Re: [PATCH] sha3sum: New applet, v4
On Monday 14 January 2013 05:27, Denys Vlasenko wrote: On Thursday 10 January 2013 12:35, Baruch Siach wrote: Hi Lauri, On Thu, Jan 10, 2013 at 01:20:40PM +0200, Baruch Siach wrote: On Thu, Jan 10, 2013 at 12:50:41PM +0200, Lauri Kasanen wrote: Running Rob Landley's mips image in qemu, this cut seems to give correct results on big-endian in all cases. This version works correctly on my PowerPC e500v2 based 32bit system. I only tested against the pre-computed values in http://en.wikipedia.org/wiki/Sha3. I just wanted to note the this SHA3 implementation is considerably slower than MD5 and SHA1 of Busybox, when run on my system. Sample results: I think sha512 is a more fair comparison, but yes, even compared to that it is rather slow. 32-bit x86: # dd if=/dev/zero bs=100M count=1 | ./busybox sha3sum 1+0 records in 1+0 records out 104857600 bytes (100.0MB) copied, 16.340429 seconds, 6.1MB/s f70d85fa2a47646901aa3ce6a804fec30cb1c47d68cd63ac731924fbbb2bb4e4440be3ae98087930cda7d655dfe6eff3079bae85447c7cd619a71dea2bc177f9 - # dd if=/dev/zero bs=100M count=1 | ./busybox sha512sum 1+0 records in 1+0 records out 104857600 bytes (100.0MB) copied, 3.720927 seconds, 26.9MB/s 2798503c2c7b718799324122137bf30a562aad1bc04bbf343daad225a5fd0d1fd5d269843a01ab00d4f8d8c5ab34f8956065f9831ef7459e9c487e895099e956 - Perhaps the algorithm is too optimized for size. Sped it up a bit: # dd if=/dev/zero bs=100M count=1 | ./busybox sha3sum 104857600 bytes (100.0MB) copied, 12.505967 seconds, 8.0MB/s f70d85fa2a47646901aa3ce6a804fec30cb1c47d68cd63ac731924fbbb2bb4e4440be3ae98087930cda7d655dfe6eff3079bae85447c7cd619a71dea2bc177f9 - Added CONFIG_SHA3_SMALL option, which can be set to CONFIG_SHA3_SMALL=0, causing ~450 bytes larger, but much faster code: # dd if=/dev/zero bs=100M count=1 | ./busybox sha3sum 104857600 bytes (100.0MB) copied, 5.785298 seconds, 17.3MB/s f70d85fa2a47646901aa3ce6a804fec30cb1c47d68cd63ac731924fbbb2bb4e4440be3ae98087930cda7d655dfe6eff3079bae85447c7cd619a71dea2bc177f9 - When compiled for 64-bits, it runs much faster still (~40MB/s). -- vda ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
Re: [PATCH] sha3sum: New applet, v4
On Thursday 10 January 2013 11:50, Lauri Kasanen wrote: Hi Running Rob Landley's mips image in qemu, this cut seems to give correct results on big-endian in all cases. v4: - Some cleanups - Big-endian try 2 - all tests now work in qemu-system-mips @Baruch - your system had some weird corruption, where the whole area after being set to all zeros showed an actual value. I don't have any idea why that happens there. How about the following patch? function old new delta sha3_begin28 18 -10 KeccakF 530 496 -34 sha3_end 78 40 -38 sha3_hash319 171-148 -- vda --- busybox.4/coreutils/Config.src +++ busybox.7/coreutils/Config.src @@ -514,6 +514,12 @@ help Compute and check SHA512 message digest +config SHA3SUM + bool sha3sum + default y + help + Compute and check SHA3 (512-bit) message digest + config SLEEP bool sleep default y @@ -766,13 +772,13 @@ help Allow df, du, and ls to have human readable output. -comment Common options for md5sum, sha1sum, sha256sum, sha512sum - depends on MD5SUM || SHA1SUM || SHA256SUM || SHA512SUM +comment Common options for md5sum, sha1sum, sha256sum, sha512sum, sha3sum + depends on MD5SUM || SHA1SUM || SHA256SUM || SHA512SUM || SHA3SUM config FEATURE_MD5_SHA1_SUM_CHECK bool Enable -c, -s and -w options default y - depends on MD5SUM || SHA1SUM || SHA256SUM || SHA512SUM + depends on MD5SUM || SHA1SUM || SHA256SUM || SHA512SUM || SHA3SUM help Enabling the -c options allows files to be checked against pre-calculated hash values. --- busybox.4/coreutils/Kbuild.src +++ busybox.7/coreutils/Kbuild.src @@ -62,6 +62,7 @@ lib-$(CONFIG_SHA1SUM) += md5_sha1_sum.o lib-$(CONFIG_SHA256SUM) += md5_sha1_sum.o lib-$(CONFIG_SHA512SUM) += md5_sha1_sum.o +lib-$(CONFIG_SHA3SUM) += md5_sha1_sum.o lib-$(CONFIG_SLEEP) += sleep.o lib-$(CONFIG_SPLIT) += split.o lib-$(CONFIG_SORT) += sort.o --- busybox.4/coreutils/md5_sha1_sum.c +++ busybox.7/coreutils/md5_sha1_sum.c @@ -55,6 +55,16 @@ //usage: \n -s Don't output anything, status code shows success //usage: \n -w Warn about improperly formatted checksum lines //usage: ) +//usage: +//usage:#define sha3sum_trivial_usage +//usage: IF_FEATURE_MD5_SHA1_SUM_CHECK([-c[sw]] )[FILE]... +//usage:#define sha3sum_full_usage \n\n +//usage: Print IF_FEATURE_MD5_SHA1_SUM_CHECK( or check) SHA3-512 checksums +//usage: IF_FEATURE_MD5_SHA1_SUM_CHECK( \n +//usage: \n -c Check sums against list in FILEs +//usage: \n -s Don't output anything, status code shows success +//usage: \n -w Warn about improperly formatted checksum lines +//usage: ) #include libbb.h @@ -65,6 +75,7 @@ HASH_MD5 = 's', /* md5sum */ HASH_SHA1 = '1', HASH_SHA256 = '2', + HASH_SHA3 = '3', HASH_SHA512 = '5', }; @@ -86,6 +97,7 @@ { int src_fd, hash_len, count; union _ctx_ { + sha3_ctx_t sha3; sha512_ctx_t sha512; sha256_ctx_t sha256; sha1_ctx_t sha1; @@ -123,6 +135,11 @@ sha512_begin(context.sha512); update = (void*)sha512_hash; final = (void*)sha512_end; + hash_len = 64; + } else if (ENABLE_SHA3SUM hash_algo == HASH_SHA3) { + sha3_begin(context.sha3); + update = (void*)sha3_hash; + final = (void*)sha3_end; hash_len = 64; } else { xfunc_die(); /* can't reach this */ --- busybox.4/include/applets.src.h +++ busybox.7/include/applets.src.h @@ -328,6 +328,7 @@ IF_SETSID(APPLET(setsid, BB_DIR_USR_BIN, BB_SUID_DROP)) IF_SETUIDGID(APPLET_ODDNAME(setuidgid, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, setuidgid)) IF_SHA1SUM(APPLET_NOEXEC(sha1sum, md5_sha1_sum, BB_DIR_USR_BIN, BB_SUID_DROP, sha1sum)) +IF_SHA3SUM(APPLET_NOEXEC(sha3sum, md5_sha1_sum, BB_DIR_USR_BIN, BB_SUID_DROP, sha3sum)) IF_SHA256SUM(APPLET_NOEXEC(sha256sum, md5_sha1_sum, BB_DIR_USR_BIN, BB_SUID_DROP, sha256sum)) IF_SHA512SUM(APPLET_NOEXEC(sha512sum, md5_sha1_sum, BB_DIR_USR_BIN, BB_SUID_DROP, sha512sum)) IF_SHOWKEY(APPLET(showkey, BB_DIR_USR_BIN, BB_SUID_DROP)) --- busybox.4/include/libbb.h +++ busybox.7/include/libbb.h @@ -1636,6 +1636,10 @@ uint64_t hash[8]; uint8_t wbuffer[128]; /* always correctly aligned for uint64_t */ } sha512_ctx_t; +typedef struct sha3_ctx_t { + uint64_t state[25]; + unsigned bytes_queued; +} sha3_ctx_t; void md5_begin(md5_ctx_t *ctx) FAST_FUNC; void
Re: [PATCH] sha3sum: New applet, v4
On Thursday 10 January 2013 12:35, Baruch Siach wrote: Hi Lauri, On Thu, Jan 10, 2013 at 01:20:40PM +0200, Baruch Siach wrote: On Thu, Jan 10, 2013 at 12:50:41PM +0200, Lauri Kasanen wrote: Running Rob Landley's mips image in qemu, this cut seems to give correct results on big-endian in all cases. This version works correctly on my PowerPC e500v2 based 32bit system. I only tested against the pre-computed values in http://en.wikipedia.org/wiki/Sha3. I just wanted to note the this SHA3 implementation is considerably slower than MD5 and SHA1 of Busybox, when run on my system. Sample results: I think sha512 is a more fair comparison, but yes, even compared to that it is rather slow. 32-bit x86: # dd if=/dev/zero bs=100M count=1 | ./busybox sha3sum 1+0 records in 1+0 records out 104857600 bytes (100.0MB) copied, 16.340429 seconds, 6.1MB/s f70d85fa2a47646901aa3ce6a804fec30cb1c47d68cd63ac731924fbbb2bb4e4440be3ae98087930cda7d655dfe6eff3079bae85447c7cd619a71dea2bc177f9 - # dd if=/dev/zero bs=100M count=1 | ./busybox sha512sum 1+0 records in 1+0 records out 104857600 bytes (100.0MB) copied, 3.720927 seconds, 26.9MB/s 2798503c2c7b718799324122137bf30a562aad1bc04bbf343daad225a5fd0d1fd5d269843a01ab00d4f8d8c5ab34f8956065f9831ef7459e9c487e895099e956 - Perhaps the algorithm is too optimized for size. -- vda ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
[PATCH] sha3sum: New applet, v4
Hi Running Rob Landley's mips image in qemu, this cut seems to give correct results on big-endian in all cases. v4: - Some cleanups - Big-endian try 2 - all tests now work in qemu-system-mips @Baruch - your system had some weird corruption, where the whole area after being set to all zeros showed an actual value. I don't have any idea why that happens there. - Lauri -- http://www.fastmail.fm - Access all of your messages and folders wherever you are From c50a72a34c46e016c9c0962abc64a9682f213e9a Mon Sep 17 00:00:00 2001 From: Lauri Kasanen cur...@operamail.com Date: Thu, 3 Jan 2013 21:10:01 +0200 Subject: [PATCH] sha3sum: New applet, v4 v4: - Some cleanups - Big-endian try 2 - all tests now work in qemu-system-mips v3: - Align to 64, just in case - Use the correct type, size_t, in the update function v2: - Sorted the enum by alpha (was sorted by algorithm age) - Use normal rotate here, xor not needed - Comment cleanup - Remove *empty* comments - Unify one be/le path - Remove #define round - Move to if(BB_ENDIAN) instead of #if Signed-off-by: Lauri Kasanen cur...@operamail.com --- coreutils/Config.src | 12 ++- coreutils/Kbuild.src |1 + coreutils/md5_sha1_sum.c | 17 include/applets.src.h|1 + include/libbb.h |7 ++ libbb/hash_md5_sha.c | 201 ++ testsuite/sha3sum.tests |3 + 7 files changed, 239 insertions(+), 3 deletions(-) create mode 100755 testsuite/sha3sum.tests diff --git a/coreutils/Config.src b/coreutils/Config.src index a28449b..0c44c4b 100644 --- a/coreutils/Config.src +++ b/coreutils/Config.src @@ -514,6 +514,12 @@ config SHA512SUM help Compute and check SHA512 message digest +config SHA3SUM + bool sha3sum + default y + help + Compute and check SHA3 (512-bit) message digest + config SLEEP bool sleep default y @@ -766,13 +772,13 @@ config FEATURE_HUMAN_READABLE help Allow df, du, and ls to have human readable output. -comment Common options for md5sum, sha1sum, sha256sum, sha512sum - depends on MD5SUM || SHA1SUM || SHA256SUM || SHA512SUM +comment Common options for md5sum, sha1sum, sha256sum, sha512sum, sha3sum + depends on MD5SUM || SHA1SUM || SHA256SUM || SHA512SUM || SHA3SUM config FEATURE_MD5_SHA1_SUM_CHECK bool Enable -c, -s and -w options default y - depends on MD5SUM || SHA1SUM || SHA256SUM || SHA512SUM + depends on MD5SUM || SHA1SUM || SHA256SUM || SHA512SUM || SHA3SUM help Enabling the -c options allows files to be checked against pre-calculated hash values. diff --git a/coreutils/Kbuild.src b/coreutils/Kbuild.src index d6453f0..b715b9c 100644 --- a/coreutils/Kbuild.src +++ b/coreutils/Kbuild.src @@ -62,6 +62,7 @@ lib-$(CONFIG_SEQ) += seq.o lib-$(CONFIG_SHA1SUM) += md5_sha1_sum.o lib-$(CONFIG_SHA256SUM) += md5_sha1_sum.o lib-$(CONFIG_SHA512SUM) += md5_sha1_sum.o +lib-$(CONFIG_SHA3SUM) += md5_sha1_sum.o lib-$(CONFIG_SLEEP) += sleep.o lib-$(CONFIG_SPLIT) += split.o lib-$(CONFIG_SORT) += sort.o diff --git a/coreutils/md5_sha1_sum.c b/coreutils/md5_sha1_sum.c index 2cb6dd4..b62e7c2 100644 --- a/coreutils/md5_sha1_sum.c +++ b/coreutils/md5_sha1_sum.c @@ -55,6 +55,16 @@ //usage: \n -s Don't output anything, status code shows success //usage: \n -w Warn about improperly formatted checksum lines //usage: ) +//usage: +//usage:#define sha3sum_trivial_usage +//usage: IF_FEATURE_MD5_SHA1_SUM_CHECK([-c[sw]] )[FILE]... +//usage:#define sha3sum_full_usage \n\n +//usage: Print IF_FEATURE_MD5_SHA1_SUM_CHECK( or check) SHA3-512 checksums +//usage: IF_FEATURE_MD5_SHA1_SUM_CHECK( \n +//usage: \n -c Check sums against list in FILEs +//usage: \n -s Don't output anything, status code shows success +//usage: \n -w Warn about improperly formatted checksum lines +//usage: ) #include libbb.h @@ -65,6 +75,7 @@ enum { HASH_MD5 = 's', /* md5sum */ HASH_SHA1 = '1', HASH_SHA256 = '2', + HASH_SHA3 = '3', HASH_SHA512 = '5', }; @@ -86,6 +97,7 @@ static uint8_t *hash_file(const char *filename) { int src_fd, hash_len, count; union _ctx_ { + sha3_ctx_t sha3; sha512_ctx_t sha512; sha256_ctx_t sha256; sha1_ctx_t sha1; @@ -124,6 +136,11 @@ static uint8_t *hash_file(const char *filename) update = (void*)sha512_hash; final = (void*)sha512_end; hash_len = 64; + } else if (ENABLE_SHA3SUM hash_algo == HASH_SHA3) { + sha3_begin(context.sha3); + update = (void*)sha3_hash; + final = (void*)sha3_end; + hash_len = 64; } else { xfunc_die(); /* can't reach this */ } diff --git a/include/applets.src.h b/include/applets.src.h index 597b1c9..29ab167 100644 --- a/include/applets.src.h +++ b/include/applets.src.h @@ -328,6 +328,7 @@ IF_SETSEBOOL(APPLET(setsebool, BB_DIR_USR_SBIN, BB_SUID_DROP)) IF_SETSID(APPLET(setsid, BB_DIR_USR_BIN, BB_SUID_DROP)) IF_SETUIDGID(APPLET_ODDNAME(setuidgid, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, setuidgid)) IF_SHA1SUM
Re: [PATCH] sha3sum: New applet, v4
Hi Lauri, On Thu, Jan 10, 2013 at 12:50:41PM +0200, Lauri Kasanen wrote: Running Rob Landley's mips image in qemu, this cut seems to give correct results on big-endian in all cases. This version works correctly on my PowerPC e500v2 based 32bit system. I only tested against the pre-computed values in http://en.wikipedia.org/wiki/Sha3. Thanks, baruch -- http://baruch.siach.name/blog/ ~. .~ Tk Open Systems =}ooO--U--Ooo{= - bar...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il - ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
Re: [PATCH] sha3sum: New applet, v4
Hi Lauri, On Thu, Jan 10, 2013 at 01:20:40PM +0200, Baruch Siach wrote: On Thu, Jan 10, 2013 at 12:50:41PM +0200, Lauri Kasanen wrote: Running Rob Landley's mips image in qemu, this cut seems to give correct results on big-endian in all cases. This version works correctly on my PowerPC e500v2 based 32bit system. I only tested against the pre-computed values in http://en.wikipedia.org/wiki/Sha3. I just wanted to note the this SHA3 implementation is considerably slower than MD5 and SHA1 of Busybox, when run on my system. Sample results: # ls -l busybox -rwxr-xr-x 1 root root 1296692 Jan 10 11:17 busybox # time ./busybox sha3sum busybox 95756158fff5a75e2c3b4826fba4bf0b88d33c3157c2ae3e209aa0e76354759bc14fef25a017a1b6340aeb4e8df6201534e31b2287364f5227ae40789c3b1e97 busybox real0m4.085s user0m1.584s sys 0m0.060s # time ./busybox md5sum busybox 892a46b7d153b54f48c53815fd785d74 busybox real0m0.099s user0m0.028s sys 0m0.008s # time ./busybox sha1sum busybox 20ad89fd2476b0e6dbbe637455b7db4dde506ea1 busybox real0m0.101s user0m0.096s sys 0m0.004s Is this expected? baruch -- http://baruch.siach.name/blog/ ~. .~ Tk Open Systems =}ooO--U--Ooo{= - bar...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il - ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
Re: [PATCH] sha3sum: New applet, v4
This version works correctly on my PowerPC e500v2 based 32bit system. I only tested against the pre-computed values in http://en.wikipedia.org/wiki/Sha3. Thanks, baruch Ditto for mips64. Matt ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
Re: [PATCH] sha3sum: New applet, v4
On Thu, Jan 10, 2013, at 13:35, Baruch Siach wrote: I just wanted to note the this SHA3 implementation is considerably slower than MD5 and SHA1 of Busybox, when run on my system. Sample results: # ls -l busybox -rwxr-xr-x 1 root root 1296692 Jan 10 11:17 busybox # time ./busybox sha3sum busybox 95756158fff5a75e2c3b4826fba4bf0b88d33c3157c2ae3e209aa0e76354759bc14fef25a017a1b6340aeb4e8df6201534e31b2287364f5227ae40789c3b1e97 busybox real0m4.085s # time ./busybox md5sum busybox 892a46b7d153b54f48c53815fd785d74 busybox real0m0.099s # time ./busybox sha1sum busybox 20ad89fd2476b0e6dbbe637455b7db4dde506ea1 busybox real0m0.101s Is this expected? Yes, from two ways: SHA-3 as an algorithm is 2-3x slower than md5, and the implementation here is optimized for size. There exist faster implementations, but bb usually wants the smallest size. Another point is that on big-endian it now flips to little-endian and back to get correct results. This is how the upstream Keccak examples all do it, and I couldn't get correct results on BE otherwise. The speed should be better on little-endian systems. - Lauri -- http://www.fastmail.fm - Does exactly what it says on the tin ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
Re: [PATCH] sha3sum: New applet, v4
Yes, from two ways: SHA-3 as an algorithm is 2-3x slower than md5, and the implementation here is optimized for size. There exist faster implementations, but bb usually wants the smallest size. Another point is that on big-endian it now flips to little-endian and back to get correct results. This is how the upstream Keccak examples all do it, and I couldn't get correct results on BE otherwise. The speed should be better on little-endian systems. On x86_64 it's about 5x slower than bb sha1sum here, which is within the target (2-3x plus size vs speed). - Lauri -- http://www.fastmail.fm - Or how I learned to stop worrying and love email again ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
Re: [PATCH] sha3sum: New applet, v4
On Thursday 10 January 2013 13:39:32 Lauri Kasanen wrote: There exist faster implementations, but bb usually wants the smallest size. that's what MD5_SMALL is good for ;) -mike signature.asc Description: This is a digitally signed message part. ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
Re: [PATCH] sha3sum: New applet, v2
Hi Lauri, On Tue, Jan 08, 2013 at 09:34:49AM +0200, Baruch Siach wrote: On Sun, Jan 06, 2013 at 10:04:36PM +0200, Lauri Kasanen wrote: The content of the r28 register is: (gdb) info registers ... r280x10173010 269955088 The process' /proc/[pid]/maps file shows: 1014d000-10173000 rwxp 00:00 0 [heap] which means that we're trying to read just beyond the process allocated heap. From the disassembly code I infer that the crash happens before the call to bb_bswap_64 at address 0x10050b80. Thanks. Can you also enable CONFIG_PESSIMIZE (disable gcc's optimization) and post the backtrace? I wonder if somehow it gets called with wrong arguments (end of string, but wrong size for example), those were optimized out in the first backtrace. A pessimized build give the exact same result. Details below: Program received signal SIGSEGV, Segmentation fault. 0x1009d288 in KeccakF (state=0xbfca1fc0, in=0x101cafd0, laneCount=8) at libbb/hash_md5_sha.c:977 977 state[laneCount] ^= SWAP_LE64(in[laneCount]); (gdb) bt #0 0x1009d288 in KeccakF (state=0xbfca1fc0, in=0x101cafd0, laneCount=8) at libbb/hash_md5_sha.c:977 #1 0x1009dab4 in sha3_hash (state=0xbfca1fc0, data=0x101cafd0 , bytes=21474836485) at libbb/hash_md5_sha.c:1055 #2 0x1007180c in hash_file (filename=0x10169fcc -) at coreutils/md5_sha1_sum.c:151 #3 0x10071b74 in md5_sha1_sum_main (argc=1, argv=0xbfca23e8) at coreutils/md5_sha1_sum.c:247 #4 0x10002980 in run_applet_no_and_exit (applet_no=122, argv=0xbfca23e8) at libbb/appletlib.c:755 #5 0x100029c4 in run_applet_and_exit (name=0xbfca2d14 sha3sum, argv=0xbfca23e8) at libbb/appletlib.c:762 #6 0x10002818 in busybox_main (argv=0xbfca23e8) at libbb/appletlib.c:727 #7 0x100029ec in run_applet_and_exit (name=0xbfca2d0c busybox, argv=0xbfca23e4) at libbb/appletlib.c:764 #8 0x10002ad4 in main (argc=2, argv=0xbfca23e4) at libbb/appletlib.c:819 (gdb) p in[laneCount] $1 = (const uint64_t *) 0x101cb010 One more data point that might be relevant: (gdb) p laneCount $1 = 8 (gdb) disas Dump of assembler code for function KeccakF: [...] 0x1009d258 +120: lwz r9,72(r1) 0x1009d25c +124: add r0,r9,r0 0x1009d260 +128: mr r9,r0 0x1009d264 +132: lwz r8,0(r9) 0x1009d268 +136: lwz r9,4(r9) 0x1009d26c +140: stw r8,88(r1) 0x1009d270 +144: stw r9,92(r1) 0x1009d274 +148: lwz r0,80(r1) 0x1009d278 +152: rlwinm r0,r0,3,0,28 0x1009d27c +156: lwz r9,76(r1) 0x1009d280 +160: add r0,r9,r0 0x1009d284 +164: mr r11,r0 = 0x1009d288 +168: lwz r9,0(r11) 0x1009d28c +172: lwz r10,4(r11) 0x1009d290 +176: mr r3,r9 0x1009d294 +180: mr r4,r10 0x1009d298 +184: bl 0x100b0898 bb_bswap_64 0x1009d29c +188: mr r10,r4 0x1009d2a0 +192: mr r9,r3 0x1009d2a4 +196: lwz r0,88(r1) 0x1009d2a8 +200: xor r0,r0,r9 0x1009d2ac +204: stw r0,96(r1) 0x1009d2b0 +208: lwz r8,92(r1) 0x1009d2b4 +212: xor r8,r8,r10 0x1009d2b8 +216: stw r8,100(r1) 0x1009d2bc +220: lwz r9,96(r1) 0x1009d2c0 +224: lwz r10,100(r1) (gdb) info reg [...] r110x101cb010 270315536 # cat /proc/[pid]/maps [...] 101a5000-101cb000 rwxp 00:00 0 [heap] baruch -- http://baruch.siach.name/blog/ ~. .~ Tk Open Systems =}ooO--U--Ooo{= - bar...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il - ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
Re: [PATCH] sha3sum: New applet, v2
# mips64 $ echo Hello World | ./busybox sha3sum bb5596c9990b5e6f821d17150b3c79585180ed05f4570ba82a89816a5680c463d3ce23fa8daff68e0ada7c235e21f619d5fc0e122ee2e5fe959e004742d53ee4 # x86_64 $ echo Hello World | ./busybox sha3sum 9ad2496364575076338331ca40a51a46d6a1d680c4e4d31bc3db6f4e46a5de376e0289692dbbb85fec8d9843f7c0a7efe200e86f2382c07d0674d20862db72d8 - Is there an independent, publicly available implementation of SHA-3 that would tell us which one is correct? I used the prints on Wikipedia to test - the SHA-3 page lists the sums for an empty string, the lazy fox sentence, and the lazy fox sentence with a dot added. All three match with this implementation (when run on x86_64). - Lauri -- http://www.fastmail.fm - The way an email service should be ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
Re: [PATCH] sha3sum: New applet, v2
A pessimized build give the exact same result. Details below: Thanks Baruch. It's as I thought - something gives it wrong arguments. See here: #1 0x1009dab4 in sha3_hash (state=0xbfca1fc0, data=0x101cafd0 , bytes=21474836485) at libbb/hash_md5_sha.c:1055 bytes is 20 Gb (!), yet the memory pointed to by data is a few bytes long only. I think I know why, size_t on your platform is not 64-bit, will post a v3 soon. - Lauri -- http://www.fastmail.fm - A fast, anti-spam email service. ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
[PATCH] sha3sum: New applet, v3
Hi This patch should no longer crash @ ppc. But I think it will still have wrong results on big-endian, and I'm not sure it's something I can fix without access to such. v3: - Align to 64, just in case - Use the correct type, size_t, in the update function - Lauri -- http://www.fastmail.fm - The way an email service should be From 864e27f3a01ebff916ade68d5706ad0088bc5b40 Mon Sep 17 00:00:00 2001 From: Lauri Kasanen cur...@operamail.com Date: Thu, 3 Jan 2013 21:10:01 +0200 Subject: [PATCH] sha3sum: New applet, v3 v3: - Align to 64, just in case - Use the correct type, size_t, in the update function v2: - Sorted the enum by alpha (was sorted by algorithm age) - Use normal rotate here, xor not needed - Comment cleanup - Remove *empty* comments - Unify one be/le path - Remove #define round - Move to if(BB_ENDIAN) instead of #if Signed-off-by: Lauri Kasanen cur...@operamail.com --- coreutils/Config.src | 12 ++- coreutils/Kbuild.src |1 + coreutils/md5_sha1_sum.c | 17 include/applets.src.h|1 + include/libbb.h |7 ++ libbb/hash_md5_sha.c | 210 ++ testsuite/sha3sum.tests |3 + 7 files changed, 248 insertions(+), 3 deletions(-) create mode 100755 testsuite/sha3sum.tests diff --git a/coreutils/Config.src b/coreutils/Config.src index a28449b..0c44c4b 100644 --- a/coreutils/Config.src +++ b/coreutils/Config.src @@ -514,6 +514,12 @@ config SHA512SUM help Compute and check SHA512 message digest +config SHA3SUM + bool sha3sum + default y + help + Compute and check SHA3 (512-bit) message digest + config SLEEP bool sleep default y @@ -766,13 +772,13 @@ config FEATURE_HUMAN_READABLE help Allow df, du, and ls to have human readable output. -comment Common options for md5sum, sha1sum, sha256sum, sha512sum - depends on MD5SUM || SHA1SUM || SHA256SUM || SHA512SUM +comment Common options for md5sum, sha1sum, sha256sum, sha512sum, sha3sum + depends on MD5SUM || SHA1SUM || SHA256SUM || SHA512SUM || SHA3SUM config FEATURE_MD5_SHA1_SUM_CHECK bool Enable -c, -s and -w options default y - depends on MD5SUM || SHA1SUM || SHA256SUM || SHA512SUM + depends on MD5SUM || SHA1SUM || SHA256SUM || SHA512SUM || SHA3SUM help Enabling the -c options allows files to be checked against pre-calculated hash values. diff --git a/coreutils/Kbuild.src b/coreutils/Kbuild.src index d6453f0..b715b9c 100644 --- a/coreutils/Kbuild.src +++ b/coreutils/Kbuild.src @@ -62,6 +62,7 @@ lib-$(CONFIG_SEQ) += seq.o lib-$(CONFIG_SHA1SUM) += md5_sha1_sum.o lib-$(CONFIG_SHA256SUM) += md5_sha1_sum.o lib-$(CONFIG_SHA512SUM) += md5_sha1_sum.o +lib-$(CONFIG_SHA3SUM) += md5_sha1_sum.o lib-$(CONFIG_SLEEP) += sleep.o lib-$(CONFIG_SPLIT) += split.o lib-$(CONFIG_SORT) += sort.o diff --git a/coreutils/md5_sha1_sum.c b/coreutils/md5_sha1_sum.c index 2cb6dd4..b62e7c2 100644 --- a/coreutils/md5_sha1_sum.c +++ b/coreutils/md5_sha1_sum.c @@ -55,6 +55,16 @@ //usage: \n -s Don't output anything, status code shows success //usage: \n -w Warn about improperly formatted checksum lines //usage: ) +//usage: +//usage:#define sha3sum_trivial_usage +//usage: IF_FEATURE_MD5_SHA1_SUM_CHECK([-c[sw]] )[FILE]... +//usage:#define sha3sum_full_usage \n\n +//usage: Print IF_FEATURE_MD5_SHA1_SUM_CHECK( or check) SHA3-512 checksums +//usage: IF_FEATURE_MD5_SHA1_SUM_CHECK( \n +//usage: \n -c Check sums against list in FILEs +//usage: \n -s Don't output anything, status code shows success +//usage: \n -w Warn about improperly formatted checksum lines +//usage: ) #include libbb.h @@ -65,6 +75,7 @@ enum { HASH_MD5 = 's', /* md5sum */ HASH_SHA1 = '1', HASH_SHA256 = '2', + HASH_SHA3 = '3', HASH_SHA512 = '5', }; @@ -86,6 +97,7 @@ static uint8_t *hash_file(const char *filename) { int src_fd, hash_len, count; union _ctx_ { + sha3_ctx_t sha3; sha512_ctx_t sha512; sha256_ctx_t sha256; sha1_ctx_t sha1; @@ -124,6 +136,11 @@ static uint8_t *hash_file(const char *filename) update = (void*)sha512_hash; final = (void*)sha512_end; hash_len = 64; + } else if (ENABLE_SHA3SUM hash_algo == HASH_SHA3) { + sha3_begin(context.sha3); + update = (void*)sha3_hash; + final = (void*)sha3_end; + hash_len = 64; } else { xfunc_die(); /* can't reach this */ } diff --git a/include/applets.src.h b/include/applets.src.h index 597b1c9..29ab167 100644 --- a/include/applets.src.h +++ b/include/applets.src.h @@ -328,6 +328,7 @@ IF_SETSEBOOL(APPLET(setsebool, BB_DIR_USR_SBIN, BB_SUID_DROP)) IF_SETSID(APPLET(setsid, BB_DIR_USR_BIN, BB_SUID_DROP)) IF_SETUIDGID(APPLET_ODDNAME(setuidgid, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, setuidgid)) IF_SHA1SUM(APPLET_NOEXEC(sha1sum, md5_sha1_sum, BB_DIR_USR_BIN, BB_SUID_DROP, sha1sum)) +IF_SHA3SUM(APPLET_NOEXEC(sha3sum, md5_sha1_sum, BB_DIR_USR_BIN, BB_SUID_DROP, sha3sum)) IF_SHA256SUM(APPLET_NOEXEC(sha256sum, md5_sha1_sum, BB_DIR_USR_BIN
Re: [PATCH] sha3sum: New applet, v3
Hi Lauri, On Tue, Jan 08, 2013 at 04:40:04PM +0200, Lauri Kasanen wrote: This patch should no longer crash @ ppc. But I think it will still have wrong results on big-endian, and I'm not sure it's something I can fix without access to such. This version doesn't crash anymore, but the results on PowerPC are not in-line with x86_64 and the samples of http://en.wikipedia.org/wiki/Sha3: # echo -n The quick brown fox jumps over the lazy dog |./busybox sha3sum a753cd80313d095c37641af35cf24fa2ea1e4f94200fb82676c24faa5abdbe6e2626bfff79014a882fc7ad55319b3e6894dfc1f5f4672de365957ff428944355 - The x86_64 build correctly gives me: $ echo -n The quick brown fox jumps over the lazy dog |./busybox sha3sum d135bb84d0439dbac432247ee573a23ea7d3c9deb2a968eb31d47c4fb45f1ef4422d6c531b5b9bd6f449ebcc449ea94d0a8f05f62130fda612da53c79659f609 - You can send me a debug prints augmented version of your patch to run on my PowerPC board if you like. baruch -- http://baruch.siach.name/blog/ ~. .~ Tk Open Systems =}ooO--U--Ooo{= - bar...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il - ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
Re: [PATCH] sha3sum: New applet, v2
$ file ./busybox ./busybox: ELF 64-bit MSB executable, MIPS, MIPS64 rel2 version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped MSB executable means big-endian, isn't it? That's correct ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
Re: [PATCH] sha3sum: New applet, v3
You can send me a debug prints augmented version of your patch to run on my PowerPC board if you like. Thanks. Before we go to that, is the empty string example also wrong on ppc? echo -n - Lauri -- http://www.fastmail.fm - Send your email first class ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
Re: [PATCH] sha3sum: New applet, v3
# echo -n The quick brown fox jumps over the lazy dog |./busybox sha3sum a753cd80313d095c37641af35cf24fa2ea1e4f94200fb82676c24faa5abdbe6e2626bfff79014a882fc7ad55319b3e6894dfc1f5f4672de365957ff428944355 - I see the same results on big endien mips64. Here's the blank output: # echo -n |./busybox sha3sum f6ad23d035c22bbc2ef310794fa9ed41667cc821eff071962b842beb56c24db022aa10387a0738be43f642b41bd8526f545ce911db85d61c5711b59dd9841667 - You can send me a debug prints augmented version of your patch to run on my PowerPC board if you like. Ditto for mips. ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
Re: [PATCH] sha3sum: New applet, v2
On Fri, Jan 4, 2013 at 5:02 AM, Lauri Kasanen cur...@operamail.com wrote: v2: Hey Lauri, I've got a mips64 processor I'm trying your patch with... Here are the results I get using mips64 vs a basic centos5 x86_64 machine: # mips64 $ echo Hello World | ./busybox sha3sum bb5596c9990b5e6f821d17150b3c79585180ed05f4570ba82a89816a5680c463d3ce23fa8daff68e0ada7c235e21f619d5fc0e122ee2e5fe959e004742d53ee4 - $ file ./busybox ./busybox: ELF 64-bit MSB executable, MIPS, MIPS64 rel2 version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped # x86_64 $ echo Hello World | ./busybox sha3sum 9ad2496364575076338331ca40a51a46d6a1d680c4e4d31bc3db6f4e46a5de376e0289692dbbb85fec8d9843f7c0a7efe200e86f2382c07d0674d20862db72d8 - $ file ./busybox ./busybox: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for GNU/Linux 2.6.9, statically linked, stripped I'll watch the thread and try it out when you post another patch. Matt ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
Re: [PATCH] sha3sum: New applet, v2
Hi Matthew, Lauri, On Mon, Jan 07, 2013 at 08:32:44PM -0600, Matthew Stoltenberg wrote: On Fri, Jan 4, 2013 at 5:02 AM, Lauri Kasanen cur...@operamail.com wrote: v2: Hey Lauri, I've got a mips64 processor I'm trying your patch with... Here are the results I get using mips64 vs a basic centos5 x86_64 machine: # mips64 $ echo Hello World | ./busybox sha3sum bb5596c9990b5e6f821d17150b3c79585180ed05f4570ba82a89816a5680c463d3ce23fa8daff68e0ada7c235e21f619d5fc0e122ee2e5fe959e004742d53ee4 - $ file ./busybox ./busybox: ELF 64-bit MSB executable, MIPS, MIPS64 rel2 version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped MSB executable means big-endian, isn't it? # x86_64 $ echo Hello World | ./busybox sha3sum 9ad2496364575076338331ca40a51a46d6a1d680c4e4d31bc3db6f4e46a5de376e0289692dbbb85fec8d9843f7c0a7efe200e86f2382c07d0674d20862db72d8 - Is there an independent, publicly available implementation of SHA-3 that would tell us which one is correct? baruch $ file ./busybox ./busybox: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for GNU/Linux 2.6.9, statically linked, stripped I'll watch the thread and try it out when you post another patch. -- http://baruch.siach.name/blog/ ~. .~ Tk Open Systems =}ooO--U--Ooo{= - bar...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il - ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
Re: [PATCH] sha3sum: New applet, v2
Hi Lauri, On Sun, Jan 06, 2013 at 10:04:36PM +0200, Lauri Kasanen wrote: The content of the r28 register is: (gdb) info registers ... r280x10173010 269955088 The process' /proc/[pid]/maps file shows: 1014d000-10173000 rwxp 00:00 0 [heap] which means that we're trying to read just beyond the process allocated heap. From the disassembly code I infer that the crash happens before the call to bb_bswap_64 at address 0x10050b80. Thanks. Can you also enable CONFIG_PESSIMIZE (disable gcc's optimization) and post the backtrace? I wonder if somehow it gets called with wrong arguments (end of string, but wrong size for example), those were optimized out in the first backtrace. A pessimized build give the exact same result. Details below: Program received signal SIGSEGV, Segmentation fault. 0x1009d288 in KeccakF (state=0xbfca1fc0, in=0x101cafd0, laneCount=8) at libbb/hash_md5_sha.c:977 977 state[laneCount] ^= SWAP_LE64(in[laneCount]); (gdb) bt #0 0x1009d288 in KeccakF (state=0xbfca1fc0, in=0x101cafd0, laneCount=8) at libbb/hash_md5_sha.c:977 #1 0x1009dab4 in sha3_hash (state=0xbfca1fc0, data=0x101cafd0 , bytes=21474836485) at libbb/hash_md5_sha.c:1055 #2 0x1007180c in hash_file (filename=0x10169fcc -) at coreutils/md5_sha1_sum.c:151 #3 0x10071b74 in md5_sha1_sum_main (argc=1, argv=0xbfca23e8) at coreutils/md5_sha1_sum.c:247 #4 0x10002980 in run_applet_no_and_exit (applet_no=122, argv=0xbfca23e8) at libbb/appletlib.c:755 #5 0x100029c4 in run_applet_and_exit (name=0xbfca2d14 sha3sum, argv=0xbfca23e8) at libbb/appletlib.c:762 #6 0x10002818 in busybox_main (argv=0xbfca23e8) at libbb/appletlib.c:727 #7 0x100029ec in run_applet_and_exit (name=0xbfca2d0c busybox, argv=0xbfca23e4) at libbb/appletlib.c:764 #8 0x10002ad4 in main (argc=2, argv=0xbfca23e4) at libbb/appletlib.c:819 (gdb) p in[laneCount] $1 = (const uint64_t *) 0x101cb010 (gdb) disas Dump of assembler code for function KeccakF: [...] 0x1009d258 +120: lwz r9,72(r1) 0x1009d25c +124: add r0,r9,r0 0x1009d260 +128: mr r9,r0 0x1009d264 +132: lwz r8,0(r9) 0x1009d268 +136: lwz r9,4(r9) 0x1009d26c +140: stw r8,88(r1) 0x1009d270 +144: stw r9,92(r1) 0x1009d274 +148: lwz r0,80(r1) 0x1009d278 +152: rlwinm r0,r0,3,0,28 0x1009d27c +156: lwz r9,76(r1) 0x1009d280 +160: add r0,r9,r0 0x1009d284 +164: mr r11,r0 = 0x1009d288 +168: lwz r9,0(r11) 0x1009d28c +172: lwz r10,4(r11) 0x1009d290 +176: mr r3,r9 0x1009d294 +180: mr r4,r10 0x1009d298 +184: bl 0x100b0898 bb_bswap_64 0x1009d29c +188: mr r10,r4 0x1009d2a0 +192: mr r9,r3 0x1009d2a4 +196: lwz r0,88(r1) 0x1009d2a8 +200: xor r0,r0,r9 0x1009d2ac +204: stw r0,96(r1) 0x1009d2b0 +208: lwz r8,92(r1) 0x1009d2b4 +212: xor r8,r8,r10 0x1009d2b8 +216: stw r8,100(r1) 0x1009d2bc +220: lwz r9,96(r1) 0x1009d2c0 +224: lwz r10,100(r1) (gdb) info reg [...] r110x101cb010 270315536 # cat /proc/[pid]/maps [...] 101a5000-101cb000 rwxp 00:00 0 [heap] baruch -- http://baruch.siach.name/blog/ ~. .~ Tk Open Systems =}ooO--U--Ooo{= - bar...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il - ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
Re: [PATCH] sha3sum: New applet, v2
On Sun, Jan 6, 2013, at 7:18, Baruch Siach wrote: Hi Lauri, Testing on a big-endian system (PowerPC) I'm getting: # echo test |./busybox sha3sum Segmentation fault (core dumped) On a PC I get: $ echo test |./busybox sha3sum a5c3e353a185244f82a8de017db6022543d776f8943b457b6368c80854ecdfda1705e5dd514d5087116daccb7dace5ad42ab172bfe79a2c00b7a1e9c76e46b55 - Any suggestion? Well, as mentioned, I don't have such a system. Could you do a debug build (CONFIG_DEBUG=y) and get valgrind output? echo test | valgrind ./busybox_unstripped sha3sum - Lauri -- http://www.fastmail.fm - A fast, anti-spam email service. ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
Re: [PATCH] sha3sum: New applet, v2
Well, as mentioned, I don't have such a system. Could you do a debug build (CONFIG_DEBUG=y) and get valgrind output? echo test | valgrind ./busybox_unstripped sha3sum Unfortunately, valgrind does not support this PowerPC variant (e500v2). I'll try gdb and see what I get. Here it is: (gdb) target remote 192.168.26.170:1234 Remote debugging using 192.168.26.170:1234 0x10001f9c in _start () (gdb) c Continuing. Program received signal SIGSEGV, Segmentation fault. KeccakF (state=0xbf8d1f30, in=value optimized out, laneCount=8) at libbb/hash_md5_sha.c:977 977 state[laneCount] ^= SWAP_LE64(in[laneCount]); (gdb) bt #0 KeccakF (state=0xbf8d1f30, in=value optimized out, laneCount=8) at libbb/hash_md5_sha.c:977 #1 0x10051474 in sha3_hash (state=0xbf8d1f30, data=0x10172fd0 , bytes=value optimized out) at libbb/hash_md5_sha.c:1055 #2 0x1003b544 in hash_file (filename=value optimized out) at coreutils/md5_sha1_sum.c:151 #3 0x1003b7c4 in md5_sha1_sum_main (argc=value optimized out, argv=value optimized out) at coreutils/md5_sha1_sum.c:247 Both state[8] and in[8] have to be valid at that point, there's no way from the code for them to have less size than 200 and 72 respectively. So it looks to me that the swap_le64 itself is crashing, but I'm not sure about that, it should be a GCC builtin. Alternatively, does your platform crash from unaligned access? State is 32-bit aligned currently, not 64. Can you try changing the alignment at include/libbb.h lines 1639 and 1640? - Lauri -- http://www.fastmail.fm - Choose from over 50 domains or use your own ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
Re: [PATCH] sha3sum: New applet, v2
Hi Lauri, On Sun, Jan 06, 2013 at 05:39:11PM +0200, Lauri Kasanen wrote: Well, as mentioned, I don't have such a system. Could you do a debug build (CONFIG_DEBUG=y) and get valgrind output? echo test | valgrind ./busybox_unstripped sha3sum Unfortunately, valgrind does not support this PowerPC variant (e500v2). I'll try gdb and see what I get. Here it is: (gdb) target remote 192.168.26.170:1234 Remote debugging using 192.168.26.170:1234 0x10001f9c in _start () (gdb) c Continuing. Program received signal SIGSEGV, Segmentation fault. KeccakF (state=0xbf8d1f30, in=value optimized out, laneCount=8) at libbb/hash_md5_sha.c:977 977 state[laneCount] ^= SWAP_LE64(in[laneCount]); (gdb) bt #0 KeccakF (state=0xbf8d1f30, in=value optimized out, laneCount=8) at libbb/hash_md5_sha.c:977 #1 0x10051474 in sha3_hash (state=0xbf8d1f30, data=0x10172fd0 , bytes=value optimized out) at libbb/hash_md5_sha.c:1055 #2 0x1003b544 in hash_file (filename=value optimized out) at coreutils/md5_sha1_sum.c:151 #3 0x1003b7c4 in md5_sha1_sum_main (argc=value optimized out, argv=value optimized out) at coreutils/md5_sha1_sum.c:247 Both state[8] and in[8] have to be valid at that point, there's no way from the code for them to have less size than 200 and 72 respectively. So it looks to me that the swap_le64 itself is crashing, but I'm not sure about that, it should be a GCC builtin. Alternatively, does your platform crash from unaligned access? State is 32-bit aligned currently, not 64. Can you try changing the alignment at include/libbb.h lines 1639 and 1640? Changing alignment from 32 to 64 in these lines hasn't changed the behaviour. Some more data points: The disassembly of the code surrounding the crashing instruction is as follows (crashing instruction marked with '='): (gdb) disas Dump of assembler code for function KeccakF: 0x10050b48 +0: stwur1,-160(r1) 0x10050b4c +4: mflrr0 0x10050b50 +8: stmwr15,92(r1) 0x10050b54 +12:rlwinm r28,r5,3,0,28 0x10050b58 +16:add r30,r3,r28 0x10050b5c +20:stw r0,164(r1) 0x10050b60 +24:mr r31,r3 0x10050b64 +28:mr r29,r5 0x10050b68 +32:add r28,r4,r28 0x10050b6c +36:b 0x10050b94 KeccakF+76 = 0x10050b70 +40:lwz r3,0(r28) 0x10050b74 +44:lwz r4,4(r28) 0x10050b78 +48:lwz r26,0(r30) 0x10050b7c +52:lwz r27,4(r30) 0x10050b80 +56:bl 0x1005a844 bb_bswap_64 0x10050b84 +60:xor r3,r3,r26 0x10050b88 +64:xor r4,r4,r27 0x10050b8c +68:stw r3,0(r30) 0x10050b90 +72:stw r4,4(r30) 0x10050b94 +76:addic. r29,r29,-1 0x10050b98 +80:addir30,r30,-8 0x10050b9c +84:addir28,r28,-8 0x10050ba0 +88:bge+0x10050b70 KeccakF+40 0x10050ba4 +92:lis r26,4113 0x10050ba8 +96:lis r22,4113 0x10050bac +100: addir26,r26,20832 0x10050bb0 +104: li r28,0 0x10050bb4 +108: addir30,r1,8 The content of the r28 register is: (gdb) info registers ... r280x10173010 269955088 The process' /proc/[pid]/maps file shows: 1014d000-10173000 rwxp 00:00 0 [heap] which means that we're trying to read just beyond the process allocated heap. From the disassembly code I infer that the crash happens before the call to bb_bswap_64 at address 0x10050b80. I hope this helps. baruch -- http://baruch.siach.name/blog/ ~. .~ Tk Open Systems =}ooO--U--Ooo{= - bar...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il - ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
Re: [PATCH] sha3sum: New applet, v2
The content of the r28 register is: (gdb) info registers ... r280x10173010 269955088 The process' /proc/[pid]/maps file shows: 1014d000-10173000 rwxp 00:00 0 [heap] which means that we're trying to read just beyond the process allocated heap. From the disassembly code I infer that the crash happens before the call to bb_bswap_64 at address 0x10050b80. Thanks. Can you also enable CONFIG_PESSIMIZE (disable gcc's optimization) and post the backtrace? I wonder if somehow it gets called with wrong arguments (end of string, but wrong size for example), those were optimized out in the first backtrace. - Lauri -- http://www.fastmail.fm - Send your email first class ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
Re: [PATCH] sha3sum: New applet, v2
Hi Lauri, On Sun, Jan 06, 2013 at 10:04:36PM +0200, Lauri Kasanen wrote: The content of the r28 register is: (gdb) info registers ... r280x10173010 269955088 The process' /proc/[pid]/maps file shows: 1014d000-10173000 rwxp 00:00 0 [heap] which means that we're trying to read just beyond the process allocated heap. From the disassembly code I infer that the crash happens before the call to bb_bswap_64 at address 0x10050b80. Thanks. Can you also enable CONFIG_PESSIMIZE (disable gcc's optimization) and post the backtrace? I wonder if somehow it gets called with wrong arguments (end of string, but wrong size for example), those were optimized out in the first backtrace. Disabling optimization may make the bug disappear, as the compiler doesn't use legitimate optimization opportunities. I'll try a pessimized build when I'm back at work on Tuesday. baruch -- http://baruch.siach.name/blog/ ~. .~ Tk Open Systems =}ooO--U--Ooo{= - bar...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il - ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
Re: [PATCH] sha3sum: New applet, v2
Hi Lauri, On Fri, Jan 04, 2013 at 01:02:53PM +0200, Lauri Kasanen wrote: From 84768213e7a004b9e703a1d7091bd43b34822e0c Mon Sep 17 00:00:00 2001 From: Lauri Kasanen cur...@operamail.com Date: Thu, 3 Jan 2013 21:10:01 +0200 Subject: [PATCH] sha3sum: New applet, v2 - Sorted the enum by alpha (was sorted by algorithm age) - Use normal rotate here, xor not needed - Comment cleanup - Remove *empty* comments - Unify one be/le path - Remove #define round - Move to if(BB_ENDIAN) instead of #if Testing on a big-endian system (PowerPC) I'm getting: # echo test |./busybox sha3sum Segmentation fault (core dumped) On a PC I get: $ echo test |./busybox sha3sum a5c3e353a185244f82a8de017db6022543d776f8943b457b6368c80854ecdfda1705e5dd514d5087116daccb7dace5ad42ab172bfe79a2c00b7a1e9c76e46b55 - Any suggestion? baruch Signed-off-by: Lauri Kasanen cur...@operamail.com --- coreutils/Config.src | 12 ++- coreutils/Kbuild.src |1 + coreutils/md5_sha1_sum.c | 17 include/applets.src.h|1 + include/libbb.h |7 ++ libbb/hash_md5_sha.c | 212 ++ testsuite/sha3sum.tests |3 + 7 files changed, 250 insertions(+), 3 deletions(-) create mode 100755 testsuite/sha3sum.tests diff --git a/coreutils/Config.src b/coreutils/Config.src index a28449b..0c44c4b 100644 --- a/coreutils/Config.src +++ b/coreutils/Config.src @@ -514,6 +514,12 @@ config SHA512SUM help Compute and check SHA512 message digest +config SHA3SUM + bool sha3sum + default y + help + Compute and check SHA3 (512-bit) message digest + config SLEEP bool sleep default y @@ -766,13 +772,13 @@ config FEATURE_HUMAN_READABLE help Allow df, du, and ls to have human readable output. -comment Common options for md5sum, sha1sum, sha256sum, sha512sum - depends on MD5SUM || SHA1SUM || SHA256SUM || SHA512SUM +comment Common options for md5sum, sha1sum, sha256sum, sha512sum, sha3sum + depends on MD5SUM || SHA1SUM || SHA256SUM || SHA512SUM || SHA3SUM config FEATURE_MD5_SHA1_SUM_CHECK bool Enable -c, -s and -w options default y - depends on MD5SUM || SHA1SUM || SHA256SUM || SHA512SUM + depends on MD5SUM || SHA1SUM || SHA256SUM || SHA512SUM || SHA3SUM help Enabling the -c options allows files to be checked against pre-calculated hash values. diff --git a/coreutils/Kbuild.src b/coreutils/Kbuild.src index d6453f0..b715b9c 100644 --- a/coreutils/Kbuild.src +++ b/coreutils/Kbuild.src @@ -62,6 +62,7 @@ lib-$(CONFIG_SEQ) += seq.o lib-$(CONFIG_SHA1SUM) += md5_sha1_sum.o lib-$(CONFIG_SHA256SUM) += md5_sha1_sum.o lib-$(CONFIG_SHA512SUM) += md5_sha1_sum.o +lib-$(CONFIG_SHA3SUM) += md5_sha1_sum.o lib-$(CONFIG_SLEEP) += sleep.o lib-$(CONFIG_SPLIT) += split.o lib-$(CONFIG_SORT) += sort.o diff --git a/coreutils/md5_sha1_sum.c b/coreutils/md5_sha1_sum.c index 2cb6dd4..b62e7c2 100644 --- a/coreutils/md5_sha1_sum.c +++ b/coreutils/md5_sha1_sum.c @@ -55,6 +55,16 @@ //usage: \n -s Don't output anything, status code shows success //usage: \n -w Warn about improperly formatted checksum lines //usage: ) +//usage: +//usage:#define sha3sum_trivial_usage +//usage: IF_FEATURE_MD5_SHA1_SUM_CHECK([-c[sw]] )[FILE]... +//usage:#define sha3sum_full_usage \n\n +//usage: Print IF_FEATURE_MD5_SHA1_SUM_CHECK( or check) SHA3-512 checksums +//usage: IF_FEATURE_MD5_SHA1_SUM_CHECK( \n +//usage: \n -c Check sums against list in FILEs +//usage: \n -s Don't output anything, status code shows success +//usage: \n -w Warn about improperly formatted checksum lines +//usage: ) #include libbb.h @@ -65,6 +75,7 @@ enum { HASH_MD5 = 's', /* md5sum */ HASH_SHA1 = '1', HASH_SHA256 = '2', + HASH_SHA3 = '3', HASH_SHA512 = '5', }; @@ -86,6 +97,7 @@ static uint8_t *hash_file(const char *filename) { int src_fd, hash_len, count; union _ctx_ { + sha3_ctx_t sha3; sha512_ctx_t sha512; sha256_ctx_t sha256; sha1_ctx_t sha1; @@ -124,6 +136,11 @@ static uint8_t *hash_file(const char *filename) update = (void*)sha512_hash; final = (void*)sha512_end; hash_len = 64; + } else if (ENABLE_SHA3SUM hash_algo == HASH_SHA3) { + sha3_begin(context.sha3); + update = (void*)sha3_hash; + final = (void*)sha3_end; + hash_len = 64; } else { xfunc_die(); /* can't reach this */ } diff --git a/include/applets.src.h b/include/applets.src.h index 597b1c9..29ab167 100644 --- a/include/applets.src.h +++ b/include/applets.src.h @@ -328,6 +328,7 @@ IF_SETSEBOOL(APPLET(setsebool, BB_DIR_USR_SBIN
[PATCH] sha3sum: New applet, v2
Hi v2: - Sorted the enum by alpha (was sorted by algorithm age) - Use normal rotate here, xor not needed - Comment cleanup - Remove *empty* comments - Unify one be/le path - Remove #define round - Move to if(BB_ENDIAN) instead of #if - Lauri PS: There were existing #if blocks in the same file, just above in the md5 code. The requirement felt kinda weird with those there... -- http://www.fastmail.fm - Same, same, but different... From 84768213e7a004b9e703a1d7091bd43b34822e0c Mon Sep 17 00:00:00 2001 From: Lauri Kasanen cur...@operamail.com Date: Thu, 3 Jan 2013 21:10:01 +0200 Subject: [PATCH] sha3sum: New applet, v2 - Sorted the enum by alpha (was sorted by algorithm age) - Use normal rotate here, xor not needed - Comment cleanup - Remove *empty* comments - Unify one be/le path - Remove #define round - Move to if(BB_ENDIAN) instead of #if Signed-off-by: Lauri Kasanen cur...@operamail.com --- coreutils/Config.src | 12 ++- coreutils/Kbuild.src |1 + coreutils/md5_sha1_sum.c | 17 include/applets.src.h|1 + include/libbb.h |7 ++ libbb/hash_md5_sha.c | 212 ++ testsuite/sha3sum.tests |3 + 7 files changed, 250 insertions(+), 3 deletions(-) create mode 100755 testsuite/sha3sum.tests diff --git a/coreutils/Config.src b/coreutils/Config.src index a28449b..0c44c4b 100644 --- a/coreutils/Config.src +++ b/coreutils/Config.src @@ -514,6 +514,12 @@ config SHA512SUM help Compute and check SHA512 message digest +config SHA3SUM + bool sha3sum + default y + help + Compute and check SHA3 (512-bit) message digest + config SLEEP bool sleep default y @@ -766,13 +772,13 @@ config FEATURE_HUMAN_READABLE help Allow df, du, and ls to have human readable output. -comment Common options for md5sum, sha1sum, sha256sum, sha512sum - depends on MD5SUM || SHA1SUM || SHA256SUM || SHA512SUM +comment Common options for md5sum, sha1sum, sha256sum, sha512sum, sha3sum + depends on MD5SUM || SHA1SUM || SHA256SUM || SHA512SUM || SHA3SUM config FEATURE_MD5_SHA1_SUM_CHECK bool Enable -c, -s and -w options default y - depends on MD5SUM || SHA1SUM || SHA256SUM || SHA512SUM + depends on MD5SUM || SHA1SUM || SHA256SUM || SHA512SUM || SHA3SUM help Enabling the -c options allows files to be checked against pre-calculated hash values. diff --git a/coreutils/Kbuild.src b/coreutils/Kbuild.src index d6453f0..b715b9c 100644 --- a/coreutils/Kbuild.src +++ b/coreutils/Kbuild.src @@ -62,6 +62,7 @@ lib-$(CONFIG_SEQ) += seq.o lib-$(CONFIG_SHA1SUM) += md5_sha1_sum.o lib-$(CONFIG_SHA256SUM) += md5_sha1_sum.o lib-$(CONFIG_SHA512SUM) += md5_sha1_sum.o +lib-$(CONFIG_SHA3SUM) += md5_sha1_sum.o lib-$(CONFIG_SLEEP) += sleep.o lib-$(CONFIG_SPLIT) += split.o lib-$(CONFIG_SORT) += sort.o diff --git a/coreutils/md5_sha1_sum.c b/coreutils/md5_sha1_sum.c index 2cb6dd4..b62e7c2 100644 --- a/coreutils/md5_sha1_sum.c +++ b/coreutils/md5_sha1_sum.c @@ -55,6 +55,16 @@ //usage: \n -s Don't output anything, status code shows success //usage: \n -w Warn about improperly formatted checksum lines //usage: ) +//usage: +//usage:#define sha3sum_trivial_usage +//usage: IF_FEATURE_MD5_SHA1_SUM_CHECK([-c[sw]] )[FILE]... +//usage:#define sha3sum_full_usage \n\n +//usage: Print IF_FEATURE_MD5_SHA1_SUM_CHECK( or check) SHA3-512 checksums +//usage: IF_FEATURE_MD5_SHA1_SUM_CHECK( \n +//usage: \n -c Check sums against list in FILEs +//usage: \n -s Don't output anything, status code shows success +//usage: \n -w Warn about improperly formatted checksum lines +//usage: ) #include libbb.h @@ -65,6 +75,7 @@ enum { HASH_MD5 = 's', /* md5sum */ HASH_SHA1 = '1', HASH_SHA256 = '2', + HASH_SHA3 = '3', HASH_SHA512 = '5', }; @@ -86,6 +97,7 @@ static uint8_t *hash_file(const char *filename) { int src_fd, hash_len, count; union _ctx_ { + sha3_ctx_t sha3; sha512_ctx_t sha512; sha256_ctx_t sha256; sha1_ctx_t sha1; @@ -124,6 +136,11 @@ static uint8_t *hash_file(const char *filename) update = (void*)sha512_hash; final = (void*)sha512_end; hash_len = 64; + } else if (ENABLE_SHA3SUM hash_algo == HASH_SHA3) { + sha3_begin(context.sha3); + update = (void*)sha3_hash; + final = (void*)sha3_end; + hash_len = 64; } else { xfunc_die(); /* can't reach this */ } diff --git a/include/applets.src.h b/include/applets.src.h index 597b1c9..29ab167 100644 --- a/include/applets.src.h +++ b/include/applets.src.h @@ -328,6 +328,7 @@ IF_SETSEBOOL(APPLET(setsebool, BB_DIR_USR_SBIN, BB_SUID_DROP)) IF_SETSID(APPLET(setsid, BB_DIR_USR_BIN, BB_SUID_DROP)) IF_SETUIDGID(APPLET_ODDNAME(setuidgid, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, setuidgid)) IF_SHA1SUM(APPLET_NOEXEC(sha1sum, md5_sha1_sum, BB_DIR_USR_BIN, BB_SUID_DROP, sha1sum)) +IF_SHA3SUM(APPLET_NOEXEC(sha3sum, md5_sha1_sum, BB_DIR_USR_BIN, BB_SUID_DROP, sha3sum)) IF_SHA256SUM(APPLET_NOEXEC(sha256sum, md5_sha1_sum, BB_DIR_USR_BIN
Re: [PATCH] sha3sum: New applet, v2
On Friday 04 January 2013 06:02:53 Lauri Kasanen wrote: v2: - Sorted the enum by alpha (was sorted by algorithm age) - Use normal rotate here, xor not needed - Comment cleanup - Remove *empty* comments - Unify one be/le path - Remove #define round - Move to if(BB_ENDIAN) instead of #if looks ok to me. i'll let it sit a while to see if anyone has any feedback first. PS: There were existing #if blocks in the same file, just above in the md5 code. The requirement felt kinda weird with those there... at least the BB_ENDIAN ones should get fixed. the MD5_SMALL one isn't easy to make work (see how it gets used in the middle of var decls). -mike signature.asc Description: This is a digitally signed message part. ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
Re: [PATCH] sha3sum: New applet
On Thursday 03 January 2013 15:04:54 Lauri Kasanen wrote: From bbe1511447d6e120770d9d72e717cc18986535e5 Mon Sep 17 00:00:00 2001 From: Lauri Kasanen cur...@operamail.com Date: Thu, 3 Jan 2013 21:10:01 +0200 Subject: [PATCH] sha3sum: New applet can't you `git send-email` ? attaching patches encoded in base64 makes it a pain to review. --- a/coreutils/md5_sha1_sum.c +++ b/coreutils/md5_sha1_sum.c HASH_SHA1 = '1', HASH_SHA256 = '2', HASH_SHA512 = '5', + HASH_SHA3 = '3', }; keep sorted +/* +The Keccak sponge function, designed by Guido Bertoni, Joan Daemen, +Michael Peeters and Gilles Van Assche. For more information, feedback or +questions, please refer to our website: http://keccak.noekeon.org/ please clean up the comment block /* this is a comment * block blah blah */ +#if BB_LITTLE_ENDIAN + while (--laneCount = 0) { + state[laneCount] ^= in[laneCount]; + } we do not want #if blocks if possible. use: if (BB_LITTLE_ENDIAN) { ... } else { ... } + while (--laneCount = 0) { + for (x = 0; x sizeof(uint64_t); ++x) { + temp = 8; + temp |= ((char *)in[laneCount])[x]; + } + state[laneCount] = temp; can't you merge these two code paths: while (--laneCount = 0) { state[laneCount] ^= SWAP_LE64(in[laneCount]); seems like you do an xor in the LE case but not the BE case ? i'm guessing that's a bug. +#define round laneCount why ? why not adjust the code or the local variables instead ? + for ( /* empty */ ; (databitlen = 8) (state-bitsInQueue != 0); + for ( /* */ ; databitlen = cKeccakR; + for ( /* empty */ ; databitlen = 8; i would just delete those first /* */ comments. they should at least be consistent if you really want to keep them. + // Padding we use /**/ comments, not // +#if BB_LITTLE_ENDIAN + memcpy(hashval, state-state, hashbytelen); +#else + for (offset = 0; offset hashbytelen; offset += sizeof(uint64_t)) { + uint8_t j; + + for (j = 0; j sizeof(uint64_t); ++j) { + hashval[offset + j] = + state-state[offset + (sizeof(uint64_t) - 1) - j]; + } + } +#endif same comment here about if (BB_LITTLE_ENDIAN) vs #if BB_LITTLE_ENDIAN) -mike signature.asc Description: This is a digitally signed message part. ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
Re: [PATCH] sha3sum: New applet
Hi can't you `git send-email` ? attaching patches encoded in base64 makes it a pain to review. Sorry, not at the moment, no usable SMTP server to do that with. seems like you do an xor in the LE case but not the BE case ? i'm guessing that's a bug. I don't have anything big-endian to test with. Should I put in a #warning/#error that BE is untested, or? +#defineround laneCount why ? why not adjust the code or the local variables instead ? It was that way in the original code. Will change. Will fix the other parts. Thanks for the fast review, this must be the fastest reply I've ever gotten on the list ;) - Lauri PS: Resending, because forgot to include the list. -- http://www.fastmail.fm - The way an email service should be ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
Re: [PATCH] sha3sum: New applet
On Thursday 03 January 2013 18:30:54 Lauri Kasanen wrote: seems like you do an xor in the LE case but not the BE case ? i'm guessing that's a bug. I don't have anything big-endian to test with. Should I put in a #warning/#error that BE is untested, or? just do what you think is correct and we'll wait for someone to complain -mike signature.asc Description: This is a digitally signed message part. ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox