From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=DATE_IN_PAST_12_24 autolearn=no autolearn_force=no version=3.4.4 Received: (qmail 26239 invoked from network); 1 Jun 2021 09:27:15 -0000 Received: from 1ess.inri.net (216.126.196.35) by inbox.vuxu.org with ESMTPUTF8; 1 Jun 2021 09:27:15 -0000 Received: from 149.28.13.84 ([149.28.13.84]) by 1ess; Mon May 31 12:33:04 -0400 2021 Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit To: 9front@9front.org Date: Mon, 31 May 2021 09:00:44 -0700 From: fulton@fulton.software MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: stable encrypted NoSQL injection-based controller Subject: [9front] [PATCH] sha3 but fixed the code style Reply-To: 9front@9front.org Precedence: bulk This adds SHA3 to 9front. SHA3 is a bit slower than 2, but is resistent length extinsion attack and has a simpler code base. While not used for much now, theres a good chance it will be needed in the long run, for stuff like tls, ssh, and file checksums. -- Fulton fulton.software!fulton diff -r 8582c03efdc9 sys/include/libsec.h --- a/sys/include/libsec.h Sun May 30 14:30:50 2021 +0200 +++ b/sys/include/libsec.h Mon May 31 08:55:39 2021 -0700 @@ -224,10 +224,14 @@ enum { SHA1dlen= 20, /* SHA digest length */ - SHA2_224dlen= 28, /* SHA-224 digest length */ - SHA2_256dlen= 32, /* SHA-256 digest length */ - SHA2_384dlen= 48, /* SHA-384 digest length */ - SHA2_512dlen= 64, /* SHA-512 digest length */ + SHA2_224dlen= 28, /* SHA2-224 digest length */ + SHA2_256dlen= 32, /* SH2A-256 digest length */ + SHA2_384dlen= 48, /* SH2A-384 digest length */ + SHA2_512dlen= 64, /* SHA2-512 digest length */ + SHA3_224dlen= 28, /* SHA3-224 digest length */ + SHA3_256dlen= 32, /* SHA3-256 digest length */ + SHA3_384dlen= 48, /* SHA3-384 digest length */ + SHA3_512dlen= 64, /* SHA3-512 digest length */ MD4dlen= 16, /* MD4 digest length */ MD5dlen= 16, /* MD5 digest length */ RIPEMD160dlen= 20, /* RIPEMD-160 digest length */ @@ -241,20 +245,27 @@ { uvlong len; union { - u32int state[16]; - u64int bstate[8]; + uchar b[200]; + u32int state[50]; + u64int bstate[25]; }; uchar buf[256]; int blen; + int pt; char malloced; char seeded; }; +void sha3_keccakf(u64int st[25]); typedef struct DigestState SHAstate; /* obsolete name */ typedef struct DigestState SHA1state; typedef struct DigestState SHA2_224state; typedef struct DigestState SHA2_256state; typedef struct DigestState SHA2_384state; typedef struct DigestState SHA2_512state; +typedef struct DigestState SHA3_224state; +typedef struct DigestState SHA3_256state; +typedef struct DigestState SHA3_384state; +typedef struct DigestState SHA3_512state; typedef struct DigestState MD5state; typedef struct DigestState MD4state; @@ -266,6 +277,11 @@ DigestState* sha2_256(uchar*, ulong, uchar*, DigestState*); DigestState* sha2_384(uchar*, ulong, uchar*, DigestState*); DigestState* sha2_512(uchar*, ulong, uchar*, DigestState*); +DigestState* sha3_224(uchar*, ulong, uchar*, DigestState*); +DigestState* sha3_256(uchar*, ulong, uchar*, DigestState*); +DigestState* sha3_384(uchar*, ulong, uchar*, DigestState*); +DigestState* sha3_512(uchar*, ulong, uchar*, DigestState*); + DigestState* hmac_x(uchar *p, ulong len, uchar *key, ulong klen, uchar *digest, DigestState *s, DigestState*(*x)(uchar*, ulong, uchar*, DigestState*), diff -r 8582c03efdc9 sys/man/1/sum --- a/sys/man/1/sum Sun May 30 14:30:50 2021 +0200 +++ b/sys/man/1/sum Mon May 31 08:55:39 2021 -0700 @@ -19,6 +19,10 @@ [ .B -2 .I bits +] +[ +.B -3 +.I bits ] [ .I file ... ] @@ -82,6 +86,12 @@ 384, and 512. +The +.L 3 +option has the same behavior of +.L 2 +, but instead outputs with +NIST SHA3 secure hash algorithm. .SH SOURCE .B /sys/src/cmd/sum.c .br @@ -92,3 +102,5 @@ .IR cmp (1), .IR wc (1), .IR sechash (2) +.SH BUGS +md5 and SHA-1 are considered broken and should not be used diff -r 8582c03efdc9 sys/man/2/sechash --- a/sys/man/2/sechash Sun May 30 14:30:50 2021 +0200 +++ b/sys/man/2/sechash Mon May 31 08:55:39 2021 -0700 @@ -1,7 +1,7 @@ .TH SECHASH 2 .SH NAME md4, md5, ripemd160, -sha1, sha2_224, sha2_256, sha2_384, sha2_512, +sha1, sha2_224, sha2_256, sha2_384, sha2_512,sha3_224, sha3_256, sha3_384, sha3_512, hmac_x, hmac_md5, hmac_sha1, hmac_sha2_224, hmac_sha2_256, hmac_sha2_384, hmac_sha2_512, poly1305 \- cryptographically secure hashes .SH SYNOPSIS @@ -43,6 +43,16 @@ .Ti DS* sha2_512(uchar *data, ulong dlen, uchar *digest, DS *state) .Ti +DS* sha3(uchar *data, ulong dlen, uchar *digest, int dlen, DS *state) +.Ti +DS* sha3_224(uchar *data, ulong dlen, uchar *digest, DS *state) +.Ti +DS* sha3_256(uchar *data, ulong dlen, uchar *digest, DS *state) +.Ti +DS* sha3_384(uchar *data, ulong dlen, uchar *digest, DS *state) +.Ti +DS* sha3_512(uchar *data, ulong dlen, uchar *digest, DS *state) +.Ti DS* hmac_x(uchar *p, ulong len, uchar *key, ulong klen, uchar *digest, DS *s, DS*(*x)(uchar*, ulong, uchar*, DS*), int xlen) .Ti DS* hmac_md5(uchar *data, ulong dlen, uchar *key, ulong klen, uchar *digest, DS *state) @@ -78,6 +88,10 @@ .IR sha2_256 , .IR sha2_384 , .IR sha2_512 , +.IR sha3_224 , +.IR sha3_256 , +.IR sha3_384 , +.IR sha3_512 , differ only in the length of the resulting digest and in the security of the hash. .I Sha2_* @@ -107,7 +121,11 @@ .IR SHA2_224dlen , .IR SHA2_256dlen , .IR SHA2_384dlen , -.I SHA2_512dlen +.I SHA2_512dlen, +.IR SHA3_224dlen , +.IR SHA3_256dlen , +.IR SHA3_384dlen , +.I SHA3_512dlen and .I Poly1305dlen define the lengths of the digests. @@ -172,3 +190,5 @@ .TP .B /lib/rfc/rfc2104 HMAC specification +.SH BUGS +md4, md5 and SHA-1 are considered broken and should not be used diff -r 8582c03efdc9 sys/src/cmd/sha1sum.c --- a/sys/src/cmd/sha1sum.c Sun May 30 14:30:50 2021 +0200 +++ b/sys/src/cmd/sha1sum.c Mon May 31 08:55:39 2021 -0700 @@ -23,6 +23,13 @@ 512, SHA2_512dlen, sha2_512, }; +static Sha2 sha3s[] = { /* This naming sucks */ + 224, SHA3_224dlen, sha3_224, + 256, SHA3_256dlen, sha3_256, + 384, SHA3_384dlen, sha3_384, + 512, SHA3_512dlen, sha3_512, +}; + static DigestState* (*shafunc)(uchar *, ulong, uchar *, DigestState *); static int shadlen; @@ -64,7 +71,7 @@ static void usage(void) { - fprint(2, "usage: %s [-2 bits] [file...]\n", argv0); + fprint(2, "usage: %s [-2 bits] [-3 bits] [file...]\n", argv0); exits("usage"); } @@ -87,6 +94,16 @@ shafunc = sha->func; shadlen = sha->dlen; break; + case '3': + bits = atoi(EARGF(usage())); + for (sha = sha3s; sha < sha3s + nelem(sha3s); sha++) + if (sha->bits == bits) + break; + if (sha >= sha3s + nelem(sha2s)) + sysfatal("unknown number of sha3 bits: %d", bits); + shafunc = sha->func; + shadlen = sha->dlen; + break; default: usage(); }ARGEND diff -r 8582c03efdc9 sys/src/libsec/port/mkfile --- a/sys/src/libsec/port/mkfile Sun May 30 14:30:50 2021 +0200 +++ b/sys/src/libsec/port/mkfile Mon May 31 08:55:39 2021 -0700 @@ -7,6 +7,7 @@ blowfish.c \ hmac.c md5.c md5block.c md4.c sha1.c sha1block.c\ sha2_64.c sha2_128.c sha2block64.c sha2block128.c\ + sha3.c sha3_keccakf.c\ poly1305.c\ rc4.c\ chacha.c chachablock.c\ diff -r 8582c03efdc9 sys/src/libsec/port/sha3.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/sys/src/libsec/port/sha3.c Mon May 31 08:55:39 2021 -0700 @@ -0,0 +1,57 @@ +#include +#include +#include + +DigestState* +sha3(uchar *p, ulong len, uchar *digest, int dlen, DigestState* s){ + ulong i; + int j; + if(s == nil) { + s = mallocz(sizeof(*s), 1); + if(s == nil) + return nil; + s->malloced = 1; + s->blen = 200 - 2 * dlen; + } + j = s->pt; + for (i = 0; i < len; i++) { + s->b[j++] ^= p[i]; + if (j >= s->blen) { + sha3_keccakf(s->bstate); + j = 0; + } + } + s->pt = j; + + /* Don't go past this point if we're not writing the digest */ + if(digest == nil) + return s; + s->b[s->pt] ^= 0x06; + s->b[s->blen - 1] ^= 0x80; + sha3_keccakf(s->bstate); + for (i = 0; i < dlen; i++) { + digest[i] = s->b[i]; + } + + return s; +} + +DigestState* +sha3_224(uchar *p, ulong len, uchar *digest, SHA3_224state* s){ + return sha3(p, len, digest, 28, s); +} + +DigestState* +sha3_256(uchar *p, ulong len, uchar *digest, SHA3_256state* s){ + return sha3(p, len, digest, 32, s); +} + +DigestState* +sha3_384(uchar *p, ulong len, uchar *digest, SHA3_384state* s){ + return sha3(p, len, digest, 48, s); +} + +DigestState* +sha3_512(uchar *p, ulong len, uchar *digest, SHA3_512state* s){ + return sha3(p, len, digest, 64, s); +}