Implement SHA-512 truncated (224 and 256 bits)

This implements SHA-512/256, which generates a 256 bit hash by calculating the SHA-512 then truncating the result. A different initial value is used, making the result different from the first 256 bits of the SHA-512 of the same input. SHA-512 is ~50% faster than SHA-256 on 64bit platforms, so the result is a faster 256 bit hash. The main goal of this implementation is to enable support for this faster hashing algorithm in ZFS. The feature was introduced into ZFS in r289422, but is disconnected because SHA-512/256 support was missing. A further commit will enable it in ZFS. This is the follow on to r292782 Reviewed by: cem Sponsored by: ScaleEngine Inc. Differential Revision: https://reviews.freebsd.org/D6061
author: allanjude <allanjude@FreeBSD.org> 2016-05-28 16:06:07 +0000
committer: allanjude <allanjude@FreeBSD.org> 2016-05-28 16:06:07 +0000
commit: 4581e38971cdd62b178bbed2066ac8c3b0ec5499 (patch)
tree: fb7b8495c2429cb7c5e5287882efd1fd12bb6120 /lib/libmd
parent: 15f895037c82da771c558cbbda75c3ae7f309e15 (diff)
download: FreeBSD-src-4581e38971cdd62b178bbed2066ac8c3b0ec5499.zip
FreeBSD-src-4581e38971cdd62b178bbed2066ac8c3b0ec5499.tar.gz
3 files changed, 76 insertions, 10 deletions
diff --git a/lib/libmd/Makefile b/lib/libmd/Makefile
index bde4fb5..111a9f4 100644
--- a/lib/libmd/Makefile
+++ b/lib/libmd/Makefile
@@ -9,8 +9,8 @@ SRCS=	md4c.c md5c.c md4hl.c md5hl.c \
 	sha0c.c sha0hl.c sha1c.c sha1hl.c \
 	sha256c.c sha256hl.c \
 	sha384hl.c \
-	sha512c.c sha512hl.c
-INCS=	md4.h md5.h ripemd.h sha.h sha256.h sha384.h sha512.h
+	sha512c.c sha512hl.c sha512thl.c
+INCS=	md4.h md5.h ripemd.h sha.h sha256.h sha384.h sha512.h sha512t.h
 
 WARNS?=	0
 
@@ -43,11 +43,15 @@ MLINKS+=sha512.3 SHA512_Init.3  sha512.3 SHA512_Update.3
 MLINKS+=sha512.3 SHA512_Final.3 sha512.3 SHA512_End.3
 MLINKS+=sha512.3 SHA512_File.3  sha512.3 SHA512_FileChunk.3
 MLINKS+=sha512.3 SHA512_Data.3
+MLINKS+=sha512.3 SHA512_256_Init.3  sha512.3 SHA512_256_Update.3
+MLINKS+=sha512.3 SHA512_256_Final.3 sha512.3 SHA512_256_End.3
+MLINKS+=sha512.3 SHA512_256_File.3  sha512.3 SHA512_256_FileChunk.3
+MLINKS+=sha512.3 SHA512_256_Data.3
 CLEANFILES+=	md[245]hl.c md[245].ref md[245].3 mddriver \
 		rmd160.ref rmd160hl.c rmddriver \
 		sha0.ref sha0hl.c sha1.ref sha1hl.c shadriver \
 		sha256.ref sha256hl.c sha384hl.c sha384.ref \
-		sha512.ref sha512hl.c
+		sha512.ref sha512hl.c sha512t256.ref sha512thl.c
 
 # Define WEAK_REFS to provide weak aliases for libmd symbols
 #
@@ -107,6 +111,13 @@ sha512hl.c: mdXhl.c
 			-e  's/SHA512__/SHA512_/g' \
 		${.ALLSRC}) > ${.TARGET}
 
+sha512thl.c: mdXhl.c
+	(echo '#define LENGTH 32'; \
+		sed -e 's/mdX/sha512t/g' -e 's/MDX/SHA512_256_/g'	\
+			-e  's/SHA512_256__/SHA512_256_/g' \
+			-e 's/SHA512_256_CTX/SHA512_CTX/g' \
+		${.ALLSRC}) > ${.TARGET}
+
 rmd160hl.c: mdXhl.c
 	(echo '#define LENGTH 20'; \
 		sed -e 's/mdX/ripemd/g' -e 's/MDX/RIPEMD160_/g' \
@@ -211,6 +222,21 @@ sha512.ref:
 	@echo 'SHA-512 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \
 		'72ec1ef1124a45b047e8b7c75a932195135bb61de24ec0d1914042246e0aec3a2354e093d76f3048b456764346900cb130d2a4fd5dd16abb5e30bcb850dee843' >> ${.TARGET}
 
+sha512t256.ref:
+	echo 'SHA-512256 test suite:' > ${.TARGET}
+	@echo 'SHA-512256 ("") =' \
+		'c672b8d1ef56ed28ab87c3622c5114069bdd3ad7b8f9737498d0c01ecef0967a' >> ${.TARGET}
+	@echo 'SHA-512256 ("abc") =' \
+		'53048e2681941ef99b2e29b76b4c7dabe4c2d0c634fc6d46e0e2f13107e7af23' >> ${.TARGET}
+	@echo 'SHA-512256 ("message digest") =' \
+		'0cf471fd17ed69d990daf3433c89b16d63dec1bb9cb42a6094604ee5d7b4e9fb' >> ${.TARGET}
+	@echo 'SHA-512256 ("abcdefghijklmnopqrstuvwxyz") =' \
+		'fc3189443f9c268f626aea08a756abe7b726b05f701cb08222312ccfd6710a26' >> ${.TARGET}
+	@echo 'SHA-512256 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \
+		'cdf1cc0effe26ecc0c13758f7b4a48e000615df241284185c39eb05d355bb9c8' >> ${.TARGET}
+	@echo 'SHA-512256 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \
+		'2c9fdbc0c90bdd87612ee8455474f9044850241dc105b1e8b94b8ddf5fac9148' >> ${.TARGET}
+
 rmd160.ref:
 	echo 'RIPEMD160 test suite:' > ${.TARGET}
 	@echo 'RIPEMD160 ("") = 9c1185a5c5e9fc54612808977ee8f548b2258d31' >> ${.TARGET}
@@ -225,7 +251,7 @@ rmd160.ref:
 		'9b752e45573d4b39f4dbd3323cab82bf63326bfb' >> ${.TARGET}
 
 test:	md4.ref md5.ref sha0.ref rmd160.ref sha1.ref sha256.ref sha384.ref \
-		sha512.ref
+		sha512.ref sha512t256.ref
 	@${ECHO} if any of these test fail, the code produces wrong results
 	@${ECHO} and should NOT be used.
 	${CC} ${CFLAGS} ${LDFLAGS} -DMD=4 -o mddriver ${.CURDIR}/mddriver.c libmd.a
@@ -254,6 +280,9 @@ test:	md4.ref md5.ref sha0.ref rmd160.ref sha1.ref sha256.ref sha384.ref \
 	${CC} ${CFLAGS} ${LDFLAGS} -DSHA=512 -o shadriver ${.CURDIR}/shadriver.c libmd.a
 	./shadriver | cmp sha512.ref -
 	@${ECHO} SHA-512 passed test
+	${CC} ${CFLAGS} ${LDFLAGS} -DSHA=512256 -o shadriver ${.CURDIR}/shadriver.c libmd.a
+	./shadriver | cmp sha512t256.ref -
+	@${ECHO} SHA-512t256 passed test
 	-rm -f shadriver
 
 .include <bsd.lib.mk>
diff --git a/lib/libmd/sha512.3 b/lib/libmd/sha512.3
index d6b3aaf..2eb5850 100644
--- a/lib/libmd/sha512.3
+++ b/lib/libmd/sha512.3
@@ -9,7 +9,7 @@
 .\" 	From: Id: mdX.3,v 1.14 1999/02/11 20:31:49 wollman Exp
 .\" $FreeBSD$
 .\"
-.Dd October 17, 2015
+.Dd April 22, 2016
 .Dt SHA512 3
 .Os
 .Sh NAME
@@ -26,7 +26,14 @@
 .Nm SHA384_End ,
 .Nm SHA384_File ,
 .Nm SHA384_FileChunk ,
-.Nm SHA384_Data
+.Nm SHA384_Data,
+.Nm SHA512_256_Init ,
+.Nm SHA512_256_Update ,
+.Nm SHA512_256_Final ,
+.Nm SHA512_256_End ,
+.Nm SHA512_256_File ,
+.Nm SHA512_256_FileChunk ,
+.Nm SHA512_256_Data
 .Nd calculate the FIPS 180-4 ``SHA-512'' family of message digests
 .Sh LIBRARY
 .Lb libmd
@@ -47,6 +54,7 @@
 .Fn SHA512_FileChunk "const char *filename" "char *buf" "off_t offset" "off_t length"
 .Ft "char *"
 .Fn SHA512_Data "const unsigned char *data" "unsigned int len" "char *buf"
+.In sha384.h
 .Ft void
 .Fn SHA384_Init "SHA384_CTX *context"
 .Ft void
@@ -61,6 +69,21 @@
 .Fn SHA384_FileChunk "const char *filename" "char *buf" "off_t offset" "off_t length"
 .Ft "char *"
 .Fn SHA384_Data "const unsigned char *data" "unsigned int len" "char *buf"
+.In sha512t.h
+.Ft void
+.Fn SHA512_256_Init "SHA512_CTX *context"
+.Ft void
+.Fn SHA512_256_Update "SHA512_CTX *context" "const unsigned char *data" "size_t len"
+.Ft void
+.Fn SHA512_256_Final "unsigned char digest[32]" "SHA512_CTX *context"
+.Ft "char *"
+.Fn SHA512_256_End "SHA512_CTX *context" "char *buf"
+.Ft "char *"
+.Fn SHA512_256_File "const char *filename" "char *buf"
+.Ft "char *"
+.Fn SHA512_256_FileChunk "const char *filename" "char *buf" "off_t offset" "off_t length"
+.Ft "char *"
+.Fn SHA512_256_Data "const unsigned char *data" "unsigned int len" "char *buf"
 .Sh DESCRIPTION
 The
 .Li SHA512_
@@ -92,7 +115,7 @@ and finally extract the result using
 .Fn SHA512_End
 is a wrapper for
 .Fn SHA512_Final
-which converts the return value to a 65-character
+which converts the return value to a 129-character
 (including the terminating '\e0')
 .Tn ASCII
 string which represents the 512 bits in hexadecimal.
@@ -139,22 +162,32 @@ and subsequently must be explicitly deallocated using
 after use.
 If the
 .Fa buf
-argument is non-null it must point to at least 65 characters of buffer space.
+argument is non-null it must point to at least 129 characters of buffer space.
 .Pp
 The
 .Li SHA384_
+and
+.Li SHA512_256_
 functions are identical to the
 .Li SHA512_
 functions except they use a different initial hash value and the output is
-truncated to 384 bits.
+truncated to 384 bits and 256 bits respectively.
 .Pp
 .Fn SHA384_End
 is a wrapper for
 .Fn SHA384_Final
-which converts the return value to a 49-character
+which converts the return value to a 97-character
 (including the terminating '\e0')
 .Tn ASCII
 string which represents the 384 bits in hexadecimal.
+.Pp
+.Fn SHA512_256_End
+is a wrapper for
+.Fn SHA512_Final
+which converts the return value to a 65-character
+(including the terminating '\e0')
+.Tn ASCII
+string which represents the 256 bits in hexadecimal.
 .Sh SEE ALSO
 .Xr md4 3 ,
 .Xr md5 3 ,
diff --git a/lib/libmd/shadriver.c b/lib/libmd/shadriver.c
index e7e7b5d..b643f96 100644
--- a/lib/libmd/shadriver.c
+++ b/lib/libmd/shadriver.c
@@ -24,6 +24,7 @@ __FBSDID("$FreeBSD$");
 #include "sha256.h"
 #include "sha384.h"
 #include "sha512.h"
+#include "sha512t.h"
 
 /* The following makes SHA default to SHA-1 if it has not already been
  * defined with C compiler flags. */
@@ -43,6 +44,9 @@ __FBSDID("$FreeBSD$");
 #elif SHA == 512
 #undef SHA_Data
 #define SHA_Data SHA512_Data
+#elif SHA == 512256
+#undef SHA_Data
+#define SHA_Data SHA512_256_Data
 #endif
 
 /* Digests a string and prints the result. */
author	allanjude <allanjude@FreeBSD.org>	2016-05-28 16:06:07 +0000
committer	allanjude <allanjude@FreeBSD.org>	2016-05-28 16:06:07 +0000
commit	4581e38971cdd62b178bbed2066ac8c3b0ec5499 (patch)
tree	fb7b8495c2429cb7c5e5287882efd1fd12bb6120 /lib/libmd
parent	15f895037c82da771c558cbbda75c3ae7f309e15 (diff)
download	FreeBSD-src-4581e38971cdd62b178bbed2066ac8c3b0ec5499.zip FreeBSD-src-4581e38971cdd62b178bbed2066ac8c3b0ec5499.tar.gz