diff -u -N files/COPYING files-20151008/COPYING --- files/COPYING 2002-12-20 20:06:11.000000000 -0800 +++ files-20151008/COPYING 2015-10-08 20:21:42.000000000 -0700 @@ -1,5 +1,6 @@ -/* - * Copyright (c) 2001 Alistair G. Crooks. All rights reserved. +/*- + * Copyright (c) 2015 Alistair Crooks + * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -9,22 +10,15 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Alistair G. Crooks. - * 4. The name of the author may not be used to endorse or promote - * products derived from this software without specific prior written - * permission. * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS - * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE - * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ Common subdirectories: files/CVS and files-20151008/CVS diff -u -N files/Makefile.in files-20151008/Makefile.in --- files/Makefile.in 2007-07-03 11:54:02.000000000 -0700 +++ files-20151008/Makefile.in 2015-10-08 20:21:42.000000000 -0700 @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.5 2007/07/03 18:54:02 joerg Exp $ +# $Id: Makefile.in,v 1.3 2015/10/08 23:04:02 agc Exp $ @SET_MAKE@ SHELL = @SHELL@ @@ -43,11 +43,12 @@ COMPILE= $(CC) $(DEFS) $(CPPFLAGS) $(CFLAGS) digest_OBJS = digest.o md5c.o rmd160.o rmd160hl.o sha2.o sha2hl.o \ -md5hl.o sha1.o sha1hl.o tiger.o whirlpool.o +md5hl.o sha1.o sha1hl.o tiger.o whirlpool.o keccak.o sha3.o sha3hl.o \ +blake2b.o blake2bhl.o SRCS= digest.c md5c.c rmd160.c rmd160hl.c sha2.c sha2hl.c md5hl.c sha1.c \ sha1hl.c md5.h rmd160.h sha1.h sha2.h tiger.c tiger.h whirlpool.c \ -whirlpool.h +whirlpool.h keccak.c sha3.c sha3hl.c blake2b.c blake2bhl.c DISTFILES= $(SRCS) AUTHORS COPYING DESCR INSTALL Makefile.in NEWS aclocal.m4 \ config.guess config.h.in config.sub configure configure.ac install-sh \ diff -u -N files/NEWS files-20151008/NEWS --- files/NEWS 2002-12-20 20:06:12.000000000 -0800 +++ files-20151008/NEWS 2015-10-08 20:21:42.000000000 -0700 @@ -1,3 +1,16 @@ +* version 20151008 + + Add blake2b and sha3 (keccak) 224/256/384/512 digests + + Move to a 2-clause BSD license + +* version 20121220 (dholland@netbsd.org) + Remove configure test for vprintf, which wasn't even being used, and + configure tests for memset/memcpy, which are standard and haven't + needed checking in a long time. This makes the configure script + tolerate injection of -Werror. + + Fix signed/unsigned mismatches in the sha2 and whirlpool code. This + package now passes -Wall with gcc45. + * 2002/09/23 Bugfix only for OSF1 4.x. Thanks to Simon Burge for catching it. diff -u -N files/README files-20151008/README --- files/README 2003-06-16 09:11:36.000000000 -0700 +++ files-20151008/README 2015-10-08 20:21:42.000000000 -0700 @@ -1,2 +1,3 @@ -The digest utility is a wrapper for the md5, sha1, sha256, sha384, sha512 and -rmd160 message digest algorithms. It first appeared in NetBSD 1.6. +The digest utility is a wrapper for the md5, sha1, sha256, sha384, +sha512, rmd160, sha3-224/256/384/512 and blake2b message digest +algorithms. It first appeared in NetBSD 1.6. diff -u -N files/aclocal.m4 files-20151008/aclocal.m4 --- files/aclocal.m4 2006-03-01 08:44:28.000000000 -0800 +++ files-20151008/aclocal.m4 2015-10-08 20:21:42.000000000 -0700 @@ -1,4 +1,4 @@ -dnl $Id: aclocal.m4,v 1.2 2006/03/01 16:44:28 joerg Exp $ +dnl $Id: aclocal.m4,v 1.1.1.1 2015/10/08 22:12:34 agc Exp $ dnl From heimdal sources dnl Id: c-attribute.m4,v 1.5 2004/08/26 12:35:41 joda Exp diff -u -N files/blake2b.c files-20151008/blake2b.c --- files/blake2b.c 1969-12-31 16:00:00.000000000 -0800 +++ files-20151008/blake2b.c 2015-10-08 20:21:42.000000000 -0700 @@ -0,0 +1,354 @@ +/*- + * Copyright (c) 2015 Taylor R. Campbell + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include +#include + +#include "blake2b.h" + +void *(*volatile blake2b_explicit_memset_impl)(void *, int, size_t) = &memset; +static void * +local_explicit_memset(void *buf, int c, size_t n) +{ + + return (*blake2b_explicit_memset_impl)(buf, c, n); +} + +static inline uint64_t +rotr64(uint64_t x, unsigned c) +{ + + return ((x >> c) | (x << (64 - c))); +} + +static inline uint64_t +le64dec(const void *buf) +{ + const uint8_t *p = buf; + + return (((uint64_t)p[0]) | + ((uint64_t)p[1] << 8) | + ((uint64_t)p[2] << 16) | + ((uint64_t)p[3] << 24) | + ((uint64_t)p[4] << 32) | + ((uint64_t)p[5] << 40) | + ((uint64_t)p[6] << 48) | + ((uint64_t)p[7] << 56)); +} + +static inline void +le64enc(void *buf, uint64_t v) +{ + uint8_t *p = buf; + + *p++ = v; v >>= 8; + *p++ = v; v >>= 8; + *p++ = v; v >>= 8; + *p++ = v; v >>= 8; + *p++ = v; v >>= 8; + *p++ = v; v >>= 8; + *p++ = v; v >>= 8; + *p++ = v; +} + +#define BLAKE2B_G(VA, VB, VC, VD, X, Y) do \ +{ \ + (VA) = (VA) + (VB) + (X); \ + (VD) = rotr64((VD) ^ (VA), 32); \ + (VC) = (VC) + (VD); \ + (VB) = rotr64((VB) ^ (VC), 24); \ + (VA) = (VA) + (VB) + (Y); \ + (VD) = rotr64((VD) ^ (VA), 16); \ + (VC) = (VC) + (VD); \ + (VB) = rotr64((VB) ^ (VC), 63); \ +} while (0) + +static const uint64_t blake2b_iv[8] = { + 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, + 0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL, + 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL, + 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL, +}; + +static const uint8_t blake2b_sigma[12][16] = { + { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 }, + { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 }, + { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 }, + { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 }, + { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 }, + { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 }, + { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 }, + { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 }, + { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 }, + { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0 }, + { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 }, + { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 }, +}; + +static void +blake2b_compress(uint64_t h[8], uint64_t c, uint64_t last, + const uint8_t in[128]) +{ + uint64_t v0,v1,v2,v3,v4,v5,v6,v7,v8,v9,v10,v11,v12,v13,v14,v15; + uint64_t m[16]; + unsigned i; + + /* Load the variables: first 8 from state, next 8 from IV. */ + v0 = h[0]; + v1 = h[1]; + v2 = h[2]; + v3 = h[3]; + v4 = h[4]; + v5 = h[5]; + v6 = h[6]; + v7 = h[7]; + v8 = blake2b_iv[0]; + v9 = blake2b_iv[1]; + v10 = blake2b_iv[2]; + v11 = blake2b_iv[3]; + v12 = blake2b_iv[4]; + v13 = blake2b_iv[5]; + v14 = blake2b_iv[6]; + v15 = blake2b_iv[7]; + + /* Incorporate the block counter and whether this is last. */ + v12 ^= c; + v14 ^= last; + + /* Load the message block. */ + for (i = 0; i < 16; i++) + m[i] = le64dec(in + 8*i); + + /* Transform the variables. */ + for (i = 0; i < 12; i++) { + const uint8_t *sigma = blake2b_sigma[i]; + + BLAKE2B_G(v0, v4, v8, v12, m[sigma[ 0]], m[sigma[ 1]]); + BLAKE2B_G(v1, v5, v9, v13, m[sigma[ 2]], m[sigma[ 3]]); + BLAKE2B_G(v2, v6, v10, v14, m[sigma[ 4]], m[sigma[ 5]]); + BLAKE2B_G(v3, v7, v11, v15, m[sigma[ 6]], m[sigma[ 7]]); + BLAKE2B_G(v0, v5, v10, v15, m[sigma[ 8]], m[sigma[ 9]]); + BLAKE2B_G(v1, v6, v11, v12, m[sigma[10]], m[sigma[11]]); + BLAKE2B_G(v2, v7, v8, v13, m[sigma[12]], m[sigma[13]]); + BLAKE2B_G(v3, v4, v9, v14, m[sigma[14]], m[sigma[15]]); + } + + /* Update the state. */ + h[0] ^= v0 ^ v8; + h[1] ^= v1 ^ v9; + h[2] ^= v2 ^ v10; + h[3] ^= v3 ^ v11; + h[4] ^= v4 ^ v12; + h[5] ^= v5 ^ v13; + h[6] ^= v6 ^ v14; + h[7] ^= v7 ^ v15; + + (void)local_explicit_memset(m, 0, sizeof m); +} + +static void +blake2b_initialisation(struct blake2b *B, size_t dlen, const void *key, size_t keylen) +{ + uint64_t param0; + unsigned i; + + assert(0 < dlen); + assert(dlen <= 64); + assert(keylen <= 64); + + /* Record the digest length. */ + B->dlen = dlen; + + /* Initialize the buffer. */ + B->nb = 0; + + /* Initialize the state. */ + B->c = 0; + for (i = 0; i < 8; i++) + B->h[i] = blake2b_iv[i]; + + /* + * Set the parameters. We support only variable digest and key + * lengths: no tree hashing, no salt, no personalization. + */ + param0 = 0; + param0 |= (uint64_t)dlen << 0; + param0 |= (uint64_t)keylen << 8; + param0 |= (uint64_t)1 << 16; /* tree fanout = 1 */ + param0 |= (uint64_t)1 << 24; /* tree depth = 1 */ + B->h[0] ^= param0; + + /* If there's a key, compress it as the first message block. */ + if (keylen) { + static const uint8_t zero_block[128]; + + blake2b_update(B, key, keylen); + blake2b_update(B, zero_block, 128 - keylen); + } +} + +void +blake2b_Init(struct blake2b *B) +{ + blake2b_initialisation(B, BLAKE2B_MAX_DIGEST, NULL, 0); +} + +void +blake2b_update(struct blake2b *B, const void *buf, size_t len) +{ + const uint8_t *p = buf; + size_t n = len; + + /* Check the current state of the buffer. */ + if (n <= 128u - B->nb) { + /* Can at most exactly fill the buffer. */ + (void)memcpy(&B->b[B->nb], p, n); + B->nb += n; + return; + } else if (0 < B->nb) { + /* Can fill the buffer and go on. */ + (void)memcpy(&B->b[B->nb], p, 128 - B->nb); + B->c += 128; + blake2b_compress(B->h, B->c, 0, B->b); + p += 128 - B->nb; + n -= 128 - B->nb; + } + + /* At a block boundary. Compress straight from the input. */ + while (128 < n) { + B->c += 128; + blake2b_compress(B->h, B->c, 0, p); + p += 128; + n -= 128; + } + + /* + * Put whatever's left in the buffer. We may fill the buffer, + * but we can't compress in that case until we know whether we + * are compressing the last block or not. + */ + (void)memcpy(B->b, p, n); + B->nb = n; +} + +void +blake2b_final(void *digest, struct blake2b *B) +{ + uint8_t *d = digest; + unsigned dlen = B->dlen; + unsigned i; + + /* Pad with zeros, and do the last compression. */ + B->c += B->nb; + for (i = B->nb; i < 128; i++) + B->b[i] = 0; + blake2b_compress(B->h, B->c, ~(uint64_t)0, B->b); + + /* Reveal the first dlen/8 words of the state. */ + for (i = 0; i < dlen/8; i++) + le64enc(d + 8*i, B->h[i]); + d += 8*i; + dlen -= 8*i; + + /* If the caller wants a partial word, reveal that too. */ + if (dlen) { + uint64_t hi = B->h[i]; + + do { + *d++ = hi; + hi >>= 8; + } while (--dlen); + } + + /* Erase the state. */ + (void)local_explicit_memset(B, 0, sizeof B); +} + +void +blake2b(void *digest, size_t dlen, const void *key, size_t keylen, + const void *in, size_t inlen) +{ + struct blake2b ctx; + + blake2b_initialisation(&ctx, dlen, key, keylen); + blake2b_update(&ctx, in, inlen); + blake2b_final(digest, &ctx); +} + +static void +blake2_selftest_prng(void *buf, size_t len, uint32_t seed) +{ + uint8_t *p = buf; + size_t n = len; + uint32_t t, a, b; + + a = 0xdead4bad * seed; + b = 1; + + while (n--) { + t = a + b; + *p++ = t >> 24; + a = b; + b = t; + } +} + +int +blake2b_selftest(void) +{ + const uint8_t d0[32] = { + 0xc2,0x3a,0x78,0x00,0xd9,0x81,0x23,0xbd, + 0x10,0xf5,0x06,0xc6,0x1e,0x29,0xda,0x56, + 0x03,0xd7,0x63,0xb8,0xbb,0xad,0x2e,0x73, + 0x7f,0x5e,0x76,0x5a,0x7b,0xcc,0xd4,0x75, + }; + const unsigned dlen[4] = { 20, 32, 48, 64 }; + const unsigned mlen[6] = { 0, 3, 128, 129, 255, 1024 }; + uint8_t m[1024], d[64], k[64]; + struct blake2b ctx; + unsigned di, mi, i; + + blake2b_initialisation(&ctx, 32, NULL, 0); + for (di = 0; di < 4; di++) { + for (mi = 0; mi < 6; mi++) { + blake2_selftest_prng(m, mlen[mi], mlen[mi]); + blake2b(d, dlen[di], NULL, 0, m, mlen[mi]); + blake2b_update(&ctx, d, dlen[di]); + + blake2_selftest_prng(k, dlen[di], dlen[di]); + blake2b(d, dlen[di], k, dlen[di], m, mlen[mi]); + blake2b_update(&ctx, d, dlen[di]); + } + } + blake2b_final(d, &ctx); + for (i = 0; i < 32; i++) { + if (d[i] != d0[i]) + return -1; + } + + return 0; +} diff -u -N files/blake2b.h files-20151008/blake2b.h --- files/blake2b.h 1969-12-31 16:00:00.000000000 -0800 +++ files-20151008/blake2b.h 2015-10-08 20:21:42.000000000 -0700 @@ -0,0 +1,54 @@ +/*- + * Copyright (c) 2015 Taylor R. Campbell + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef BLAKE2B_H +#define BLAKE2B_H + +#include +#include + +struct blake2b { + uint8_t b[128]; /* 128-byte buffer */ + uint64_t h[8]; /* 64-byte state */ + uint64_t c; /* 64-bit input byte counter */ + uint8_t nb; /* number of bytes in buffer */ + uint8_t dlen; /* digest length */ +}; + +#define BLAKE2B_MAX_DIGEST 64 +#define BLAKE2B_MAX_KEY 64 + +void blake2b_Init(struct blake2b */*B*/); +void blake2b_update(struct blake2b *, const void *, size_t); +void blake2b_final(void *, struct blake2b *); +void blake2b(void *, size_t, const void *, size_t, const void *, size_t); +int blake2b_selftest(void); + +char *blake2b_file(char */*filename*/, char */*buf*/); +char *blake2b_end(struct blake2b */*ctx*/, char */*buffer*/); +char *blake2b_data(const uint8_t */*data*/, size_t /*len*/, char */*digest*/); + +#endif /* BLAKE2B_H */ diff -u -N files/blake2bhl.c files-20151008/blake2bhl.c --- files/blake2bhl.c 1969-12-31 16:00:00.000000000 -0800 +++ files-20151008/blake2bhl.c 2015-10-08 20:21:42.000000000 -0700 @@ -0,0 +1,142 @@ +/* $NetBSD: sha3hl.c,v 1.8 2013/01/03 10:20:31 dholland Exp $ */ + +/* + * sha3hl.c + * This code includes some functions taken from sha3.c, hence the + * following licence reproduction. + * + * This code is not a verbatim copy, since some routines have been added, + * and some bugs have been fixed. + * + * Version 1.0.0beta1 + * + * Written by Aaron D. Gifford + * + * Copyright 2000 Aaron D. Gifford. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the copyright holder nor the names of contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTOR(S) ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTOR(S) BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#ifndef lint +__RCSID("$NetBSD: sha3hl.c,v 1.8 2013/01/03 10:20:31 dholland Exp $"); +#endif /* not lint */ + + +/* #include "namespace.h" */ + +#include +#ifdef HAVE_ERRNO_H +#include +#endif +#ifdef HAVE_FCNTL_H +#include +#endif +#include +#include +#include +#include + +#include "blake2b.h" + +#ifndef _DIAGASSERT +#define _DIAGASSERT(cond) assert(cond) +#endif + +#ifndef MEMSET_BZERO +#define MEMSET_BZERO(p,l) memset((p), 0, (l)) +#endif + +/* + * Constant used by blake2b_end() functions for converting the + * digest to a readable hexadecimal character string: + */ +static const char sha3_hex_digits[] = "0123456789abcdef"; + +char * +blake2b_file(char *filename, char *buf) +{ + uint8_t buffer[BUFSIZ * 20]; + struct blake2b ctx; + int fd, oerrno; + ssize_t num; + + _DIAGASSERT(filename != NULL); + /* XXX: buf may be NULL ? */ + + blake2b_Init(&ctx); + + if ((fd = open(filename, O_RDONLY)) < 0) + return (0); + + while ((num = read(fd, buffer, sizeof(buffer))) > 0) + blake2b_update(&ctx, buffer, (size_t) num); + + oerrno = errno; + close(fd); + errno = oerrno; + return (num < 0 ? 0 : blake2b_end(&ctx, buf)); +} + + +char * +blake2b_end(struct blake2b *ctx, char *buffer) +{ + uint8_t digest[BLAKE2B_MAX_DIGEST], *d = digest; + char *ret; + int i; + + /* Sanity check: */ + assert(ctx != NULL); + + if ((ret = buffer) != NULL) { + blake2b_final(digest, ctx); + + for (i = 0; i < BLAKE2B_MAX_DIGEST; i++) { + *buffer++ = sha3_hex_digits[(*d & 0xf0) >> 4]; + *buffer++ = sha3_hex_digits[*d & 0x0f]; + d++; + } + *buffer = (char) 0; + } else { + (void) MEMSET_BZERO(ctx, sizeof(*ctx)); + } + (void) MEMSET_BZERO(digest, BLAKE2B_MAX_DIGEST); + return ret; +} + +char * +blake2b_data(const uint8_t * data, size_t len, char *digest) +{ + struct blake2b ctx; + + blake2b_Init(&ctx); + blake2b_update(&ctx, data, len); + return blake2b_end(&ctx, digest); +} diff -u -N files/configure files-20151008/configure --- files/configure 2013-01-03 02:21:21.000000000 -0800 +++ files-20151008/configure 2015-10-08 20:21:42.000000000 -0700 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for nbsd-digest 20121220. +# Generated by GNU Autoconf 2.69 for nbsd-digest 20151008. # # Report bugs to . # @@ -580,8 +580,8 @@ # Identity of this package. PACKAGE_NAME='nbsd-digest' PACKAGE_TARNAME='nbsd-digest' -PACKAGE_VERSION='20121220' -PACKAGE_STRING='nbsd-digest 20121220' +PACKAGE_VERSION='20151008' +PACKAGE_STRING='nbsd-digest 20151008' PACKAGE_BUGREPORT='agc@netbsd.org' PACKAGE_URL='' @@ -1242,7 +1242,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures nbsd-digest 20121220 to adapt to many kinds of systems. +\`configure' configures nbsd-digest 20151008 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1312,7 +1312,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of nbsd-digest 20121220:";; + short | recursive ) echo "Configuration of nbsd-digest 20151008:";; esac cat <<\_ACEOF @@ -1392,7 +1392,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -nbsd-digest configure 20121220 +nbsd-digest configure 20151008 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1937,7 +1937,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by nbsd-digest $as_me 20121220, which was +It was created by nbsd-digest $as_me 20151008, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -4707,7 +4707,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by nbsd-digest $as_me 20121220, which was +This file was extended by nbsd-digest $as_me 20151008, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -4769,7 +4769,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -nbsd-digest config.status 20121220 +nbsd-digest config.status 20151008 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -u -N files/configure.ac files-20151008/configure.ac --- files/configure.ac 2013-01-03 02:20:31.000000000 -0800 +++ files-20151008/configure.ac 2015-10-08 20:21:42.000000000 -0700 @@ -1,7 +1,7 @@ -dnl $Id: configure.ac,v 1.18 2013/01/03 10:20:31 dholland Exp $ +dnl $Id: configure.ac,v 1.2 2015/10/08 23:04:03 agc Exp $ dnl Process this file with autoconf to produce a configure script. AC_PREREQ(2.57) -AC_INIT([nbsd-digest],[20121220],[agc@netbsd.org]) +AC_INIT([nbsd-digest],[20151008],[agc@netbsd.org]) AC_CONFIG_SRCDIR([digest.c]) AC_CONFIG_HEADER(config.h) AC_ARG_PROGRAM diff -u -N files/digest.1 files-20151008/digest.1 --- files/digest.1 2013-07-20 14:50:52.000000000 -0700 +++ files-20151008/digest.1 2015-10-08 20:21:42.000000000 -0700 @@ -1,7 +1,7 @@ -.\" $NetBSD: digest.1,v 1.7 2013/07/20 21:50:52 wiz Exp $ +.\" $NetBSD: genraidconf.8,v 1.3 2011/05/17 11:23:41 wiz Exp $ .\" -.\" -.\" Copyright (c) 2001 Alistair G. Crooks. All rights reserved. +.\" Copyright (c) 2001-2015 Alistair Crooks +.\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions @@ -11,27 +11,19 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by Alistair G. Crooks. -.\" 4. The name of the author may not be used to endorse or promote -.\" products derived from this software without specific prior written -.\" permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS -.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY -.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE -.\" GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -.\" NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -.\" SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd March 23, 2005 +.Dd October 8, 2015 .Dt DIGEST 1 .Os .Sh NAME @@ -47,7 +39,7 @@ utility calculates message digests of files or, if no file is specified, standard input. The list of possible algorithms is: -.Bl -tag -width Ds +.Bl -tag -width whirlpool .It md5 the .Xr md5 3 @@ -80,6 +72,26 @@ the whirlpool algorithm will be used. +.It sha3-224 +the +sha3-224 +algorithm will be used. +.It sha3-256 +the +sha3-256 +algorithm will be used. +.It sha3-384 +the +sha3-384 +algorithm will be used. +.It sha3-512 +the +sha3-512 +algorithm will be used. +.It blake2 +the +blake2b +algorithm will be used. .El .Pp The diff -u -N files/digest.c files-20151008/digest.c --- files/digest.c 2007-09-21 11:44:36.000000000 -0700 +++ files-20151008/digest.c 2015-10-08 20:21:42.000000000 -0700 @@ -1,7 +1,8 @@ /* $NetBSD: digest.c,v 1.15 2007/09/21 18:44:36 joerg Exp $ */ -/* - * Copyright (c) 2001-2005 Alistair G. Crooks. All rights reserved. +/*- + * Copyright (c) 2001-2015 Alistair Crooks + * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -11,36 +12,22 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Alistair G. Crooks. - * 4. The name of the author may not be used to endorse or promote - * products derived from this software without specific prior written - * permission. * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS - * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE - * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include "config.h" #endif -#ifndef lint -__COPYRIGHT("@(#) Copyright (c) 2001-2005 \ - The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: digest.c,v 1.15 2007/09/21 18:44:36 joerg Exp $"); -#endif - - #ifdef HAVE_ERRNO_H #include #endif @@ -60,6 +47,9 @@ #include #endif +#include "sha3.h" +#include "blake2b.h" + typedef void (*HASH_init)(void *); typedef void (*HASH_update)(void *, const uint8_t *, size_t); typedef char *(*HASH_end)(void *, char *); @@ -82,6 +72,11 @@ SHA512_CTX sha512; tiger_context_t tiger; whirlpool_context_t whirlpool; + SHA3_224_CTX sha3_224; + SHA3_256_CTX sha3_256; + SHA3_384_CTX sha3_384; + SHA3_512_CTX sha3_512; + struct blake2b blake2b; } hash_ctx, hash_ctx2; } alg_t; @@ -111,6 +106,21 @@ { "WHIRLPOOL", WHIRLPOOL_DIGEST_BYTES, (HASH_init) whirlpool_init, (HASH_update) whirlpool_update, (HASH_end) whirlpool_end, (HASH_file) whirlpool_file }, + { "SHA3-224", SHA3_224_DIGEST_LENGTH, + (HASH_init)SHA3_224_Init, (HASH_update) SHA3_224_Update, + (HASH_end) SHA3_224_End, (HASH_file) SHA3_224_File }, + { "SHA3-256", SHA3_256_DIGEST_LENGTH, + (HASH_init)SHA3_256_Init, (HASH_update) SHA3_256_Update, + (HASH_end) SHA3_256_End, (HASH_file) SHA3_256_File }, + { "SHA3-384", SHA3_384_DIGEST_LENGTH, + (HASH_init)SHA3_384_Init, (HASH_update) SHA3_384_Update, + (HASH_end) SHA3_384_End, (HASH_file) SHA3_384_File }, + { "SHA3-512", SHA3_512_DIGEST_LENGTH, + (HASH_init)SHA3_512_Init, (HASH_update) SHA3_512_Update, + (HASH_end) SHA3_512_End, (HASH_file) SHA3_512_File }, + { "blake2", BLAKE2B_MAX_DIGEST, + (HASH_init)blake2b_Init, (HASH_update) blake2b_update, + (HASH_end) blake2b_end, (HASH_file) blake2b_file }, { NULL } }; diff -u -N files/keccak.c files-20151008/keccak.c --- files/keccak.c 1969-12-31 16:00:00.000000000 -0800 +++ files-20151008/keccak.c 2015-10-08 20:21:42.000000000 -0700 @@ -0,0 +1,160 @@ +/*- + * Copyright (c) 2015 Taylor R. Campbell + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +#include "keccak.h" + +#define secret /* can't use in variable-time operations, should zero */ + +static inline secret uint64_t +rol64(secret uint64_t v, unsigned c) +{ + + return ((v << c) | (v >> (64 - c))); +} + +static inline void +keccakf1600_theta(secret uint64_t A[25]) +{ + secret uint64_t C0, C1, C2, C3, C4; + unsigned y; + + C0 = C1 = C2 = C3 = C4 = 0; + for (y = 0; y < 5; y++) { + C0 ^= A[0 + 5*y]; + C1 ^= A[1 + 5*y]; + C2 ^= A[2 + 5*y]; + C3 ^= A[3 + 5*y]; + C4 ^= A[4 + 5*y]; + } + for (y = 0; y < 5; y++) { + A[0 + 5*y] ^= C4 ^ rol64(C1, 1); + A[1 + 5*y] ^= C0 ^ rol64(C2, 1); + A[2 + 5*y] ^= C1 ^ rol64(C3, 1); + A[3 + 5*y] ^= C2 ^ rol64(C4, 1); + A[4 + 5*y] ^= C3 ^ rol64(C0, 1); + } +} + +static inline void +keccakf1600_rho_pi(secret uint64_t A[25]) +{ + secret uint64_t T, U; + + /* + * Permute by (x,y) |---> (y, 2x + 3y mod 5) starting at (1,0), + * rotate the ith element by (i + 1)(i + 2)/2 mod 64. + */ + U = A[ 1]; T = U; + U = A[10]; A[10] = rol64(T, 1); T = U; + U = A[ 7]; A[ 7] = rol64(T, 3); T = U; + U = A[11]; A[11] = rol64(T, 6); T = U; + U = A[17]; A[17] = rol64(T, 10); T = U; + U = A[18]; A[18] = rol64(T, 15); T = U; + U = A[ 3]; A[ 3] = rol64(T, 21); T = U; + U = A[ 5]; A[ 5] = rol64(T, 28); T = U; + U = A[16]; A[16] = rol64(T, 36); T = U; + U = A[ 8]; A[ 8] = rol64(T, 45); T = U; + U = A[21]; A[21] = rol64(T, 55); T = U; + U = A[24]; A[24] = rol64(T, 2); T = U; + U = A[ 4]; A[ 4] = rol64(T, 14); T = U; + U = A[15]; A[15] = rol64(T, 27); T = U; + U = A[23]; A[23] = rol64(T, 41); T = U; + U = A[19]; A[19] = rol64(T, 56); T = U; + U = A[13]; A[13] = rol64(T, 8); T = U; + U = A[12]; A[12] = rol64(T, 25); T = U; + U = A[ 2]; A[ 2] = rol64(T, 43); T = U; + U = A[20]; A[20] = rol64(T, 62); T = U; + U = A[14]; A[14] = rol64(T, 18); T = U; + U = A[22]; A[22] = rol64(T, 39); T = U; + U = A[ 9]; A[ 9] = rol64(T, 61); T = U; + U = A[ 6]; A[ 6] = rol64(T, 20); T = U; + A[ 1] = rol64(T, 44); +} + +static inline void +keccakf1600_chi(secret uint64_t A[25]) +{ + secret uint64_t B0, B1, B2, B3, B4; + unsigned y; + + for (y = 0; y < 5; y++) { + B0 = A[0 + 5*y]; + B1 = A[1 + 5*y]; + B2 = A[2 + 5*y]; + B3 = A[3 + 5*y]; + B4 = A[4 + 5*y]; + A[0 + 5*y] ^= ~B1 & B2; + A[1 + 5*y] ^= ~B2 & B3; + A[2 + 5*y] ^= ~B3 & B4; + A[3 + 5*y] ^= ~B4 & B0; + A[4 + 5*y] ^= ~B0 & B1; + } +} + +static void +keccakf1600_round(secret uint64_t A[25]) +{ + + keccakf1600_theta(A); + keccakf1600_rho_pi(A); + keccakf1600_chi(A); +} + +void +keccakf1600(secret uint64_t A[25]) +{ + + /* + * RC[i] = \sum_{j = 0,...,6} rc(j + 7i) 2^(2^j - 1), + * rc(t) = (x^t mod x^8 + x^6 + x^5 + x^4 + 1) mod x in GF(2)[x] + */ + keccakf1600_round(A); A[0] ^= 0x0000000000000001ULL; /* RC[0] */ + keccakf1600_round(A); A[0] ^= 0x0000000000008082ULL; /* RC[1] */ + keccakf1600_round(A); A[0] ^= 0x800000000000808aULL; /* RC[2] */ + keccakf1600_round(A); A[0] ^= 0x8000000080008000ULL; /* RC[3] */ + keccakf1600_round(A); A[0] ^= 0x000000000000808bULL; /* RC[4] */ + keccakf1600_round(A); A[0] ^= 0x0000000080000001ULL; /* RC[5] */ + keccakf1600_round(A); A[0] ^= 0x8000000080008081ULL; /* RC[6] */ + keccakf1600_round(A); A[0] ^= 0x8000000000008009ULL; /* RC[7] */ + keccakf1600_round(A); A[0] ^= 0x000000000000008aULL; /* RC[8] */ + keccakf1600_round(A); A[0] ^= 0x0000000000000088ULL; /* RC[9] */ + keccakf1600_round(A); A[0] ^= 0x0000000080008009ULL; /* RC[10] */ + keccakf1600_round(A); A[0] ^= 0x000000008000000aULL; /* RC[11] */ + keccakf1600_round(A); A[0] ^= 0x000000008000808bULL; /* RC[12] */ + keccakf1600_round(A); A[0] ^= 0x800000000000008bULL; /* RC[13] */ + keccakf1600_round(A); A[0] ^= 0x8000000000008089ULL; /* RC[14] */ + keccakf1600_round(A); A[0] ^= 0x8000000000008003ULL; /* RC[15] */ + keccakf1600_round(A); A[0] ^= 0x8000000000008002ULL; /* RC[16] */ + keccakf1600_round(A); A[0] ^= 0x8000000000000080ULL; /* RC[17] */ + keccakf1600_round(A); A[0] ^= 0x000000000000800aULL; /* RC[18] */ + keccakf1600_round(A); A[0] ^= 0x800000008000000aULL; /* RC[19] */ + keccakf1600_round(A); A[0] ^= 0x8000000080008081ULL; /* RC[20] */ + keccakf1600_round(A); A[0] ^= 0x8000000000008080ULL; /* RC[21] */ + keccakf1600_round(A); A[0] ^= 0x0000000080000001ULL; /* RC[22] */ + keccakf1600_round(A); A[0] ^= 0x8000000080008008ULL; /* RC[23] */ +} diff -u -N files/keccak.h files-20151008/keccak.h --- files/keccak.h 1969-12-31 16:00:00.000000000 -0800 +++ files-20151008/keccak.h 2015-10-08 20:21:42.000000000 -0700 @@ -0,0 +1,34 @@ +/*- + * Copyright (c) 2015 Taylor R. Campbell + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef _KECCAK_H +#define _KECCAK_H + +#include + +void keccakf1600(uint64_t A[25]); + +#endif /* _KECCAK_H */ diff -u -N files/mkinstalldirs files-20151008/mkinstalldirs --- files/mkinstalldirs 2002-12-20 20:06:15.000000000 -0800 +++ files-20151008/mkinstalldirs 2015-10-08 20:21:42.000000000 -0700 @@ -4,7 +4,7 @@ # Created: 1993-05-16 # Public domain -# $Id: mkinstalldirs,v 1.1 2002/12/21 04:06:15 schmonz Exp $ +# $Id: mkinstalldirs,v 1.1.1.1 2015/10/08 22:12:36 agc Exp $ errstatus=0 diff -u -N files/sha3.c files-20151008/sha3.c --- files/sha3.c 1969-12-31 16:00:00.000000000 -0800 +++ files-20151008/sha3.c 2015-10-08 20:21:42.000000000 -0700 @@ -0,0 +1,383 @@ +/*- + * Copyright (c) 2015 Taylor R. Campbell + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * SHA-3: FIPS-202, Permutation-Based Hash and Extendable-Ouptut Functions + */ + +#include +#include +#include +#include + +#include "keccak.h" + +#include "sha3.h" + +#define MIN(a,b) ((a) < (b) ? (a) : (b)) + +void *(*volatile sha3_explicit_memset_impl)(void *, int, size_t) = &memset; +static void * +local_explicit_memset(void *buf, int c, size_t n) +{ + + return (*sha3_explicit_memset_impl)(buf, c, n); +} + +static inline uint64_t +le64dec(const void *buf) +{ + const uint8_t *p = buf; + + return (((uint64_t)p[0]) | + ((uint64_t)p[1] << 8) | + ((uint64_t)p[2] << 16) | + ((uint64_t)p[3] << 24) | + ((uint64_t)p[4] << 32) | + ((uint64_t)p[5] << 40) | + ((uint64_t)p[6] << 48) | + ((uint64_t)p[7] << 56)); +} + +static inline void +le64enc(void *buf, uint64_t v) +{ + uint8_t *p = buf; + + *p++ = v; v >>= 8; + *p++ = v; v >>= 8; + *p++ = v; v >>= 8; + *p++ = v; v >>= 8; + *p++ = v; v >>= 8; + *p++ = v; v >>= 8; + *p++ = v; v >>= 8; + *p++ = v; +} + +/* + * Common body. All the SHA-3 functions share code structure. They + * differ only in the size of the chunks they split the message into: + * for digest size d, they are split into chunks of 200 - d bytes. + */ + +static inline unsigned +sha3_rate(unsigned d) +{ + const unsigned cw = 2*d/8; /* capacity in words */ + + return 25 - cw; +} + +static void +sha3_init(struct sha3 *C, unsigned rw) +{ + unsigned iw; + + C->nb = 8*rw; + for (iw = 0; iw < 25; iw++) + C->A[iw] = 0; +} + +static void +sha3_update(struct sha3 *C, const uint8_t *data, size_t len, unsigned rw) +{ + uint64_t T; + unsigned ib, iw; /* index of byte/word */ + + assert(0 < C->nb); + + /* If there's a partial word, try to fill it. */ + if ((C->nb % 8) != 0) { + T = 0; + for (ib = 0; ib < MIN(len, C->nb % 8); ib++) + T |= (uint64_t)data[ib] << (8*ib); + C->A[rw - (C->nb + 7)/8] ^= T << (8*(8 - (C->nb % 8))); + C->nb -= ib; + data += ib; + len -= ib; + + /* If we filled the buffer, permute now. */ + if (C->nb == 0) { + keccakf1600(C->A); + C->nb = 8*rw; + } + + /* If that exhausted the input, we're done. */ + if (len == 0) + return; + } + + /* At a word boundary. Fill any partial buffer. */ + assert((C->nb % 8) == 0); + if (C->nb < 8*rw) { + for (iw = 0; iw < MIN(len, C->nb)/8; iw++) + C->A[rw - C->nb/8 + iw] ^= le64dec(data + 8*iw); + C->nb -= 8*iw; + data += 8*iw; + len -= 8*iw; + + /* If we filled the buffer, permute now. */ + if (C->nb == 0) { + keccakf1600(C->A); + C->nb = 8*rw; + } else { + /* Otherwise, less than a word left. */ + assert(len < 8); + goto partial; + } + } + + /* At a buffer boundary. Absorb input one buffer at a time. */ + assert(C->nb == 8*rw); + while (8*rw <= len) { + for (iw = 0; iw < rw; iw++) + C->A[iw] ^= le64dec(data + 8*iw); + keccakf1600(C->A); + data += 8*rw; + len -= 8*rw; + } + + /* Partially fill the buffer with as many words as we can. */ + for (iw = 0; iw < len/8; iw++) + C->A[rw - C->nb/8 + iw] ^= le64dec(data + 8*iw); + C->nb -= 8*iw; + data += 8*iw; + len -= 8*iw; + +partial: + /* Partially fill the last word with as many bytes as we can. */ + assert(len < 8); + assert(0 < C->nb); + assert((C->nb % 8) == 0); + T = 0; + for (ib = 0; ib < len; ib++) + T |= (uint64_t)data[ib] << (8*ib); + C->A[rw - C->nb/8] ^= T; + C->nb -= ib; + assert(0 < C->nb); +} + +static void +sha3_final(uint8_t *h, unsigned d, struct sha3 *C, unsigned rw) +{ + unsigned nw, iw; + + assert(d <= 8*25); + assert(0 < C->nb); + + /* Append 01, pad with 10*1 up to buffer boundary, LSB first. */ + nw = (C->nb + 7)/8; + assert(0 < nw); + assert(nw <= rw); + C->A[rw - nw] ^= (uint64_t)0x06 << (8*(8*nw - C->nb)); + C->A[rw - 1] ^= 0x8000000000000000ULL; + + /* Permute one last time. */ + keccakf1600(C->A); + + /* Reveal the first 8d bits of state, forget 1600-8d of them. */ + for (iw = 0; iw < d/8; iw++) + le64enc(h + 8*iw, C->A[iw]); + h += 8*iw; + d -= 8*iw; + if (0 < d) { + /* For SHA3-224, we need to expose a partial word. */ + uint64_t T = C->A[iw]; + do { + *h++ = T & 0xff; + T >>= 8; + } while (--d); + } + (void)local_explicit_memset(C->A, 0, sizeof C->A); + C->nb = 0; +} + +void +SHA3_224_Init(SHA3_224_CTX *C) +{ + + sha3_init(&C->C224, sha3_rate(SHA3_224_DIGEST_LENGTH)); +} + +void +SHA3_224_Update(SHA3_224_CTX *C, const uint8_t *data, size_t len) +{ + + sha3_update(&C->C224, data, len, sha3_rate(SHA3_224_DIGEST_LENGTH)); +} + +void +SHA3_224_Final(uint8_t h[SHA3_224_DIGEST_LENGTH], SHA3_224_CTX *C) +{ + + sha3_final(h, SHA3_224_DIGEST_LENGTH, &C->C224, + sha3_rate(SHA3_224_DIGEST_LENGTH)); +} + +void +SHA3_256_Init(SHA3_256_CTX *C) +{ + + sha3_init(&C->C256, sha3_rate(SHA3_256_DIGEST_LENGTH)); +} + +void +SHA3_256_Update(SHA3_256_CTX *C, const uint8_t *data, size_t len) +{ + + sha3_update(&C->C256, data, len, sha3_rate(SHA3_256_DIGEST_LENGTH)); +} + +void +SHA3_256_Final(uint8_t h[SHA3_256_DIGEST_LENGTH], SHA3_256_CTX *C) +{ + + sha3_final(h, SHA3_256_DIGEST_LENGTH, &C->C256, + sha3_rate(SHA3_256_DIGEST_LENGTH)); +} + +void +SHA3_384_Init(SHA3_384_CTX *C) +{ + + sha3_init(&C->C384, sha3_rate(SHA3_384_DIGEST_LENGTH)); +} + +void +SHA3_384_Update(SHA3_384_CTX *C, const uint8_t *data, size_t len) +{ + + sha3_update(&C->C384, data, len, sha3_rate(SHA3_384_DIGEST_LENGTH)); +} + +void +SHA3_384_Final(uint8_t h[SHA3_384_DIGEST_LENGTH], SHA3_384_CTX *C) +{ + + sha3_final(h, SHA3_384_DIGEST_LENGTH, &C->C384, + sha3_rate(SHA3_384_DIGEST_LENGTH)); +} + +void +SHA3_512_Init(SHA3_512_CTX *C) +{ + + sha3_init(&C->C512, sha3_rate(SHA3_512_DIGEST_LENGTH)); +} + +void +SHA3_512_Update(SHA3_512_CTX *C, const uint8_t *data, size_t len) +{ + + sha3_update(&C->C512, data, len, sha3_rate(SHA3_512_DIGEST_LENGTH)); +} + +void +SHA3_512_Final(uint8_t h[SHA3_512_DIGEST_LENGTH], SHA3_512_CTX *C) +{ + + sha3_final(h, SHA3_512_DIGEST_LENGTH, &C->C512, + sha3_rate(SHA3_512_DIGEST_LENGTH)); +} + +static void +sha3_selftest_prng(void *buf, size_t len, uint32_t seed) +{ + uint8_t *p = buf; + size_t n = len; + uint32_t t, a, b; + + a = 0xdead4bad * seed; + b = 1; + + while (n--) { + t = a + b; + *p++ = t >> 24; + a = b; + b = t; + } +} + +int +SHA3_Selftest(void) +{ + const uint8_t d0[] = { + 0x6c,0x02,0x1a,0xc6,0x65,0xaf,0x80,0xfb, + 0x52,0xe6,0x2d,0x27,0xe5,0x02,0x88,0x84, + 0xec,0x1c,0x0c,0xe7,0x0b,0x94,0x55,0x83, + 0x19,0xf2,0xbf,0x09,0x86,0xeb,0x1a,0xbb, + 0xc3,0x0d,0x1c,0xef,0x22,0xfe,0xc5,0x4c, + 0x45,0x90,0x66,0x14,0x00,0x6e,0xc8,0x79, + 0xdf,0x1e,0x02,0xbd,0x75,0xe9,0x60,0xd8, + 0x60,0x39,0x85,0xc9,0xc4,0xee,0x33,0xab, + }; + const unsigned mlen[6] = { 0, 3, 128, 129, 255, 1024 }; + uint8_t m[1024], d[64]; + SHA3_224_CTX sha3224; + SHA3_256_CTX sha3256; + SHA3_384_CTX sha3384; + SHA3_512_CTX sha3512; + SHA3_512_CTX ctx; + unsigned mi, i; + + SHA3_512_Init(&ctx); + for (mi = 0; mi < 6; mi++) { + sha3_selftest_prng(m, mlen[mi], (224/8)*mlen[mi]); + SHA3_224_Init(&sha3224); + SHA3_224_Update(&sha3224, m, mlen[mi]); + SHA3_224_Final(d, &sha3224); + SHA3_512_Update(&ctx, d, 224/8); + } + for (mi = 0; mi < 6; mi++) { + sha3_selftest_prng(m, mlen[mi], (256/8)*mlen[mi]); + SHA3_256_Init(&sha3256); + SHA3_256_Update(&sha3256, m, mlen[mi]); + SHA3_256_Final(d, &sha3256); + SHA3_512_Update(&ctx, d, 256/8); + } + for (mi = 0; mi < 6; mi++) { + sha3_selftest_prng(m, mlen[mi], (384/8)*mlen[mi]); + SHA3_384_Init(&sha3384); + SHA3_384_Update(&sha3384, m, mlen[mi]); + SHA3_384_Final(d, &sha3384); + SHA3_512_Update(&ctx, d, 384/8); + } + for (mi = 0; mi < 6; mi++) { + sha3_selftest_prng(m, mlen[mi], (512/8)*mlen[mi]); + SHA3_512_Init(&sha3512); + SHA3_512_Update(&sha3512, m, mlen[mi]); + SHA3_512_Final(d, &sha3512); + SHA3_512_Update(&ctx, d, 512/8); + } + SHA3_512_Final(d, &ctx); + + for (i = 0; i < 64; i++) { + if (d[i] != d0[i]) + return -1; + } + + return 0; +} diff -u -N files/sha3.h files-20151008/sha3.h --- files/sha3.h 1969-12-31 16:00:00.000000000 -0800 +++ files-20151008/sha3.h 2015-10-08 20:21:42.000000000 -0700 @@ -0,0 +1,88 @@ +/*- + * Copyright (c) 2015 Taylor R. Campbell + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef SHA3_H +#define SHA3_H + +#include +#include + +struct sha3 { + uint64_t A[25]; + unsigned nb; /* number of bytes remaining to fill buffer */ +}; + +typedef struct { struct sha3 C224; } SHA3_224_CTX; +typedef struct { struct sha3 C256; } SHA3_256_CTX; +typedef struct { struct sha3 C384; } SHA3_384_CTX; +typedef struct { struct sha3 C512; } SHA3_512_CTX; + +#define SHA3_224_DIGEST_LENGTH 28 +#define SHA3_224_DIGEST_STRING_LENGTH 56 +#define SHA3_256_DIGEST_LENGTH 32 +#define SHA3_256_DIGEST_STRING_LENGTH 64 +#define SHA3_384_DIGEST_LENGTH 48 +#define SHA3_384_DIGEST_STRING_LENGTH 96 +#define SHA3_512_DIGEST_LENGTH 64 +#define SHA3_512_DIGEST_STRING_LENGTH 128 + +void SHA3_224_Init(SHA3_224_CTX *); +void SHA3_224_Update(SHA3_224_CTX *, const uint8_t *, size_t); +void SHA3_224_Final(uint8_t[SHA3_224_DIGEST_LENGTH], SHA3_224_CTX *); + +void SHA3_256_Init(SHA3_256_CTX *); +void SHA3_256_Update(SHA3_256_CTX *, const uint8_t *, size_t); +void SHA3_256_Final(uint8_t[SHA3_256_DIGEST_LENGTH], SHA3_256_CTX *); + +void SHA3_384_Init(SHA3_384_CTX *); +void SHA3_384_Update(SHA3_384_CTX *, const uint8_t *, size_t); +void SHA3_384_Final(uint8_t[SHA3_384_DIGEST_LENGTH], SHA3_384_CTX *); + +void SHA3_512_Init(SHA3_512_CTX *); +void SHA3_512_Update(SHA3_512_CTX *, const uint8_t *, size_t); +void SHA3_512_Final(uint8_t[SHA3_512_DIGEST_LENGTH], SHA3_512_CTX *); + +int SHA3_Selftest(void); + +/* High-level API */ + +char *SHA3_224_File(char */*filename*/, char */*buf*/); +char *SHA3_224_End(SHA3_224_CTX */*ctx*/, char */*buffer*/); +char *SHA3_224_Data(const uint8_t */*data*/, size_t /*len*/, char */*digest*/); + +char *SHA3_256_File(char */*filename*/, char */*buf*/); +char *SHA3_256_End(SHA3_256_CTX */*ctx*/, char */*buffer*/); +char *SHA3_256_Data(const uint8_t */*data*/, size_t /*len*/, char */*digest*/); + +char *SHA3_384_File(char */*filename*/, char */*buf*/); +char *SHA3_384_End(SHA3_384_CTX */*ctx*/, char */*buffer*/); +char *SHA3_384_Data(const uint8_t */*data*/, size_t /*len*/, char */*digest*/); + +char *SHA3_512_File(char */*filename*/, char */*buf*/); +char *SHA3_512_End(SHA3_512_CTX */*ctx*/, char */*buffer*/); +char *SHA3_512_Data(const uint8_t */*data*/, size_t /*len*/, char */*digest*/); + +#endif /* SHA3_H */ diff -u -N files/sha3hl.c files-20151008/sha3hl.c --- files/sha3hl.c 1969-12-31 16:00:00.000000000 -0800 +++ files-20151008/sha3hl.c 2015-10-08 20:21:42.000000000 -0700 @@ -0,0 +1,325 @@ +/* $NetBSD: sha3hl.c,v 1.8 2013/01/03 10:20:31 dholland Exp $ */ + +/* + * sha3hl.c + * This code includes some functions taken from sha3.c, hence the + * following licence reproduction. + * + * This code is not a verbatim copy, since some routines have been added, + * and some bugs have been fixed. + * + * Version 1.0.0beta1 + * + * Written by Aaron D. Gifford + * + * Copyright 2000 Aaron D. Gifford. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the copyright holder nor the names of contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTOR(S) ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTOR(S) BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#ifndef lint +__RCSID("$NetBSD: sha3hl.c,v 1.8 2013/01/03 10:20:31 dholland Exp $"); +#endif /* not lint */ + + +/* #include "namespace.h" */ + +#include +#ifdef HAVE_ERRNO_H +#include +#endif +#ifdef HAVE_FCNTL_H +#include +#endif +#include +#include +#include +#include +#include + +#ifndef _DIAGASSERT +#define _DIAGASSERT(cond) assert(cond) +#endif + +#ifndef MEMSET_BZERO +#define MEMSET_BZERO(p,l) memset((p), 0, (l)) +#endif + +/* + * Constant used by SHA3_256/384/512_End() functions for converting the + * digest to a readable hexadecimal character string: + */ +static const char sha3_hex_digits[] = "0123456789abcdef"; + +char * +SHA3_224_File(char *filename, char *buf) +{ + uint8_t buffer[BUFSIZ * 20]; + SHA3_224_CTX ctx; + int fd, oerrno; + ssize_t num; + + _DIAGASSERT(filename != NULL); + /* XXX: buf may be NULL ? */ + + SHA3_224_Init(&ctx); + + if ((fd = open(filename, O_RDONLY)) < 0) + return (0); + + while ((num = read(fd, buffer, sizeof(buffer))) > 0) + SHA3_224_Update(&ctx, buffer, (size_t) num); + + oerrno = errno; + close(fd); + errno = oerrno; + return (num < 0 ? 0 : SHA3_224_End(&ctx, buf)); +} + + +char * +SHA3_224_End(SHA3_224_CTX *ctx, char *buffer) +{ + uint8_t digest[SHA3_224_DIGEST_LENGTH], *d = digest; + char *ret; + int i; + + /* Sanity check: */ + assert(ctx != NULL); + + if ((ret = buffer) != NULL) { + SHA3_224_Final(digest, ctx); + + for (i = 0; i < SHA3_224_DIGEST_LENGTH; i++) { + *buffer++ = sha3_hex_digits[(*d & 0xf0) >> 4]; + *buffer++ = sha3_hex_digits[*d & 0x0f]; + d++; + } + *buffer = (char) 0; + } else { + (void) MEMSET_BZERO(ctx, sizeof(SHA3_224_CTX)); + } + (void) MEMSET_BZERO(digest, SHA3_224_DIGEST_LENGTH); + return ret; +} + +char * +SHA3_224_Data(const uint8_t * data, size_t len, char *digest) +{ + SHA3_224_CTX ctx; + + SHA3_224_Init(&ctx); + SHA3_224_Update(&ctx, data, len); + return SHA3_224_End(&ctx, digest); +} + +char * +SHA3_256_File(char *filename, char *buf) +{ + uint8_t buffer[BUFSIZ * 20]; + SHA3_256_CTX ctx; + int fd, oerrno; + ssize_t num; + + _DIAGASSERT(filename != NULL); + /* XXX: buf may be NULL ? */ + + SHA3_256_Init(&ctx); + + if ((fd = open(filename, O_RDONLY)) < 0) + return (0); + + while ((num = read(fd, buffer, sizeof(buffer))) > 0) + SHA3_256_Update(&ctx, buffer, (size_t) num); + + oerrno = errno; + close(fd); + errno = oerrno; + return (num < 0 ? 0 : SHA3_256_End(&ctx, buf)); +} + + +char * +SHA3_256_End(SHA3_256_CTX *ctx, char *buffer) +{ + uint8_t digest[SHA3_256_DIGEST_LENGTH], *d = digest; + char *ret; + int i; + + /* Sanity check: */ + assert(ctx != NULL); + + if ((ret = buffer) != NULL) { + SHA3_256_Final(digest, ctx); + + for (i = 0; i < SHA3_256_DIGEST_LENGTH; i++) { + *buffer++ = sha3_hex_digits[(*d & 0xf0) >> 4]; + *buffer++ = sha3_hex_digits[*d & 0x0f]; + d++; + } + *buffer = (char) 0; + } else { + (void) MEMSET_BZERO(ctx, sizeof(SHA3_256_CTX)); + } + (void) MEMSET_BZERO(digest, SHA3_256_DIGEST_LENGTH); + return ret; +} + +char * +SHA3_256_Data(const uint8_t * data, size_t len, char *digest) +{ + SHA3_256_CTX ctx; + + SHA3_256_Init(&ctx); + SHA3_256_Update(&ctx, data, len); + return SHA3_256_End(&ctx, digest); +} + +char * +SHA3_384_File(char *filename, char *buf) +{ + SHA3_384_CTX ctx; + uint8_t buffer[BUFSIZ * 20]; + int fd, oerrno; + ssize_t num; + + _DIAGASSERT(filename != NULL); + /* XXX: buf may be NULL ? */ + + SHA3_384_Init(&ctx); + + if ((fd = open(filename, O_RDONLY)) < 0) + return (0); + + while ((num = read(fd, buffer, sizeof(buffer))) > 0) + SHA3_384_Update(&ctx, buffer, (size_t) num); + + oerrno = errno; + close(fd); + errno = oerrno; + return (num < 0 ? 0 : SHA3_384_End(&ctx, buf)); +} + +char * +SHA3_384_End(SHA3_384_CTX * ctx, char buffer[]) +{ + uint8_t digest[SHA3_384_DIGEST_LENGTH], *d = digest; + char *ret; + int i; + + /* Sanity check: */ + assert(ctx != NULL); + + if ((ret = buffer) != NULL) { + SHA3_384_Final(digest, ctx); + + for (i = 0; i < SHA3_384_DIGEST_LENGTH; i++) { + *buffer++ = sha3_hex_digits[(*d & 0xf0) >> 4]; + *buffer++ = sha3_hex_digits[*d & 0x0f]; + d++; + } + *buffer = (char) 0; + } else { + (void) MEMSET_BZERO(ctx, sizeof(SHA3_384_CTX)); + } + (void) MEMSET_BZERO(digest, SHA3_384_DIGEST_LENGTH); + return ret; +} + +char * +SHA3_384_Data(const uint8_t * data, size_t len, char digest[SHA3_384_DIGEST_STRING_LENGTH]) +{ + SHA3_384_CTX ctx; + + SHA3_384_Init(&ctx); + SHA3_384_Update(&ctx, data, len); + return SHA3_384_End(&ctx, digest); +} + +char * +SHA3_512_File(char *filename, char *buf) +{ + SHA3_512_CTX ctx; + uint8_t buffer[BUFSIZ * 20]; + int fd, oerrno; + ssize_t num; + + _DIAGASSERT(filename != NULL); + /* XXX: buf may be NULL ? */ + + SHA3_512_Init(&ctx); + + if ((fd = open(filename, O_RDONLY)) < 0) + return (0); + + while ((num = read(fd, buffer, sizeof(buffer))) > 0) + SHA3_512_Update(&ctx, buffer, (size_t) num); + + oerrno = errno; + close(fd); + errno = oerrno; + return (num < 0 ? 0 : SHA3_512_End(&ctx, buf)); +} + +char * +SHA3_512_End(SHA3_512_CTX * ctx, char buffer[]) +{ + uint8_t digest[SHA3_512_DIGEST_LENGTH], *d = digest; + char *ret; + int i; + + /* Sanity check: */ + assert(ctx != NULL); + + if ((ret = buffer) != NULL) { + SHA3_512_Final(digest, ctx); + + for (i = 0; i < SHA3_512_DIGEST_LENGTH; i++) { + *buffer++ = sha3_hex_digits[(*d & 0xf0) >> 4]; + *buffer++ = sha3_hex_digits[*d & 0x0f]; + d++; + } + *buffer = (char) 0; + } else { + (void) MEMSET_BZERO(ctx, sizeof(SHA3_512_CTX)); + } + (void) MEMSET_BZERO(digest, SHA3_512_DIGEST_LENGTH); + return ret; +} + +char * +SHA3_512_Data(const uint8_t * data, size_t len, char *digest) +{ + SHA3_512_CTX ctx; + + SHA3_512_Init(&ctx); + SHA3_512_Update(&ctx, data, len); + return SHA3_512_End(&ctx, digest); +} diff -u -N files/tiger.h files-20151008/tiger.h --- files/tiger.h 2010-01-23 05:25:12.000000000 -0800 +++ files-20151008/tiger.h 2015-10-08 20:21:42.000000000 -0700 @@ -1,7 +1,8 @@ /* $NetBSD: tiger.h,v 1.6 2010/01/23 13:25:12 obache Exp $ */ -/* - * Copyright © 2005 Alistair Crooks. All rights reserved. +/*- + * Copyright (c) 2005-2015 Alistair Crooks + * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -11,25 +12,17 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Alistair Crooks - * for the NetBSD project. - * 4. The name of the author may not be used to endorse or promote - * products derived from this software without specific prior written - * permission. * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS - * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE - * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #ifndef TIGER_H_ #define TIGER_H_