Integrate SHA2-224 with userspace components

The double compilation of the kernel sources in libmd and libcrypt is baffling, but add yet another define hack to prevent duplicate symbols. Add documentation and SHA2-224 test cases to libmd. Integrate with the md5(1) command, document, and add more test cases; self-tests pass.
svn path=/head/; revision=336126
2024-07-21 18:27:22 +00:00 · 2018-07-09 08:19:04 +00:00 · 2018-07-09 08:19:04 +00:00 · 8ff3cdd1b5 · 2020-12-20 02:59:44 +00:00
parent c4729f6e89
commit 8ff3cdd1b5
7 changed files with 96 additions and 62 deletions
--- a/lib/libcrypt/Makefile
+++ b/lib/libcrypt/Makefile
@ -31,6 +31,7 @@ CFLAGS+=	-I${.CURDIR} -DHAS_DES -DHAS_BLOWFISH

 .for sym in MD4Init MD4Final MD4Update MD4Pad \
 	    MD5Init MD5Final MD5Update MD5Pad \
+	    SHA224_Init SHA224_Final SHA224_Update \
 	    SHA256_Init SHA256_Final SHA256_Update \
 	    SHA512_224_Init SHA512_224_Final SHA512_224_Update \
 	    SHA512_256_Init SHA512_256_Final SHA512_256_Update \
--- a/lib/libmd/Makefile
+++ b/lib/libmd/Makefile
@ -7,13 +7,13 @@ SHLIBDIR?= /lib
 SRCS=	md4c.c md5c.c md4hl.c md5hl.c \
 	rmd160c.c rmd160hl.c \
 	sha0c.c sha0hl.c sha1c.c sha1hl.c \
-	sha256c.c sha256hl.c \
+	sha224hl.c sha256c.c sha256hl.c \
 	sha384hl.c \
 	sha512c.c sha512hl.c sha512thl.c \
 	skein.c skein_block.c \
 	skein256hl.c skein512hl.c skein1024hl.c
-INCS=	md4.h md5.h ripemd.h sha.h sha256.h sha384.h sha512.h sha512t.h \
-	skein.h skein_port.h skein_freebsd.h skein_iv.h
+INCS=	md4.h md5.h ripemd.h sha.h sha224.h sha256.h sha384.h sha512.h \
+	sha512t.h skein.h skein_port.h skein_freebsd.h skein_iv.h

 WARNS?=	0

@ -34,6 +34,10 @@ MLINKS+=sha.3 SHA_Data.3
 MLINKS+=sha.3 SHA1_Init.3 sha.3 SHA1_Update.3 sha.3 SHA1_Final.3
 MLINKS+=sha.3 SHA1_End.3  sha.3 SHA1_File.3   sha.3 SHA1_FileChunk.3
 MLINKS+=sha.3 SHA1_Data.3
+MLINKS+=sha256.3 SHA224_Init.3  sha256.3 SHA224_Update.3
+MLINKS+=sha256.3 SHA224_Final.3 sha256.3 SHA224_End.3
+MLINKS+=sha256.3 SHA224_File.3  sha256.3 SHA224_FileChunk.3
+MLINKS+=sha256.3 SHA224_Data.3
 MLINKS+=sha256.3 SHA256_Init.3  sha256.3 SHA256_Update.3
 MLINKS+=sha256.3 SHA256_Final.3 sha256.3 SHA256_End.3
 MLINKS+=sha256.3 SHA256_File.3  sha256.3 SHA256_FileChunk.3
@ -66,7 +70,8 @@ MLINKS+=skein.3 SKEIN1024_Data.3  skein.3 skein1024.3
 CLEANFILES+=	md[245]hl.c md[245].ref md[245].3 mddriver \
 		rmd160.ref rmd160hl.c rmddriver \
 		sha0.ref sha0hl.c sha1.ref sha1hl.c shadriver \
-		sha256.ref sha256hl.c sha384hl.c sha384.ref \
+		sha224.ref sha256.ref sha224hl.c sha256hl.c \
+		sha384hl.c sha384.ref \
 		sha512.ref sha512hl.c sha512t256.ref sha512thl.c \
 		skein256hl.c skein512hl.c skein1024hl.c \
 		skein256.ref skein512.ref skein1024.ref \
@ -130,6 +135,12 @@ sha1hl.c: mdXhl.c
 		sed -e 's/mdX/sha/g' -e 's/MDX/SHA1_/g' -e 's/SHA1__/SHA1_/g' \
 		${.ALLSRC}) > ${.TARGET}

+sha224hl.c: mdXhl.c
+	(echo '#define LENGTH 28'; \
+		sed -e 's/mdX/sha224/g' -e 's/MDX/SHA224_/g'	\
+			-e  's/SHA224__/SHA224_/g' \
+		${.ALLSRC}) > ${.TARGET}
+
 sha256hl.c: mdXhl.c
 	(echo '#define LENGTH 32'; \
 		sed -e 's/mdX/sha256/g' -e 's/MDX/SHA256_/g'	\
@ -234,6 +245,20 @@ sha1.ref:
 	@echo 'SHA-1 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \
 		'50abf5706a150990a08b2c5ea40fa0e585554732' >> ${.TARGET}

+sha224.ref:
+	echo 'SHA-224 test suite:' > ${.TARGET}
+	@echo 'SHA-224 ("") = d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f' >> ${.TARGET}
+	@echo 'SHA-224 ("abc") =' \
+		'23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7' >> ${.TARGET}
+	@echo 'SHA-224 ("message digest") =' \
+		'2cb21c83ae2f004de7e81c3c7019cbcb65b71ab656b22d6d0c39b8eb' >> ${.TARGET}
+	@echo 'SHA-224 ("abcdefghijklmnopqrstuvwxyz") =' \
+		'45a5f72c39c5cff2522eb3429799e49e5f44b356ef926bcf390dccc2' >> ${.TARGET}
+	@echo 'SHA-224 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \
+		'bff72b4fcb7d75e5632900ac5f90d219e05e97a7bde72e740db393d9' >> ${.TARGET}
+	@echo 'SHA-224 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \
+		'b50aecbe4e9bb0b57bc5f3ae760a8e01db24f203fb3cdcd13148046e' >> ${.TARGET}
+
 sha256.ref:
 	echo 'SHA-256 test suite:' > ${.TARGET}
 	@echo 'SHA-256 ("") = e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855' >> ${.TARGET}
@ -349,7 +374,7 @@ skein1024.ref:
 	@echo 'SKEIN1024 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \
 		'cf21a613620e6c119eca31fdfaad449a8e02f95ca256c21d2a105f8e4157048f9fe1e897893ea18b64e0e37cb07d5ac947f27ba544caf7cbc1ad094e675aed77a366270f7eb7f46543bccfa61c526fd628408058ed00ed566ac35a9761d002e629c4fb0d430b2f4ad016fcc49c44d2981c4002da0eecc42144160e2eaea4855a' >> ${.TARGET}

-test:	md4.ref md5.ref sha0.ref rmd160.ref sha1.ref sha256.ref sha384.ref \
+test:	md4.ref md5.ref sha0.ref rmd160.ref sha1.ref sha224.ref sha256.ref sha384.ref \
 		sha512.ref sha512t256.ref skein256.ref skein512.ref skein1024.ref
 	@${ECHO} if any of these test fail, the code produces wrong results
 	@${ECHO} and should NOT be used.
@ -370,6 +395,9 @@ test:	md4.ref md5.ref sha0.ref rmd160.ref sha1.ref sha256.ref sha384.ref \
 	${CC} ${CFLAGS} ${LDFLAGS} -DSHA=1 -o shadriver ${.CURDIR}/shadriver.c libmd.a
 	./shadriver | cmp sha1.ref -
 	@${ECHO} SHA-1 passed test
+	${CC} ${CFLAGS} ${LDFLAGS} -DSHA=224 -o shadriver ${.CURDIR}/shadriver.c libmd.a
+	./shadriver | cmp sha224.ref -
+	@${ECHO} SHA-224 passed test
 	${CC} ${CFLAGS} ${LDFLAGS} -DSHA=256 -o shadriver ${.CURDIR}/shadriver.c libmd.a
 	./shadriver | cmp sha256.ref -
 	@${ECHO} SHA-256 passed test
--- a/lib/libmd/sha256.3
+++ b/lib/libmd/sha256.3
@ -9,10 +9,17 @@
 .\" 	From: Id: mdX.3,v 1.14 1999/02/11 20:31:49 wollman Exp
 .\" $FreeBSD$
 .\"
-.Dd April 26, 2016
+.Dd July 9, 2018
 .Dt SHA256 3
 .Os
 .Sh NAME
+.Nm SHA224_Init ,
+.Nm SHA224_Update ,
+.Nm SHA224_Final ,
+.Nm SHA224_End ,
+.Nm SHA224_File ,
+.Nm SHA224_FileChunk ,
+.Nm SHA224_Data ,
 .Nm SHA256_Init ,
 .Nm SHA256_Update ,
 .Nm SHA256_Final ,
@ -20,11 +27,26 @@
 .Nm SHA256_File ,
 .Nm SHA256_FileChunk ,
 .Nm SHA256_Data
-.Nd calculate the FIPS 180-2 ``SHA-256'' message digest
+.Nd calculate the FIPS 180-2 ``SHA-256'' (or SHA-224) message digest
 .Sh LIBRARY
 .Lb libmd
 .Sh SYNOPSIS
 .In sys/types.h
+.In sha224.h
+.Ft void
+.Fn SHA224_Init "SHA224_CTX *context"
+.Ft void
+.Fn SHA224_Update "SHA224_CTX *context" "const unsigned char *data" "size_t len"
+.Ft void
+.Fn SHA224_Final "unsigned char digest[32]" "SHA224_CTX *context"
+.Ft "char *"
+.Fn SHA224_End "SHA224_CTX *context" "char *buf"
+.Ft "char *"
+.Fn SHA224_File "const char *filename" "char *buf"
+.Ft "char *"
+.Fn SHA224_FileChunk "const char *filename" "char *buf" "off_t offset" "off_t length"
+.Ft "char *"
+.Fn SHA224_Data "const unsigned char *data" "unsigned int len" "char *buf"
 .In sha256.h
 .Ft void
 .Fn SHA256_Init "SHA256_CTX *context"
@ -119,12 +141,14 @@ after use.
 If the
 .Fa buf
 argument is non-null it must point to at least 65 characters of buffer space.
+.Pp
+SHA224 is identical SHA256, except it has slightly different initialization
+vectors, and is truncated to a shorter digest.
 .Sh SEE ALSO
 .Xr md4 3 ,
 .Xr md5 3 ,
 .Xr ripemd 3 ,
 .Xr sha 3 ,
-.Xr sha256 3 ,
 .Xr sha512 3 ,
 .Xr skein 3
 .Sh HISTORY
--- a/lib/libmd/shadriver.c
+++ b/lib/libmd/shadriver.c
@ -24,6 +24,7 @@ __FBSDID("$FreeBSD$");
 #include <string.h>

 #include "sha.h"
+#include "sha224.h"
 #include "sha256.h"
 #include "sha384.h"
 #include "sha512.h"
@ -38,6 +39,9 @@ __FBSDID("$FreeBSD$");
 #if SHA == 1
 #undef SHA_Data
 #define SHA_Data SHA1_Data
+#elif SHA == 224
+#undef SHA_Data
+#define SHA_Data SHA224_Data
 #elif SHA == 256
 #undef SHA_Data
 #define SHA_Data SHA256_Data
--- a/sbin/md5/Makefile
+++ b/sbin/md5/Makefile
@ -6,6 +6,7 @@ PROG=	md5

 LINKS=	${BINDIR}/md5 ${BINDIR}/rmd160 \
 	${BINDIR}/md5 ${BINDIR}/sha1 \
+	${BINDIR}/md5 ${BINDIR}/sha224 \
 	${BINDIR}/md5 ${BINDIR}/sha256 \
 	${BINDIR}/md5 ${BINDIR}/sha384 \
 	${BINDIR}/md5 ${BINDIR}/sha512 \
@ -16,6 +17,7 @@ LINKS=	${BINDIR}/md5 ${BINDIR}/rmd160 \

 MLINKS=	md5.1 rmd160.1 \
 	md5.1 sha1.1 \
+	md5.1 sha224.1 \
 	md5.1 sha256.1 \
 	md5.1 sha384.1 \
 	md5.1 sha512.1 \
--- a/sbin/md5/md5.1
+++ b/sbin/md5/md5.1
@ -1,65 +1,22 @@
 .\" $FreeBSD$
-.Dd March 2, 2017
+.Dd July 9, 2018
 .Dt MD5 1
 .Os
 .Sh NAME
-.Nm md5 , sha1 , sha256 , sha384 , sha512 , sha512t256 , rmd160 ,
+.Nm md5 , sha1 , sha224 , sha256 , sha384 , sha512 , sha512t256 , rmd160 ,
 .Nm skein256 , skein512 , skein1024
 .Nd calculate a message-digest fingerprint (checksum) for a file
 .Sh SYNOPSIS
-.Nm md5
-.Op Fl pqrtx
-.Op Fl c Ar string
-.Op Fl s Ar string
-.Op Ar
-.Nm sha1
-.Op Fl pqrtx
-.Op Fl c Ar string
-.Op Fl s Ar string
-.Op Ar
-.Nm sha256
-.Op Fl pqrtx
-.Op Fl c Ar string
-.Op Fl s Ar string
-.Op Ar
-.Nm sha384
-.Op Fl pqrtx
-.Op Fl c Ar string
-.Op Fl s Ar string
-.Op Ar
-.Nm sha512
-.Op Fl pqrtx
-.Op Fl c Ar string
-.Op Fl s Ar string
-.Op Ar
-.Nm sha512t256
-.Op Fl pqrtx
-.Op Fl c Ar string
-.Op Fl s Ar string
-.Op Ar
-.Nm rmd160
-.Op Fl pqrtx
-.Op Fl c Ar string
-.Op Fl s Ar string
-.Op Ar
-.Nm skein256
-.Op Fl pqrtx
-.Op Fl c Ar string
-.Op Fl s Ar string
-.Op Ar
-.Nm skein512
-.Op Fl pqrtx
-.Op Fl c Ar string
-.Op Fl s Ar string
-.Op Ar
-.Nm skein1024
+.Nm
 .Op Fl pqrtx
 .Op Fl c Ar string
 .Op Fl s Ar string
 .Op Ar
+.Pp
+(All other hashes have the same options and usage.)
 .Sh DESCRIPTION
 The
-.Nm md5 , sha1 , sha256 , sha384 , sha512, sha512t256, rmd160,
+.Nm md5 , sha1 , sha224 , sha256 , sha384 , sha512, sha512t256, rmd160,
 .Nm skein256, skein512,
 and
 .Nm skein1024
@ -73,7 +30,7 @@ It is conjectured that it is computationally infeasible to
 produce two messages having the same message digest, or to produce any
 message having a given prespecified target message digest.
 The
-.Tn MD5 , SHA-1 , SHA-256 , SHA-384 , SHA-512, RIPEMD-160,
+.Tn SHA-224 , SHA-256 , SHA-384 , SHA-512, RIPEMD-160,
 and
 .Tn SKEIN
 algorithms are intended for digital signature applications, where a
@ -89,8 +46,8 @@ The
 and
 .Tn SHA-1
 algorithms have been proven to be vulnerable to practical collision
-attacks and should not be relied upon to produce unique outputs, nor
-should they be used as part of a cryptographic signature scheme.
+attacks and should not be relied upon to produce unique outputs,
+.Em nor should they be used as part of a cryptographic signature scheme.
 As of 2017-03-02, there is no publicly known method to
 .Em reverse
 either algorithm, i.e. to find an input that produces a specific
@ -143,8 +100,8 @@ Run a built-in test script.
 .El
 .Sh EXIT STATUS
 The
-.Nm md5 , sha1 , sha256 , sha512, sha512t256, rmd160,
-.Nm skein256, skein512,
+.Nm md5 , sha1 , sha224 , sha256 , sha512 , sha512t256 , rmd160 ,
+.Nm skein256 , skein512,
 and
 .Nm skein1024
 utilities exit 0 on success,
@ -157,6 +114,7 @@ option.
 .Xr md5 3 ,
 .Xr ripemd 3 ,
 .Xr sha 3 ,
+.Xr sha224 3 ,
 .Xr sha256 3 ,
 .Xr sha384 3 ,
 .Xr sha512 3 ,
--- a/sbin/md5/md5.c
+++ b/sbin/md5/md5.c
@ -29,6 +29,7 @@ __FBSDID("$FreeBSD$");
 #include <md5.h>
 #include <ripemd.h>
 #include <sha.h>
+#include <sha224.h>
 #include <sha256.h>
 #include <sha384.h>
 #include <sha512.h>
@ -59,6 +60,7 @@ typedef char *(DIGEST_End)(void *, char *);

 extern const char *MD5TestOutput[MDTESTCOUNT];
 extern const char *SHA1_TestOutput[MDTESTCOUNT];
+extern const char *SHA224_TestOutput[MDTESTCOUNT];
 extern const char *SHA256_TestOutput[MDTESTCOUNT];
 extern const char *SHA384_TestOutput[MDTESTCOUNT];
 extern const char *SHA512_TestOutput[MDTESTCOUNT];
@ -89,6 +91,7 @@ static void usage(const Algorithm_t *);
 typedef union {
 	MD5_CTX md5;
 	SHA1_CTX sha1;
+	SHA224_CTX sha224;
 	SHA256_CTX sha256;
 	SHA384_CTX sha384;
 	SHA512_CTX sha512;
@ -112,6 +115,9 @@ static const struct Algorithm_t Algorithm[] = {
 	{ "sha1", "SHA1", &SHA1_TestOutput, (DIGEST_Init*)&SHA1_Init,
 		(DIGEST_Update*)&SHA1_Update, (DIGEST_End*)&SHA1_End,
 		&SHA1_Data, &SHA1_Fd },
+	{ "sha224", "SHA224", &SHA224_TestOutput, (DIGEST_Init*)&SHA224_Init,
+		(DIGEST_Update*)&SHA224_Update, (DIGEST_End*)&SHA224_End,
+		&SHA224_Data, &SHA224_Fd },
 	{ "sha256", "SHA256", &SHA256_TestOutput, (DIGEST_Init*)&SHA256_Init,
 		(DIGEST_Update*)&SHA256_Update, (DIGEST_End*)&SHA256_End,
 		&SHA256_Data, &SHA256_Fd },
@ -368,6 +374,17 @@ const char *SHA1_TestOutput[MDTESTCOUNT] = {
 	"18eca4333979c4181199b7b4fab8786d16cf2846"
 };

+const char *SHA224_TestOutput[MDTESTCOUNT] = {
+	"d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f",
+	"abd37534c7d9a2efb9465de931cd7055ffdb8879563ae98078d6d6d5",
+	"23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7",
+	"2cb21c83ae2f004de7e81c3c7019cbcb65b71ab656b22d6d0c39b8eb",
+	"45a5f72c39c5cff2522eb3429799e49e5f44b356ef926bcf390dccc2",
+	"bff72b4fcb7d75e5632900ac5f90d219e05e97a7bde72e740db393d9",
+	"b50aecbe4e9bb0b57bc5f3ae760a8e01db24f203fb3cdcd13148046e",
+	"5ae55f3779c8a1204210d7ed7689f661fbe140f96f272ab79e19d470"
+};
+
 const char *SHA256_TestOutput[MDTESTCOUNT] = {
 	"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
 	"ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb",