From e5c0e7ffd314ac70669e795281c2e0ed5064a3b6 Mon Sep 17 00:00:00 2001 From: Karel Miko Date: Mon, 1 May 2017 21:54:32 +0200 Subject: [PATCH 1/8] SHAKE (SHA3 related) big endian fix --- src/hashes/sha3.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/hashes/sha3.c b/src/hashes/sha3.c index a529716..7c0dfb7 100644 --- a/src/hashes/sha3.c +++ b/src/hashes/sha3.c @@ -268,6 +268,17 @@ int sha3_shake_done(hash_state *md, unsigned char *out, unsigned long outlen) md->sha3.s[md->sha3.word_index] ^= (md->sha3.saved ^ (CONST64(0x1F) << (md->sha3.byte_index * 8))); md->sha3.s[SHA3_KECCAK_SPONGE_WORDS - md->sha3.capacity_words - 1] ^= CONST64(0x8000000000000000); keccakf(md->sha3.s); +#ifndef ENDIAN_LITTLE + { + unsigned i; + for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) { + const ulong32 t1 = (ulong32)(md->sha3.s[i] & CONST64(0xFFFFFFFF)); + const ulong32 t2 = (ulong32)(md->sha3.s[i] >> 32); + STORE32L(t1, md->sha3.sb + i * 8); + STORE32L(t2, md->sha3.sb + i * 8 + 4); + } + } +#endif md->sha3.byte_index = 0; md->sha3.xof_flag = 1; } From df4e47978ed3d996f336cbe79d2440dbe9958769 Mon Sep 17 00:00:00 2001 From: Karel Miko Date: Tue, 2 May 2017 07:05:23 +0200 Subject: [PATCH 2/8] =?UTF-8?q?declaration=20of=20=E2=80=98i=E2=80=99=20sh?= =?UTF-8?q?adows=20a=20previous=20local?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/hashes/sha3.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/src/hashes/sha3.c b/src/hashes/sha3.c index 7c0dfb7..27e7afb 100644 --- a/src/hashes/sha3.c +++ b/src/hashes/sha3.c @@ -269,14 +269,11 @@ int sha3_shake_done(hash_state *md, unsigned char *out, unsigned long outlen) md->sha3.s[SHA3_KECCAK_SPONGE_WORDS - md->sha3.capacity_words - 1] ^= CONST64(0x8000000000000000); keccakf(md->sha3.s); #ifndef ENDIAN_LITTLE - { - unsigned i; - for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) { - const ulong32 t1 = (ulong32)(md->sha3.s[i] & CONST64(0xFFFFFFFF)); - const ulong32 t2 = (ulong32)(md->sha3.s[i] >> 32); - STORE32L(t1, md->sha3.sb + i * 8); - STORE32L(t2, md->sha3.sb + i * 8 + 4); - } + for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) { + const ulong32 t1 = (ulong32)(md->sha3.s[i] & CONST64(0xFFFFFFFF)); + const ulong32 t2 = (ulong32)(md->sha3.s[i] >> 32); + STORE32L(t1, md->sha3.sb + i * 8); + STORE32L(t2, md->sha3.sb + i * 8 + 4); } #endif md->sha3.byte_index = 0; From c3f2e4530a63387816094e3587c4c6c0073c14b4 Mon Sep 17 00:00:00 2001 From: Karel Miko Date: Tue, 2 May 2017 07:10:52 +0200 Subject: [PATCH 3/8] =?UTF-8?q?declaration=20of=20=E2=80=98i=E2=80=99=20sh?= =?UTF-8?q?adows=20a=20previous=20local=20(better)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/hashes/sha3.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/src/hashes/sha3.c b/src/hashes/sha3.c index 27e7afb..646ac16 100644 --- a/src/hashes/sha3.c +++ b/src/hashes/sha3.c @@ -256,7 +256,7 @@ int sha3_done(hash_state *md, unsigned char *hash) int sha3_shake_done(hash_state *md, unsigned char *out, unsigned long outlen) { - unsigned long i = 0; + unsigned long idx = 0; /* sha3_shake_done can be called many times */ if (outlen == 0) return CRYPT_OK; /* nothing to do */ @@ -269,23 +269,26 @@ int sha3_shake_done(hash_state *md, unsigned char *out, unsigned long outlen) md->sha3.s[SHA3_KECCAK_SPONGE_WORDS - md->sha3.capacity_words - 1] ^= CONST64(0x8000000000000000); keccakf(md->sha3.s); #ifndef ENDIAN_LITTLE - for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) { - const ulong32 t1 = (ulong32)(md->sha3.s[i] & CONST64(0xFFFFFFFF)); - const ulong32 t2 = (ulong32)(md->sha3.s[i] >> 32); - STORE32L(t1, md->sha3.sb + i * 8); - STORE32L(t2, md->sha3.sb + i * 8 + 4); + { + unsigned i; + for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) { + const ulong32 t1 = (ulong32)(md->sha3.s[i] & CONST64(0xFFFFFFFF)); + const ulong32 t2 = (ulong32)(md->sha3.s[i] >> 32); + STORE32L(t1, md->sha3.sb + i * 8); + STORE32L(t2, md->sha3.sb + i * 8 + 4); + } } #endif md->sha3.byte_index = 0; md->sha3.xof_flag = 1; } - while (i < outlen) { + while (idx < outlen) { if(md->sha3.byte_index >= (SHA3_KECCAK_SPONGE_WORDS - md->sha3.capacity_words) * 8) { keccakf(md->sha3.s); md->sha3.byte_index = 0; } - out[i++] = md->sha3.sb[md->sha3.byte_index++]; + out[idx++] = md->sha3.sb[md->sha3.byte_index++]; } return CRYPT_OK; } From da8501f55a18e5a71a653481b4f79794147e78e3 Mon Sep 17 00:00:00 2001 From: Karel Miko Date: Tue, 2 May 2017 09:33:35 +0200 Subject: [PATCH 4/8] sha3_shake_done another be fix --- src/hashes/sha3.c | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/src/hashes/sha3.c b/src/hashes/sha3.c index 646ac16..5e70691 100644 --- a/src/hashes/sha3.c +++ b/src/hashes/sha3.c @@ -256,8 +256,11 @@ int sha3_done(hash_state *md, unsigned char *hash) int sha3_shake_done(hash_state *md, unsigned char *out, unsigned long outlen) { - unsigned long idx = 0; - /* sha3_shake_done can be called many times */ + /* IMPORTANT NOTE: sha3_shake_done can be called many times */ + unsigned long idx; +#ifndef ENDIAN_LITTLE + unsigned i; +#endif if (outlen == 0) return CRYPT_OK; /* nothing to do */ LTC_ARGCHK(md != NULL); @@ -270,7 +273,6 @@ int sha3_shake_done(hash_state *md, unsigned char *out, unsigned long outlen) keccakf(md->sha3.s); #ifndef ENDIAN_LITTLE { - unsigned i; for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) { const ulong32 t1 = (ulong32)(md->sha3.s[i] & CONST64(0xFFFFFFFF)); const ulong32 t2 = (ulong32)(md->sha3.s[i] >> 32); @@ -283,12 +285,22 @@ int sha3_shake_done(hash_state *md, unsigned char *out, unsigned long outlen) md->sha3.xof_flag = 1; } - while (idx < outlen) { + for (idx = 0; idx < outlen; idx++) { if(md->sha3.byte_index >= (SHA3_KECCAK_SPONGE_WORDS - md->sha3.capacity_words) * 8) { keccakf(md->sha3.s); +#ifndef ENDIAN_LITTLE + { + for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) { + const ulong32 t1 = (ulong32)(md->sha3.s[i] & CONST64(0xFFFFFFFF)); + const ulong32 t2 = (ulong32)(md->sha3.s[i] >> 32); + STORE32L(t1, md->sha3.sb + i * 8); + STORE32L(t2, md->sha3.sb + i * 8 + 4); + } + } +#endif md->sha3.byte_index = 0; } - out[idx++] = md->sha3.sb[md->sha3.byte_index++]; + out[idx] = md->sha3.sb[md->sha3.byte_index++]; } return CRYPT_OK; } From 961b6109d5aab7333f0d745f2fdfed4ba8d795f4 Mon Sep 17 00:00:00 2001 From: Karel Miko Date: Tue, 2 May 2017 09:35:28 +0200 Subject: [PATCH 5/8] cosmetics --- src/hashes/sha3.c | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/src/hashes/sha3.c b/src/hashes/sha3.c index 5e70691..2107176 100644 --- a/src/hashes/sha3.c +++ b/src/hashes/sha3.c @@ -272,13 +272,11 @@ int sha3_shake_done(hash_state *md, unsigned char *out, unsigned long outlen) md->sha3.s[SHA3_KECCAK_SPONGE_WORDS - md->sha3.capacity_words - 1] ^= CONST64(0x8000000000000000); keccakf(md->sha3.s); #ifndef ENDIAN_LITTLE - { - for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) { - const ulong32 t1 = (ulong32)(md->sha3.s[i] & CONST64(0xFFFFFFFF)); - const ulong32 t2 = (ulong32)(md->sha3.s[i] >> 32); - STORE32L(t1, md->sha3.sb + i * 8); - STORE32L(t2, md->sha3.sb + i * 8 + 4); - } + for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) { + const ulong32 t1 = (ulong32)(md->sha3.s[i] & CONST64(0xFFFFFFFF)); + const ulong32 t2 = (ulong32)(md->sha3.s[i] >> 32); + STORE32L(t1, md->sha3.sb + i * 8); + STORE32L(t2, md->sha3.sb + i * 8 + 4); } #endif md->sha3.byte_index = 0; @@ -289,13 +287,11 @@ int sha3_shake_done(hash_state *md, unsigned char *out, unsigned long outlen) if(md->sha3.byte_index >= (SHA3_KECCAK_SPONGE_WORDS - md->sha3.capacity_words) * 8) { keccakf(md->sha3.s); #ifndef ENDIAN_LITTLE - { - for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) { - const ulong32 t1 = (ulong32)(md->sha3.s[i] & CONST64(0xFFFFFFFF)); - const ulong32 t2 = (ulong32)(md->sha3.s[i] >> 32); - STORE32L(t1, md->sha3.sb + i * 8); - STORE32L(t2, md->sha3.sb + i * 8 + 4); - } + for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) { + const ulong32 t1 = (ulong32)(md->sha3.s[i] & CONST64(0xFFFFFFFF)); + const ulong32 t2 = (ulong32)(md->sha3.s[i] >> 32); + STORE32L(t1, md->sha3.sb + i * 8); + STORE32L(t2, md->sha3.sb + i * 8 + 4); } #endif md->sha3.byte_index = 0; From a1615daa3cc78f43cf72b7c397115f258ba32efd Mon Sep 17 00:00:00 2001 From: Karel Miko Date: Tue, 2 May 2017 17:33:29 +0200 Subject: [PATCH 6/8] shake be fix (hopefully final) --- src/hashes/sha3.c | 37 ++++++++----------------------------- src/headers/tomcrypt_hash.h | 3 ++- 2 files changed, 10 insertions(+), 30 deletions(-) diff --git a/src/hashes/sha3.c b/src/hashes/sha3.c index 2107176..68dea0b 100644 --- a/src/hashes/sha3.c +++ b/src/hashes/sha3.c @@ -231,6 +231,8 @@ int sha3_process(hash_state *md, const unsigned char *in, unsigned long inlen) int sha3_done(hash_state *md, unsigned char *hash) { + unsigned i; + LTC_ARGCHK(md != NULL); LTC_ARGCHK(hash != NULL); @@ -238,17 +240,8 @@ int sha3_done(hash_state *md, unsigned char *hash) md->sha3.s[SHA3_KECCAK_SPONGE_WORDS - md->sha3.capacity_words - 1] ^= CONST64(0x8000000000000000); keccakf(md->sha3.s); -#ifndef ENDIAN_LITTLE - { - unsigned i; - for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) { - const ulong32 t1 = (ulong32)(md->sha3.s[i] & CONST64(0xFFFFFFFF)); - const ulong32 t2 = (ulong32)(md->sha3.s[i] >> 32); - STORE32L(t1, md->sha3.sb + i * 8); - STORE32L(t2, md->sha3.sb + i * 8 + 4); - } - } -#endif + /* store sha3.s[] as little-endian bytes into sha3.sb */ + for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) STORE64L(md->sha3.s[i], md->sha3.sb + i * 8); XMEMCPY(hash, md->sha3.sb, md->sha3.capacity_words * 4); return CRYPT_OK; @@ -258,9 +251,7 @@ int sha3_shake_done(hash_state *md, unsigned char *out, unsigned long outlen) { /* IMPORTANT NOTE: sha3_shake_done can be called many times */ unsigned long idx; -#ifndef ENDIAN_LITTLE unsigned i; -#endif if (outlen == 0) return CRYPT_OK; /* nothing to do */ LTC_ARGCHK(md != NULL); @@ -271,14 +262,8 @@ int sha3_shake_done(hash_state *md, unsigned char *out, unsigned long outlen) md->sha3.s[md->sha3.word_index] ^= (md->sha3.saved ^ (CONST64(0x1F) << (md->sha3.byte_index * 8))); md->sha3.s[SHA3_KECCAK_SPONGE_WORDS - md->sha3.capacity_words - 1] ^= CONST64(0x8000000000000000); keccakf(md->sha3.s); -#ifndef ENDIAN_LITTLE - for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) { - const ulong32 t1 = (ulong32)(md->sha3.s[i] & CONST64(0xFFFFFFFF)); - const ulong32 t2 = (ulong32)(md->sha3.s[i] >> 32); - STORE32L(t1, md->sha3.sb + i * 8); - STORE32L(t2, md->sha3.sb + i * 8 + 4); - } -#endif + /* store sha3.s[] as little-endian bytes into sha3.sb */ + for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) STORE64L(md->sha3.s[i], md->sha3.sb + i * 8); md->sha3.byte_index = 0; md->sha3.xof_flag = 1; } @@ -286,14 +271,8 @@ int sha3_shake_done(hash_state *md, unsigned char *out, unsigned long outlen) for (idx = 0; idx < outlen; idx++) { if(md->sha3.byte_index >= (SHA3_KECCAK_SPONGE_WORDS - md->sha3.capacity_words) * 8) { keccakf(md->sha3.s); -#ifndef ENDIAN_LITTLE - for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) { - const ulong32 t1 = (ulong32)(md->sha3.s[i] & CONST64(0xFFFFFFFF)); - const ulong32 t2 = (ulong32)(md->sha3.s[i] >> 32); - STORE32L(t1, md->sha3.sb + i * 8); - STORE32L(t2, md->sha3.sb + i * 8 + 4); - } -#endif + /* store sha3.s[] as little-endian bytes into sha3.sb */ + for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) STORE64L(md->sha3.s[i], md->sha3.sb + i * 8); md->sha3.byte_index = 0; } out[idx] = md->sha3.sb[md->sha3.byte_index++]; diff --git a/src/headers/tomcrypt_hash.h b/src/headers/tomcrypt_hash.h index a07cbc8..c73d387 100644 --- a/src/headers/tomcrypt_hash.h +++ b/src/headers/tomcrypt_hash.h @@ -2,7 +2,8 @@ #ifdef LTC_SHA3 struct sha3_state { ulong64 saved; /* the portion of the input message that we didn't consume yet */ - union { ulong64 s[25]; unsigned char sb[25 * 8]; }; + ulong64 s[25]; + unsigned char sb[25 * 8]; /* used for storing `ulong64 s[25]` as little-endian bytes */ unsigned short byte_index; /* 0..7--the next byte after the set one (starts from 0; 0--none are buffered) */ unsigned short word_index; /* 0..24--the next word to integrate input (starts from 0) */ unsigned short capacity_words; /* the double size of the hash output in words (e.g. 16 for Keccak 512) */ From f831e27702459e2d6949b178b12f9e5f780ce3e8 Mon Sep 17 00:00:00 2001 From: Karel Miko Date: Wed, 3 May 2017 12:51:33 +0200 Subject: [PATCH 7/8] more readable for loops --- src/hashes/sha3.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/hashes/sha3.c b/src/hashes/sha3.c index 68dea0b..d5b682f 100644 --- a/src/hashes/sha3.c +++ b/src/hashes/sha3.c @@ -263,7 +263,9 @@ int sha3_shake_done(hash_state *md, unsigned char *out, unsigned long outlen) md->sha3.s[SHA3_KECCAK_SPONGE_WORDS - md->sha3.capacity_words - 1] ^= CONST64(0x8000000000000000); keccakf(md->sha3.s); /* store sha3.s[] as little-endian bytes into sha3.sb */ - for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) STORE64L(md->sha3.s[i], md->sha3.sb + i * 8); + for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) { + STORE64L(md->sha3.s[i], md->sha3.sb + i * 8); + } md->sha3.byte_index = 0; md->sha3.xof_flag = 1; } @@ -272,7 +274,9 @@ int sha3_shake_done(hash_state *md, unsigned char *out, unsigned long outlen) if(md->sha3.byte_index >= (SHA3_KECCAK_SPONGE_WORDS - md->sha3.capacity_words) * 8) { keccakf(md->sha3.s); /* store sha3.s[] as little-endian bytes into sha3.sb */ - for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) STORE64L(md->sha3.s[i], md->sha3.sb + i * 8); + for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) { + STORE64L(md->sha3.s[i], md->sha3.sb + i * 8); + } md->sha3.byte_index = 0; } out[idx] = md->sha3.sb[md->sha3.byte_index++]; From 4e66160ac21b351e31c46acf3ac90b20fe40a134 Mon Sep 17 00:00:00 2001 From: Karel Miko Date: Wed, 3 May 2017 17:01:18 +0200 Subject: [PATCH 8/8] one more readable for loop --- src/hashes/sha3.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/hashes/sha3.c b/src/hashes/sha3.c index d5b682f..35c4925 100644 --- a/src/hashes/sha3.c +++ b/src/hashes/sha3.c @@ -241,7 +241,9 @@ int sha3_done(hash_state *md, unsigned char *hash) keccakf(md->sha3.s); /* store sha3.s[] as little-endian bytes into sha3.sb */ - for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) STORE64L(md->sha3.s[i], md->sha3.sb + i * 8); + for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) { + STORE64L(md->sha3.s[i], md->sha3.sb + i * 8); + } XMEMCPY(hash, md->sha3.sb, md->sha3.capacity_words * 4); return CRYPT_OK;