Problem in computing hash SHA256 in contiki

[sabah]

Hello everyone

I want to compute the hash of a message in contiki OS. I search through some links (https://stackoverflow.com/questions/29973642/sha256-wrong-hash-in-contiki-os) and find some way to compute SHA 256 of a simple Hello++World message. Now the problem is its not computing the correct hash. The message is "Hello++World" so its SHA256 should be : e653ac4c7ab38d231a0a8be4a0b035c41cd5875429eb09e9abda2e8b06c23fa9

but when i run my code in cooja it appears to be different. 

Below is my code. 

#include "contiki.h"

#include <stdio.h> 

#include <stdint.h>

/*---------------------------------------------------------------------------*/

PROCESS(hello_world_process, "Hello world process");

AUTOSTART_PROCESSES(&hello_world_process);

/*---------------------------------------------------------------------------*/

void print_hash(unsigned char hash[])

{

    int idx;

    for (idx=0; idx < 32; idx++)

       printf("%02x",hash[idx]);

    printf("\n");

}

#define uchar unsigned char // 8-bit byte

//#define uint unsigned int // 32-bit word

#define uint uint32_t // 32-bit word

// DBL_INT_ADD treats two unsigned ints a and b as one 64-bit integer and adds c to it

#define DBL_INT_ADD(a,b,c) if (a > 0xffffffff - (c)) ++b; a += c;

#define ROTLEFT(a,b) (((a) << (b)) | ((a) >> (32-(b))))

#define ROTRIGHT(a,b) (((a) >> (b)) | ((a) << (32-(b))))

#define CH(x,y,z) (((x) & (y)) ^ (~(x) & (z)))

#define MAJ(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))

#define EP0(x) (ROTRIGHT(x,2) ^ ROTRIGHT(x,13) ^ ROTRIGHT(x,22))

#define EP1(x) (ROTRIGHT(x,6) ^ ROTRIGHT(x,11) ^ ROTRIGHT(x,25))

#define SIG0(x) (ROTRIGHT(x,7) ^ ROTRIGHT(x,18) ^ ((x) >> 3))

#define SIG1(x) (ROTRIGHT(x,17) ^ ROTRIGHT(x,19) ^ ((x) >> 10))

typedef struct {

   uchar data[64];

   uint datalen;

   uint bitlen[2];

   uint state[8];

} SHA256_CTX;

uint k[64] = {

   0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5,0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5,

   0xd807aa98,0x12835b01,0x243185be,0x550c7dc3,0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174,

   0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc,0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da,

   0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7,0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967,

   0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13,0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85,

   0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3,0xd192e819,0xd6990624,0xf40e3585,0x106aa070,

   0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5,0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3,

   0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208,0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2

};

void sha256_transform(SHA256_CTX *ctx, uchar data[])

{  

   uint a,b,c,d,e,f,g,h,i,j,t1,t2,m[64];

      

   for (i=0,j=0; i < 16; ++i, j += 4)

      m[i] = (data[j] << 24) | (data[j+1] << 16) | (data[j+2] << 8) | (data[j+3]);

   for ( ; i < 64; ++i)

      m[i] = SIG1(m[i-2]) + m[i-7] + SIG0(m[i-15]) + m[i-16];

   a = ctx->state[0];

   b = ctx->state[1];

   c = ctx->state[2];

   d = ctx->state[3];

   e = ctx->state[4];

   f = ctx->state[5];

   g = ctx->state[6];

   h = ctx->state[7];

   

   for (i = 0; i < 64; ++i) {

      t1 = h + EP1(e) + CH(e,f,g) + k[i] + m[i];

      t2 = EP0(a) + MAJ(a,b,c);

      h = g;

      g = f;

      f = e;

      e = d + t1;

      d = c;

      c = b;

      b = a;

      a = t1 + t2;

   }

   

   ctx->state[0] += a;

   ctx->state[1] += b;

   ctx->state[2] += c;

   ctx->state[3] += d;

   ctx->state[4] += e;

   ctx->state[5] += f;

   ctx->state[6] += g;

   ctx->state[7] += h;

}  

void sha256_init(SHA256_CTX *ctx)

{  

   ctx->datalen = 0; 

   ctx->bitlen[0] = 0; 

   ctx->bitlen[1] = 0; 

   ctx->state[0] = 0x6a09e667;

   ctx->state[1] = 0xbb67ae85;

   ctx->state[2] = 0x3c6ef372;

   ctx->state[3] = 0xa54ff53a;

   ctx->state[4] = 0x510e527f;

   ctx->state[5] = 0x9b05688c;

   ctx->state[6] = 0x1f83d9ab;

   ctx->state[7] = 0x5be0cd19;

}

void sha256_update(SHA256_CTX *ctx, uchar data[], uint len)

{  

   uint t,i;

   

   for (i=0; i < len; ++i) { 

      ctx->data[ctx->datalen] = data[i]; 

      ctx->datalen++; 

      if (ctx->datalen == 64) { 

         sha256_transform(ctx,ctx->data);

         DBL_INT_ADD(ctx->bitlen[0],ctx->bitlen[1],512); 

         ctx->datalen = 0; 

      }  

   }  

}  

void sha256_final(SHA256_CTX *ctx, uchar hash[])

{  

   uint i; 

   

   i = ctx->datalen; 

   

   // Pad whatever data is left in the buffer. 

   if (ctx->datalen < 56) { 

      ctx->data[i++] = 0x80; 

      while (i < 56) 

         ctx->data[i++] = 0x00; 

   }  

   else { 

      ctx->data[i++] = 0x80; 

      while (i < 64) 

         ctx->data[i++] = 0x00; 

      sha256_transform(ctx,ctx->data);

      memset(ctx->data,0,56); 

   }  

   

   // Append to the padding the total message's length in bits and transform. 

   DBL_INT_ADD(ctx->bitlen[0],ctx->bitlen[1],ctx->datalen * 8);

   ctx->data[63] = ctx->bitlen[0]; 

   ctx->data[62] = ctx->bitlen[0] >> 8; 

   ctx->data[61] = ctx->bitlen[0] >> 16; 

   ctx->data[60] = ctx->bitlen[0] >> 24; 

   ctx->data[59] = ctx->bitlen[1]; 

   ctx->data[58] = ctx->bitlen[1] >> 8; 

   ctx->data[57] = ctx->bitlen[1] >> 16;  

   ctx->data[56] = ctx->bitlen[1] >> 24; 

   sha256_transform(ctx,ctx->data);

   

   // Since this implementation uses little endian byte ordering and SHA uses big endian,

   // reverse all the bytes when copying the final state to the output hash. 

   for (i=0; i < 4; ++i) { 

      hash[i]    = (ctx->state[0] >> (24-i*8)) & 0x000000ff; 

      hash[i+4]  = (ctx->state[1] >> (24-i*8)) & 0x000000ff; 

      hash[i+8]  = (ctx->state[2] >> (24-i*8)) & 0x000000ff;

      hash[i+12] = (ctx->state[3] >> (24-i*8)) & 0x000000ff;

      hash[i+16] = (ctx->state[4] >> (24-i*8)) & 0x000000ff;

      hash[i+20] = (ctx->state[5] >> (24-i*8)) & 0x000000ff;

      hash[i+24] = (ctx->state[6] >> (24-i*8)) & 0x000000ff;

      hash[i+28] = (ctx->state[7] >> (24-i*8)) & 0x000000ff;

   }  

}  

PROCESS_THREAD(hello_world_process, ev, data)

{

  PROCESS_BEGIN();

unsigned char text1[]={"Hello++World"},hash[32];

   int idx;

   SHA256_CTX ctx;

   // Hash one

   sha256_init(&ctx);

   sha256_update(&ctx,text1,strlen(text1));

   sha256_final(&ctx,hash);

   print_hash(hash);

 

  printf("%s",text1);

//printf("\n%d",strlen(text1));

  

  PROCESS_END();

}

/*---------------------------------------------------------------------------*/

[eryk.s...@gmail.com]

Dear Sabah,

I provided your "Hello+World message into an online SHA256 calculator [1] and received the following checksum:
9920295730abff4362e0ec21946ea140c94b3248425dca495db734c24a225ed5.

I modified your code a little bit so that it can work on a regular Linux. 

1) I removed the following lines:

#include "contiki.h"

PROCESS(hello_world_process, "Hello world process");

AUTOSTART_PROCESSES(&hello_world_process);

PROCESS_BEGIN();

PROCESS_END();

2) replaced:

"PROCESS_THREAD(hello_world_process, ev, data)" with "int main()",

3) added 

#include <string.h>

The file compiles with a couple of warnings:

x.c: In function ‘sha256_update’:

x.c:107:9: warning: unused variable ‘t’ [-Wunused-variable]

    uint t,i;

x.c: In function ‘main’:

x.c:176:36: warning: pointer targets in passing argument 1 of ‘strlen’ differ in signedness [-Wpointer-sign]

    sha256_update(&ctx,text1,strlen(text1));

In file included from x.c:3:

/usr/include/string.h:384:15: note: expected ‘const char *’ but argument is of type ‘unsigned char *’

 extern size_t strlen (const char *__s)

x.c:171:8: warning: unused variable ‘idx’ [-Wunused-variable]

    int idx;

and the program works fine:

9920295730abff4362e0ec21946ea140c94b3248425dca495db734c24a225ed5

Hello++World

I then compiled the code for the Contiki 2.7 OS with the unpatched MSP430 GCC 4.6.3. The code drops ugly warnings about the left shift count:

hello-world.c: In function ‘sha256_transform’:

hello-world.c:59:7: warning: left shift count >= width of type [enabled by default]

hello-world.c:59:7: warning: left shift count >= width of type [enabled by default]

hello-world.c: In function ‘sha256_update’:

hello-world.c:112:9: warning: unused variable ‘t’ [-Wunused-variable]

hello-world.c: In function ‘sha256_final’:

hello-world.c:142:7: warning: implicit declaration of function ‘memset’ [-Wimplicit-function-declaration]

hello-world.c:142:7: warning: incompatible implicit declaration of built-in function ‘memset’ [enabled by default]

hello-world.c: In function ‘process_thread_hello_world_process’:

hello-world.c:182:4: warning: implicit declaration of function ‘strlen’ [-Wimplicit-function-declaration]

hello-world.c:182:29: warning: incompatible implicit declaration of built-in function ‘strlen’ [enabled by default]

hello-world.c:182:4: warning: pointer targets in passing argument 1 of ‘strlen’ differ in signedness [-Wpointer-sign]

hello-world.c:182:4: note: expected ‘const char *’ but argument is of type ‘unsigned char *’

hello-world.c:177:8: warning: unused variable ‘idx’ [-Wunused-variable]

and does not work properly on my TelosB devices:

1565119553.678: Starting 'Hello world process'

1565119553.707: 1a38615af96854f88c48a2adf42f962e69283aa52e4943f63ec2fe334e7b4799

1565119553.707: Hello++World

I had to replace:

m[i] = (data[j] << 24) | (data[j+1] << 16) | (data[j+2] << 8) | (data[j+3]);

with

m[i] = ((uint) data[j] << 24) | ((uint) data[j+1] << 16) | ((uint) data[j+2] << 8) | ((uint) data[j+3]);

and it started working fine:

1565119764.005: Starting 'Hello world process'

1565119764.020: 9920295730abff4362e0ec21946ea140c94b3248425dca495db734c24a225ed5

1565119764.036: Hello++World

However, I guess that currently you should point your attention towards the tinydtls implementation of contiki-ng.

[1] https://www.xorbin.com/tools/sha256-hash-calculator

[2] https://github.com/contiki-ng/tinydtls/tree/master/sha2

Best regards,

Eryk Schiller