Print this page
4185 New hash algorithm support

Split Close
Expand all
Collapse all
          --- old/usr/src/common/crypto/sha2/sha2.c
          +++ new/usr/src/common/crypto/sha2/sha2.c
   1    1  /*
   2    2   * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
   3    3   * Use is subject to license terms.
   4    4   */
        5 +/*
        6 + * Copyright 2013 Saso Kiselkov.  All rights reserved.
        7 + */
   5    8  
   6    9  /*
   7   10   * The basic framework for this code came from the reference
   8   11   * implementation for MD5.  That implementation is Copyright (C)
   9   12   * 1991-2, RSA Data Security, Inc. Created 1991. All rights reserved.
  10   13   *
  11   14   * License to copy and use this software is granted provided that it
  12   15   * is identified as the "RSA Data Security, Inc. MD5 Message-Digest
  13   16   * Algorithm" in all material mentioning or referencing this software
  14   17   * or this function.
↓ open down ↓ 693 lines elided ↑ open up ↑
 708  711          case SHA512_HMAC_GEN_MECH_INFO_TYPE:
 709  712                  ctx->state.s64[0] = 0x6a09e667f3bcc908ULL;
 710  713                  ctx->state.s64[1] = 0xbb67ae8584caa73bULL;
 711  714                  ctx->state.s64[2] = 0x3c6ef372fe94f82bULL;
 712  715                  ctx->state.s64[3] = 0xa54ff53a5f1d36f1ULL;
 713  716                  ctx->state.s64[4] = 0x510e527fade682d1ULL;
 714  717                  ctx->state.s64[5] = 0x9b05688c2b3e6c1fULL;
 715  718                  ctx->state.s64[6] = 0x1f83d9abfb41bd6bULL;
 716  719                  ctx->state.s64[7] = 0x5be0cd19137e2179ULL;
 717  720                  break;
      721 +        case SHA512_224_MECH_INFO_TYPE:
      722 +                ctx->state.s64[0] = 0x8C3D37C819544DA2ULL;
      723 +                ctx->state.s64[1] = 0x73E1996689DCD4D6ULL;
      724 +                ctx->state.s64[2] = 0x1DFAB7AE32FF9C82ULL;
      725 +                ctx->state.s64[3] = 0x679DD514582F9FCFULL;
      726 +                ctx->state.s64[4] = 0x0F6D2B697BD44DA8ULL;
      727 +                ctx->state.s64[5] = 0x77E36F7304C48942ULL;
      728 +                ctx->state.s64[6] = 0x3F9D85A86A1D36C8ULL;
      729 +                ctx->state.s64[7] = 0x1112E6AD91D692A1ULL;
      730 +                break;
      731 +        case SHA512_256_MECH_INFO_TYPE:
      732 +                ctx->state.s64[0] = 0x22312194FC2BF72CULL;
      733 +                ctx->state.s64[1] = 0x9F555FA3C84C64C2ULL;
      734 +                ctx->state.s64[2] = 0x2393B86B6F53B151ULL;
      735 +                ctx->state.s64[3] = 0x963877195940EABDULL;
      736 +                ctx->state.s64[4] = 0x96283EE2A88EFFE3ULL;
      737 +                ctx->state.s64[5] = 0xBE5E1E2553863992ULL;
      738 +                ctx->state.s64[6] = 0x2B0199FC2C85B8AAULL;
      739 +                ctx->state.s64[7] = 0x0EB72DDC81C52CA2ULL;
      740 +                break;
 718  741  #ifdef _KERNEL
 719  742          default:
 720  743                  cmn_err(CE_PANIC,
 721  744                      "sha2_init: failed to find a supported algorithm: 0x%x",
 722  745                      (uint32_t)mech);
 723  746  
 724  747  #endif /* _KERNEL */
 725  748          }
 726  749  
 727  750          ctx->algotype = (uint32_t)mech;
↓ open down ↓ 166 lines elided ↑ open up ↑
 894  917          uint8_t         bitcount_be64[sizeof (ctx->count.c64)];
 895  918          uint32_t        index;
 896  919          uint32_t        algotype = ctx->algotype;
 897  920  
 898  921          if (algotype <= SHA256_HMAC_GEN_MECH_INFO_TYPE) {
 899  922                  index  = (ctx->count.c32[1] >> 3) & 0x3f;
 900  923                  Encode(bitcount_be, ctx->count.c32, sizeof (bitcount_be));
 901  924                  SHA2Update(ctx, PADDING, ((index < 56) ? 56 : 120) - index);
 902  925                  SHA2Update(ctx, bitcount_be, sizeof (bitcount_be));
 903  926                  Encode(digest, ctx->state.s32, sizeof (ctx->state.s32));
 904      -
 905  927          } else {
 906  928                  index  = (ctx->count.c64[1] >> 3) & 0x7f;
 907  929                  Encode64(bitcount_be64, ctx->count.c64,
 908  930                      sizeof (bitcount_be64));
 909  931                  SHA2Update(ctx, PADDING, ((index < 112) ? 112 : 240) - index);
 910  932                  SHA2Update(ctx, bitcount_be64, sizeof (bitcount_be64));
 911  933                  if (algotype <= SHA384_HMAC_GEN_MECH_INFO_TYPE) {
 912  934                          ctx->state.s64[6] = ctx->state.s64[7] = 0;
 913  935                          Encode64(digest, ctx->state.s64,
 914  936                              sizeof (uint64_t) * 6);
 915      -                } else
      937 +                } else if (algotype == SHA512_224_MECH_INFO_TYPE) {
      938 +                        uint8_t last[sizeof (uint64_t)];
      939 +                        /*
      940 +                         * Since SHA-512/224 doesn't align well to 64-bit
      941 +                         * boundaries, we must do the encode in three steps:
      942 +                         * 1) encode the three 64-bit words that fit neatly
      943 +                         * 2) encode the last 64-bit word to a temp buffer
      944 +                         * 3) chop out the lower 32-bits from the temp buffer
      945 +                         *    and append them to the digest
      946 +                         */
      947 +                        Encode64(digest, ctx->state.s64, sizeof (uint64_t) * 3);
      948 +                        Encode64(last, &ctx->state.s64[3], sizeof (uint64_t));
      949 +                        bcopy(last, (uint8_t *)digest + 24, 4);
      950 +                } else if (algotype == SHA512_256_MECH_INFO_TYPE) {
      951 +                        Encode64(digest, ctx->state.s64, sizeof (uint64_t) * 4);
      952 +                } else {
 916  953                          Encode64(digest, ctx->state.s64,
 917  954                              sizeof (ctx->state.s64));
      955 +                }
 918  956          }
 919  957  
 920  958          /* zeroize sensitive information */
 921  959          bzero(ctx, sizeof (*ctx));
 922  960  }
    
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX