add SHA3_224

src/Makefile.am

@@ -17,7 +17,9 @@ libvmod_blobdigest_la_SOURCES = \
 	sha256.h \
 	sha256.c \
 	sha512.h \
-	sha512.c
+	sha512.c \
+	sha3.h \
+	sha3.c
 
 nodist_libvmod_blobdigest_la_SOURCES = \
 	vcc_if.c \

src/gen_enum_parse.pl

@@ -10,6 +10,7 @@ my @vals = (qw(
 	SHA256
 	SHA384
 	SHA512
+	SHA3_224
 ));
 
 sub assert {

src/sha3.h

+/* sha3.h */
+#ifndef RHASH_SHA3_H
+#define RHASH_SHA3_H
+
+#include <stdint.h>
+#include <unistd.h>
+
+#define sha3_224_hash_size  28
+#define sha3_256_hash_size  32
+#define sha3_384_hash_size  48
+#define sha3_512_hash_size  64
+#define sha3_max_permutation_size 25
+#define sha3_max_rate_in_qwords 24
+
+/**
+ * SHA3 Algorithm context.
+ */
+typedef struct sha3_ctx
+{
+	/* 1600 bits algorithm hashing state */
+	uint64_t hash[sha3_max_permutation_size];
+	/* 1536-bit buffer for leftovers */
+	uint64_t message[sha3_max_rate_in_qwords];
+	/* count of bytes in the message[] buffer */
+	unsigned rest;
+	/* size of a message block processed at once */
+	unsigned block_size;
+} sha3_ctx;
+
+/* methods for calculating the hash function */
+
+void rhash_sha3_224_init(sha3_ctx *ctx);
+void rhash_sha3_256_init(sha3_ctx *ctx);
+void rhash_sha3_384_init(sha3_ctx *ctx);
+void rhash_sha3_512_init(sha3_ctx *ctx);
+void rhash_sha3_update(sha3_ctx *ctx, const unsigned char* msg, size_t size);
+void rhash_sha3_final(sha3_ctx *ctx, unsigned char* result);
+
+#ifdef USE_KECCAK
+#define rhash_keccak_224_init rhash_sha3_224_init
+#define rhash_keccak_256_init rhash_sha3_256_init
+#define rhash_keccak_384_init rhash_sha3_384_init
+#define rhash_keccak_512_init rhash_sha3_512_init
+#define rhash_keccak_update rhash_sha3_update
+void rhash_keccak_final(sha3_ctx *ctx, unsigned char* result);
+#endif
+
+#endif /* RHASH_SHA3_H */

src/tests/sha3-224.vtc

+# looks like -*- vcl -*-
+
+varnishtest "SHA3_224 hash"
+
+# VMOD blobcode must be installed
+
+varnish v1 -vcl {
+	import blobdigest from "${vmod_topbuild}/src/.libs/libvmod_blobdigest.so";
+	import blobcode;
+	backend b { .host = "${bad_ip}"; }
+
+	sub vcl_init {
+		# http://wolfgang-ehrhardt.de/hmac-sha3-testvectors.html
+		new k1 = blobcode.blob(HEX,
+		                    "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
+		new ehrhardt1 = blobdigest.hmac(SHA3_224, k1.get());
+
+		new k2 = blobcode.blob(IDENTITY, "Jefe");
+		new ehrhardt2 = blobdigest.hmac(SHA3_224, k2.get());
+
+		new k3 = blobcode.blob(HEX,
+		                    "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
+		new ehrhardt3 = blobdigest.hmac(SHA3_224, k3.get());
+
+		new k4 = blobcode.blob(HEX,
+		          "0102030405060708090a0b0c0d0e0f10111213141516171819");
+		new ehrhardt4 = blobdigest.hmac(SHA3_224, k4.get());
+
+		new k5 = blobcode.blob(HEX,
+		                    "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c");
+		new ehrhardt5 = blobdigest.hmac(SHA3_224, k5.get());
+
+		new k6 = blobcode.blob(HEX,
+"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
+		new ehrhardt6 = blobdigest.hmac(SHA3_224, k6.get());
+
+		new k7 = blobcode.blob(HEX,
+"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
+		new ehrhardt7 = blobdigest.hmac(SHA3_224, k7.get());
+	}
+
+	sub vcl_recv {
+		return(synth(200));
+	}
+
+	sub vcl_synth {
+		set resp.http.empty
+		  = blobcode.encode(HEXUC, blobdigest.hash(SHA3_224,
+		                    blobcode.decode(IDENTITY, "")));
+
+		set resp.http.a
+		  = blobcode.encode(HEXUC, blobdigest.hash(SHA3_224,
+		                    blobcode.decode(IDENTITY, "a")));
+
+		set resp.http.abc
+		  = blobcode.encode(HEXUC, blobdigest.hash(SHA3_224,
+		                    blobcode.decode(IDENTITY, "abc")));
+
+		set resp.http.msgdigest
+		  = blobcode.encode(HEXUC, blobdigest.hash(SHA3_224,
+		                    blobcode.decode(IDENTITY,
+		                                    "message digest")));
+
+		set resp.http.alphalc
+		  = blobcode.encode(HEXUC, blobdigest.hash(SHA3_224,
+		                    blobcode.decode(IDENTITY,
+				    "abcdefghijklmnopqrstuvwxyz")));
+
+		set resp.http.alphasoup
+		  = blobcode.encode(HEXLC, blobdigest.hash(SHA3_224,
+		                    blobcode.decode(IDENTITY,
+		"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq")));
+
+		set resp.http.alphanum
+		  = blobcode.encode(HEXUC, blobdigest.hash(SHA3_224,
+		                    blobcode.decode(IDENTITY,
+	    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789")));
+
+		set resp.http.digits
+		  = blobcode.encode(HEXUC, blobdigest.hash(SHA3_224,
+		                    blobcode.decode(IDENTITY,
+"12345678901234567890123456789012345678901234567890123456789012345678901234567890")));
+
+		set resp.http.pangram
+		  = blobcode.encode(HEXUC, blobdigest.hash(SHA3_224,
+		                    blobcode.decode(IDENTITY,
+			"The quick brown fox jumps over the lazy dog")));
+
+		# all 256 byte values in ascending, big-endian order
+		set resp.http.allbytes
+		  = blobcode.encode(HEXLC, blobdigest.hash(SHA3_224,
+		                    blobcode.decode(BASE64,
+"AQACAQMCBAMFBAYFBwYIBwkICgkLCgwLDQwODQ8OEA8REBIRExIUExUUFhUXFhgXGRgaGRsaHBsdHB4dHx4gHyEgIiEjIiQjJSQmJScmKCcpKCopKyosKy0sLi0vLjAvMTAyMTMyNDM1NDY1NzY4Nzk4Ojk7Ojw7PTw+PT8+QD9BQEJBQ0JEQ0VERkVHRkhHSUhKSUtKTEtNTE5NT05QT1FQUlFTUlRTVVRWVVdWWFdZWFpZW1pcW11cXl1fXmBfYWBiYWNiZGNlZGZlZ2ZoZ2loamlramxrbWxubW9ucG9xcHJxc3J0c3V0dnV3dnh3eXh6eXt6fHt9fH59f36Afw==")));
+
+		set resp.http.ehrhardt1 = blobcode.encode(HEXLC,
+		         ehrhardt1.hmac(blobcode.decode(IDENTITY, "Hi There")));
+
+		set resp.http.ehrhardt2
+		  = blobcode.encode(HEXLC,
+		                    ehrhardt2.hmac(blobcode.decode(IDENTITY,
+				    "what do ya want for nothing?")));
+
+		set resp.http.ehrhardt3
+		  = blobcode.encode(HEXLC,
+		                    ehrhardt3.hmac(blobcode.decode(HEX,
+"dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd")));
+
+		set resp.http.ehrhardt4
+		  = blobcode.encode(HEXLC,
+		                    ehrhardt4.hmac(blobcode.decode(HEX,
+"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd")));
+
+		set resp.http.ehrhardt5
+		  = blobcode.encode(HEXLC,
+		                    ehrhardt5.hmac(blobcode.decode(IDENTITY,
+				                      "Test With Truncation")));
+
+		set resp.http.ehrhardt6
+		  = blobcode.encode(HEXLC,
+		                    ehrhardt6.hmac(blobcode.decode(IDENTITY,
+		    "Test Using Larger Than Block-Size Key - Hash Key First")));
+
+		set resp.http.ehrhardt7
+		  = blobcode.encode(HEXLC,
+		                    ehrhardt6.hmac(blobcode.decode(IDENTITY,
+"This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.")));
+
+		set resp.http.ehrhardt6a
+		  = blobcode.encode(HEXLC,
+		                    ehrhardt7.hmac(blobcode.decode(IDENTITY,
+		    "Test Using Larger Than Block-Size Key - Hash Key First")));
+
+		set resp.http.ehrhardt7a
+		  = blobcode.encode(HEXLC,
+		                    ehrhardt7.hmac(blobcode.decode(IDENTITY,
+"This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.")));
+
+    	}
+} -start
+
+client c1 {
+	txreq
+	rxresp
+	expect resp.status == 200
+
+	# from librhash
+	expect resp.http.empty == "6B4E03423667DBB73B6E15454F0EB1ABD4597F9A1B078E3F5B5A6BC7"
+	expect resp.http.a == "9E86FF69557CA95F405F081269685B38E3A819B309EE942F482B6A8B"
+	expect resp.http.abc == "E642824C3F8CF24AD09234EE7D3C766FC9A3A5168D0C94AD73B46FDF"
+	expect resp.http.msgdigest == "18768BB4C48EB7FC88E5DDB17EFCF2964ABD7798A39D86A4B4A1E4C8"
+	expect resp.http.alphalc == "5CDECA81E123F87CAD96B9CBA999F16F6D41549608D4E0F4681B8239"
+	expect resp.http.alphanum == "A67C289B8250A6F437A20137985D605589A8C163D45261B15419556E"
+	expect resp.http.digits == "0526898E185869F91B3E2A76DD72A15DC6940A67C8164A044CD25CC8"
+	expect resp.http.pangram == "D15DADCEAA4D5D7BB3B48F446421D542E08AD8887305E28D58335795"
+
+	# from http://www.di-mgt.com.au/sha_testvectors.html
+	expect resp.http.alphasoup == "8a24108b154ada21c9fd5574494479ba5c7e7ab76ef264ead0fcce33"
+
+	# verified with: base64 -d | rhash --sha3-224 -
+	expect resp.http.allbytes == "12ecd3cedb58970d34dff87d3d3216d297b429309610dfb52c1ceead"
+
+	# cf. http://wolfgang-ehrhardt.de/hmac-sha3-testvectors.html
+	expect resp.http.ehrhardt1 == "3b16546bbc7be2706a031dcafd56373d9884367641d8c59af3c860f7"
+	expect resp.http.ehrhardt2 == "7fdb8dd88bd2f60d1b798634ad386811c2cfc85bfaf5d52bbace5e66"
+	expect resp.http.ehrhardt3 == "676cfc7d16153638780390692be142d2df7ce924b909c0c08dbfdc1a"
+	expect resp.http.ehrhardt4 == "a9d7685a19c4e0dbd9df2556cc8a7d2a7733b67625ce594c78270eeb"
+	expect resp.http.ehrhardt5 ~ "^49fdd3abd005ebb8ae63fea946d1883c"
+	expect resp.http.ehrhardt6 == "b4a1f04c00287a9b7f6075b313d279b833bc8f75124352d05fb9995f"
+	expect resp.http.ehrhardt7 == "05d8cd6d00faea8d1eb68ade28730bbd3cbab6929f0a086b29cd62a0"
+	expect resp.http.ehrhardt6a == "b96d730c148c2daad8649d83defaa3719738d34775397b7571c38515"
+	expect resp.http.ehrhardt7a == "c79c9b093424e588a9878bbcb089e018270096e9b4b1a9e8220c866a"
+} -run

src/vmod_blobdigest.c

@@ -99,6 +99,9 @@ init(const enum algorithm hash, hash_ctx * const hctx)
 	case SHA512:
 		rhash_sha512_init(&hctx->sha512);
 		break;
+	case SHA3_224:
+		rhash_sha3_224_init(&hctx->sha3);
+		break;
 	default:
 		WRONG("illegal algorithm");
 	}
@@ -125,6 +128,9 @@ update(const enum algorithm hash, hash_ctx *restrict const hctx,
 	case SHA512:
 		rhash_sha512_update(&hctx->sha512, msg, len);
 		break;
+	case SHA3_224:
+		rhash_sha3_update(&hctx->sha3, msg, len);
+		break;
 	default:
 		WRONG("illegal algorithm");
 	}
@@ -151,6 +157,9 @@ final(const enum algorithm hash, hash_ctx *restrict const hctx,
 	case SHA512:
 		rhash_sha512_final(&hctx->sha512, result);
 		break;
+	case SHA3_224:
+		rhash_sha3_final(&hctx->sha3, result);
+		break;
 	default:
 		WRONG("illegal algorithm");
 	}

src/vmod_blobdigest.h

@@ -33,6 +33,9 @@
 #include "vsha256.h"
 #include "sha256.h"
 #include "sha512.h"
+#include "sha3.h"
+
+#define SHA3_BLOCKSZ(bits) ((1600 - (bits) * 2) / 8)
 
 typedef union hash_ctx {
 	md5_ctx		md5;
@@ -40,6 +43,7 @@ typedef union hash_ctx {
 	sha256_ctx	sha224;
 	SHA256_CTX	sha256;
 	sha512_ctx	sha512;
+	sha3_ctx	sha3;
 } hash_ctx;
 
 static const struct hashspec {
@@ -70,4 +74,8 @@ static const struct hashspec {
 		sha512_hash_size,
 		sha512_block_size,
 	},
+	[SHA3_224] = {
+		sha3_224_hash_size,
+		SHA3_BLOCKSZ(224),
+	},
 };

src/vmod_blobdigest.vcc

@@ -9,7 +9,8 @@
 
 $Module blobdigest 3 digests and hmacs for the VCL blob type
 
-$Object hmac(ENUM {MD5, SHA1, SHA224, SHA256, SHA384, SHA512} hash, BLOB key)
+$Object hmac(ENUM {MD5, SHA1, SHA224, SHA256, SHA384, SHA512, SHA3_224} hash,
+             BLOB key)
 
 Prototype
 	new OBJ = blobdigest.hmac(ENUM hash, BLOB key)
@@ -31,8 +32,8 @@ Description
 Example
 	``set req.http.hmac = hmac.hmac(blobcode.decode(BASE64, "Zm9v"));``
 
-$Function BLOB hash(ENUM {MD5, SHA1, SHA224, SHA256, SHA384, SHA512} hash,
-                    BLOB msg)
+$Function BLOB hash(ENUM {MD5, SHA1, SHA224, SHA256, SHA384, SHA512, SHA3_224}
+                    hash, BLOB msg)
 
 $Function STRING version()