Module Name: src Committed By: riastradh Date: Sat May 30 18:40:28 UTC 2020
Modified Files: src/common/lib/libc/hash/sha3: sha3.c Log Message: Merge updates from upstream to reduce stack usage of SHA3_Selftest. To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 src/common/lib/libc/hash/sha3/sha3.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/common/lib/libc/hash/sha3/sha3.c diff -u src/common/lib/libc/hash/sha3/sha3.c:1.1 src/common/lib/libc/hash/sha3/sha3.c:1.2 --- src/common/lib/libc/hash/sha3/sha3.c:1.1 Thu Nov 30 05:47:24 2017 +++ src/common/lib/libc/hash/sha3/sha3.c Sat May 30 18:40:28 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: sha3.c,v 1.1 2017/11/30 05:47:24 riastradh Exp $ */ +/* $NetBSD: sha3.c,v 1.2 2020/05/30 18:40:28 riastradh Exp $ */ /*- * Copyright (c) 2015 Taylor R. Campbell @@ -38,14 +38,14 @@ #if defined(_KERNEL) || defined(_STANDALONE) -__KERNEL_RCSID(0, "$NetBSD: sha3.c,v 1.1 2017/11/30 05:47:24 riastradh Exp $"); +__KERNEL_RCSID(0, "$NetBSD: sha3.c,v 1.2 2020/05/30 18:40:28 riastradh Exp $"); #include <lib/libkern/libkern.h> #define SHA3_ASSERT KASSERT #else -__RCSID("$NetBSD: sha3.c,v 1.1 2017/11/30 05:47:24 riastradh Exp $"); +__RCSID("$NetBSD: sha3.c,v 1.2 2020/05/30 18:40:28 riastradh Exp $"); #include "namespace.h" @@ -87,6 +87,7 @@ __weak_alias(SHAKE256_Final,_SHAKE256_Fi #endif /* kernel/standalone */ #define MIN(a,b) ((a) < (b) ? (a) : (b)) +#define arraycount(a) (sizeof(a)/sizeof((a)[0])) /* * Common body. All the SHA-3 functions share code structure. They @@ -428,19 +429,19 @@ sha3_selftest_prng(void *buf, size_t len int SHA3_Selftest(void) { - const uint8_t d224_0[] = { /* SHA3-224(0-bit) */ + static const uint8_t d224_0[] = { /* SHA3-224(0-bit) */ 0x6b,0x4e,0x03,0x42,0x36,0x67,0xdb,0xb7, 0x3b,0x6e,0x15,0x45,0x4f,0x0e,0xb1,0xab, 0xd4,0x59,0x7f,0x9a,0x1b,0x07,0x8e,0x3f, 0x5b,0x5a,0x6b,0xc7, }; - const uint8_t d256_0[] = { /* SHA3-256(0-bit) */ + static const uint8_t d256_0[] = { /* SHA3-256(0-bit) */ 0xa7,0xff,0xc6,0xf8,0xbf,0x1e,0xd7,0x66, 0x51,0xc1,0x47,0x56,0xa0,0x61,0xd6,0x62, 0xf5,0x80,0xff,0x4d,0xe4,0x3b,0x49,0xfa, 0x82,0xd8,0x0a,0x4b,0x80,0xf8,0x43,0x4a, }; - const uint8_t d384_0[] = { /* SHA3-384(0-bit) */ + static const uint8_t d384_0[] = { /* SHA3-384(0-bit) */ 0x0c,0x63,0xa7,0x5b,0x84,0x5e,0x4f,0x7d, 0x01,0x10,0x7d,0x85,0x2e,0x4c,0x24,0x85, 0xc5,0x1a,0x50,0xaa,0xaa,0x94,0xfc,0x61, @@ -448,7 +449,7 @@ SHA3_Selftest(void) 0xc3,0x71,0x38,0x31,0x26,0x4a,0xdb,0x47, 0xfb,0x6b,0xd1,0xe0,0x58,0xd5,0xf0,0x04, }; - const uint8_t d512_0[] = { /* SHA3-512(0-bit) */ + static const uint8_t d512_0[] = { /* SHA3-512(0-bit) */ 0xa6,0x9f,0x73,0xcc,0xa2,0x3a,0x9a,0xc5, 0xc8,0xb5,0x67,0xdc,0x18,0x5a,0x75,0x6e, 0x97,0xc9,0x82,0x16,0x4f,0xe2,0x58,0x59, @@ -458,14 +459,14 @@ SHA3_Selftest(void) 0xf5,0x00,0x19,0x9d,0x95,0xb6,0xd3,0xe3, 0x01,0x75,0x85,0x86,0x28,0x1d,0xcd,0x26, }; - const uint8_t shake128_0_41[] = { /* SHAKE128(0-bit, 41) */ + static const uint8_t shake128_0_41[] = { /* SHAKE128(0-bit, 41) */ 0x7f,0x9c,0x2b,0xa4,0xe8,0x8f,0x82,0x7d, 0x61,0x60,0x45,0x50,0x76,0x05,0x85,0x3e, 0xd7,0x3b,0x80,0x93,0xf6,0xef,0xbc,0x88, 0xeb,0x1a,0x6e,0xac,0xfa,0x66,0xef,0x26, 0x3c,0xb1,0xee,0xa9,0x88,0x00,0x4b,0x93,0x10, }; - const uint8_t shake256_0_73[] = { /* SHAKE256(0-bit, 73) */ + static const uint8_t shake256_0_73[] = { /* SHAKE256(0-bit, 73) */ 0x46,0xb9,0xdd,0x2b,0x0b,0xa8,0x8d,0x13, 0x23,0x3b,0x3f,0xeb,0x74,0x3e,0xeb,0x24, 0x3f,0xcd,0x52,0xea,0x62,0xb8,0x1b,0x82, @@ -476,19 +477,19 @@ SHA3_Selftest(void) 0x40,0x29,0x2e,0xac,0xb3,0xb7,0xc4,0xbe, 0x14,0x1e,0x96,0x61,0x6f,0xb1,0x39,0x57,0x69, }; - const uint8_t d224_1600[] = { /* SHA3-224(200 * 0xa3) */ + static const uint8_t d224_1600[] = { /* SHA3-224(200 * 0xa3) */ 0x93,0x76,0x81,0x6a,0xba,0x50,0x3f,0x72, 0xf9,0x6c,0xe7,0xeb,0x65,0xac,0x09,0x5d, 0xee,0xe3,0xbe,0x4b,0xf9,0xbb,0xc2,0xa1, 0xcb,0x7e,0x11,0xe0, }; - const uint8_t d256_1600[] = { /* SHA3-256(200 * 0xa3) */ + static const uint8_t d256_1600[] = { /* SHA3-256(200 * 0xa3) */ 0x79,0xf3,0x8a,0xde,0xc5,0xc2,0x03,0x07, 0xa9,0x8e,0xf7,0x6e,0x83,0x24,0xaf,0xbf, 0xd4,0x6c,0xfd,0x81,0xb2,0x2e,0x39,0x73, 0xc6,0x5f,0xa1,0xbd,0x9d,0xe3,0x17,0x87, }; - const uint8_t d384_1600[] = { /* SHA3-384(200 * 0xa3) */ + static const uint8_t d384_1600[] = { /* SHA3-384(200 * 0xa3) */ 0x18,0x81,0xde,0x2c,0xa7,0xe4,0x1e,0xf9, 0x5d,0xc4,0x73,0x2b,0x8f,0x5f,0x00,0x2b, 0x18,0x9c,0xc1,0xe4,0x2b,0x74,0x16,0x8e, @@ -496,7 +497,7 @@ SHA3_Selftest(void) 0x76,0x19,0x7a,0x31,0xfd,0x55,0xee,0x98, 0x9f,0x2d,0x70,0x50,0xdd,0x47,0x3e,0x8f, }; - const uint8_t d512_1600[] = { /* SHA3-512(200 * 0xa3) */ + static const uint8_t d512_1600[] = { /* SHA3-512(200 * 0xa3) */ 0xe7,0x6d,0xfa,0xd2,0x20,0x84,0xa8,0xb1, 0x46,0x7f,0xcf,0x2f,0xfa,0x58,0x36,0x1b, 0xec,0x76,0x28,0xed,0xf5,0xf3,0xfd,0xc0, @@ -506,14 +507,16 @@ SHA3_Selftest(void) 0xe5,0x89,0xc5,0x1c,0xa1,0xa4,0xa8,0x41, 0x6d,0xf6,0x54,0x5a,0x1c,0xe8,0xba,0x00, }; - const uint8_t shake128_1600_41[] = { /* SHAKE128(200 * 0xa3, 41) */ + static const uint8_t shake128_1600_41[] = { + /* SHAKE128(200 * 0xa3, 41) */ 0x13,0x1a,0xb8,0xd2,0xb5,0x94,0x94,0x6b, 0x9c,0x81,0x33,0x3f,0x9b,0xb6,0xe0,0xce, 0x75,0xc3,0xb9,0x31,0x04,0xfa,0x34,0x69, 0xd3,0x91,0x74,0x57,0x38,0x5d,0xa0,0x37, 0xcf,0x23,0x2e,0xf7,0x16,0x4a,0x6d,0x1e,0xb4, }; - const uint8_t shake256_1600_73[] = { /* SHAKE256(200 * 0xa3, 73) */ + static const uint8_t shake256_1600_73[] = { + /* SHAKE256(200 * 0xa3, 73) */ 0xcd,0x8a,0x92,0x0e,0xd1,0x41,0xaa,0x04, 0x07,0xa2,0x2d,0x59,0x28,0x86,0x52,0xe9, 0xd9,0xf1,0xa7,0xee,0x0c,0x1e,0x7c,0x1c, @@ -524,24 +527,25 @@ SHA3_Selftest(void) 0x4c,0xd8,0xe0,0x6f,0x0a,0xe6,0x61,0x0b, 0x10,0x48,0xa7,0xf6,0x4e,0x10,0x74,0xcd,0x62, }; - const uint8_t d0[] = { - 0x6c,0x02,0x1a,0xc6,0x65,0xaf,0x80,0xfb, - 0x52,0xe6,0x2d,0x27,0xe5,0x02,0x88,0x84, - 0xec,0x1c,0x0c,0xe7,0x0b,0x94,0x55,0x83, - 0x19,0xf2,0xbf,0x09,0x86,0xeb,0x1a,0xbb, - 0xc3,0x0d,0x1c,0xef,0x22,0xfe,0xc5,0x4c, - 0x45,0x90,0x66,0x14,0x00,0x6e,0xc8,0x79, - 0xdf,0x1e,0x02,0xbd,0x75,0xe9,0x60,0xd8, - 0x60,0x39,0x85,0xc9,0xc4,0xee,0x33,0xab, - }; - const unsigned mlen[6] = { 0, 3, 128, 129, 255, 1024 }; - uint8_t m[1024], d[73]; - SHA3_224_CTX sha3224; - SHA3_256_CTX sha3256; - SHA3_384_CTX sha3384; - SHA3_512_CTX sha3512; - SHAKE128_CTX shake128; - SHAKE256_CTX shake256; + static const uint8_t d0[] = { + 0x5d,0x3e,0x45,0xdd,0x9b,0x6b,0xda,0xf8, + 0xe6,0xe6,0xb8,0x72,0xfb,0xc5,0x0d,0x0a, + 0x4f,0x52,0x65,0xb4,0x11,0xf1,0xa1,0x0c, + 0x00,0xa4,0x74,0x6c,0x0f,0xc0,0xdc,0xe0, + 0x97,0x73,0xd6,0x70,0xaf,0xd4,0x64,0x0b, + 0x8c,0x52,0x32,0x4c,0x87,0x8c,0xfa,0x4a, + 0xdc,0x11,0x66,0x91,0x66,0x5a,0x1e,0xa4, + 0xd6,0x69,0x97,0xc7,0xcb,0xe2,0x73,0xca, + }; + static const unsigned mlen[] = { 0, 3, 128, 129, 255 }; + uint8_t m[255], d[73]; + struct sha3 sha3; + SHA3_224_CTX *sha3224 = (SHA3_224_CTX *)&sha3; + SHA3_256_CTX *sha3256 = (SHA3_256_CTX *)&sha3; + SHA3_384_CTX *sha3384 = (SHA3_384_CTX *)&sha3; + SHA3_512_CTX *sha3512 = (SHA3_512_CTX *)&sha3; + SHAKE128_CTX *shake128 = (SHAKE128_CTX *)&sha3; + SHAKE256_CTX *shake256 = (SHAKE256_CTX *)&sha3; SHA3_512_CTX ctx; unsigned mi; @@ -550,60 +554,60 @@ SHA3_Selftest(void) * <http://csrc.nist.gov/groups/ST/toolkit/examples.html#aHashing>: * 0-bit, 1600-bit repeated 0xa3 (= 0b10100011). */ - SHA3_224_Init(&sha3224); - SHA3_224_Final(d, &sha3224); + SHA3_224_Init(sha3224); + SHA3_224_Final(d, sha3224); if (memcmp(d, d224_0, 28) != 0) return -1; - SHA3_256_Init(&sha3256); - SHA3_256_Final(d, &sha3256); + SHA3_256_Init(sha3256); + SHA3_256_Final(d, sha3256); if (memcmp(d, d256_0, 32) != 0) return -1; - SHA3_384_Init(&sha3384); - SHA3_384_Final(d, &sha3384); + SHA3_384_Init(sha3384); + SHA3_384_Final(d, sha3384); if (memcmp(d, d384_0, 48) != 0) return -1; - SHA3_512_Init(&sha3512); - SHA3_512_Final(d, &sha3512); + SHA3_512_Init(sha3512); + SHA3_512_Final(d, sha3512); if (memcmp(d, d512_0, 64) != 0) return -1; - SHAKE128_Init(&shake128); - SHAKE128_Final(d, 41, &shake128); + SHAKE128_Init(shake128); + SHAKE128_Final(d, 41, shake128); if (memcmp(d, shake128_0_41, 41) != 0) return -1; - SHAKE256_Init(&shake256); - SHAKE256_Final(d, 73, &shake256); + SHAKE256_Init(shake256); + SHAKE256_Final(d, 73, shake256); if (memcmp(d, shake256_0_73, 73) != 0) return -1; (void)memset(m, 0xa3, 200); - SHA3_224_Init(&sha3224); - SHA3_224_Update(&sha3224, m, 200); - SHA3_224_Final(d, &sha3224); + SHA3_224_Init(sha3224); + SHA3_224_Update(sha3224, m, 200); + SHA3_224_Final(d, sha3224); if (memcmp(d, d224_1600, 28) != 0) return -1; - SHA3_256_Init(&sha3256); - SHA3_256_Update(&sha3256, m, 200); - SHA3_256_Final(d, &sha3256); + SHA3_256_Init(sha3256); + SHA3_256_Update(sha3256, m, 200); + SHA3_256_Final(d, sha3256); if (memcmp(d, d256_1600, 32) != 0) return -1; - SHA3_384_Init(&sha3384); - SHA3_384_Update(&sha3384, m, 200); - SHA3_384_Final(d, &sha3384); + SHA3_384_Init(sha3384); + SHA3_384_Update(sha3384, m, 200); + SHA3_384_Final(d, sha3384); if (memcmp(d, d384_1600, 48) != 0) return -1; - SHA3_512_Init(&sha3512); - SHA3_512_Update(&sha3512, m, 200); - SHA3_512_Final(d, &sha3512); + SHA3_512_Init(sha3512); + SHA3_512_Update(sha3512, m, 200); + SHA3_512_Final(d, sha3512); if (memcmp(d, d512_1600, 64) != 0) return -1; - SHAKE128_Init(&shake128); - SHAKE128_Update(&shake128, m, 200); - SHAKE128_Final(d, 41, &shake128); + SHAKE128_Init(shake128); + SHAKE128_Update(shake128, m, 200); + SHAKE128_Final(d, 41, shake128); if (memcmp(d, shake128_1600_41, 41) != 0) return -1; - SHAKE256_Init(&shake256); - SHAKE256_Update(&shake256, m, 200); - SHAKE256_Final(d, 73, &shake256); + SHAKE256_Init(shake256); + SHAKE256_Update(shake256, m, 200); + SHAKE256_Final(d, 73, shake256); if (memcmp(d, shake256_1600_73, 73) != 0) return -1; @@ -611,32 +615,32 @@ SHA3_Selftest(void) * Hand-crufted test vectors with unaligned message lengths. */ SHA3_512_Init(&ctx); - for (mi = 0; mi < 6; mi++) { + for (mi = 0; mi < arraycount(mlen); mi++) { sha3_selftest_prng(m, mlen[mi], (224/8)*mlen[mi]); - SHA3_224_Init(&sha3224); - SHA3_224_Update(&sha3224, m, mlen[mi]); - SHA3_224_Final(d, &sha3224); + SHA3_224_Init(sha3224); + SHA3_224_Update(sha3224, m, mlen[mi]); + SHA3_224_Final(d, sha3224); SHA3_512_Update(&ctx, d, 224/8); } - for (mi = 0; mi < 6; mi++) { + for (mi = 0; mi < arraycount(mlen); mi++) { sha3_selftest_prng(m, mlen[mi], (256/8)*mlen[mi]); - SHA3_256_Init(&sha3256); - SHA3_256_Update(&sha3256, m, mlen[mi]); - SHA3_256_Final(d, &sha3256); + SHA3_256_Init(sha3256); + SHA3_256_Update(sha3256, m, mlen[mi]); + SHA3_256_Final(d, sha3256); SHA3_512_Update(&ctx, d, 256/8); } - for (mi = 0; mi < 6; mi++) { + for (mi = 0; mi < arraycount(mlen); mi++) { sha3_selftest_prng(m, mlen[mi], (384/8)*mlen[mi]); - SHA3_384_Init(&sha3384); - SHA3_384_Update(&sha3384, m, mlen[mi]); - SHA3_384_Final(d, &sha3384); + SHA3_384_Init(sha3384); + SHA3_384_Update(sha3384, m, mlen[mi]); + SHA3_384_Final(d, sha3384); SHA3_512_Update(&ctx, d, 384/8); } - for (mi = 0; mi < 6; mi++) { + for (mi = 0; mi < arraycount(mlen); mi++) { sha3_selftest_prng(m, mlen[mi], (512/8)*mlen[mi]); - SHA3_512_Init(&sha3512); - SHA3_512_Update(&sha3512, m, mlen[mi]); - SHA3_512_Final(d, &sha3512); + SHA3_512_Init(sha3512); + SHA3_512_Update(sha3512, m, mlen[mi]); + SHA3_512_Final(d, sha3512); SHA3_512_Update(&ctx, d, 512/8); } SHA3_512_Final(d, &ctx);