1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 21:37:35 +00:00

LibCrypto: Add SHA256 hash function

This commit is contained in:
AnotherTest 2020-04-08 04:29:07 +04:30 committed by Andreas Kling
parent f2cd004d11
commit ca097b093b
4 changed files with 408 additions and 11 deletions

View file

@ -0,0 +1,144 @@
/*
* Copyright (c) 2020, Ali Mohammad Pur <ali.mpfard@gmail.com>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <AK/Types.h>
#include <LibCrypto/Hash/SHA2.h>
namespace Crypto {
namespace Hash {
constexpr inline static auto ROTRIGHT(u32 a, size_t b) { return (a >> b) | (a << (32 - b)); }
constexpr inline static auto CH(u32 x, u32 y, u32 z) { return (x & y) ^ (z & ~x); }
constexpr inline static auto MAJ(u32 x, u32 y, u32 z) { return (x & y) ^ (x & z) ^ (y & z); }
constexpr inline static auto EP0(u32 x) { return ROTRIGHT(x, 2) ^ ROTRIGHT(x, 13) ^ ROTRIGHT(x, 22); }
constexpr inline static auto EP1(u32 x) { return ROTRIGHT(x, 6) ^ ROTRIGHT(x, 11) ^ ROTRIGHT(x, 25); }
constexpr inline static auto SIGN0(u32 x) { return ROTRIGHT(x, 7) ^ ROTRIGHT(x, 18) ^ (x >> 3); }
constexpr inline static auto SIGN1(u32 x) { return ROTRIGHT(x, 17) ^ ROTRIGHT(x, 19) ^ (x >> 10); }
inline void SHA256::transform(const u8* data)
{
u32 m[64];
size_t i = 0;
for (size_t j = 0; i < BlockSize / 4; ++i, j += 4) {
m[i] = (data[j] << 24) | (data[j + 1] << 16) | (data[j + 2] << 8) | data[j + 3];
}
for (; i < BlockSize; ++i) {
m[i] = SIGN1(m[i - 2]) + m[i - 7] + SIGN0(m[i - 15]) + m[i - 16];
}
auto a = m_state[0], b = m_state[1],
c = m_state[2], d = m_state[3],
e = m_state[4], f = m_state[5],
g = m_state[6], h = m_state[7];
for (size_t i = 0; i < BlockSize; ++i) {
auto temp0 = h + EP1(e) + CH(e, f, g) + SHA256Constants::RoundConstants[i] + m[i];
auto temp1 = EP0(a) + MAJ(a, b, c);
h = g;
g = f;
f = e;
e = d + temp0;
d = c;
c = b;
b = a;
a = temp0 + temp1;
}
m_state[0] += a;
m_state[1] += b;
m_state[2] += c;
m_state[3] += d;
m_state[4] += e;
m_state[5] += f;
m_state[6] += g;
m_state[7] += h;
}
void SHA256::update(const u8* message, size_t length)
{
for (size_t i = 0; i < length; ++i) {
if (m_data_length == BlockSize) {
transform(m_data_buffer);
m_bit_length += 512;
m_data_length = 0;
}
m_data_buffer[m_data_length++] = message[i];
}
}
SHA256::DigestType SHA256::digest()
{
DigestType digest;
size_t i = m_data_length;
if (m_data_length < FinalBlockDataSize) {
m_data_buffer[i++] = 0x80;
while (i < FinalBlockDataSize)
m_data_buffer[i++] = 0x00;
} else {
m_data_buffer[i++] = 0x80;
while (i < BlockSize)
m_data_buffer[i++] = 0x00;
transform(m_data_buffer);
__builtin_memset(m_data_buffer, 0, FinalBlockDataSize);
}
// append total message length
m_bit_length += m_data_length * 8;
m_data_buffer[BlockSize - 1] = m_bit_length;
m_data_buffer[BlockSize - 2] = m_bit_length >> 8;
m_data_buffer[BlockSize - 3] = m_bit_length >> 16;
m_data_buffer[BlockSize - 4] = m_bit_length >> 24;
m_data_buffer[BlockSize - 5] = m_bit_length >> 32;
m_data_buffer[BlockSize - 6] = m_bit_length >> 40;
m_data_buffer[BlockSize - 7] = m_bit_length >> 48;
m_data_buffer[BlockSize - 8] = m_bit_length >> 56;
transform(m_data_buffer);
// SHA uses big-endian and we assume little-endian
// FIXME: looks like a thing for AK::NetworkOrdered,
// but he doesn't support shifting operations
for (size_t i = 0; i < 4; ++i) {
digest.data[i + 0] = (m_state[0] >> (24 - i * 8)) & 0x000000ff;
digest.data[i + 4] = (m_state[1] >> (24 - i * 8)) & 0x000000ff;
digest.data[i + 8] = (m_state[2] >> (24 - i * 8)) & 0x000000ff;
digest.data[i + 12] = (m_state[3] >> (24 - i * 8)) & 0x000000ff;
digest.data[i + 16] = (m_state[4] >> (24 - i * 8)) & 0x000000ff;
digest.data[i + 20] = (m_state[5] >> (24 - i * 8)) & 0x000000ff;
digest.data[i + 24] = (m_state[6] >> (24 - i * 8)) & 0x000000ff;
digest.data[i + 28] = (m_state[7] >> (24 - i * 8)) & 0x000000ff;
}
reset();
return digest;
}
}
}

View file

@ -0,0 +1,120 @@
/*
* Copyright (c) 2020, Ali Mohammad Pur <ali.mpfard@gmail.com>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#pragma once
#include <AK/String.h>
#include <AK/StringBuilder.h>
#include <LibCrypto/Hash/HashFunction.h>
namespace Crypto {
namespace Hash {
namespace SHA256Constants {
constexpr static u32 RoundConstants[64] {
0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
};
constexpr static u32 InitializationHashes[8] = {
0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,
0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
};
}
template <size_t Bytes>
struct SHA2Digest {
u8 data[Bytes];
};
// FIXME: I want template<size_t BlockSize> but the compiler gets confused
class SHA256 final : public HashFunction<512, SHA2Digest<256 / 8>> {
public:
SHA256()
{
reset();
}
virtual void update(const u8*, size_t) override;
virtual void update(const ByteBuffer& buffer) override { update(buffer.data(), buffer.size()); };
virtual void update(const StringView& string) override { update((const u8*)string.characters_without_null_termination(), string.length()); };
virtual DigestType digest() override;
inline static DigestType hash(const u8* data, size_t length)
{
SHA256 sha;
sha.update(data, length);
return sha.digest();
}
inline static DigestType hash(const ByteBuffer& buffer) { return hash(buffer.data(), buffer.size()); }
inline static DigestType hash(const StringView& buffer) { return hash((const u8*)buffer.characters_without_null_termination(), buffer.length()); }
virtual String class_name() const override
{
StringBuilder builder;
builder.append("SHA");
builder.appendf("%zu", this->DigestSize * 8);
return builder.build();
};
private:
inline void transform(const u8*);
inline void reset()
{
m_data_length = 0;
m_bit_length = 0;
for (size_t i = 0; i < 8; ++i)
m_state[i] = SHA256Constants::InitializationHashes[i];
}
u8 m_data_buffer[BlockSize];
size_t m_data_length { 0 };
u64 m_bit_length { 0 };
u32 m_state[8];
constexpr static auto FinalBlockDataSize = BlockSize - 8;
};
}
}

View file

@ -1,6 +1,7 @@
LIBCRYPTO_OBJS = \
Cipher/AES.o \
Hash/MD5.o
Hash/MD5.o \
Hash/SHA2.o
OBJS = $(LIBCRYPTO_OBJS)

View file

@ -3,6 +3,7 @@
#include <LibCrypto/Authentication/HMAC.h>
#include <LibCrypto/Cipher/AES.h>
#include <LibCrypto/Hash/MD5.h>
#include <LibCrypto/Hash/SHA2.h>
#include <LibLine/Editor.h>
#include <stdio.h>
@ -16,8 +17,8 @@ static bool run_tests = false;
static bool encrypting = true;
constexpr const char* DEFAULT_DIGEST_SUITE { "HMAC-MD5" };
constexpr const char* DEFAULT_HASH_SUITE { "MD5" };
constexpr const char* DEFAULT_DIGEST_SUITE { "HMAC-SHA256" };
constexpr const char* DEFAULT_HASH_SUITE { "SHA256" };
constexpr const char* DEFAULT_CIPHER_SUITE { "AES_CBC" };
// listAllTests
@ -26,9 +27,11 @@ int aes_cbc_tests();
// Hash
int md5_tests();
int sha256_tests();
// Authentication
int hmac_md5_tests();
int hmac_sha256_tests();
// stop listing tests
@ -112,6 +115,25 @@ void hmac_md5(const char* message, size_t len)
print_buffer(ByteBuffer::wrap(mac.data, hmac.DigestSize), -1);
}
void sha256(const char* message, size_t len)
{
auto digest = Crypto::Hash::SHA256::hash((const u8*)message, len);
if (binary)
printf("%.*s", (int)Crypto::Hash::SHA256::digest_size(), digest.data);
else
print_buffer(ByteBuffer::wrap(digest.data, Crypto::Hash::SHA256::digest_size()), -1);
}
void hmac_sha256(const char* message, size_t len)
{
Crypto::Authentication::HMAC<Crypto::Hash::SHA256> hmac(secret_key);
auto mac = hmac.process((const u8*)message, len);
if (binary)
printf("%.*s", (int)hmac.DigestSize, mac.data);
else
print_buffer(ByteBuffer::wrap(mac.data, hmac.DigestSize), -1);
}
auto main(int argc, char** argv) -> int
{
const char* mode = nullptr;
@ -137,36 +159,48 @@ auto main(int argc, char** argv) -> int
puts("\tlist -- List all known modes");
return 0;
}
if (mode_sv == "hash") {
if (suite == nullptr)
suite = DEFAULT_HASH_SUITE;
StringView suite_sv { suite };
if (StringView(suite) == "MD5") {
if (suite_sv == "MD5") {
if (run_tests)
return md5_tests();
return run(md5);
} else {
printf("unknown hash function '%s'\n", suite);
return 1;
}
if (suite_sv == "SHA256") {
if (run_tests)
return sha256_tests();
return run(sha256);
}
printf("unknown hash function '%s'\n", suite);
return 1;
}
if (mode_sv == "digest") {
if (suite == nullptr)
suite = DEFAULT_DIGEST_SUITE;
StringView suite_sv { suite };
if (StringView(suite) == "HMAC-MD5") {
if (suite_sv == "HMAC-MD5") {
if (run_tests)
return hmac_md5_tests();
return run(hmac_md5);
} else {
printf("unknown hash function '%s'\n", suite);
return 1;
}
if (suite_sv == "HMAC-SHA256") {
if (run_tests)
return hmac_sha256_tests();
return run(hmac_sha256);
}
printf("unknown hash function '%s'\n", suite);
return 1;
}
encrypting = mode_sv == "encrypt";
if (encrypting || mode_sv == "decrypt") {
if (suite == nullptr)
suite = DEFAULT_CIPHER_SUITE;
StringView suite_sv { suite };
if (StringView(suite) == "AES_CBC") {
if (run_tests)
@ -214,9 +248,15 @@ void md5_test_name();
void md5_test_hash();
void md5_test_consecutive_updates();
void sha256_test_name();
void sha256_test_hash();
void hmac_md5_test_name();
void hmac_md5_test_process();
void hmac_sha256_test_name();
void hmac_sha256_test_process();
int aes_cbc_tests()
{
aes_cbc_test_name();
@ -482,6 +522,13 @@ int hmac_md5_tests()
return 0;
}
int hmac_sha256_tests()
{
hmac_sha256_test_name();
hmac_sha256_test_process();
return 0;
}
void hmac_md5_test_name()
{
I_TEST((HMAC - MD5 | Class name));
@ -520,3 +567,88 @@ void hmac_md5_test_process()
PASS;
}
}
int sha256_tests()
{
sha256_test_name();
sha256_test_hash();
return 0;
}
void sha256_test_name()
{
I_TEST((SHA256 class name));
Crypto::Hash::SHA256 sha;
if (sha.class_name() != "SHA256") {
FAIL(Invalid class name);
printf("%s\n", sha.class_name().characters());
} else
PASS;
}
void sha256_test_hash()
{
{
I_TEST((SHA256 Hashing | "Well hello friends"));
u8 result[] {
0x9a, 0xcd, 0x50, 0xf9, 0xa2, 0xaf, 0x37, 0xe4, 0x71, 0xf7, 0x61, 0xc3, 0xfe, 0x7b, 0x8d, 0xea, 0x56, 0x17, 0xe5, 0x1d, 0xac, 0x80, 0x2f, 0xe6, 0xc1, 0x77, 0xb7, 0x4a, 0xbf, 0x0a, 0xbb, 0x5a
};
auto digest = Crypto::Hash::SHA256::hash("Well hello friends");
if (memcmp(result, digest.data, Crypto::Hash::SHA256::digest_size()) != 0) {
FAIL(Invalid hash);
print_buffer(ByteBuffer::wrap(digest.data, Crypto::Hash::SHA256::digest_size()), -1);
} else
PASS;
}
{
I_TEST((SHA256 Hashing | ""));
u8 result[] {
0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55
};
auto digest = Crypto::Hash::SHA256::hash("");
if (memcmp(result, digest.data, Crypto::Hash::SHA256::digest_size()) != 0) {
FAIL(Invalid hash);
print_buffer(ByteBuffer::wrap(digest.data, Crypto::Hash::SHA256::digest_size()), -1);
} else
PASS;
}
}
void hmac_sha256_test_name()
{
I_TEST((HMAC - SHA256 | Class name));
Crypto::Authentication::HMAC<Crypto::Hash::SHA256> hmac("Well Hello Friends");
if (hmac.class_name() != "HMAC-SHA256")
FAIL(Invalid class name);
else
PASS;
}
void hmac_sha256_test_process()
{
{
I_TEST((HMAC - SHA256 | Basic));
Crypto::Authentication::HMAC<Crypto::Hash::SHA256> hmac("Well Hello Friends");
u8 result[] {
0x1a, 0xf2, 0x20, 0x62, 0xde, 0x3b, 0x84, 0x65, 0xc1, 0x25, 0x23, 0x99, 0x76, 0x15, 0x1b, 0xec, 0x15, 0x21, 0x82, 0x1f, 0x23, 0xca, 0x11, 0x66, 0xdd, 0x8c, 0x6e, 0xf1, 0x81, 0x3b, 0x7f, 0x1b
};
auto mac = hmac.process("Some bogus data");
if (memcmp(result, mac.data, hmac.DigestSize) != 0) {
FAIL(Invalid mac);
print_buffer(ByteBuffer::wrap(mac.data, hmac.DigestSize), -1);
} else
PASS;
}
{
I_TEST((HMAC - SHA256 | Reuse));
Crypto::Authentication::HMAC<Crypto::Hash::SHA256> hmac("Well Hello Friends");
auto mac_0 = hmac.process("Some bogus data");
auto mac_1 = hmac.process("Some bogus data");
if (memcmp(mac_0.data, mac_1.data, hmac.DigestSize) != 0) {
FAIL(Cannot reuse);
} else
PASS;
}
}