Why is SHA512 calculated wrong in Android NDK using OpenSSL
Why is SHA512 calculated wrong in Android NDK using OpenSSL
I have a problem with SHA512 from OpenSSL in the Android NDK. I've cloned and compiled the openssl android version from the guardianproject (https://github.com/guardianproject/openssl-android) which worked really nice. The only problem is that SHA512 is not working correctly. I used test_deviceid as inputstring:
Nexus 4:
SHA 1: FzEeo2JrQQ6eYO7JedEOrMiki98=
SHA 256: 2+Bm6XrPgz6LeFb9PzqGMiAfaCaZqwmfJGQCJj8bbx8=
SHA 512: 6LbCI1ygLlLolo5sLDfypMmEODHHyBCe694HP6Tch6tE75vJ3nVAteXglDRS1TYhzXt4cBZkJaDK6tI+Ljgsvw==
Ubuntu commandline (also built from source):
SHA 1: FzEeo2JrQQ6eYO7JedEOrMiki98=
SHA 256: 2+Bm6XrPgz6LeFb9PzqGMiAfaCaZqwmfJGQCJj8bbx8=
SHA 512: dUqkGxOGS9+ZL89JOzFpNHNFokJ2ZqahDOp7ZxRfZ4eoF6B42icUvJW+/g7OA5pBWYkcpGUmZtg0lOg7SmrWJg==
//Edit:
The function I call is SHA512 from the OpenSSL lib, which can be found here: https://github.com/guardianproject/openssl-android/blob/master/crypto/sha/sha512.c#L294
unsigned char *deviceid = (unsigned char *)argv[6];
int deviceidLen = strlen(argv[6]);
unsigned char *deviceid64 = NULL;
int deviceid64Len = 0;
unsigned char *params = NULL;
int paramsLen = 0;
LOGD("input %s", deviceid);
paramsLen = 20;
params = (char*)malloc(paramsLen);
SHA1(deviceid, deviceidLen, params);
deviceid64 = base64_encode((const unsigned char*)params, paramsLen, &deviceid64Len);
LOGD("SHA 1: %sn", deviceid64);
free(params);
free(deviceid64);
paramsLen = 32;
params = (char*)malloc(paramsLen);
SHA256(deviceid, deviceidLen, params);
deviceid64 = base64_encode((const unsigned char*)params, paramsLen, &deviceid64Len);
LOGD("SHA 256: %sn", deviceid64);
free(params);
free(deviceid64);
LOGD("input %s", deviceid);
paramsLen = 64;
params = (char*)malloc(paramsLen);
SHA512(deviceid, deviceidLen, params);
deviceid64 = base64_encode((const unsigned char*)params, paramsLen, &deviceid64Len);
LOGD("SHA 512: %sn", deviceid64);
free(params);
free(deviceid64);
Could it be because of the cpu (ARM)? Probably a missing compile flag? Hope someone can help me - I need it for a signature check algorithm.
Thanks, Roman
Hey. I'm facing the same issue. I'm using a different port of OpenSSL (github.com/guardianproject/android-external-openssl-ndk-static), but with similar results: On Android and Ubuntu - Different results. Did you manage to find a solution?
– OmriSela
Nov 25 '13 at 5:16
Hi, unfortunately not - I guess that probably a variable definition is to short if the target cpu is ARM - for example only 32bit instead of 64 or something like that.
– Romanski
Nov 25 '13 at 14:06
I guess you;re right... Do you know of any alternative to OpenSSL for NDK?
– OmriSela
Nov 25 '13 at 20:53
There is an other one from "fries": github.com/fries/android-external-openssl but I haven't tested it.
– Romanski
Nov 27 '13 at 6:15
2 Answers
2
I found a solution for this.
SHA512 is not working (giving incorrect results) with the port of OpenSSL for Android.
While working on the Jelly Bean (Android 4.2) AOSP tree (not NDK), I noticed that the OpenSSL ($AOSP_ROOT/external/openssl) version is 1.0.1c while the port I was using was 0.9.8.
I managed to take OpenSSL 1.0.1c from AOSP and change the *.mk files so that it will compile with NDK, as a static library, although building the shared library is also very simple. This was not very difficult as the NDK build system is a subset of the AOSP build system, but one should have the knowledge of the *.mk file format to do this.
I also tried older versions from previous releases (1.0.0, 1.0.1a & b) which also had te same problem with SHA512.
In conclusion: SHA512 on Android will work with any OpenSSL version higher than 1.0.1c (including 1.0.1c). Testing 1.0.1c, d & e was successful.
These are my changes, in case anyone needs a (static) build of OpenSSL (1.0.1*c*) with a working SAH512 algorithm, for Android (Architectures: armeabi , armeabi-v7a & x86).
To build: Uncompressed, cd into the library's project dir and run 'ndk-build'.
BTW - The cause of the bug (I think) was not a missingincorrect compilation flag, but a bug in the SHA512 ASM code (File: openssl_1.0.1ccryptoshaasmsha512-armv4.S).
Another thing worth mentioning: When I was working on the NDK build of OpenSSL, I had to rename all the *.s (lower-case 's') files to *.S (upper-case 'S') for NDK to compile these ASM files correctly. This was done on top of the *.mk changes.
– OmriSela
Dec 4 '13 at 16:57
if anyone is intrested in seeing the openSSL version used for each Android version check out the openssl.version file for each release tag in the git repo
– Dori
Apr 21 '15 at 16:50
@OmriSela Did you manage to use it with later versions, like 1.01r? The link for your changes is broken, it would be great if you could update it. Thanks.
– Nonos
Apr 4 '16 at 23:57
I encountered the same problem, just because i copied a Configure option-DB_ENDIAN from other people, if you use other people's configurations,
makesure your have the same device, otherwise no compilation errors to indicate
it, your program just running with bugs.
-DB_ENDIAN
Thanks for contributing an answer to Stack Overflow!
But avoid …
To learn more, see our tips on writing great answers.
Required, but never shown
Required, but never shown
By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.
Can you post the code of calculating SHA512? By this, other can understand and help you in a better way.
– doptimusprime
Nov 7 '13 at 3:29