diff -uNr a/keksum/keccak.c b/keksum/keccak.c
--- a/keksum/keccak.c 95fa68388a2b12bf22bbea2f42b65b9e95bbd70388b26d2dc75c051f07ffe3ef9dbb09255bc8ffca114352889a5a8ad88b940ff2e782712a1b4d46dc7382831a
+++ b/keksum/keccak.c 254d5e94437e72dd1923b6be0a1625f0efe831445073890f1702faf8f462e74da4a8fa86b3dc93758e7cebad1aee3b214b9cb32dd0b72d0a403f528b738783f4
@@ -1,8 +1,7 @@
/* KECCAK permutation and sponge construction
* J. Welsh, May 2019
*
- * Based on Guido Bertoni, Joan Daemen, Michael Peeters and Gilles van Assche
- * (2011): The KECCAK reference, Version 3.0.
+ * Based on Guido Bertoni, Joan Daemen, Michael Peeters and Gilles van Assche (2011): The KECCAK reference, Version 3.0.
*/
#include
@@ -31,9 +30,8 @@
/* Galois linear feedback shift register, output in low bit:
* (x^t mod x^8 + x^6 + x^5 + x^4 + 1) mod x in GF(2)(x)
- * (I'd forgotten my grade-school algebra but the Handbook of Applied
- * Cryptography plus http://archive.is/hhvKKJ (nayuki.io) and some written
- * exercises cleared this up for me.) */
+ * (I'd forgotten my grade-school algebra but the Handbook of Applied Cryptography plus http://archive.is/hhvKKJ (nayuki.io) and some written exercises cleared this up for me.)
+ */
static uint8_t lfsr_step(uint8_t rstate) {
/* polynomial xor'd in when high (overflowing) bit is set */
uint8_t gate = ((int8_t) rstate) >> 7;
@@ -99,8 +97,7 @@
* a'(y, 2x+3y mod 5, z) = a(x, y, z)
*/
static void pi(void) {
- /* shuffle in-place by swapping alternating temporaries with successive
- * destinations */
+ /* shuffle in-place by swapping alternating temporaries with successive destinations */
lane_t c, d;
#define even(x,y) (c=a(x,y), a(x,y)=d)
#define odd(x,y) (d=a(x,y), a(x,y)=c)
@@ -150,8 +147,7 @@
*
* Mix LFSR bitstream sequentially into first lane with z index given by
* 2^j - 1
- * LFSR advances 7 steps per round regardless of how many "j" are needed to
- * fill the lane, corresponding to the maximum 64-bit lane size.
+ * LFSR advances 7 steps per round regardless of how many "j" are needed to fill the lane, corresponding to the maximum 64-bit lane size.
*/
static uint8_t iota(uint8_t rstate) {
unsigned j;
@@ -214,13 +210,9 @@
}
static void load(uint8_t const *block, unsigned len) {
- /* Keeping bytes in lane little-endian, independent of machine. This
- * harmonizes with (rumored) Keccak convention for interpretation of
- * octet stream as bitstream. For a big-endian interpretation we could
- * flip the byte load/store order and the direction of rotations.
+ /* Keeping bytes in lane little-endian, independent of machine. This harmonizes with (rumored) Keccak convention for interpretation of octet stream as bitstream. For a big-endian interpretation we could flip the byte load/store order and the direction of rotations.
*
- * Ordering of lanes is x-major due to the specified mapping of
- * bitstring to state coordinates: s[w(5y+x)+z] = a[x][y][z] */
+ * Ordering of lanes is x-major due to the specified mapping of bitstring to state coordinates: s[w(5y+x)+z] = a[x][y][z] */
unsigned x, y, z, i=0;
for (y=0; y<5; ++y)
for (x=0; x<5; ++x)
@@ -238,9 +230,7 @@
uint8_t byte;
if (i==len) return;
byte = a(x,y) >> z;
- /* Digits within the byte rendered big-endian,
- * matching common practice but unfortunately
- * not bitstream order. */
+ /* Digits within the byte rendered big-endian, matching common practice but unfortunately not bitstream order. */
buf[i++] = hex[byte>>4];
buf[i++] = hex[byte&15];
}
diff -uNr a/keksum/main.c b/keksum/main.c
--- a/keksum/main.c 294be705c083b166c4aa10f3ea8a6333633af013374c5886d8e26db6ff45fba04e4b47c3a08857589130cd2c2c8ddb5415059ffb42f302c660614c701fa4db01
+++ b/keksum/main.c 0dd0b070b0905a5598376fd3be4029e26532a9eb073a221096d0ba2c2e0531a98df69b4fb6771069cba71a370db74ef40a3ee6df775b312ec7608a0965e62933
@@ -10,26 +10,20 @@
int sponge(unsigned capacity, size_t out_bits);
#pragma GCC diagnostic ignored "-Woverlength-strings" /* wat. */
+/* The above generated some discussion starting at http://jfxpt.com/2019/keksum-a-keccak-implementation-in-c-as-standalone-unix-utility-genesis/#comment-122 ; in short: c89 allows compilers to limit string literals to as little as 509 characters; GCC does not have that limit, but warns due to the "unportability" when in pedantic mode; the pragma suppresses the warning (independent of build flags) as we do not intend to support any compiler with such a low and artificial constraint. */
static char const usage[] =
"Usage: keksum [-sCAPACITY] [-lLENGTH] [-h] [--] [FILE]...\n"
"Compute KECCAK checksums.\n"
"\n"
-"With no FILE, act as a filter, reading from standard input then printing\n"
-"a single line containing the hex-encoded hash. Otherwise tabulate hash and\n"
-"name for each FILE.\n"
+"With no FILE, act as a filter, reading from standard input then printing a single line containing the hex-encoded hash. Otherwise tabulate hash and name for each FILE.\n"
"\n"
"Options:\n"
" -l set output length in bits (default 512)\n"
" -s set sponge capacity in bits (default 256)\n"
" -h print this help and exit\n"
"\n"
-"Capacity and length both establish upper bounds on security level. Capacity\n"
-"strongly affects speed and hash by changing permutation frequency. Length\n"
-"acts as a truncation of an infinite output stream. (If you use large length\n"
-"with small capacity you will be deluding yourself in quite the same manner\n"
-"as a poorly seeded PRNG.) Both must be multiples of 8. The 1600-bit\n"
-"permutation is always used, thus capacity must be between 8 and 1592.\n";
+"Capacity and length both establish upper bounds on security level. Capacity strongly affects speed and hash by changing permutation frequency. Length acts as a truncation of an infinite output stream. (If you use large length with small capacity you will be deluding yourself in quite the same manner as a poorly seeded PRNG.) Both must be multiples of 8. The 1600-bit permutation is always used, thus capacity must be between 8 and 1592.\n";
static void usage_err(char const *msg) {
write_line(2,msg);
@@ -60,19 +54,10 @@
int main(int argc, char **argv) {
unsigned out_len = 512;
- /* Rationale: for collision resistance, any hash function needs at
- * least twice the desired security level in non-redundant output bits
- * due to the birthday problem. */
+ /* Rationale: for collision resistance, any hash function needs at least twice the desired security level in non-redundant output bits due to the birthday problem. */
unsigned capacity = 256;
- /* Rationale: sponge capacity is an upper bound on security level
- * because the permutation is readily inverted if its full output is
- * known. Beyond that, its relationship to actual security is not clear
- * to me (or perhaps anyone); some margin of safety seems prudent. The
- * EuCrypt default is 256 (bitrate 1344). But note that in the FIPS202
- * parameters, capacity under 512 is seen only in "SHAKE128" and none
- * of the "SHA3" fixed-width hashes. See also:
- * http://fixpoint.welshcomputing.com/keksum-a-keccak-imp/#comments */
+ /* Rationale: sponge capacity is an upper bound on security level because the permutation is readily inverted if its full output is known. Beyond that, its relationship to actual security is not clear to me (or perhaps anyone); some margin of safety seems prudent. The EuCrypt default is 256 (bitrate 1344). But note that in the FIPS202 parameters, capacity under 512 is seen only in "SHAKE128" and none of the "SHA3" fixed-width hashes. See also: http://jfxpt.com/keksum-a-keccak-imp/#comments */
signal(SIGPIPE,SIG_IGN); /* standard unix-hate */
@@ -100,9 +85,7 @@
if (argc) {
int status = 0;
- /* Listing is similar to the GNU (?) format but with no input
- * mode character (you may know this as the mysterious extra
- * space): it's always binary. */
+ /* Listing is similar to the GNU (?) format but with no input mode character (you may know this as the mysterious extra space): it's always binary. */
for (; argc; SHIFT) {
int fd = open(*argv, O_RDONLY);
if (fd == -1) {
diff -uNr a/keksum/manifest b/keksum/manifest
--- a/keksum/manifest 61ecfe7760cfb2333d926e8915f90dee52b2f1222016d6af8dfd2c73af3d9eeca6b3dfec3c677e5a5baa6d11928f7731b9d451110e8d9ca8953e93aa8ce4296c
+++ b/keksum/manifest ac84b04abb610f747205f96a2357ae4d3964897c89f0a7c7f7d489f507e7373eec38667229381c25ab82cf6c824e26f758b472b3f0f31b7011aaddc0d8aa921a
@@ -1,2 +1,3 @@
640981 keksum_subdir_genesis jfw Initial release (redone from keksum_genesis_3 to follow project subdir and manifest naming conventions) (redone from keksum_genesis for default capacity and test)
832286 keksum_error_recovery_and_usage jfw Continue to next file rather than aborting on open or read errors. Fix glaring typo for the length option in the usage synopsis, and remove the tease about a -c option to check against a reference hash listing, which isn't planned to be done any time soon.
+833676 keksum_softwrap jfw A reformatting patch dedicated to the memory of Mircea Popescu. Linefeed characters are for auctorial intent, not for working around broken tools that can't adequately handle long lines.