From ca097b093b4820d62c12bcde1c4e2496348d8f29 Mon Sep 17 00:00:00 2001 From: AnotherTest Date: Wed, 8 Apr 2020 04:29:07 +0430 Subject: [PATCH] LibCrypto: Add SHA256 hash function --- Libraries/LibCrypto/Hash/SHA2.cpp | 144 ++++++++++++++++++++++++++++ Libraries/LibCrypto/Hash/SHA2.h | 120 +++++++++++++++++++++++ Libraries/LibCrypto/Makefile | 3 +- Userland/test-crypto.cpp | 152 ++++++++++++++++++++++++++++-- 4 files changed, 408 insertions(+), 11 deletions(-) create mode 100644 Libraries/LibCrypto/Hash/SHA2.cpp create mode 100644 Libraries/LibCrypto/Hash/SHA2.h diff --git a/Libraries/LibCrypto/Hash/SHA2.cpp b/Libraries/LibCrypto/Hash/SHA2.cpp new file mode 100644 index 0000000000..f990b797eb --- /dev/null +++ b/Libraries/LibCrypto/Hash/SHA2.cpp @@ -0,0 +1,144 @@ +/* + * Copyright (c) 2020, Ali Mohammad Pur + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include +#include + +namespace Crypto { +namespace Hash { + constexpr inline static auto ROTRIGHT(u32 a, size_t b) { return (a >> b) | (a << (32 - b)); } + constexpr inline static auto CH(u32 x, u32 y, u32 z) { return (x & y) ^ (z & ~x); } + constexpr inline static auto MAJ(u32 x, u32 y, u32 z) { return (x & y) ^ (x & z) ^ (y & z); } + constexpr inline static auto EP0(u32 x) { return ROTRIGHT(x, 2) ^ ROTRIGHT(x, 13) ^ ROTRIGHT(x, 22); } + constexpr inline static auto EP1(u32 x) { return ROTRIGHT(x, 6) ^ ROTRIGHT(x, 11) ^ ROTRIGHT(x, 25); } + constexpr inline static auto SIGN0(u32 x) { return ROTRIGHT(x, 7) ^ ROTRIGHT(x, 18) ^ (x >> 3); } + constexpr inline static auto SIGN1(u32 x) { return ROTRIGHT(x, 17) ^ ROTRIGHT(x, 19) ^ (x >> 10); } + + inline void SHA256::transform(const u8* data) + { + u32 m[64]; + + size_t i = 0; + for (size_t j = 0; i < BlockSize / 4; ++i, j += 4) { + m[i] = (data[j] << 24) | (data[j + 1] << 16) | (data[j + 2] << 8) | data[j + 3]; + } + + for (; i < BlockSize; ++i) { + m[i] = SIGN1(m[i - 2]) + m[i - 7] + SIGN0(m[i - 15]) + m[i - 16]; + } + + auto a = m_state[0], b = m_state[1], + c = m_state[2], d = m_state[3], + e = m_state[4], f = m_state[5], + g = m_state[6], h = m_state[7]; + + for (size_t i = 0; i < BlockSize; ++i) { + auto temp0 = h + EP1(e) + CH(e, f, g) + SHA256Constants::RoundConstants[i] + m[i]; + auto temp1 = EP0(a) + MAJ(a, b, c); + h = g; + g = f; + f = e; + e = d + temp0; + d = c; + c = b; + b = a; + a = temp0 + temp1; + } + + m_state[0] += a; + m_state[1] += b; + m_state[2] += c; + m_state[3] += d; + m_state[4] += e; + m_state[5] += f; + m_state[6] += g; + m_state[7] += h; + } + + void SHA256::update(const u8* message, size_t length) + { + for (size_t i = 0; i < length; ++i) { + if (m_data_length == BlockSize) { + transform(m_data_buffer); + m_bit_length += 512; + m_data_length = 0; + } + m_data_buffer[m_data_length++] = message[i]; + } + } + + SHA256::DigestType SHA256::digest() + { + DigestType digest; + size_t i = m_data_length; + + if (m_data_length < FinalBlockDataSize) { + m_data_buffer[i++] = 0x80; + while (i < FinalBlockDataSize) + m_data_buffer[i++] = 0x00; + + } else { + m_data_buffer[i++] = 0x80; + while (i < BlockSize) + m_data_buffer[i++] = 0x00; + + transform(m_data_buffer); + __builtin_memset(m_data_buffer, 0, FinalBlockDataSize); + } + + // append total message length + m_bit_length += m_data_length * 8; + m_data_buffer[BlockSize - 1] = m_bit_length; + m_data_buffer[BlockSize - 2] = m_bit_length >> 8; + m_data_buffer[BlockSize - 3] = m_bit_length >> 16; + m_data_buffer[BlockSize - 4] = m_bit_length >> 24; + m_data_buffer[BlockSize - 5] = m_bit_length >> 32; + m_data_buffer[BlockSize - 6] = m_bit_length >> 40; + m_data_buffer[BlockSize - 7] = m_bit_length >> 48; + m_data_buffer[BlockSize - 8] = m_bit_length >> 56; + + transform(m_data_buffer); + + // SHA uses big-endian and we assume little-endian + // FIXME: looks like a thing for AK::NetworkOrdered, + // but he doesn't support shifting operations + for (size_t i = 0; i < 4; ++i) { + digest.data[i + 0] = (m_state[0] >> (24 - i * 8)) & 0x000000ff; + digest.data[i + 4] = (m_state[1] >> (24 - i * 8)) & 0x000000ff; + digest.data[i + 8] = (m_state[2] >> (24 - i * 8)) & 0x000000ff; + digest.data[i + 12] = (m_state[3] >> (24 - i * 8)) & 0x000000ff; + digest.data[i + 16] = (m_state[4] >> (24 - i * 8)) & 0x000000ff; + digest.data[i + 20] = (m_state[5] >> (24 - i * 8)) & 0x000000ff; + digest.data[i + 24] = (m_state[6] >> (24 - i * 8)) & 0x000000ff; + digest.data[i + 28] = (m_state[7] >> (24 - i * 8)) & 0x000000ff; + } + + reset(); + + return digest; + } +} +} diff --git a/Libraries/LibCrypto/Hash/SHA2.h b/Libraries/LibCrypto/Hash/SHA2.h new file mode 100644 index 0000000000..0d25750c49 --- /dev/null +++ b/Libraries/LibCrypto/Hash/SHA2.h @@ -0,0 +1,120 @@ +/* + * Copyright (c) 2020, Ali Mohammad Pur + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#pragma once + +#include +#include +#include + +namespace Crypto { +namespace Hash { + + namespace SHA256Constants { + constexpr static u32 RoundConstants[64] { + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, + 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, + 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, + 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, + 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, + 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, + 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, + 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, + 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, + 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, + 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 + }; + + constexpr static u32 InitializationHashes[8] = { + 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, + 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 + }; + } + + template + struct SHA2Digest { + u8 data[Bytes]; + }; + + // FIXME: I want template but the compiler gets confused + class SHA256 final : public HashFunction<512, SHA2Digest<256 / 8>> { + public: + SHA256() + { + reset(); + } + + virtual void update(const u8*, size_t) override; + + virtual void update(const ByteBuffer& buffer) override { update(buffer.data(), buffer.size()); }; + virtual void update(const StringView& string) override { update((const u8*)string.characters_without_null_termination(), string.length()); }; + + virtual DigestType digest() override; + + inline static DigestType hash(const u8* data, size_t length) + { + SHA256 sha; + sha.update(data, length); + return sha.digest(); + } + + inline static DigestType hash(const ByteBuffer& buffer) { return hash(buffer.data(), buffer.size()); } + inline static DigestType hash(const StringView& buffer) { return hash((const u8*)buffer.characters_without_null_termination(), buffer.length()); } + + virtual String class_name() const override + { + StringBuilder builder; + builder.append("SHA"); + builder.appendf("%zu", this->DigestSize * 8); + return builder.build(); + }; + + private: + inline void transform(const u8*); + inline void reset() + { + m_data_length = 0; + m_bit_length = 0; + for (size_t i = 0; i < 8; ++i) + m_state[i] = SHA256Constants::InitializationHashes[i]; + } + + u8 m_data_buffer[BlockSize]; + size_t m_data_length { 0 }; + + u64 m_bit_length { 0 }; + u32 m_state[8]; + + constexpr static auto FinalBlockDataSize = BlockSize - 8; + }; + +} +} diff --git a/Libraries/LibCrypto/Makefile b/Libraries/LibCrypto/Makefile index 9eb78bcacc..80f75f5130 100644 --- a/Libraries/LibCrypto/Makefile +++ b/Libraries/LibCrypto/Makefile @@ -1,6 +1,7 @@ LIBCRYPTO_OBJS = \ Cipher/AES.o \ - Hash/MD5.o + Hash/MD5.o \ + Hash/SHA2.o OBJS = $(LIBCRYPTO_OBJS) diff --git a/Userland/test-crypto.cpp b/Userland/test-crypto.cpp index 5c5ce75603..217b992af6 100644 --- a/Userland/test-crypto.cpp +++ b/Userland/test-crypto.cpp @@ -3,6 +3,7 @@ #include #include #include +#include #include #include @@ -16,8 +17,8 @@ static bool run_tests = false; static bool encrypting = true; -constexpr const char* DEFAULT_DIGEST_SUITE { "HMAC-MD5" }; -constexpr const char* DEFAULT_HASH_SUITE { "MD5" }; +constexpr const char* DEFAULT_DIGEST_SUITE { "HMAC-SHA256" }; +constexpr const char* DEFAULT_HASH_SUITE { "SHA256" }; constexpr const char* DEFAULT_CIPHER_SUITE { "AES_CBC" }; // listAllTests @@ -26,9 +27,11 @@ int aes_cbc_tests(); // Hash int md5_tests(); +int sha256_tests(); // Authentication int hmac_md5_tests(); +int hmac_sha256_tests(); // stop listing tests @@ -112,6 +115,25 @@ void hmac_md5(const char* message, size_t len) print_buffer(ByteBuffer::wrap(mac.data, hmac.DigestSize), -1); } +void sha256(const char* message, size_t len) +{ + auto digest = Crypto::Hash::SHA256::hash((const u8*)message, len); + if (binary) + printf("%.*s", (int)Crypto::Hash::SHA256::digest_size(), digest.data); + else + print_buffer(ByteBuffer::wrap(digest.data, Crypto::Hash::SHA256::digest_size()), -1); +} + +void hmac_sha256(const char* message, size_t len) +{ + Crypto::Authentication::HMAC hmac(secret_key); + auto mac = hmac.process((const u8*)message, len); + if (binary) + printf("%.*s", (int)hmac.DigestSize, mac.data); + else + print_buffer(ByteBuffer::wrap(mac.data, hmac.DigestSize), -1); +} + auto main(int argc, char** argv) -> int { const char* mode = nullptr; @@ -137,36 +159,48 @@ auto main(int argc, char** argv) -> int puts("\tlist -- List all known modes"); return 0; } + if (mode_sv == "hash") { if (suite == nullptr) suite = DEFAULT_HASH_SUITE; + StringView suite_sv { suite }; - if (StringView(suite) == "MD5") { + if (suite_sv == "MD5") { if (run_tests) return md5_tests(); return run(md5); - } else { - printf("unknown hash function '%s'\n", suite); - return 1; } + if (suite_sv == "SHA256") { + if (run_tests) + return sha256_tests(); + return run(sha256); + } + printf("unknown hash function '%s'\n", suite); + return 1; } if (mode_sv == "digest") { if (suite == nullptr) suite = DEFAULT_DIGEST_SUITE; + StringView suite_sv { suite }; - if (StringView(suite) == "HMAC-MD5") { + if (suite_sv == "HMAC-MD5") { if (run_tests) return hmac_md5_tests(); return run(hmac_md5); - } else { - printf("unknown hash function '%s'\n", suite); - return 1; } + if (suite_sv == "HMAC-SHA256") { + if (run_tests) + return hmac_sha256_tests(); + return run(hmac_sha256); + } + printf("unknown hash function '%s'\n", suite); + return 1; } encrypting = mode_sv == "encrypt"; if (encrypting || mode_sv == "decrypt") { if (suite == nullptr) suite = DEFAULT_CIPHER_SUITE; + StringView suite_sv { suite }; if (StringView(suite) == "AES_CBC") { if (run_tests) @@ -214,9 +248,15 @@ void md5_test_name(); void md5_test_hash(); void md5_test_consecutive_updates(); +void sha256_test_name(); +void sha256_test_hash(); + void hmac_md5_test_name(); void hmac_md5_test_process(); +void hmac_sha256_test_name(); +void hmac_sha256_test_process(); + int aes_cbc_tests() { aes_cbc_test_name(); @@ -482,6 +522,13 @@ int hmac_md5_tests() return 0; } +int hmac_sha256_tests() +{ + hmac_sha256_test_name(); + hmac_sha256_test_process(); + return 0; +} + void hmac_md5_test_name() { I_TEST((HMAC - MD5 | Class name)); @@ -520,3 +567,88 @@ void hmac_md5_test_process() PASS; } } + +int sha256_tests() +{ + sha256_test_name(); + sha256_test_hash(); + return 0; +} + +void sha256_test_name() +{ + I_TEST((SHA256 class name)); + Crypto::Hash::SHA256 sha; + if (sha.class_name() != "SHA256") { + FAIL(Invalid class name); + printf("%s\n", sha.class_name().characters()); + } else + PASS; +} + +void sha256_test_hash() +{ + { + I_TEST((SHA256 Hashing | "Well hello friends")); + u8 result[] { + 0x9a, 0xcd, 0x50, 0xf9, 0xa2, 0xaf, 0x37, 0xe4, 0x71, 0xf7, 0x61, 0xc3, 0xfe, 0x7b, 0x8d, 0xea, 0x56, 0x17, 0xe5, 0x1d, 0xac, 0x80, 0x2f, 0xe6, 0xc1, 0x77, 0xb7, 0x4a, 0xbf, 0x0a, 0xbb, 0x5a + }; + auto digest = Crypto::Hash::SHA256::hash("Well hello friends"); + if (memcmp(result, digest.data, Crypto::Hash::SHA256::digest_size()) != 0) { + FAIL(Invalid hash); + print_buffer(ByteBuffer::wrap(digest.data, Crypto::Hash::SHA256::digest_size()), -1); + } else + PASS; + } + { + I_TEST((SHA256 Hashing | "")); + u8 result[] { + 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55 + }; + auto digest = Crypto::Hash::SHA256::hash(""); + if (memcmp(result, digest.data, Crypto::Hash::SHA256::digest_size()) != 0) { + FAIL(Invalid hash); + print_buffer(ByteBuffer::wrap(digest.data, Crypto::Hash::SHA256::digest_size()), -1); + } else + PASS; + } +} + +void hmac_sha256_test_name() +{ + I_TEST((HMAC - SHA256 | Class name)); + Crypto::Authentication::HMAC hmac("Well Hello Friends"); + if (hmac.class_name() != "HMAC-SHA256") + FAIL(Invalid class name); + else + PASS; +} + +void hmac_sha256_test_process() +{ + { + I_TEST((HMAC - SHA256 | Basic)); + Crypto::Authentication::HMAC hmac("Well Hello Friends"); + u8 result[] { + 0x1a, 0xf2, 0x20, 0x62, 0xde, 0x3b, 0x84, 0x65, 0xc1, 0x25, 0x23, 0x99, 0x76, 0x15, 0x1b, 0xec, 0x15, 0x21, 0x82, 0x1f, 0x23, 0xca, 0x11, 0x66, 0xdd, 0x8c, 0x6e, 0xf1, 0x81, 0x3b, 0x7f, 0x1b + }; + auto mac = hmac.process("Some bogus data"); + if (memcmp(result, mac.data, hmac.DigestSize) != 0) { + FAIL(Invalid mac); + print_buffer(ByteBuffer::wrap(mac.data, hmac.DigestSize), -1); + } else + PASS; + } + { + I_TEST((HMAC - SHA256 | Reuse)); + Crypto::Authentication::HMAC hmac("Well Hello Friends"); + + auto mac_0 = hmac.process("Some bogus data"); + auto mac_1 = hmac.process("Some bogus data"); + + if (memcmp(mac_0.data, mac_1.data, hmac.DigestSize) != 0) { + FAIL(Cannot reuse); + } else + PASS; + } +}