aboutsummaryrefslogtreecommitdiff
path: root/libbb/hash_md5_sha.c
diff options
context:
space:
mode:
authorDenys Vlasenko <vda.linux@googlemail.com>2016-08-29 14:05:25 +0200
committerDenys Vlasenko <vda.linux@googlemail.com>2016-08-29 14:05:25 +0200
commit71a090f1871f165ebf3c31f733b36aafca71a6b4 (patch)
tree4f0b38ba12a6e5b80aa829574f999ae1efd9f17a /libbb/hash_md5_sha.c
parentd3d7f085ebf2898b62d4bb75566122c65be96454 (diff)
downloadbusybox-w32-71a090f1871f165ebf3c31f733b36aafca71a6b4.tar.gz
busybox-w32-71a090f1871f165ebf3c31f733b36aafca71a6b4.tar.bz2
busybox-w32-71a090f1871f165ebf3c31f733b36aafca71a6b4.zip
sha3: fix to conform to final SHA3 padding standard, add -a BITS option
function old new delta hash_file 331 396 +65 md5_sha1_sum_main 485 538 +53 packed_usage 30423 30464 +41 sha3_begin 17 31 +14 sha3_hash 101 110 +9 sha3_end 41 49 +8 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'libbb/hash_md5_sha.c')
-rw-r--r--libbb/hash_md5_sha.c55
1 files changed, 35 insertions, 20 deletions
diff --git a/libbb/hash_md5_sha.c b/libbb/hash_md5_sha.c
index d08c6b2f7..7e7d8da2f 100644
--- a/libbb/hash_md5_sha.c
+++ b/libbb/hash_md5_sha.c
@@ -941,10 +941,6 @@ void FAST_FUNC sha512_end(sha512_ctx_t *ctx, void *resbuf)
941# define OPTIMIZE_SHA3_FOR_32 1 941# define OPTIMIZE_SHA3_FOR_32 1
942#endif 942#endif
943 943
944enum {
945 SHA3_IBLK_BYTES = 72, /* 576 bits / 8 */
946};
947
948#if OPTIMIZE_SHA3_FOR_32 944#if OPTIMIZE_SHA3_FOR_32
949/* This splits every 64-bit word into a pair of 32-bit words, 945/* This splits every 64-bit word into a pair of 32-bit words,
950 * even bits go into first word, odd bits go to second one. 946 * even bits go into first word, odd bits go to second one.
@@ -1352,6 +1348,8 @@ static void sha3_process_block72(uint64_t *state)
1352void FAST_FUNC sha3_begin(sha3_ctx_t *ctx) 1348void FAST_FUNC sha3_begin(sha3_ctx_t *ctx)
1353{ 1349{
1354 memset(ctx, 0, sizeof(*ctx)); 1350 memset(ctx, 0, sizeof(*ctx));
1351 /* SHA3-512, user can override */
1352 ctx->input_block_bytes = (1600 - 512*2) / 8; /* 72 bytes */
1355} 1353}
1356 1354
1357void FAST_FUNC sha3_hash(sha3_ctx_t *ctx, const void *buffer, size_t len) 1355void FAST_FUNC sha3_hash(sha3_ctx_t *ctx, const void *buffer, size_t len)
@@ -1361,7 +1359,7 @@ void FAST_FUNC sha3_hash(sha3_ctx_t *ctx, const void *buffer, size_t len)
1361 unsigned bufpos = ctx->bytes_queued; 1359 unsigned bufpos = ctx->bytes_queued;
1362 1360
1363 while (1) { 1361 while (1) {
1364 unsigned remaining = SHA3_IBLK_BYTES - bufpos; 1362 unsigned remaining = ctx->input_block_bytes - bufpos;
1365 if (remaining > len) 1363 if (remaining > len)
1366 remaining = len; 1364 remaining = len;
1367 len -= remaining; 1365 len -= remaining;
@@ -1373,38 +1371,41 @@ void FAST_FUNC sha3_hash(sha3_ctx_t *ctx, const void *buffer, size_t len)
1373 remaining--; 1371 remaining--;
1374 } 1372 }
1375 /* Clever way to do "if (bufpos != N) break; ... ; bufpos = 0;" */ 1373 /* Clever way to do "if (bufpos != N) break; ... ; bufpos = 0;" */
1376 bufpos -= SHA3_IBLK_BYTES; 1374 bufpos -= ctx->input_block_bytes;
1377 if (bufpos != 0) 1375 if (bufpos != 0)
1378 break; 1376 break;
1379 /* Buffer is filled up, process it */ 1377 /* Buffer is filled up, process it */
1380 sha3_process_block72(ctx->state); 1378 sha3_process_block72(ctx->state);
1381 /*bufpos = 0; - already is */ 1379 /*bufpos = 0; - already is */
1382 } 1380 }
1383 ctx->bytes_queued = bufpos + SHA3_IBLK_BYTES; 1381 ctx->bytes_queued = bufpos + ctx->input_block_bytes;
1384#else 1382#else
1385 /* +50 bytes code size, but a bit faster because of long-sized XORs */ 1383 /* +50 bytes code size, but a bit faster because of long-sized XORs */
1386 const uint8_t *data = buffer; 1384 const uint8_t *data = buffer;
1387 unsigned bufpos = ctx->bytes_queued; 1385 unsigned bufpos = ctx->bytes_queued;
1386 unsigned iblk_bytes = ctx->input_block_bytes;
1388 1387
1389 /* If already data in queue, continue queuing first */ 1388 /* If already data in queue, continue queuing first */
1390 while (len != 0 && bufpos != 0) { 1389 if (bufpos != 0) {
1391 uint8_t *buf = (uint8_t*)ctx->state; 1390 while (len != 0) {
1392 buf[bufpos] ^= *data++; 1391 uint8_t *buf = (uint8_t*)ctx->state;
1393 len--; 1392 buf[bufpos] ^= *data++;
1394 bufpos++; 1393 len--;
1395 if (bufpos == SHA3_IBLK_BYTES) { 1394 bufpos++;
1396 bufpos = 0; 1395 if (bufpos == iblk_bytes) {
1397 goto do_block; 1396 bufpos = 0;
1397 goto do_block;
1398 }
1398 } 1399 }
1399 } 1400 }
1400 1401
1401 /* Absorb complete blocks */ 1402 /* Absorb complete blocks */
1402 while (len >= SHA3_IBLK_BYTES) { 1403 while (len >= iblk_bytes) {
1403 /* XOR data onto beginning of state[]. 1404 /* XOR data onto beginning of state[].
1404 * We try to be efficient - operate one word at a time, not byte. 1405 * We try to be efficient - operate one word at a time, not byte.
1405 * Careful wrt unaligned access: can't just use "*(long*)data"! 1406 * Careful wrt unaligned access: can't just use "*(long*)data"!
1406 */ 1407 */
1407 unsigned count = SHA3_IBLK_BYTES / sizeof(long); 1408 unsigned count = iblk_bytes / sizeof(long);
1408 long *buf = (long*)ctx->state; 1409 long *buf = (long*)ctx->state;
1409 do { 1410 do {
1410 long v; 1411 long v;
@@ -1412,7 +1413,7 @@ void FAST_FUNC sha3_hash(sha3_ctx_t *ctx, const void *buffer, size_t len)
1412 *buf++ ^= v; 1413 *buf++ ^= v;
1413 data += sizeof(long); 1414 data += sizeof(long);
1414 } while (--count); 1415 } while (--count);
1415 len -= SHA3_IBLK_BYTES; 1416 len -= iblk_bytes;
1416 do_block: 1417 do_block:
1417 sha3_process_block72(ctx->state); 1418 sha3_process_block72(ctx->state);
1418 } 1419 }
@@ -1433,8 +1434,22 @@ void FAST_FUNC sha3_end(sha3_ctx_t *ctx, void *resbuf)
1433{ 1434{
1434 /* Padding */ 1435 /* Padding */
1435 uint8_t *buf = (uint8_t*)ctx->state; 1436 uint8_t *buf = (uint8_t*)ctx->state;
1436 buf[ctx->bytes_queued] ^= 1; 1437 /*
1437 buf[SHA3_IBLK_BYTES - 1] ^= 0x80; 1438 * Keccak block padding is: add 1 bit after last bit of input,
1439 * then add zero bits until the end of block, and add the last 1 bit
1440 * (the last bit in the block) - the "10*1" pattern.
1441 * SHA3 standard appends additional two bits, 01, before that padding:
1442 *
1443 * SHA3-224(M) = KECCAK[448](M||01, 224)
1444 * SHA3-256(M) = KECCAK[512](M||01, 256)
1445 * SHA3-384(M) = KECCAK[768](M||01, 384)
1446 * SHA3-512(M) = KECCAK[1024](M||01, 512)
1447 * (M is the input, || is bit concatenation)
1448 *
1449 * The 6 below contains 01 "SHA3" bits and the first 1 "Keccak" bit:
1450 */
1451 buf[ctx->bytes_queued] ^= 6; /* bit pattern 00000110 */
1452 buf[ctx->input_block_bytes - 1] ^= 0x80;
1438 1453
1439 sha3_process_block72(ctx->state); 1454 sha3_process_block72(ctx->state);
1440 1455