Message ID | 20200115200048.15137-6-stefanb@linux.ibm.com |
---|---|
State | Superseded |
Headers | show |
Series | Add vTPM 2.0 support to SLOF | expand |
On 16/01/2020 07:00, Stefan Berger wrote: > The following patch adds a SHA256 implementation based on the algorithm > description in NIST FIPS PUB 180-4. The patch includes test cases that test > the sha256 implementation and pass on big and little endian ppc64 hosts. > > Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> > --- > lib/libtpm/Makefile | 2 +- > lib/libtpm/sha256.c | 316 ++++++++++++++++++++++++++++++++++++++++++++ > lib/libtpm/sha256.h | 20 +++ > 3 files changed, 337 insertions(+), 1 deletion(-) > create mode 100644 lib/libtpm/sha256.c > create mode 100644 lib/libtpm/sha256.h > > diff --git a/lib/libtpm/Makefile b/lib/libtpm/Makefile > index ff19e1c..7efad28 100644 > --- a/lib/libtpm/Makefile > +++ b/lib/libtpm/Makefile > @@ -23,7 +23,7 @@ TARGET = ../libtpm.a > > all: $(TARGET) > > -SRCS = tpm_drivers.c > +SRCS = tpm_drivers.c sha256.c > > OBJS = $(SRCS:%.c=%.o) > > diff --git a/lib/libtpm/sha256.c b/lib/libtpm/sha256.c > new file mode 100644 > index 0000000..6acff92 > --- /dev/null > +++ b/lib/libtpm/sha256.c > @@ -0,0 +1,316 @@ > +/***************************************************************************** > + * Copyright (c) 2015-2020 IBM Corporation > + * All rights reserved. > + * This program and the accompanying materials > + * are made available under the terms of the BSD License > + * which accompanies this distribution, and is available at > + * http://www.opensource.org/licenses/bsd-license.php > + * > + * Contributors: > + * IBM Corporation - initial implementation > + *****************************************************************************/ > + > +/* > + * See: NIST standard for SHA-1 in FIPS PUB 180-4 > + */ > + > +#include "byteorder.h" > +#include "sha256.h" > +#include "string.h" > + > +typedef struct _sha256_ctx { > + uint32_t h[8]; > +} sha256_ctx; > + > +static inline uint32_t rotr(uint32_t x, uint8_t n) > +{ > + return (x >> n) | (x << (32 - n)); > +} > + > +static inline uint32_t Ch(uint32_t x, uint32_t y, uint32_t z) > +{ > + return (x & y) | ((x ^ 0xffffffff) & z); > +} > + > +static inline uint32_t Maj(uint32_t x, uint32_t y, uint32_t z) > +{ > + return (x & y) | (x & z) | (y & z); > +} > + > +static inline uint32_t sum0(uint32_t x) > +{ > + return rotr(x, 2) ^ rotr(x, 13) ^ rotr(x, 22); > +} > + > +static inline uint32_t sum1(uint32_t x) > +{ > + return rotr(x, 6) ^ rotr(x, 11) ^ rotr(x, 25); > +} > + > +static inline uint32_t sigma0(uint32_t x) > +{ > + return rotr(x, 7) ^ rotr(x, 18) ^ (x >> 3); > +} > + > +static inline uint32_t sigma1(uint32_t x) > +{ > + return rotr(x, 17) ^ rotr(x, 19) ^ (x >> 10); > +} > + > +static void sha256_block(uint32_t *w, sha256_ctx *ctx) > +{ > + uint32_t t; > + uint32_t a, b, c, d, e, f, g, h; > + uint32_t T1, T2; > + > + /* > + * FIPS 180-4 4.2.2: SHA256 Constants > + */ > + static const uint32_t sha_ko[64] = { > + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, > + 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, > + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, > + 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, > + 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, > + 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, > + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, > + 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, > + 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, > + 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, > + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, > + 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, > + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, > + 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, > + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, > + 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 > + }; > + > + /* > + * FIPS 180-4 6.2.2: step 1 > + * > + * 0 <= i <= 15: > + * W(t) = M(t) > + * 16 <= i <= 79: > + * W(t) = sigma1(W(t-2)) + W(t-7) + sigma0(W(t-15)) + W(t-16) > + */ > + > + /* w(0)..w(15) are in big endian format */ > + for (t = 0; t <= 15; t++) > + w[t] = be32_to_cpu(w[t]); > + > + for (t = 16; t <= 63; t++) > + w[t] = sigma1(w[t-2]) + w[t-7] + sigma0(w[t-15]) + w[t-16]; > + > + /* > + * step 2: a = H0, b = H1, c = H2, d = H3, e = H4, f = H5, g = H6, h = H7 > + */ > + a = ctx->h[0]; > + b = ctx->h[1]; > + c = ctx->h[2]; > + d = ctx->h[3]; > + e = ctx->h[4]; > + f = ctx->h[5]; > + g = ctx->h[6]; > + h = ctx->h[7]; > + > + /* > + * step 3: For i = 0 to 63: > + * T1 = h + sum1(e) + Ch(e,f,g) + K(t) + W(t); > + * T2 = sum0(a) + Maj(a,b,c) > + * h = g; g = f; f = e; e = d + T1; d = c; c = b; b = a; a + T1 + T2 > + */ > + for (t = 0; t <= 63; t++) { > + T1 = h + sum1(e) + Ch(e, f, g) + sha_ko[t] + w[t]; > + T2 = sum0(a) + Maj(a, b, c); > + h = g; > + g = f; > + f = e; > + e = d + T1; > + d = c; > + c = b; > + b = a; > + a = T1 + T2; > + } > + > + /* > + * step 4: > + * H0 = a + H0, H1 = b + H1, H2 = c + H2, H3 = d + H3, H4 = e + H4 > + */ > + ctx->h[0] += a; > + ctx->h[1] += b; > + ctx->h[2] += c; > + ctx->h[3] += d; > + ctx->h[4] += e; > + ctx->h[5] += f; > + ctx->h[6] += g; > + ctx->h[7] += h; > +} > + > +static void sha256_do(sha256_ctx *ctx, const uint8_t *data32, uint32_t length) > +{ > + uint32_t offset; > + uint16_t num; > + uint32_t bits = 0; > + uint32_t w[64]; > + uint64_t tmp; > + > + /* treat data in 64-byte chunks */ > + for (offset = 0; length - offset >= 64; offset += 64) { > + memcpy(w, data32 + offset, 64); > + sha256_block((uint32_t *)w, ctx); > + bits += (64 * 8); > + } > + > + /* last block with less than 64 bytes */ > + num = length - offset; > + bits += (num << 3); > + > + memcpy(w, data32 + offset, num); > + /* > + * FIPS 180-4 5.1: Padding the Message > + */ > + ((uint8_t *)w)[num] = 0x80; > + if (64 - (num + 1) > 0) > + memset( &((uint8_t *)w)[num + 1], 0, 64 - (num + 1)); > + > + if (num >= 56) { > + /* cannot append number of bits here */ > + sha256_block((uint32_t *)w, ctx); > + memset(w, 0, 60); > + } > + > + /* write number of bits to end of block */ > + tmp = cpu_to_be64(bits); > + memcpy(&w[14], &tmp, 8); > + > + sha256_block(w, ctx); > + > + /* need to switch result's endianness */ > + for (num = 0; num < 8; num++) > + ctx->h[num] = cpu_to_be32(ctx->h[num]); > +} > + > +uint32_t sha256(const uint8_t *data, uint32_t length, uint8_t *hash) > +{ > + sha256_ctx ctx = { > + .h = { > + /* > + * FIPS 180-4: 6.2.1 > + * -> 5.3.3: initial hash value > + */ > + 0x6a09e667, > + 0xbb67ae85, > + 0x3c6ef372, > + 0xa54ff53a, > + 0x510e527f, > + 0x9b05688c, > + 0x1f83d9ab, > + 0x5be0cd19 > + } > + }; > + > + sha256_do(&ctx, data, length); > + memcpy(hash, &ctx.h[0], 32); s/32/sizeof(ctx)/ ? I > + > + return 0; Make sha256() return void then? > +} > + > +#ifdef HAVE_MAIN I suppose the tests have passed so we do not really need the tests in the SLOF tree, no? I strongly suspect nobody will ever run this. Thanks, > + > +/* > + * Test vectors for sha256 > + * Source: https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA256.pdf > + * > + * gcc sha256.c -o sha256 -DHAVE_MAIN -I../../include -I../../slof > + */ > + > +#include <stdio.h> > +#include <stdlib.h> > + > +void check_hash(const char *t, > + const unsigned char *hash, > + const unsigned char *expected) > +{ > + unsigned i; > + > + printf("%s : ", t); > + if (memcmp(hash, expected, 32)) { > + printf("fail\nexpected :"); > + for (i = 0; i < 32; i++) > + printf(" %02x", expected[i]); > + printf("\nactual:"); > + for (i = 0; i < 32; i++) > + printf(" %02x", hash[i]); > + printf("\n"); > + } else { > + printf("pass\n"); > + } > +} > + > +int main(void) > +{ > + unsigned char hash[32]; > + char *buf; > + > + sha256("abc", 3, hash); > + check_hash("Test 1", hash, > + (unsigned char[]){0xba, 0x78, 0x16, 0xbf, > + 0x8f, 0x01, 0xcf, 0xea, > + 0x41, 0x41, 0x40, 0xde, > + 0x5d, 0xae, 0x22, 0x23, > + 0xb0, 0x03, 0x61, 0xa3, > + 0x96, 0x17, 0x7a, 0x9c, > + 0xb4, 0x10, 0xff, 0x61, > + 0xf2, 0x00, 0x15, 0xad}); > + > + sha256("", 0, hash); > + check_hash("Test 2", hash, > + (unsigned char[]){0xe3, 0xb0, 0xc4, 0x42, > + 0x98, 0xfc, 0x1c, 0x14, > + 0x9a, 0xfb, 0xf4, 0xc8, > + 0x99, 0x6f, 0xb9, 0x24, > + 0x27, 0xae, 0x41, 0xe4, > + 0x64, 0x9b, 0x93, 0x4c, > + 0xa4, 0x95, 0x99, 0x1b, > + 0x78, 0x52, 0xb8, 0x55}); > + > + sha256("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", > + 448 / 8, hash); > + check_hash("Test 3", hash, > + (unsigned char[]){0x24, 0x8d, 0x6a, 0x61, > + 0xd2, 0x06, 0x38, 0xb8, > + 0xe5, 0xc0, 0x26, 0x93, > + 0x0c, 0x3e, 0x60, 0x39, > + 0xa3, 0x3c, 0xe4, 0x59, > + 0x64, 0xff, 0x21, 0x67, > + 0xf6, 0xec, 0xed, 0xd4, > + 0x19, 0xdb, 0x06, 0xc1}); > + > + sha256("abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn" > + "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", > + 896 / 8, hash); > + check_hash("Test 4", hash, > + (unsigned char[]){0xcf, 0x5b, 0x16, 0xa7, > + 0x78, 0xaf, 0x83, 0x80, > + 0x03, 0x6c, 0xe5, 0x9e, > + 0x7b, 0x04, 0x92, 0x37, > + 0x0b, 0x24, 0x9b, 0x11, > + 0xe8, 0xf0, 0x7a, 0x51, > + 0xaf, 0xac, 0x45, 0x03, > + 0x7a, 0xfe, 0xe9, 0xd1}); > + > + buf = malloc(1000000); > + memset(buf, 'a', 1000000); > + sha256(buf, 1000000, hash); > + check_hash("Test 5", hash, > + (unsigned char[]){0xcd, 0xc7, 0x6e, 0x5c, > + 0x99, 0x14, 0xfb, 0x92, > + 0x81, 0xa1, 0xc7, 0xe2, > + 0x84, 0xd7, 0x3e, 0x67, > + 0xf1, 0x80, 0x9a, 0x48, > + 0xa4, 0x97, 0x20, 0x0e, > + 0x04, 0x6d, 0x39, 0xcc, > + 0xc7, 0x11, 0x2c, 0xd0}); > +} > + > +#endif > diff --git a/lib/libtpm/sha256.h b/lib/libtpm/sha256.h > new file mode 100644 > index 0000000..66c2187 > --- /dev/null > +++ b/lib/libtpm/sha256.h > @@ -0,0 +1,20 @@ > +/***************************************************************************** > + * Copyright (c) 2015-2020 IBM Corporation > + * All rights reserved. > + * This program and the accompanying materials > + * are made available under the terms of the BSD License > + * which accompanies this distribution, and is available at > + * http://www.opensource.org/licenses/bsd-license.php > + * > + * Contributors: > + * IBM Corporation - initial implementation > + *****************************************************************************/ > + > +#ifndef __SHA256_H > +#define __SHA256_H > + > +#include "types.h" > + > +uint32_t sha256(const uint8_t *data, uint32_t length, uint8_t *hash); > + > +#endif /* __SHA256_H */ >
Hi! On Wed, Jan 15, 2020 at 03:00:46PM -0500, Stefan Berger wrote: > The following patch adds a SHA256 implementation based on the algorithm > description in NIST FIPS PUB 180-4. The patch includes test cases that test > the sha256 implementation and pass on big and little endian ppc64 hosts. > --- /dev/null > +++ b/lib/libtpm/sha256.c > +/* > + * See: NIST standard for SHA-1 in FIPS PUB 180-4 > + */ That seems wrong ;-) Segher
On 1/20/20 3:10 AM, Alexey Kardashevskiy wrote: > > On 16/01/2020 07:00, Stefan Berger wrote: >> The following patch adds a SHA256 implementation based on the algorithm >> description in NIST FIPS PUB 180-4. The patch includes test cases that test >> the sha256 implementation and pass on big and little endian ppc64 hosts. > + sha256_do(&ctx, data, length); >> + memcpy(hash, &ctx.h[0], 32); > s/32/sizeof(ctx)/ ? I Right. > >> + >> + return 0; > Make sha256() return void then? Will change. > > >> +} >> + >> +#ifdef HAVE_MAIN > > I suppose the tests have passed so we do not really need the tests in > the SLOF tree, no? I strongly suspect nobody will ever run this. Thanks, They are there to show that this implementation is correct. I will remove them.
On 1/20/20 7:08 AM, Segher Boessenkool wrote: > Hi! > > On Wed, Jan 15, 2020 at 03:00:46PM -0500, Stefan Berger wrote: >> The following patch adds a SHA256 implementation based on the algorithm >> description in NIST FIPS PUB 180-4. The patch includes test cases that test >> the sha256 implementation and pass on big and little endian ppc64 hosts. >> --- /dev/null >> +++ b/lib/libtpm/sha256.c >> +/* >> + * See: NIST standard for SHA-1 in FIPS PUB 180-4 >> + */ > That seems wrong ;-) Fixed. > > > Segher
diff --git a/lib/libtpm/Makefile b/lib/libtpm/Makefile index ff19e1c..7efad28 100644 --- a/lib/libtpm/Makefile +++ b/lib/libtpm/Makefile @@ -23,7 +23,7 @@ TARGET = ../libtpm.a all: $(TARGET) -SRCS = tpm_drivers.c +SRCS = tpm_drivers.c sha256.c OBJS = $(SRCS:%.c=%.o) diff --git a/lib/libtpm/sha256.c b/lib/libtpm/sha256.c new file mode 100644 index 0000000..6acff92 --- /dev/null +++ b/lib/libtpm/sha256.c @@ -0,0 +1,316 @@ +/***************************************************************************** + * Copyright (c) 2015-2020 IBM Corporation + * All rights reserved. + * This program and the accompanying materials + * are made available under the terms of the BSD License + * which accompanies this distribution, and is available at + * http://www.opensource.org/licenses/bsd-license.php + * + * Contributors: + * IBM Corporation - initial implementation + *****************************************************************************/ + +/* + * See: NIST standard for SHA-1 in FIPS PUB 180-4 + */ + +#include "byteorder.h" +#include "sha256.h" +#include "string.h" + +typedef struct _sha256_ctx { + uint32_t h[8]; +} sha256_ctx; + +static inline uint32_t rotr(uint32_t x, uint8_t n) +{ + return (x >> n) | (x << (32 - n)); +} + +static inline uint32_t Ch(uint32_t x, uint32_t y, uint32_t z) +{ + return (x & y) | ((x ^ 0xffffffff) & z); +} + +static inline uint32_t Maj(uint32_t x, uint32_t y, uint32_t z) +{ + return (x & y) | (x & z) | (y & z); +} + +static inline uint32_t sum0(uint32_t x) +{ + return rotr(x, 2) ^ rotr(x, 13) ^ rotr(x, 22); +} + +static inline uint32_t sum1(uint32_t x) +{ + return rotr(x, 6) ^ rotr(x, 11) ^ rotr(x, 25); +} + +static inline uint32_t sigma0(uint32_t x) +{ + return rotr(x, 7) ^ rotr(x, 18) ^ (x >> 3); +} + +static inline uint32_t sigma1(uint32_t x) +{ + return rotr(x, 17) ^ rotr(x, 19) ^ (x >> 10); +} + +static void sha256_block(uint32_t *w, sha256_ctx *ctx) +{ + uint32_t t; + uint32_t a, b, c, d, e, f, g, h; + uint32_t T1, T2; + + /* + * FIPS 180-4 4.2.2: SHA256 Constants + */ + static const uint32_t sha_ko[64] = { + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, + 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, + 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, + 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, + 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, + 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, + 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, + 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, + 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, + 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, + 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 + }; + + /* + * FIPS 180-4 6.2.2: step 1 + * + * 0 <= i <= 15: + * W(t) = M(t) + * 16 <= i <= 79: + * W(t) = sigma1(W(t-2)) + W(t-7) + sigma0(W(t-15)) + W(t-16) + */ + + /* w(0)..w(15) are in big endian format */ + for (t = 0; t <= 15; t++) + w[t] = be32_to_cpu(w[t]); + + for (t = 16; t <= 63; t++) + w[t] = sigma1(w[t-2]) + w[t-7] + sigma0(w[t-15]) + w[t-16]; + + /* + * step 2: a = H0, b = H1, c = H2, d = H3, e = H4, f = H5, g = H6, h = H7 + */ + a = ctx->h[0]; + b = ctx->h[1]; + c = ctx->h[2]; + d = ctx->h[3]; + e = ctx->h[4]; + f = ctx->h[5]; + g = ctx->h[6]; + h = ctx->h[7]; + + /* + * step 3: For i = 0 to 63: + * T1 = h + sum1(e) + Ch(e,f,g) + K(t) + W(t); + * T2 = sum0(a) + Maj(a,b,c) + * h = g; g = f; f = e; e = d + T1; d = c; c = b; b = a; a + T1 + T2 + */ + for (t = 0; t <= 63; t++) { + T1 = h + sum1(e) + Ch(e, f, g) + sha_ko[t] + w[t]; + T2 = sum0(a) + Maj(a, b, c); + h = g; + g = f; + f = e; + e = d + T1; + d = c; + c = b; + b = a; + a = T1 + T2; + } + + /* + * step 4: + * H0 = a + H0, H1 = b + H1, H2 = c + H2, H3 = d + H3, H4 = e + H4 + */ + ctx->h[0] += a; + ctx->h[1] += b; + ctx->h[2] += c; + ctx->h[3] += d; + ctx->h[4] += e; + ctx->h[5] += f; + ctx->h[6] += g; + ctx->h[7] += h; +} + +static void sha256_do(sha256_ctx *ctx, const uint8_t *data32, uint32_t length) +{ + uint32_t offset; + uint16_t num; + uint32_t bits = 0; + uint32_t w[64]; + uint64_t tmp; + + /* treat data in 64-byte chunks */ + for (offset = 0; length - offset >= 64; offset += 64) { + memcpy(w, data32 + offset, 64); + sha256_block((uint32_t *)w, ctx); + bits += (64 * 8); + } + + /* last block with less than 64 bytes */ + num = length - offset; + bits += (num << 3); + + memcpy(w, data32 + offset, num); + /* + * FIPS 180-4 5.1: Padding the Message + */ + ((uint8_t *)w)[num] = 0x80; + if (64 - (num + 1) > 0) + memset( &((uint8_t *)w)[num + 1], 0, 64 - (num + 1)); + + if (num >= 56) { + /* cannot append number of bits here */ + sha256_block((uint32_t *)w, ctx); + memset(w, 0, 60); + } + + /* write number of bits to end of block */ + tmp = cpu_to_be64(bits); + memcpy(&w[14], &tmp, 8); + + sha256_block(w, ctx); + + /* need to switch result's endianness */ + for (num = 0; num < 8; num++) + ctx->h[num] = cpu_to_be32(ctx->h[num]); +} + +uint32_t sha256(const uint8_t *data, uint32_t length, uint8_t *hash) +{ + sha256_ctx ctx = { + .h = { + /* + * FIPS 180-4: 6.2.1 + * -> 5.3.3: initial hash value + */ + 0x6a09e667, + 0xbb67ae85, + 0x3c6ef372, + 0xa54ff53a, + 0x510e527f, + 0x9b05688c, + 0x1f83d9ab, + 0x5be0cd19 + } + }; + + sha256_do(&ctx, data, length); + memcpy(hash, &ctx.h[0], 32); + + return 0; +} + +#ifdef HAVE_MAIN + +/* + * Test vectors for sha256 + * Source: https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA256.pdf + * + * gcc sha256.c -o sha256 -DHAVE_MAIN -I../../include -I../../slof + */ + +#include <stdio.h> +#include <stdlib.h> + +void check_hash(const char *t, + const unsigned char *hash, + const unsigned char *expected) +{ + unsigned i; + + printf("%s : ", t); + if (memcmp(hash, expected, 32)) { + printf("fail\nexpected :"); + for (i = 0; i < 32; i++) + printf(" %02x", expected[i]); + printf("\nactual:"); + for (i = 0; i < 32; i++) + printf(" %02x", hash[i]); + printf("\n"); + } else { + printf("pass\n"); + } +} + +int main(void) +{ + unsigned char hash[32]; + char *buf; + + sha256("abc", 3, hash); + check_hash("Test 1", hash, + (unsigned char[]){0xba, 0x78, 0x16, 0xbf, + 0x8f, 0x01, 0xcf, 0xea, + 0x41, 0x41, 0x40, 0xde, + 0x5d, 0xae, 0x22, 0x23, + 0xb0, 0x03, 0x61, 0xa3, + 0x96, 0x17, 0x7a, 0x9c, + 0xb4, 0x10, 0xff, 0x61, + 0xf2, 0x00, 0x15, 0xad}); + + sha256("", 0, hash); + check_hash("Test 2", hash, + (unsigned char[]){0xe3, 0xb0, 0xc4, 0x42, + 0x98, 0xfc, 0x1c, 0x14, + 0x9a, 0xfb, 0xf4, 0xc8, + 0x99, 0x6f, 0xb9, 0x24, + 0x27, 0xae, 0x41, 0xe4, + 0x64, 0x9b, 0x93, 0x4c, + 0xa4, 0x95, 0x99, 0x1b, + 0x78, 0x52, 0xb8, 0x55}); + + sha256("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", + 448 / 8, hash); + check_hash("Test 3", hash, + (unsigned char[]){0x24, 0x8d, 0x6a, 0x61, + 0xd2, 0x06, 0x38, 0xb8, + 0xe5, 0xc0, 0x26, 0x93, + 0x0c, 0x3e, 0x60, 0x39, + 0xa3, 0x3c, 0xe4, 0x59, + 0x64, 0xff, 0x21, 0x67, + 0xf6, 0xec, 0xed, 0xd4, + 0x19, 0xdb, 0x06, 0xc1}); + + sha256("abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn" + "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", + 896 / 8, hash); + check_hash("Test 4", hash, + (unsigned char[]){0xcf, 0x5b, 0x16, 0xa7, + 0x78, 0xaf, 0x83, 0x80, + 0x03, 0x6c, 0xe5, 0x9e, + 0x7b, 0x04, 0x92, 0x37, + 0x0b, 0x24, 0x9b, 0x11, + 0xe8, 0xf0, 0x7a, 0x51, + 0xaf, 0xac, 0x45, 0x03, + 0x7a, 0xfe, 0xe9, 0xd1}); + + buf = malloc(1000000); + memset(buf, 'a', 1000000); + sha256(buf, 1000000, hash); + check_hash("Test 5", hash, + (unsigned char[]){0xcd, 0xc7, 0x6e, 0x5c, + 0x99, 0x14, 0xfb, 0x92, + 0x81, 0xa1, 0xc7, 0xe2, + 0x84, 0xd7, 0x3e, 0x67, + 0xf1, 0x80, 0x9a, 0x48, + 0xa4, 0x97, 0x20, 0x0e, + 0x04, 0x6d, 0x39, 0xcc, + 0xc7, 0x11, 0x2c, 0xd0}); +} + +#endif diff --git a/lib/libtpm/sha256.h b/lib/libtpm/sha256.h new file mode 100644 index 0000000..66c2187 --- /dev/null +++ b/lib/libtpm/sha256.h @@ -0,0 +1,20 @@ +/***************************************************************************** + * Copyright (c) 2015-2020 IBM Corporation + * All rights reserved. + * This program and the accompanying materials + * are made available under the terms of the BSD License + * which accompanies this distribution, and is available at + * http://www.opensource.org/licenses/bsd-license.php + * + * Contributors: + * IBM Corporation - initial implementation + *****************************************************************************/ + +#ifndef __SHA256_H +#define __SHA256_H + +#include "types.h" + +uint32_t sha256(const uint8_t *data, uint32_t length, uint8_t *hash); + +#endif /* __SHA256_H */
The following patch adds a SHA256 implementation based on the algorithm description in NIST FIPS PUB 180-4. The patch includes test cases that test the sha256 implementation and pass on big and little endian ppc64 hosts. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> --- lib/libtpm/Makefile | 2 +- lib/libtpm/sha256.c | 316 ++++++++++++++++++++++++++++++++++++++++++++ lib/libtpm/sha256.h | 20 +++ 3 files changed, 337 insertions(+), 1 deletion(-) create mode 100644 lib/libtpm/sha256.c create mode 100644 lib/libtpm/sha256.h