diff options
author | Julius Werner <jwerner@chromium.org> | 2020-05-05 20:31:33 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2020-05-12 04:08:06 +0000 |
commit | d6c392bb12b6d52d880b72b24d68e59ad8e8d609 (patch) | |
tree | dfe016b0c68b900aee48c2cc482114086b1360e6 | |
parent | 909d55215f7573d67e38931bb31ac12694312a7d (diff) | |
download | vboot-d6c392bb12b6d52d880b72b24d68e59ad8e8d609.tar.gz |
2sha: Add SHA-224 and SHA-384 hash algorithms
This patch adds support for the SHA-224 and SHA-384 hash algorithms,
which are basically just variants of SHA-256 and SHA-512 (respectively)
with different initialization vectors and truncating a bit of the final
output. They are only added to serve vboot's role as all-purpose crypto
toolbox for callers (e.g. coreboot, where I need SHA-384 to support a
certain SoC boot descriptor right now) and not intended for actual use
as signature or firmware body hashes -- therefore, we only add the hash
algorithms themselves and don't create enum values for them in enum
vb2_crypto_algorithm or other structures.
Also clarify the difference between UNROLL_LOOPS and UNROLL_LOOPS_SHA512
in the Makefile, since it was totally not obvious to me.
BRANCH=None
BUG=None
TEST=make runtest and make runtest UNROLL_LOOPS=1
Cq-Depend: chromium:2191082
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Ic132d4dfe5967f03be4666b26c47d32c1235f4a9
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2183551
Reviewed-by: Joel Kitching <kitching@chromium.org>
-rw-r--r-- | Makefile | 11 | ||||
-rw-r--r-- | firmware/2lib/2crypto.c | 2 | ||||
-rw-r--r-- | firmware/2lib/2sha256.c | 29 | ||||
-rw-r--r-- | firmware/2lib/2sha512.c | 33 | ||||
-rw-r--r-- | firmware/2lib/2sha_utility.c | 20 | ||||
-rw-r--r-- | firmware/2lib/include/2crypto.h | 4 | ||||
-rw-r--r-- | firmware/2lib/include/2sha.h | 23 | ||||
-rw-r--r-- | tests/hmac_test.c | 7 | ||||
-rw-r--r-- | tests/vb2_sha_tests.c | 75 |
9 files changed, 173 insertions, 31 deletions
@@ -840,11 +840,18 @@ ${TLCL_OBJS}: CFLAGS += -DTPM_BLOCKING_CONTINUESELFTEST # CFLAGS += -DTPM_MANUAL_SELFTEST +# NOTE: UNROLL_LOOPS *only* affects SHA256, *not* SHA512. This seems to have +# been a conscious decision at some point (see b/35501356) but whether it still +# holds up in all situations on all architectures today might need to be +# reevaluated. For now, since we currently always use SHA256 for (non-recovery) +# kernel bodies and don't unroll loops for firmware verification, it's not very +# relevant in practice. To unroll SHA512, UNROLL_LOOPS_SHA512 would need to be +# defined. ifneq ($(filter-out 0,$(UNROLL_LOOPS)),) -$(info vboot hash algos built with unrolled loops (faster, larger code size)) +$(info vboot SHA256 built with unrolled loops (faster, larger code size)) CFLAGS += -DUNROLL_LOOPS else -$(info vboot hash algos built with tight loops (slower, smaller code size)) +$(info vboot SHA256 built with tight loops (slower, smaller code size)) endif .PHONY: fwlib diff --git a/firmware/2lib/2crypto.c b/firmware/2lib/2crypto.c index 46071069..0c0978d2 100644 --- a/firmware/2lib/2crypto.c +++ b/firmware/2lib/2crypto.c @@ -37,9 +37,11 @@ const char *vb2_hash_names[VB2_HASH_ALG_COUNT] = { [VB2_HASH_SHA1] = VB2_SHA1_ALG_NAME, #endif #if VB2_SUPPORT_SHA256 + [VB2_HASH_SHA224] = VB2_SHA224_ALG_NAME, [VB2_HASH_SHA256] = VB2_SHA256_ALG_NAME, #endif #if VB2_SUPPORT_SHA512 + [VB2_HASH_SHA384] = VB2_SHA384_ALG_NAME, [VB2_HASH_SHA512] = VB2_SHA512_ALG_NAME, #endif }; diff --git a/firmware/2lib/2sha256.c b/firmware/2lib/2sha256.c index 139745f4..c3612377 100644 --- a/firmware/2lib/2sha256.c +++ b/firmware/2lib/2sha256.c @@ -88,6 +88,11 @@ static const uint32_t sha256_h0[8] = { 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 }; +static const uint32_t sha224_h0[8] = { + 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939, + 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4 +}; + static const uint32_t sha256_k[64] = { 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, @@ -108,18 +113,21 @@ static const uint32_t sha256_k[64] = { }; /* SHA-256 implementation */ -void vb2_sha256_init(struct vb2_sha256_context *ctx) +void vb2_sha256_init(struct vb2_sha256_context *ctx, + enum vb2_hash_algorithm algo) { + const uint32_t *h0 = algo == VB2_HASH_SHA224 ? sha224_h0 : sha256_h0; + #ifndef UNROLL_LOOPS int i; for (i = 0; i < 8; i++) { - ctx->h[i] = sha256_h0[i]; + ctx->h[i] = h0[i]; } #else - ctx->h[0] = sha256_h0[0]; ctx->h[1] = sha256_h0[1]; - ctx->h[2] = sha256_h0[2]; ctx->h[3] = sha256_h0[3]; - ctx->h[4] = sha256_h0[4]; ctx->h[5] = sha256_h0[5]; - ctx->h[6] = sha256_h0[6]; ctx->h[7] = sha256_h0[7]; + ctx->h[0] = h0[0]; ctx->h[1] = h0[1]; + ctx->h[2] = h0[2]; ctx->h[3] = h0[3]; + ctx->h[4] = h0[4]; ctx->h[5] = h0[5]; + ctx->h[6] = h0[6]; ctx->h[7] = h0[7]; #endif /* !UNROLL_LOOPS */ ctx->size = 0; @@ -278,7 +286,8 @@ void vb2_sha256_update(struct vb2_sha256_context *ctx, ctx->total_size += (block_nb + 1) << 6; } -void vb2_sha256_finalize(struct vb2_sha256_context *ctx, uint8_t *digest) +void vb2_sha256_finalize(struct vb2_sha256_context *ctx, uint8_t *digest, + enum vb2_hash_algorithm algo) { unsigned int block_nb; unsigned int pm_size; @@ -300,7 +309,7 @@ void vb2_sha256_finalize(struct vb2_sha256_context *ctx, uint8_t *digest) vb2_sha256_transform(ctx, ctx->block, block_nb); #ifndef UNROLL_LOOPS - for (i = 0 ; i < 8; i++) { + for (i = 0 ; i < (algo == VB2_HASH_SHA224 ? 7 : 8); i++) { UNPACK32(ctx->h[i], &digest[i << 2]); } #else @@ -311,7 +320,9 @@ void vb2_sha256_finalize(struct vb2_sha256_context *ctx, uint8_t *digest) UNPACK32(ctx->h[4], &digest[16]); UNPACK32(ctx->h[5], &digest[20]); UNPACK32(ctx->h[6], &digest[24]); - UNPACK32(ctx->h[7], &digest[28]); + if (algo != VB2_HASH_SHA224) { + UNPACK32(ctx->h[7], &digest[28]); + } #endif /* !UNROLL_LOOPS */ } diff --git a/firmware/2lib/2sha512.c b/firmware/2lib/2sha512.c index ee78ec2b..b72ebce0 100644 --- a/firmware/2lib/2sha512.c +++ b/firmware/2lib/2sha512.c @@ -106,6 +106,13 @@ static const uint64_t sha512_h0[8] = { 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL }; +static const uint64_t sha384_h0[8] = { + 0xcbbb9d5dc1059ed8ULL, 0x629a292a367cd507ULL, + 0x9159015a3070dd17ULL, 0x152fecd8f70e5939ULL, + 0x67332667ffc00b31ULL, 0x8eb44a8768581511ULL, + 0xdb0c2e0d64f98fa7ULL, 0x47b5481dbefa4fa4ULL +}; + static const uint64_t sha512_k[80] = { 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, @@ -151,18 +158,21 @@ static const uint64_t sha512_k[80] = { /* SHA-512 implementation */ -void vb2_sha512_init(struct vb2_sha512_context *ctx) +void vb2_sha512_init(struct vb2_sha512_context *ctx, + enum vb2_hash_algorithm algo) { + const uint64_t *h0 = algo == VB2_HASH_SHA384 ? sha384_h0 : sha512_h0; + #ifdef UNROLL_LOOPS_SHA512 - ctx->h[0] = sha512_h0[0]; ctx->h[1] = sha512_h0[1]; - ctx->h[2] = sha512_h0[2]; ctx->h[3] = sha512_h0[3]; - ctx->h[4] = sha512_h0[4]; ctx->h[5] = sha512_h0[5]; - ctx->h[6] = sha512_h0[6]; ctx->h[7] = sha512_h0[7]; + ctx->h[0] = h0[0]; ctx->h[1] = h0[1]; + ctx->h[2] = h0[2]; ctx->h[3] = h0[3]; + ctx->h[4] = h0[4]; ctx->h[5] = h0[5]; + ctx->h[6] = h0[6]; ctx->h[7] = h0[7]; #else int i; for (i = 0; i < 8; i++) - ctx->h[i] = sha512_h0[i]; + ctx->h[i] = h0[i]; #endif /* UNROLL_LOOPS_SHA512 */ ctx->size = 0; @@ -308,7 +318,8 @@ void vb2_sha512_update(struct vb2_sha512_context *ctx, ctx->total_size += (block_nb + 1) << 7; } -void vb2_sha512_finalize(struct vb2_sha512_context *ctx, uint8_t *digest) +void vb2_sha512_finalize(struct vb2_sha512_context *ctx, uint8_t *digest, + enum vb2_hash_algorithm algo) { unsigned int block_nb; unsigned int pm_size; @@ -337,10 +348,12 @@ void vb2_sha512_finalize(struct vb2_sha512_context *ctx, uint8_t *digest) UNPACK64(ctx->h[3], &digest[24]); UNPACK64(ctx->h[4], &digest[32]); UNPACK64(ctx->h[5], &digest[40]); - UNPACK64(ctx->h[6], &digest[48]); - UNPACK64(ctx->h[7], &digest[56]); + if (algo != VB2_HASH_SHA384) { + UNPACK64(ctx->h[6], &digest[48]); + UNPACK64(ctx->h[7], &digest[56]); + } #else - for (i = 0 ; i < 8; i++) + for (i = 0 ; i < (algo == VB2_HASH_SHA384 ? 6 : 8); i++) UNPACK64(ctx->h[i], &digest[i << 3]); #endif /* UNROLL_LOOPS_SHA512 */ } diff --git a/firmware/2lib/2sha_utility.c b/firmware/2lib/2sha_utility.c index 0af117a4..3a6c230e 100644 --- a/firmware/2lib/2sha_utility.c +++ b/firmware/2lib/2sha_utility.c @@ -17,10 +17,14 @@ size_t vb2_digest_size(enum vb2_hash_algorithm hash_alg) return VB2_SHA1_DIGEST_SIZE; #endif #if VB2_SUPPORT_SHA256 + case VB2_HASH_SHA224: + return VB2_SHA224_DIGEST_SIZE; case VB2_HASH_SHA256: return VB2_SHA256_DIGEST_SIZE; #endif #if VB2_SUPPORT_SHA512 + case VB2_HASH_SHA384: + return VB2_SHA384_DIGEST_SIZE; case VB2_HASH_SHA512: return VB2_SHA512_DIGEST_SIZE; #endif @@ -37,10 +41,12 @@ size_t vb2_hash_block_size(enum vb2_hash_algorithm alg) return VB2_SHA1_BLOCK_SIZE; #endif #if VB2_SUPPORT_SHA256 + case VB2_HASH_SHA224: /* SHA224 reuses SHA256 internal structures */ case VB2_HASH_SHA256: return VB2_SHA256_BLOCK_SIZE; #endif #if VB2_SUPPORT_SHA512 + case VB2_HASH_SHA384: /* SHA384 reuses SHA512 internal structures */ case VB2_HASH_SHA512: return VB2_SHA512_BLOCK_SIZE; #endif @@ -63,13 +69,15 @@ vb2_error_t vb2_digest_init(struct vb2_digest_context *dc, return VB2_SUCCESS; #endif #if VB2_SUPPORT_SHA256 + case VB2_HASH_SHA224: case VB2_HASH_SHA256: - vb2_sha256_init(&dc->sha256); + vb2_sha256_init(&dc->sha256, hash_alg); return VB2_SUCCESS; #endif #if VB2_SUPPORT_SHA512 + case VB2_HASH_SHA384: case VB2_HASH_SHA512: - vb2_sha512_init(&dc->sha512); + vb2_sha512_init(&dc->sha512, hash_alg); return VB2_SUCCESS; #endif default: @@ -88,11 +96,13 @@ vb2_error_t vb2_digest_extend(struct vb2_digest_context *dc, const uint8_t *buf, return VB2_SUCCESS; #endif #if VB2_SUPPORT_SHA256 + case VB2_HASH_SHA224: case VB2_HASH_SHA256: vb2_sha256_update(&dc->sha256, buf, size); return VB2_SUCCESS; #endif #if VB2_SUPPORT_SHA512 + case VB2_HASH_SHA384: case VB2_HASH_SHA512: vb2_sha512_update(&dc->sha512, buf, size); return VB2_SUCCESS; @@ -116,13 +126,15 @@ vb2_error_t vb2_digest_finalize(struct vb2_digest_context *dc, uint8_t *digest, return VB2_SUCCESS; #endif #if VB2_SUPPORT_SHA256 + case VB2_HASH_SHA224: case VB2_HASH_SHA256: - vb2_sha256_finalize(&dc->sha256, digest); + vb2_sha256_finalize(&dc->sha256, digest, dc->hash_alg); return VB2_SUCCESS; #endif #if VB2_SUPPORT_SHA512 + case VB2_HASH_SHA384: case VB2_HASH_SHA512: - vb2_sha512_finalize(&dc->sha512, digest); + vb2_sha512_finalize(&dc->sha512, digest, dc->hash_alg); return VB2_SUCCESS; #endif default: diff --git a/firmware/2lib/include/2crypto.h b/firmware/2lib/include/2crypto.h index 0413a624..14e1f14d 100644 --- a/firmware/2lib/include/2crypto.h +++ b/firmware/2lib/include/2crypto.h @@ -71,6 +71,10 @@ enum vb2_hash_algorithm { VB2_HASH_SHA256 = 2, VB2_HASH_SHA512 = 3, + /* SHA-224/SHA-384 are variants of SHA-256/SHA-512, respectively. */ + VB2_HASH_SHA224 = 4, + VB2_HASH_SHA384 = 5, + /* Last index. Don't add anything below. */ VB2_HASH_ALG_COUNT, }; diff --git a/firmware/2lib/include/2sha.h b/firmware/2lib/include/2sha.h index a8e654e3..e586a77d 100644 --- a/firmware/2lib/include/2sha.h +++ b/firmware/2lib/include/2sha.h @@ -75,6 +75,15 @@ struct vb2_sha512_context { uint8_t block[2 * VB2_SHA512_BLOCK_SIZE]; }; +/* + * SHA224/SHA384 are variants of SHA256/SHA512 that use almost all the same code + * (and the same context structures), so no separate "SUPPORT" flags for them. + */ +#define VB2_SHA224_DIGEST_SIZE 28 +#define VB2_SHA224_ALG_NAME "SHA224" +#define VB2_SHA384_DIGEST_SIZE 48 +#define VB2_SHA384_ALG_NAME "SHA384" + /* Hash algorithm independent digest context; includes all of the above. */ struct vb2_digest_context { /* Context union for all algorithms */ @@ -133,10 +142,13 @@ _Static_assert(VB2_HASH_ALG_COUNT <= UINT8_MAX, "vb2_hash.algo overflow!"); * Initialize a hash context. * * @param ctx Hash context + * @param algo Hash algorithm (only for overloaded functions) */ void vb2_sha1_init(struct vb2_sha1_context *ctx); -void vb2_sha256_init(struct vb2_sha256_context *ctx); -void vb2_sha512_init(struct vb2_sha512_context *ctx); +void vb2_sha256_init(struct vb2_sha256_context *ctx, + enum vb2_hash_algorithm algo); +void vb2_sha512_init(struct vb2_sha512_context *ctx, + enum vb2_hash_algorithm algo); /** * Update (extend) a hash. @@ -160,10 +172,13 @@ void vb2_sha512_update(struct vb2_sha512_context *ctx, * * @param ctx Hash context * @param digest Destination for hash; must be VB_SHA*_DIGEST_SIZE bytes + * @param algo Hash algorithm (only for overloaded functions) */ void vb2_sha1_finalize(struct vb2_sha1_context *ctx, uint8_t *digest); -void vb2_sha256_finalize(struct vb2_sha256_context *ctx, uint8_t *digest); -void vb2_sha512_finalize(struct vb2_sha512_context *ctx, uint8_t *digest); +void vb2_sha256_finalize(struct vb2_sha256_context *ctx, uint8_t *digest, + enum vb2_hash_algorithm algo); +void vb2_sha512_finalize(struct vb2_sha512_context *ctx, uint8_t *digest, + enum vb2_hash_algorithm algo); /** * Hash-extend data diff --git a/tests/hmac_test.c b/tests/hmac_test.c index 92c52fc3..ed77d7bb 100644 --- a/tests/hmac_test.c +++ b/tests/hmac_test.c @@ -33,9 +33,15 @@ static void test_hmac_by_openssl(enum vb2_hash_algorithm alg, case VB2_HASH_SHA1: HMAC(EVP_sha1(), key, key_size, msg, msg_size, md, &md_size); break; + case VB2_HASH_SHA224: + HMAC(EVP_sha224(), key, key_size, msg, msg_size, md, &md_size); + break; case VB2_HASH_SHA256: HMAC(EVP_sha256(), key, key_size, msg, msg_size, md, &md_size); break; + case VB2_HASH_SHA384: + HMAC(EVP_sha384(), key, key_size, msg, msg_size, md, &md_size); + break; case VB2_HASH_SHA512: HMAC(EVP_sha512(), key, key_size, msg, msg_size, md, &md_size); break; @@ -44,6 +50,7 @@ static void test_hmac_by_openssl(enum vb2_hash_algorithm alg, } sprintf(test_name, "%s: HMAC-%s (key_size=%d)", __func__, vb2_get_hash_algorithm_name(alg), key_size); + TEST_EQ(vb2_digest_size(alg), md_size, "HMAC size"); TEST_SUCC(hmac(alg, key, key_size, msg, msg_size, mac, mac_size), test_name); TEST_SUCC(memcmp(mac, md, md_size), "HMAC digests match"); diff --git a/tests/vb2_sha_tests.c b/tests/vb2_sha_tests.c index 9fcac1f3..b4a4bd06 100644 --- a/tests/vb2_sha_tests.c +++ b/tests/vb2_sha_tests.c @@ -84,11 +84,11 @@ static void sha256_tests(void) "vb2_digest_buffer() too small"); /* Test multiple small extends */ - vb2_sha256_init(&ctx); + vb2_sha256_init(&ctx, VB2_HASH_SHA256); vb2_sha256_update(&ctx, (uint8_t *)"test1", 5); vb2_sha256_update(&ctx, (uint8_t *)"test2", 5); vb2_sha256_update(&ctx, (uint8_t *)"test3", 5); - vb2_sha256_finalize(&ctx, digest); + vb2_sha256_finalize(&ctx, digest, VB2_HASH_SHA256); TEST_EQ(memcmp(digest, expect_multiple, sizeof(digest)), 0, "SHA-256 multiple extends"); @@ -169,6 +169,76 @@ static void misc_tests(void) "vb2_digest_finalize() invalid alg"); } +static void known_value_tests(void) +{ + const char sentinel[] = "keepme"; + struct { + struct vb2_hash hash; + uint8_t overflow[8]; + } test; + +#define TEST_KNOWN_VALUE(algo, str, value) \ + TEST_EQ(vb2_digest_size(algo), sizeof(value) - 1, \ + "Known hash size " #algo ": " #str); \ + strcpy((char *)&test.hash.raw[sizeof(value) - 1], sentinel); \ + TEST_SUCC(vb2_hash_calculate(str, sizeof(str) - 1, algo, &test.hash), \ + "Calculate known hash " #algo ": " #str); \ + TEST_EQ(memcmp(test.hash.raw, value, sizeof(value) - 1), 0, \ + "Known hash " #algo ": " #str); \ + TEST_EQ(strcmp((char *)&test.hash.raw[sizeof(value) - 1], sentinel), 0,\ + "Overflow known hash " #algo ": " #str); + + TEST_KNOWN_VALUE(VB2_HASH_SHA1, "", + "\xda\x39\xa3\xee\x5e\x6b\x4b\x0d\x32\x55\xbf\xef\x95\x60\x18" + "\x90\xaf\xd8\x07\x09"); + TEST_KNOWN_VALUE(VB2_HASH_SHA256, "", + "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14\x9a\xfb\xf4\xc8\x99\x6f\xb9" + "\x24\x27\xae\x41\xe4\x64\x9b\x93\x4c\xa4\x95\x99\x1b\x78\x52" + "\xb8\x55"); + TEST_KNOWN_VALUE(VB2_HASH_SHA512, "", + "\xcf\x83\xe1\x35\x7e\xef\xb8\xbd\xf1\x54\x28\x50\xd6\x6d\x80" + "\x07\xd6\x20\xe4\x05\x0b\x57\x15\xdc\x83\xf4\xa9\x21\xd3\x6c" + "\xe9\xce\x47\xd0\xd1\x3c\x5d\x85\xf2\xb0\xff\x83\x18\xd2\x87" + "\x7e\xec\x2f\x63\xb9\x31\xbd\x47\x41\x7a\x81\xa5\x38\x32\x7a" + "\xf9\x27\xda\x3e"); + TEST_KNOWN_VALUE(VB2_HASH_SHA224, "", + "\xd1\x4a\x02\x8c\x2a\x3a\x2b\xc9\x47\x61\x02\xbb\x28\x82\x34" + "\xc4\x15\xa2\xb0\x1f\x82\x8e\xa6\x2a\xc5\xb3\xe4\x2f"); + TEST_KNOWN_VALUE(VB2_HASH_SHA384, "", + "\x38\xb0\x60\xa7\x51\xac\x96\x38\x4c\xd9\x32\x7e\xb1\xb1\xe3" + "\x6a\x21\xfd\xb7\x11\x14\xbe\x07\x43\x4c\x0c\xc7\xbf\x63\xf6" + "\xe1\xda\x27\x4e\xde\xbf\xe7\x6f\x65\xfb\xd5\x1a\xd2\xf1\x48" + "\x98\xb9\x5b"); + + const char long_test_string[] = "abcdefghbcdefghicdefghijdefghijkefgh" + "ijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrs" + "mnopqrstnopqrstu"; + TEST_KNOWN_VALUE(VB2_HASH_SHA1, long_test_string, + "\xa4\x9b\x24\x46\xa0\x2c\x64\x5b\xf4\x19\xf9\x95\xb6\x70\x91" + "\x25\x3a\x04\xa2\x59"); + TEST_KNOWN_VALUE(VB2_HASH_SHA256, long_test_string, + "\xcf\x5b\x16\xa7\x78\xaf\x83\x80\x03\x6c\xe5\x9e\x7b\x04\x92" + "\x37\x0b\x24\x9b\x11\xe8\xf0\x7a\x51\xaf\xac\x45\x03\x7a\xfe" + "\xe9\xd1"); + TEST_KNOWN_VALUE(VB2_HASH_SHA512, long_test_string, + "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14" + "\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88" + "\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4" + "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b" + "\x87\x4b\xe9\x09"); + TEST_KNOWN_VALUE(VB2_HASH_SHA224, long_test_string, + "\xc9\x7c\xa9\xa5\x59\x85\x0c\xe9\x7a\x04\xa9\x6d\xef\x6d\x99" + "\xa9\xe0\xe0\xe2\xab\x14\xe6\xb8\xdf\x26\x5f\xc0\xb3"); + TEST_KNOWN_VALUE(VB2_HASH_SHA384, long_test_string, + "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b" + "\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0" + "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91" + "\x74\x60\x39"); + + /* vim helper to escape hex: <Shift+V>:s/\([a-f0-9]\{2\}\)/\\x\1/g */ +#undef TEST_KNOWN_VALUE +} + int main(int argc, char *argv[]) { /* Initialize long_msg with 'a' x 1,000,000 */ @@ -180,6 +250,7 @@ int main(int argc, char *argv[]) sha256_tests(); sha512_tests(); misc_tests(); + known_value_tests(); free(long_msg); |