; 847 exit(255); 848 } 849 850 have_plan = 1; 851 852 _expected_tests(tests); 853 } 854 855 static int 856 exit_status_(void) 857 { 858 /* If there's no plan, just return the number of failures */ 859 if(no_plan || !have_plan) { 860 return failures; 861 } 862 863 /* Ran too many tests? Return the number of tests that were run 864 that shouldn't have been */ 865 if(e_tests < test_count) { 866 return test_count - e_tests; 867 } 868 869 /* Return the number of tests that failed + the number of tests 870 that weren't run */ 871 return failures + e_tests - test_count; 872 } 873 874 int 875 exit_status(void) 876 { 877 int r = exit_status_(); 878 if (r > 255) 879 r = 255; 880 return r; 881 } 882 883 /* From run-test-vectors.c */ 884 885 /* Test vectors. */ 886 struct test { 887 const char *vector; 888 size_t repetitions; 889 const char *expected; 890 }; 891 892 static const char ZEROES[] = 893 "0000000000000000000000000000000000000000000000000000000000000000" 894 "0000000000000000000000000000000000000000000000000000000000000000"; 895 896 static struct test tests[] = { 897 /* http://csrc.nist.gov/groups/STM/cavp/secure-hashing.html ShortMsg */ 898 { "21", 1, 899 "3831a6a6155e509dee59a7f451eb35324d8f8f2df6e3708894740f98fdee2388" 900 "9f4de5adb0c5010dfb555cda77c8ab5dc902094c52de3278f35a75ebc25f093a" }, 901 { "9083", 1, 902 "55586ebba48768aeb323655ab6f4298fc9f670964fc2e5f2731e34dfa4b0c09e" 903 "6e1e12e3d7286b3145c61c2047fb1a2a1297f36da64160b31fa4c8c2cddd2fb4" }, 904 { "0a55db", 1, 905 "7952585e5330cb247d72bae696fc8a6b0f7d0804577e347d99bc1b11e52f3849" 906 "85a428449382306a89261ae143c2f3fb613804ab20b42dc097e5bf4a96ef919b" }, 907 { "23be86d5", 1, 908 "76d42c8eadea35a69990c63a762f330614a4699977f058adb988f406fb0be8f2" 909 "ea3dce3a2bbd1d827b70b9b299ae6f9e5058ee97b50bd4922d6d37ddc761f8eb" }, 910 { "eb0ca946c1", 1, 911 "d39ecedfe6e705a821aee4f58bfc489c3d9433eb4ac1b03a97e321a2586b40dd" 912 "0522f40fa5aef36afff591a78c916bfc6d1ca515c4983dd8695b1ec7951d723e" }, 913 { "38667f39277b", 1, 914 "85708b8ff05d974d6af0801c152b95f5fa5c06af9a35230c5bea2752f031f9bd" 915 "84bd844717b3add308a70dc777f90813c20b47b16385664eefc88449f04f2131" }, 916 { "b39f71aaa8a108", 1, 917 "258b8efa05b4a06b1e63c7a3f925c5ef11fa03e3d47d631bf4d474983783d8c0" 918 "b09449009e842fc9fa15de586c67cf8955a17d790b20f41dadf67ee8cdcdfce6" }, 919 { "dc28484ebfd293d62ac759d5754bdf502423e4d419fa79020805134b2ce3dff7" 920 "38c7556c91d810adbad8dd210f041296b73c2185d4646c97fc0a5b69ed49ac8c" 921 "7ced0bd1cfd7e3c3cca47374d189247da6811a40b0ab097067ed4ad40ade2e47" 922 "91e39204e398b3204971445822a1be0dd93af8", 1, 923 "615115d2e8b62e345adaa4bdb95395a3b4fe27d71c4a111b86c1841463c5f03d" 924 "6b20d164a39948ab08ae060720d05c10f6022e5c8caf2fa3bca2e04d9c539ded" }, 925 { "fd2203e467574e834ab07c9097ae164532f24be1eb5d88f1af7748ceff0d2c67" 926 "a21f4e4097f9d3bb4e9fbf97186e0db6db0100230a52b453d421f8ab9c9a6043" 927 "aa3295ea20d2f06a2f37470d8a99075f1b8a8336f6228cf08b5942fc1fb4299c" 928 "7d2480e8e82bce175540bdfad7752bc95b577f229515394f3ae5cec870a4b2f8", 929 1, 930 "a21b1077d52b27ac545af63b32746c6e3c51cb0cb9f281eb9f3580a6d4996d5c" 931 "9917d2a6e484627a9d5a06fa1b25327a9d710e027387fc3e07d7c4d14c6086cc" }, 932 /* http://www.di-mgt.com.au/sha_testvectors.html */ 933 { ZEROES, 1, 934 "7be9fda48f4179e611c698a73cff09faf72869431efee6eaad14de0cb44bbf66" 935 "503f752b7a8eb17083355f3ce6eb7d2806f236b25af96a24e22b887405c20081" } 936 }; 937 938 static void *xmalloc(size_t size) 939 { 940 char * ret; 941 ret = malloc(size); 942 if (ret == NULL) { 943 perror("malloc"); 944 abort(); 945 } 946 return ret; 947 } 948 949 static bool do_test(const struct test *t) 950 { 951 struct sha512 h; 952 char got[128 + 1]; 953 bool passed; 954 size_t i, vector_len = strlen(t->vector) / 2; 955 void *vector = xmalloc(vector_len); 956 957 hex_decode(t->vector, vector_len * 2, vector, vector_len); 958 959 for (i = 0; i < t->repetitions; i++) { 960 sha512(&h, vector, vector_len); 961 if (t->repetitions > 1) 962 memcpy(vector, &h, sizeof(h)); 963 } 964 965 hex_encode(&h, sizeof(h), got, sizeof(got)); 966 967 passed = strcmp(t->expected, got) == 0; 968 free(vector); 969 return passed; 970 } 971 972 int main(void) 973 { 974 const size_t num_tests = sizeof(tests) / sizeof(tests[0]); 975 size_t i; 976 977 /* This is how many tests you plan to run */ 978 plan_tests(num_tests); 979 980 for (i = 0; i < num_tests; i++) 981 ok1(do_test(&tests[i])); 982 983 /* This exits depending on whether all tests passed */ 984 return exit_status(); 985 } 986