* [9front] [PATCH] sha3 but fixed the code style
@ 2021-05-31 16:00 fulton
2021-06-01 12:46 ` cinap_lenrek
0 siblings, 1 reply; 14+ messages in thread
From: fulton @ 2021-05-31 16:00 UTC (permalink / raw)
To: 9front
This adds SHA3 to 9front. SHA3 is a bit slower than 2, but is
resistent length extinsion attack and has a simpler code base. While
not used for much now, theres a good chance it will be needed in the
long run, for stuff like tls, ssh, and file checksums.
--
Fulton fulton.software!fulton
diff -r 8582c03efdc9 sys/include/libsec.h
--- a/sys/include/libsec.h Sun May 30 14:30:50 2021 +0200
+++ b/sys/include/libsec.h Mon May 31 08:55:39 2021 -0700
@@ -224,10 +224,14 @@
enum
{
SHA1dlen= 20, /* SHA digest length */
- SHA2_224dlen= 28, /* SHA-224 digest length */
- SHA2_256dlen= 32, /* SHA-256 digest length */
- SHA2_384dlen= 48, /* SHA-384 digest length */
- SHA2_512dlen= 64, /* SHA-512 digest length */
+ SHA2_224dlen= 28, /* SHA2-224 digest length */
+ SHA2_256dlen= 32, /* SH2A-256 digest length */
+ SHA2_384dlen= 48, /* SH2A-384 digest length */
+ SHA2_512dlen= 64, /* SHA2-512 digest length */
+ SHA3_224dlen= 28, /* SHA3-224 digest length */
+ SHA3_256dlen= 32, /* SHA3-256 digest length */
+ SHA3_384dlen= 48, /* SHA3-384 digest length */
+ SHA3_512dlen= 64, /* SHA3-512 digest length */
MD4dlen= 16, /* MD4 digest length */
MD5dlen= 16, /* MD5 digest length */
RIPEMD160dlen= 20, /* RIPEMD-160 digest length */
@@ -241,20 +245,27 @@
{
uvlong len;
union {
- u32int state[16];
- u64int bstate[8];
+ uchar b[200];
+ u32int state[50];
+ u64int bstate[25];
};
uchar buf[256];
int blen;
+ int pt;
char malloced;
char seeded;
};
+void sha3_keccakf(u64int st[25]);
typedef struct DigestState SHAstate; /* obsolete name */
typedef struct DigestState SHA1state;
typedef struct DigestState SHA2_224state;
typedef struct DigestState SHA2_256state;
typedef struct DigestState SHA2_384state;
typedef struct DigestState SHA2_512state;
+typedef struct DigestState SHA3_224state;
+typedef struct DigestState SHA3_256state;
+typedef struct DigestState SHA3_384state;
+typedef struct DigestState SHA3_512state;
typedef struct DigestState MD5state;
typedef struct DigestState MD4state;
@@ -266,6 +277,11 @@
DigestState* sha2_256(uchar*, ulong, uchar*, DigestState*);
DigestState* sha2_384(uchar*, ulong, uchar*, DigestState*);
DigestState* sha2_512(uchar*, ulong, uchar*, DigestState*);
+DigestState* sha3_224(uchar*, ulong, uchar*, DigestState*);
+DigestState* sha3_256(uchar*, ulong, uchar*, DigestState*);
+DigestState* sha3_384(uchar*, ulong, uchar*, DigestState*);
+DigestState* sha3_512(uchar*, ulong, uchar*, DigestState*);
+
DigestState* hmac_x(uchar *p, ulong len, uchar *key, ulong klen,
uchar *digest, DigestState *s,
DigestState*(*x)(uchar*, ulong, uchar*, DigestState*),
diff -r 8582c03efdc9 sys/man/1/sum
--- a/sys/man/1/sum Sun May 30 14:30:50 2021 +0200
+++ b/sys/man/1/sum Mon May 31 08:55:39 2021 -0700
@@ -19,6 +19,10 @@
[
.B -2
.I bits
+]
+[
+.B -3
+.I bits
] [
.I file ...
]
@@ -82,6 +86,12 @@
384,
and
512.
+The
+.L 3
+option has the same behavior of
+.L 2
+, but instead outputs with
+NIST SHA3 secure hash algorithm.
.SH SOURCE
.B /sys/src/cmd/sum.c
.br
@@ -92,3 +102,5 @@
.IR cmp (1),
.IR wc (1),
.IR sechash (2)
+.SH BUGS
+md5 and SHA-1 are considered broken and should not be used
diff -r 8582c03efdc9 sys/man/2/sechash
--- a/sys/man/2/sechash Sun May 30 14:30:50 2021 +0200
+++ b/sys/man/2/sechash Mon May 31 08:55:39 2021 -0700
@@ -1,7 +1,7 @@
.TH SECHASH 2
.SH NAME
md4, md5, ripemd160,
-sha1, sha2_224, sha2_256, sha2_384, sha2_512,
+sha1, sha2_224, sha2_256, sha2_384, sha2_512,sha3_224, sha3_256, sha3_384, sha3_512,
hmac_x, hmac_md5, hmac_sha1, hmac_sha2_224, hmac_sha2_256, hmac_sha2_384, hmac_sha2_512,
poly1305 \- cryptographically secure hashes
.SH SYNOPSIS
@@ -43,6 +43,16 @@
.Ti
DS* sha2_512(uchar *data, ulong dlen, uchar *digest, DS *state)
.Ti
+DS* sha3(uchar *data, ulong dlen, uchar *digest, int dlen, DS *state)
+.Ti
+DS* sha3_224(uchar *data, ulong dlen, uchar *digest, DS *state)
+.Ti
+DS* sha3_256(uchar *data, ulong dlen, uchar *digest, DS *state)
+.Ti
+DS* sha3_384(uchar *data, ulong dlen, uchar *digest, DS *state)
+.Ti
+DS* sha3_512(uchar *data, ulong dlen, uchar *digest, DS *state)
+.Ti
DS* hmac_x(uchar *p, ulong len, uchar *key, ulong klen, uchar *digest, DS *s, DS*(*x)(uchar*, ulong, uchar*, DS*), int xlen)
.Ti
DS* hmac_md5(uchar *data, ulong dlen, uchar *key, ulong klen, uchar *digest, DS *state)
@@ -78,6 +88,10 @@
.IR sha2_256 ,
.IR sha2_384 ,
.IR sha2_512 ,
+.IR sha3_224 ,
+.IR sha3_256 ,
+.IR sha3_384 ,
+.IR sha3_512 ,
differ only in the length of the resulting digest
and in the security of the hash.
.I Sha2_*
@@ -107,7 +121,11 @@
.IR SHA2_224dlen ,
.IR SHA2_256dlen ,
.IR SHA2_384dlen ,
-.I SHA2_512dlen
+.I SHA2_512dlen,
+.IR SHA3_224dlen ,
+.IR SHA3_256dlen ,
+.IR SHA3_384dlen ,
+.I SHA3_512dlen
and
.I Poly1305dlen
define the lengths of the digests.
@@ -172,3 +190,5 @@
.TP
.B /lib/rfc/rfc2104
HMAC specification
+.SH BUGS
+md4, md5 and SHA-1 are considered broken and should not be used
diff -r 8582c03efdc9 sys/src/cmd/sha1sum.c
--- a/sys/src/cmd/sha1sum.c Sun May 30 14:30:50 2021 +0200
+++ b/sys/src/cmd/sha1sum.c Mon May 31 08:55:39 2021 -0700
@@ -23,6 +23,13 @@
512, SHA2_512dlen, sha2_512,
};
+static Sha2 sha3s[] = { /* This naming sucks */
+ 224, SHA3_224dlen, sha3_224,
+ 256, SHA3_256dlen, sha3_256,
+ 384, SHA3_384dlen, sha3_384,
+ 512, SHA3_512dlen, sha3_512,
+};
+
static DigestState* (*shafunc)(uchar *, ulong, uchar *, DigestState *);
static int shadlen;
@@ -64,7 +71,7 @@
static void
usage(void)
{
- fprint(2, "usage: %s [-2 bits] [file...]\n", argv0);
+ fprint(2, "usage: %s [-2 bits] [-3 bits] [file...]\n", argv0);
exits("usage");
}
@@ -87,6 +94,16 @@
shafunc = sha->func;
shadlen = sha->dlen;
break;
+ case '3':
+ bits = atoi(EARGF(usage()));
+ for (sha = sha3s; sha < sha3s + nelem(sha3s); sha++)
+ if (sha->bits == bits)
+ break;
+ if (sha >= sha3s + nelem(sha2s))
+ sysfatal("unknown number of sha3 bits: %d", bits);
+ shafunc = sha->func;
+ shadlen = sha->dlen;
+ break;
default:
usage();
}ARGEND
diff -r 8582c03efdc9 sys/src/libsec/port/mkfile
--- a/sys/src/libsec/port/mkfile Sun May 30 14:30:50 2021 +0200
+++ b/sys/src/libsec/port/mkfile Mon May 31 08:55:39 2021 -0700
@@ -7,6 +7,7 @@
blowfish.c \
hmac.c md5.c md5block.c md4.c sha1.c sha1block.c\
sha2_64.c sha2_128.c sha2block64.c sha2block128.c\
+ sha3.c sha3_keccakf.c\
poly1305.c\
rc4.c\
chacha.c chachablock.c\
diff -r 8582c03efdc9 sys/src/libsec/port/sha3.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sys/src/libsec/port/sha3.c Mon May 31 08:55:39 2021 -0700
@@ -0,0 +1,57 @@
+#include <u.h>
+#include <libc.h>
+#include <libsec.h>
+
+DigestState*
+sha3(uchar *p, ulong len, uchar *digest, int dlen, DigestState* s){
+ ulong i;
+ int j;
+ if(s == nil) {
+ s = mallocz(sizeof(*s), 1);
+ if(s == nil)
+ return nil;
+ s->malloced = 1;
+ s->blen = 200 - 2 * dlen;
+ }
+ j = s->pt;
+ for (i = 0; i < len; i++) {
+ s->b[j++] ^= p[i];
+ if (j >= s->blen) {
+ sha3_keccakf(s->bstate);
+ j = 0;
+ }
+ }
+ s->pt = j;
+
+ /* Don't go past this point if we're not writing the digest */
+ if(digest == nil)
+ return s;
+ s->b[s->pt] ^= 0x06;
+ s->b[s->blen - 1] ^= 0x80;
+ sha3_keccakf(s->bstate);
+ for (i = 0; i < dlen; i++) {
+ digest[i] = s->b[i];
+ }
+
+ return s;
+}
+
+DigestState*
+sha3_224(uchar *p, ulong len, uchar *digest, SHA3_224state* s){
+ return sha3(p, len, digest, 28, s);
+}
+
+DigestState*
+sha3_256(uchar *p, ulong len, uchar *digest, SHA3_256state* s){
+ return sha3(p, len, digest, 32, s);
+}
+
+DigestState*
+sha3_384(uchar *p, ulong len, uchar *digest, SHA3_384state* s){
+ return sha3(p, len, digest, 48, s);
+}
+
+DigestState*
+sha3_512(uchar *p, ulong len, uchar *digest, SHA3_512state* s){
+ return sha3(p, len, digest, 64, s);
+}
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [9front] [PATCH] sha3 but fixed the code style
2021-05-31 16:00 [9front] [PATCH] sha3 but fixed the code style fulton
@ 2021-06-01 12:46 ` cinap_lenrek
2021-06-01 15:09 ` fulton
2021-06-01 19:51 ` fulton
0 siblings, 2 replies; 14+ messages in thread
From: cinap_lenrek @ 2021-06-01 12:46 UTC (permalink / raw)
To: 9front
where is sha3_keccakf.c?
-.I SHA2_512dlen
+.I SHA2_512dlen,
why not:
-.I SHA2_512dlen
+.IR SHA2_512dlen ,
--
sha3() leaks DigestDstate. suggested change:
...
sha3_keccakf(s->bstate);
memmove(digest, s->b, dlen);
if(s->alloced)
free(s);
return nil;
--
+ j = s->pt;
+ for (i = 0; i < len; i++) {
+ s->b[j++] ^= p[i];
+ if (j >= s->blen) {
+ sha3_keccakf(s->bstate);
+ j = 0;
+ }
+ }
+ s->pt = j;
doing the xor byte-by-byte sucks.
--
union {
- u32int state[16];
- u64int bstate[8];
+ uchar b[200];
+ u32int state[50];
+ u64int bstate[25];
};
i do not like b[200] aliasing bstate here. i think it would be better to
handle this explicitely in the code.
--
cinap
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [9front] [PATCH] sha3 but fixed the code style
2021-06-01 12:46 ` cinap_lenrek
@ 2021-06-01 15:09 ` fulton
2021-06-02 12:16 ` cinap_lenrek
2021-06-01 19:51 ` fulton
1 sibling, 1 reply; 14+ messages in thread
From: fulton @ 2021-06-01 15:09 UTC (permalink / raw)
To: 9front
Quoth cinap_lenrek@felloff.net:
> i do not like b[200] aliasing bstate here. i think it would be better to
> handle this explicitely in the code.
Why?
--
Fulton fulton.software!fulton
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [9front] [PATCH] sha3 but fixed the code style
2021-06-01 12:46 ` cinap_lenrek
2021-06-01 15:09 ` fulton
@ 2021-06-01 19:51 ` fulton
2021-06-02 12:15 ` cinap_lenrek
1 sibling, 1 reply; 14+ messages in thread
From: fulton @ 2021-06-01 19:51 UTC (permalink / raw)
To: 9front
Quoth cinap_lenrek@felloff.net:
> where is sha3_keccakf.c?
>
>
> -.I SHA2_512dlen
> +.I SHA2_512dlen,
>
> why not:
>
> -.I SHA2_512dlen
> +.IR SHA2_512dlen ,
>
> --
>
> sha3() leaks DigestDstate. suggested change:
> ...
> sha3_keccakf(s->bstate);
> memmove(digest, s->b, dlen);
> if(s->alloced)
> free(s);
> return nil;
>
> --
Fixed those issues:
diff -r 8582c03efdc9 sys/man/1/sum
--- a/sys/man/1/sum Sun May 30 14:30:50 2021 +0200
+++ b/sys/man/1/sum Tue Jun 01 12:50:25 2021 -0700
@@ -19,6 +19,10 @@
[
.B -2
.I bits
+]
+[
+.B -3
+.I bits
] [
.I file ...
]
@@ -82,6 +86,12 @@
384,
and
512.
+The
+.L 3
+option has the same behavior of
+.L 2
+, but instead outputs with
+NIST SHA3 secure hash algorithm.
.SH SOURCE
.B /sys/src/cmd/sum.c
.br
@@ -92,3 +102,5 @@
.IR cmp (1),
.IR wc (1),
.IR sechash (2)
+.SH BUGS
+md5 and SHA-1 are considered broken and should not be used
diff -r 8582c03efdc9 sys/man/2/sechash
--- a/sys/man/2/sechash Sun May 30 14:30:50 2021 +0200
+++ b/sys/man/2/sechash Tue Jun 01 12:50:25 2021 -0700
@@ -1,7 +1,7 @@
.TH SECHASH 2
.SH NAME
md4, md5, ripemd160,
-sha1, sha2_224, sha2_256, sha2_384, sha2_512,
+sha1, sha2_224, sha2_256, sha2_384, sha2_512,sha3_224, sha3_256, sha3_384, sha3_512,
hmac_x, hmac_md5, hmac_sha1, hmac_sha2_224, hmac_sha2_256, hmac_sha2_384, hmac_sha2_512,
poly1305 \- cryptographically secure hashes
.SH SYNOPSIS
@@ -43,6 +43,16 @@
.Ti
DS* sha2_512(uchar *data, ulong dlen, uchar *digest, DS *state)
.Ti
+DS* sha3(uchar *data, ulong dlen, uchar *digest, int dlen, DS *state)
+.Ti
+DS* sha3_224(uchar *data, ulong dlen, uchar *digest, DS *state)
+.Ti
+DS* sha3_256(uchar *data, ulong dlen, uchar *digest, DS *state)
+.Ti
+DS* sha3_384(uchar *data, ulong dlen, uchar *digest, DS *state)
+.Ti
+DS* sha3_512(uchar *data, ulong dlen, uchar *digest, DS *state)
+.Ti
DS* hmac_x(uchar *p, ulong len, uchar *key, ulong klen, uchar *digest, DS *s, DS*(*x)(uchar*, ulong, uchar*, DS*), int xlen)
.Ti
DS* hmac_md5(uchar *data, ulong dlen, uchar *key, ulong klen, uchar *digest, DS *state)
@@ -78,6 +88,10 @@
.IR sha2_256 ,
.IR sha2_384 ,
.IR sha2_512 ,
+.IR sha3_224 ,
+.IR sha3_256 ,
+.IR sha3_384 ,
+.IR sha3_512 ,
differ only in the length of the resulting digest
and in the security of the hash.
.I Sha2_*
@@ -107,7 +121,11 @@
.IR SHA2_224dlen ,
.IR SHA2_256dlen ,
.IR SHA2_384dlen ,
-.I SHA2_512dlen
+.I SHA2_512dlen ,
+.IR SHA3_224dlen ,
+.IR SHA3_256dlen ,
+.IR SHA3_384dlen ,
+.I SHA3_512dlen
and
.I Poly1305dlen
define the lengths of the digests.
@@ -172,3 +190,5 @@
.TP
.B /lib/rfc/rfc2104
HMAC specification
+.SH BUGS
+md4, md5 and SHA-1 are considered broken and should not be used
diff -r 8582c03efdc9 sys/src/cmd/sha1sum.c
--- a/sys/src/cmd/sha1sum.c Sun May 30 14:30:50 2021 +0200
+++ b/sys/src/cmd/sha1sum.c Tue Jun 01 12:50:25 2021 -0700
@@ -23,6 +23,13 @@
512, SHA2_512dlen, sha2_512,
};
+static Sha2 sha3s[] = { /* This naming sucks */
+ 224, SHA3_224dlen, sha3_224,
+ 256, SHA3_256dlen, sha3_256,
+ 384, SHA3_384dlen, sha3_384,
+ 512, SHA3_512dlen, sha3_512,
+};
+
static DigestState* (*shafunc)(uchar *, ulong, uchar *, DigestState *);
static int shadlen;
@@ -64,7 +71,7 @@
static void
usage(void)
{
- fprint(2, "usage: %s [-2 bits] [file...]\n", argv0);
+ fprint(2, "usage: %s [-2 bits] [-3 bits] [file...]\n", argv0);
exits("usage");
}
@@ -87,6 +94,16 @@
shafunc = sha->func;
shadlen = sha->dlen;
break;
+ case '3':
+ bits = atoi(EARGF(usage()));
+ for (sha = sha3s; sha < sha3s + nelem(sha3s); sha++)
+ if (sha->bits == bits)
+ break;
+ if (sha >= sha3s + nelem(sha2s))
+ sysfatal("unknown number of sha3 bits: %d", bits);
+ shafunc = sha->func;
+ shadlen = sha->dlen;
+ break;
default:
usage();
}ARGEND
diff -r 8582c03efdc9 sys/src/libsec/port/sha3.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sys/src/libsec/port/sha3.c Tue Jun 01 12:50:25 2021 -0700
@@ -0,0 +1,57 @@
+#include <u.h>
+#include <libc.h>
+#include <libsec.h>
+
+DigestState*
+sha3(uchar *p, ulong len, uchar *digest, int dlen, DigestState* s){
+ ulong i;
+ int j;
+ if(s == nil) {
+ s = mallocz(sizeof(*s), 1);
+ if(s == nil)
+ return nil;
+ s->malloced = 1;
+ s->blen = 200 - 2 * dlen;
+ }
+ j = s->pt;
+ for (i = 0; i < len; i++) {
+ s->b[j++] ^= p[i];
+ if (j >= s->blen) {
+ sha3_keccakf(s->bstate);
+ j = 0;
+ }
+ }
+ s->pt = j;
+
+ /* Don't go past this point if we're not writing the digest */
+ if(digest == nil)
+ return s;
+ s->b[s->pt] ^= 0x06;
+ s->b[s->blen - 1] ^= 0x80;
+ sha3_keccakf(s->bstate);
+ memmove(digest, s->b, dlen);
+ if(s->malloced)
+ free(s);
+
+ return s;
+}
+
+DigestState*
+sha3_224(uchar *p, ulong len, uchar *digest, SHA3_224state* s){
+ return sha3(p, len, digest, 28, s);
+}
+
+DigestState*
+sha3_256(uchar *p, ulong len, uchar *digest, SHA3_256state* s){
+ return sha3(p, len, digest, 32, s);
+}
+
+DigestState*
+sha3_384(uchar *p, ulong len, uchar *digest, SHA3_384state* s){
+ return sha3(p, len, digest, 48, s);
+}
+
+DigestState*
+sha3_512(uchar *p, ulong len, uchar *digest, SHA3_512state* s){
+ return sha3(p, len, digest, 64, s);
+}
diff -r 8582c03efdc9 sys/src/libsec/port/sha3_keccakf.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sys/src/libsec/port/sha3_keccakf.c Tue Jun 01 12:50:25 2021 -0700
@@ -0,0 +1,69 @@
+#include <u.h>
+#include <libc.h>
+#include <libsec.h>
+#define KECCAKF_ROUNDS 24
+#define ROTL64(x, y) (((x) << (y)) | ((x) >> (64 - (y))))
+
+void sha3_keccakf(u64int st[25])
+{
+ // constants
+ const u64int keccakf_rndc[24] = {
+ 0x0000000000000001, 0x0000000000008082, 0x800000000000808a,
+ 0x8000000080008000, 0x000000000000808b, 0x0000000080000001,
+ 0x8000000080008081, 0x8000000000008009, 0x000000000000008a,
+ 0x0000000000000088, 0x0000000080008009, 0x000000008000000a,
+ 0x000000008000808b, 0x800000000000008b, 0x8000000000008089,
+ 0x8000000000008003, 0x8000000000008002, 0x8000000000000080,
+ 0x000000000000800a, 0x800000008000000a, 0x8000000080008081,
+ 0x8000000000008080, 0x0000000080000001, 0x8000000080008008
+ };
+ const int keccakf_rotc[24] = {
+ 1, 3, 6, 10, 15, 21, 28, 36, 45, 55, 2, 14,
+ 27, 41, 56, 8, 25, 43, 62, 18, 39, 61, 20, 44
+ };
+ const int keccakf_piln[24] = {
+ 10, 7, 11, 17, 18, 3, 5, 16, 8, 21, 24, 4,
+ 15, 23, 19, 13, 12, 2, 20, 14, 22, 9, 6, 1
+ };
+
+ /* variables */
+ int i, j, r;
+ u64int t, bc[5];
+
+
+ /* actual iteration */
+ for (r = 0; r < KECCAKF_ROUNDS; r++) {
+
+ // Theta
+ for (i = 0; i < 5; i++)
+ bc[i] = st[i] ^ st[i + 5] ^ st[i + 10] ^ st[i + 15] ^ st[i + 20];
+
+ for (i = 0; i < 5; i++) {
+ t = bc[(i + 4) % 5] ^ ROTL64(bc[(i + 1) % 5], 1);
+ for (j = 0; j < 25; j += 5)
+ st[j + i] ^= t;
+ }
+
+ /* Rho Pi */
+ t = st[1];
+ for (i = 0; i < 24; i++) {
+ j = keccakf_piln[i];
+ bc[0] = st[j];
+ st[j] = ROTL64(t, keccakf_rotc[i]);
+ t = bc[0];
+ }
+
+ /* Chi */
+ for (j = 0; j < 25; j += 5) {
+ for (i = 0; i < 5; i++)
+ bc[i] = st[j + i];
+ for (i = 0; i < 5; i++)
+ st[j + i] ^= (~bc[(i + 1) % 5]) & bc[(i + 2) % 5];
+ }
+
+ /* Iota */
+ st[0] ^= keccakf_rndc[r];
+ }
+
+
+}
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [9front] [PATCH] sha3 but fixed the code style
2021-06-01 19:51 ` fulton
@ 2021-06-02 12:15 ` cinap_lenrek
2021-06-02 13:46 ` kemal
2021-06-02 21:04 ` fulton
0 siblings, 2 replies; 14+ messages in thread
From: cinap_lenrek @ 2021-06-02 12:15 UTC (permalink / raw)
To: 9front
- sha3() needs to return nil on final run.
- still the aliasing with DigestState.b[200]
note, that this also will not work on big endian machines. you can
try this with the mips instruction emulator vi(1).
byte-by-byte xor is stupid.
- sha3_keccakf() seems more than sub-optimal
64-bit constants need to have ULL prefix.
for example, the indexing will be done twice because of the ROTL64() macro
loops not unrolled, especially with the mod 5 indexing (divisions can be very slow)
i bet you havnt written this code, where is this from? if you use someone
elses code it is always a good idea to attribute the original authors.
do you have test vectors?
--
cinap
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [9front] [PATCH] sha3 but fixed the code style
2021-06-01 15:09 ` fulton
@ 2021-06-02 12:16 ` cinap_lenrek
0 siblings, 0 replies; 14+ messages in thread
From: cinap_lenrek @ 2021-06-02 12:16 UTC (permalink / raw)
To: 9front
big endian and readability. from the code it is not obvious that they alias.
--
cinap
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [9front] [PATCH] sha3 but fixed the code style
2021-06-02 12:15 ` cinap_lenrek
@ 2021-06-02 13:46 ` kemal
2021-06-02 14:16 ` kemal
` (2 more replies)
2021-06-02 21:04 ` fulton
1 sibling, 3 replies; 14+ messages in thread
From: kemal @ 2021-06-02 13:46 UTC (permalink / raw)
To: 9front
hello,
> - sha3_keccakf() seems more than sub-optimal
>
> 64-bit constants need to have ULL prefix.
>
> for example, the indexing will be done twice because of the ROTL64() macro
>
> loops not unrolled, especially with the mod 5 indexing (divisions can be
> very slow)
i stole go's keccakf code, and translated it into c. it just uses
bitwise operations and loops are unrolled. looks definitely better
than the current one. can fulton test if this actually works?
http://okturing.com/src/11179/body
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [9front] [PATCH] sha3 but fixed the code style
2021-06-02 13:46 ` kemal
@ 2021-06-02 14:16 ` kemal
2021-06-03 1:30 ` ori
2021-06-03 16:56 ` fulton
2021-06-02 14:45 ` cinap_lenrek
2021-06-03 15:24 ` fulton
2 siblings, 2 replies; 14+ messages in thread
From: kemal @ 2021-06-02 14:16 UTC (permalink / raw)
To: 9front
> http://okturing.com/src/11179/body
ok i think i misunderstood go's '&^' bit clear operator
use this instead
http://okturing.com/src/11180/body
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [9front] [PATCH] sha3 but fixed the code style
2021-06-02 13:46 ` kemal
2021-06-02 14:16 ` kemal
@ 2021-06-02 14:45 ` cinap_lenrek
2021-06-03 15:24 ` fulton
2 siblings, 0 replies; 14+ messages in thread
From: cinap_lenrek @ 2021-06-02 14:45 UTC (permalink / raw)
To: 9front
hm.... are you sure you should use 64-bit *SIGNED* integers here?
wouldnt that screw up the bit rotations because of the sign bit
replication on down shift?
> can fulton test if this actually works?
the right thing todo is to provide unit test with test vectors
from the spec... it doesnt need to be in the mkfile... just like
sha2test.c and chachatest.c.
--
cinap
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [9front] [PATCH] sha3 but fixed the code style
2021-06-02 12:15 ` cinap_lenrek
2021-06-02 13:46 ` kemal
@ 2021-06-02 21:04 ` fulton
2021-06-03 20:28 ` hiro
1 sibling, 1 reply; 14+ messages in thread
From: fulton @ 2021-06-02 21:04 UTC (permalink / raw)
To: 9front
I did attribute the authors in my first post email post, that email never went through and I should have re-attributed the author
https://github.com/mjosaarinen/tiny_sha3
> - sha3() needs to return nil on final run.
- I'll fix that
>note, that this also will not work on big endian machines. you can
>try this with the mips instruction emulator vi(1).
I don't know how much I can do about that, but I'll look in to it.
>byte-by-byte xor is stupid.
I don't love it either, but I in this case it may be the best way to get it working, but I can change it.
>sha3_keccakf() seems more than sub-optimal
i'll rewrite it.
--
Fulton fulton.software!fulton
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [9front] [PATCH] sha3 but fixed the code style
2021-06-02 14:16 ` kemal
@ 2021-06-03 1:30 ` ori
2021-06-03 16:56 ` fulton
1 sibling, 0 replies; 14+ messages in thread
From: ori @ 2021-06-03 1:30 UTC (permalink / raw)
To: 9front
Quoth kemal <kemalinanc8@gmail.com>:
> > http://okturing.com/src/11179/body
>
> ok i think i misunderstood go's '&^' bit clear operator
> use this instead
>
> http://okturing.com/src/11180/body
Does it pass the test vectors? Do you
have code to prove it?
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [9front] [PATCH] sha3 but fixed the code style
2021-06-02 13:46 ` kemal
2021-06-02 14:16 ` kemal
2021-06-02 14:45 ` cinap_lenrek
@ 2021-06-03 15:24 ` fulton
2 siblings, 0 replies; 14+ messages in thread
From: fulton @ 2021-06-03 15:24 UTC (permalink / raw)
To: 9front
Quoth kemal <kemalinanc8@gmail.com>:
> hello,
>
> > - sha3_keccakf() seems more than sub-optimal
> >
> > 64-bit constants need to have ULL prefix.
> >
> > for example, the indexing will be done twice because of the ROTL64() macro
> >
> > loops not unrolled, especially with the mod 5 indexing (divisions can be
> > very slow)
>
> i stole go's keccakf code, and translated it into c. it just uses
> bitwise operations and loops are unrolled. looks definitely better
> than the current one. can fulton test if this actually works?
>
> http://okturing.com/src/11179/body
>
That didn't seem to work. it should look like this:
; echo test | sha1sum -3 256
34a0b893b66e312a8b0f7dc4bc4c7930b67f8823513aff5444fb5c64aa060c5a
; echo test | sha1sum -3 512
1a39794b53431e9abc34368ed4824dbac59d6c6417792279b0ec2c91d6eb58af72f9d4b1e3b613a05891c2c1a17a820bcf829cb323c4299b219e5ab299794581
; sha1sum -3 256 /386/9pc
512b4ee0051cdac52210e1216786aa43625aad842a9d4d2a6f796738692715ef /386/9pc
;
Verified by rhash(1) on unix
This isi what thr go patch looks like:
; echo test | ./sha1sum -3 256
1b39c5c0855bccd2ebf2a8c490f7cfb49c276a9b81fb336c5621e235fa5390fd
; echo test | ./sha1sum -3 512
dfbef5bc56120523b305cca4254ba61a94393cd7808d5c6434f09664793ecca5ccb2b7ac2b483430d42d6b42654d48d514ad2385699c586f885622e013ce27b0
; ./sha1sum -3 256 /386/9pc
e758b8170222a207a584df37662b9095c71310c1411cfa9b95b63a1dfa30af9d /386/9pc
I'll look in to it. It may just be a case of not enough rounds (should be 24) or some simple bug like that,
--
Fulton fulton.software!fulton
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [9front] [PATCH] sha3 but fixed the code style
2021-06-02 14:16 ` kemal
2021-06-03 1:30 ` ori
@ 2021-06-03 16:56 ` fulton
1 sibling, 0 replies; 14+ messages in thread
From: fulton @ 2021-06-03 16:56 UTC (permalink / raw)
To: 9front
Quoth kemal <kemalinanc8@gmail.com>:
> > http://okturing.com/src/11179/body
>
> ok i think i misunderstood go's '&^' bit clear operator
> use this instead
>
> http://okturing.com/src/11180/body
>
Just got this one, it works :D thanks kemal.
--
Fulton fulton.software!fulton
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [9front] [PATCH] sha3 but fixed the code style
2021-06-02 21:04 ` fulton
@ 2021-06-03 20:28 ` hiro
0 siblings, 0 replies; 14+ messages in thread
From: hiro @ 2021-06-03 20:28 UTC (permalink / raw)
To: 9front
> I don't know how much I can do about that, but I'll look in to it.
what do you mean? if your code is independent of byte ordering then i
think you should know what is meant here, even without knowing
anything about mips (it was an example).
On 6/2/21, fulton@fulton.software <fulton@fulton.software> wrote:
> I did attribute the authors in my first post email post, that email never
> went through and I should have re-attributed the author
>
> https://github.com/mjosaarinen/tiny_sha3
>
>> - sha3() needs to return nil on final run.
> - I'll fix that
>
>>note, that this also will not work on big endian machines. you can
>>try this with the mips instruction emulator vi(1).
> I don't know how much I can do about that, but I'll look in to it.
>
>>byte-by-byte xor is stupid.
>
> I don't love it either, but I in this case it may be the best way to get it
> working, but I can change it.
>
>>sha3_keccakf() seems more than sub-optimal
>
> i'll rewrite it.
>
> --
> Fulton fulton.software!fulton
>
^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2021-06-06 5:20 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-31 16:00 [9front] [PATCH] sha3 but fixed the code style fulton
2021-06-01 12:46 ` cinap_lenrek
2021-06-01 15:09 ` fulton
2021-06-02 12:16 ` cinap_lenrek
2021-06-01 19:51 ` fulton
2021-06-02 12:15 ` cinap_lenrek
2021-06-02 13:46 ` kemal
2021-06-02 14:16 ` kemal
2021-06-03 1:30 ` ori
2021-06-03 16:56 ` fulton
2021-06-02 14:45 ` cinap_lenrek
2021-06-03 15:24 ` fulton
2021-06-02 21:04 ` fulton
2021-06-03 20:28 ` hiro
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).