Re: [9front] [PATCH] sha3 but fixed the code style

9front - general discussion about 9front
 help / color / mirror / Atom feed

From: fulton@fulton.software
To: 9front@9front.org
Subject: Re: [9front] [PATCH] sha3 but fixed the code style
Date: Tue, 01 Jun 2021 12:51:12 -0700	[thread overview]
Message-ID: <B2103A02BF2A36FC16633995B7BD9E17@fulton.software> (raw)
In-Reply-To: <1C4DE32C373501A487F0F5F1AD185B49@felloff.net>

Quoth cinap_lenrek@felloff.net:
> where is sha3_keccakf.c?
> 
> 
> -.I SHA2_512dlen
> +.I SHA2_512dlen,
> 
> why not:
> 
> -.I SHA2_512dlen
> +.IR SHA2_512dlen ,
> 
> --
> 
> sha3() leaks DigestDstate. suggested change:
> 	...
> 	sha3_keccakf(s->bstate);
> 	memmove(digest, s->b, dlen);
> 	if(s->alloced)
> 		free(s);
> 	return nil;
> 
> --

Fixed those issues:

diff -r 8582c03efdc9 sys/man/1/sum
--- a/sys/man/1/sum	Sun May 30 14:30:50 2021 +0200
+++ b/sys/man/1/sum	Tue Jun 01 12:50:25 2021 -0700
@@ -19,6 +19,10 @@
 [
 .B -2
 .I bits
+] 
+[
+.B -3
+.I bits
 ] [
 .I file ...
 ]
@@ -82,6 +86,12 @@
 384,
 and
 512.
+The 
+.L 3
+option has the same behavior of
+.L 2
+, but instead outputs with
+NIST SHA3 secure hash algorithm.
 .SH SOURCE
 .B /sys/src/cmd/sum.c
 .br
@@ -92,3 +102,5 @@
 .IR cmp (1),
 .IR wc (1),
 .IR sechash (2)
+.SH BUGS
+md5 and SHA-1 are considered broken and should not be used
diff -r 8582c03efdc9 sys/man/2/sechash
--- a/sys/man/2/sechash	Sun May 30 14:30:50 2021 +0200
+++ b/sys/man/2/sechash	Tue Jun 01 12:50:25 2021 -0700
@@ -1,7 +1,7 @@
 .TH SECHASH 2
 .SH NAME
 md4, md5, ripemd160,
-sha1, sha2_224, sha2_256, sha2_384, sha2_512,
+sha1, sha2_224, sha2_256, sha2_384, sha2_512,sha3_224, sha3_256, sha3_384, sha3_512,
 hmac_x, hmac_md5, hmac_sha1, hmac_sha2_224, hmac_sha2_256, hmac_sha2_384, hmac_sha2_512,
 poly1305 \- cryptographically secure hashes
 .SH SYNOPSIS
@@ -43,6 +43,16 @@
 .Ti
 DS*	sha2_512(uchar *data, ulong dlen, uchar *digest, DS *state)
 .Ti
+DS*	sha3(uchar *data, ulong dlen, uchar *digest, int dlen, DS *state)
+.Ti
+DS*	sha3_224(uchar *data, ulong dlen, uchar *digest, DS *state)
+.Ti
+DS*	sha3_256(uchar *data, ulong dlen, uchar *digest, DS *state)
+.Ti
+DS*	sha3_384(uchar *data, ulong dlen, uchar *digest, DS *state)
+.Ti
+DS*	sha3_512(uchar *data, ulong dlen, uchar *digest, DS *state)
+.Ti
 DS*	hmac_x(uchar *p, ulong len, uchar *key, ulong klen, uchar *digest, DS *s, DS*(*x)(uchar*, ulong, uchar*, DS*), int xlen)
 .Ti
 DS*	hmac_md5(uchar *data, ulong dlen, uchar *key, ulong klen, uchar *digest, DS *state)
@@ -78,6 +88,10 @@
 .IR sha2_256 ,
 .IR sha2_384 ,
 .IR sha2_512 ,
+.IR sha3_224 ,
+.IR sha3_256 ,
+.IR sha3_384 ,
+.IR sha3_512 ,
 differ only in the length of the resulting digest
 and in the security of the hash.
 .I Sha2_*
@@ -107,7 +121,11 @@
 .IR SHA2_224dlen ,
 .IR SHA2_256dlen ,
 .IR SHA2_384dlen ,
-.I SHA2_512dlen
+.I SHA2_512dlen ,
+.IR SHA3_224dlen ,
+.IR SHA3_256dlen ,
+.IR SHA3_384dlen ,
+.I SHA3_512dlen
 and
 .I Poly1305dlen
 define the lengths of the digests.
@@ -172,3 +190,5 @@
 .TP
 .B /lib/rfc/rfc2104
 HMAC specification
+.SH BUGS
+md4, md5 and SHA-1 are considered broken and should not be used
diff -r 8582c03efdc9 sys/src/cmd/sha1sum.c
--- a/sys/src/cmd/sha1sum.c	Sun May 30 14:30:50 2021 +0200
+++ b/sys/src/cmd/sha1sum.c	Tue Jun 01 12:50:25 2021 -0700
@@ -23,6 +23,13 @@
 	512,	SHA2_512dlen,	sha2_512,
 };
 
+static Sha2 sha3s[] = { /* This naming sucks */
+	224,	SHA3_224dlen,	sha3_224,
+	256,	SHA3_256dlen,	sha3_256,
+	384,	SHA3_384dlen,	sha3_384,
+	512,	SHA3_512dlen,	sha3_512,
+};
+
 static DigestState* (*shafunc)(uchar *, ulong, uchar *, DigestState *);
 static int shadlen;
 
@@ -64,7 +71,7 @@
 static void
 usage(void)
 {
-	fprint(2, "usage: %s [-2 bits] [file...]\n", argv0);
+	fprint(2, "usage: %s [-2 bits] [-3 bits] [file...]\n", argv0);
 	exits("usage");
 }
 
@@ -87,6 +94,16 @@
 		shafunc = sha->func;
 		shadlen = sha->dlen;
 		break;
+	case '3':
+		bits = atoi(EARGF(usage()));
+		for (sha = sha3s; sha < sha3s + nelem(sha3s); sha++)
+			if (sha->bits == bits)
+				break;
+		if (sha >= sha3s + nelem(sha2s))
+			sysfatal("unknown number of sha3 bits: %d", bits);
+		shafunc = sha->func;
+		shadlen = sha->dlen;
+		break;
 	default:
 		usage();
 	}ARGEND
diff -r 8582c03efdc9 sys/src/libsec/port/sha3.c
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/sys/src/libsec/port/sha3.c	Tue Jun 01 12:50:25 2021 -0700
@@ -0,0 +1,57 @@
+#include <u.h>
+#include <libc.h>
+#include <libsec.h>
+
+DigestState*
+sha3(uchar *p, ulong len, uchar *digest, int dlen, DigestState* s){
+	ulong i;
+	int j;
+	if(s == nil) {
+		s = mallocz(sizeof(*s), 1);
+		if(s == nil)
+			return nil;
+		s->malloced = 1;
+		s->blen = 200 - 2 * dlen;
+	}
+	j = s->pt;
+	for (i = 0; i < len; i++) {
+		s->b[j++] ^= p[i];
+		if (j >= s->blen) {
+			sha3_keccakf(s->bstate);
+			j = 0;
+		}
+	}
+	s->pt = j;
+
+	/* Don't go past this point if we're not writing the digest */
+	if(digest == nil)
+		return s;
+	s->b[s->pt] ^= 0x06;
+	s->b[s->blen - 1] ^= 0x80;
+	sha3_keccakf(s->bstate);
+	memmove(digest, s->b, dlen);
+	if(s->malloced)
+		free(s);
+
+	return s;
+}
+
+DigestState*
+sha3_224(uchar *p, ulong len, uchar *digest, SHA3_224state* s){
+	return sha3(p, len, digest, 28, s);
+}
+
+DigestState*
+sha3_256(uchar *p, ulong len, uchar *digest, SHA3_256state* s){
+	return sha3(p, len, digest, 32, s);
+}
+
+DigestState*
+sha3_384(uchar *p, ulong len, uchar *digest, SHA3_384state* s){
+	return sha3(p, len, digest, 48, s);
+}
+
+DigestState*
+sha3_512(uchar *p, ulong len, uchar *digest, SHA3_512state* s){
+	return sha3(p, len, digest, 64, s);
+}
diff -r 8582c03efdc9 sys/src/libsec/port/sha3_keccakf.c
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/sys/src/libsec/port/sha3_keccakf.c	Tue Jun 01 12:50:25 2021 -0700
@@ -0,0 +1,69 @@
+#include <u.h>
+#include <libc.h>
+#include <libsec.h>
+#define KECCAKF_ROUNDS 24
+#define ROTL64(x, y) (((x) << (y)) | ((x) >> (64 - (y))))
+
+void sha3_keccakf(u64int st[25])
+{
+    // constants
+    const u64int keccakf_rndc[24] = {
+        0x0000000000000001, 0x0000000000008082, 0x800000000000808a,
+        0x8000000080008000, 0x000000000000808b, 0x0000000080000001,
+        0x8000000080008081, 0x8000000000008009, 0x000000000000008a,
+        0x0000000000000088, 0x0000000080008009, 0x000000008000000a,
+        0x000000008000808b, 0x800000000000008b, 0x8000000000008089,
+        0x8000000000008003, 0x8000000000008002, 0x8000000000000080,
+        0x000000000000800a, 0x800000008000000a, 0x8000000080008081,
+        0x8000000000008080, 0x0000000080000001, 0x8000000080008008
+    };
+    const int keccakf_rotc[24] = {
+        1,  3,  6,  10, 15, 21, 28, 36, 45, 55, 2,  14,
+        27, 41, 56, 8,  25, 43, 62, 18, 39, 61, 20, 44
+    };
+    const int keccakf_piln[24] = {
+        10, 7,  11, 17, 18, 3, 5,  16, 8,  21, 24, 4,
+        15, 23, 19, 13, 12, 2, 20, 14, 22, 9,  6,  1
+    };
+
+    /* variables */
+    int i, j, r;
+    u64int t, bc[5];
+
+
+    /* actual iteration */
+    for (r = 0; r < KECCAKF_ROUNDS; r++) {
+
+        // Theta
+        for (i = 0; i < 5; i++)
+            bc[i] = st[i] ^ st[i + 5] ^ st[i + 10] ^ st[i + 15] ^ st[i + 20];
+
+        for (i = 0; i < 5; i++) {
+            t = bc[(i + 4) % 5] ^ ROTL64(bc[(i + 1) % 5], 1);
+            for (j = 0; j < 25; j += 5)
+                st[j + i] ^= t;
+        }
+
+        /* Rho Pi */
+        t = st[1];
+        for (i = 0; i < 24; i++) {
+            j = keccakf_piln[i];
+            bc[0] = st[j];
+            st[j] = ROTL64(t, keccakf_rotc[i]);
+            t = bc[0];
+        }
+
+        /* Chi */
+        for (j = 0; j < 25; j += 5) {
+            for (i = 0; i < 5; i++)
+                bc[i] = st[j + i];
+            for (i = 0; i < 5; i++)
+                st[j + i] ^= (~bc[(i + 1) % 5]) & bc[(i + 2) % 5];
+        }
+
+        /* Iota */
+        st[0] ^= keccakf_rndc[r];
+    }
+
+
+}

next prev parent reply	other threads:[~2021-06-02  9:28 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-05-31 16:00 fulton
2021-06-01 12:46 ` cinap_lenrek
2021-06-01 15:09   ` fulton
2021-06-02 12:16     ` cinap_lenrek
2021-06-01 19:51   ` fulton [this message]
2021-06-02 12:15     ` cinap_lenrek
2021-06-02 13:46       ` kemal
2021-06-02 14:16         ` kemal
2021-06-03  1:30           ` ori
2021-06-03 16:56           ` fulton
2021-06-02 14:45         ` cinap_lenrek
2021-06-03 15:24         ` fulton
2021-06-02 21:04       ` fulton
2021-06-03 20:28         ` hiro

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=B2103A02BF2A36FC16633995B7BD9E17@fulton.software \
    --to=fulton@fulton.software \
    --cc=9front@9front.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).