aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDan Brown <dan@weetabix>2021-05-31 22:45:51 +0200
committerRob Landley <rob@landley.net>2021-06-01 14:05:50 -0500
commit2513951e9e3449ec8fb585fc5c2b52e0131131ce (patch)
tree6a6a7bf99e2609bf24084f5ed68fa33c373998e2
parentdb3e9003c5f2c9b10b258728d82dff796c4379de (diff)
downloadtoybox-2513951e9e3449ec8fb585fc5c2b52e0131131ce.tar.gz
first rough version of built-in hash sums
-rw-r--r--toys/lsb/md5sum.c393
1 files changed, 327 insertions, 66 deletions
diff --git a/toys/lsb/md5sum.c b/toys/lsb/md5sum.c
index 99c5faa9..29d22ee8 100644
--- a/toys/lsb/md5sum.c
+++ b/toys/lsb/md5sum.c
@@ -90,6 +90,7 @@ GLOBALS(
int sawline;
enum hashmethods {
+ // TODO: are these names already in use?
MD5,
SHA1,
SHA224,
@@ -98,22 +99,30 @@ GLOBALS(
SHA512
} hashmethod;
- unsigned *rconsttable;
- unsigned long *rconsttable64; // for sha384/512
+ uint32_t *rconsttable32;
+ uint64_t *rconsttable64; // for sha384,sha512
// Crypto variables blanked after summing
- unsigned state[8], oldstate[8];
- unsigned long state64[8], oldstate64[8];
- unsigned long long count;
union {
- char c[64]; // bytes. md5 uses 16 of them.
- unsigned i[16]; // words
- unsigned long i64[16]; // words for sha384/512
+ uint32_t i32[8]; // for md5,sha1,sha224,sha256
+ uint64_t i64[8]; // for sha384,sha512
+ } state;
+ unsigned long long count; // this is a 64 bit number, which
+ // is less than the 128 bits needed
+ // for sha384 and sha512. However,
+ // we use 64 bits for all methods
+ // because it would only affect
+ // hash values for input data that
+ // is larger than about 23 petabytes
+ union {
+ char c[128]; // bytes, 1024 bits
+ uint32_t i32[16]; // 512 bits for md5,sha1,sha224,sha256
+ uint64_t i64[16]; // 1024 bits for sha384,sha512
} buffer;
)
// Round constants. Static table for when we haven't got floating point support
#if ! CFG_TOYBOX_FLOAT
-static unsigned md5nofloat[64] = {
+static uint32_t md5nofloat[64] = {
0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee, 0xf57c0faf, 0x4787c62a,
0xa8304613, 0xfd469501, 0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be,
0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821, 0xf61e2562, 0xc040b340,
@@ -126,11 +135,10 @@ static unsigned md5nofloat[64] = {
0xffeff47d, 0x85845dd1, 0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1,
0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391
};
-// sha1 needs only 4 values, so we always use precomputed values (defined later)
-#else
+#else // TODO: move this below the sha512 definition
#define md5nofloat 0
#endif
-static unsigned sha256nofloat[64] = {
+static uint32_t sha256nofloat[64] = {
0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1,
0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786,
@@ -143,7 +151,7 @@ static unsigned sha256nofloat[64] = {
0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
};
-static unsigned long sha512nofloat[80] = {
+static uint64_t sha512nofloat[80] = {
0x428a2f98d728ae22, 0x7137449123ef65cd, 0xb5c0fbcfec4d3b2f,
0xe9b5dba58189dbbc, 0x3956c25bf348b538, 0x59f111f1b605d019,
0x923f82a4af194f9b, 0xab1c5ed5da6d8118, 0xd807aa98a3030242,
@@ -172,18 +180,22 @@ static unsigned long sha512nofloat[80] = {
0x431d67c49c100d4c, 0x4cc5d4becb3e42b6, 0x597f299cfc657e2a,
0x5fcb6fab3ad6faec, 0x6c44198c4a475817
};
+// sha1 needs only 4 round constant values, so prefer precomputed
+static const uint32_t sha1rconsts[] = {
+ 0x5A827999, 0x6ED9EBA1, 0x8F1BBCDC, 0xCA62C1D6
+};
// Mix next 64 bytes of data into md5 hash
static void md5_transform(void)
{
- unsigned x[4], *b = (unsigned *)TT.buffer.c;
+ uint32_t x[4], *b = (uint32_t *)TT.buffer.c;
int i;
- memcpy(x, TT.state, sizeof(x));
+ memcpy(x, TT.state.i32, sizeof(x));
for (i=0; i<64; i++) {
- unsigned int in, a, rot, temp;
+ uint32_t in, a, rot, temp;
a = (-i)&3;
if (i<16) {
@@ -209,32 +221,34 @@ static void md5_transform(void)
rot = (5*rot)+(((rot+2)&2)>>1);
temp = x[(a+2)&3] ^ (x[(a+1)&3] | ~x[(a+3)&3]);
}
- temp += x[a] + b[in] + TT.rconsttable[i];
+ temp += x[a] + b[in] + TT.rconsttable32[i];
x[a] = x[(a+1)&3] + ((temp<<rot) | (temp>>(32-rot)));
}
- for (i=0; i<4; i++) TT.state[i] += x[i];
+ for (i=0; i<4; i++) TT.state.i32[i] += x[i];
}
// Mix next 64 bytes of data into sha1 hash.
-static const unsigned sha1rconsts[]={0x5A827999,0x6ED9EBA1,0x8F1BBCDC,0xCA62C1D6};
#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
+#define ror(value, bits) (((value) >> (bits)) | ((value) << (32 - (bits))))
+#define ror64(value, bits) (((value) >> (bits)) | ((value) << (64 - (bits))))
static void sha1_transform(void)
{
int i, j, k, count;
- unsigned *block = TT.buffer.i;
- unsigned *rot[5], *temp;
+ uint32_t *block = TT.buffer.i32;
+ uint32_t oldstate[5];
+ uint32_t *rot[5], *temp;
- // Copy context->state[] to working vars
+ // Copy context->state.i32[] to working vars
for (i=0; i<5; i++) {
- TT.oldstate[i] = TT.state[i];
- rot[i] = TT.state + i;
+ oldstate[i] = TT.state.i32[i];
+ rot[i] = TT.state.i32 + i;
}
// 4 rounds of 20 operations each.
for (i=count=0; i<4; i++) {
for (j=0; j<20; j++) {
- unsigned work;
+ uint32_t work;
work = *rot[2] ^ *rot[3];
if (!i) work = (work & *rot[1]) ^ *rot[3];
@@ -259,29 +273,203 @@ static void sha1_transform(void)
count++;
}
}
- // Add the previous values of state[]
- for (i=0; i<5; i++) TT.state[i] += TT.oldstate[i];
+ // Add the previous values of state.i32[]
+ for (i=0; i<5; i++) TT.state.i32[i] += oldstate[i];
}
-// Fill the 64-byte working buffer and call transform() when full.
+static void sha256_transform(void)
+{
+ int i;
+ uint32_t block[64];
+ uint32_t s0, s1, S0, S1, ch, maj, temp1, temp2;
+ uint32_t rot[8]; // a,b,c,d,e,f,g,h
+
+ //printf("buffer.c[0 1 2 3] = %02hhX %02hhX %02hhX %02hhX\n", TT.buffer.c[0], TT.buffer.c[1], TT.buffer.c[2], TT.buffer.c[3]);
+ printf("buffer.c[0 - 4] = %02hhX %02hhX %02hhX %02hhX %02hhX\n", TT.buffer.c[0], TT.buffer.c[1], TT.buffer.c[2], TT.buffer.c[3], TT.buffer.c[4]);
+ printf("buffer.c[56 - 63] = %02hhX %02hhX %02hhX %02hhX %02hhX %02hhX %02hhX %02hhX\n", \
+ TT.buffer.c[56], TT.buffer.c[57], TT.buffer.c[58], TT.buffer.c[59], \
+ TT.buffer.c[60], TT.buffer.c[61], TT.buffer.c[62], TT.buffer.c[63]);
+ for (i=0; i<16; i++) {
+ block[i] = SWAP_BE32(TT.buffer.i32[i]);
+ }
+ // Extend the message schedule array beyond first 16 words
+ for (i=16; i<64; i++) {
+ s0 = ror(block[i-15], 7) ^ ror(block[i-15], 18) ^ (block[i-15] >> 3);
+ s1 = ror(block[i-2], 17) ^ ror(block[i-2], 19) ^ (block[i-2] >> 10);
+ block[i] = block[i-16] + s0 + block[i-7] + s1;
+ }
+ // Copy context->state.i32[] to working vars
+ for (i=0; i<8; i++) {
+ //TT.oldstate32[i] = TT.state.i32[i];
+ rot[i] = TT.state.i32[i];
+ }
+ // 64 rounds
+ for (i=0; i<64; i++) {
+ S1 = ror(rot[4],6) ^ ror(rot[4],11) ^ ror(rot[4], 25);
+ ch = (rot[4] & rot[5]) ^ ((~ rot[4]) & rot[6]);
+ temp1 = rot[7] + S1 + ch + TT.rconsttable32[i] + block[i];
+ S0 = ror(rot[0],2) ^ ror(rot[0],13) ^ ror(rot[0], 22);
+ maj = (rot[0] & rot[1]) ^ (rot[0] & rot[2]) ^ (rot[1] & rot[2]);
+ temp2 = S0 + maj;
+ /* if (i < 2) {
+ printf("begin round %d: rot[0] = %u rot[1] = %u rot[2] = %u\n", i, rot[0], rot[1], rot[2]);
+ printf(" S1=%u ch=%u temp1=%u S0=%u maj=%u temp2=%u\n", S1,ch,temp1,S0,maj,temp2);
+ printf(" rot[7]=%u K[i]=%u W[i]=%u TT.buffer.i[i]=%u\n", rot[7],TT.rconsttable32[i],block[i],TT.buffer.i[i]);
+ } */
+ rot[7] = rot[6];
+ rot[6] = rot[5];
+ rot[5] = rot[4];
+ rot[4] = rot[3] + temp1;
+ rot[3] = rot[2];
+ rot[2] = rot[1];
+ rot[1] = rot[0];
+ rot[0] = temp1 + temp2;
+ }
+ //printf("%d rounds done: rot[0] = %u rot[1] = %u rot[2] = %u\n", i, rot[0], rot[1], rot[2]);
-static void hash_update(char *data, unsigned int len, void (*transform)(void))
+ // Add the previous values of state.i32[]
+ for (i=0; i<8; i++) TT.state.i32[i] += rot[i];
+ //printf("state.i32[0] = %u state.i32[1] = %u state.i32[2] = %u\n", TT.state.i32[0], TT.state.i32[1], TT.state.i32[2]);
+}
+
+static void sha224_transform(void)
+{
+ sha256_transform();
+}
+
+static void sha512_transform(void)
+{
+ int i;
+ uint64_t block[80];
+ uint64_t s0, s1, S0, S1, ch, maj, temp1, temp2;
+ uint64_t rot[8]; // a,b,c,d,e,f,g,h
+
+ printf("buffer.c[0 - 4] = %02hhX %02hhX %02hhX %02hhX %02hhX\n", TT.buffer.c[0], TT.buffer.c[1], TT.buffer.c[2], TT.buffer.c[3], TT.buffer.c[4]);
+ printf("buffer.c[112 - 127] = %02hhX %02hhX %02hhX %02hhX %02hhX %02hhX %02hhX %02hhX %02hhX %02hhX %02hhX %02hhX %02hhX %02hhX %02hhX %02hhX\n", \
+ TT.buffer.c[112], TT.buffer.c[113], TT.buffer.c[114], TT.buffer.c[115], \
+ TT.buffer.c[116], TT.buffer.c[117], TT.buffer.c[118], TT.buffer.c[119], \
+ TT.buffer.c[120], TT.buffer.c[121], TT.buffer.c[122], TT.buffer.c[123], \
+ TT.buffer.c[124], TT.buffer.c[125], TT.buffer.c[126], TT.buffer.c[127]);
+ for (i=0; i<16; i++) {
+ block[i] = SWAP_BE64(TT.buffer.i64[i]);
+ }
+ // Extend the message schedule array beyond first 16 words
+ for (i=16; i<80; i++) {
+ s0 = ror64(block[i-15], 1) ^ ror64(block[i-15], 8) ^ (block[i-15] >> 7);
+ s1 = ror64(block[i-2], 19) ^ ror64(block[i-2], 61) ^ (block[i-2] >> 6);
+ block[i] = block[i-16] + s0 + block[i-7] + s1;
+ }
+ // Copy context->state.i64[] to working vars
+ for (i=0; i<8; i++) {
+ rot[i] = TT.state.i64[i];
+ }
+ // 80 rounds
+ for (i=0; i<80; i++) {
+ S1 = ror64(rot[4],14) ^ ror64(rot[4],18) ^ ror64(rot[4], 41);
+ ch = (rot[4] & rot[5]) ^ ((~ rot[4]) & rot[6]);
+ temp1 = rot[7] + S1 + ch + TT.rconsttable64[i] + block[i];
+ S0 = ror64(rot[0],28) ^ ror64(rot[0],34) ^ ror64(rot[0], 39);
+ maj = (rot[0] & rot[1]) ^ (rot[0] & rot[2]) ^ (rot[1] & rot[2]);
+ temp2 = S0 + maj;
+ /*
+ if (i < 3) {
+ printf(" S1=%lu ch=%lu temp1=%lu S0=%lu maj=%lu temp2=%lu\n", S1,ch,temp1,S0,maj,temp2);
+ printf(" rot[7]=%lu K[i]=%lu W[i]=%lu TT.buffer.i64[i]=%lu\n", rot[7],TT.rconsttable64[i],block[i],TT.buffer.i64[i]);
+ }
+ */
+ rot[7] = rot[6];
+ rot[6] = rot[5];
+ rot[5] = rot[4];
+ rot[4] = rot[3] + temp1;
+ rot[3] = rot[2];
+ rot[2] = rot[1];
+ rot[1] = rot[0];
+ rot[0] = temp1 + temp2;
+ /*
+ if ((i < 3) || (i > 77)) {
+ //printf("after round %d: rot[0] = %lu rot[1] = %lu rot[2] = %lu\n", i, rot[0], rot[1], rot[2]);
+ printf("t= %d: A=%08X%08X B=%08X%08X C= %08X%08X D=%08X%08X\n", i, \
+ (uint32_t) (rot[0] >> 32), (uint32_t) rot[0], \
+ (uint32_t) (rot[1] >> 32), (uint32_t) rot[1], \
+ (uint32_t) (rot[2] >> 32), (uint32_t) rot[2], \
+ (uint32_t) (rot[3] >> 32), (uint32_t) rot[3] \
+ );
+ printf("t= %d: E=%08X%08X F=%08X%08X G= %08X%08X H=%08X%08X\n", i, \
+ (uint32_t) (rot[4] >> 32), (uint32_t) rot[4], \
+ (uint32_t) (rot[5] >> 32), (uint32_t) rot[5], \
+ (uint32_t) (rot[6] >> 32), (uint32_t) rot[6], \
+ (uint32_t) (rot[7] >> 32), (uint32_t) rot[7] \
+ );
+ }
+ */
+ }
+ //printf("%d rounds done: rot[0] = %lu rot[1] = %lu rot[2] = %lu\n", i, rot[0], rot[1], rot[2]);
+
+ // Add the previous values of state.i64[]
+ /*
+ printf("t= %d: 0=%08X%08X 1=%08X%08X 2= %08X%08X 3=%08X%08X\n", -1, \
+ (uint32_t) (TT.state.i64[0] >> 32), (uint32_t) TT.state.i64[0], \
+ (uint32_t) (TT.state.i64[1] >> 32), (uint32_t) TT.state.i64[1], \
+ (uint32_t) (TT.state.i64[2] >> 32), (uint32_t) TT.state.i64[2], \
+ (uint32_t) (TT.state.i64[3] >> 32), (uint32_t) TT.state.i64[3] \
+ );
+ printf("t= %d: 4=%08X%08X 5=%08X%08X 6= %08X%08X 7=%08X%08X\n", -1, \
+ (uint32_t) (TT.state.i64[4] >> 32), (uint32_t) TT.state.i64[4], \
+ (uint32_t) (TT.state.i64[5] >> 32), (uint32_t) TT.state.i64[5], \
+ (uint32_t) (TT.state.i64[6] >> 32), (uint32_t) TT.state.i64[6], \
+ (uint32_t) (TT.state.i64[7] >> 32), (uint32_t) TT.state.i64[7] \
+ );
+ */
+ for (i=0; i<8; i++) TT.state.i64[i] += rot[i];
+ /*
+ printf("t= %d: 0=%08X%08X 1=%08X%08X 2= %08X%08X 3=%08X%08X\n", -2, \
+ (uint32_t) (TT.state.i64[0] >> 32), (uint32_t) TT.state.i64[0], \
+ (uint32_t) (TT.state.i64[1] >> 32), (uint32_t) TT.state.i64[1], \
+ (uint32_t) (TT.state.i64[2] >> 32), (uint32_t) TT.state.i64[2], \
+ (uint32_t) (TT.state.i64[3] >> 32), (uint32_t) TT.state.i64[3] \
+ );
+ printf("t= %d: 4=%08X%08X 5=%08X%08X 6= %08X%08X 7=%08X%08X\n", -2, \
+ (uint32_t) (TT.state.i64[4] >> 32), (uint32_t) TT.state.i64[4], \
+ (uint32_t) (TT.state.i64[5] >> 32), (uint32_t) TT.state.i64[5], \
+ (uint32_t) (TT.state.i64[6] >> 32), (uint32_t) TT.state.i64[6], \
+ (uint32_t) (TT.state.i64[7] >> 32), (uint32_t) TT.state.i64[7] \
+ );
+ */
+ //printf("state.i64[0] = %lu state.i64[1] = %lu state.i64[2] = %lu\n", TT.state.i64[0], TT.state.i64[1], TT.state.i64[2]);
+}
+
+static void sha384_transform(void)
+{
+ sha512_transform();
+}
+
+// Fill the 64-byte (512-bit) working buffer and call transform() when full.
+
+static void hash_update(char *data, unsigned int len, void (*transform)(void), int chunksize)
{
unsigned int i, j;
+ //printf("starting hash_update() TT.count = %llu len = %d chunksize = %d\n", TT.count,len,chunksize);
- j = TT.count & 63;
+ j = TT.count & (chunksize - 1);
TT.count += len;
for (;;) {
// Grab next chunk of data, return if it's not enough to process a frame
- i = 64 - j;
+ i = chunksize - j;
if (i>len) i = len;
memcpy(TT.buffer.c+j, data, i);
- if (j+i != 64) break;
+ //printf("checking chunksize. j(%d) + i(%d) = chunksize(%d) ?\n", j,i,chunksize);
+ if (j+i != chunksize) break;
// Process a frame
- if (IS_BIG_ENDIAN)
- for (j=0; j<16; j++) TT.buffer.i[j] = SWAP_LE32(TT.buffer.i[j]);
+ if (IS_BIG_ENDIAN) { // TODO: test on big endian architecture
+ if ((TT.hashmethod == SHA512) || (TT.hashmethod == SHA384)) {
+ for (j=0; j<16; j++) TT.buffer.i64[j] = SWAP_LE64(TT.buffer.i64[j]);
+ } else { // MD5, SHA1, SHA224, SHA256
+ for (j=0; j<16; j++) TT.buffer.i32[j] = SWAP_LE32(TT.buffer.i32[j]);
+ }
+ }
+ //printf("calling transform. hashmethod = %d\n", TT.hashmethod);
transform();
j=0;
data += i;
@@ -335,28 +523,91 @@ static void do_lib_hash(int fd, char *name)
sprintf(toybuf+2*i, "%02x", toybuf[i+128]);
}
-// Callback for loopfiles()
-
static void do_builtin_hash(int fd, char *name)
{
unsigned long long count;
- int i, sha1 = toys.which->name[0]=='s';
+ int i, chunksize, lengthsize, digestlen;
char buf, *pp;
void (*transform)(void);
- /* SHA1 initialization constants (md5sum uses first 4) */
- TT.state[0] = 0x67452301;
- TT.state[1] = 0xEFCDAB89;
- TT.state[2] = 0x98BADCFE;
- TT.state[3] = 0x10325476;
- TT.state[4] = 0xC3D2E1F0;
+ //printf("starting do_builtin_hash()\n");
TT.count = 0;
+ switch(TT.hashmethod) {
+ case MD5:
+ case SHA1:
+ transform = (TT.hashmethod == MD5) ? md5_transform : sha1_transform;
+ digestlen = (TT.hashmethod == MD5) ? 0 : 20; // bytes
+ chunksize = 64; // bytes
+ lengthsize = 8; // bytes
+ TT.state.i32[0] = 0x67452301;
+ TT.state.i32[1] = 0xEFCDAB89;
+ TT.state.i32[2] = 0x98BADCFE;
+ TT.state.i32[3] = 0x10325476;
+ TT.state.i32[4] = 0xC3D2E1F0; // not used for MD5
+ break;
+ case SHA224:
+ transform = sha224_transform;
+ digestlen = 28;
+ chunksize = 64;
+ lengthsize = 8;
+ TT.state.i32[0] = 0xc1059ed8;
+ TT.state.i32[1] = 0x367cd507;
+ TT.state.i32[2] = 0x3070dd17;
+ TT.state.i32[3] = 0xf70e5939;
+ TT.state.i32[4] = 0xffc00b31;
+ TT.state.i32[5] = 0x68581511;
+ TT.state.i32[6] = 0x64f98fa7;
+ TT.state.i32[7] = 0xbefa4fa4;
+ break;
+ case SHA256:
+ transform = sha256_transform;
+ digestlen = 32;
+ chunksize = 64;
+ lengthsize = 8;
+ TT.state.i32[0] = 0x6a09e667;
+ TT.state.i32[1] = 0xbb67ae85;
+ TT.state.i32[2] = 0x3c6ef372;
+ TT.state.i32[3] = 0xa54ff53a;
+ TT.state.i32[4] = 0x510e527f;
+ TT.state.i32[5] = 0x9b05688c;
+ TT.state.i32[6] = 0x1f83d9ab;
+ TT.state.i32[7] = 0x5be0cd19;
+ break;
+ case SHA384:
+ transform = sha384_transform;
+ digestlen = 48;
+ chunksize = 128;
+ lengthsize = 8; // bytes. should be 16 according to spec
+ TT.state.i64[0] = 0xcbbb9d5dc1059ed8;
+ TT.state.i64[1] = 0x629a292a367cd507;
+ TT.state.i64[2] = 0x9159015a3070dd17;
+ TT.state.i64[3] = 0x152fecd8f70e5939;
+ TT.state.i64[4] = 0x67332667ffc00b31;
+ TT.state.i64[5] = 0x8eb44a8768581511;
+ TT.state.i64[6] = 0xdb0c2e0d64f98fa7;
+ TT.state.i64[7] = 0x47b5481dbefa4fa4;
+ break;
+ case SHA512:
+ transform = sha512_transform;
+ digestlen = 64;
+ chunksize = 128;
+ lengthsize = 8; // bytes. should be 16 according to spec
+ TT.state.i64[0] = 0x6a09e667f3bcc908;
+ TT.state.i64[1] = 0xbb67ae8584caa73b;
+ TT.state.i64[2] = 0x3c6ef372fe94f82b;
+ TT.state.i64[3] = 0xa54ff53a5f1d36f1;
+ TT.state.i64[4] = 0x510e527fade682d1;
+ TT.state.i64[5] = 0x9b05688c2b3e6c1f;
+ TT.state.i64[6] = 0x1f83d9abfb41bd6b;
+ TT.state.i64[7] = 0x5be0cd19137e2179;
+ break;
+ default: error_exit("unrecognized hash method name"); break;
+ }
- transform = sha1 ? sha1_transform : md5_transform;
for (;;) {
i = read(fd, toybuf, sizeof(toybuf));
if (i<1) break;
- hash_update(toybuf, i, transform);
+ hash_update(toybuf, i, transform, chunksize);
}
count = TT.count << 3;
@@ -367,29 +618,39 @@ static void do_builtin_hash(int fd, char *name)
//
// Since our input up to now has been in whole bytes, we can deal with
// bytes here too.
-
buf = 0x80;
do {
- hash_update(&buf, 1, transform);
+ hash_update(&buf, 1, transform, chunksize);
buf = 0;
- } while ((TT.count & 63) != 56);
- count = sha1 ? SWAP_BE64(count) : SWAP_LE64(count);
- hash_update((void *)&count, 8, transform);
-
- if (sha1)
- for (i = 0; i < 20; i++)
- sprintf(toybuf+2*i, "%02x", 255&(TT.state[i>>2] >> ((3-(i & 3)) * 8)));
- else for (i=0; i<4; i++) sprintf(toybuf+8*i, "%08x", bswap_32(TT.state[i]));
-
+ } while ((TT.count & (chunksize - 1)) != (chunksize - lengthsize));
+ count = (TT.hashmethod == MD5) ? SWAP_LE64(count) : SWAP_BE64(count);
+ // Note that we should be using a 128-bit count for SHA384 and SHA512,
+ // but since we are using a 64-bit count, then SWAP_BE64() is correct.
+ printf("count=%lld count=%08X %08X\n", count, \
+ (uint32_t) (count >> 32), (uint32_t) count);
+ hash_update((void *)&count, 8, transform, chunksize);
+
+ // write digest to toybuf
+ if (TT.hashmethod == MD5) {
+ for (i=0; i<4; i++) sprintf(toybuf+8*i, "%08x", bswap_32(TT.state.i32[i]));
+ } else if ((TT.hashmethod == SHA1) || (TT.hashmethod == SHA224) || (TT.hashmethod == SHA256)) {
+ for (i=0; i<digestlen; i++)
+ sprintf(toybuf+2*i, "%02x", 255&(TT.state.i32[i>>2] >> ((3-(i & 3)) * 8)));
+ } else { // SHA384 and SHA512
+ for (i=0; i<(digestlen/8); i++) {
+ sprintf(toybuf+16*i, "%016lx", TT.state.i64[i]);
+ }
+ }
// Wipe variables. Cryptographer paranoia.
- // if we do this with memset(), gcc throws a broken warning, and the (long)
+ // if we do this with memset(), gcc throws a broken warning, and the (uint32_t)
// typecasts stop gcc from breaking "undefined behavior" that isn't.
- for (pp = (void *)TT.state; (unsigned long)pp-(unsigned long)TT.state<sizeof(TT)-((unsigned long)TT.state-(unsigned long)&TT); pp++)
+ for (pp = (void *)TT.state.i64; (uint64_t)pp-(uint64_t)TT.state.i64<sizeof(TT)-((uint64_t)TT.state.i64-(uint64_t)&TT); pp++)
*pp = 0;
i = strlen(toybuf)+1;
memset(toybuf+i, 0, sizeof(toybuf)-i);
}
+// Callback for loopfiles()
// Call builtin or lib hash function, then display output if necessary
static void do_hash(int fd, char *name)
{
@@ -466,7 +727,7 @@ void md5sum_main(void)
else if (toys.which->name[4]=='5') { TT.hashmethod = SHA256; }
else if (toys.which->name[4]=='8') { TT.hashmethod = SHA384; }
else if (toys.which->name[4]=='1') { TT.hashmethod = SHA512; }
- else { error_exit("unrecognized hash method name: %s", toys.which->name); }
+ else { error_exit("unrecognized hash method from command name: %s", toys.which->name); }
// Calculate table if we have floating point. Static version should drop
// out at compile time when we don't need it.
@@ -474,20 +735,20 @@ void md5sum_main(void)
switch(TT.hashmethod) {
case MD5:
if (CFG_TOYBOX_FLOAT) {
- TT.rconsttable = xmalloc(64*4);
- for (i = 0; i<64; i++) TT.rconsttable[i] = fabs(sin(i+1))*(1LL<<32);
- } else TT.rconsttable = md5nofloat;
+ TT.rconsttable32 = xmalloc(64*4);
+ for (i = 0; i<64; i++) TT.rconsttable32[i] = fabs(sin(i+1))*(1LL<<32);
+ } else TT.rconsttable32 = md5nofloat;
break;
case SHA1:
break;
case SHA224:
case SHA256:
//if (CFG_TOYBOX_FLOAT) {
- // TT.rconsttable = xmalloc(64*4);
- // for (i = 0; i<64; i++) TT.rconsttable[i] = TODO
+ // TT.rconsttable32 = xmalloc(64*4);
+ // for (i = 0; i<64; i++) TT.rconsttable32[i] = TODO
// first 32 bits of the fractional parts of the cube roots of the first 64 primes 2..311 -- but perhaps storing a list of primes would use a similar amount of memory anyway -?
- //} else TT.rconsttable = sha256nofloat;
- TT.rconsttable = sha256nofloat; // temporary
+ //} else TT.rconsttable32 = sha256nofloat;
+ TT.rconsttable32 = sha256nofloat; // temporary
break;
case SHA384:
case SHA512: