SHA2 pipeline with support for 256, 384, and 512 bits

Implemented pipeline around sph sha calls using standard test vectors for full-byte values. Did not test or support partial byte values.

SHA2 pipeline with support for 256, 384, and 512 bits
Implemented pipeline around sph sha calls using standard test vectors for full-byte values. Did not test or support partial byte values.
Jay Berkenbilt
1 parent c9da66a0
Showing 8 changed files with 321 additions and 1 deletions
libqpdf/Pl_SHA2.cc
libqpdf/build.mk
libqpdf/qpdf/Pl_SHA2.hh
libqpdf/sph/sph_sha2.h
libtests/build.mk
libtests/qtest/sha2.test
libtests/qtest/sha2/sha2.out
libtests/sha2.cc
+#include <qpdf/Pl_SHA2.hh>
+#include <stdexcept>
+#include <cstdio>
+#include <qpdf/PointerHolder.hh>
+
+Pl_SHA2::Pl_SHA2(int bits, Pipeline* next) :
+    Pipeline("sha2", next),
+    in_progress(false),
+    bits(0)
+{
+    if (bits)
+    {
+        resetBits(bits);
+    }
+}
+
+Pl_SHA2::~Pl_SHA2()
+{
+}
+
+void
+Pl_SHA2::badBits()
+{
+    throw std::logic_error("Pl_SHA2 has unexpected value for bits");
+}
+
+void
+Pl_SHA2::write(unsigned char* buf, size_t len)
+{
+    if (! this->in_progress)
+    {
+        switch (bits)
+        {
+          case 256:
+            sph_sha256_init(&this->ctx256);
+            break;
+          case 384:
+            sph_sha384_init(&this->ctx384);
+            break;
+          case 512:
+            sph_sha512_init(&this->ctx512);
+            break;
+          default:
+            badBits();
+            break;
+        }
+	this->in_progress = true;
+    }
+
+    // Write in chunks in case len is too big to fit in an int.
+    // Assume int is at least 32 bits.
+    static size_t const max_bytes = 1 << 30;
+    size_t bytes_left = len;
+    unsigned char* data = buf;
+    while (bytes_left > 0)
+    {
+	size_t bytes = (bytes_left >= max_bytes ? max_bytes : bytes_left);
+        switch (bits)
+        {
+          case 256:
+            sph_sha256(&this->ctx256, data, bytes);
+            break;
+          case 384:
+            sph_sha384(&this->ctx384, data, bytes);
+            break;
+          case 512:
+            sph_sha512(&this->ctx512, data, bytes);
+            break;
+          default:
+            badBits();
+            break;
+        }
+	bytes_left -= bytes;
+        data += bytes;
+    }
+
+    if (this->getNext(true))
+    {
+        this->getNext()->write(buf, len);
+    }
+}
+
+void
+Pl_SHA2::finish()
+{
+    if (this->getNext(true))
+    {
+        this->getNext()->finish();
+    }
+    switch (bits)
+    {
+      case 256:
+        sph_sha256_close(&this->ctx256, sha256sum);
+        break;
+      case 384:
+        sph_sha384_close(&this->ctx384, sha384sum);
+        break;
+      case 512:
+        sph_sha512_close(&this->ctx512, sha512sum);
+        break;
+      default:
+        badBits();
+        break;
+    }
+    this->in_progress = false;
+}
+
+void
+Pl_SHA2::resetBits(int bits)
+{
+    if (this->in_progress)
+    {
+	throw std::logic_error(
+	    "bit reset requested for in-progress SHA2 Pipeline");
+    }
+    if (! ((bits == 256) || (bits == 384) || (bits == 512)))
+    {
+	throw std::logic_error("Pl_SHA2 called with bits != 256, 384, or 512");
+    }
+    this->bits = bits;
+}
+
+std::string
+Pl_SHA2::getRawDigest()
+{
+    std::string result;
+    switch (bits)
+    {
+      case 256:
+        result = std::string((char*)this->sha256sum, sizeof(this->sha256sum));
+        break;
+      case 384:
+        result = std::string((char*)this->sha384sum, sizeof(this->sha384sum));
+        break;
+      case 512:
+        result = std::string((char*)this->sha512sum, sizeof(this->sha512sum));
+        break;
+      default:
+        badBits();
+        break;
+    }
+    return result;
+}
+
+std::string
+Pl_SHA2::getHexDigest()
+{
+    if (this->in_progress)
+    {
+	throw std::logic_error(
+	    "digest requested for in-progress SHA2 Pipeline");
+    }
+    std::string raw = getRawDigest();
+    size_t raw_size = raw.length();
+    size_t hex_size = 1 + (2 * raw_size);
+    PointerHolder<char> bufp(true, new char[hex_size]);
+    char* buf = bufp.getPointer();
+    buf[hex_size - 1] = '\0';
+    for (unsigned int i = 0; i < raw_size; ++i)
+    {
+        std::sprintf(buf + i * 2, "%02x", (unsigned char)raw[i]);
+    }
+    return buf;
+}
@@ -28,6 +28,7 @@ SRCS_libqpdf = \
 	libqpdf/Pl_PNGFilter.cc \
 	libqpdf/Pl_QPDFTokenizer.cc \
 	libqpdf/Pl_RC4.cc \
+	libqpdf/Pl_SHA2.cc \
 	libqpdf/Pl_StdioFile.cc \
 	libqpdf/QPDF.cc \
 	libqpdf/QPDFExc.cc \
+#ifndef __PL_SHA2_HH__
+#define __PL_SHA2_HH__
+
+// Bits must be a supported number of bits, currently only 256, 384,
+// or 512.  Passing 0 as bits leaves the pipeline uncommitted, in
+// which case resetBits must be called before the pipeline is used.
+// If a next is provided, this pipeline sends its output to its
+// successor unmodified.  After calling finish, the SHA2 checksum of
+// the data that passed through the pipeline is available.
+
+// This pipeline is reusable; i.e., it is safe to call write() after
+// calling finish().  The first call to write() after a call to
+// finish() initializes a new SHA2 object.  resetBits may also be
+// called between finish and the next call to write.
+
+#include <qpdf/Pipeline.hh>
+#include <sph/sph_sha2.h>
+
+class Pl_SHA2: public Pipeline
+{
+  public:
+    QPDF_DLL
+    Pl_SHA2(int bits = 0, Pipeline* next = 0);
+    QPDF_DLL
+    virtual ~Pl_SHA2();
+    QPDF_DLL
+    virtual void write(unsigned char*, size_t);
+    QPDF_DLL
+    virtual void finish();
+    QPDF_DLL
+    void resetBits(int bits);
+    QPDF_DLL
+    std::string getHexDigest();
+    QPDF_DLL
+    std::string getRawDigest();
+
+  private:
+    void badBits();
+
+    bool in_progress;
+    int bits;
+    sph_sha256_context ctx256;
+    sph_sha384_context ctx384;
+    sph_sha512_context ctx512;
+    unsigned char sha256sum[32];
+    unsigned char sha384sum[48];
+    unsigned char sha512sum[64];
+};
+
+#endif // __PL_SHA2_HH__
@@ -40,6 +40,10 @@
 #ifndef SPH_SHA2_H__
 #define SPH_SHA2_H__
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 #include <stddef.h>
 #include "sph_types.h"
@@ -367,4 +371,8 @@ void sph_sha512_comp(const sph_u64 msg[16], sph_u64 val[8]);
 #endif
+#ifdef __cplusplus
+}
+#endif
+
 #endif
@@ -12,7 +12,8 @@ BINS_libtests = \
 	png_filter \
 	pointer_holder \
 	qutil \
-	rc4
+	rc4 \
+	sha2
 TARGETS_libtests = $(foreach B,$(BINS_libtests),libtests/$(OUTPUT_DIR)/$(call binname,$(B)))
+#!/usr/bin/env perl
+require 5.008;
+BEGIN { $^W = 1; }
+use strict;
+
+chdir("sha2") or die "chdir testdir failed: $!\n";
+
+require TestDriver;
+
+my $td = new TestDriver('sha2');
+
+$td->runtest("sha2",
+	     {$td->COMMAND => "sha2"},
+	     {$td->FILE => "sha2.out",
+	      $td->EXIT_STATUS => 0},
+	     $td->NORMALIZE_NEWLINES);
+
+$td->report(1);
+256 short: passed
+256 long: passed
+256 million: passed
+384 short: passed
+384 long: passed
+384 million: passed
+512 short: passed
+512 long: passed
+512 million: passed
+#include <qpdf/Pl_SHA2.hh>
+#include <iostream>
+#include <stdlib.h>
+#include <string.h>
+#include <qpdf/QUtil.hh>
+
+static void test(Pl_SHA2& sha2, char const* description, int bits,
+                 char const* input, std::string const& output)
+{
+    sha2.resetBits(bits);
+    sha2.write((unsigned char*) input, strlen(input));
+    sha2.finish();
+    std::cout << description << ": ";
+    if (output == sha2.getHexDigest())
+    {
+        std::cout << "passed\n";
+    }
+    else
+    {
+        std::cout << "failed\n"
+                  << "  expected: " << output << "\n"
+                  << "  actual:   " << sha2.getHexDigest() << "\n";
+    }
+}
+
+int main( int argc, char *argv[] )
+{
+    Pl_SHA2 sha2;
+    char million_a[1000001];
+    memset(million_a, 'a', 1000000);
+    million_a[1000000] = '\0';
+    test(sha2, "256 short", 256,
+         "abc",
+         "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad");
+    test(sha2, "256 long", 256,
+         "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+         "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1");
+    test(sha2, "256 million", 256,
+         million_a,
+         "cdc76e5c9914fb9281a1c7e284d73e67f1809a48a497200e046d39ccc7112cd0");
+    test(sha2, "384 short", 384,
+         "abc",
+         "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded163"
+         "1a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7");
+    test(sha2, "384 long", 384,
+         "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
+         "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
+         "09330c33f71147e83d192fc782cd1b4753111b173b3b05d2"
+         "2fa08086e3b0f712fcc7c71a557e2db966c3e9fa91746039");
+    test(sha2, "384 million", 384,
+         million_a,
+         "9d0e1809716474cb086e834e310a4a1ced149e9c00f24852"
+         "7972cec5704c2a5b07b8b3dc38ecc4ebae97ddd87f3d8985");
+    test(sha2, "512 short", 512,
+         "abc",
+         "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a"
+         "2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f");
+    test(sha2, "512 long", 512,
+         "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
+         "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
+         "8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018"
+         "501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909");
+    test(sha2, "512 million", 512,
+         million_a,
+         "e718483d0ce769644e2e42c7bc15b4638e1f98b13b2044285632a803afa973eb"
+         "de0ff244877ea60a4cb0432ce577c31beb009c5c2c49aa2e4eadb217ad8cc09b");
+
+    return 0;
+}