1 (edited by Vanger 2015-03-11 08:05:31)

Topic: [SOLVED] SHA384 mbed Implementation

Working on implementing the SHA384 hash function for mbed, I've been having trouble getting the compiler to build.
I define "#define CYASSL_SHA384" under <root CyaSSL dir>/cyassl/ctaocrypt/settings.h
But after doing so, the compiler proceeds to complain that:

Error: Identifier "SHA384_DIGEST_SIZE" is undefined in "mtsas/MTS-Socket/HTTPClient-SSL/CyaSSL/cyassl/ctaocrypt/hmac.h", Line: 96, Col: 23
Error: Identifier "SHA384_BLOCK_SIZE" is undefined in "mtsas/MTS-Socket/HTTPClient-SSL/CyaSSL/cyassl/ctaocrypt/hmac.h", Line: 97, Col: 23
Error: Identifier "Sha384" is undefined in "mtsas/MTS-Socket/HTTPClient-SSL/CyaSSL/cyassl/ctaocrypt/hmac.h", Line: 125, Col: 9
Error: Identifier "SHA384" is undefined in "mtsas/MTS-Socket/HTTPClient-SSL/CyaSSL/ctaocrypt/src/asn.c", Line: 2934, Col: 14

It seems as if the various files contain all of the code to implement the SHA384 hashing, but the compiler isn't linking them properly>
Is it required to have the SHA512 enabled?
The reason for wanting to use the SHA384 is due to https://httpbin.org's using SHA384 for some of their certificates it seems.

Share

Re: [SOLVED] SHA384 mbed Implementation

After much head-smashing I was able to get the compiler to work. It turns out there are two different #defines of:
SIZEOF_LONG
SIZE_OF_LONG
SIZEOF_LONG_LONG
SIZE_OF_LONG_LONG
Enabling both "#define CYASSL_SHA384" and "#define CYASSL_SHA512" the connection with httpbin.org using SHA384 certificates fails on verifying the signature:

About to verify certificate signature
SigOID 656
Rsa SSL verify match encode error
Confirm signature failed
Failed to verify CA from chain

It seems as if the encoding verify fails when checking the certificates from the server. Returning error 155: "ASN sig error, confirm failure"
Trying to remove the intermediate certificates to not be individually verified (loading only the root certificate in the chain), it then fails on error 188 (No CA signer to verify with ASN_NO_SIGNER_E) for not having the intermediate certificates (though the server sends all 4 certificates in the verification chain)

Share

Re: [SOLVED] SHA384 mbed Implementation

For SHA-384, you have to add the following to your settings.

#define CYASSL_SHA512
#define CYASSL_SHA384

Can you connect to the server using our example command line client using only your root CA? (For example, connecting to google.com with the GeoTrust Global CA certificate.)

When the client receives the Certificate message, it should be checking all the certificates in order from last to first. The last one is signed by the root CA, and the first is the peer's certificate. Each one is loaded into the certificate manager and used to verify the next certificate.

Re: [SOLVED] SHA384 mbed Implementation

Also, have you run the ctaocrypt test on your target board? It does some known answer tests for all the ciphers and hashes you have enabled.

Re: [SOLVED] SHA384 mbed Implementation

In answer to you first question:
I tried connecting to the server (httpbin.org) using the example client using the AddTrustExternalRootCA.pem, but was unable to get it to connect; kept returning error 188 - ASN no signer error to confirm failure
I think it needs the SHA384 to be added, but I'm a little confused on which file/where to enable the SHA384 usage?
Here's what I did to run the client:

./configure --enable-sha384 --enable-sha512
sudo make install
./testsuite/testsuite.test

It then displayed that the SHA256,SHA384,SHA512 had all three passed.
Then when running:

./examples/client/client -h httpbin.org -p 443 -A AddTrustCert -A ComodorRSACertAuth -A ComodorRSADomainValidSecureServerCA -g

Which then returns the -188 ASN signer error.
I would think using 3 of the 4 certificates offered by the server (discluding the servver cert itself) would work. Not sure why it's saying I have the wrong certificates.

In answer to your second question:
Code from running the main() in ctaocrypt/test.c

Found main
MD5      test passed!
MD4      test passed!
SHA      test passed!
SHA-256  test passed!
SHA-384  test failed!
 error = -10

Thus, it appears the SHA-384 code is failing on the mbed board?
I might be missing various defines that could be necessary, but I defined SIZEOF_LONG as well as SIZEOF_LONG_LONG.
I defined the SHA384 and SHA512 (which seem inter-correlated).

Share

Re: [SOLVED] SHA384 mbed Implementation

Looking more at the test SHA384 code, it looks like it is failing to get the correct memcmp() value returned.

if (memcmp(hash, test_sha[i].output, SHA384_DIGEST_SIZE) != 0)
            return -10 - i;

Checking the values of things:

SHA384_DIGEST_SIZE = 48

After InitSha384(&sha):
hash: 20017E30
test_sha[0].output 0

After Sha384Update(&sha,...):
hash: 20017E30
test_sha[0].output 801A4D4

After Sha384Final(&sha, hash):
hash: 20017E30
test_sha[0].output 801A4D4

Share

Re: [SOLVED] SHA384 mbed Implementation

Digging into the InitSha384 function call, it looks like th W64LIT() write operation is writing a 16 Hex to an 8 Hex memory space:
What it shows:

digest[0] [C1059ED8]
digest[1] [367CD507]
digest[2] [3070DD17]
digest[3] [F70E5939]
digest[4] [FFC00B31]
digest[5] [68581511]
digest[6] [64F98FA7]
digest[7] [BEFA4FA4]

What it should show:

digest[0] [cbbb9d5dc1059ed8]
digest[1] [629a292a367cd507]
digest[2] [9159015a3070dd17]
digest[3] [152fecd8f70e5939]
digest[4] [67332667ffc00b31]
digest[5] [8eb44a8768581511]
digest[6] [db0c2e0d64f98fa7]
digest[7] [47b5481dbefa4fa4]

Share

Re: [SOLVED] SHA384 mbed Implementation

For the "client" command you can only include one certificate with the "-A" option. The command line option processor saves the file name and loads the file later, so only the last file name is saved. If you

cat AddTrustCert ComodorRSACertAuth ComodorRSADomainValidSecureServerCA > combo.pem

and then -A combo.pem, all three will be loaded. (This assumes the certificates are in PEM format. We can't load DER certificates concatenated together.)

Back to the SHA-384 issue. Do you have 64-bit data types available on your platform? Could you do a

printf("sizeof(long long) = %u\n", sizeof(long long));

The SHA-384/512 uses type word64 (unsigned long long) in the internal state. And you deleted the "NO_SHA512" from the MBED settings? You are using the MBED block in settings.h with "#define CYASSL_MBED" uncommented? Setting SIZEOF_LONG_LONG to 8 should be enabling the typedef for word64 in types.h.

Re: [SOLVED] SHA384 mbed Implementation

The nucleo platform is 32-bit I believe.
The 64-bit "unsigned long long" variable is available.
sizeof(long long) returns 8.

Yep. Had commented out the #define NO_SHA512 line from the MBED settings and added the other defines.

#ifdef MBED
    #define USER_TIME
    #define DEBUG_CYASSL
    #define SIZEOF_LONG 4
    #define SIZEOF_LONG_LONG 8
    #define MAX_CHAIN_DEPTH 15
    #define NO_TIME_VERIFY //Define to disable certificate date verification
    #define CYASSL_USER_IO
    #define NO_FILESYSTEM
    #define NO_CERT
    #define USE_CERT_BUFFERS_1024
    #define NO_WRITEV
    #define NO_DEV_RANDOM
    #define CYASSL_SHA384
    #define CYASSL_SHA512
    //#define NO_SHA512
    #define NO_DH
    #define NO_DSA
    #define NO_HC128
    #define HAVE_ECC
    #define NO_SESSION_CACHE
    #define SINGLE_THREADED
    //#define CYASSL_CMSIS_RTOS
#endif

The #define NO_TIME_VERIFY is code we put in to remove the date checking on certificates, as the websites we needed to connect to contained outdated certs.

Share

10 (edited by Vanger 2015-02-16 14:08:02)

Re: [SOLVED] SHA384 mbed Implementation

I went back to the linux client and concatenated the pem files like you suggested, and it ran into the ASN 155 error, but that might be expected as the httpbin.org server has a certificate which expires before the server cert.
The test code still fails on the error -10.
Are there specific locations in the test code which I can print/test to make sure each step is being completed properly?
I did print out the hash and expected hash values to compare the values, but they look completely unrelated:

Hash  vs  test output
56      CB
CC      0
79      75
1D      3F
50      45
F2      A3
F9      5E
C       8B
8F      B5
DA      A0
C0      3D
B0      69
F2      9A
3E      C6
67      50
37      7
53      27
95      2C
83      32
0       AB
BB      E
3D      DE
7       D1
4D      63
A       1A
2A      8B
9C      60
C5      5A
E6      43
FC      FF
A4      5B
8       ED
2C      80
2F      86
12      7
F       2B
E7      A1
D4      E7
97      CC
35      23
FF      58
BA      BA
3D      EC
DC      A1
AB      34
D4      C8
75      25
82      A7

Note: The output mismatch from post 7 was due to a printf() formatting I missed, and is not relevant for the issues at hand.

Share

Re: [SOLVED] SHA384 mbed Implementation

On the signer error, I found this link. They are trying to get the right signer certs together in a chain file using the Comodor cert chain.

The order for the cat command should be:

$ cat ComodorRSADomainValidSecureServerCA ComodorRSACertAuth AddTrustCert > cert.pem

The peer certificate is signed by ComodorRSADomainValidSecureServerCA, which is signed by ComodorRSACertAuth, which is signed by AddTrustCert, which signs itself.


On the hash problem, if you take out the CYASSL_SHA384 does the SHA-512 test case succeed?

Is your device big-endian or little-endian?

12 (edited by Vanger 2015-02-18 09:12:19)

Re: [SOLVED] SHA384 mbed Implementation

If I remove the Sha384, then the Sha512 fails immediately afterwards with the same -10 error.

Note: If I remove the SHA512 ans SHA384 includes then the tests run through just fine. I would guess it is an issue with the SHA512 code that is cross-used by the SHA384 code, causing both to fail.

The device is Little-Endian (I tried with both Big-Endian and Little-Endian declared for various test runs, and only the Little-Endian works, not to mention I know from the board specs that it is Little-Endian)

As for the signer error, I went back and messed around with the cert ordering when concatenating, and was still getting the 155 error.
Note: I don't have access to the server itself, it's merely a public server we use to test HTTP access on. So if the issue is with their server-side certificate setup, then there's not much we can do to fix it.

Share

13 (edited by Vanger 2015-02-18 09:46:57)

Re: [SOLVED] SHA384 mbed Implementation

Using Openssl with the same cert.pem file on https://httpbin.org, I'm able to connect and get a HTTP 200 response.
The server sends the first 3 certificates on client request, so only the AddTrustExternalRootCA file is required for an SSL connection using OpenSSL.

Share

Re: [SOLVED] SHA384 mbed Implementation

OK. I see what's going on here. When running the wolfSSL client connecting to that server, you only need to add the root CA, AddTrustExternalRootCA. The server is sending its certificate, and the signing chain, including a copy of the AddTrust. When processing the Certificate message, wolfSSL ends up ignoring the AddTrust certificate and then checking the next certificate, COMODO RSA Certification Authority. That one is successfully verified and added to the CA pool. The next certificate, COMODO RSA Domain Validation Secure Server CA, is checked and is rejected because the signature fails.

This happens because by default wolfSSL is using fast math which uses preallocated buffers for the big integers, and the size defaults to 4096 to allow for the 2048x2048 bit multiply needed for RSA. The certificate COMODO RSA Certification Authority has a 4096-bit key, so the following RSA signature check fails.

I configured my local wolfSSL build to set FP_MAX_BITS=8192 which will allow for the 4096x4096 bit multiply. (Actually, first I used non-fastmath, then fastmath with with the bigger max bits.) The connection succeeded.

This doesn't answer why the SHA-384 and SHA-512 hash tests fail for you since those are known-answer tests that don't involve RSA or the big integer math. (I'll follow up on that later.)

For places to print out data, you could add prints of the digest at the end of Sha384Update() and run it both on your device and on the desktop and see when they start to differ.

Re: [SOLVED] SHA384 mbed Implementation

Is your compiler throwing any warnings during the build of wolfSSL?

Re: [SOLVED] SHA384 mbed Implementation

Which version of wolfSSL are you using right now and did you download it from our website?

Could you try

#define CTAOCRYPT_SLOW_WORD64

Re: [SOLVED] SHA384 mbed Implementation

Downloaded the 3.3.0 (Latest version) from your site, yes.
I ported the source files over to mbed and set it up similar to your example library for version 3.0.0 that was on mbed.
I'm using the online compiler for mbed.org and, as far as it shows, there are no compiler errors.
There are some warnings about assignments inside logic structures, such as

if(x = 5 == y){...}

, but no errors or anything beyond that.

Will get back to you on:

#define CTAOCRYPT_SLOW_WORD64
#define FAST_MATH
#define FP_MAX_BITS 8192
prints() at the end of the Sha384Update()

Share

18 (edited by Vanger 2015-02-20 09:32:44)

Re: [SOLVED] SHA384 mbed Implementation

Here is a printout of all of the comiler warnings that appear:

Warning: Function "rotrFixed" was declared but never referenced in "mtsas-dev/MTS-Socket-dev/HTTPClient-SSL/CyaSSL/ctaocrypt/src/misc.c", Line: 70, Col: 26
Warning: Function "ByteReverseWords" was declared but never referenced in "mtsas-dev/MTS-Socket-dev/HTTPClient-SSL/CyaSSL/ctaocrypt/src/misc.c", Line: 97, Col: 20
Warning: Function "rotlFixed64" was declared but never referenced in "mtsas-dev/MTS-Socket-dev/HTTPClient-SSL/CyaSSL/ctaocrypt/src/misc.c", Line: 111, Col: 22
Warning: Function "rotrFixed64" was declared but never referenced in "mtsas-dev/MTS-Socket-dev/HTTPClient-SSL/CyaSSL/ctaocrypt/src/misc.c", Line: 117, Col: 22
Warning: Function "ByteReverseWords64" was declared but never referenced in "mtsas-dev/MTS-Socket-dev/HTTPClient-SSL/CyaSSL/ctaocrypt/src/misc.c", Line: 138, Col: 20
Warning: Function "xorbuf" was declared but never referenced in "mtsas-dev/MTS-Socket-dev/HTTPClient-SSL/CyaSSL/ctaocrypt/src/misc.c", Line: 159, Col: 20
Warning: Assignment in condition in "mtsas-dev/MTS-Socket-dev/HTTPClient-SSL/CyaSSL/src/internal.c", Line: 10155, Col: 14
Warning: Assignment in condition in "mtsas-dev/MTS-Socket-dev/HTTPClient-SSL/CyaSSL/src/internal.c", Line: 10156, Col: 14
Warning: Assignment in condition in "mtsas-dev/MTS-Socket-dev/HTTPClient-SSL/CyaSSL/src/internal.c", Line: 10157, Col: 14
Warning: Assignment in condition in "mtsas-dev/MTS-Socket-dev/HTTPClient-SSL/CyaSSL/src/internal.c", Line: 10158, Col: 14
Warning: Assignment in condition in "mtsas-dev/MTS-Socket-dev/HTTPClient-SSL/CyaSSL/src/internal.c", Line: 10173, Col: 14
Warning: Assignment in condition in "mtsas-dev/MTS-Socket-dev/HTTPClient-SSL/CyaSSL/src/internal.c", Line: 10174, Col: 14
Warning: Assignment in condition in "mtsas-dev/MTS-Socket-dev/HTTPClient-SSL/CyaSSL/src/internal.c", Line: 10175, Col: 14
Warning: Assignment in condition in "mtsas-dev/MTS-Socket-dev/HTTPClient-SSL/CyaSSL/src/internal.c", Line: 10176, Col: 14
Warning: Assignment in condition in "mtsas-dev/MTS-Socket-dev/HTTPClient-SSL/CyaSSL/src/internal.c", Line: 11848, Col: 22
Warning: Assignment in condition in "mtsas-dev/MTS-Socket-dev/HTTPClient-SSL/CyaSSL/src/internal.c", Line: 11849, Col: 22
Warning: Assignment in condition in "mtsas-dev/MTS-Socket-dev/HTTPClient-SSL/CyaSSL/src/internal.c", Line: 11851, Col: 22
Warning: Assignment in condition in "mtsas-dev/MTS-Socket-dev/HTTPClient-SSL/CyaSSL/src/internal.c", Line: 11853, Col: 22
Warning: Assignment in condition in "mtsas-dev/MTS-Socket-dev/HTTPClient-SSL/CyaSSL/src/internal.c", Line: 11870, Col: 22
Warning: Assignment in condition in "mtsas-dev/MTS-Socket-dev/HTTPClient-SSL/CyaSSL/src/internal.c", Line: 11871, Col: 22
Warning: Assignment in condition in "mtsas-dev/MTS-Socket-dev/HTTPClient-SSL/CyaSSL/src/internal.c", Line: 11873, Col: 22
Warning: Assignment in condition in "mtsas-dev/MTS-Socket-dev/HTTPClient-SSL/CyaSSL/src/internal.c", Line: 11875, Col: 22
Warning: Function "printf" declared implicitly in "mtsas-dev/MTS-Socket-dev/HTTPClient-SSL/CyaSSL/ctaocrypt/src/sha512.c", Line: 405, Col: 5

Comparing the sha384 digest between the board and the linux build, the initialize functions are called on both, but on the first Transform384() operation, the Linux code gets a different digest than the mbed version.
Something with the actual digest function must be different.

Here's the code I put to print out the debug data at the end of Transform384():

    for(int i=0; i<8; i++)
    printf("digest %d %llX\r\n", i, sha384->digest[i]); //REMOVE
    
    return 0;

The code to print the digests at the end of the Sha384Update():

    //REMOVE FROM
    static int x=0;
    for(int i=0; i<(SHA512_DIGEST_SIZE / sizeof(word64)); i++) {
        printf("digest(0)\t%llX\n",sha384->digest[i]); //REMOVE
    } x++;
    //REMOVE TO
    return 0;

The printouts for the actual digest data returned:

Mbed Nucleo Board:
digest(0)       CBBB9D5DC1059ED8
digest(0)       629A292A367CD507
digest(0)       9159015A3070DD17
digest(0)       152FECD8F70E5939
digest(0)       67332667FFC00B31
digest(0)       8EB44A8768581511
digest(0)       DB0C2E0D64F98FA7
digest(0)       47B5481DBEFA4FA4
digest 0 56CC791D50F2F90C
digest 1 8FDAC0B0F23E6737
digest 2 53958300BB3D074D
digest 3 A2A9CC5E6FCA408
digest 4 2C2F120FE7D49735
digest 5 FFBA3DDCABD47582
digest 6 FA79EF93D2258E9A
digest 7 68C05211D2BC1F91
LINUX:
InitSha384 Called
digest(0)    CBBB9D5DC1059ED8
digest(0)    629A292A367CD507
digest(0)    9159015A3070DD17
digest(0)    152FECD8F70E5939
digest(0)    67332667FFC00B31
digest(0)    8EB44A8768581511
digest(0)    DB0C2E0D64F98FA7
digest(0)    47B5481DBEFA4FA4
InitSha384 Called
digest(0)    CBBB9D5DC1059ED8
digest(0)    629A292A367CD507
digest(0)    9159015A3070DD17
digest(0)    152FECD8F70E5939
digest(0)    67332667FFC00B31
digest(0)    8EB44A8768581511
digest(0)    DB0C2E0D64F98FA7
digest(0)    47B5481DBEFA4FA4
digest 0 23FCDB853C1B60CB
digest 1 BC2332F642B7A150
digest 2 A39326D7E9F38FB7
digest 3 DBBBCFBBB544C85C
digest 4 F5983FEBD1710751
digest 5 566BFD073BE1C356
digest 6 A07A863D879EDD50
digest 7 B56481C7230EB91D

Share

Re: [SOLVED] SHA384 mbed Implementation

Looking at the W[16] array used for the hashing, it seems as though the "abc" string isn't input into the array for processing into the final hash.

W[0] [00000000]
W[1] [00000000]
W[2] [00000000]
W[3] [00000000]
W[4] [00000000]
W[5] [00000000]
W[6] [00000000]
W[7] [00000000]
W[8] [00000000]
W[9] [00000000]
W[10] [00000000]
W[11] [00000000]
W[12] [00000000]
W[13] [00000000]
W[14] [00000000]
W[15] [00000018]

Comparing it with this (http://m.metamorphosite.com/show-steps? … ;input=abc) example of SHA384 Hashing I found, it seems as though the "abc" string needs to be prefixed to the Word array before processing the algorithm. This would explain why all of the digest values are off as well.

Share

Re: [SOLVED] SHA384 mbed Implementation

Iteration 3: W[1] is the first different word during the hashing;
h(i) changes by 2-6 bits to cause it to change the W[1] value, which cascades to more wrong numbers later.
h(i) outputs: 9CB641F2CED773F3 (On the MBED board)
                  : 9CB941F2CED774B3 (On the LINUX VM)

Share

21 (edited by Vanger 2015-02-20 13:47:34)

Re: [SOLVED] SHA384 mbed Implementation

John,
The Httpbin.org Certs chain worked successfully (on Linux) setting FP_MAX_BITS=8192. (Returned 404 response from server)
It could be that the hash macros are being interpreted slightly different between the linux and mbed compilers?
It also might be possible that the linux compiler does something, like initializing a variable automatically, while the mbed compiler just leaves it as NULL? (Although, pretty unlikely as the compilers check pretty thoroughly for referencing uninitialized variables)
Lastly, there could be an issue with the array indexing that is causing the mbed compiler to reference a table outside of where the table was specified? (Also unlikely, as the compilers check for bounds errors too)

Share

Re: [SOLVED] SHA384 mbed Implementation

re 19:
I think you are showing the LS 32-bits of the buffer words. Right before the Transform384 in Sha384Final using the data "abc", I get

(lldb) p/x sha384->buffer
(word64 [16]) $18 = {
  [0] = 0x6162638000000000
  [1] = 0x0000000000000000
  [2] = 0x0000000000000000
  [3] = 0x0000000000000000
  [4] = 0x0000000000000000
  [5] = 0x0000000000000000
  [6] = 0x0000000000000000
  [7] = 0x0000000000000000
  [8] = 0x0000000000000000
  [9] = 0x0000000000000000
  [10] = 0x0000000000000000
  [11] = 0x0000000000000000
  [12] = 0x0000000000000000
  [13] = 0x0000000000000000
  [14] = 0x0000000000000000
  [15] = 0x0000000000000018

This looks like "Chunk" 0 in the example you gave me from that external site. (I'm running on OS X.)

In 20, when you say iteration 3, are you talking about the loop in Transform384? (So, technically iteration 48, since that loop is doing 16 iterations at a time?)

Since your compiler is trying to do 64-bit stuff with a 32-bit compiler, maybe it is tripping up on not rotating something enough, or truncating a 64-value at 32-bits in the wrong spot.

I don't think it is accessing outside the tables with negative array indices because they are masked to 3 or 4 bits. (unless there are shenanigans regarding the types of the bare numbers.) And there shouldn't be any assumptions made about locals being initialized, beyond they aren't.

Re: [SOLVED] SHA384 mbed Implementation

Tangent: It looks like you included "misc.c" in your project. With the way your build is configured, that file is included in the other files that needs it. There is an option to compile it on its own, but you aren't using that, and it is a little faster to not do that. And all the warnings in internal.c shouldn't be there; we added the parens around the assignments that is supposed to hush those warnings.

Re: [SOLVED] SHA384 mbed Implementation

Yes, you are right, I keep forgetting to modify the printf() to display the 64-bit values properly. When I went back and displayed it, it is showing the data prefixed to the first W[0] properly.

Yes, when I meant iteration 3, I meant that it had run through the 16 times processing twice, and was then on the third run through the 16 times loop. So, in that case, W[1] is actually the 34th "iteration" of the hash (2*16 + 2).

I agree with you on the table indices. I saw the bit masking on it, but still wanted to point it out as a possible cause.
And if no initializations are assumed, the variable declarations should be fine as well.

I am going to see if unrolling the bit operations (printing them) will show up any issues, but with how it runs fine through the first 32 operations just fine, it seems odd that it wouldn't screw up on the first iteration.

@Post 23 (Tangent): The mbed compiler does parallel compiling (I think), which might explain why the warnings show up whether they should or not. And they aren't consistent tbh, as sometimes the compiler will compile with no problems.

@32 vs 64 bit-ops: I'll be going through the bit operations and checking that the compiler runs the code as we would expect. All of the intermediate T[0] arrays contain the correct values when running on either platform (at least, up until the first W[1] is wrong)

Share

Re: [SOLVED] SHA384 mbed Implementation

It seems as if the hashing algorithm processes the first 32 blk2(i) operations correctly, but on the 33 it creates an incorrect result:

Iteration 33: blk2 92D4BFEAC8EE6CFB, array C93D547309EF4D2, Not the same
Iteration 34: blk2 FFFEDFFD9E05126B, array 152C73430238B6F8, Not the same
Iteration 35: blk2 75444F924D39F8CB, array 846A3B16EE426CA4, Not the same
Iteration 36: blk2 CBF727880F864734, array B6E512076FE85EFC, Not the same
Iteration 37: blk2 291AD7607119D8CE, array C4A989751CD5BDB0, Not the same
Iteration 38: blk2 634B4CB4052F9E01, array 2D6D5DF323C1D60A, Not the same
Iteration 39: blk2 38648D9AC374B0AD, array 1DECDCE0AB72FDC0, Not the same
Iteration 40: blk2 A1C61F12F1BC64F7, array EB78BB0BF025F958, Not the same
Iteration 41: blk2 8DFC2389BDA7B833, array 54C9385E9286C59A, Not the same
Iteration 42: blk2 82D8C2219F60AA25, array E609F1799268CBA0, Not the same
Iteration 43: blk2 848D4588E2C8173A, array 59513AFC0AF10668, Not the same
Iteration 44: blk2 8F9005DBFF894B94, array 36EF7435E3C554CA, Not the same
Iteration 45: blk2 1CDBC134F85B657B, array F7BF649F11283104, Not the same
Iteration 46: blk2 747B88619567CC8D, array 888F3D5A93C9ADFE, Not the same
Iteration 47: blk2 AD57F182EC429784, array 83DBDD9DDB8C0740, Not the same
Iteration 48: blk2 39B88CB240CD5D09, array A1A960E19BE75670, Not the same
Iteration 49: blk2 83F4490B8C668842, array F66D7A6A7F201430, Not the same
Iteration 50: blk2 C3372DF0694F503, array 61499E3C9AD4E0D6, Not the same
Iteration 51: blk2 59A5C7A11465DD87, array A40560DE31B821D8, Not the same
Iteration 52: blk2 143325BE752620DD, array 7C3C8EF1E2EF8E14, Not the same
Iteration 53: blk2 95F99D079519BC2D, array 5C4A464DFFAABD94, Not the same
Iteration 54: blk2 EC7CAC072605D68F, array F671E3C045B79DE2, Not the same
Iteration 55: blk2 9243E5CA611D604C, array 23666934B00CC330, Not the same
Iteration 56: blk2 E2CC15841B7D51A4, array C15C4D3665F4686A, Not the same
Iteration 57: blk2 CC01CF875B5E89F1, array C36BE3118E37B976, Not the same
Iteration 58: blk2 5D8DE3E4CA67B26B, array C07010F0F7CCEC5E, Not the same
Iteration 59: blk2 E5F6DF0D5F340C7D, array D31C4EC7C82C36EA, Not the same
Iteration 60: blk2 168877C71A6E7029, array 2728282B35B63110, Not the same
Iteration 61: blk2 4048D01FBC7AE37A, array 974606C2986C81EA, Not the same
Iteration 62: blk2 94D0C7C56086472C, array D02EDF4C93FCD196, Not the same
Iteration 63: blk2 255C9F7394695650, array 99A2097C99EFBA54, Not the same
Iteration 64: blk2 F98202F342EC0A78, array ECE272B4A6FB78C2, Not the same
Iteration 65: blk2 CA45E54894E33311, array B3D469AF78B00660, Not the same
Iteration 66: blk2 BB50C4B098AA5ADA, array 36D03F5076787E1C, Not the same
Iteration 67: blk2 921966AB72B1C0E1, array 80C9CC5C4E74AB3C, Not the same
Iteration 68: blk2 799EB278A124935F, array 937F1199535413AC, Not the same
Iteration 69: blk2 90D471B377BAE0A5, array 4F42780461FC927A, Not the same
Iteration 70: blk2 5909BA40AAFC44D7, array A4E4F8C1C101CAC4, Not the same
Iteration 71: blk2 8486A80E9EDDE4F5, array E7C9D38D7173E116, Not the same
Iteration 72: blk2 53A7096D05837E1D, array 90BF3ED4628C5066, Not the same
Iteration 73: blk2 76BFED3386CA1C3A, array 33E461FE597BCE1E, Not the same
Iteration 74: blk2 D297A901A881A25C, array E36961AA31B79D7A, Not the same
Iteration 75: blk2 5419F616CEF910B, array CE73FAE9BAE88DC4, Not the same
Iteration 76: blk2 E7B6F774BEA6FF32, array DCB6947C238C281A, Not the same
Iteration 77: blk2 8432BFCE9A7F37A8, array A21B34A570EAE97C, Not the same
Iteration 78: blk2 4BC73A806AEBE636, array 9A448FFF86625798, Not the same
Iteration 79: blk2 C780833B64180392, array C4A5823564365BAA, Not the same

(Array contains a table of the expected values based on the Linux VM output)

Share