diff options
author | allanjude <allanjude@FreeBSD.org> | 2016-05-28 16:06:07 +0000 |
---|---|---|
committer | allanjude <allanjude@FreeBSD.org> | 2016-05-28 16:06:07 +0000 |
commit | 4581e38971cdd62b178bbed2066ac8c3b0ec5499 (patch) | |
tree | fb7b8495c2429cb7c5e5287882efd1fd12bb6120 /sbin/md5 | |
parent | 15f895037c82da771c558cbbda75c3ae7f309e15 (diff) | |
download | FreeBSD-src-4581e38971cdd62b178bbed2066ac8c3b0ec5499.zip FreeBSD-src-4581e38971cdd62b178bbed2066ac8c3b0ec5499.tar.gz |
Implement SHA-512 truncated (224 and 256 bits)
This implements SHA-512/256, which generates a 256 bit hash by
calculating the SHA-512 then truncating the result. A different initial
value is used, making the result different from the first 256 bits of
the SHA-512 of the same input. SHA-512 is ~50% faster than SHA-256 on
64bit platforms, so the result is a faster 256 bit hash.
The main goal of this implementation is to enable support for this
faster hashing algorithm in ZFS. The feature was introduced into ZFS
in r289422, but is disconnected because SHA-512/256 support was missing.
A further commit will enable it in ZFS.
This is the follow on to r292782
Reviewed by: cem
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D6061
Diffstat (limited to 'sbin/md5')
-rw-r--r-- | sbin/md5/Makefile | 6 | ||||
-rw-r--r-- | sbin/md5/md5.1 | 24 | ||||
-rw-r--r-- | sbin/md5/md5.c | 16 |
3 files changed, 39 insertions, 7 deletions
diff --git a/sbin/md5/Makefile b/sbin/md5/Makefile index 6b65172..9940215 100644 --- a/sbin/md5/Makefile +++ b/sbin/md5/Makefile @@ -8,13 +8,15 @@ LINKS= ${BINDIR}/md5 ${BINDIR}/rmd160 \ ${BINDIR}/md5 ${BINDIR}/sha1 \ ${BINDIR}/md5 ${BINDIR}/sha256 \ ${BINDIR}/md5 ${BINDIR}/sha384 \ - ${BINDIR}/md5 ${BINDIR}/sha512 + ${BINDIR}/md5 ${BINDIR}/sha512 \ + ${BINDIR}/md5 ${BINDIR}/sha512t256 MLINKS= md5.1 rmd160.1 \ md5.1 sha1.1 \ md5.1 sha256.1 \ md5.1 sha384.1 \ - md5.1 sha512.1 + md5.1 sha512.1 \ + md5.1 sha512t256.1 LIBADD= md diff --git a/sbin/md5/md5.1 b/sbin/md5/md5.1 index 94cdf84..6fa0393 100644 --- a/sbin/md5/md5.1 +++ b/sbin/md5/md5.1 @@ -1,9 +1,9 @@ .\" $FreeBSD$ -.Dd October 17, 2015 +.Dd April 22, 2016 .Dt MD5 1 .Os .Sh NAME -.Nm md5 , sha1 , sha256 , sha384 , sha512, rmd160 +.Nm md5 , sha1 , sha256 , sha384 , sha512, sha512t256, rmd160 .Nd calculate a message-digest fingerprint (checksum) for a file .Sh SYNOPSIS .Nm md5 @@ -31,6 +31,11 @@ .Op Fl c Ar string .Op Fl s Ar string .Op Ar +.Nm sha512t256 +.Op Fl pqrtx +.Op Fl c Ar string +.Op Fl s Ar string +.Op Ar .Nm rmd160 .Op Fl pqrtx .Op Fl c Ar string @@ -38,7 +43,7 @@ .Op Ar .Sh DESCRIPTION The -.Nm md5 , sha1 , sha256 , sha384 , sha512 +.Nm md5 , sha1 , sha256 , sha384 , sha512, sha512t256 and .Nm rmd160 utilities take as input a message of arbitrary length and produce as @@ -78,8 +83,17 @@ found which is faster than a brute-force search, placing the security of .Tn SHA-1 in doubt. .Pp -It is recommended that all new applications use +.Tn SHA-512t256 +is a version of +.Tn SHA-512 +truncated to only 256 bits. +On 64-bit hardware, this algorithm is approximately 50% faster than .Tn SHA-256 +but with the same level of security. +The hashes are not interchangeable. +.Pp +It is recommended that all new applications use +.Tn SHA-512 instead of one of the other hash functions. .Pp The following options may be used in any combination and must @@ -114,7 +128,7 @@ Run a built-in test script. .El .Sh EXIT STATUS The -.Nm md5 , sha1 , sha256 , sha512 +.Nm md5 , sha1 , sha256 , sha512, sha512t256 and .Nm rmd160 utilities exit 0 on success, diff --git a/sbin/md5/md5.c b/sbin/md5/md5.c index 1172f25..4f9792b 100644 --- a/sbin/md5/md5.c +++ b/sbin/md5/md5.c @@ -30,6 +30,7 @@ __FBSDID("$FreeBSD$"); #include <sha256.h> #include <sha384.h> #include <sha512.h> +#include <sha512t.h> #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -58,6 +59,7 @@ extern const char *SHA1_TestOutput[MDTESTCOUNT]; extern const char *SHA256_TestOutput[MDTESTCOUNT]; extern const char *SHA384_TestOutput[MDTESTCOUNT]; extern const char *SHA512_TestOutput[MDTESTCOUNT]; +extern const char *SHA512t256_TestOutput[MDTESTCOUNT]; extern const char *RIPEMD160_TestOutput[MDTESTCOUNT]; typedef struct Algorithm_t { @@ -110,6 +112,9 @@ static const struct Algorithm_t Algorithm[] = { { "sha512", "SHA512", &SHA512_TestOutput, (DIGEST_Init*)&SHA512_Init, (DIGEST_Update*)&SHA512_Update, (DIGEST_End*)&SHA512_End, &SHA512_Data, &SHA512_File }, + { "sha512t256", "SHA512t256", &SHA512t256_TestOutput, (DIGEST_Init*)&SHA512_256_Init, + (DIGEST_Update*)&SHA512_256_Update, (DIGEST_End*)&SHA512_256_End, + &SHA512_256_Data, &SHA512_256_File }, { "rmd160", "RMD160", &RIPEMD160_TestOutput, (DIGEST_Init*)&RIPEMD160_Init, (DIGEST_Update*)&RIPEMD160_Update, (DIGEST_End*)&RIPEMD160_End, &RIPEMD160_Data, &RIPEMD160_File } @@ -355,6 +360,17 @@ const char *SHA512_TestOutput[MDTESTCOUNT] = { "e8a835195e039708b13d9131e025f4441dbdc521ce625f245a436dcd762f54bf5cb298d96235e6c6a304e087ec8189b9512cbdf6427737ea82793460c367b9c3" }; +const char *SHA512t256_TestOutput[MDTESTCOUNT] = { + "c672b8d1ef56ed28ab87c3622c5114069bdd3ad7b8f9737498d0c01ecef0967a", + "455e518824bc0601f9fb858ff5c37d417d67c2f8e0df2babe4808858aea830f8", + "53048e2681941ef99b2e29b76b4c7dabe4c2d0c634fc6d46e0e2f13107e7af23", + "0cf471fd17ed69d990daf3433c89b16d63dec1bb9cb42a6094604ee5d7b4e9fb", + "fc3189443f9c268f626aea08a756abe7b726b05f701cb08222312ccfd6710a26", + "cdf1cc0effe26ecc0c13758f7b4a48e000615df241284185c39eb05d355bb9c8", + "2c9fdbc0c90bdd87612ee8455474f9044850241dc105b1e8b94b8ddf5fac9148", + "dd095fc859b336c30a52548b3dc59fcc0d1be8616ebcf3368fad23107db2d736" +}; + const char *RIPEMD160_TestOutput[MDTESTCOUNT] = { "9c1185a5c5e9fc54612808977ee8f548b2258d31", "0bdc9d2d256b3ee9daae347be6f4dc835a467ffe", |