sdcc/support/regression/tests/sha3-256.c

   1 /*
   2    sha3-256.c
   3    sha3-256 hash function (once crashed compiler when targeting hc08/s08/mos6502/mos65c02).
   4
   5    Based on implementation by Eugene Chou (which in turn was based on an implementation by Dr. Markku-Juhani O. Saarinen).
   6 */
   7
   8 #include <testfwk.h>
   9
  10 #include <stdint.h>
  11 #include <string.h>
  12
  13 #if !defined(__SDCC_mos6502) && !defined(__SDCC_mos65c02) // mos6052/mos65c02 can't return struct this large yet.
  14 #if !defined(__SDCC_hc08) && !defined(__SDCC_s08) && !defined(__SDCC_ds390) // hc08/s08/ds390 can't return struct yet.
  15 #if !defined(__SDCC_mcs51) && !defined(__SDCC_pdk14) && !defined(__SDCC_pdk15) && !( (defined (__SDCC_mos6502) || defined(__SDCC_mos65c02 )) && defined(__SDCC_STACK_AUTO) ) // Lack of memory
  16
  17 #define SHA3_256_MD_LEN 32      // 256-bit digest length in bytes.
  18 #define SHA3_256_ROUNDS 24      // KECCAK rounds to perform for SHA3-256.
  19 #define SHA3_256_WIDTH  200     // 1600-bit width in bytes.
  20 #define SHA3_256_LANES  25      // State is an unrolled 5x5 array of 64-bit lanes.
  21 #define SHA3_256_RATE   136     // 1600-bit width - 512-bit capacity in bytes.
  22
  23 struct Sha3_256 {
  24     int padpoint;
  25     int absorbed;
  26     union {
  27         uint64_t words[SHA3_256_LANES];
  28         uint8_t bytes[SHA3_256_WIDTH];
  29     } state;
  30 };
  31
  32 struct Sha3_256 sha3_256_new(void);
  33
  34 void sha3_256_update(struct Sha3_256 *ctx, uint8_t *data, uint64_t n);
  35
  36 void sha3_256_finalize(struct Sha3_256 *ctx, uint8_t *digest);
  37
  38 void sha3_256_digest(uint8_t *data, uint64_t n, uint8_t *digest);
  39
  40 #define ROTL64(x, y)  (((x) << (y)) | ((x) >> (64 - (y))))
  41
  42 static void theta(struct Sha3_256 *ctx) {
  43     uint64_t C[5] = { 0 };
  44     uint64_t D[5] = { 0 };
  45
  46     for (int i = 0; i < 5; i += 1) {
  47         C[i]  = ctx->state.words[i];
  48         C[i] ^= ctx->state.words[i + 5];
  49         C[i] ^= ctx->state.words[i + 10];
  50         C[i] ^= ctx->state.words[i + 15];
  51         C[i] ^= ctx->state.words[i + 20];
  52     }
  53
  54     for (int i = 0; i < 5; i += 1) {
  55         D[i] = C[(i + 4) % 5] ^ ROTL64(C[(i + 1) % 5], 1);
  56     }
  57
  58     for (int i = 0; i < 5; i += 1) {
  59         for (int j = 0; j < 25; j += 5) {
  60             ctx->state.words[i + j] ^= D[i];
  61         }
  62     }
  63 }
  64
  65 static void rho(struct Sha3_256 *ctx) {
  66     static const int rotations[25] = {
  67          0,  1, 62, 28, 27,
  68         36, 44,  6, 55, 20,
  69          3, 10, 43, 25, 39,
  70         41, 45, 15, 21,  8,
  71         18,  2, 61, 56, 14
  72     };
  73
  74     for (int i = 0; i < 25; i += 1) {
  75         ctx->state.words[i] = ROTL64(ctx->state.words[i], rotations[i]);
  76     }
  77 }
  78
  79 static void pi(struct Sha3_256 *ctx) {
  80     static const int switcheroo[25] = {
  81          0, 10, 20,  5, 15,
  82         16,  1, 11, 21,  6,
  83          7, 17,  2, 12, 22,
  84         23,  8, 18,  3, 13,
  85         14, 24,  9, 19,  4
  86     };
  87
  88     uint64_t temp[25] = { 0 };
  89
  90     for (int i = 0; i < 25; i += 1) {
  91         temp[i] = ctx->state.words[i];
  92     }
  93
  94     for (int i = 0; i < 25; i += 1) {
  95         ctx->state.words[switcheroo[i]] = temp[i];
  96     }
  97 }
  98
  99 static void chi(struct Sha3_256 *ctx) {
 100     uint64_t temp[5] = { 0 };
 101
 102     for (int j = 0; j < 25; j += 5) {
 103         for (int i = 0; i < 5; i += 1) {
 104             temp[i] = ctx->state.words[i + j];
 105         }
 106
 107         for (int i = 0; i < 5; i += 1) {
 108             ctx->state.words[i + j] ^= (~temp[(i + 1) % 5]) & temp[(i + 2) % 5];
 109         }
 110     }
 111 }
 112
 113 static void iota(struct Sha3_256 *ctx, uint8_t r) {
 114     static const uint64_t constants[24] = {
 115         0x0000000000000001, 0x0000000000008082, 0x800000000000808a,
 116         0x8000000080008000, 0x000000000000808b, 0x0000000080000001,
 117         0x8000000080008081, 0x8000000000008009, 0x000000000000008a,
 118         0x0000000000000088, 0x0000000080008009, 0x000000008000000a,
 119         0x000000008000808b, 0x800000000000008b, 0x8000000000008089,
 120         0x8000000000008003, 0x8000000000008002, 0x8000000000000080,
 121         0x000000000000800a, 0x800000008000000a, 0x8000000080008081,
 122         0x8000000000008080, 0x0000000080000001, 0x8000000080008008
 123     };
 124
 125     ctx->state.words[0] ^= constants[r];
 126 }
 127
 128 static void keccak(struct Sha3_256 *ctx) {
 129     for (int i = 0; i < SHA3_256_ROUNDS; i += 1) {
 130         theta(ctx);
 131         rho(ctx);
 132         pi(ctx);
 133         chi(ctx);
 134         iota(ctx, i);
 135     }
 136 }
 137
 138 static void absorb(struct Sha3_256 *ctx, uint8_t *data, uint64_t n) {
 139     for (uint64_t i = 0; i < n; i += 1) {
 140         ctx->state.bytes[ctx->absorbed++] ^= data[i];
 141
 142         if (ctx->absorbed == SHA3_256_RATE) {
 143             keccak(ctx);
 144             ctx->absorbed = 0;
 145         }
 146     }
 147
 148     ctx->padpoint = ctx->absorbed;
 149 }
 150
 151 static void squeeze(struct Sha3_256 *ctx, uint8_t *digest) {
 152     ctx->state.bytes[ctx->padpoint] ^= 0x06;
 153     ctx->state.bytes[SHA3_256_RATE - 1] ^= 0x80;
 154
 155     keccak(ctx);
 156
 157     for (int i = 0; i < SHA3_256_MD_LEN; i += 1) {
 158         digest[i] = ctx->state.bytes[i];
 159     }
 160
 161     ctx->padpoint = ctx->absorbed = 0;
 162     memset(&ctx->state.words, 0, sizeof(ctx->state.words));
 163 }
 164
 165 struct Sha3_256 sha3_256_new(void) {
 166     struct Sha3_256 ctx;
 167     memset(&ctx, 0, sizeof(ctx));
 168     return ctx;
 169 }
 170
 171 void sha3_256_update(struct Sha3_256 *ctx, uint8_t *data, uint64_t n) {
 172     absorb(ctx, data, n);
 173 }
 174
 175 void sha3_256_finalize(struct Sha3_256 *ctx, uint8_t *digest) {
 176     squeeze(ctx, digest);
 177 }
 178
 179 void sha3_256_digest(uint8_t *data, uint64_t n, uint8_t *digest) {
 180     struct Sha3_256 ctx;
 181     ctx = sha3_256_new();
 182     absorb(&ctx, data, n);
 183     squeeze(&ctx, digest);
 184 }
 185
 186 /* structs */
 187 struct pair {
 188     unsigned char* in; /* input string */
 189     unsigned char out[32]; /* expected output */
 190 };
 191
 192 /* known input/output pairs */
 193 const struct pair pairs[] = {
 194     /* 0: empty string */
 195     {
 196         "",
 197         {0xa7, 0xff, 0xc6, 0xf8, 0xbf, 0x1e, 0xd7, 0x66, 0x51, 0xc1, 0x47, 0x56, 0xa0, 0x61, 0xd6, 0x62, 0xf5, 0x80, 0xff, 0x4d, 0xe4, 0x3b, 0x49, 0xfa, 0x82, 0xd8, 0x0a, 0x4b, 0x80, 0xf8, 0x43, 0x4a}
 198     },
 199     /* 1: long string */
 200     {
 201         "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
 202         {0x91, 0x6f, 0x60, 0x61, 0xfe, 0x87, 0x97, 0x41, 0xca, 0x64, 0x69, 0xb4, 0x39, 0x71, 0xdf, 0xdb, 0x28, 0xb1, 0xa3, 0x2d, 0xc3, 0x6c, 0xb3, 0x25, 0x4e, 0x81, 0x2b, 0xe2, 0x7a, 0xad, 0x1d, 0x18}
 203     }
 204 };
 205
 206 #endif
 207 #endif
 208 #endif
 209
 210 void
 211 testSha (void)
 212 {
 213 #if __STDC_ENDIAN_NATIVE__ // The implementation assumes little-endian
 214 #if !defined(__SDCC_mos6502) && !defined(__SDCC_mos65c02) // mos6502/mos65c02 can't return struct this large yet
 215 #if !defined(__SDCC_ds390) // ds390 can't return struct yet.
 216 #if !__SDCC_mcs51 && !defined(__SDCC_pdk14) && !defined(__SDCC_pdk15) // Lack of memory
 217     int i;
 218
 219     for (i = 0; i < sizeof(pairs)/sizeof(pairs[0]); i++) {
 220       unsigned char out[32];
 221       sha3_256_digest(pairs[i].in, strlen(pairs[i].in), out);
 222       ASSERT(!memcmp(out, pairs[i].out, sizeof(out)));
 223     }
 224 #endif
 225 #endif
 226 #endif
 227 #endif
 228 }
 229