Why is SHA512 calculated wrong in Android NDK using OpenSSL

Question

I have a problem with SHA512 from OpenSSL in the Android NDK. I've cloned and compiled the openssl android version from the guardianproject (https://github.com/guardianproject/openssl-android) which worked really nice. The only problem is that SHA512 is not working correctly. I used test_deviceid as inputstring:

Nexus 4:
SHA   1: FzEeo2JrQQ6eYO7JedEOrMiki98=
SHA 256: 2+Bm6XrPgz6LeFb9PzqGMiAfaCaZqwmfJGQCJj8bbx8=
SHA 512: 6LbCI1ygLlLolo5sLDfypMmEODHHyBCe694HP6Tch6tE75vJ3nVAteXglDRS1TYhzXt4cBZkJaDK6tI+Ljgsvw==

Ubuntu commandline (also built from source):
SHA   1: FzEeo2JrQQ6eYO7JedEOrMiki98=
SHA 256: 2+Bm6XrPgz6LeFb9PzqGMiAfaCaZqwmfJGQCJj8bbx8=
SHA 512: dUqkGxOGS9+ZL89JOzFpNHNFokJ2ZqahDOp7ZxRfZ4eoF6B42icUvJW+/g7OA5pBWYkcpGUmZtg0lOg7SmrWJg==

//Edit: The function I call is SHA512 from the OpenSSL lib, which can be found here: https://github.com/guardianproject/openssl-android/blob/master/crypto/sha/sha512.c#L294

unsigned char *deviceid = (unsigned char *)argv[6];
int deviceidLen = strlen(argv[6]);
unsigned char *deviceid64 = NULL;
int deviceid64Len = 0;
unsigned char *params = NULL;
int paramsLen = 0;

LOGD("input %s", deviceid);
paramsLen = 20;
params = (char*)malloc(paramsLen);
SHA1(deviceid, deviceidLen, params);
deviceid64 = base64_encode((const unsigned char*)params, paramsLen, &deviceid64Len);
LOGD("SHA   1: %s\n", deviceid64);
free(params);
free(deviceid64);

paramsLen = 32;
params = (char*)malloc(paramsLen);
SHA256(deviceid, deviceidLen, params);
deviceid64 = base64_encode((const unsigned char*)params, paramsLen, &deviceid64Len);
LOGD("SHA 256: %s\n", deviceid64);
free(params);
free(deviceid64);

LOGD("input %s", deviceid);
paramsLen = 64;
params = (char*)malloc(paramsLen);
SHA512(deviceid, deviceidLen, params);
deviceid64 = base64_encode((const unsigned char*)params, paramsLen, &deviceid64Len);
LOGD("SHA 512: %s\n", deviceid64);
free(params);
free(deviceid64);

Could it be because of the cpu (ARM)? Probably a missing compile flag? Hope someone can help me - I need it for a signature check algorithm.

Thanks, Roman

Answer 1

I encountered the same problem, just because i copied a Configure option -DB_ENDIAN from other people, if you use other people's configurations, makesure your have the same device, otherwise no compilation errors to indicate it, your program just running with bugs.

Answer 2

I found a solution for this.

SHA512 is not working (giving incorrect results) with the port of OpenSSL for Android. While working on the Jelly Bean (Android 4.2) AOSP tree (not NDK), I noticed that the OpenSSL ($AOSP_ROOT/external/openssl) version is 1.0.1c while the port I was using was 0.9.8.

I managed to take OpenSSL 1.0.1c from AOSP and change the *.mk files so that it will compile with NDK, as a static library, although building the shared library is also very simple. This was not very difficult as the NDK build system is a subset of the AOSP build system, but one should have the knowledge of the *.mk file format to do this.

I also tried older versions from previous releases (1.0.0, 1.0.1a & b) which also had te same problem with SHA512.

In conclusion: SHA512 on Android will work with any OpenSSL version higher than 1.0.1c (including 1.0.1c). Testing 1.0.1c, d & e was successful.

These are my changes, in case anyone needs a (static) build of OpenSSL (1.0.1*c*) with a working SAH512 algorithm, for Android (Architectures: armeabi , armeabi-v7a & x86).

To build: Uncompressed, cd into the library's project dir and run 'ndk-build'.

BTW - The cause of the bug (I think) was not a missing\incorrect compilation flag, but a bug in the SHA512 ASM code (File: openssl_1.0.1c\crypto\sha\asm\sha512-armv4.S).