From ad40f40818b212a4edbb571e119db010a15c2d03 Mon Sep 17 00:00:00 2001 From: cielavenir Date: Fri, 24 Feb 2017 21:04:46 +0900 Subject: [PATCH] Merged Keccak code into SHA3 --- cbits/cryptonite_keccak.c | 159 -------------------------------------- cbits/cryptonite_keccak.h | 43 ----------- cbits/cryptonite_sha3.c | 16 ++++ cbits/cryptonite_sha3.h | 4 + cryptonite.cabal | 1 - 5 files changed, 20 insertions(+), 203 deletions(-) delete mode 100644 cbits/cryptonite_keccak.c delete mode 100644 cbits/cryptonite_keccak.h diff --git a/cbits/cryptonite_keccak.c b/cbits/cryptonite_keccak.c deleted file mode 100644 index 03c2da2..0000000 --- a/cbits/cryptonite_keccak.c +++ /dev/null @@ -1,159 +0,0 @@ -/* - * Copyright (C) 2012 Vincent Hanquez - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include -#include -#include "cryptonite_bitfn.h" -#include "cryptonite_keccak.h" - -#define KECCAK_NB_ROUNDS 24 - -/* rounds constants */ -static const uint64_t keccak_rndc[24] = -{ - 0x0000000000000001ULL, 0x0000000000008082ULL, 0x800000000000808aULL, - 0x8000000080008000ULL, 0x000000000000808bULL, 0x0000000080000001ULL, - 0x8000000080008081ULL, 0x8000000000008009ULL, 0x000000000000008aULL, - 0x0000000000000088ULL, 0x0000000080008009ULL, 0x000000008000000aULL, - 0x000000008000808bULL, 0x800000000000008bULL, 0x8000000000008089ULL, - 0x8000000000008003ULL, 0x8000000000008002ULL, 0x8000000000000080ULL, - 0x000000000000800aULL, 0x800000008000000aULL, 0x8000000080008081ULL, - 0x8000000000008080ULL, 0x0000000080000001ULL, 0x8000000080008008ULL, -}; - -/* triangular numbers constants */ -static const int keccak_rotc[24] = - { 1,3,6,10,15,21,28,36,45,55,2,14,27,41,56,8,25,43,62,18,39,61,20,44 }; - -static const int keccak_piln[24] = - { 10,7,11,17,18,3,5,16,8,21,24,4,15,23,19,13,12,2,20,14,22,9,6,1 }; - -static inline void keccak_do_chunk(uint64_t state[25], uint64_t buf[], int bufsz) -{ - int i, j, r; - uint64_t tmp, bc[5]; - - /* merge buf with state */ - for (i = 0; i < bufsz; i++) - state[i] ^= le64_to_cpu(buf[i]); - - /* run keccak rounds */ - for (r = 0; r < KECCAK_NB_ROUNDS; r++) { - /* compute the parity of each columns */ - for (i = 0; i < 5; i++) - bc[i] = state[i] ^ state[i+5] ^ state[i+10] ^ state[i+15] ^ state[i+20]; - - for (i = 0; i < 5; i++) { - tmp = bc[(i + 4) % 5] ^ rol64(bc[(i + 1) % 5], 1); - for (j = 0; j < 25; j += 5) - state[j + i] ^= tmp; - } - - /* rho pi */ - tmp = state[1]; - for (i = 0; i < 24; i++) { - j = keccak_piln[i]; - bc[0] = state[j]; - state[j] = rol64(tmp, keccak_rotc[i]); - tmp = bc[0]; - } - - /* bitwise combine along rows using a = a xor (not b and c) */ - for (j = 0; j < 25; j += 5) { - for (i = 0; i < 5; i++) - bc[i] = state[j + i]; - #define andn(b,c) (~(b) & (c)) - state[j + 0] ^= andn(bc[1], bc[2]); - state[j + 1] ^= andn(bc[2], bc[3]); - state[j + 2] ^= andn(bc[3], bc[4]); - state[j + 3] ^= andn(bc[4], bc[0]); - state[j + 4] ^= andn(bc[0], bc[1]); - #undef andn - } - - /* xor the round constant */ - state[0] ^= keccak_rndc[r]; - } -} - -void cryptonite_keccak_init(struct keccak_ctx *ctx, uint32_t hashlen) -{ - int bufsz = 200 - 2 * (hashlen / 8); - memset(ctx, 0, sizeof(*ctx) + bufsz); - ctx->bufsz = bufsz; -} - -void cryptonite_keccak_update(struct keccak_ctx *ctx, uint8_t *data, uint32_t len) -{ - uint32_t to_fill; - - to_fill = ctx->bufsz - ctx->bufindex; - - if (ctx->bufindex == ctx->bufsz) { - keccak_do_chunk(ctx->state, (uint64_t *) ctx->buf, ctx->bufsz / 8); - ctx->bufindex = 0; - } - - /* process partial buffer if there's enough data to make a block */ - if (ctx->bufindex && len >= to_fill) { - memcpy(ctx->buf + ctx->bufindex, data, to_fill); - keccak_do_chunk(ctx->state, (uint64_t *) ctx->buf, ctx->bufsz / 8); - len -= to_fill; - data += to_fill; - ctx->bufindex = 0; - } - - /* process as much ctx->bufsz-block */ - for (; len >= ctx->bufsz; len -= ctx->bufsz, data += ctx->bufsz) - keccak_do_chunk(ctx->state, (uint64_t *) data, ctx->bufsz / 8); - - /* append data into buf */ - if (len) { - memcpy(ctx->buf + ctx->bufindex, data, len); - ctx->bufindex += len; - } -} - -void cryptonite_keccak_finalize(struct keccak_ctx *ctx, uint32_t hashlen, uint8_t *out) -{ - uint64_t w[25]; - - /* process full buffer if needed */ - if (ctx->bufindex == ctx->bufsz) { - keccak_do_chunk(ctx->state, (uint64_t *) ctx->buf, ctx->bufsz / 8); - ctx->bufindex = 0; - } - - /* add the 10*1 padding */ - ctx->buf[ctx->bufindex++] = 1; - memset(ctx->buf + ctx->bufindex, 0, ctx->bufsz - ctx->bufindex); - ctx->buf[ctx->bufsz - 1] |= 0x80; - - /* process */ - keccak_do_chunk(ctx->state, (uint64_t *) ctx->buf, ctx->bufsz / 8); - - /* output */ - cpu_to_le64_array(w, ctx->state, 25); - memcpy(out, w, hashlen / 8); -} diff --git a/cbits/cryptonite_keccak.h b/cbits/cryptonite_keccak.h deleted file mode 100644 index 7ac2019..0000000 --- a/cbits/cryptonite_keccak.h +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright (C) 2012 Vincent Hanquez - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef CRYPTOHASH_SHA3_H -#define CRYPTOHASH_SHA3_H - -#include - -struct keccak_ctx -{ - uint32_t bufindex; - uint32_t bufsz; - uint64_t state[25]; - uint8_t buf[0]; /* maximum SHA3-224 = 144, otherwise buffer need decrease */ -}; - -#define SHA3_CTX_SIZE sizeof(struct keccak_ctx) - -void cryptonite_keccak_init(struct keccak_ctx *ctx, uint32_t hashlen); -void cryptonite_keccak_update(struct keccak_ctx *ctx, uint8_t *data, uint32_t len); -void cryptonite_keccak_finalize(struct keccak_ctx *ctx, uint32_t hashlen, uint8_t *out); - -#endif diff --git a/cbits/cryptonite_sha3.c b/cbits/cryptonite_sha3.c index e942fe6..8982ea8 100755 --- a/cbits/cryptonite_sha3.c +++ b/cbits/cryptonite_sha3.c @@ -225,3 +225,19 @@ void cryptonite_sha3_finalize_shake(struct sha3_ctx *ctx) { cryptonite_sha3_finalize_with_pad_byte(ctx, 0x1F); } + +void cryptonite_keccak_init(struct sha3_ctx *ctx, uint32_t hashlen) +{ + cryptonite_sha3_init(ctx, hashlen); +} + +void cryptonite_keccak_update(struct sha3_ctx *ctx, uint8_t *data, uint32_t len) +{ + cryptonite_sha3_update(ctx, data, len); +} + +void cryptonite_keccak_finalize(struct sha3_ctx *ctx, uint32_t hashlen, uint8_t *out) +{ + cryptonite_sha3_finalize_with_pad_byte(ctx, 1); + cryptonite_sha3_output(ctx, out, hashlen / 8); +} diff --git a/cbits/cryptonite_sha3.h b/cbits/cryptonite_sha3.h index ca4e6f9..4fe02eb 100755 --- a/cbits/cryptonite_sha3.h +++ b/cbits/cryptonite_sha3.h @@ -59,4 +59,8 @@ void cryptonite_sha3_finalize(struct sha3_ctx *ctx, uint32_t hashlen, uint8_t *o void cryptonite_sha3_finalize_shake(struct sha3_ctx *ctx); void cryptonite_sha3_output(struct sha3_ctx *ctx, uint8_t *out, uint32_t len); +void cryptonite_keccak_init(struct sha3_ctx *ctx, uint32_t hashlen); +void cryptonite_keccak_update(struct sha3_ctx *ctx, uint8_t *data, uint32_t len); +void cryptonite_keccak_finalize(struct sha3_ctx *ctx, uint32_t hashlen, uint8_t *out); + #endif diff --git a/cryptonite.cabal b/cryptonite.cabal index de95e37..5731059 100644 --- a/cryptonite.cabal +++ b/cryptonite.cabal @@ -233,7 +233,6 @@ Library , cbits/cryptonite_sha256.c , cbits/cryptonite_sha512.c , cbits/cryptonite_sha3.c - , cbits/cryptonite_keccak.c , cbits/cryptonite_md2.c , cbits/cryptonite_md4.c , cbits/cryptonite_md5.c