An illegal instruction would occur due to a bug in the way input
slices were rounded down in size to a multiple of the rate for a
given hash type. This would only occur when the Write function
was called with more than ~3KiB of data and the length of the data
was not a multiple of the rate.
Fixesgolang/go#36459.
Change-Id: I621ef8d75602bcd59bb44491e17f721050001e6d
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/213857
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Michael Munday <mike.munday@ibm.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Even on platforms that allow unaligned reads, the Go runtime assumes
that a pointer to a given type has the alignment required by that
type.
Fixesgolang/go#35173
Updates golang/go#34972
Updates golang/go#34964
Change-Id: I90361e096e59162e42ebde2914985af92f777ece
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/203837
Run-TryBot: Bryan C. Mills <bcmills@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Add a space before build tag comments so it corresponds to the format
documented at https://golang.org/pkg/go/build/.
Change-Id: Ic29df4660a0968f58f721ec61943c0b277d4aaad
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/193777
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Clone() made a copy of the Keccak state after invoking clone(), which is not
supported, since the "buf" slice in the Keccak state must point to the "storage"
array, and if the state is copied directly it will keep pointing to the storage
returned by clone().
Fix it by embedding a pointer to the Keccak state instead of the state itself.
Change-Id: I7d392963ec65d784a360f6c12a7935a9a9a788b5
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/173018
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
This patch implements 128- and 256-bit version of customizable variant
of SHAKE function (cSHAKE).
* Implementation based on NIST FIPS 202
* Test data file has been updated with cSHAKE KATs. I've copied
examples from NIST document available here:
https://csrc.nist.gov/csrc/media/projects/cryptographic-standards-and
-guidelines/documents/examples/cshake_samples.pdf
Fixes#25395
Change-Id: Icbbc4232f3d9a28b3d6ead51937c2e60c00e5d8c
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/111281
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Use the recently added CPU feature detection API rather than custom
assembly.
While we are here also make vet happy by renaming params in the asm
file to chain to match the go function declaration.
Change-Id: Ide0171793c9fa5ef6671b394e97a27f2c6e44a9f
Reviewed-on: https://go-review.googlesource.com/c/164381
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Keccak uses a different domain separation byte as the NIST-
standardized SHA-3 hashing function. A previous commit to
this package added support for Keccak-256, but did not do
so for Keccak-512. The reasoning was to support use cases
like Ethereum, however Ethereum also uses Keccak-512 for
the Ethash PoW, so this second method is also needed.
Prev CL: https://go-review.googlesource.com/c/crypto/+/106462Fixesgolang/go#29533
Change-Id: I9d92b1f121657f631c157e5e309771db1cd91c82
Reviewed-on: https://go-review.googlesource.com/c/125795
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Changes function name from "testUnalignedWrites" to "TestUnalignedWrites"
which makes "go test" actually run this test.
Change-Id: Ie46f11ee1fd5c8780d5704d2fabe6ddb229262f9
Reviewed-on: https://go-review.googlesource.com/111282
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Per the description, the "-s" file issues slight simplifications to
the source code.
Change-Id: I77395d763f5eafb48653902dcedfa56b150b2d67
Reviewed-on: https://go-review.googlesource.com/80138
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
keccakF1600 manually subtracts 200 from SP, but the generated prologue
already does this and the extra subtraction just means keccakF1600 is
defeating the stack growth check.
Remove the unnecessary SP adjustment.
Change-Id: I9450f6b12489bcd20e9ace30f9dd3066025d3a1a
Reviewed-on: https://go-review.googlesource.com/31653
Run-TryBot: Austin Clements <austin@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
NIST published a Keccak Code Package following the SHA-3 workshop
organized in 2014, containing optimized versions of various Keccak
functions for various architectures. This CL converts the GNU asm
code of the Keccak permutation for the x86_64 architecture into Go
assembly.
The code here is almost an identical copy of KeccakF1600_StatePermute,
with the only modification of converting the input state into the
implementation's internal representation and vice versa before return.
This keeps the algorithm an in-place version and avoids requiring
extra external state inits and data XORs before and after the permute.
The speed difference is:
benchmark old ns/op new ns/op delta
BenchmarkPermutationFunction-8 476 411 -13.66%
BenchmarkSha3_512_MTU-8 9910 8681 -12.40%
BenchmarkSha3_384_MTU-8 7124 6249 -12.28%
BenchmarkSha3_256_MTU-8 5666 4986 -12.00%
BenchmarkSha3_224_MTU-8 5401 4750 -12.05%
BenchmarkShake128_MTU-8 4614 3980 -13.74%
BenchmarkShake256_MTU-8 4935 4295 -12.97%
BenchmarkShake256_16x-8 71850 63798 -11.21%
BenchmarkShake256_1MiB-8 3784244 3285733 -13.17%
BenchmarkSha3_512_1MiB-8 7098875 6163359 -13.18%
benchmark old MB/s new MB/s speedup
BenchmarkPermutationFunction-8 420.11 486.35 1.16x
BenchmarkSha3_512_MTU-8 136.22 155.51 1.14x
BenchmarkSha3_384_MTU-8 189.49 216.03 1.14x
BenchmarkSha3_256_MTU-8 238.23 270.71 1.14x
BenchmarkSha3_224_MTU-8 249.91 284.19 1.14x
BenchmarkShake128_MTU-8 292.58 339.15 1.16x
BenchmarkShake256_MTU-8 273.53 314.28 1.15x
BenchmarkShake256_16x-8 228.03 256.81 1.13x
BenchmarkShake256_1MiB-8 277.09 319.13 1.15x
BenchmarkSha3_512_1MiB-8 147.71 170.13 1.15x
For further details, please see:
- http://csrc.nist.gov/groups/ST/hash/sha-3/Aug2014/documents/vanassche_keccak_code.pdf
- https://github.com/gvanas/KeccakCodePackage
Change-Id: I5b0b9395bba7d8c9acfe2b9c79f6e9c2cf858c7c
Reviewed-on: https://go-review.googlesource.com/17962
Reviewed-by: Adam Langley <agl@golang.org>
The typos were found by misspell tool.
Change-Id: I120740f12f7ba48330749ebf84050a7b98e01016
Reviewed-on: https://go-review.googlesource.com/24725
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
A previous fix to improve performance based on alignment
to sha3 was made in both ppc64le and ppc64, when it should
have only applied to ppc64le. This changes the build tags
so it is only done for ppc64le.
Fixesgolang/go#15392
Change-Id: Idf32a0370f3c76fc2b54a2897a668acbae5d43c5
Reviewed-on: https://go-review.googlesource.com/22323
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Change the location of the KAT data for consistency with
other packages.
Change-Id: Ica10ad7d1730603f957fb413e28fe771b3c323bc
Reviewed-on: https://go-review.googlesource.com/3267
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Speedup of about 1.4x on x64. Added benchmarks that use the
ShakeHash interface, which doesn't require copying the state.
Unaligned or generic xorIn and copyOut functions chosen via
buildline, but both are tested.
Substantial contributions from Eric Eisner.
See golang.org/cl/151630044 for the previous CR.
(There are also some minor edits/additions to the documentation.)
Change-Id: I9500c25682457c82487512b9b8c66df7d75bff5d
Reviewed-on: https://go-review.googlesource.com/2132
Reviewed-by: Adam Langley <agl@golang.org>
1. API:
This exposes a minimal API: the SHA-3 functions implement hash.Hash. The
SHAKE functions implement a new "ShakeHash" interface that implements
io.Reader, io.Writer, and Reset().
(The previous Barrier() function has been removed.)
(Alternative proposal: Don't implement io.Reader, but instead provide a
"Digest(d []byte) error" function that performs a hash.Hash style copy.
Somewhat more minimal, but very easy to use incorrectly.)
2. Tests
Added the complete set of ShortMsgKATs from
https://github.com/gvanas/KeccakCodePackage
3. Correctness
In sync with draft FIPS-202.
4. Documentation
A summary of the security properties of the SHA-3 and SHAKE functions is
provided in doc.go; some concrete recommendations as well.
Fixes 8563.
R=golang-codereviews, agl
CC=golang-codereviews
https://golang.org/cl/130950043
Taken from my implementation: https://bitbucket.org/ede/sha3
Performance gain from using less memory and more registers.
benchmark old ns/op new ns/op delta
BenchmarkPermutationFunction 1484 1118 -24.66%
BenchmarkBulkKeccak512 374993 295178 -21.28%
BenchmarkBulkKeccak256 215496 172335 -20.03%
benchmark old MB/s new MB/s speedup
BenchmarkPermutationFunction 134.76 178.80 1.33x
BenchmarkBulkKeccak512 43.69 55.51 1.27x
BenchmarkBulkKeccak256 76.03 95.07 1.25x
R=jcb, agl
CC=golang-dev, nigeltao
https://golang.org/cl/8088044
time); delete some comments that didn't add much and were incorrect
anyway (the test specification was tc, not t).
R=jcb
CC=agl, golang-dev
https://golang.org/cl/7665045
Added a pure Go implementation of SHA3 (Keccak) which implements the hash.Hash interface.
A test file is included with performance benchmarks and standard test vectors.
R=agl, nigeltao
CC=golang-dev
https://golang.org/cl/7760044
Michael Munday
Bryan C. Mills
Tobias Klauser
Conrado P. L. Gouvea
Kris Kwiatkowski
Péter Szilágyi
Igor Zhilianin
Leon Klingele
Kyle Spiers
Kevin Burke
sbuss
Austin Clements
Martin Hamrle
Lynn Boger
Glenn Brown
David Leon Gil
David Symonds
Ian Lance Taylor
Eric Roshan-Eisner
Adam Langley
Nigel Tao
Joseph Bonneau