From 0d73f8ebb66d2613ecc0b87c6e608de59be110f6 Mon Sep 17 00:00:00 2001 From: Rusty Russell Date: Mon, 25 May 2015 11:38:46 +0930 Subject: [PATCH] crypto/sha256: new module. Signed-off-by: Rusty Russell --- ccan/crypto/sha256/LICENSE | 1 + ccan/crypto/sha256/_info | 55 ++++ ccan/crypto/sha256/sha256.c | 317 +++++++++++++++++++++ ccan/crypto/sha256/sha256.h | 153 ++++++++++ ccan/crypto/sha256/test/run-33-bit-test.c | 54 ++++ ccan/crypto/sha256/test/run-lotsa-data.c | 23 ++ ccan/crypto/sha256/test/run-test-vectors.c | 83 ++++++ ccan/crypto/sha256/test/run-types.c | 63 ++++ 8 files changed, 749 insertions(+) create mode 120000 ccan/crypto/sha256/LICENSE create mode 100644 ccan/crypto/sha256/_info create mode 100644 ccan/crypto/sha256/sha256.c create mode 100644 ccan/crypto/sha256/sha256.h create mode 100644 ccan/crypto/sha256/test/run-33-bit-test.c create mode 100644 ccan/crypto/sha256/test/run-lotsa-data.c create mode 100644 ccan/crypto/sha256/test/run-test-vectors.c create mode 100644 ccan/crypto/sha256/test/run-types.c diff --git a/ccan/crypto/sha256/LICENSE b/ccan/crypto/sha256/LICENSE new file mode 120000 index 00000000..2b1feca5 --- /dev/null +++ b/ccan/crypto/sha256/LICENSE @@ -0,0 +1 @@ +../../../licenses/BSD-MIT \ No newline at end of file diff --git a/ccan/crypto/sha256/_info b/ccan/crypto/sha256/_info new file mode 100644 index 00000000..fe1f5b8c --- /dev/null +++ b/ccan/crypto/sha256/_info @@ -0,0 +1,55 @@ +#include "config.h" +#include +#include + +/** + * crypto/sha256 - implementation of SHA-2 with 256 bit digest. + * + * This code is either a wrapper for openssl (if CCAN_CRYPTO_SHA256_USE_OPENSSL + * is defined) or an open-coded implementation based on Bitcoin's. + * + * License: BSD-MIT + * Maintainer: Rusty Russell + * + * Example: + * #include + * #include + * #include + * #include + * + * // Simple demonstration: idential strings will have the same hash, but + * // two different strings will not. + * int main(int argc, char *argv[]) + * { + * struct sha256 hash1, hash2; + * + * if (argc != 3) + * errx(1, "Usage: %s ", argv[0]); + * + * sha256(&hash1, argv[1], strlen(argv[1])); + * sha256(&hash2, argv[2], strlen(argv[2])); + * printf("Hash is %s\n", memcmp(&hash1, &hash2, sizeof(hash1)) + * ? "different" : "same"); + * return 0; + * } + */ +int main(int argc, char *argv[]) +{ + /* Expect exactly one argument */ + if (argc != 2) + return 1; + + if (strcmp(argv[1], "depends") == 0) { + printf("ccan/endian\n"); + return 0; + } + + if (strcmp(argv[1], "libs") == 0) { +#ifdef CCAN_CRYPTO_SHA256_USE_OPENSSL + printf("crypto\n"); +#endif + return 0; + } + + return 1; +} diff --git a/ccan/crypto/sha256/sha256.c b/ccan/crypto/sha256/sha256.c new file mode 100644 index 00000000..aed181e4 --- /dev/null +++ b/ccan/crypto/sha256/sha256.c @@ -0,0 +1,317 @@ +/* MIT (BSD) license - see LICENSE file for details */ +/* SHA256 core code translated from the Bitcoin project's C++: + * + * src/crypto/sha256.cpp commit 417532c8acb93c36c2b6fd052b7c11b6a2906aa2 + * Copyright (c) 2014 The Bitcoin Core developers + * Distributed under the MIT software license, see the accompanying + * file COPYING or http://www.opensource.org/licenses/mit-license.php. + */ +#include +#include +#include +#include +#include + +static void invalidate_sha256(struct sha256_ctx *ctx) +{ +#ifdef CCAN_CRYPTO_SHA256_USE_OPENSSL + ctx->c.md_len = 0; +#else + ctx->bytes = -1ULL; +#endif +} + +static void check_sha256(struct sha256_ctx *ctx) +{ +#ifdef CCAN_CRYPTO_SHA256_USE_OPENSSL + assert(ctx->c.md_len != 0); +#else + assert(ctx->bytes != -1ULL); +#endif +} + +#ifdef CCAN_CRYPTO_SHA256_USE_OPENSSL +void sha256_init(struct sha256_ctx *ctx) +{ + SHA256_Init(&ctx->c); +} + +void sha256_update_arr(struct sha256_ctx *ctx, const void *p, + size_t num, size_t size) +{ + size_t total = num * size; + + /* Don't overflow. */ + assert(size == 0 || total / size == num); + check_sha256(ctx); + SHA256_Update(&ctx->c, p, total); +} + +void sha256_done(struct sha256_ctx *ctx, struct sha256 *res) +{ + SHA256_Final(res->u.u8, &ctx->c); + invalidate_sha256(ctx); +} +#else +static uint32_t Ch(uint32_t x, uint32_t y, uint32_t z) +{ + return z ^ (x & (y ^ z)); +} +static uint32_t Maj(uint32_t x, uint32_t y, uint32_t z) +{ + return (x & y) | (z & (x | y)); +} +static uint32_t Sigma0(uint32_t x) +{ + return (x >> 2 | x << 30) ^ (x >> 13 | x << 19) ^ (x >> 22 | x << 10); +} +static uint32_t Sigma1(uint32_t x) +{ + return (x >> 6 | x << 26) ^ (x >> 11 | x << 21) ^ (x >> 25 | x << 7); +} +static uint32_t sigma0(uint32_t x) +{ + return (x >> 7 | x << 25) ^ (x >> 18 | x << 14) ^ (x >> 3); +} +static uint32_t sigma1(uint32_t x) +{ + return (x >> 17 | x << 15) ^ (x >> 19 | x << 13) ^ (x >> 10); +} + +/** One round of SHA-256. */ +static void Round(uint32_t a, uint32_t b, uint32_t c, uint32_t *d, uint32_t e, uint32_t f, uint32_t g, uint32_t *h, uint32_t k, uint32_t w) +{ + uint32_t t1 = *h + Sigma1(e) + Ch(e, f, g) + k + w; + uint32_t t2 = Sigma0(a) + Maj(a, b, c); + *d += t1; + *h = t1 + t2; +} + +/** Perform one SHA-256 transformation, processing a 64-byte chunk. */ +static void Transform(uint32_t *s, const uint32_t *chunk) +{ + uint32_t a = s[0], b = s[1], c = s[2], d = s[3], e = s[4], f = s[5], g = s[6], h = s[7]; + uint32_t w0, w1, w2, w3, w4, w5, w6, w7, w8, w9, w10, w11, w12, w13, w14, w15; + + Round(a, b, c, &d, e, f, g, &h, 0x428a2f98, w0 = be32_to_cpu(chunk[0])); + Round(h, a, b, &c, d, e, f, &g, 0x71374491, w1 = be32_to_cpu(chunk[1])); + Round(g, h, a, &b, c, d, e, &f, 0xb5c0fbcf, w2 = be32_to_cpu(chunk[2])); + Round(f, g, h, &a, b, c, d, &e, 0xe9b5dba5, w3 = be32_to_cpu(chunk[3])); + Round(e, f, g, &h, a, b, c, &d, 0x3956c25b, w4 = be32_to_cpu(chunk[4])); + Round(d, e, f, &g, h, a, b, &c, 0x59f111f1, w5 = be32_to_cpu(chunk[5])); + Round(c, d, e, &f, g, h, a, &b, 0x923f82a4, w6 = be32_to_cpu(chunk[6])); + Round(b, c, d, &e, f, g, h, &a, 0xab1c5ed5, w7 = be32_to_cpu(chunk[7])); + Round(a, b, c, &d, e, f, g, &h, 0xd807aa98, w8 = be32_to_cpu(chunk[8])); + Round(h, a, b, &c, d, e, f, &g, 0x12835b01, w9 = be32_to_cpu(chunk[9])); + Round(g, h, a, &b, c, d, e, &f, 0x243185be, w10 = be32_to_cpu(chunk[10])); + Round(f, g, h, &a, b, c, d, &e, 0x550c7dc3, w11 = be32_to_cpu(chunk[11])); + Round(e, f, g, &h, a, b, c, &d, 0x72be5d74, w12 = be32_to_cpu(chunk[12])); + Round(d, e, f, &g, h, a, b, &c, 0x80deb1fe, w13 = be32_to_cpu(chunk[13])); + Round(c, d, e, &f, g, h, a, &b, 0x9bdc06a7, w14 = be32_to_cpu(chunk[14])); + Round(b, c, d, &e, f, g, h, &a, 0xc19bf174, w15 = be32_to_cpu(chunk[15])); + + Round(a, b, c, &d, e, f, g, &h, 0xe49b69c1, w0 += sigma1(w14) + w9 + sigma0(w1)); + Round(h, a, b, &c, d, e, f, &g, 0xefbe4786, w1 += sigma1(w15) + w10 + sigma0(w2)); + Round(g, h, a, &b, c, d, e, &f, 0x0fc19dc6, w2 += sigma1(w0) + w11 + sigma0(w3)); + Round(f, g, h, &a, b, c, d, &e, 0x240ca1cc, w3 += sigma1(w1) + w12 + sigma0(w4)); + Round(e, f, g, &h, a, b, c, &d, 0x2de92c6f, w4 += sigma1(w2) + w13 + sigma0(w5)); + Round(d, e, f, &g, h, a, b, &c, 0x4a7484aa, w5 += sigma1(w3) + w14 + sigma0(w6)); + Round(c, d, e, &f, g, h, a, &b, 0x5cb0a9dc, w6 += sigma1(w4) + w15 + sigma0(w7)); + Round(b, c, d, &e, f, g, h, &a, 0x76f988da, w7 += sigma1(w5) + w0 + sigma0(w8)); + Round(a, b, c, &d, e, f, g, &h, 0x983e5152, w8 += sigma1(w6) + w1 + sigma0(w9)); + Round(h, a, b, &c, d, e, f, &g, 0xa831c66d, w9 += sigma1(w7) + w2 + sigma0(w10)); + Round(g, h, a, &b, c, d, e, &f, 0xb00327c8, w10 += sigma1(w8) + w3 + sigma0(w11)); + Round(f, g, h, &a, b, c, d, &e, 0xbf597fc7, w11 += sigma1(w9) + w4 + sigma0(w12)); + Round(e, f, g, &h, a, b, c, &d, 0xc6e00bf3, w12 += sigma1(w10) + w5 + sigma0(w13)); + Round(d, e, f, &g, h, a, b, &c, 0xd5a79147, w13 += sigma1(w11) + w6 + sigma0(w14)); + Round(c, d, e, &f, g, h, a, &b, 0x06ca6351, w14 += sigma1(w12) + w7 + sigma0(w15)); + Round(b, c, d, &e, f, g, h, &a, 0x14292967, w15 += sigma1(w13) + w8 + sigma0(w0)); + + Round(a, b, c, &d, e, f, g, &h, 0x27b70a85, w0 += sigma1(w14) + w9 + sigma0(w1)); + Round(h, a, b, &c, d, e, f, &g, 0x2e1b2138, w1 += sigma1(w15) + w10 + sigma0(w2)); + Round(g, h, a, &b, c, d, e, &f, 0x4d2c6dfc, w2 += sigma1(w0) + w11 + sigma0(w3)); + Round(f, g, h, &a, b, c, d, &e, 0x53380d13, w3 += sigma1(w1) + w12 + sigma0(w4)); + Round(e, f, g, &h, a, b, c, &d, 0x650a7354, w4 += sigma1(w2) + w13 + sigma0(w5)); + Round(d, e, f, &g, h, a, b, &c, 0x766a0abb, w5 += sigma1(w3) + w14 + sigma0(w6)); + Round(c, d, e, &f, g, h, a, &b, 0x81c2c92e, w6 += sigma1(w4) + w15 + sigma0(w7)); + Round(b, c, d, &e, f, g, h, &a, 0x92722c85, w7 += sigma1(w5) + w0 + sigma0(w8)); + Round(a, b, c, &d, e, f, g, &h, 0xa2bfe8a1, w8 += sigma1(w6) + w1 + sigma0(w9)); + Round(h, a, b, &c, d, e, f, &g, 0xa81a664b, w9 += sigma1(w7) + w2 + sigma0(w10)); + Round(g, h, a, &b, c, d, e, &f, 0xc24b8b70, w10 += sigma1(w8) + w3 + sigma0(w11)); + Round(f, g, h, &a, b, c, d, &e, 0xc76c51a3, w11 += sigma1(w9) + w4 + sigma0(w12)); + Round(e, f, g, &h, a, b, c, &d, 0xd192e819, w12 += sigma1(w10) + w5 + sigma0(w13)); + Round(d, e, f, &g, h, a, b, &c, 0xd6990624, w13 += sigma1(w11) + w6 + sigma0(w14)); + Round(c, d, e, &f, g, h, a, &b, 0xf40e3585, w14 += sigma1(w12) + w7 + sigma0(w15)); + Round(b, c, d, &e, f, g, h, &a, 0x106aa070, w15 += sigma1(w13) + w8 + sigma0(w0)); + + Round(a, b, c, &d, e, f, g, &h, 0x19a4c116, w0 += sigma1(w14) + w9 + sigma0(w1)); + Round(h, a, b, &c, d, e, f, &g, 0x1e376c08, w1 += sigma1(w15) + w10 + sigma0(w2)); + Round(g, h, a, &b, c, d, e, &f, 0x2748774c, w2 += sigma1(w0) + w11 + sigma0(w3)); + Round(f, g, h, &a, b, c, d, &e, 0x34b0bcb5, w3 += sigma1(w1) + w12 + sigma0(w4)); + Round(e, f, g, &h, a, b, c, &d, 0x391c0cb3, w4 += sigma1(w2) + w13 + sigma0(w5)); + Round(d, e, f, &g, h, a, b, &c, 0x4ed8aa4a, w5 += sigma1(w3) + w14 + sigma0(w6)); + Round(c, d, e, &f, g, h, a, &b, 0x5b9cca4f, w6 += sigma1(w4) + w15 + sigma0(w7)); + Round(b, c, d, &e, f, g, h, &a, 0x682e6ff3, w7 += sigma1(w5) + w0 + sigma0(w8)); + Round(a, b, c, &d, e, f, g, &h, 0x748f82ee, w8 += sigma1(w6) + w1 + sigma0(w9)); + Round(h, a, b, &c, d, e, f, &g, 0x78a5636f, w9 += sigma1(w7) + w2 + sigma0(w10)); + Round(g, h, a, &b, c, d, e, &f, 0x84c87814, w10 += sigma1(w8) + w3 + sigma0(w11)); + Round(f, g, h, &a, b, c, d, &e, 0x8cc70208, w11 += sigma1(w9) + w4 + sigma0(w12)); + Round(e, f, g, &h, a, b, c, &d, 0x90befffa, w12 += sigma1(w10) + w5 + sigma0(w13)); + Round(d, e, f, &g, h, a, b, &c, 0xa4506ceb, w13 += sigma1(w11) + w6 + sigma0(w14)); + Round(c, d, e, &f, g, h, a, &b, 0xbef9a3f7, w14 + sigma1(w12) + w7 + sigma0(w15)); + Round(b, c, d, &e, f, g, h, &a, 0xc67178f2, w15 + sigma1(w13) + w8 + sigma0(w0)); + + s[0] += a; + s[1] += b; + s[2] += c; + s[3] += d; + s[4] += e; + s[5] += f; + s[6] += g; + s[7] += h; +} + +static bool alignment_ok(const void *p, size_t n) +{ +#if HAVE_UNALIGNED_ACCESS + return true; +#else + return ((size_t)p % n == 0); +#endif +} + +static void add(struct sha256_ctx *ctx, const void *p, size_t len) +{ + const unsigned char *data = p; + size_t bufsize = ctx->bytes % 64; + + if (bufsize + len >= 64) { + // Fill the buffer, and process it. + memcpy(ctx->buf.u8 + bufsize, data, 64 - bufsize); + ctx->bytes += 64 - bufsize; + data += 64 - bufsize; + len -= 64 - bufsize; + Transform(ctx->s, ctx->buf.u32); + bufsize = 0; + } + + while (len >= 64) { + // Process full chunks directly from the source. + if (alignment_ok(data, sizeof(uint32_t))) + Transform(ctx->s, (const uint32_t *)data); + else { + memcpy(ctx->buf.u8, data, sizeof(ctx->buf)); + Transform(ctx->s, ctx->buf.u32); + } + ctx->bytes += 64; + data += 64; + len -= 64; + } + + if (len) { + // Fill the buffer with what remains. + memcpy(ctx->buf.u8 + bufsize, data, len); + ctx->bytes += len; + } +} + +void sha256_init(struct sha256_ctx *ctx) +{ + struct sha256_ctx init = SHA256_INIT; + *ctx = init; +} + +void sha256_update_arr(struct sha256_ctx *ctx, const void *p, + size_t num, size_t size) +{ + size_t total = num * size; + + /* Don't overflow. */ + assert(size == 0 || total / size == num); + check_sha256(ctx); + add(ctx, p, total); +} + +void sha256_done(struct sha256_ctx *ctx, struct sha256 *res) +{ + static const unsigned char pad[64] = {0x80}; + uint64_t sizedesc; + size_t i; + + sizedesc = cpu_to_be64(ctx->bytes << 3); + /* Add '1' bit to terminate, then all 0 bits, up to next block - 8. */ + add(ctx, pad, 1 + ((119 - (ctx->bytes % 64)) % 64)); + /* Add number of bits of data (big endian) */ + add(ctx, &sizedesc, 8); + for (i = 0; i < sizeof(ctx->s) / sizeof(ctx->s[0]); i++) + res->u.u32[i] = cpu_to_be32(ctx->s[i]); + invalidate_sha256(ctx); +} +#endif + +void sha256_arr(struct sha256 *sha, const void *p, size_t num, size_t size) +{ + struct sha256_ctx ctx; + + sha256_init(&ctx); + sha256_update_arr(&ctx, p, num, size); + sha256_done(&ctx, sha); +} + +void sha256_u8(struct sha256_ctx *ctx, uint8_t v) +{ + sha256_update_arr(ctx, &v, sizeof(v), 1); +} + +void sha256_u16(struct sha256_ctx *ctx, uint16_t v) +{ + sha256_update_arr(ctx, &v, sizeof(v), 1); +} + +void sha256_u32(struct sha256_ctx *ctx, uint32_t v) +{ + sha256_update_arr(ctx, &v, sizeof(v), 1); +} + +void sha256_u64(struct sha256_ctx *ctx, uint64_t v) +{ + sha256_update_arr(ctx, &v, sizeof(v), 1); +} + +/* Add as little-endian */ +void sha256_le16(struct sha256_ctx *ctx, uint16_t v) +{ + leint16_t lev = cpu_to_le16(v); + sha256_update_arr(ctx, &lev, sizeof(lev), 1); +} + +void sha256_le32(struct sha256_ctx *ctx, uint32_t v) +{ + leint32_t lev = cpu_to_le32(v); + sha256_update_arr(ctx, &lev, sizeof(lev), 1); +} + +void sha256_le64(struct sha256_ctx *ctx, uint64_t v) +{ + leint64_t lev = cpu_to_le64(v); + sha256_update_arr(ctx, &lev, sizeof(lev), 1); +} + +/* Add as big-endian */ +void sha256_be16(struct sha256_ctx *ctx, uint16_t v) +{ + beint16_t bev = cpu_to_be16(v); + sha256_update_arr(ctx, &bev, sizeof(bev), 1); +} + +void sha256_be32(struct sha256_ctx *ctx, uint32_t v) +{ + beint32_t bev = cpu_to_be32(v); + sha256_update_arr(ctx, &bev, sizeof(bev), 1); +} + +void sha256_be64(struct sha256_ctx *ctx, uint64_t v) +{ + beint64_t bev = cpu_to_be64(v); + sha256_update_arr(ctx, &bev, sizeof(bev), 1); +} diff --git a/ccan/crypto/sha256/sha256.h b/ccan/crypto/sha256/sha256.h new file mode 100644 index 00000000..812091a3 --- /dev/null +++ b/ccan/crypto/sha256/sha256.h @@ -0,0 +1,153 @@ +#ifndef CCAN_CRYPTO_SHA256_H +#define CCAN_CRYPTO_SHA256_H +/* BSD-MIT - see LICENSE file for details */ +#include "config.h" +#include +#include + +/* Uncomment this to use openssl's SHA256 routines (and link with -lcrypto) */ +//#define CCAN_CRYPTO_SHA256_USE_OPENSSL 1 + +#ifdef CCAN_CRYPTO_SHA256_USE_OPENSSL +#include +#endif + +/** + * struct sha256 - structure representing a completed SHA256. + * @u.u8: an unsigned char array. + * @u.u32: a 32-bit integer array. + * + * Other fields may be added to the union in future. + */ +struct sha256 { + union { + /* Array of chars */ + unsigned char u8[32]; + /* Array of uint32_t */ + uint32_t u32[8]; + } u; +}; + +/** + * sha256 - return sha256 of an array of bytes. + * @sha256: the sha256 to fill in + * @p: array or pointer to first element + * @num: the number of elements to hash + * + * The bytes pointed to by @p is SHA256 hashes into @sha256. This is + * equivalent to sha256_init(), sha256_update() then sha256_done(). + */ +#define sha256(sha256, p, num) sha256_arr((sha256), (p), (num), sizeof(*(p))) + +/** + * struct sha256_ctx - structure to store running context for sha256 + */ +struct sha256_ctx { +#ifdef CCAN_CRYPTO_SHA256_USE_OPENSSL + SHA256_CTX c; +#else + uint32_t s[8]; + uint64_t bytes; + union { + uint32_t u32[8]; + unsigned char u8[64]; + } buf; +#endif +}; + +/** + * sha256_init - initialize an SHA256 context. + * @ctx: the sha256_ctx to initialize + * + * This must be called before sha256_update or sha256_done, or + * alternately you can assign SHA256_INIT. + * + * If it was already initialized, this forgets anything which was + * hashed before. + * + * Example: + * static void hash_all(const char **arr, struct sha256 *hash) + * { + * size_t i; + * struct sha256_ctx ctx; + * + * sha256_init(&ctx); + * for (i = 0; arr[i]; i++) + * sha256_update(&ctx, arr[i], strlen(arr[i])); + * sha256_done(&ctx, hash); + * } + */ +void sha256_init(struct sha256_ctx *ctx); + +/** + * SHA256_INIT - initializer for an SHA256 context. + * + * This can be used to staticly initialize an SHA256 context (instead + * of sha256_init()). + * + * Example: + * static void hash_all(const char **arr, struct sha256 *hash) + * { + * size_t i; + * struct sha256_ctx ctx = SHA256_INIT; + * + * for (i = 0; arr[i]; i++) + * sha256_update(&ctx, arr[i], strlen(arr[i])); + * sha256_done(&ctx, hash); + * } + */ +#ifdef CCAN_CRYPTO_SHA256_USE_OPENSSL +#define SHA256_INIT \ + { { { 0x6a09e667ul, 0xbb67ae85ul, 0x3c6ef372ul, 0xa54ff53aul, \ + 0x510e527ful, 0x9b05688cul, 0x1f83d9abul, 0x5be0cd19ul }, \ + 0x0, 0x0, \ + { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }, \ + 0x0, 0x20 } } +#else +#define SHA256_INIT \ + { { 0x6a09e667ul, 0xbb67ae85ul, 0x3c6ef372ul, 0xa54ff53aul, \ + 0x510e527ful, 0x9b05688cul, 0x1f83d9abul, 0x5be0cd19ul }, 0 } +#endif + +/** + * sha256_update - include an array of data in the hash. + * @ctx: the sha256_ctx to use + * @p: array or pointer to first element + * @num: the number of elements to hash + * + * You can call this multiple times to hash more data, before calling + * sha256_done(). + */ +#define sha256_update(ctx, p, num) \ + sha256_update_arr((ctx), (p), (num), sizeof(*(p))) + +/** + * sha256_done - finish SHA256 and return the hash + * @ctx: the sha256_ctx to complete + * @res: the hash to return. + * + * Note that @ctx is *destroyed* by this, and must be reinitialized. + * To avoid that, pass a copy instead. + */ +void sha256_done(struct sha256_ctx *sha256, struct sha256 *res); + +/* Add various types to an SHA256 hash */ +void sha256_u8(struct sha256_ctx *ctx, uint8_t v); +void sha256_u16(struct sha256_ctx *ctx, uint16_t v); +void sha256_u32(struct sha256_ctx *ctx, uint32_t v); +void sha256_u64(struct sha256_ctx *ctx, uint64_t v); + +/* Add as little-endian */ +void sha256_le16(struct sha256_ctx *ctx, uint16_t v); +void sha256_le32(struct sha256_ctx *ctx, uint32_t v); +void sha256_le64(struct sha256_ctx *ctx, uint64_t v); + +/* Add as big-endian */ +void sha256_be16(struct sha256_ctx *ctx, uint16_t v); +void sha256_be32(struct sha256_ctx *ctx, uint32_t v); +void sha256_be64(struct sha256_ctx *ctx, uint64_t v); + +void sha256_update_arr(struct sha256_ctx *ctx, const void *p, + size_t num, size_t size); +void sha256_arr(struct sha256 *sha, const void *p, size_t num, size_t size); +#endif /* CCAN_CRYPTO_SHA256_H */ diff --git a/ccan/crypto/sha256/test/run-33-bit-test.c b/ccan/crypto/sha256/test/run-33-bit-test.c new file mode 100644 index 00000000..bde91e1c --- /dev/null +++ b/ccan/crypto/sha256/test/run-33-bit-test.c @@ -0,0 +1,54 @@ +#include +/* Include the C files directly. */ +#include +#include +#include + +/* This is the test introduced for SHA-3, which checks for 33-bit overflow: + "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmno" + 16777216 times. +*/ +static uint32_t expected[] = { + CPU_TO_BE32(0x50e72a0e), CPU_TO_BE32(0x26442fe2), + CPU_TO_BE32(0x552dc393), CPU_TO_BE32(0x8ac58658), + CPU_TO_BE32(0x228c0cbf), CPU_TO_BE32(0xb1d2ca87), + CPU_TO_BE32(0x2ae43526), CPU_TO_BE32(0x6fcd055e) +}; + +/* Produced by actually running the code on x86. */ +static const struct sha256_ctx after_16M_by_64 = { +#ifdef CCAN_CRYPTO_SHA256_USE_OPENSSL + { { LE32_TO_CPU(0x515e3215), LE32_TO_CPU(0x592f4ae0), + LE32_TO_CPU(0xd407a8fc), LE32_TO_CPU(0x1fad409b), + LE32_TO_CPU(0x51fa46cc), LE32_TO_CPU(0xea528ae5), + LE32_TO_CPU(0x5fa58ebb), LE32_TO_CPU(0x8be97931) }, + 0x0, 0x2, + { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }, + 0x0, 0x20 } +#else + { LE32_TO_CPU(0x515e3215), LE32_TO_CPU(0x592f4ae0), + LE32_TO_CPU(0xd407a8fc), LE32_TO_CPU(0x1fad409b), + LE32_TO_CPU(0x51fa46cc), LE32_TO_CPU(0xea528ae5), + LE32_TO_CPU(0x5fa58ebb), LE32_TO_CPU(0x8be97931) }, + 1073741824, + { .u32 = { 0x64636261, 0x68676665, 0x65646362, 0x69686766, + 0x66656463, 0x6a696867, 0x67666564, 0x6b6a6968 } } +#endif +}; + +int main(void) +{ + struct sha256 h; + struct sha256_ctx ctx; + + /* This is how many tests you plan to run */ + plan_tests(1); + + ctx = after_16M_by_64; + sha256_done(&ctx, &h); + + ok1(memcmp(&h.u, expected, sizeof(expected)) == 0); + + /* This exits depending on whether all tests passed */ + return exit_status(); +} diff --git a/ccan/crypto/sha256/test/run-lotsa-data.c b/ccan/crypto/sha256/test/run-lotsa-data.c new file mode 100644 index 00000000..83c88f70 --- /dev/null +++ b/ccan/crypto/sha256/test/run-lotsa-data.c @@ -0,0 +1,23 @@ +#include +/* Include the C files directly. */ +#include +#include + +int main(void) +{ + struct sha256 h, expected; + static const char zeroes[1000]; + size_t i; + + plan_tests(63); + + /* Test different alignments. */ + sha256(&expected, zeroes, sizeof(zeroes) - 64); + for (i = 1; i < 64; i++) { + sha256(&h, zeroes + i, sizeof(zeroes) - 64); + ok1(memcmp(&h, &expected, sizeof(h)) == 0); + } + + /* This exits depending on whether all tests passed */ + return exit_status(); +} diff --git a/ccan/crypto/sha256/test/run-test-vectors.c b/ccan/crypto/sha256/test/run-test-vectors.c new file mode 100644 index 00000000..a64c35e4 --- /dev/null +++ b/ccan/crypto/sha256/test/run-test-vectors.c @@ -0,0 +1,83 @@ +#include +/* Include the C files directly. */ +#include +#include + +/* Test vectors. */ +struct test { + const char *test; + size_t repetitions; + beint32_t result[8]; +}; + +static struct test tests[] = { + { "", 1, + { CPU_TO_BE32(0xe3b0c442), CPU_TO_BE32(0x98fc1c14), + CPU_TO_BE32(0x9afbf4c8), CPU_TO_BE32(0x996fb924), + CPU_TO_BE32(0x27ae41e4), CPU_TO_BE32(0x649b934c), + CPU_TO_BE32(0xa495991b), CPU_TO_BE32(0x7852b855) } }, + { "abc", 1, + { CPU_TO_BE32(0xba7816bf), CPU_TO_BE32(0x8f01cfea), + CPU_TO_BE32(0x414140de), CPU_TO_BE32(0x5dae2223), + CPU_TO_BE32(0xb00361a3), CPU_TO_BE32(0x96177a9c), + CPU_TO_BE32(0xb410ff61), CPU_TO_BE32(0xf20015ad) } }, + { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1, + { CPU_TO_BE32(0x248d6a61), CPU_TO_BE32(0xd20638b8), + CPU_TO_BE32(0xe5c02693), CPU_TO_BE32(0x0c3e6039), + CPU_TO_BE32(0xa33ce459), CPU_TO_BE32(0x64ff2167), + CPU_TO_BE32(0xf6ecedd4), CPU_TO_BE32(0x19db06c1) } }, + { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", 1, + { CPU_TO_BE32(0xcf5b16a7), CPU_TO_BE32(0x78af8380), + CPU_TO_BE32(0x036ce59e), CPU_TO_BE32(0x7b049237), + CPU_TO_BE32(0x0b249b11), CPU_TO_BE32(0xe8f07a51), + CPU_TO_BE32(0xafac4503), CPU_TO_BE32(0x7afee9d1) } }, + { "a", 1000000, + { CPU_TO_BE32(0xcdc76e5c), CPU_TO_BE32(0x9914fb92), + CPU_TO_BE32(0x81a1c7e2), CPU_TO_BE32(0x84d73e67), + CPU_TO_BE32(0xf1809a48), CPU_TO_BE32(0xa497200e), + CPU_TO_BE32(0x046d39cc), CPU_TO_BE32(0xc7112cd0) } } +#if 0 /* Good test, but takes ages! */ + , { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmno", 16777216, + { CPU_TO_BE32(0x50e72a0e), CPU_TO_BE32(0x26442fe2), + CPU_TO_BE32(0x552dc393), CPU_TO_BE32(0x8ac58658), + CPU_TO_BE32(0x228c0cbf), CPU_TO_BE32(0xb1d2ca87), + CPU_TO_BE32(0x2ae43526), CPU_TO_BE32(0x6fcd055e) } } +#endif +}; + +static bool do_test(const struct test *t, bool single) +{ + struct sha256 h; + + if (single) { + if (t->repetitions != 1) + return true; + sha256(&h, t->test, strlen(t->test)); + } else { + struct sha256_ctx ctx = SHA256_INIT; + size_t i; + + for (i = 0; i < t->repetitions; i++) + sha256_update(&ctx, t->test, strlen(t->test)); + sha256_done(&ctx, &h); + } + + return memcmp(&h.u, t->result, sizeof(t->result)) == 0; +} + +int main(void) +{ + size_t i; + + /* This is how many tests you plan to run */ + plan_tests(sizeof(tests) / sizeof(struct test) * 2); + + for (i = 0; i < sizeof(tests) / sizeof(struct test); i++) + ok1(do_test(&tests[i], false)); + + for (i = 0; i < sizeof(tests) / sizeof(struct test); i++) + ok1(do_test(&tests[i], true)); + + /* This exits depending on whether all tests passed */ + return exit_status(); +} diff --git a/ccan/crypto/sha256/test/run-types.c b/ccan/crypto/sha256/test/run-types.c new file mode 100644 index 00000000..02b2f7a8 --- /dev/null +++ b/ccan/crypto/sha256/test/run-types.c @@ -0,0 +1,63 @@ +#include +/* Include the C files directly. */ +#include +#include + +static unsigned char arr[] = { + 0x12, +#if HAVE_BIG_ENDIAN + /* u16 */ + 0x12, 0x34, + /* u32 */ + 0x12, 0x34, 0x56, 0x78, + /* u64 */ + 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, +#else + /* u16 */ + 0x34, 0x12, + /* u32 */ + 0x78, 0x56, 0x34, 0x12, + /* u64 */ + 0xf0, 0xde, 0xbc, 0x9a, 0x78, 0x56, 0x34, 0x12, +#endif + /* le16 */ + 0x34, 0x12, + /* le32 */ + 0x78, 0x56, 0x34, 0x12, + /* le64 */ + 0xf0, 0xde, 0xbc, 0x9a, 0x78, 0x56, 0x34, 0x12, + /* be16 */ + 0x12, 0x34, + /* be32 */ + 0x12, 0x34, 0x56, 0x78, + /* be64 */ + 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0 +}; + +int main(void) +{ + struct sha256 h, expected; + struct sha256_ctx ctx; + + /* This is how many tests you plan to run */ + plan_tests(1); + + sha256_init(&ctx); + sha256_u8(&ctx, 0x12); + sha256_u16(&ctx, 0x1234); + sha256_u32(&ctx, 0x12345678); + sha256_u64(&ctx, 0x123456789abcdef0ULL); + sha256_le16(&ctx, 0x1234); + sha256_le32(&ctx, 0x12345678); + sha256_le64(&ctx, 0x123456789abcdef0ULL); + sha256_be16(&ctx, 0x1234); + sha256_be32(&ctx, 0x12345678); + sha256_be64(&ctx, 0x123456789abcdef0ULL); + sha256_done(&ctx, &h); + + sha256(&expected, arr, sizeof(arr)); + ok1(memcmp(&h, &expected, sizeof(h)) == 0); + + /* This exits depending on whether all tests passed */ + return exit_status(); +} -- 2.39.2