From 154930d128603b0d7d4e976dff7a87e17b8f2038 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 20 Aug 2019 16:14:37 -0700 Subject: [PATCH] Added support for older KECCAK256 used by Ethereum. Uses existing hash flag API's. To use add build flag `CFLAGS="-DWOLFSSL_HASH_FLAGS"`. Example: ```c wc_Sha3_SetFlags(&sha, WC_HASH_SHA3_KECCAK256); ``` --- configure.ac | 3 +++ wolfcrypt/src/sha3.c | 8 +++++++- wolfcrypt/test/test.c | 36 +++++++++++++++++++++++++++++++----- wolfssl/wolfcrypt/hash.h | 3 +++ 4 files changed, 44 insertions(+), 6 deletions(-) diff --git a/configure.ac b/configure.ac index f943cc6ef..1a4c55f73 100644 --- a/configure.ac +++ b/configure.ac @@ -195,6 +195,9 @@ then # Enable DH const table speedups (eliminates `-lm` math lib dependency) AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072 -DFP_MAX_BITS=8192" + # Enable hash flags support + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HASH_FLAGS" + # Enable multiple attribute additions such as DC AM_CFLAGS="-DWOLFSSL_MULTI_ATTRIB $AM_CFLAGS" fi diff --git a/wolfcrypt/src/sha3.c b/wolfcrypt/src/sha3.c index d0cf9b76a..3737411a8 100644 --- a/wolfcrypt/src/sha3.c +++ b/wolfcrypt/src/sha3.c @@ -637,9 +637,15 @@ static int Sha3Final(wc_Sha3* sha3, byte* hash, byte p, byte l) { byte i; byte *s8 = (byte *)sha3->s; + byte padChar = 0x06; /* NIST SHA-3 */ sha3->t[p * 8 - 1] = 0x00; - sha3->t[ sha3->i] = 0x06; +#ifdef WOLFSSL_HASH_FLAGS + if (p == WC_SHA3_256_COUNT && sha3->flags & WC_HASH_SHA3_KECCAK256) { + padChar = 0x01; + } +#endif + sha3->t[ sha3->i] = padChar; sha3->t[p * 8 - 1] |= 0x80; for (i=sha3->i + 1; i < p * 8 - 1; i++) sha3->t[i] = 0; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 952f18853..fda720192 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -2619,6 +2619,18 @@ static int sha3_256_test(void) int ret = 0; int times = sizeof(test_sha) / sizeof(struct testVector), i; + byte large_input[1024]; + const char* large_digest = + "\xdc\x90\xc0\xb1\x25\xdb\x2c\x34\x81\xa3\xff\xbc\x1e\x2e\x87\xeb" + "\x6d\x70\x85\x61\xe0\xe9\x63\x61\xff\xe5\x84\x4b\x1f\x68\x05\x15"; + +#ifdef WOLFSSL_HASH_FLAGS + /* test vector with hash of empty string */ + const char* Keccak256EmptyOut = + "\xc5\xd2\x46\x01\x86\xf7\x23\x3c\x92\x7e\x7d\xb2\xdc\xc7\x03\xc0" + "\xe5\x00\xb6\x53\xca\x82\x27\x3b\x7b\xfa\xd8\x04\x5d\x85\xa4\x70"; +#endif + a.input = ""; a.output = "\xa7\xff\xc6\xf8\xbf\x1e\xd7\x66\x51\xc1\x47\x56\xa0\x61\xd6" "\x62\xf5\x80\xff\x4d\xe4\x3b\x49\xfa\x82\xd8\x0a\x4b\x80\xf8" @@ -2667,11 +2679,6 @@ static int sha3_256_test(void) } /* BEGIN LARGE HASH TEST */ { - byte large_input[1024]; - const char* large_digest = - "\xdc\x90\xc0\xb1\x25\xdb\x2c\x34\x81\xa3\xff\xbc\x1e\x2e\x87\xeb" - "\x6d\x70\x85\x61\xe0\xe9\x63\x61\xff\xe5\x84\x4b\x1f\x68\x05\x15"; - for (i = 0; i < (int)sizeof(large_input); i++) { large_input[i] = (byte)(i & 0xFF); } @@ -2689,6 +2696,25 @@ static int sha3_256_test(void) ERROR_OUT(-2608, exit); } /* END LARGE HASH TEST */ +#ifdef WOLFSSL_HASH_FLAGS + /* Test for Keccak256 */ + ret = wc_Sha3_SetFlags(&sha, WC_HASH_SHA3_KECCAK256); + if (ret != 0) { + ERROR_OUT(-2609, exit); + } + ret = wc_Sha3_256_Update(&sha, (byte*)"", 0); + if (ret != 0) { + ERROR_OUT(-2610, exit); + } + ret = wc_Sha3_256_Final(&sha, hash); + if (ret != 0) { + ERROR_OUT(-2611, exit); + } + if (XMEMCMP(hash, Keccak256EmptyOut, WC_SHA3_256_DIGEST_SIZE) != 0) { + ERROR_OUT(-2612, exit); + } +#endif + exit: wc_Sha3_256_Free(&sha); diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h index 85983de03..7fbbe3413 100644 --- a/wolfssl/wolfcrypt/hash.h +++ b/wolfssl/wolfcrypt/hash.h @@ -83,6 +83,9 @@ enum wc_HashFlags { WC_HASH_FLAG_NONE = 0x00000000, WC_HASH_FLAG_WILLCOPY = 0x00000001, /* flag to indicate hash will be copied */ WC_HASH_FLAG_ISCOPY = 0x00000002, /* hash is copy */ +#ifdef WOLFSSL_SHA3 + WC_HASH_SHA3_KECCAK256 =0x00010000, /* Older KECCAK256 */ +#endif };