Module Name: src
Committed By: riastradh
Date: Sat May 30 18:40:28 UTC 2020
Modified Files:
src/common/lib/libc/hash/sha3: sha3.c
Log Message:
Merge updates from upstream to reduce stack usage of SHA3_Selftest.
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/common/lib/libc/hash/sha3/sha3.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/common/lib/libc/hash/sha3/sha3.c
diff -u src/common/lib/libc/hash/sha3/sha3.c:1.1 src/common/lib/libc/hash/sha3/sha3.c:1.2
--- src/common/lib/libc/hash/sha3/sha3.c:1.1 Thu Nov 30 05:47:24 2017
+++ src/common/lib/libc/hash/sha3/sha3.c Sat May 30 18:40:28 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: sha3.c,v 1.1 2017/11/30 05:47:24 riastradh Exp $ */
+/* $NetBSD: sha3.c,v 1.2 2020/05/30 18:40:28 riastradh Exp $ */
/*-
* Copyright (c) 2015 Taylor R. Campbell
@@ -38,14 +38,14 @@
#if defined(_KERNEL) || defined(_STANDALONE)
-__KERNEL_RCSID(0, "$NetBSD: sha3.c,v 1.1 2017/11/30 05:47:24 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sha3.c,v 1.2 2020/05/30 18:40:28 riastradh Exp $");
#include <lib/libkern/libkern.h>
#define SHA3_ASSERT KASSERT
#else
-__RCSID("$NetBSD: sha3.c,v 1.1 2017/11/30 05:47:24 riastradh Exp $");
+__RCSID("$NetBSD: sha3.c,v 1.2 2020/05/30 18:40:28 riastradh Exp $");
#include "namespace.h"
@@ -87,6 +87,7 @@ __weak_alias(SHAKE256_Final,_SHAKE256_Fi
#endif /* kernel/standalone */
#define MIN(a,b) ((a) < (b) ? (a) : (b))
+#define arraycount(a) (sizeof(a)/sizeof((a)[0]))
/*
* Common body. All the SHA-3 functions share code structure. They
@@ -428,19 +429,19 @@ sha3_selftest_prng(void *buf, size_t len
int
SHA3_Selftest(void)
{
- const uint8_t d224_0[] = { /* SHA3-224(0-bit) */
+ static const uint8_t d224_0[] = { /* SHA3-224(0-bit) */
0x6b,0x4e,0x03,0x42,0x36,0x67,0xdb,0xb7,
0x3b,0x6e,0x15,0x45,0x4f,0x0e,0xb1,0xab,
0xd4,0x59,0x7f,0x9a,0x1b,0x07,0x8e,0x3f,
0x5b,0x5a,0x6b,0xc7,
};
- const uint8_t d256_0[] = { /* SHA3-256(0-bit) */
+ static const uint8_t d256_0[] = { /* SHA3-256(0-bit) */
0xa7,0xff,0xc6,0xf8,0xbf,0x1e,0xd7,0x66,
0x51,0xc1,0x47,0x56,0xa0,0x61,0xd6,0x62,
0xf5,0x80,0xff,0x4d,0xe4,0x3b,0x49,0xfa,
0x82,0xd8,0x0a,0x4b,0x80,0xf8,0x43,0x4a,
};
- const uint8_t d384_0[] = { /* SHA3-384(0-bit) */
+ static const uint8_t d384_0[] = { /* SHA3-384(0-bit) */
0x0c,0x63,0xa7,0x5b,0x84,0x5e,0x4f,0x7d,
0x01,0x10,0x7d,0x85,0x2e,0x4c,0x24,0x85,
0xc5,0x1a,0x50,0xaa,0xaa,0x94,0xfc,0x61,
@@ -448,7 +449,7 @@ SHA3_Selftest(void)
0xc3,0x71,0x38,0x31,0x26,0x4a,0xdb,0x47,
0xfb,0x6b,0xd1,0xe0,0x58,0xd5,0xf0,0x04,
};
- const uint8_t d512_0[] = { /* SHA3-512(0-bit) */
+ static const uint8_t d512_0[] = { /* SHA3-512(0-bit) */
0xa6,0x9f,0x73,0xcc,0xa2,0x3a,0x9a,0xc5,
0xc8,0xb5,0x67,0xdc,0x18,0x5a,0x75,0x6e,
0x97,0xc9,0x82,0x16,0x4f,0xe2,0x58,0x59,
@@ -458,14 +459,14 @@ SHA3_Selftest(void)
0xf5,0x00,0x19,0x9d,0x95,0xb6,0xd3,0xe3,
0x01,0x75,0x85,0x86,0x28,0x1d,0xcd,0x26,
};
- const uint8_t shake128_0_41[] = { /* SHAKE128(0-bit, 41) */
+ static const uint8_t shake128_0_41[] = { /* SHAKE128(0-bit, 41) */
0x7f,0x9c,0x2b,0xa4,0xe8,0x8f,0x82,0x7d,
0x61,0x60,0x45,0x50,0x76,0x05,0x85,0x3e,
0xd7,0x3b,0x80,0x93,0xf6,0xef,0xbc,0x88,
0xeb,0x1a,0x6e,0xac,0xfa,0x66,0xef,0x26,
0x3c,0xb1,0xee,0xa9,0x88,0x00,0x4b,0x93,0x10,
};
- const uint8_t shake256_0_73[] = { /* SHAKE256(0-bit, 73) */
+ static const uint8_t shake256_0_73[] = { /* SHAKE256(0-bit, 73) */
0x46,0xb9,0xdd,0x2b,0x0b,0xa8,0x8d,0x13,
0x23,0x3b,0x3f,0xeb,0x74,0x3e,0xeb,0x24,
0x3f,0xcd,0x52,0xea,0x62,0xb8,0x1b,0x82,
@@ -476,19 +477,19 @@ SHA3_Selftest(void)
0x40,0x29,0x2e,0xac,0xb3,0xb7,0xc4,0xbe,
0x14,0x1e,0x96,0x61,0x6f,0xb1,0x39,0x57,0x69,
};
- const uint8_t d224_1600[] = { /* SHA3-224(200 * 0xa3) */
+ static const uint8_t d224_1600[] = { /* SHA3-224(200 * 0xa3) */
0x93,0x76,0x81,0x6a,0xba,0x50,0x3f,0x72,
0xf9,0x6c,0xe7,0xeb,0x65,0xac,0x09,0x5d,
0xee,0xe3,0xbe,0x4b,0xf9,0xbb,0xc2,0xa1,
0xcb,0x7e,0x11,0xe0,
};
- const uint8_t d256_1600[] = { /* SHA3-256(200 * 0xa3) */
+ static const uint8_t d256_1600[] = { /* SHA3-256(200 * 0xa3) */
0x79,0xf3,0x8a,0xde,0xc5,0xc2,0x03,0x07,
0xa9,0x8e,0xf7,0x6e,0x83,0x24,0xaf,0xbf,
0xd4,0x6c,0xfd,0x81,0xb2,0x2e,0x39,0x73,
0xc6,0x5f,0xa1,0xbd,0x9d,0xe3,0x17,0x87,
};
- const uint8_t d384_1600[] = { /* SHA3-384(200 * 0xa3) */
+ static const uint8_t d384_1600[] = { /* SHA3-384(200 * 0xa3) */
0x18,0x81,0xde,0x2c,0xa7,0xe4,0x1e,0xf9,
0x5d,0xc4,0x73,0x2b,0x8f,0x5f,0x00,0x2b,
0x18,0x9c,0xc1,0xe4,0x2b,0x74,0x16,0x8e,
@@ -496,7 +497,7 @@ SHA3_Selftest(void)
0x76,0x19,0x7a,0x31,0xfd,0x55,0xee,0x98,
0x9f,0x2d,0x70,0x50,0xdd,0x47,0x3e,0x8f,
};
- const uint8_t d512_1600[] = { /* SHA3-512(200 * 0xa3) */
+ static const uint8_t d512_1600[] = { /* SHA3-512(200 * 0xa3) */
0xe7,0x6d,0xfa,0xd2,0x20,0x84,0xa8,0xb1,
0x46,0x7f,0xcf,0x2f,0xfa,0x58,0x36,0x1b,
0xec,0x76,0x28,0xed,0xf5,0xf3,0xfd,0xc0,
@@ -506,14 +507,16 @@ SHA3_Selftest(void)
0xe5,0x89,0xc5,0x1c,0xa1,0xa4,0xa8,0x41,
0x6d,0xf6,0x54,0x5a,0x1c,0xe8,0xba,0x00,
};
- const uint8_t shake128_1600_41[] = { /* SHAKE128(200 * 0xa3, 41) */
+ static const uint8_t shake128_1600_41[] = {
+ /* SHAKE128(200 * 0xa3, 41) */
0x13,0x1a,0xb8,0xd2,0xb5,0x94,0x94,0x6b,
0x9c,0x81,0x33,0x3f,0x9b,0xb6,0xe0,0xce,
0x75,0xc3,0xb9,0x31,0x04,0xfa,0x34,0x69,
0xd3,0x91,0x74,0x57,0x38,0x5d,0xa0,0x37,
0xcf,0x23,0x2e,0xf7,0x16,0x4a,0x6d,0x1e,0xb4,
};
- const uint8_t shake256_1600_73[] = { /* SHAKE256(200 * 0xa3, 73) */
+ static const uint8_t shake256_1600_73[] = {
+ /* SHAKE256(200 * 0xa3, 73) */
0xcd,0x8a,0x92,0x0e,0xd1,0x41,0xaa,0x04,
0x07,0xa2,0x2d,0x59,0x28,0x86,0x52,0xe9,
0xd9,0xf1,0xa7,0xee,0x0c,0x1e,0x7c,0x1c,
@@ -524,24 +527,25 @@ SHA3_Selftest(void)
0x4c,0xd8,0xe0,0x6f,0x0a,0xe6,0x61,0x0b,
0x10,0x48,0xa7,0xf6,0x4e,0x10,0x74,0xcd,0x62,
};
- const uint8_t d0[] = {
- 0x6c,0x02,0x1a,0xc6,0x65,0xaf,0x80,0xfb,
- 0x52,0xe6,0x2d,0x27,0xe5,0x02,0x88,0x84,
- 0xec,0x1c,0x0c,0xe7,0x0b,0x94,0x55,0x83,
- 0x19,0xf2,0xbf,0x09,0x86,0xeb,0x1a,0xbb,
- 0xc3,0x0d,0x1c,0xef,0x22,0xfe,0xc5,0x4c,
- 0x45,0x90,0x66,0x14,0x00,0x6e,0xc8,0x79,
- 0xdf,0x1e,0x02,0xbd,0x75,0xe9,0x60,0xd8,
- 0x60,0x39,0x85,0xc9,0xc4,0xee,0x33,0xab,
- };
- const unsigned mlen[6] = { 0, 3, 128, 129, 255, 1024 };
- uint8_t m[1024], d[73];
- SHA3_224_CTX sha3224;
- SHA3_256_CTX sha3256;
- SHA3_384_CTX sha3384;
- SHA3_512_CTX sha3512;
- SHAKE128_CTX shake128;
- SHAKE256_CTX shake256;
+ static const uint8_t d0[] = {
+ 0x5d,0x3e,0x45,0xdd,0x9b,0x6b,0xda,0xf8,
+ 0xe6,0xe6,0xb8,0x72,0xfb,0xc5,0x0d,0x0a,
+ 0x4f,0x52,0x65,0xb4,0x11,0xf1,0xa1,0x0c,
+ 0x00,0xa4,0x74,0x6c,0x0f,0xc0,0xdc,0xe0,
+ 0x97,0x73,0xd6,0x70,0xaf,0xd4,0x64,0x0b,
+ 0x8c,0x52,0x32,0x4c,0x87,0x8c,0xfa,0x4a,
+ 0xdc,0x11,0x66,0x91,0x66,0x5a,0x1e,0xa4,
+ 0xd6,0x69,0x97,0xc7,0xcb,0xe2,0x73,0xca,
+ };
+ static const unsigned mlen[] = { 0, 3, 128, 129, 255 };
+ uint8_t m[255], d[73];
+ struct sha3 sha3;
+ SHA3_224_CTX *sha3224 = (SHA3_224_CTX *)&sha3;
+ SHA3_256_CTX *sha3256 = (SHA3_256_CTX *)&sha3;
+ SHA3_384_CTX *sha3384 = (SHA3_384_CTX *)&sha3;
+ SHA3_512_CTX *sha3512 = (SHA3_512_CTX *)&sha3;
+ SHAKE128_CTX *shake128 = (SHAKE128_CTX *)&sha3;
+ SHAKE256_CTX *shake256 = (SHAKE256_CTX *)&sha3;
SHA3_512_CTX ctx;
unsigned mi;
@@ -550,60 +554,60 @@ SHA3_Selftest(void)
* <http://csrc.nist.gov/groups/ST/toolkit/examples.html#aHashing>:
* 0-bit, 1600-bit repeated 0xa3 (= 0b10100011).
*/
- SHA3_224_Init(&sha3224);
- SHA3_224_Final(d, &sha3224);
+ SHA3_224_Init(sha3224);
+ SHA3_224_Final(d, sha3224);
if (memcmp(d, d224_0, 28) != 0)
return -1;
- SHA3_256_Init(&sha3256);
- SHA3_256_Final(d, &sha3256);
+ SHA3_256_Init(sha3256);
+ SHA3_256_Final(d, sha3256);
if (memcmp(d, d256_0, 32) != 0)
return -1;
- SHA3_384_Init(&sha3384);
- SHA3_384_Final(d, &sha3384);
+ SHA3_384_Init(sha3384);
+ SHA3_384_Final(d, sha3384);
if (memcmp(d, d384_0, 48) != 0)
return -1;
- SHA3_512_Init(&sha3512);
- SHA3_512_Final(d, &sha3512);
+ SHA3_512_Init(sha3512);
+ SHA3_512_Final(d, sha3512);
if (memcmp(d, d512_0, 64) != 0)
return -1;
- SHAKE128_Init(&shake128);
- SHAKE128_Final(d, 41, &shake128);
+ SHAKE128_Init(shake128);
+ SHAKE128_Final(d, 41, shake128);
if (memcmp(d, shake128_0_41, 41) != 0)
return -1;
- SHAKE256_Init(&shake256);
- SHAKE256_Final(d, 73, &shake256);
+ SHAKE256_Init(shake256);
+ SHAKE256_Final(d, 73, shake256);
if (memcmp(d, shake256_0_73, 73) != 0)
return -1;
(void)memset(m, 0xa3, 200);
- SHA3_224_Init(&sha3224);
- SHA3_224_Update(&sha3224, m, 200);
- SHA3_224_Final(d, &sha3224);
+ SHA3_224_Init(sha3224);
+ SHA3_224_Update(sha3224, m, 200);
+ SHA3_224_Final(d, sha3224);
if (memcmp(d, d224_1600, 28) != 0)
return -1;
- SHA3_256_Init(&sha3256);
- SHA3_256_Update(&sha3256, m, 200);
- SHA3_256_Final(d, &sha3256);
+ SHA3_256_Init(sha3256);
+ SHA3_256_Update(sha3256, m, 200);
+ SHA3_256_Final(d, sha3256);
if (memcmp(d, d256_1600, 32) != 0)
return -1;
- SHA3_384_Init(&sha3384);
- SHA3_384_Update(&sha3384, m, 200);
- SHA3_384_Final(d, &sha3384);
+ SHA3_384_Init(sha3384);
+ SHA3_384_Update(sha3384, m, 200);
+ SHA3_384_Final(d, sha3384);
if (memcmp(d, d384_1600, 48) != 0)
return -1;
- SHA3_512_Init(&sha3512);
- SHA3_512_Update(&sha3512, m, 200);
- SHA3_512_Final(d, &sha3512);
+ SHA3_512_Init(sha3512);
+ SHA3_512_Update(sha3512, m, 200);
+ SHA3_512_Final(d, sha3512);
if (memcmp(d, d512_1600, 64) != 0)
return -1;
- SHAKE128_Init(&shake128);
- SHAKE128_Update(&shake128, m, 200);
- SHAKE128_Final(d, 41, &shake128);
+ SHAKE128_Init(shake128);
+ SHAKE128_Update(shake128, m, 200);
+ SHAKE128_Final(d, 41, shake128);
if (memcmp(d, shake128_1600_41, 41) != 0)
return -1;
- SHAKE256_Init(&shake256);
- SHAKE256_Update(&shake256, m, 200);
- SHAKE256_Final(d, 73, &shake256);
+ SHAKE256_Init(shake256);
+ SHAKE256_Update(shake256, m, 200);
+ SHAKE256_Final(d, 73, shake256);
if (memcmp(d, shake256_1600_73, 73) != 0)
return -1;
@@ -611,32 +615,32 @@ SHA3_Selftest(void)
* Hand-crufted test vectors with unaligned message lengths.
*/
SHA3_512_Init(&ctx);
- for (mi = 0; mi < 6; mi++) {
+ for (mi = 0; mi < arraycount(mlen); mi++) {
sha3_selftest_prng(m, mlen[mi], (224/8)*mlen[mi]);
- SHA3_224_Init(&sha3224);
- SHA3_224_Update(&sha3224, m, mlen[mi]);
- SHA3_224_Final(d, &sha3224);
+ SHA3_224_Init(sha3224);
+ SHA3_224_Update(sha3224, m, mlen[mi]);
+ SHA3_224_Final(d, sha3224);
SHA3_512_Update(&ctx, d, 224/8);
}
- for (mi = 0; mi < 6; mi++) {
+ for (mi = 0; mi < arraycount(mlen); mi++) {
sha3_selftest_prng(m, mlen[mi], (256/8)*mlen[mi]);
- SHA3_256_Init(&sha3256);
- SHA3_256_Update(&sha3256, m, mlen[mi]);
- SHA3_256_Final(d, &sha3256);
+ SHA3_256_Init(sha3256);
+ SHA3_256_Update(sha3256, m, mlen[mi]);
+ SHA3_256_Final(d, sha3256);
SHA3_512_Update(&ctx, d, 256/8);
}
- for (mi = 0; mi < 6; mi++) {
+ for (mi = 0; mi < arraycount(mlen); mi++) {
sha3_selftest_prng(m, mlen[mi], (384/8)*mlen[mi]);
- SHA3_384_Init(&sha3384);
- SHA3_384_Update(&sha3384, m, mlen[mi]);
- SHA3_384_Final(d, &sha3384);
+ SHA3_384_Init(sha3384);
+ SHA3_384_Update(sha3384, m, mlen[mi]);
+ SHA3_384_Final(d, sha3384);
SHA3_512_Update(&ctx, d, 384/8);
}
- for (mi = 0; mi < 6; mi++) {
+ for (mi = 0; mi < arraycount(mlen); mi++) {
sha3_selftest_prng(m, mlen[mi], (512/8)*mlen[mi]);
- SHA3_512_Init(&sha3512);
- SHA3_512_Update(&sha3512, m, mlen[mi]);
- SHA3_512_Final(d, &sha3512);
+ SHA3_512_Init(sha3512);
+ SHA3_512_Update(sha3512, m, mlen[mi]);
+ SHA3_512_Final(d, sha3512);
SHA3_512_Update(&ctx, d, 512/8);
}
SHA3_512_Final(d, &ctx);
