From owner-svn-src-all@freebsd.org Sun Dec 27 17:34:03 2015 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CBFCDA535F5; Sun, 27 Dec 2015 17:34:03 +0000 (UTC) (envelope-from allanjude@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6976F1572; Sun, 27 Dec 2015 17:34:03 +0000 (UTC) (envelope-from allanjude@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id tBRHY2oS031860; Sun, 27 Dec 2015 17:34:02 GMT (envelope-from allanjude@FreeBSD.org) Received: (from allanjude@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id tBRHXxgN031823; Sun, 27 Dec 2015 17:33:59 GMT (envelope-from allanjude@FreeBSD.org) Message-Id: <201512271733.tBRHXxgN031823@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: allanjude set sender to allanjude@FreeBSD.org using -f From: Allan Jude Date: Sun, 27 Dec 2015 17:33:59 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r292782 - in head: lib/libcrypt lib/libmd sbin/gbde sbin/geom/class/eli sbin/md5 sys/cddl/contrib/opensolaris/uts/common/fs/zfs sys/conf sys/crypto/sha2 sys/dev/random sys/geom/bde sys/... X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Dec 2015 17:34:04 -0000 Author: allanjude Date: Sun Dec 27 17:33:59 2015 New Revision: 292782 URL: https://svnweb.freebsd.org/changeset/base/292782 Log: Replace sys/crypto/sha2/sha2.c with lib/libmd/sha512c.c cperciva's libmd implementation is 5-30% faster The same was done for SHA256 previously in r263218 cperciva's implementation was lacking SHA-384 which I implemented, validated against OpenSSL and the NIST documentation Extend sbin/md5 to create sha384(1) Chase dependancies on sys/crypto/sha2/sha2.{c,h} and replace them with sha512{c.c,.h} Reviewed by: cperciva, des, delphij Approved by: secteam, bapt (mentor) MFC after: 2 weeks Sponsored by: ScaleEngine Inc. Differential Revision: https://reviews.freebsd.org/D3929 Added: head/sys/crypto/sha2/sha384.h (contents, props changed) head/sys/crypto/sha2/sha512.h - copied, changed from r292757, head/lib/libmd/sha512.h head/sys/crypto/sha2/sha512c.c - copied, changed from r289398, head/lib/libmd/sha512c.c Deleted: head/lib/libmd/sha512.h head/lib/libmd/sha512c.c head/sys/crypto/sha2/sha2.c head/sys/crypto/sha2/sha2.h Modified: head/lib/libcrypt/Makefile head/lib/libmd/Makefile head/lib/libmd/sha512.3 head/lib/libmd/shadriver.c head/sbin/gbde/Makefile head/sbin/gbde/gbde.c head/sbin/geom/class/eli/Makefile head/sbin/md5/Makefile head/sbin/md5/md5.1 head/sbin/md5/md5.c head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sha256.c head/sys/conf/files head/sys/crypto/sha2/sha256.h head/sys/dev/random/build.sh head/sys/dev/random/fortuna.c head/sys/dev/random/hash.c head/sys/dev/random/other_algorithm.c head/sys/dev/random/randomdev.c head/sys/dev/random/unit_test.c head/sys/dev/random/yarrow.c head/sys/geom/bde/g_bde.c head/sys/geom/bde/g_bde_crypt.c head/sys/geom/bde/g_bde_lock.c head/sys/geom/bde/g_bde_work.c head/sys/geom/eli/g_eli.h head/sys/modules/crypto/Makefile head/sys/modules/geom/geom_bde/Makefile head/sys/modules/zfs/Makefile head/sys/netinet/sctp_os_bsd.h head/sys/opencrypto/xform.h Modified: head/lib/libcrypt/Makefile ============================================================================== --- head/lib/libcrypt/Makefile Sun Dec 27 17:19:46 2015 (r292781) +++ head/lib/libcrypt/Makefile Sun Dec 27 17:33:59 2015 (r292782) @@ -30,6 +30,7 @@ CFLAGS+= -I${.CURDIR} -DHAS_DES -DHAS_BL .for sym in MD4Init MD4Final MD4Update MD4Pad \ MD5Init MD5Final MD5Update MD5Pad \ SHA256_Init SHA256_Final SHA256_Update \ + SHA384_Init SHA384_Final SHA384_Update \ SHA512_Init SHA512_Final SHA512_Update CFLAGS+= -D${sym}=__${sym} .endfor Modified: head/lib/libmd/Makefile ============================================================================== --- head/lib/libmd/Makefile Sun Dec 27 17:19:46 2015 (r292781) +++ head/lib/libmd/Makefile Sun Dec 27 17:33:59 2015 (r292782) @@ -7,8 +7,9 @@ SRCS= md4c.c md5c.c md4hl.c md5hl.c \ rmd160c.c rmd160hl.c \ sha0c.c sha0hl.c sha1c.c sha1hl.c \ sha256c.c sha256hl.c \ + sha384hl.c \ sha512c.c sha512hl.c -INCS= md4.h md5.h ripemd.h sha.h sha256.h sha512.h +INCS= md4.h md5.h ripemd.h sha.h sha256.h sha384.h sha512.h WARNS?= 0 @@ -33,6 +34,10 @@ MLINKS+=sha256.3 SHA256_Init.3 sha256.3 MLINKS+=sha256.3 SHA256_Final.3 sha256.3 SHA256_End.3 MLINKS+=sha256.3 SHA256_File.3 sha256.3 SHA256_FileChunk.3 MLINKS+=sha256.3 SHA256_Data.3 +MLINKS+=sha512.3 SHA384_Init.3 sha512.3 SHA384_Update.3 +MLINKS+=sha512.3 SHA384_Final.3 sha512.3 SHA384_End.3 +MLINKS+=sha512.3 SHA384_File.3 sha512.3 SHA384_FileChunk.3 +MLINKS+=sha512.3 SHA384_Data.3 sha512.3 sha384.3 MLINKS+=sha512.3 SHA512_Init.3 sha512.3 SHA512_Update.3 MLINKS+=sha512.3 SHA512_Final.3 sha512.3 SHA512_End.3 MLINKS+=sha512.3 SHA512_File.3 sha512.3 SHA512_FileChunk.3 @@ -40,7 +45,8 @@ MLINKS+=sha512.3 SHA512_Data.3 CLEANFILES+= md[245]hl.c md[245].ref md[245].3 mddriver \ rmd160.ref rmd160hl.c rmddriver \ sha0.ref sha0hl.c sha1.ref sha1hl.c shadriver \ - sha256.ref sha256hl.c sha512.ref sha512hl.c + sha256.ref sha256hl.c sha384hl.c sha384.ref \ + sha512.ref sha512hl.c # Define WEAK_REFS to provide weak aliases for libmd symbols # @@ -88,6 +94,12 @@ sha256hl.c: mdXhl.c -e 's/SHA256__/SHA256_/g' \ ${.ALLSRC}) > ${.TARGET} +sha384hl.c: mdXhl.c + (echo '#define LENGTH 48'; \ + sed -e 's/mdX/sha384/g' -e 's/MDX/SHA384_/g' \ + -e 's/SHA384__/SHA384_/g' \ + ${.ALLSRC}) > ${.TARGET} + sha512hl.c: mdXhl.c (echo '#define LENGTH 64'; \ sed -e 's/mdX/sha512/g' -e 's/MDX/SHA512_/g' \ @@ -168,6 +180,21 @@ sha256.ref: @echo 'SHA-256 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ 'f371bc4a311f2b009eef952dd83ca80e2b60026c8e935592d0f9c308453c813e' >> ${.TARGET} +sha384.ref: + echo 'SHA-384 test suite:' > ${.TARGET} + @echo 'SHA-384 ("") =' \ + '38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b' >> ${.TARGET} + @echo 'SHA-384 ("abc") =' \ + 'cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7' >> ${.TARGET} + @echo 'SHA-384 ("message digest") =' \ + '473ed35167ec1f5d8e550368a3db39be54639f828868e9454c239fc8b52e3c61dbd0d8b4de1390c256dcbb5d5fd99cd5' >> ${.TARGET} + @echo 'SHA-384 ("abcdefghijklmnopqrstuvwxyz") =' \ + 'feb67349df3db6f5924815d6c3dc133f091809213731fe5c7b5f4999e463479ff2877f5f2936fa63bb43784b12f3ebb4' >> ${.TARGET} + @echo 'SHA-384 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ + '1761336e3f7cbfe51deb137f026f89e01a448e3b1fafa64039c1464ee8732f11a5341a6f41e0c202294736ed64db1a84' >> ${.TARGET} + @echo 'SHA-384 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ + 'b12932b0627d1c060942f5447764155655bd4da0c9afa6dd9b9ef53129af1b8fb0195996d2de9ca0df9d821ffee67026' >> ${.TARGET} + sha512.ref: echo 'SHA-512 test suite:' > ${.TARGET} @echo 'SHA-512 ("") =' \ @@ -196,7 +223,8 @@ rmd160.ref: @echo 'RIPEMD160 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ '9b752e45573d4b39f4dbd3323cab82bf63326bfb' >> ${.TARGET} -test: md4.ref md5.ref sha0.ref rmd160.ref sha1.ref sha256.ref sha512.ref +test: md4.ref md5.ref sha0.ref rmd160.ref sha1.ref sha256.ref sha384.ref \ + sha512.ref @${ECHO} if any of these test fail, the code produces wrong results @${ECHO} and should NOT be used. ${CC} ${CFLAGS} ${LDFLAGS} -DMD=4 -o mddriver ${.CURDIR}/mddriver.c libmd.a @@ -219,6 +247,9 @@ test: md4.ref md5.ref sha0.ref rmd160.re ${CC} ${CFLAGS} ${LDFLAGS} -DSHA=256 -o shadriver ${.CURDIR}/shadriver.c libmd.a ./shadriver | cmp sha256.ref - @${ECHO} SHA-256 passed test + ${CC} ${CFLAGS} ${LDFLAGS} -DSHA=384 -o shadriver ${.CURDIR}/shadriver.c libmd.a + ./shadriver | cmp sha384.ref - + @${ECHO} SHA-384 passed test ${CC} ${CFLAGS} ${LDFLAGS} -DSHA=512 -o shadriver ${.CURDIR}/shadriver.c libmd.a ./shadriver | cmp sha512.ref - @${ECHO} SHA-512 passed test Modified: head/lib/libmd/sha512.3 ============================================================================== --- head/lib/libmd/sha512.3 Sun Dec 27 17:19:46 2015 (r292781) +++ head/lib/libmd/sha512.3 Sun Dec 27 17:33:59 2015 (r292782) @@ -9,7 +9,7 @@ .\" From: Id: mdX.3,v 1.14 1999/02/11 20:31:49 wollman Exp .\" $FreeBSD$ .\" -.Dd March 28, 2014 +.Dd October 17, 2015 .Dt SHA512 3 .Os .Sh NAME @@ -19,8 +19,15 @@ .Nm SHA512_End , .Nm SHA512_File , .Nm SHA512_FileChunk , -.Nm SHA512_Data -.Nd calculate the FIPS 180-2 ``SHA-512'' message digest +.Nm SHA512_Data , +.Nm SHA384_Init , +.Nm SHA384_Update , +.Nm SHA384_Final , +.Nm SHA384_End , +.Nm SHA384_File , +.Nm SHA384_FileChunk , +.Nm SHA384_Data +.Nd calculate the FIPS 180-4 ``SHA-512'' family of message digests .Sh LIBRARY .Lb libmd .Sh SYNOPSIS @@ -40,6 +47,20 @@ .Fn SHA512_FileChunk "const char *filename" "char *buf" "off_t offset" "off_t length" .Ft "char *" .Fn SHA512_Data "const unsigned char *data" "unsigned int len" "char *buf" +.Ft void +.Fn SHA384_Init "SHA384_CTX *context" +.Ft void +.Fn SHA384_Update "SHA384_CTX *context" "const unsigned char *data" "size_t len" +.Ft void +.Fn SHA384_Final "unsigned char digest[48]" "SHA384_CTX *context" +.Ft "char *" +.Fn SHA384_End "SHA384_CTX *context" "char *buf" +.Ft "char *" +.Fn SHA384_File "const char *filename" "char *buf" +.Ft "char *" +.Fn SHA384_FileChunk "const char *filename" "char *buf" "off_t offset" "off_t length" +.Ft "char *" +.Fn SHA384_Data "const unsigned char *data" "unsigned int len" "char *buf" .Sh DESCRIPTION The .Li SHA512_ @@ -119,6 +140,21 @@ after use. If the .Fa buf argument is non-null it must point to at least 65 characters of buffer space. +.Pp +The +.Li SHA384_ +functions are identical to the +.Li SHA512_ +functions except they use a different initial hash value and the output is +truncated to 384 bits. +.Pp +.Fn SHA384_End +is a wrapper for +.Fn SHA384_Final +which converts the return value to a 49-character +(including the terminating '\e0') +.Tn ASCII +string which represents the 384 bits in hexadecimal. .Sh SEE ALSO .Xr md4 3 , .Xr md5 3 , Modified: head/lib/libmd/shadriver.c ============================================================================== --- head/lib/libmd/shadriver.c Sun Dec 27 17:19:46 2015 (r292781) +++ head/lib/libmd/shadriver.c Sun Dec 27 17:33:59 2015 (r292782) @@ -22,6 +22,7 @@ __FBSDID("$FreeBSD$"); #include "sha.h" #include "sha256.h" +#include "sha384.h" #include "sha512.h" /* The following makes SHA default to SHA-1 if it has not already been @@ -36,6 +37,9 @@ __FBSDID("$FreeBSD$"); #elif SHA == 256 #undef SHA_Data #define SHA_Data SHA256_Data +#elif SHA == 384 +#undef SHA_Data +#define SHA_Data SHA384_Data #elif SHA == 512 #undef SHA_Data #define SHA_Data SHA512_Data Modified: head/sbin/gbde/Makefile ============================================================================== --- head/sbin/gbde/Makefile Sun Dec 27 17:19:46 2015 (r292781) +++ head/sbin/gbde/Makefile Sun Dec 27 17:33:59 2015 (r292782) @@ -4,7 +4,7 @@ PROG= gbde SRCS= gbde.c template.c SRCS+= rijndael-alg-fst.c SRCS+= rijndael-api-fst.c -SRCS+= sha2.c +SRCS+= sha512c.c SRCS+= g_bde_lock.c # rijndael-fst.c does evil casting things which can results in warnings, Modified: head/sbin/gbde/gbde.c ============================================================================== --- head/sbin/gbde/gbde.c Sun Dec 27 17:19:46 2015 (r292781) +++ head/sbin/gbde/gbde.c Sun Dec 27 17:33:59 2015 (r292782) @@ -84,7 +84,7 @@ #include #include #include -#include +#include #include #include Modified: head/sbin/geom/class/eli/Makefile ============================================================================== --- head/sbin/geom/class/eli/Makefile Sun Dec 27 17:19:46 2015 (r292781) +++ head/sbin/geom/class/eli/Makefile Sun Dec 27 17:33:59 2015 (r292782) @@ -6,7 +6,8 @@ GEOM_CLASS= eli SRCS= g_eli_crypto.c SRCS+= g_eli_key.c SRCS+= pkcs5v2.c -SRCS+= sha2.c +SRCS+= sha256c.c +SRCS+= sha512c.c LIBADD= md crypto Modified: head/sbin/md5/Makefile ============================================================================== --- head/sbin/md5/Makefile Sun Dec 27 17:19:46 2015 (r292781) +++ head/sbin/md5/Makefile Sun Dec 27 17:33:59 2015 (r292782) @@ -6,11 +6,13 @@ PROG= md5 LINKS= ${BINDIR}/md5 ${BINDIR}/rmd160 \ ${BINDIR}/md5 ${BINDIR}/sha1 \ ${BINDIR}/md5 ${BINDIR}/sha256 \ + ${BINDIR}/md5 ${BINDIR}/sha384 \ ${BINDIR}/md5 ${BINDIR}/sha512 MLINKS= md5.1 rmd160.1 \ md5.1 sha1.1 \ md5.1 sha256.1 \ + md5.1 sha384.1 \ md5.1 sha512.1 LIBADD= md Modified: head/sbin/md5/md5.1 ============================================================================== --- head/sbin/md5/md5.1 Sun Dec 27 17:19:46 2015 (r292781) +++ head/sbin/md5/md5.1 Sun Dec 27 17:33:59 2015 (r292782) @@ -1,9 +1,9 @@ .\" $FreeBSD$ -.Dd May 17, 2014 +.Dd October 17, 2015 .Dt MD5 1 .Os .Sh NAME -.Nm md5 , sha1 , sha256 , sha512, rmd160 +.Nm md5 , sha1 , sha256 , sha384 , sha512, rmd160 .Nd calculate a message-digest fingerprint (checksum) for a file .Sh SYNOPSIS .Nm md5 @@ -21,6 +21,11 @@ .Op Fl c Ar string .Op Fl s Ar string .Op Ar +.Nm sha384 +.Op Fl pqrtx +.Op Fl c Ar string +.Op Fl s Ar string +.Op Ar .Nm sha512 .Op Fl pqrtx .Op Fl c Ar string @@ -33,7 +38,7 @@ .Op Ar .Sh DESCRIPTION The -.Nm md5 , sha1 , sha256 , sha512 +.Nm md5 , sha1 , sha256 , sha384 , sha512 and .Nm rmd160 utilities take as input a message of arbitrary length and produce as @@ -46,7 +51,7 @@ It is conjectured that it is computation produce two messages having the same message digest, or to produce any message having a given prespecified target message digest. The -.Tn MD5 , SHA-1 , SHA-256 , SHA-512 +.Tn MD5 , SHA-1 , SHA-256 , SHA-384 , SHA-512 and .Tn RIPEMD-160 algorithms are intended for digital signature applications, where a @@ -123,6 +128,7 @@ option. .Xr ripemd 3 , .Xr sha 3 , .Xr sha256 3 , +.Xr sha384 3 , .Xr sha512 3 .Rs .%A R. Rivest Modified: head/sbin/md5/md5.c ============================================================================== --- head/sbin/md5/md5.c Sun Dec 27 17:19:46 2015 (r292781) +++ head/sbin/md5/md5.c Sun Dec 27 17:33:59 2015 (r292782) @@ -28,6 +28,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include #include @@ -55,6 +56,7 @@ typedef char *(DIGEST_End)(void *, char extern const char *MD5TestOutput[MDTESTCOUNT]; extern const char *SHA1_TestOutput[MDTESTCOUNT]; extern const char *SHA256_TestOutput[MDTESTCOUNT]; +extern const char *SHA384_TestOutput[MDTESTCOUNT]; extern const char *SHA512_TestOutput[MDTESTCOUNT]; extern const char *RIPEMD160_TestOutput[MDTESTCOUNT]; @@ -80,6 +82,7 @@ typedef union { MD5_CTX md5; SHA1_CTX sha1; SHA256_CTX sha256; + SHA384_CTX sha384; SHA512_CTX sha512; RIPEMD160_CTX ripemd160; } DIGEST_CTX; @@ -101,6 +104,9 @@ static const struct Algorithm_t Algorith { "sha256", "SHA256", &SHA256_TestOutput, (DIGEST_Init*)&SHA256_Init, (DIGEST_Update*)&SHA256_Update, (DIGEST_End*)&SHA256_End, &SHA256_Data, &SHA256_File }, + { "sha384", "SHA384", &SHA384_TestOutput, (DIGEST_Init*)&SHA384_Init, + (DIGEST_Update*)&SHA384_Update, (DIGEST_End*)&SHA384_End, + &SHA384_Data, &SHA384_File }, { "sha512", "SHA512", &SHA512_TestOutput, (DIGEST_Init*)&SHA512_Init, (DIGEST_Update*)&SHA512_Update, (DIGEST_End*)&SHA512_End, &SHA512_Data, &SHA512_File }, @@ -327,6 +333,17 @@ const char *SHA256_TestOutput[MDTESTCOUN "e6eae09f10ad4122a0e2a4075761d185a272ebd9f5aa489e998ff2f09cbfdd9f" }; +const char *SHA384_TestOutput[MDTESTCOUNT] = { + "38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b", + "54a59b9f22b0b80880d8427e548b7c23abd873486e1f035dce9cd697e85175033caa88e6d57bc35efae0b5afd3145f31", + "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7", + "473ed35167ec1f5d8e550368a3db39be54639f828868e9454c239fc8b52e3c61dbd0d8b4de1390c256dcbb5d5fd99cd5", + "feb67349df3db6f5924815d6c3dc133f091809213731fe5c7b5f4999e463479ff2877f5f2936fa63bb43784b12f3ebb4", + "1761336e3f7cbfe51deb137f026f89e01a448e3b1fafa64039c1464ee8732f11a5341a6f41e0c202294736ed64db1a84", + "b12932b0627d1c060942f5447764155655bd4da0c9afa6dd9b9ef53129af1b8fb0195996d2de9ca0df9d821ffee67026", + "99428d401bf4abcd4ee0695248c9858b7503853acfae21a9cffa7855f46d1395ef38596fcd06d5a8c32d41a839cc5dfb" +}; + const char *SHA512_TestOutput[MDTESTCOUNT] = { "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e", "1f40fc92da241694750979ee6cf582f2d5d7d28e18335de05abc54d0560e0f5302860c652bf08d560252aa5e74210546f369fbbbce8c12cfc7957b2652fe9a75", Modified: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sha256.c ============================================================================== --- head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sha256.c Sun Dec 27 17:19:46 2015 (r292781) +++ head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sha256.c Sun Dec 27 17:33:59 2015 (r292782) @@ -28,7 +28,7 @@ #include #include #ifdef _KERNEL -#include +#include #else #include #endif Modified: head/sys/conf/files ============================================================================== --- head/sys/conf/files Sun Dec 27 17:19:46 2015 (r292781) +++ head/sys/conf/files Sun Dec 27 17:33:59 2015 (r292782) @@ -557,10 +557,9 @@ crypto/rijndael/rijndael-api-fst.c optio crypto/rijndael/rijndael-api.c optional crypto | ipsec | wlan_ccmp crypto/sha1.c optional carp | crypto | ipsec | \ netgraph_mppc_encryption | sctp -crypto/sha2/sha2.c optional crypto | geom_bde | ipsec | random !random_loadable | \ - sctp | zfs crypto/sha2/sha256c.c optional crypto | geom_bde | ipsec | random !random_loadable | \ sctp | zfs +crypto/sha2/sha512c.c optional crypto | geom_bde | ipsec | zfs crypto/siphash/siphash.c optional inet | inet6 crypto/siphash/siphash_test.c optional inet | inet6 ddb/db_access.c optional ddb Modified: head/sys/crypto/sha2/sha256.h ============================================================================== --- head/sys/crypto/sha2/sha256.h Sun Dec 27 17:19:46 2015 (r292781) +++ head/sys/crypto/sha2/sha256.h Sun Dec 27 17:33:59 2015 (r292782) @@ -33,10 +33,14 @@ #include #endif +#define SHA256_BLOCK_LENGTH 64 +#define SHA256_DIGEST_LENGTH 32 +#define SHA256_DIGEST_STRING_LENGTH (SHA256_DIGEST_LENGTH * 2 + 1) + typedef struct SHA256Context { uint32_t state[8]; uint64_t count; - uint8_t buf[64]; + uint8_t buf[SHA256_BLOCK_LENGTH]; } SHA256_CTX; __BEGIN_DECLS @@ -74,10 +78,10 @@ __BEGIN_DECLS void SHA256_Init(SHA256_CTX *); void SHA256_Update(SHA256_CTX *, const void *, size_t); -void SHA256_Final(unsigned char [32], SHA256_CTX *); +void SHA256_Final(unsigned char [SHA256_DIGEST_LENGTH], SHA256_CTX *); +#ifndef _KERNEL char *SHA256_End(SHA256_CTX *, char *); char *SHA256_Data(const void *, unsigned int, char *); -#ifndef _KERNEL char *SHA256_File(const char *, char *); char *SHA256_FileChunk(const char *, char *, off_t, off_t); #endif Added: head/sys/crypto/sha2/sha384.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sys/crypto/sha2/sha384.h Sun Dec 27 17:33:59 2015 (r292782) @@ -0,0 +1,87 @@ +/*- + * Copyright 2005 Colin Percival + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#ifndef _SHA384_H_ +#define _SHA384_H_ + +#ifndef _KERNEL +#include +#endif + +#define SHA384_BLOCK_LENGTH 128 +#define SHA384_DIGEST_LENGTH 48 +#define SHA384_DIGEST_STRING_LENGTH (SHA384_DIGEST_LENGTH * 2 + 1) + +typedef struct SHA384Context { + uint64_t state[8]; + uint64_t count[2]; + uint8_t buf[SHA384_BLOCK_LENGTH]; +} SHA384_CTX; + +__BEGIN_DECLS + +/* Ensure libmd symbols do not clash with libcrypto */ +#ifndef SHA384_Init +#define SHA384_Init _libmd_SHA384_Init +#endif +#ifndef SHA384_Update +#define SHA384_Update _libmd_SHA384_Update +#endif +#ifndef SHA384_Final +#define SHA384_Final _libmd_SHA384_Final +#endif +#ifndef SHA384_End +#define SHA384_End _libmd_SHA384_End +#endif +#ifndef SHA384_File +#define SHA384_File _libmd_SHA384_File +#endif +#ifndef SHA384_FileChunk +#define SHA384_FileChunk _libmd_SHA384_FileChunk +#endif +#ifndef SHA384_Data +#define SHA384_Data _libmd_SHA384_Data +#endif + +#ifndef SHA384_version +#define SHA384_version _libmd_SHA384_version +#endif + +void SHA384_Init(SHA384_CTX *); +void SHA384_Update(SHA384_CTX *, const void *, size_t); +void SHA384_Final(unsigned char [SHA384_DIGEST_LENGTH], SHA384_CTX *); +#ifndef _KERNEL +char *SHA384_End(SHA384_CTX *, char *); +char *SHA384_Data(const void *, unsigned int, char *); +char *SHA384_File(const char *, char *); +char *SHA384_FileChunk(const char *, char *, off_t, off_t); +#endif + +__END_DECLS + +#endif /* !_SHA384_H_ */ Copied and modified: head/sys/crypto/sha2/sha512.h (from r292757, head/lib/libmd/sha512.h) ============================================================================== --- head/lib/libmd/sha512.h Sat Dec 26 19:48:36 2015 (r292757, copy source) +++ head/sys/crypto/sha2/sha512.h Sun Dec 27 17:33:59 2015 (r292782) @@ -29,18 +29,23 @@ #ifndef _SHA512_H_ #define _SHA512_H_ +#ifndef _KERNEL #include +#endif + +#define SHA512_BLOCK_LENGTH 128 +#define SHA512_DIGEST_LENGTH 64 +#define SHA512_DIGEST_STRING_LENGTH (SHA512_DIGEST_LENGTH * 2 + 1) typedef struct SHA512Context { uint64_t state[8]; uint64_t count[2]; - unsigned char buf[128]; + uint8_t buf[SHA512_BLOCK_LENGTH]; } SHA512_CTX; __BEGIN_DECLS /* Ensure libmd symbols do not clash with libcrypto */ - #ifndef SHA512_Init #define SHA512_Init _libmd_SHA512_Init #endif @@ -72,11 +77,14 @@ __BEGIN_DECLS void SHA512_Init(SHA512_CTX *); void SHA512_Update(SHA512_CTX *, const void *, size_t); -void SHA512_Final(unsigned char [64], SHA512_CTX *); +void SHA512_Final(unsigned char [SHA512_DIGEST_LENGTH], SHA512_CTX *); +#ifndef _KERNEL char *SHA512_End(SHA512_CTX *, char *); +char *SHA512_Data(const void *, unsigned int, char *); char *SHA512_File(const char *, char *); char *SHA512_FileChunk(const char *, char *, off_t, off_t); -char *SHA512_Data(const void *, unsigned int, char *); +#endif + __END_DECLS #endif /* !_SHA512_H_ */ Copied and modified: head/sys/crypto/sha2/sha512c.c (from r289398, head/lib/libmd/sha512c.c) ============================================================================== --- head/lib/libmd/sha512c.c Thu Oct 15 23:49:05 2015 (r289398, copy source) +++ head/sys/crypto/sha2/sha512c.c Sun Dec 27 17:33:59 2015 (r292782) @@ -30,9 +30,14 @@ __FBSDID("$FreeBSD$"); #include #include +#ifdef _KERNEL +#include +#else #include +#endif #include "sha512.h" +#include "sha384.h" #if BYTE_ORDER == BIG_ENDIAN @@ -104,7 +109,7 @@ be64dec_vect(uint64_t *dst, const unsign * the 512-bit input block to produce a new state. */ static void -SHA512_Transform(uint64_t * state, const unsigned char block[128]) +SHA512_Transform(uint64_t * state, const unsigned char block[SHA512_BLOCK_LENGTH]) { uint64_t W[80]; uint64_t S[8]; @@ -112,12 +117,12 @@ SHA512_Transform(uint64_t * state, const int i; /* 1. Prepare message schedule W. */ - be64dec_vect(W, block, 128); + be64dec_vect(W, block, SHA512_BLOCK_LENGTH); for (i = 16; i < 80; i++) W[i] = s1(W[i - 2]) + W[i - 7] + s0(W[i - 15]) + W[i - 16]; /* 2. Initialize working variables. */ - memcpy(S, state, 64); + memcpy(S, state, SHA512_DIGEST_LENGTH); /* 3. Mix. */ RNDr(S, W, 0, 0x428a2f98d728ae22ULL); @@ -206,7 +211,7 @@ SHA512_Transform(uint64_t * state, const state[i] += S[i]; } -static unsigned char PAD[128] = { +static unsigned char PAD[SHA512_BLOCK_LENGTH] = { 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -279,22 +284,22 @@ SHA512_Update(SHA512_CTX * ctx, const vo ctx->count[0] += bitlen[0]; /* Handle the case where we don't need to perform any transforms */ - if (len < 128 - r) { + if (len < SHA512_BLOCK_LENGTH - r) { memcpy(&ctx->buf[r], src, len); return; } /* Finish the current block */ - memcpy(&ctx->buf[r], src, 128 - r); + memcpy(&ctx->buf[r], src, SHA512_BLOCK_LENGTH - r); SHA512_Transform(ctx->state, ctx->buf); - src += 128 - r; - len -= 128 - r; + src += SHA512_BLOCK_LENGTH - r; + len -= SHA512_BLOCK_LENGTH - r; /* Perform complete blocks */ - while (len >= 128) { + while (len >= SHA512_BLOCK_LENGTH) { SHA512_Transform(ctx->state, src); - src += 128; - len -= 128; + src += SHA512_BLOCK_LENGTH; + len -= SHA512_BLOCK_LENGTH; } /* Copy left over data into buffer */ @@ -306,14 +311,64 @@ SHA512_Update(SHA512_CTX * ctx, const vo * and clears the context state. */ void -SHA512_Final(unsigned char digest[64], SHA512_CTX * ctx) +SHA512_Final(unsigned char digest[SHA512_DIGEST_LENGTH], SHA512_CTX * ctx) { /* Add padding */ SHA512_Pad(ctx); /* Write the hash */ - be64enc_vect(digest, ctx->state, 64); + be64enc_vect(digest, ctx->state, SHA512_DIGEST_LENGTH); + + /* Clear the context state */ + memset((void *)ctx, 0, sizeof(*ctx)); +} + +/*** SHA-384: *********************************************************/ +/* + * the SHA384 and SHA512 transforms are identical, so SHA384 is skipped + */ + +/* SHA-384 initialization. Begins a SHA-384 operation. */ +void +SHA384_Init(SHA384_CTX * ctx) +{ + + /* Zero bits processed so far */ + ctx->count[0] = ctx->count[1] = 0; + + /* Magic initialization constants */ + ctx->state[0] = 0xcbbb9d5dc1059ed8ULL; + ctx->state[1] = 0x629a292a367cd507ULL; + ctx->state[2] = 0x9159015a3070dd17ULL; + ctx->state[3] = 0x152fecd8f70e5939ULL; + ctx->state[4] = 0x67332667ffc00b31ULL; + ctx->state[5] = 0x8eb44a8768581511ULL; + ctx->state[6] = 0xdb0c2e0d64f98fa7ULL; + ctx->state[7] = 0x47b5481dbefa4fa4ULL; +} + +/* Add bytes into the SHA-384 hash */ +void +SHA384_Update(SHA384_CTX * ctx, const void *in, size_t len) +{ + + SHA512_Update((SHA512_CTX *)ctx, in, len); +} + +/* + * SHA-384 finalization. Pads the input data, exports the hash value, + * and clears the context state. + */ +void +SHA384_Final(unsigned char digest[SHA384_DIGEST_LENGTH], SHA384_CTX * ctx) +{ + + /* Add padding */ + SHA512_Pad((SHA512_CTX *)ctx); + + /* Write the hash */ + be64enc_vect(digest, ctx->state, SHA384_DIGEST_LENGTH); /* Clear the context state */ memset((void *)ctx, 0, sizeof(*ctx)); @@ -332,4 +387,11 @@ __weak_reference(_libmd_SHA512_Update, S __weak_reference(_libmd_SHA512_Final, SHA512_Final); #undef SHA512_Transform __weak_reference(_libmd_SHA512_Transform, SHA512_Transform); + +#undef SHA384_Init +__weak_reference(_libmd_SHA384_Init, SHA384_Init); +#undef SHA384_Update +__weak_reference(_libmd_SHA384_Update, SHA384_Update); +#undef SHA384_Final +__weak_reference(_libmd_SHA384_Final, SHA384_Final); #endif Modified: head/sys/dev/random/build.sh ============================================================================== --- head/sys/dev/random/build.sh Sun Dec 27 17:19:46 2015 (r292781) +++ head/sys/dev/random/build.sh Sun Dec 27 17:33:59 2015 (r292782) @@ -42,7 +42,6 @@ cc -g -O0 -pthread \ hash.c \ ../../crypto/rijndael/rijndael-api-fst.c \ ../../crypto/rijndael/rijndael-alg-fst.c \ - ../../crypto/sha2/sha2.c \ ../../crypto/sha2/sha256c.c \ -lz \ -o yunit_test @@ -53,7 +52,6 @@ cc -g -O0 -pthread \ hash.c \ ../../crypto/rijndael/rijndael-api-fst.c \ ../../crypto/rijndael/rijndael-alg-fst.c \ - ../../crypto/sha2/sha2.c \ ../../crypto/sha2/sha256c.c \ -lz \ -o funit_test Modified: head/sys/dev/random/fortuna.c ============================================================================== --- head/sys/dev/random/fortuna.c Sun Dec 27 17:19:46 2015 (r292781) +++ head/sys/dev/random/fortuna.c Sun Dec 27 17:33:59 2015 (r292782) @@ -50,7 +50,7 @@ __FBSDID("$FreeBSD$"); #include #include -#include +#include #include #include @@ -68,7 +68,7 @@ __FBSDID("$FreeBSD$"); #include "unit_test.h" #include -#include +#include #include #include Modified: head/sys/dev/random/hash.c ============================================================================== --- head/sys/dev/random/hash.c Sun Dec 27 17:19:46 2015 (r292781) +++ head/sys/dev/random/hash.c Sun Dec 27 17:33:59 2015 (r292782) @@ -43,7 +43,7 @@ __FBSDID("$FreeBSD$"); #endif /* _KERNEL */ #include -#include +#include #include Modified: head/sys/dev/random/other_algorithm.c ============================================================================== --- head/sys/dev/random/other_algorithm.c Sun Dec 27 17:19:46 2015 (r292781) +++ head/sys/dev/random/other_algorithm.c Sun Dec 27 17:33:59 2015 (r292782) @@ -55,7 +55,7 @@ __FBSDID("$FreeBSD$"); #include #include -#include +#include #include #include Modified: head/sys/dev/random/randomdev.c ============================================================================== --- head/sys/dev/random/randomdev.c Sun Dec 27 17:19:46 2015 (r292781) +++ head/sys/dev/random/randomdev.c Sun Dec 27 17:33:59 2015 (r292782) @@ -50,7 +50,7 @@ __FBSDID("$FreeBSD$"); #include #include -#include +#include #include #include Modified: head/sys/dev/random/unit_test.c ============================================================================== --- head/sys/dev/random/unit_test.c Sun Dec 27 17:19:46 2015 (r292781) +++ head/sys/dev/random/unit_test.c Sun Dec 27 17:33:59 2015 (r292782) @@ -36,7 +36,7 @@ cc -g -O0 -pthread -DRANDOM_ -I../. hash.c \ ../../crypto/rijndael/rijndael-api-fst.c \ ../../crypto/rijndael/rijndael-alg-fst.c \ - ../../crypto/sha2/sha2.c \ + ../../crypto/sha2/sha256c.c \ -lz \ -o unit_test ./unit_test Modified: head/sys/dev/random/yarrow.c ============================================================================== --- head/sys/dev/random/yarrow.c Sun Dec 27 17:19:46 2015 (r292781) +++ head/sys/dev/random/yarrow.c Sun Dec 27 17:33:59 2015 (r292782) @@ -41,7 +41,7 @@ __FBSDID("$FreeBSD$"); #include #include -#include +#include #include #include @@ -60,7 +60,7 @@ __FBSDID("$FreeBSD$"); #include "unit_test.h" #include -#include +#include #include #include Modified: head/sys/geom/bde/g_bde.c ============================================================================== --- head/sys/geom/bde/g_bde.c Sun Dec 27 17:19:46 2015 (r292781) +++ head/sys/geom/bde/g_bde.c Sun Dec 27 17:33:59 2015 (r292782) @@ -44,7 +44,7 @@ #include #include -#include +#include #include #include #define BDE_CLASS_NAME "BDE" Modified: head/sys/geom/bde/g_bde_crypt.c ============================================================================== --- head/sys/geom/bde/g_bde_crypt.c Sun Dec 27 17:19:46 2015 (r292781) +++ head/sys/geom/bde/g_bde_crypt.c Sun Dec 27 17:33:59 2015 (r292782) @@ -47,7 +47,7 @@ #include #include -#include +#include #include #include Modified: head/sys/geom/bde/g_bde_lock.c ============================================================================== --- head/sys/geom/bde/g_bde_lock.c Sun Dec 27 17:19:46 2015 (r292781) +++ head/sys/geom/bde/g_bde_lock.c Sun Dec 27 17:33:59 2015 (r292782) @@ -58,7 +58,7 @@ #endif #include -#include +#include #include #include Modified: head/sys/geom/bde/g_bde_work.c ============================================================================== --- head/sys/geom/bde/g_bde_work.c Sun Dec 27 17:19:46 2015 (r292781) +++ head/sys/geom/bde/g_bde_work.c Sun Dec 27 17:33:59 2015 (r292782) @@ -71,7 +71,7 @@ #include #include -#include +#include #include #include Modified: head/sys/geom/eli/g_eli.h ============================================================================== --- head/sys/geom/eli/g_eli.h Sun Dec 27 17:19:46 2015 (r292781) +++ head/sys/geom/eli/g_eli.h Sun Dec 27 17:33:59 2015 (r292782) @@ -32,7 +32,8 @@ #include #include #include -#include +#include +#include #include #ifdef _KERNEL #include Modified: head/sys/modules/crypto/Makefile ============================================================================== --- head/sys/modules/crypto/Makefile Sun Dec 27 17:19:46 2015 (r292781) +++ head/sys/modules/crypto/Makefile Sun Dec 27 17:33:59 2015 (r292782) @@ -16,7 +16,7 @@ SRCS += cast.c cryptodeflate.c rmd160.c SRCS += skipjack.c bf_enc.c bf_ecb.c bf_skey.c SRCS += camellia.c camellia-api.c SRCS += des_ecb.c des_enc.c des_setkey.c -SRCS += sha1.c sha2.c sha256c.c +SRCS += sha1.c sha256c.c sha512c.c SRCS += siphash.c SRCS += gmac.c gfmult.c SRCS += opt_param.h cryptodev_if.h bus_if.h device_if.h Modified: head/sys/modules/geom/geom_bde/Makefile ============================================================================== --- head/sys/modules/geom/geom_bde/Makefile Sun Dec 27 17:19:46 2015 (r292781) +++ head/sys/modules/geom/geom_bde/Makefile Sun Dec 27 17:33:59 2015 (r292782) @@ -6,6 +6,6 @@ KMOD= geom_bde SRCS= g_bde.c g_bde_crypt.c g_bde_lock.c g_bde_work.c -SRCS+= rijndael-alg-fst.c rijndael-api-fst.c sha2.c sha256c.c +SRCS+= rijndael-alg-fst.c rijndael-api-fst.c sha256c.c sha512c.c .include Modified: head/sys/modules/zfs/Makefile ============================================================================== --- head/sys/modules/zfs/Makefile Sun Dec 27 17:19:46 2015 (r292781) +++ head/sys/modules/zfs/Makefile Sun Dec 27 17:33:59 2015 (r292782) @@ -68,7 +68,7 @@ SRCS+= zmod_subr.c SRCS+= zutil.c .PATH: ${SYSDIR}/crypto/sha2 -SRCS+= sha2.c sha256c.c +SRCS+= sha256c.c sha512c.c .PATH: ${SUNW}/common/zfs .include "${SUNW}/uts/common/Makefile.files" Modified: head/sys/netinet/sctp_os_bsd.h ============================================================================== --- head/sys/netinet/sctp_os_bsd.h Sun Dec 27 17:19:46 2015 (r292781) +++ head/sys/netinet/sctp_os_bsd.h Sun Dec 27 17:33:59 2015 (r292782) @@ -104,7 +104,7 @@ __FBSDID("$FreeBSD$"); #include #include -#include +#include #ifndef in6pcb #define in6pcb inpcb Modified: head/sys/opencrypto/xform.h ============================================================================== --- head/sys/opencrypto/xform.h Sun Dec 27 17:19:46 2015 (r292781) +++ head/sys/opencrypto/xform.h Sun Dec 27 17:33:59 2015 (r292782) @@ -33,7 +33,9 @@ #include #include -#include +#include +#include +#include #include #include