Wayne Thornton created a merge request:
https://gitlab.rtems.org/rtems/rtos/rtems/-/merge_requests/687
Project:Branches: wmthornton-dev/rtems:libcrypt-sha3-512 to
rtems/rtos/rtems:main
Author: Wayne Thornton
## Summary
cpukit/libcrypt: Add SHA3-512 Keccak Implementation
- This commit introduces a full implementation of the SHA3-512 (Keccak)
crypt-style password hashing function to the RTEMS libcrypt module.
- The new function follows the established crypt API and output format,
allowing users to select SHA3-512 for password hashing via the
$SHA3$512$ salt prefix.
- SHA3-512 is based on the Keccak sponge construction, which operates
by absorbing input data into a large internal state and then squeezing out
the hash output. The Keccak-f[1600] permutation is applied repeatedly
to mix the state, providing strong diffusion and resistance to
cryptanalysis. Unlike the Merkle-Damgård construction used in SHA-2,
Keccak’s sponge design is more flexible and robust against certain
classes of attacks, such as length extension and collision attacks.
- The implementation parses the salt and optional rounds parameter,
mixes the password and salt into the Keccak state, and performs additional
rounds to increase computational cost. The final digest is encoded in
a base64 variant for compatibility with Unix password files.
- SHA3-512 is a newer standard, designed to address theoretical
weaknesses in SHA-2 and provide a fundamentally different cryptographic
structure.
- The sponge construction is resistant to length extension attacks,
which can affect Merkle-Damgård hashes like SHA-512.
- SHA3-512 has a higher security margin and is less susceptible to
certain future cryptanalytic advances.
- The Keccak algorithm was selected as the winner of the NIST SHA-3
competition and has undergone extensive public review.
Note: This change does not remove or alter existing SHA-256 or SHA-512
support, but adds SHA3-512 as an additional, more robust option for
password hashing in RTEMS.
cpukit/libcrypt: Added compiler flags to detect C compiler version
- Introduced compiler flags to detect which C standard is being used
and use the appropriate secure memory clearing function.
- Added memset_s_rtems function to crypt.h in order to restore the
memset_s function to the C11 compiler, which is currently missing
from the RTEMS tooling. This function is written in such a way that
it cannot be optimized away by the compiler, even in build
environments
where agressive compiler optimizations are present that might
otherwise
skip such operations.
- Removed __FBSDID as it is not used in RTEMS.
cpukit/telnetd/pty.c: Updated comments for grammar and clarity. (Previous MR
contained this change, but that MR is closed)
<!-- Default settings, if it is a dropdown it will set after submission -->
--
View it on GitLab:
https://gitlab.rtems.org/rtems/rtos/rtems/-/merge_requests/687
You're receiving this email because of your account on gitlab.rtems.org.
_______________________________________________
bugs mailing list
[email protected]
http://lists.rtems.org/mailman/listinfo/bugs
