SHA-3 support #5820
SHA-3 support #5820
Conversation
Signed-off-by: Pol Henarejos <[email protected]>
Signed-off-by: Pol Henarejos <[email protected]>
tom-cosgrove-arm
added
enhancement
needs-review
tom-cosgrove-arm
added
priority-scheduled
Signed-off-by: Pol Henarejos <[email protected]>
|
For reference, there was some earlier work in this area: #1549 (a continuation of #479). We're closing the previous PRs and keeping this one as it's fresh and active while the previous one now has numerous conflicts, but the previous PR can be used as a comparison point. In particular, #1549 did some work on tests, so we should make the the coverage in this PR is at least as good, and if not, import relevant tests from the previous PR to complete coverage. |
|
Added SHA3 to MD to support HMAC with SHA3. Also added tests (for test suite) from #1549 but no self-tests yet. Are self-tests necessary despite of test suite? Seems test suites are more complete. |
|
@polhenarejos wrote:
Some types of compliance will require self tests (e.g. FIPS-140 and friends), which require confirmation of the code actually running in the environment (this is supposed to help detect modified code and similar). It can be useful to be able to run a quick test at run time to make sure the operations are as expected. |
There was a problem hiding this comment.
In addition, a few of the newer commits have a fairly long first line (git convention is to have a <70 character summary line, a blank line, and then a longer description). This makes commands like 'git shortlog' and 'git log --oneline' more useful. For the "olen parameter shall..." commit, perhaps a description line that is something like "sha3: Fix olen parameter handling", a blank line, and then the existing text refilled to 75 columns or so.
For "olen = 0 is not allowed" just put a blank line after that line
For "Fix when reusing..." probably put the blank line before the value in parens, remove the parens, and make that a complete sentence.
"Fix travis build" could probably use a better description, since the issue being fixed is actually a bit more than just for travis. The enum values shouldn't be conditionalized, which happens to let Travis work.
library/sha3.c
Outdated
| break; | ||
| } | ||
|
|
||
| if( p == NULL || p->id == MBEDTLS_SHA3_NONE ) |
There was a problem hiding this comment.
Is there any reason to still have the p == NULL check? It is always assigned above?
There was a problem hiding this comment.
Not really. It is a paranoid check I usually do before -> operator.
There was a problem hiding this comment.
Sorry, just happened to see this, and wanted to point out some static analysis tools like Coverity will very likely warn about this. Not only cannot p be NULL (because it points to a global variable), but also it is dereferenced before the check. So even as a "just in case", this would do more harm than good.
There was a problem hiding this comment.
Sounds logic. I pushed a change.
Signed-off-by: Pol Henarejos <[email protected]>
Signed-off-by: Pol Henarejos <[email protected]>
Co-authored-by: Gilles Peskine <[email protected]> Signed-off-by: Pol Henarejos <[email protected]>
polhenarejos
force-pushed
the
sha3
branch
2 times, most recently
from
45003eb to
39fb1d5
Compare
Signed-off-by: Pol Henarejos <[email protected]>
Signed-off-by: Pol Henarejos <[email protected]>
Signed-off-by: Pol Henarejos <[email protected]>
Signed-off-by: Pol Henarejos <[email protected]>
Signed-off-by: Pol Henarejos <[email protected]>
Signed-off-by: Pol Henarejos <[email protected]>
Signed-off-by: Pol Henarejos <[email protected]>
Signed-off-by: Pol Henarejos <[email protected]>
There was a problem hiding this comment.
Mostly LGTM - most of my comments are pretty minor.
Testing for bad arguments, and tidying up the public interface are the main ones IMO.
I had some time to kill on the plane when I reviewed this so also did some performance optimisation. I'll push that in a separate PR as soon as this gets merged so as not to hold this one up.
| @@ -0,0 +1,3 @@ | |||
| Features | |||
| * Add SHA3 family hash functions. | |||
There was a problem hiding this comment.
Minor: please be specific about which variants have been added. Please write SHA3 as SHA-3 (lots of instances of this).
| int mbedtls_sha3_starts(mbedtls_sha3_context *ctx, mbedtls_sha3_id id) | ||
| { | ||
| mbedtls_sha3_family_functions *p = NULL; | ||
| if (ctx == NULL) { |
There was a problem hiding this comment.
I agree with @d3zd3z - we have quite a lot of NULL checks here that aren't needed. I suggest being consistent with the level of null checking in the other hash implementations.
| /** | ||
| * \brief Checkup routine for the algorithms implemented | ||
| * by this module: SHA3-224, SHA3-256, SHA3-384, SHA3-512, | ||
| * SHAKE128, SHAKE256, cSHAKE128 and cSHAKE256. |
There was a problem hiding this comment.
Since this doesn't implement SHAKE please update this.
| return MBEDTLS_ERR_SHA3_BAD_INPUT_DATA; | ||
| } | ||
|
|
||
| if (ilen == 0 || input == NULL) { |
There was a problem hiding this comment.
The check for ilen == 0 can be removed, it's covered by the while condition
| { | ||
| uint64_t lane[5]; | ||
| uint64_t *s = ctx->state; | ||
| int i; |
There was a problem hiding this comment.
Nit: normally I'd prefer to just initialise this in the for loop where it's used.
| * | ||
| * The structure is used SHA-3 checksum calculations. | ||
| */ | ||
| typedef struct mbedtls_sha3_context { |
There was a problem hiding this comment.
| typedef struct mbedtls_sha3_context { | |
| typedef struct { |
Can simplify this a little I think
| @@ -148,3 +149,142 @@ void sha512_selftest() | |||
| TEST_EQUAL(mbedtls_sha512_self_test(1), 0); | |||
| } | |||
| /* END_CASE */ | |||
|
|
|||
There was a problem hiding this comment.
Testing mostly looks good, but we don't have any tests for bad arguments - e.g., passing an invalid hash id, or olen too short.
|
|
||
| uint16_t r; | ||
| uint16_t olen; | ||
| uint8_t xor_byte; |
There was a problem hiding this comment.
I suggest removing xor_byte and simply using a #define in sha3.c, since this is the same for all implemented algorithms.
|
|
||
| uint16_t r; | ||
| uint16_t olen; | ||
| uint8_t xor_byte; |
There was a problem hiding this comment.
I suggest removing xor_byte (replace with a #define in sha3.c), id (it's not used after init), and r (not used after init).
There was a problem hiding this comment.
I put xor_byte as a variable thinking on SHAKE, CSHAKE and KMAC, which all use different xor_byte. Another approach can be a lookup table based on id.
| * The structure is used SHA-3 checksum calculations. | ||
| */ | ||
| typedef struct mbedtls_sha3_context { | ||
| uint64_t state[25]; |
There was a problem hiding this comment.
Everything in this struct should use MBEDTLS_PRIVATE
There was a problem hiding this comment.
Mostly LGTM - most of my comments are pretty minor.
Testing for bad arguments, and tidying up the public interface are the main ones IMO.
I had some time to kill on the plane when I reviewed this so also did some performance optimisation. I'll push that in a separate PR as soon as this gets merged so as not to hold this one up.
daverodgman
added
needs-work
historical-reviewed
|
Merged via #7708 |
Description
It adds support for SHA-3 with 224, 256, 384 and 512.
Splitted from #5800.
Status
READY
Requires Backporting
NO
Migrations
NO
Additional comments
Any additional information that could be of interest
Todos