1 /*
2 ** Copyright (c) 2017 D. Richard Hipp
3 **
4 ** This program is free software; you can redistribute it and/or
5 ** modify it under the terms of the Simplified BSD License (also
6 ** known as the "2-Clause License" or "FreeBSD License".)
7 **
8 ** This program is distributed in the hope that it will be useful,
9 ** but without any warranty; without even the implied warranty of
10 ** merchantability or fitness for a particular purpose.
11 **
12 ** Author contact information:
13 ** drh@hwaci.com
14 ** http://www.hwaci.com/drh/
15 **
16 *******************************************************************************
17 **
18 ** This file contains an implementation of SHA3 (Keccak) hashing.
19 */
20 #include "config.h"
21 #include "sha3.h"
22
23 /*
24 ** Macros to determine whether the machine is big or little endian,
25 ** and whether or not that determination is run-time or compile-time.
26 **
27 ** For best performance, an attempt is made to guess at the byte-order
28 ** using C-preprocessor macros. If that is unsuccessful, or if
29 ** -DSHA3_BYTEORDER=0 is set, then byte-order is determined
30 ** at run-time.
31 */
32 #ifndef SHA3_BYTEORDER
33 # if defined(i386) || defined(__i386__) || defined(_M_IX86) || \
34 defined(__x86_64) || defined(__x86_64__) || defined(_M_X64) || \
35 defined(_M_AMD64) || defined(_M_ARM) || defined(__x86) || \
36 defined(__arm__)
37 # define SHA3_BYTEORDER 1234
38 # elif defined(sparc) || defined(__ppc__)
39 # define SHA3_BYTEORDER 4321
40 # else
41 # define SHA3_BYTEORDER 0
42 # endif
43 #endif
44
45
46 /*
47 ** State structure for a SHA3 hash in progress
48 */
49 typedef struct SHA3Context SHA3Context;
50 struct SHA3Context {
51 union {
52 u64 s[25]; /* Keccak state. 5x5 lines of 64 bits each */
53 unsigned char x[1600]; /* ... or 1600 bytes */
54 } u;
55 unsigned nRate; /* Bytes of input accepted per Keccak iteration */
56 unsigned nLoaded; /* Input bytes loaded into u.x[] so far this cycle */
57 unsigned ixMask; /* Insert next input into u.x[nLoaded^ixMask]. */
58 };
59
60 /*
61 ** A single step of the Keccak mixing function for a 1600-bit state
62 */
KeccakF1600Step(SHA3Context * p)63 static void KeccakF1600Step(SHA3Context *p){
64 int i;
65 u64 B0, B1, B2, B3, B4;
66 u64 C0, C1, C2, C3, C4;
67 u64 D0, D1, D2, D3, D4;
68 static const u64 RC[] = {
69 0x0000000000000001ULL, 0x0000000000008082ULL,
70 0x800000000000808aULL, 0x8000000080008000ULL,
71 0x000000000000808bULL, 0x0000000080000001ULL,
72 0x8000000080008081ULL, 0x8000000000008009ULL,
73 0x000000000000008aULL, 0x0000000000000088ULL,
74 0x0000000080008009ULL, 0x000000008000000aULL,
75 0x000000008000808bULL, 0x800000000000008bULL,
76 0x8000000000008089ULL, 0x8000000000008003ULL,
77 0x8000000000008002ULL, 0x8000000000000080ULL,
78 0x000000000000800aULL, 0x800000008000000aULL,
79 0x8000000080008081ULL, 0x8000000000008080ULL,
80 0x0000000080000001ULL, 0x8000000080008008ULL
81 };
82 # define A00 (p->u.s[0])
83 # define A01 (p->u.s[1])
84 # define A02 (p->u.s[2])
85 # define A03 (p->u.s[3])
86 # define A04 (p->u.s[4])
87 # define A10 (p->u.s[5])
88 # define A11 (p->u.s[6])
89 # define A12 (p->u.s[7])
90 # define A13 (p->u.s[8])
91 # define A14 (p->u.s[9])
92 # define A20 (p->u.s[10])
93 # define A21 (p->u.s[11])
94 # define A22 (p->u.s[12])
95 # define A23 (p->u.s[13])
96 # define A24 (p->u.s[14])
97 # define A30 (p->u.s[15])
98 # define A31 (p->u.s[16])
99 # define A32 (p->u.s[17])
100 # define A33 (p->u.s[18])
101 # define A34 (p->u.s[19])
102 # define A40 (p->u.s[20])
103 # define A41 (p->u.s[21])
104 # define A42 (p->u.s[22])
105 # define A43 (p->u.s[23])
106 # define A44 (p->u.s[24])
107 # define ROL64(a,x) ((a<<x)|(a>>(64-x)))
108
109 for(i=0; i<24; i+=4){
110 C0 = A00^A10^A20^A30^A40;
111 C1 = A01^A11^A21^A31^A41;
112 C2 = A02^A12^A22^A32^A42;
113 C3 = A03^A13^A23^A33^A43;
114 C4 = A04^A14^A24^A34^A44;
115 D0 = C4^ROL64(C1, 1);
116 D1 = C0^ROL64(C2, 1);
117 D2 = C1^ROL64(C3, 1);
118 D3 = C2^ROL64(C4, 1);
119 D4 = C3^ROL64(C0, 1);
120
121 B0 = (A00^D0);
122 B1 = ROL64((A11^D1), 44);
123 B2 = ROL64((A22^D2), 43);
124 B3 = ROL64((A33^D3), 21);
125 B4 = ROL64((A44^D4), 14);
126 A00 = B0 ^((~B1)& B2 );
127 A00 ^= RC[i];
128 A11 = B1 ^((~B2)& B3 );
129 A22 = B2 ^((~B3)& B4 );
130 A33 = B3 ^((~B4)& B0 );
131 A44 = B4 ^((~B0)& B1 );
132
133 B2 = ROL64((A20^D0), 3);
134 B3 = ROL64((A31^D1), 45);
135 B4 = ROL64((A42^D2), 61);
136 B0 = ROL64((A03^D3), 28);
137 B1 = ROL64((A14^D4), 20);
138 A20 = B0 ^((~B1)& B2 );
139 A31 = B1 ^((~B2)& B3 );
140 A42 = B2 ^((~B3)& B4 );
141 A03 = B3 ^((~B4)& B0 );
142 A14 = B4 ^((~B0)& B1 );
143
144 B4 = ROL64((A40^D0), 18);
145 B0 = ROL64((A01^D1), 1);
146 B1 = ROL64((A12^D2), 6);
147 B2 = ROL64((A23^D3), 25);
148 B3 = ROL64((A34^D4), 8);
149 A40 = B0 ^((~B1)& B2 );
150 A01 = B1 ^((~B2)& B3 );
151 A12 = B2 ^((~B3)& B4 );
152 A23 = B3 ^((~B4)& B0 );
153 A34 = B4 ^((~B0)& B1 );
154
155 B1 = ROL64((A10^D0), 36);
156 B2 = ROL64((A21^D1), 10);
157 B3 = ROL64((A32^D2), 15);
158 B4 = ROL64((A43^D3), 56);
159 B0 = ROL64((A04^D4), 27);
160 A10 = B0 ^((~B1)& B2 );
161 A21 = B1 ^((~B2)& B3 );
162 A32 = B2 ^((~B3)& B4 );
163 A43 = B3 ^((~B4)& B0 );
164 A04 = B4 ^((~B0)& B1 );
165
166 B3 = ROL64((A30^D0), 41);
167 B4 = ROL64((A41^D1), 2);
168 B0 = ROL64((A02^D2), 62);
169 B1 = ROL64((A13^D3), 55);
170 B2 = ROL64((A24^D4), 39);
171 A30 = B0 ^((~B1)& B2 );
172 A41 = B1 ^((~B2)& B3 );
173 A02 = B2 ^((~B3)& B4 );
174 A13 = B3 ^((~B4)& B0 );
175 A24 = B4 ^((~B0)& B1 );
176
177 C0 = A00^A20^A40^A10^A30;
178 C1 = A11^A31^A01^A21^A41;
179 C2 = A22^A42^A12^A32^A02;
180 C3 = A33^A03^A23^A43^A13;
181 C4 = A44^A14^A34^A04^A24;
182 D0 = C4^ROL64(C1, 1);
183 D1 = C0^ROL64(C2, 1);
184 D2 = C1^ROL64(C3, 1);
185 D3 = C2^ROL64(C4, 1);
186 D4 = C3^ROL64(C0, 1);
187
188 B0 = (A00^D0);
189 B1 = ROL64((A31^D1), 44);
190 B2 = ROL64((A12^D2), 43);
191 B3 = ROL64((A43^D3), 21);
192 B4 = ROL64((A24^D4), 14);
193 A00 = B0 ^((~B1)& B2 );
194 A00 ^= RC[i+1];
195 A31 = B1 ^((~B2)& B3 );
196 A12 = B2 ^((~B3)& B4 );
197 A43 = B3 ^((~B4)& B0 );
198 A24 = B4 ^((~B0)& B1 );
199
200 B2 = ROL64((A40^D0), 3);
201 B3 = ROL64((A21^D1), 45);
202 B4 = ROL64((A02^D2), 61);
203 B0 = ROL64((A33^D3), 28);
204 B1 = ROL64((A14^D4), 20);
205 A40 = B0 ^((~B1)& B2 );
206 A21 = B1 ^((~B2)& B3 );
207 A02 = B2 ^((~B3)& B4 );
208 A33 = B3 ^((~B4)& B0 );
209 A14 = B4 ^((~B0)& B1 );
210
211 B4 = ROL64((A30^D0), 18);
212 B0 = ROL64((A11^D1), 1);
213 B1 = ROL64((A42^D2), 6);
214 B2 = ROL64((A23^D3), 25);
215 B3 = ROL64((A04^D4), 8);
216 A30 = B0 ^((~B1)& B2 );
217 A11 = B1 ^((~B2)& B3 );
218 A42 = B2 ^((~B3)& B4 );
219 A23 = B3 ^((~B4)& B0 );
220 A04 = B4 ^((~B0)& B1 );
221
222 B1 = ROL64((A20^D0), 36);
223 B2 = ROL64((A01^D1), 10);
224 B3 = ROL64((A32^D2), 15);
225 B4 = ROL64((A13^D3), 56);
226 B0 = ROL64((A44^D4), 27);
227 A20 = B0 ^((~B1)& B2 );
228 A01 = B1 ^((~B2)& B3 );
229 A32 = B2 ^((~B3)& B4 );
230 A13 = B3 ^((~B4)& B0 );
231 A44 = B4 ^((~B0)& B1 );
232
233 B3 = ROL64((A10^D0), 41);
234 B4 = ROL64((A41^D1), 2);
235 B0 = ROL64((A22^D2), 62);
236 B1 = ROL64((A03^D3), 55);
237 B2 = ROL64((A34^D4), 39);
238 A10 = B0 ^((~B1)& B2 );
239 A41 = B1 ^((~B2)& B3 );
240 A22 = B2 ^((~B3)& B4 );
241 A03 = B3 ^((~B4)& B0 );
242 A34 = B4 ^((~B0)& B1 );
243
244 C0 = A00^A40^A30^A20^A10;
245 C1 = A31^A21^A11^A01^A41;
246 C2 = A12^A02^A42^A32^A22;
247 C3 = A43^A33^A23^A13^A03;
248 C4 = A24^A14^A04^A44^A34;
249 D0 = C4^ROL64(C1, 1);
250 D1 = C0^ROL64(C2, 1);
251 D2 = C1^ROL64(C3, 1);
252 D3 = C2^ROL64(C4, 1);
253 D4 = C3^ROL64(C0, 1);
254
255 B0 = (A00^D0);
256 B1 = ROL64((A21^D1), 44);
257 B2 = ROL64((A42^D2), 43);
258 B3 = ROL64((A13^D3), 21);
259 B4 = ROL64((A34^D4), 14);
260 A00 = B0 ^((~B1)& B2 );
261 A00 ^= RC[i+2];
262 A21 = B1 ^((~B2)& B3 );
263 A42 = B2 ^((~B3)& B4 );
264 A13 = B3 ^((~B4)& B0 );
265 A34 = B4 ^((~B0)& B1 );
266
267 B2 = ROL64((A30^D0), 3);
268 B3 = ROL64((A01^D1), 45);
269 B4 = ROL64((A22^D2), 61);
270 B0 = ROL64((A43^D3), 28);
271 B1 = ROL64((A14^D4), 20);
272 A30 = B0 ^((~B1)& B2 );
273 A01 = B1 ^((~B2)& B3 );
274 A22 = B2 ^((~B3)& B4 );
275 A43 = B3 ^((~B4)& B0 );
276 A14 = B4 ^((~B0)& B1 );
277
278 B4 = ROL64((A10^D0), 18);
279 B0 = ROL64((A31^D1), 1);
280 B1 = ROL64((A02^D2), 6);
281 B2 = ROL64((A23^D3), 25);
282 B3 = ROL64((A44^D4), 8);
283 A10 = B0 ^((~B1)& B2 );
284 A31 = B1 ^((~B2)& B3 );
285 A02 = B2 ^((~B3)& B4 );
286 A23 = B3 ^((~B4)& B0 );
287 A44 = B4 ^((~B0)& B1 );
288
289 B1 = ROL64((A40^D0), 36);
290 B2 = ROL64((A11^D1), 10);
291 B3 = ROL64((A32^D2), 15);
292 B4 = ROL64((A03^D3), 56);
293 B0 = ROL64((A24^D4), 27);
294 A40 = B0 ^((~B1)& B2 );
295 A11 = B1 ^((~B2)& B3 );
296 A32 = B2 ^((~B3)& B4 );
297 A03 = B3 ^((~B4)& B0 );
298 A24 = B4 ^((~B0)& B1 );
299
300 B3 = ROL64((A20^D0), 41);
301 B4 = ROL64((A41^D1), 2);
302 B0 = ROL64((A12^D2), 62);
303 B1 = ROL64((A33^D3), 55);
304 B2 = ROL64((A04^D4), 39);
305 A20 = B0 ^((~B1)& B2 );
306 A41 = B1 ^((~B2)& B3 );
307 A12 = B2 ^((~B3)& B4 );
308 A33 = B3 ^((~B4)& B0 );
309 A04 = B4 ^((~B0)& B1 );
310
311 C0 = A00^A30^A10^A40^A20;
312 C1 = A21^A01^A31^A11^A41;
313 C2 = A42^A22^A02^A32^A12;
314 C3 = A13^A43^A23^A03^A33;
315 C4 = A34^A14^A44^A24^A04;
316 D0 = C4^ROL64(C1, 1);
317 D1 = C0^ROL64(C2, 1);
318 D2 = C1^ROL64(C3, 1);
319 D3 = C2^ROL64(C4, 1);
320 D4 = C3^ROL64(C0, 1);
321
322 B0 = (A00^D0);
323 B1 = ROL64((A01^D1), 44);
324 B2 = ROL64((A02^D2), 43);
325 B3 = ROL64((A03^D3), 21);
326 B4 = ROL64((A04^D4), 14);
327 A00 = B0 ^((~B1)& B2 );
328 A00 ^= RC[i+3];
329 A01 = B1 ^((~B2)& B3 );
330 A02 = B2 ^((~B3)& B4 );
331 A03 = B3 ^((~B4)& B0 );
332 A04 = B4 ^((~B0)& B1 );
333
334 B2 = ROL64((A10^D0), 3);
335 B3 = ROL64((A11^D1), 45);
336 B4 = ROL64((A12^D2), 61);
337 B0 = ROL64((A13^D3), 28);
338 B1 = ROL64((A14^D4), 20);
339 A10 = B0 ^((~B1)& B2 );
340 A11 = B1 ^((~B2)& B3 );
341 A12 = B2 ^((~B3)& B4 );
342 A13 = B3 ^((~B4)& B0 );
343 A14 = B4 ^((~B0)& B1 );
344
345 B4 = ROL64((A20^D0), 18);
346 B0 = ROL64((A21^D1), 1);
347 B1 = ROL64((A22^D2), 6);
348 B2 = ROL64((A23^D3), 25);
349 B3 = ROL64((A24^D4), 8);
350 A20 = B0 ^((~B1)& B2 );
351 A21 = B1 ^((~B2)& B3 );
352 A22 = B2 ^((~B3)& B4 );
353 A23 = B3 ^((~B4)& B0 );
354 A24 = B4 ^((~B0)& B1 );
355
356 B1 = ROL64((A30^D0), 36);
357 B2 = ROL64((A31^D1), 10);
358 B3 = ROL64((A32^D2), 15);
359 B4 = ROL64((A33^D3), 56);
360 B0 = ROL64((A34^D4), 27);
361 A30 = B0 ^((~B1)& B2 );
362 A31 = B1 ^((~B2)& B3 );
363 A32 = B2 ^((~B3)& B4 );
364 A33 = B3 ^((~B4)& B0 );
365 A34 = B4 ^((~B0)& B1 );
366
367 B3 = ROL64((A40^D0), 41);
368 B4 = ROL64((A41^D1), 2);
369 B0 = ROL64((A42^D2), 62);
370 B1 = ROL64((A43^D3), 55);
371 B2 = ROL64((A44^D4), 39);
372 A40 = B0 ^((~B1)& B2 );
373 A41 = B1 ^((~B2)& B3 );
374 A42 = B2 ^((~B3)& B4 );
375 A43 = B3 ^((~B4)& B0 );
376 A44 = B4 ^((~B0)& B1 );
377 }
378 }
379
380 /*
381 ** Initialize a new hash. iSize determines the size of the hash
382 ** in bits and should be one of 224, 256, 384, or 512. Or iSize
383 ** can be zero to use the default hash size of 256 bits.
384 */
SHA3Init(SHA3Context * p,int iSize)385 static void SHA3Init(SHA3Context *p, int iSize){
386 memset(p, 0, sizeof(*p));
387 if( iSize>=128 && iSize<=512 ){
388 p->nRate = (1600 - ((iSize + 31)&~31)*2)/8;
389 }else{
390 p->nRate = (1600 - 2*256)/8;
391 }
392 #if SHA3_BYTEORDER==1234
393 /* Known to be little-endian at compile-time. No-op */
394 #elif SHA3_BYTEORDER==4321
395 p->ixMask = 7; /* Big-endian */
396 #else
397 {
398 static unsigned int one = 1;
399 if( 1==*(unsigned char*)&one ){
400 /* Little endian. No byte swapping. */
401 p->ixMask = 0;
402 }else{
403 /* Big endian. Byte swap. */
404 p->ixMask = 7;
405 }
406 }
407 #endif
408 }
409
410 /*
411 ** Make consecutive calls to the SHA3Update function to add new content
412 ** to the hash
413 */
SHA3Update(SHA3Context * p,const unsigned char * aData,unsigned int nData)414 static void SHA3Update(
415 SHA3Context *p,
416 const unsigned char *aData,
417 unsigned int nData
418 ){
419 unsigned int i = 0;
420 #if SHA3_BYTEORDER==1234
421 if( (p->nLoaded % 8)==0 && ((aData - (const unsigned char*)0)&7)==0 ){
422 for(; i+7<nData; i+=8){
423 p->u.s[p->nLoaded/8] ^= *(u64*)&aData[i];
424 p->nLoaded += 8;
425 if( p->nLoaded>=p->nRate ){
426 KeccakF1600Step(p);
427 p->nLoaded = 0;
428 }
429 }
430 }
431 #endif
432 for(; i<nData; i++){
433 #if SHA3_BYTEORDER==1234
434 p->u.x[p->nLoaded] ^= aData[i];
435 #elif SHA3_BYTEORDER==4321
436 p->u.x[p->nLoaded^0x07] ^= aData[i];
437 #else
438 p->u.x[p->nLoaded^p->ixMask] ^= aData[i];
439 #endif
440 p->nLoaded++;
441 if( p->nLoaded==p->nRate ){
442 KeccakF1600Step(p);
443 p->nLoaded = 0;
444 }
445 }
446 }
447
448 /*
449 ** After all content has been added, invoke SHA3Final() to compute
450 ** the final hash. The function returns a pointer to the binary
451 ** hash value.
452 */
SHA3Final(SHA3Context * p)453 static unsigned char *SHA3Final(SHA3Context *p){
454 unsigned int i;
455 if( p->nLoaded==p->nRate-1 ){
456 const unsigned char c1 = 0x86;
457 SHA3Update(p, &c1, 1);
458 }else{
459 const unsigned char c2 = 0x06;
460 const unsigned char c3 = 0x80;
461 SHA3Update(p, &c2, 1);
462 p->nLoaded = p->nRate - 1;
463 SHA3Update(p, &c3, 1);
464 }
465 for(i=0; i<p->nRate; i++){
466 p->u.x[i+p->nRate] = p->u.x[i^p->ixMask];
467 }
468 return &p->u.x[p->nRate];
469 }
470
471 /*
472 ** Convert a digest into base-16. digest should be declared as
473 ** "unsigned char digest[20]" in the calling function. The SHA3
474 ** digest is stored in the first 20 bytes. zBuf should
475 ** be "char zBuf[41]".
476 */
DigestToBase16(unsigned char * digest,char * zBuf,int nByte)477 static void DigestToBase16(unsigned char *digest, char *zBuf, int nByte){
478 static const char zEncode[] = "0123456789abcdef";
479 int ix;
480
481 for(ix=0; ix<nByte; ix++){
482 *zBuf++ = zEncode[(*digest>>4)&0xf];
483 *zBuf++ = zEncode[*digest++ & 0xf];
484 }
485 *zBuf = '\0';
486 }
487
488 /*
489 ** The state of a incremental SHA3 checksum computation. Only one
490 ** such computation can be underway at a time, of course.
491 */
492 static SHA3Context incrCtx;
493 static int incrInit = 0;
494
495 /*
496 ** Initialize a new global SHA3 hash.
497 */
sha3sum_init(int iSize)498 void sha3sum_init(int iSize){
499 assert( incrInit==0 );
500 incrInit = iSize;
501 SHA3Init(&incrCtx, incrInit);
502 }
503
504 /*
505 ** Add more text to the incremental SHA3 checksum.
506 */
sha3sum_step_text(const char * zText,int nBytes)507 void sha3sum_step_text(const char *zText, int nBytes){
508 assert( incrInit );
509 if( nBytes<=0 ){
510 if( nBytes==0 ) return;
511 nBytes = strlen(zText);
512 }
513 SHA3Update(&incrCtx, (unsigned char*)zText, nBytes);
514 }
515
516 /*
517 ** Add the content of a blob to the incremental SHA3 checksum.
518 */
sha3sum_step_blob(Blob * p)519 void sha3sum_step_blob(Blob *p){
520 assert( incrInit );
521 SHA3Update(&incrCtx, (unsigned char*)blob_buffer(p), blob_size(p));
522 }
523
524 /*
525 ** Finish the incremental SHA3 checksum. Store the result in blob pOut
526 ** if pOut!=0. Also return a pointer to the result.
527 **
528 ** This resets the incremental checksum preparing for the next round
529 ** of computation. The return pointer points to a static buffer that
530 ** is overwritten by subsequent calls to this function.
531 */
sha3sum_finish(Blob * pOut)532 char *sha3sum_finish(Blob *pOut){
533 static char zOut[132];
534 DigestToBase16(SHA3Final(&incrCtx), zOut, incrInit/8);
535 if( pOut ){
536 blob_zero(pOut);
537 blob_append(pOut, zOut, incrInit/4);
538 }
539 incrInit = 0;
540 return zOut;
541 }
542
543
544 /*
545 ** Compute the SHA3 checksum of a file on disk. Store the resulting
546 ** checksum in the blob pCksum. pCksum is assumed to be initialized.
547 **
548 ** Return the number of errors.
549 */
sha3sum_file(const char * zFilename,int eFType,int iSize,Blob * pCksum)550 int sha3sum_file(const char *zFilename, int eFType, int iSize, Blob *pCksum){
551 FILE *in;
552 SHA3Context ctx;
553 char zBuf[10240];
554
555 if( eFType==RepoFILE && file_islink(zFilename) ){
556 /* Instead of file content, return sha3 of link destination path */
557 Blob destinationPath;
558 int rc;
559
560 blob_read_link(&destinationPath, zFilename);
561 rc = sha3sum_blob(&destinationPath, iSize, pCksum);
562 blob_reset(&destinationPath);
563 return rc;
564 }
565
566 in = fossil_fopen(zFilename,"rb");
567 if( in==0 ){
568 return 1;
569 }
570 SHA3Init(&ctx, iSize);
571 for(;;){
572 int n;
573 n = fread(zBuf, 1, sizeof(zBuf), in);
574 if( n<=0 ) break;
575 SHA3Update(&ctx, (unsigned char*)zBuf, (unsigned)n);
576 }
577 fclose(in);
578 blob_zero(pCksum);
579 blob_resize(pCksum, iSize/4);
580 DigestToBase16(SHA3Final(&ctx), blob_buffer(pCksum), iSize/8);
581 return 0;
582 }
583
584 /*
585 ** Compute the SHA3 checksum of a blob in memory. Store the resulting
586 ** checksum in the blob pCksum. pCksum is assumed to be either
587 ** uninitialized or the same blob as pIn.
588 **
589 ** Return the number of errors.
590 */
sha3sum_blob(const Blob * pIn,int iSize,Blob * pCksum)591 int sha3sum_blob(const Blob *pIn, int iSize, Blob *pCksum){
592 SHA3Context ctx;
593 SHA3Init(&ctx, iSize);
594 SHA3Update(&ctx, (unsigned char*)blob_buffer(pIn), blob_size(pIn));
595 if( pIn==pCksum ){
596 blob_reset(pCksum);
597 }else{
598 blob_zero(pCksum);
599 }
600 blob_resize(pCksum, iSize/4);
601 DigestToBase16(SHA3Final(&ctx), blob_buffer(pCksum), iSize/8);
602 return 0;
603 }
604
605 #if 0 /* NOT USED */
606 /*
607 ** Compute the SHA3 checksum of a zero-terminated string. The
608 ** result is held in memory obtained from mprintf().
609 */
610 char *sha3sum(const char *zIn, int iSize){
611 SHA3Context ctx;
612 char zDigest[132];
613
614 SHA3Init(&ctx, iSize);
615 SHA3Update(&ctx, (unsigned const char*)zIn, strlen(zIn));
616 DigestToBase16(SHA3Final(&ctx), zDigest, iSize/8);
617 return mprintf("%s", zDigest);
618 }
619 #endif
620
621 /*
622 ** COMMAND: sha3sum*
623 **
624 ** Usage: %fossil sha3sum FILE...
625 **
626 ** Compute an SHA3 checksum of all files named on the command-line.
627 ** If a file is named "-" then take its content from standard input.
628 **
629 ** To be clear: The official NIST FIPS-202 implementation of SHA3
630 ** with the added 01 padding is used, not the original Keccak submission.
631 **
632 ** Options:
633 **
634 ** --224 Compute a SHA3-224 hash
635 ** --256 Compute a SHA3-256 hash (the default)
636 ** --384 Compute a SHA3-384 hash
637 ** --512 Compute a SHA3-512 hash
638 ** --size N An N-bit hash. N must be a multiple of 32 between
639 ** 128 and 512.
640 ** -h|--dereference If FILE is a symbolic link, compute the hash on
641 ** the object pointed to, not on the link itself.
642 **
643 ** See also: [[md5sum]], [[sha1sum]]
644 */
sha3sum_test(void)645 void sha3sum_test(void){
646 int i;
647 Blob in;
648 Blob cksum = empty_blob;
649 int iSize = 256;
650 int eFType = SymFILE;
651
652 if( find_option("dereference","h",0) ) eFType = ExtFILE;
653 if( find_option("224",0,0)!=0 ) iSize = 224;
654 else if( find_option("256",0,0)!=0 ) iSize = 256;
655 else if( find_option("384",0,0)!=0 ) iSize = 384;
656 else if( find_option("512",0,0)!=0 ) iSize = 512;
657 else{
658 const char *zN = find_option("size",0,1);
659 if( zN!=0 ){
660 int n = atoi(zN);
661 if( n%32!=0 || n<128 || n>512 ){
662 fossil_fatal("--size must be a multiple of 64 between 128 and 512");
663 }
664 iSize = n;
665 }
666 }
667 verify_all_options();
668
669 for(i=2; i<g.argc; i++){
670 if( g.argv[i][0]=='-' && g.argv[i][1]==0 ){
671 blob_read_from_channel(&in, stdin, -1);
672 sha3sum_blob(&in, iSize, &cksum);
673 }else if( sha3sum_file(g.argv[i], eFType, iSize, &cksum) > 0 ){
674 fossil_fatal("Cannot read file: %s", g.argv[i]);
675 }
676 fossil_print("%s %s\n", blob_str(&cksum), g.argv[i]);
677 blob_reset(&cksum);
678 }
679 }
680