From 2c697a472b2bbb8d5c68f6cf381e5cf91ed149b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dag-Erling=20Sm=C3=B8rgrav?= Date: Fri, 11 Jul 2014 13:33:58 +0000 Subject: [PATCH] Implement SHA-224 and HMAC-SHA224. --- include/cryb/Makefile.am | 2 + include/cryb/hmac.h | 1 + include/cryb/hmac_sha224.h | 55 ++++++ include/cryb/sha224.h | 90 +++++++++ lib/digest/Makefile.am | 1 + lib/digest/sha224.c | 387 +++++++++++++++++++++++++++++++++++++ lib/mac/Makefile.am | 1 + lib/mac/hmac_sha224.c | 108 +++++++++++ t/Makefile.am | 14 +- t/t_hmac_sha224.c | 197 +++++++++++++++++++ t/t_sha224.c | 277 ++++++++++++++++++++++++++ t/t_sha256.c | 8 +- 12 files changed, 1133 insertions(+), 8 deletions(-) create mode 100644 include/cryb/hmac_sha224.h create mode 100644 include/cryb/sha224.h create mode 100644 lib/digest/sha224.c create mode 100644 lib/mac/hmac_sha224.c create mode 100644 t/t_hmac_sha224.c create mode 100644 t/t_sha224.c diff --git a/include/cryb/Makefile.am b/include/cryb/Makefile.am index 0906c24..a24968d 100644 --- a/include/cryb/Makefile.am +++ b/include/cryb/Makefile.am @@ -9,6 +9,7 @@ cryb_HEADERS = \ digest.h \ hmac.h \ hmac_sha1.h \ + hmac_sha224.h \ hmac_sha256.h \ hmac_sha384.h \ hmac_sha512.h \ @@ -25,6 +26,7 @@ cryb_HEADERS = \ rfc4648.h \ sha.h \ sha1.h \ + sha224.h \ sha256.h \ sha384.h \ sha512.h \ diff --git a/include/cryb/hmac.h b/include/cryb/hmac.h index 21cae7c..5307424 100644 --- a/include/cryb/hmac.h +++ b/include/cryb/hmac.h @@ -33,6 +33,7 @@ #define CRYB_HMAC_H_INCLUDED #include +#include #include #include #include diff --git a/include/cryb/hmac_sha224.h b/include/cryb/hmac_sha224.h new file mode 100644 index 0000000..5432054 --- /dev/null +++ b/include/cryb/hmac_sha224.h @@ -0,0 +1,55 @@ +/*- + * Copyright (c) 2012-2014 The University of Oslo + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Cryb$ + */ + +#ifndef CRYB_HMAC_SHA224_H_INCLUDED +#define CRYB_HMAC_SHA224_H_INCLUDED + +#include + +#define HMAC_SHA224_MAC_LEN 28 + +#define hmac_sha224_ctx cryb_hmac_sha224_ctx +#define hmac_sha224_init cryb_hmac_sha224_init +#define hmac_sha224_update cryb_hmac_sha224_update +#define hmac_sha224_final cryb_hmac_sha224_final +#define hmac_sha224_complete cryb_hmac_sha224_complete + +typedef struct { + sha224_ctx ictx; + sha224_ctx octx; +} hmac_sha224_ctx; + +void hmac_sha224_init(hmac_sha224_ctx *, const void *, size_t); +void hmac_sha224_update(hmac_sha224_ctx *, const void *, size_t); +void hmac_sha224_final(hmac_sha224_ctx *, void *); +void hmac_sha224_complete(const void *, size_t, const void *, size_t, void *); + +#endif diff --git a/include/cryb/sha224.h b/include/cryb/sha224.h new file mode 100644 index 0000000..77e4179 --- /dev/null +++ b/include/cryb/sha224.h @@ -0,0 +1,90 @@ +/*- + * Copyright (c) 2005-2013 Colin Percival + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Cryb$ + */ + +#ifndef CRYB_SHA224_H_INCLUDED +#define CRYB_SHA224_H_INCLUDED + +#include + +#define SHA224_BLOCK_LEN 64 +#define SHA224_DIGEST_LEN 28 + +/* + * Use #defines in order to avoid namespace collisions with anyone else's + * SHA224 code (e.g., the code in OpenSSL). + */ +#define sha224_digest cryb_sha224_digest +#define sha224_ctx cryb_sha224_ctx +#define sha224_init cryb_sha224_init +#define sha224_update cryb_sha224_update +#define sha224_final cryb_sha224_final +#define sha224_complete cryb_sha224_complete + +extern digest_algorithm sha224_digest; + +/* Context structure for SHA224 operations. */ +typedef struct { + uint32_t state[8]; + uint64_t count; + uint8_t buf[64]; +} sha224_ctx; + +/** + * sha224_init(ctx): + * Initialize the SHA224 context ${ctx}. + */ +void sha224_init(sha224_ctx *); + +/** + * sha224_update(ctx, in, len): + * Input ${len} bytes from ${in} into the SHA224 context ${ctx}. + */ +void sha224_update(sha224_ctx *, const void *, size_t); + +/** + * sha224_final(ctx, digest): + * Output the SHA224 hash of the data input to the context ${ctx} into the + * buffer ${digest}. + */ +void sha224_final(sha224_ctx *, uint8_t[SHA224_DIGEST_LEN]); + +/** + * sha224_complete(in, len, digest): + * Compute the SHA224 hash of ${len} bytes from $in} and write it to ${digest}. + */ +void sha224_complete(const void *, size_t, uint8_t[SHA224_DIGEST_LEN]); + +/** + * PBKDF2_SHA224(passwd, passwdlen, salt, saltlen, c, buf, dkLen): + * Compute PBKDF2(passwd, salt, c, dkLen) using HMAC-SHA224 as the PRF, and + * write the output to buf. The value dkLen must be at most 32 * (2^32 - 1). + */ +void pbkdf2_sha224(const uint8_t *, size_t, const uint8_t *, size_t, + uint64_t, uint8_t *, size_t); + +#endif diff --git a/lib/digest/Makefile.am b/lib/digest/Makefile.am index 401f1b3..ed80f15 100644 --- a/lib/digest/Makefile.am +++ b/lib/digest/Makefile.am @@ -9,6 +9,7 @@ libcryb_digest_la_SOURCES = \ md4.c \ md5.c \ sha1.c \ + sha224.c \ sha256.c \ sha384.c \ sha512.c diff --git a/lib/digest/sha224.c b/lib/digest/sha224.c new file mode 100644 index 0000000..d87ec5c --- /dev/null +++ b/lib/digest/sha224.c @@ -0,0 +1,387 @@ +/*- + * Copyright (c) 2005-2013 Colin Percival + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Cryb$ + */ + +#include "cryb/impl.h" + +#ifdef HAVE_SYS_ENDIAN_H +#include +#endif + +#ifdef HAVE_ENDIAN_H +#define _BSD_SOURCE +#include +#endif + +#include +#include + +#include + +/* + * Encode a length len/4 vector of (uint32_t) into a length len vector of + * (uint8_t) in big-endian form. Assumes len is a multiple of 4. + */ +static void +be32enc_vect(uint8_t *dst, const uint32_t *src, size_t len) +{ + size_t i; + + for (i = 0; i < len / 4; i++) + be32enc(dst + i * 4, src[i]); +} + +/* + * Decode a big-endian length len vector of (uint8_t) into a length + * len/4 vector of (uint32_t). Assumes len is a multiple of 4. + */ +static void +be32dec_vect(uint32_t *dst, const uint8_t *src, size_t len) +{ + size_t i; + + for (i = 0; i < len / 4; i++) + dst[i] = be32dec(src + i * 4); +} + +/* Elementary functions used by SHA224 */ +#define Ch(x, y, z) ((x & (y ^ z)) ^ z) +#define Maj(x, y, z) ((x & (y | z)) | (y & z)) +#define SHR(x, n) (x >> n) +#define ROTR(x, n) ((x >> n) | (x << (32 - n))) +#define S0(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) +#define S1(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) +#define s0(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ SHR(x, 3)) +#define s1(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ SHR(x, 10)) + +/* SHA224 round function */ +#define RND(a, b, c, d, e, f, g, h, k) \ + t0 = h + S1(e) + Ch(e, f, g) + k; \ + t1 = S0(a) + Maj(a, b, c); \ + d += t0; \ + h = t0 + t1; + +/* Adjusted round function for rotating state */ +#define RNDr(S, W, i, k) \ + RND(S[(64 - i) % 8], S[(65 - i) % 8], \ + S[(66 - i) % 8], S[(67 - i) % 8], \ + S[(68 - i) % 8], S[(69 - i) % 8], \ + S[(70 - i) % 8], S[(71 - i) % 8], \ + W[i] + k) + +/* + * SHA224 block compression function. The 256-bit state is transformed via + * the 512-bit input block to produce a new state. + */ +static void +sha224_Transform(uint32_t * state, const uint8_t block[64]) +{ + uint32_t W[64]; + uint32_t S[8]; + uint32_t t0, t1; + int i; + + /* 1. Prepare message schedule W. */ + be32dec_vect(W, block, 64); + for (i = 16; i < 64; i++) + W[i] = s1(W[i - 2]) + W[i - 7] + s0(W[i - 15]) + W[i - 16]; + + /* 2. Initialize working variables. */ + memcpy(S, state, 32); + + /* 3. Mix. */ + RNDr(S, W, 0, 0x428a2f98); + RNDr(S, W, 1, 0x71374491); + RNDr(S, W, 2, 0xb5c0fbcf); + RNDr(S, W, 3, 0xe9b5dba5); + RNDr(S, W, 4, 0x3956c25b); + RNDr(S, W, 5, 0x59f111f1); + RNDr(S, W, 6, 0x923f82a4); + RNDr(S, W, 7, 0xab1c5ed5); + RNDr(S, W, 8, 0xd807aa98); + RNDr(S, W, 9, 0x12835b01); + RNDr(S, W, 10, 0x243185be); + RNDr(S, W, 11, 0x550c7dc3); + RNDr(S, W, 12, 0x72be5d74); + RNDr(S, W, 13, 0x80deb1fe); + RNDr(S, W, 14, 0x9bdc06a7); + RNDr(S, W, 15, 0xc19bf174); + RNDr(S, W, 16, 0xe49b69c1); + RNDr(S, W, 17, 0xefbe4786); + RNDr(S, W, 18, 0x0fc19dc6); + RNDr(S, W, 19, 0x240ca1cc); + RNDr(S, W, 20, 0x2de92c6f); + RNDr(S, W, 21, 0x4a7484aa); + RNDr(S, W, 22, 0x5cb0a9dc); + RNDr(S, W, 23, 0x76f988da); + RNDr(S, W, 24, 0x983e5152); + RNDr(S, W, 25, 0xa831c66d); + RNDr(S, W, 26, 0xb00327c8); + RNDr(S, W, 27, 0xbf597fc7); + RNDr(S, W, 28, 0xc6e00bf3); + RNDr(S, W, 29, 0xd5a79147); + RNDr(S, W, 30, 0x06ca6351); + RNDr(S, W, 31, 0x14292967); + RNDr(S, W, 32, 0x27b70a85); + RNDr(S, W, 33, 0x2e1b2138); + RNDr(S, W, 34, 0x4d2c6dfc); + RNDr(S, W, 35, 0x53380d13); + RNDr(S, W, 36, 0x650a7354); + RNDr(S, W, 37, 0x766a0abb); + RNDr(S, W, 38, 0x81c2c92e); + RNDr(S, W, 39, 0x92722c85); + RNDr(S, W, 40, 0xa2bfe8a1); + RNDr(S, W, 41, 0xa81a664b); + RNDr(S, W, 42, 0xc24b8b70); + RNDr(S, W, 43, 0xc76c51a3); + RNDr(S, W, 44, 0xd192e819); + RNDr(S, W, 45, 0xd6990624); + RNDr(S, W, 46, 0xf40e3585); + RNDr(S, W, 47, 0x106aa070); + RNDr(S, W, 48, 0x19a4c116); + RNDr(S, W, 49, 0x1e376c08); + RNDr(S, W, 50, 0x2748774c); + RNDr(S, W, 51, 0x34b0bcb5); + RNDr(S, W, 52, 0x391c0cb3); + RNDr(S, W, 53, 0x4ed8aa4a); + RNDr(S, W, 54, 0x5b9cca4f); + RNDr(S, W, 55, 0x682e6ff3); + RNDr(S, W, 56, 0x748f82ee); + RNDr(S, W, 57, 0x78a5636f); + RNDr(S, W, 58, 0x84c87814); + RNDr(S, W, 59, 0x8cc70208); + RNDr(S, W, 60, 0x90befffa); + RNDr(S, W, 61, 0xa4506ceb); + RNDr(S, W, 62, 0xbef9a3f7); + RNDr(S, W, 63, 0xc67178f2); + + /* 4. Mix local working variables into global state. */ + for (i = 0; i < 8; i++) + state[i] += S[i]; + + /* Clean the stack. */ + memset(W, 0, 256); + memset(S, 0, 32); + t0 = t1 = 0; +} + +static uint8_t PAD[64] = { + 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 +}; + +/* Add padding and terminating bit-count. */ +static void +sha224_pad(sha224_ctx * ctx) +{ + uint8_t len[8]; + uint32_t r, plen; + + /* + * Convert length to a vector of bytes -- we do this now rather + * than later because the length will change after we pad. + */ + be64enc(len, ctx->count); + + /* Add 1--64 bytes so that the resulting length is 56 mod 64. */ + r = (ctx->count >> 3) & 0x3f; + plen = (r < 56) ? (56 - r) : (120 - r); + sha224_update(ctx, PAD, (size_t)plen); + + /* Add the terminating bit-count. */ + sha224_update(ctx, len, 8); +} + +/** + * sha224_init(ctx): + * Initialize the SHA224 context ${ctx}. + */ +void +sha224_init(sha224_ctx * ctx) +{ + + /* Zero bits processed so far. */ + ctx->count = 0; + + /* Magic initialization constants. */ + ctx->state[0] = 0xc1059ed8; + ctx->state[1] = 0x367cd507; + ctx->state[2] = 0x3070dd17; + ctx->state[3] = 0xf70e5939; + ctx->state[4] = 0xffc00b31; + ctx->state[5] = 0x68581511; + ctx->state[6] = 0x64f98fa7; + ctx->state[7] = 0xbefa4fa4; +} + +/** + * sha224_update(ctx, in, len): + * Input ${len} bytes from ${in} into the SHA224 context ${ctx}. + */ +void +sha224_update(sha224_ctx * ctx, const void *in, size_t len) +{ + uint32_t r; + const uint8_t *src = in; + + /* Return immediately if we have nothing to do. */ + if (len == 0) + return; + + /* Number of bytes left in the buffer from previous updates. */ + r = (ctx->count >> 3) & 0x3f; + + /* Update number of bits. */ + ctx->count += (uint64_t)(len) << 3; + + /* Handle the case where we don't need to perform any transforms. */ + if (len < 64 - r) { + memcpy(&ctx->buf[r], src, len); + return; + } + + /* Finish the current block. */ + memcpy(&ctx->buf[r], src, 64 - r); + sha224_Transform(ctx->state, ctx->buf); + src += 64 - r; + len -= 64 - r; + + /* Perform complete blocks. */ + while (len >= 64) { + sha224_Transform(ctx->state, src); + src += 64; + len -= 64; + } + + /* Copy left over data into buffer. */ + memcpy(ctx->buf, src, len); +} + +/** + * sha224_final(ctx, digest): + * Output the SHA224 hash of the data input to the context ${ctx} into the + * buffer ${digest}. + */ +void +sha224_final(sha224_ctx * ctx, uint8_t digest[SHA224_DIGEST_LEN]) +{ + + /* Add padding. */ + sha224_pad(ctx); + + /* Write the hash. */ + be32enc_vect(digest, ctx->state, SHA224_DIGEST_LEN); + + /* Clear the context state. */ + memset((void *)ctx, 0, sizeof(*ctx)); +} + +/** + * sha224_complete(in, len, digest): + * Compute the SHA224 hash of ${len} bytes from $in} and write it to ${digest}. + */ +void +sha224_complete(const void * in, size_t len, uint8_t digest[SHA224_DIGEST_LEN]) +{ + sha224_ctx ctx; + + sha224_init(&ctx); + sha224_update(&ctx, in, len); + sha224_final(&ctx, digest); +} + +#if 0 +/** + * PBKDF2_SHA224(passwd, passwdlen, salt, saltlen, c, buf, dkLen): + * Compute PBKDF2(passwd, salt, c, dkLen) using HMAC-SHA224 as the PRF, and + * write the output to buf. The value dkLen must be at most 32 * (2^32 - 1). + */ +void +pbkdf2_sha224(const uint8_t * passwd, size_t passwdlen, const uint8_t * salt, + size_t saltlen, uint64_t c, uint8_t * buf, size_t dkLen) +{ + hmac_sha224_ctx PShctx, hctx; + size_t i; + uint8_t ivec[4]; + uint8_t U[SHA224_DIGEST_LEN]; + uint8_t T[SHA224_DIGEST_LEN]; + uint64_t j; + unsigned int k; + size_t clen; + + /* Compute HMAC state after processing P and S. */ + hmac_sha224_init(&PShctx, passwd, passwdlen); + hmac_sha224_update(&PShctx, salt, saltlen); + + /* Iterate through the blocks. */ + for (i = 0; i * 32 < dkLen; i++) { + /* Generate INT(i + 1). */ + be32enc(ivec, (uint32_t)(i + 1)); + + /* Compute U_1 = PRF(P, S || INT(i)). */ + memcpy(&hctx, &PShctx, sizeof(hmac_sha224_ctx)); + hmac_sha224_update(&hctx, ivec, 4); + hmac_sha224_final(&hctx, U); + + /* T_i = U_1 ... */ + memcpy(T, U, sizeof T); + + for (j = 2; j <= c; j++) { + /* Compute U_j. */ + hmac_sha224_init(&hctx, passwd, passwdlen); + hmac_sha224_update(&hctx, U, 32); + hmac_sha224_final(&hctx, U); + + /* ... xor U_j ... */ + for (k = 0; k < sizeof T; k++) + T[k] ^= U[k]; + } + + /* Copy as many bytes as necessary into buf. */ + clen = dkLen - i * 32; + if (clen > 32) + clen = 32; + memcpy(&buf[i * 32], T, clen); + } + + /* Clean PShctx, since we never called _final on it. */ + memset(&PShctx, 0, sizeof(hmac_sha224_ctx)); +} +#endif + +digest_algorithm sha224_digest = { + .name = "sha224", + .contextlen = sizeof sha224_digest, + .blocklen = SHA224_BLOCK_LEN, + .digestlen = SHA224_DIGEST_LEN, + .init = (digest_init_func)sha224_init, + .update = (digest_update_func)sha224_update, + .final = (digest_final_func)sha224_final, + .complete = (digest_complete_func)sha224_complete, +}; diff --git a/lib/mac/Makefile.am b/lib/mac/Makefile.am index 8243974..59c7dbb 100644 --- a/lib/mac/Makefile.am +++ b/lib/mac/Makefile.am @@ -6,6 +6,7 @@ lib_LTLIBRARIES = libcryb-mac.la libcryb_mac_la_SOURCES = \ hmac_sha1.c \ + hmac_sha224.c \ hmac_sha256.c \ hmac_sha384.c \ hmac_sha512.c diff --git a/lib/mac/hmac_sha224.c b/lib/mac/hmac_sha224.c new file mode 100644 index 0000000..0098738 --- /dev/null +++ b/lib/mac/hmac_sha224.c @@ -0,0 +1,108 @@ +/*- + * Copyright (c) 2012 The University of Oslo + * Copyright (c) 2012 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * Author: Dag-Erling Smørgrav + * Sponsor: the University of Oslo + * + * $Cryb$ + */ + +#include "cryb/impl.h" + +#ifdef HAVE_SYS_ENDIAN_H +#include +#endif + +#ifdef HAVE_ENDIAN_H +#define _BSD_SOURCE +#include +#endif + +#include +#include + +#include + +void +hmac_sha224_init(hmac_sha224_ctx *ctx, const void *key, size_t keylen) +{ + uint8_t keybuf[SHA224_BLOCK_LEN], pad[SHA224_BLOCK_LEN]; + + /* prepare key */ + memset(keybuf, 0, sizeof keybuf); + if (keylen > sizeof keybuf) + sha224_complete(key, keylen, keybuf); + else + memcpy(keybuf, key, keylen); + + /* input pad */ + for (unsigned int i = 0; i < sizeof pad; ++i) + pad[i] = 0x36 ^ keybuf[i]; + sha224_init(&ctx->ictx); + sha224_update(&ctx->ictx, pad, sizeof pad); + + /* output pad */ + for (unsigned int i = 0; i < sizeof pad; ++i) + pad[i] = 0x5c ^ keybuf[i]; + sha224_init(&ctx->octx); + sha224_update(&ctx->octx, pad, sizeof pad); + + /* hide the evidence */ + memset(keybuf, 0, sizeof keybuf); + memset(pad, 0, sizeof pad); +} + +void +hmac_sha224_update(hmac_sha224_ctx *ctx, const void *buf, size_t len) +{ + + sha224_update(&ctx->ictx, buf, len); +} + +void +hmac_sha224_final(hmac_sha224_ctx *ctx, void *mac) +{ + uint8_t digest[SHA224_DIGEST_LEN]; + + sha224_final(&ctx->ictx, digest); + sha224_update(&ctx->octx, digest, sizeof digest); + sha224_final(&ctx->octx, mac); + memset(ctx, 0, sizeof *ctx); +} + +void +hmac_sha224_complete(const void *key, size_t keylen, + const void *buf, size_t len, void *mac) +{ + hmac_sha224_ctx ctx; + + hmac_sha224_init(&ctx, key, keylen); + hmac_sha224_update(&ctx, buf, len); + hmac_sha224_final(&ctx, mac); +} diff --git a/t/Makefile.am b/t/Makefile.am index f569e37..4a06a45 100644 --- a/t/Makefile.am +++ b/t/Makefile.am @@ -61,15 +61,18 @@ t_md5_rsaref_CFLAGS = $(RSAREF_INCLUDES) $(RSAREF_CFLAGS) t_md5_rsaref_LDADD = $(RSAREF_LDADD) endif -TESTS += t_sha1 t_sha256 t_sha384 t_sha512 +TESTS += t_sha1 t_sha224 t_sha256 t_sha384 t_sha512 if WITH_OPENSSL -TESTS += t_sha1_openssl t_sha256_openssl t_sha384_openssl t_sha512_openssl +TESTS += t_sha1_openssl t_sha224_openssl t_sha256_openssl t_sha384_openssl t_sha512_openssl t_sha1_openssl_SOURCES = t_sha1.c t_sha1_openssl_CFLAGS = $(OPENSSL_INCLUDES) $(OPENSSL_CFLAGS) t_sha1_openssl_LDADD = $(OPENSSL_LDADD) t_sha256_openssl_SOURCES = t_sha256.c t_sha256_openssl_CFLAGS = $(OPENSSL_INCLUDES) $(OPENSSL_CFLAGS) t_sha256_openssl_LDADD = $(OPENSSL_LDADD) +t_sha224_openssl_SOURCES = t_sha224.c +t_sha224_openssl_CFLAGS = $(OPENSSL_INCLUDES) $(OPENSSL_CFLAGS) +t_sha224_openssl_LDADD = $(OPENSSL_LDADD) t_sha384_openssl_SOURCES = t_sha384.c t_sha384_openssl_CFLAGS = $(OPENSSL_INCLUDES) $(OPENSSL_CFLAGS) t_sha384_openssl_LDADD = $(OPENSSL_LDADD) @@ -79,15 +82,18 @@ t_sha512_openssl_LDADD = $(OPENSSL_LDADD) endif # libcryb-mac -TESTS += t_hmac_sha1 t_hmac_sha256 t_hmac_sha384 t_hmac_sha512 +TESTS += t_hmac_sha1 t_hmac_sha224 t_hmac_sha256 t_hmac_sha384 t_hmac_sha512 if WITH_OPENSSL -TESTS += t_hmac_sha1_openssl t_hmac_sha256_openssl t_hmac_sha384_openssl t_hmac_sha512_openssl +TESTS += t_hmac_sha1_openssl t_hmac_sha224_openssl t_hmac_sha256_openssl t_hmac_sha384_openssl t_hmac_sha512_openssl t_hmac_sha1_openssl_SOURCES = t_hmac_sha1.c t_hmac_sha1_openssl_CFLAGS = $(OPENSSL_INCLUDES) $(OPENSSL_CFLAGS) t_hmac_sha1_openssl_LDADD = $(OPENSSL_LDADD) t_hmac_sha256_openssl_SOURCES = t_hmac_sha256.c t_hmac_sha256_openssl_CFLAGS = $(OPENSSL_INCLUDES) $(OPENSSL_CFLAGS) t_hmac_sha256_openssl_LDADD = $(OPENSSL_LDADD) +t_hmac_sha224_openssl_SOURCES = t_hmac_sha224.c +t_hmac_sha224_openssl_CFLAGS = $(OPENSSL_INCLUDES) $(OPENSSL_CFLAGS) +t_hmac_sha224_openssl_LDADD = $(OPENSSL_LDADD) t_hmac_sha384_openssl_SOURCES = t_hmac_sha384.c t_hmac_sha384_openssl_CFLAGS = $(OPENSSL_INCLUDES) $(OPENSSL_CFLAGS) t_hmac_sha384_openssl_LDADD = $(OPENSSL_LDADD) diff --git a/t/t_hmac_sha224.c b/t/t_hmac_sha224.c new file mode 100644 index 0000000..7337ea2 --- /dev/null +++ b/t/t_hmac_sha224.c @@ -0,0 +1,197 @@ +/*- + * Copyright (c) 2012 The University of Oslo + * Copyright (c) 2012 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * Author: Dag-Erling Smørgrav + * Sponsor: the University of Oslo + * + * $Cryb$ + */ + +#include "cryb/impl.h" + +#include +#include +#include +#include +#include + +#include "t.h" + +#if WITH_OPENSSL + +#include +#include + +#define HMAC_SHA224_MAC_LEN 32 + +static void +t_hmac_sha224_complete(const void *key, size_t keylen, + const void *msg, size_t msglen, uint8_t *mac) +{ + HMAC_CTX ctx; + + HMAC_CTX_init(&ctx); + HMAC_Init_ex(&ctx, key, keylen, EVP_sha224(), NULL); + HMAC_Update(&ctx, msg, msglen); + HMAC_Final(&ctx, mac, NULL); + HMAC_CTX_cleanup(&ctx); +} + +#else + +#include +#include + +#define t_hmac_sha224_complete(key, keylen, msg, msglen, mac) \ + hmac_sha224_complete(key, keylen, msg, msglen, mac) + +#endif + +/* + * Test vectors from NIST CSRC + * http://csrc.nist.gov/groups/ST/toolkit/examples.html + */ +static struct t_vector { + const char *desc; + const uint8_t *key; + size_t keylen; + const char *msg; + const uint8_t mac[HMAC_SHA224_MAC_LEN]; +} t_hmac_sha224_vectors[] = { + { + "zero-length key, zero-length message", + t_zero, + 0, + "", + { + 0x5c, 0xe1, 0x4f, 0x72, 0x89, 0x46, 0x62, 0x21, + 0x3e, 0x27, 0x48, 0xd2, 0xa6, 0xba, 0x23, 0x4b, + 0x74, 0x26, 0x39, 0x10, 0xce, 0xdd, 0xe2, 0xf5, + 0xa9, 0x27, 0x15, 0x24, + }, + }, + { + "NIST CSRC example 1 (64-byte key)", + t_seq8, + 64, + "Sample message for keylen=blocklen", + { + 0xc7, 0x40, 0x5e, 0x3a, 0xe0, 0x58, 0xe8, 0xcd, + 0x30, 0xb0, 0x8b, 0x41, 0x40, 0x24, 0x85, 0x81, + 0xed, 0x17, 0x4c, 0xb3, 0x4e, 0x12, 0x24, 0xbc, + 0xc1, 0xef, 0xc8, 0x1b, + }, + }, + { + "NIST CSRC example 2 (28-byte key)", + t_seq8, + 28, + "Sample message for keylenblocklen */ + "Sample message for keylen=blocklen", + { + 0x91, 0xc5, 0x25, 0x09, 0xe5, 0xaf, 0x85, 0x31, + 0x60, 0x1a, 0xe6, 0x23, 0x00, 0x99, 0xd9, 0x0b, + 0xef, 0x88, 0xaa, 0xef, 0xb9, 0x61, 0xf4, 0x08, + 0x0a, 0xbc, 0x01, 0x4d, + }, + }, + { + "NIST CSRC example 4 (49-byte key)", + t_seq8, + 49, + "Sample message for keylenkey, vector->keylen, + (const uint8_t *)vector->msg, strlen(vector->msg), + mac); + if (memcmp(mac, vector->mac, HMAC_SHA224_MAC_LEN) != 0) { + t_verbose("expected "); + t_verbose_hex(vector->mac, HMAC_SHA224_MAC_LEN); + t_verbose("\n"); + t_verbose("got "); + t_verbose_hex(mac, HMAC_SHA224_MAC_LEN); + t_verbose("\n"); + return (0); + } + return (1); +} + + +/*************************************************************************** + * Boilerplate + */ + +int +t_prepare(int argc, char *argv[]) +{ + int i, n; + + (void)argc; + (void)argv; + n = sizeof t_hmac_sha224_vectors / sizeof t_hmac_sha224_vectors[0]; + for (i = 0; i < n; ++i) + t_add_test(t_hmac_sha224_vector, &t_hmac_sha224_vectors[i], + t_hmac_sha224_vectors[i].desc); + return (0); +} + +void +t_cleanup(void) +{ +} diff --git a/t/t_sha224.c b/t/t_sha224.c new file mode 100644 index 0000000..97d85aa --- /dev/null +++ b/t/t_sha224.c @@ -0,0 +1,277 @@ +/*- + * Copyright (c) 2012 The University of Oslo + * Copyright (c) 2012-2014 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * Author: Dag-Erling Smørgrav + * Sponsor: the University of Oslo + * + * $Cryb$ + */ + +#include "cryb/impl.h" + +#include +#include +#include +#include +#include +#include + +#include "t.h" + +#if WITH_OPENSSL + +#include + +#define SHA224_DIGEST_LEN SHA224_DIGEST_LENGTH + +static void +t_sha224_complete(const void *msg, size_t msglen, uint8_t *digest) +{ + SHA256_CTX ctx; + + SHA224_Init(&ctx); + SHA224_Update(&ctx, msg, msglen); + SHA224_Final(digest, &ctx); +} + +#else + +#include + +#define t_sha224_complete(msg, msglen, digest) \ + sha224_complete(msg, msglen, digest) + +#endif + +/* + * Test vectors from NIST CSRC + * http://csrc.nist.gov/groups/ST/toolkit/examples.html + */ +static struct t_vector { + const char *desc; + const char *msg; + const uint8_t digest[SHA224_DIGEST_LEN]; +} t_sha224_vectors[] = { + { + "zero-length message", + "", + { + 0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9, + 0x47, 0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4, + 0x15, 0xa2, 0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a, + 0xc5, 0xb3, 0xe4, 0x2f, + } + }, + { + "One-block message", + "abc", + { + 0x23, 0x09, 0x7d, 0x22, 0x34, 0x05, 0xd8, 0x22, + 0x86, 0x42, 0xa4, 0x77, 0xbd, 0xa2, 0x55, 0xb3, + 0x2a, 0xad, 0xbc, 0xe4, 0xbd, 0xa0, 0xb3, 0xf7, + 0xe3, 0x6c, 0x9d, 0xa7, + } + }, + { + /* + * This message is *just* long enough to necessitate a + * second block, which consists entirely of padding. + */ + "Two-block message", + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", + { + 0x75, 0x38, 0x8b, 0x16, 0x51, 0x27, 0x76, 0xcc, + 0x5d, 0xba, 0x5d, 0xa1, 0xfd, 0x89, 0x01, 0x50, + 0xb0, 0xc6, 0x45, 0x5c, 0xb4, 0xf5, 0x8b, 0x19, + 0x52, 0x52, 0x25, 0x25, + } + }, + { + /* + * 1,000,000 x 'a', filled in by t_prepare() + */ + "Long message", + NULL, + { + 0x20, 0x79, 0x46, 0x55, 0x98, 0x0c, 0x91, 0xd8, + 0xbb, 0xb4, 0xc1, 0xea, 0x97, 0x61, 0x8a, 0x4b, + 0xf0, 0x3f, 0x42, 0x58, 0x19, 0x48, 0xb2, 0xee, + 0x4e, 0xe7, 0xad, 0x67, + }, + }, + { + /* + * One of the MD5 test vectors, included for the "short + * update" test. + */ + "\"1234567890\"x8", + "1234567890123456789012345678901234567890" + "1234567890123456789012345678901234567890", + { + 0xb5, 0x0a, 0xec, 0xbe, 0x4e, 0x9b, 0xb0, 0xb5, + 0x7b, 0xc5, 0xf3, 0xae, 0x76, 0x0a, 0x8e, 0x01, + 0xdb, 0x24, 0xf2, 0x03, 0xfb, 0x3c, 0xdc, 0xd1, + 0x31, 0x48, 0x04, 0x6e, + }, + }, +}; + +/* + * Unit test: compute the SHA224 sum of the specified string and compare it + * to the expected result. + */ +static int +t_sha224_vector(char **desc CRYB_UNUSED, void *arg) +{ + struct t_vector *vector = (struct t_vector *)arg; + uint8_t digest[SHA224_DIGEST_LEN]; + char *msg; + + if (vector->msg) { + t_sha224_complete(vector->msg, strlen(vector->msg), digest); + } else { + /* special case for FIPS test vector 3 */ + if ((msg = malloc(1000000)) == NULL) + err(1, "malloc()"); + memset(msg, 'a', 1000000); + t_sha224_complete(msg, 1000000, digest); + free(msg); + } + if (memcmp(digest, vector->digest, SHA224_DIGEST_LEN) != 0) { + t_verbose("expected "); + t_verbose_hex(vector->digest, SHA224_DIGEST_LEN); + t_verbose("\n"); + t_verbose("got "); + t_verbose_hex(digest, SHA224_DIGEST_LEN); + t_verbose("\n"); + return (0); + } + return (1); +} + + +#if !defined(WITH_OPENSSL) && !defined(WITH_RSAREF) +/* + * Various corner cases and error conditions + */ +static int +t_sha224_short_updates(char **desc CRYB_UNUSED, void *arg) +{ + struct t_vector *vector = (struct t_vector *)arg; + uint8_t digest[SHA224_DIGEST_LEN]; + sha224_ctx ctx; + int i, len; + + sha224_init(&ctx); + len = strlen(vector->msg); + for (i = 0; i + 5 < len; i += 5) + sha224_update(&ctx, vector->msg + i, 5); + sha224_update(&ctx, vector->msg + i, len - i); + sha224_final(&ctx, digest); + return (memcmp(digest, vector->digest, SHA224_DIGEST_LEN) == 0); +} +#endif + +/* + * Performance test: measure the time spent computing the SHA224 sum of a + * message of the specified length. + */ +#define T_PERF_ITERATIONS 1000 +static int +t_sha224_perf(char **desc, void *arg) +{ + struct timespec ts, te; + unsigned long ns; + uint8_t digest[SHA224_DIGEST_LEN]; + char *msg, *comment; + size_t msglen = *(size_t *)arg; + + if ((msg = calloc(1, msglen)) == NULL) + err(1, "calloc()"); + clock_gettime(CLOCK_MONOTONIC_PRECISE, &ts); + for (int i = 0; i < T_PERF_ITERATIONS; ++i) + t_sha224_complete(msg, msglen, digest); + clock_gettime(CLOCK_MONOTONIC_PRECISE, &te); + free(msg); + ns = te.tv_sec * 1000000000LU + te.tv_nsec; + ns -= ts.tv_sec * 1000000000LU + ts.tv_nsec; + asprintf(&comment, "%zu bytes: %d iterations in %'lu ns", + msglen, T_PERF_ITERATIONS, ns); + if (comment == NULL) + err(1, "asprintf()"); + *desc = comment; + return (1); +} + + +/*************************************************************************** + * Boilerplate + */ + +int +t_prepare(int argc, char *argv[]) +{ + int i, n; + + (void)argc; + (void)argv; + n = sizeof t_sha224_vectors / sizeof t_sha224_vectors[0]; + for (i = 0; i < n; ++i) + t_add_test(t_sha224_vector, &t_sha224_vectors[i], + t_sha224_vectors[i].desc); +#if !defined(WITH_OPENSSL) && !defined(WITH_RSAREF) + /* + * Run test vector 5 (md5 test vector 7, which is 80 characters + * long) 5 characters at a time. This tests a) appending data to + * an underfull block and b) appending more data to an underfull + * block than it has room for (since 64 % 5 != 0). Test vector 4 + * and 5 already exercised the code path for computing a block + * directly from source (without copying it in), and all the test + * vectors except vector 1 exercised the general case of copying a + * small amount of data in without crossing the block boundary. + */ + t_add_test(t_sha224_short_updates, &t_sha224_vectors[4], + "multiple short updates"); +#endif + if (getenv("CRYB_PERFTEST")) { + static size_t one = 1, thousand = 1000, million = 1000000; + t_add_test(t_sha224_perf, &one, + "performance test (1 byte)"); + t_add_test(t_sha224_perf, &thousand, + "performance test (1,000 bytes)"); + t_add_test(t_sha224_perf, &million, + "performance test (1,000,000 bytes)"); + } + return (0); +} + +void +t_cleanup(void) +{ +} diff --git a/t/t_sha256.c b/t/t_sha256.c index 898b557..abfecae 100644 --- a/t/t_sha256.c +++ b/t/t_sha256.c @@ -81,7 +81,7 @@ static struct t_vector { 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, - 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55, + 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55, } }, { @@ -133,7 +133,7 @@ static struct t_vector { 0xf3, 0x71, 0xbc, 0x4a, 0x31, 0x1f, 0x2b, 0x00, 0x9e, 0xef, 0x95, 0x2d, 0xd8, 0x3c, 0xa8, 0x0e, 0x2b, 0x60, 0x02, 0x6c, 0x8e, 0x93, 0x55, 0x92, - 0xd0, 0xf9, 0xc3, 0x08, 0x45, 0x3c, 0x81, 0x3e, + 0xd0, 0xf9, 0xc3, 0x08, 0x45, 0x3c, 0x81, 0x3e, }, }, }; @@ -184,12 +184,12 @@ t_sha256_short_updates(char **desc CRYB_UNUSED, void *arg) sha256_ctx ctx; int i, len; - sha256_init(&ctx); + sha256_init(&ctx); len = strlen(vector->msg); for (i = 0; i + 5 < len; i += 5) sha256_update(&ctx, vector->msg + i, 5); sha256_update(&ctx, vector->msg + i, len - i); - sha256_final(&ctx, digest); + sha256_final(&ctx, digest); return (memcmp(digest, vector->digest, SHA256_DIGEST_LEN) == 0); } #endif