From: fulton@fulton.software
To: 9front@9front.org
Subject: Re: [9front] [PATCH] sha3 but fixed the code style
Date: Tue, 01 Jun 2021 12:51:12 -0700 [thread overview]
Message-ID: <B2103A02BF2A36FC16633995B7BD9E17@fulton.software> (raw)
In-Reply-To: <1C4DE32C373501A487F0F5F1AD185B49@felloff.net>
Quoth cinap_lenrek@felloff.net:
> where is sha3_keccakf.c?
>
>
> -.I SHA2_512dlen
> +.I SHA2_512dlen,
>
> why not:
>
> -.I SHA2_512dlen
> +.IR SHA2_512dlen ,
>
> --
>
> sha3() leaks DigestDstate. suggested change:
> ...
> sha3_keccakf(s->bstate);
> memmove(digest, s->b, dlen);
> if(s->alloced)
> free(s);
> return nil;
>
> --
Fixed those issues:
diff -r 8582c03efdc9 sys/man/1/sum
--- a/sys/man/1/sum Sun May 30 14:30:50 2021 +0200
+++ b/sys/man/1/sum Tue Jun 01 12:50:25 2021 -0700
@@ -19,6 +19,10 @@
[
.B -2
.I bits
+]
+[
+.B -3
+.I bits
] [
.I file ...
]
@@ -82,6 +86,12 @@
384,
and
512.
+The
+.L 3
+option has the same behavior of
+.L 2
+, but instead outputs with
+NIST SHA3 secure hash algorithm.
.SH SOURCE
.B /sys/src/cmd/sum.c
.br
@@ -92,3 +102,5 @@
.IR cmp (1),
.IR wc (1),
.IR sechash (2)
+.SH BUGS
+md5 and SHA-1 are considered broken and should not be used
diff -r 8582c03efdc9 sys/man/2/sechash
--- a/sys/man/2/sechash Sun May 30 14:30:50 2021 +0200
+++ b/sys/man/2/sechash Tue Jun 01 12:50:25 2021 -0700
@@ -1,7 +1,7 @@
.TH SECHASH 2
.SH NAME
md4, md5, ripemd160,
-sha1, sha2_224, sha2_256, sha2_384, sha2_512,
+sha1, sha2_224, sha2_256, sha2_384, sha2_512,sha3_224, sha3_256, sha3_384, sha3_512,
hmac_x, hmac_md5, hmac_sha1, hmac_sha2_224, hmac_sha2_256, hmac_sha2_384, hmac_sha2_512,
poly1305 \- cryptographically secure hashes
.SH SYNOPSIS
@@ -43,6 +43,16 @@
.Ti
DS* sha2_512(uchar *data, ulong dlen, uchar *digest, DS *state)
.Ti
+DS* sha3(uchar *data, ulong dlen, uchar *digest, int dlen, DS *state)
+.Ti
+DS* sha3_224(uchar *data, ulong dlen, uchar *digest, DS *state)
+.Ti
+DS* sha3_256(uchar *data, ulong dlen, uchar *digest, DS *state)
+.Ti
+DS* sha3_384(uchar *data, ulong dlen, uchar *digest, DS *state)
+.Ti
+DS* sha3_512(uchar *data, ulong dlen, uchar *digest, DS *state)
+.Ti
DS* hmac_x(uchar *p, ulong len, uchar *key, ulong klen, uchar *digest, DS *s, DS*(*x)(uchar*, ulong, uchar*, DS*), int xlen)
.Ti
DS* hmac_md5(uchar *data, ulong dlen, uchar *key, ulong klen, uchar *digest, DS *state)
@@ -78,6 +88,10 @@
.IR sha2_256 ,
.IR sha2_384 ,
.IR sha2_512 ,
+.IR sha3_224 ,
+.IR sha3_256 ,
+.IR sha3_384 ,
+.IR sha3_512 ,
differ only in the length of the resulting digest
and in the security of the hash.
.I Sha2_*
@@ -107,7 +121,11 @@
.IR SHA2_224dlen ,
.IR SHA2_256dlen ,
.IR SHA2_384dlen ,
-.I SHA2_512dlen
+.I SHA2_512dlen ,
+.IR SHA3_224dlen ,
+.IR SHA3_256dlen ,
+.IR SHA3_384dlen ,
+.I SHA3_512dlen
and
.I Poly1305dlen
define the lengths of the digests.
@@ -172,3 +190,5 @@
.TP
.B /lib/rfc/rfc2104
HMAC specification
+.SH BUGS
+md4, md5 and SHA-1 are considered broken and should not be used
diff -r 8582c03efdc9 sys/src/cmd/sha1sum.c
--- a/sys/src/cmd/sha1sum.c Sun May 30 14:30:50 2021 +0200
+++ b/sys/src/cmd/sha1sum.c Tue Jun 01 12:50:25 2021 -0700
@@ -23,6 +23,13 @@
512, SHA2_512dlen, sha2_512,
};
+static Sha2 sha3s[] = { /* This naming sucks */
+ 224, SHA3_224dlen, sha3_224,
+ 256, SHA3_256dlen, sha3_256,
+ 384, SHA3_384dlen, sha3_384,
+ 512, SHA3_512dlen, sha3_512,
+};
+
static DigestState* (*shafunc)(uchar *, ulong, uchar *, DigestState *);
static int shadlen;
@@ -64,7 +71,7 @@
static void
usage(void)
{
- fprint(2, "usage: %s [-2 bits] [file...]\n", argv0);
+ fprint(2, "usage: %s [-2 bits] [-3 bits] [file...]\n", argv0);
exits("usage");
}
@@ -87,6 +94,16 @@
shafunc = sha->func;
shadlen = sha->dlen;
break;
+ case '3':
+ bits = atoi(EARGF(usage()));
+ for (sha = sha3s; sha < sha3s + nelem(sha3s); sha++)
+ if (sha->bits == bits)
+ break;
+ if (sha >= sha3s + nelem(sha2s))
+ sysfatal("unknown number of sha3 bits: %d", bits);
+ shafunc = sha->func;
+ shadlen = sha->dlen;
+ break;
default:
usage();
}ARGEND
diff -r 8582c03efdc9 sys/src/libsec/port/sha3.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sys/src/libsec/port/sha3.c Tue Jun 01 12:50:25 2021 -0700
@@ -0,0 +1,57 @@
+#include <u.h>
+#include <libc.h>
+#include <libsec.h>
+
+DigestState*
+sha3(uchar *p, ulong len, uchar *digest, int dlen, DigestState* s){
+ ulong i;
+ int j;
+ if(s == nil) {
+ s = mallocz(sizeof(*s), 1);
+ if(s == nil)
+ return nil;
+ s->malloced = 1;
+ s->blen = 200 - 2 * dlen;
+ }
+ j = s->pt;
+ for (i = 0; i < len; i++) {
+ s->b[j++] ^= p[i];
+ if (j >= s->blen) {
+ sha3_keccakf(s->bstate);
+ j = 0;
+ }
+ }
+ s->pt = j;
+
+ /* Don't go past this point if we're not writing the digest */
+ if(digest == nil)
+ return s;
+ s->b[s->pt] ^= 0x06;
+ s->b[s->blen - 1] ^= 0x80;
+ sha3_keccakf(s->bstate);
+ memmove(digest, s->b, dlen);
+ if(s->malloced)
+ free(s);
+
+ return s;
+}
+
+DigestState*
+sha3_224(uchar *p, ulong len, uchar *digest, SHA3_224state* s){
+ return sha3(p, len, digest, 28, s);
+}
+
+DigestState*
+sha3_256(uchar *p, ulong len, uchar *digest, SHA3_256state* s){
+ return sha3(p, len, digest, 32, s);
+}
+
+DigestState*
+sha3_384(uchar *p, ulong len, uchar *digest, SHA3_384state* s){
+ return sha3(p, len, digest, 48, s);
+}
+
+DigestState*
+sha3_512(uchar *p, ulong len, uchar *digest, SHA3_512state* s){
+ return sha3(p, len, digest, 64, s);
+}
diff -r 8582c03efdc9 sys/src/libsec/port/sha3_keccakf.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sys/src/libsec/port/sha3_keccakf.c Tue Jun 01 12:50:25 2021 -0700
@@ -0,0 +1,69 @@
+#include <u.h>
+#include <libc.h>
+#include <libsec.h>
+#define KECCAKF_ROUNDS 24
+#define ROTL64(x, y) (((x) << (y)) | ((x) >> (64 - (y))))
+
+void sha3_keccakf(u64int st[25])
+{
+ // constants
+ const u64int keccakf_rndc[24] = {
+ 0x0000000000000001, 0x0000000000008082, 0x800000000000808a,
+ 0x8000000080008000, 0x000000000000808b, 0x0000000080000001,
+ 0x8000000080008081, 0x8000000000008009, 0x000000000000008a,
+ 0x0000000000000088, 0x0000000080008009, 0x000000008000000a,
+ 0x000000008000808b, 0x800000000000008b, 0x8000000000008089,
+ 0x8000000000008003, 0x8000000000008002, 0x8000000000000080,
+ 0x000000000000800a, 0x800000008000000a, 0x8000000080008081,
+ 0x8000000000008080, 0x0000000080000001, 0x8000000080008008
+ };
+ const int keccakf_rotc[24] = {
+ 1, 3, 6, 10, 15, 21, 28, 36, 45, 55, 2, 14,
+ 27, 41, 56, 8, 25, 43, 62, 18, 39, 61, 20, 44
+ };
+ const int keccakf_piln[24] = {
+ 10, 7, 11, 17, 18, 3, 5, 16, 8, 21, 24, 4,
+ 15, 23, 19, 13, 12, 2, 20, 14, 22, 9, 6, 1
+ };
+
+ /* variables */
+ int i, j, r;
+ u64int t, bc[5];
+
+
+ /* actual iteration */
+ for (r = 0; r < KECCAKF_ROUNDS; r++) {
+
+ // Theta
+ for (i = 0; i < 5; i++)
+ bc[i] = st[i] ^ st[i + 5] ^ st[i + 10] ^ st[i + 15] ^ st[i + 20];
+
+ for (i = 0; i < 5; i++) {
+ t = bc[(i + 4) % 5] ^ ROTL64(bc[(i + 1) % 5], 1);
+ for (j = 0; j < 25; j += 5)
+ st[j + i] ^= t;
+ }
+
+ /* Rho Pi */
+ t = st[1];
+ for (i = 0; i < 24; i++) {
+ j = keccakf_piln[i];
+ bc[0] = st[j];
+ st[j] = ROTL64(t, keccakf_rotc[i]);
+ t = bc[0];
+ }
+
+ /* Chi */
+ for (j = 0; j < 25; j += 5) {
+ for (i = 0; i < 5; i++)
+ bc[i] = st[j + i];
+ for (i = 0; i < 5; i++)
+ st[j + i] ^= (~bc[(i + 1) % 5]) & bc[(i + 2) % 5];
+ }
+
+ /* Iota */
+ st[0] ^= keccakf_rndc[r];
+ }
+
+
+}
next prev parent reply other threads:[~2021-06-02 9:28 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-31 16:00 fulton
2021-06-01 12:46 ` cinap_lenrek
2021-06-01 15:09 ` fulton
2021-06-02 12:16 ` cinap_lenrek
2021-06-01 19:51 ` fulton [this message]
2021-06-02 12:15 ` cinap_lenrek
2021-06-02 13:46 ` kemal
2021-06-02 14:16 ` kemal
2021-06-03 1:30 ` ori
2021-06-03 16:56 ` fulton
2021-06-02 14:45 ` cinap_lenrek
2021-06-03 15:24 ` fulton
2021-06-02 21:04 ` fulton
2021-06-03 20:28 ` hiro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=B2103A02BF2A36FC16633995B7BD9E17@fulton.software \
--to=fulton@fulton.software \
--cc=9front@9front.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).