diff --git a/pkgtools/pkg_install/files/admin/check.c b/pkgtools/pkg_install/files/admin/check.c
--- a/pkgtools/pkg_install/files/admin/check.c
+++ b/pkgtools/pkg_install/files/admin/check.c
@@ -53,18 +53,20 @@
#if HAVE_ERRNO_H
#include <errno.h>
#endif
#if HAVE_FCNTL_H
#include <fcntl.h>
#endif
#ifndef NETBSD
#include <nbcompat/md5.h>
+#include <nbcompat/sha2.h>
#else
#include <md5.h>
+#include <sha2.h>
#endif
#if HAVE_LIMITS_H
#include <limits.h>
#endif
#if HAVE_STDIO_H
#include <stdio.h>
#endif
#if HAVE_STRING_H
@@ -108,24 +110,32 @@ check1pkg(const char *pkgdir, int *filec
warnx("dirp not initialized, please send-pr!");
abort();
}
(void) snprintf(file, sizeof(file), "%s/%s", dirp, p->name);
if (isfile(file) || islinktodir(file)) {
if (p->next && p->next->type == PLIST_COMMENT) {
- if (strncmp(p->next->name, CHECKSUM_HEADER, ChecksumHeaderLen) == 0) {
+ if (strncmp(p->next->name, MD5_CHECKSUM_HEADER, MD5ChecksumHeaderLen) == 0) {
if ((md5file = MD5File(file, NULL)) != NULL) {
/* Mismatch? */
- if (strcmp(md5file, p->next->name + ChecksumHeaderLen) != 0)
+ if (strcmp(md5file, p->next->name + MD5ChecksumHeaderLen) != 0)
printf("%s fails MD5 checksum\n", file);
free(md5file);
}
+ } else if (strncmp(p->next->name, COMBO_CHECKSUM_HEADER, ComboChecksumHeaderLen) == 0) {
+ if ((md5file = combo_digest_file(file, NULL)) != NULL) {
+ /* Mismatch? */
+ if (strcmp(md5file, p->next->name + ComboChecksumHeaderLen) != 0)
+ printf("%s fails combo checksum\n", file);
+
+ free(md5file);
+ }
} else if (strncmp(p->next->name, SYMLINK_HEADER, SymlinkHeaderLen) == 0) {
char buf[MaxPathSize + SymlinkHeaderLen];
int cc;
(void) strlcpy(buf, SYMLINK_HEADER, sizeof(buf));
if ((cc = readlink(file, &buf[SymlinkHeaderLen],
sizeof(buf) - SymlinkHeaderLen - 1)) < 0) {
warnx("can't readlink `%s'", file);
diff --git a/pkgtools/pkg_install/files/configure b/pkgtools/pkg_install/files/configure
--- a/pkgtools/pkg_install/files/configure
+++ b/pkgtools/pkg_install/files/configure
@@ -4793,17 +4793,17 @@ if eval test \"x\$"$as_ac_Header"\" = x"
#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
_ACEOF
fi
done
-for ac_header in assert.h ctype.h dirent.h err.h errno.h fnctl.h \
+for ac_header in assert.h ctype.h dirent.h err.h errno.h fcntl.h \
fnmatch.h glob.h grp.h inttypes.h limits.h pwd.h signal.h \
stdarg.h stdio.h stdlib.h string.h time.h unistd.h vis.h
do :
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
cat >>confdefs.h <<_ACEOF
#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
diff --git a/pkgtools/pkg_install/files/configure.ac b/pkgtools/pkg_install/files/configure.ac
--- a/pkgtools/pkg_install/files/configure.ac
+++ b/pkgtools/pkg_install/files/configure.ac
@@ -59,17 +59,17 @@ AC_SUBST(bootstrap)
dnl Checks for large file support.
AC_SYS_LARGEFILE
dnl Checks for libraries.
AC_CHECK_LIB(db, __db185_open, , AC_SEARCH_LIBS(dbopen, [db db1]))
dnl Checks for header files.
AC_HEADER_STDC
-AC_CHECK_HEADERS([assert.h ctype.h dirent.h err.h errno.h fnctl.h \
+AC_CHECK_HEADERS([assert.h ctype.h dirent.h err.h errno.h fcntl.h \
fnmatch.h glob.h grp.h inttypes.h limits.h pwd.h signal.h \
stdarg.h stdio.h stdlib.h string.h time.h unistd.h vis.h])
AC_CHECK_HEADERS([sys/cdefs.h sys/file.h sys/ioctl.h sys/queue.h \
sys/stat.h sys/time.h sys/types.h sys/utsname.h sys/wait.h])
# Checks for library functions.
AC_CHECK_FUNCS([vfork])
diff --git a/pkgtools/pkg_install/files/create/pl.c b/pkgtools/pkg_install/files/create/pl.c
--- a/pkgtools/pkg_install/files/create/pl.c
+++ b/pkgtools/pkg_install/files/create/pl.c
@@ -77,17 +77,17 @@ CheckSymlink(char *name, char *prefix, s
* Check a list for files that require preconversion
*/
void
check_list(package_t *pkg, const char *PkgName)
{
struct stat st;
plist_t *tmp;
plist_t *p;
- char buf[ChecksumHeaderLen + LegibleChecksumLen];
+ char buf[ComboChecksumHeaderLen + LegibleComboChecksumLen];
char target[MaxPathSize + SymlinkHeaderLen];
char name[MaxPathSize];
char *cwd = NULL;
char *pkgname = NULL;
int cc;
/* Open Package Database for writing */
if (update_pkgdb && !pkgdb_open(ReadWrite))
@@ -178,22 +178,22 @@ check_list(package_t *pkg, const char *P
break;
case S_IFCHR:
warnx("Warning - char special device `%s' in PLIST", name);
break;
case S_IFBLK:
warnx("Warning - block special device `%s' in PLIST", name);
break;
default:
- (void) strlcpy(buf, CHECKSUM_HEADER,
+ (void) strlcpy(buf, COMBO_CHECKSUM_HEADER,
sizeof(buf));
- if (MD5File(name, &buf[ChecksumHeaderLen]) != (char *) NULL) {
+ if (combo_digest_file(name, &buf[ComboChecksumHeaderLen]) != NULL) {
tmp = new_plist_entry();
tmp->name = xstrdup(buf);
- tmp->type = PLIST_COMMENT; /* PLIST_MD5 - HF */
+ tmp->type = PLIST_COMMENT;
tmp->next = p->next;
tmp->prev = p;
if (p == pkg->tail) {
pkg->tail = tmp;
}
p->next = tmp;
p = tmp;
}
diff --git a/pkgtools/pkg_install/files/lib/Makefile.in b/pkgtools/pkg_install/files/lib/Makefile.in
--- a/pkgtools/pkg_install/files/lib/Makefile.in
+++ b/pkgtools/pkg_install/files/lib/Makefile.in
@@ -24,16 +24,17 @@ CFLAGS= @CFLAGS@
INSTALL= @INSTALL@
LIB= libinstall.a
OBJS= automatic.o conflicts.o dewey.o fexec.o file.o \
global.o iterate.o license.o lpkg.o opattern.o \
parse-config.o pkgdb.o plist.o remove.o \
+ sha3.o sha3hl.o keccak.o \
str.o var.o version.o vulnerabilities-file.o xwrapper.o
CPPFLAGS+= -DSYSCONFDIR=\"$(sysconfdir)\"
.if !empty(BOOTSTRAP)
CPPFLAGS+= -DBOOTSTRAP
.else
OBJS+= gpgsig.o pkg_io.o pkg_signature.o
diff --git a/pkgtools/pkg_install/files/lib/config.h.in b/pkgtools/pkg_install/files/lib/config.h.in
--- a/pkgtools/pkg_install/files/lib/config.h.in
+++ b/pkgtools/pkg_install/files/lib/config.h.in
@@ -10,18 +10,18 @@
#undef HAVE_DIRENT_H
/* Define to 1 if you have the <errno.h> header file. */
#undef HAVE_ERRNO_H
/* Define to 1 if you have the <err.h> header file. */
#undef HAVE_ERR_H
-/* Define to 1 if you have the <fnctl.h> header file. */
-#undef HAVE_FNCTL_H
+/* Define to 1 if you have the <fcntl.h> header file. */
+#undef HAVE_FCNTL_H
/* Define to 1 if you have the <fnmatch.h> header file. */
#undef HAVE_FNMATCH_H
/* Define to 1 if you have the <glob.h> header file. */
#undef HAVE_GLOB_H
/* Define to 1 if you have the <grp.h> header file. */
diff --git a/pkgtools/pkg_install/files/lib/keccak.c b/pkgtools/pkg_install/files/lib/keccak.c
new file mode 100644
--- /dev/null
+++ b/pkgtools/pkg_install/files/lib/keccak.c
@@ -0,0 +1,178 @@
+/*-
+ * Copyright (c) 2015 Taylor R. Campbell
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#define _POSIX_C_SOURCE 200809L
+
+#include <stdint.h>
+
+#include "keccak.h"
+
+#define secret /* can't use in variable-time operations, should zero */
+
+#define FOR5(X, STMT) do \
+{ \
+ (X) = 0; (STMT); \
+ (X) = 1; (STMT); \
+ (X) = 2; (STMT); \
+ (X) = 3; (STMT); \
+ (X) = 4; (STMT); \
+} while (0)
+
+static inline secret uint64_t
+rol64(secret uint64_t v, unsigned c)
+{
+
+ return ((v << c) | (v >> (64 - c)));
+}
+
+static inline void
+keccakf1600_theta(secret uint64_t A[25])
+{
+ secret uint64_t C0, C1, C2, C3, C4;
+ unsigned y;
+
+ C0 = C1 = C2 = C3 = C4 = 0;
+ FOR5(y, {
+ C0 ^= A[0 + 5*y];
+ C1 ^= A[1 + 5*y];
+ C2 ^= A[2 + 5*y];
+ C3 ^= A[3 + 5*y];
+ C4 ^= A[4 + 5*y];
+ });
+ FOR5(y, {
+ A[0 + 5*y] ^= C4 ^ rol64(C1, 1);
+ A[1 + 5*y] ^= C0 ^ rol64(C2, 1);
+ A[2 + 5*y] ^= C1 ^ rol64(C3, 1);
+ A[3 + 5*y] ^= C2 ^ rol64(C4, 1);
+ A[4 + 5*y] ^= C3 ^ rol64(C0, 1);
+ });
+}
+
+static inline void
+keccakf1600_rho_pi(secret uint64_t A[25])
+{
+ secret uint64_t T, U;
+
+ /*
+ * Permute by (x,y) |---> (y, 2x + 3y mod 5) starting at (1,0),
+ * rotate the ith element by (i + 1)(i + 2)/2 mod 64.
+ */
+ U = A[ 1]; T = U;
+ U = A[10]; A[10] = rol64(T, 1); T = U;
+ U = A[ 7]; A[ 7] = rol64(T, 3); T = U;
+ U = A[11]; A[11] = rol64(T, 6); T = U;
+ U = A[17]; A[17] = rol64(T, 10); T = U;
+ U = A[18]; A[18] = rol64(T, 15); T = U;
+ U = A[ 3]; A[ 3] = rol64(T, 21); T = U;
+ U = A[ 5]; A[ 5] = rol64(T, 28); T = U;
+ U = A[16]; A[16] = rol64(T, 36); T = U;
+ U = A[ 8]; A[ 8] = rol64(T, 45); T = U;
+ U = A[21]; A[21] = rol64(T, 55); T = U;
+ U = A[24]; A[24] = rol64(T, 2); T = U;
+ U = A[ 4]; A[ 4] = rol64(T, 14); T = U;
+ U = A[15]; A[15] = rol64(T, 27); T = U;
+ U = A[23]; A[23] = rol64(T, 41); T = U;
+ U = A[19]; A[19] = rol64(T, 56); T = U;
+ U = A[13]; A[13] = rol64(T, 8); T = U;
+ U = A[12]; A[12] = rol64(T, 25); T = U;
+ U = A[ 2]; A[ 2] = rol64(T, 43); T = U;
+ U = A[20]; A[20] = rol64(T, 62); T = U;
+ U = A[14]; A[14] = rol64(T, 18); T = U;
+ U = A[22]; A[22] = rol64(T, 39); T = U;
+ U = A[ 9]; A[ 9] = rol64(T, 61); T = U;
+ U = A[ 6]; A[ 6] = rol64(T, 20); T = U;
+ A[ 1] = rol64(T, 44);
+}
+
+static inline void
+keccakf1600_chi(secret uint64_t A[25])
+{
+ secret uint64_t B0, B1, B2, B3, B4;
+ unsigned y;
+
+ FOR5(y, {
+ B0 = A[0 + 5*y];
+ B1 = A[1 + 5*y];
+ B2 = A[2 + 5*y];
+ B3 = A[3 + 5*y];
+ B4 = A[4 + 5*y];
+ A[0 + 5*y] ^= ~B1 & B2;
+ A[1 + 5*y] ^= ~B2 & B3;
+ A[2 + 5*y] ^= ~B3 & B4;
+ A[3 + 5*y] ^= ~B4 & B0;
+ A[4 + 5*y] ^= ~B0 & B1;
+ });
+}
+
+static void
+keccakf1600_round(secret uint64_t A[25])
+{
+
+ keccakf1600_theta(A);
+ keccakf1600_rho_pi(A);
+ keccakf1600_chi(A);
+}
+
+void
+keccakf1600(secret uint64_t A[25])
+{
+ /*
+ * RC[i] = \sum_{j = 0,...,6} rc(j + 7i) 2^(2^j - 1),
+ * rc(t) = (x^t mod x^8 + x^6 + x^5 + x^4 + 1) mod x in GF(2)[x]
+ */
+ static const uint64_t RC[24] = {
+ 0x0000000000000001ULL,
+ 0x0000000000008082ULL,
+ 0x800000000000808aULL,
+ 0x8000000080008000ULL,
+ 0x000000000000808bULL,
+ 0x0000000080000001ULL,
+ 0x8000000080008081ULL,
+ 0x8000000000008009ULL,
+ 0x000000000000008aULL,
+ 0x0000000000000088ULL,
+ 0x0000000080008009ULL,
+ 0x000000008000000aULL,
+ 0x000000008000808bULL,
+ 0x800000000000008bULL,
+ 0x8000000000008089ULL,
+ 0x8000000000008003ULL,
+ 0x8000000000008002ULL,
+ 0x8000000000000080ULL,
+ 0x000000000000800aULL,
+ 0x800000008000000aULL,
+ 0x8000000080008081ULL,
+ 0x8000000000008080ULL,
+ 0x0000000080000001ULL,
+ 0x8000000080008008ULL,
+ };
+ unsigned i;
+
+ for (i = 0; i < 24; i++) {
+ keccakf1600_round(A);
+ A[0] ^= RC[i];
+ }
+}
diff --git a/pkgtools/pkg_install/files/lib/keccak.h b/pkgtools/pkg_install/files/lib/keccak.h
new file mode 100644
--- /dev/null
+++ b/pkgtools/pkg_install/files/lib/keccak.h
@@ -0,0 +1,34 @@
+/*-
+ * Copyright (c) 2015 Taylor R. Campbell
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef KECCAK_H
+#define KECCAK_H
+
+#include <stdint.h>
+
+void keccakf1600(uint64_t A[25]);
+
+#endif /* KECCAK_H */
diff --git a/pkgtools/pkg_install/files/lib/lib.h b/pkgtools/pkg_install/files/lib/lib.h
--- a/pkgtools/pkg_install/files/lib/lib.h
+++ b/pkgtools/pkg_install/files/lib/lib.h
@@ -196,23 +196,27 @@ typedef struct plist_t {
/* This structure describes a package's complete packing list */
typedef struct package_t {
plist_t *head; /* head of list */
plist_t *tail; /* tail of list */
} package_t;
#define SYMLINK_HEADER "Symlink:"
-#define CHECKSUM_HEADER "MD5:"
+#define MD5_CHECKSUM_HEADER "MD5:"
+#define COMBO_CHECKSUM_HEADER "SHA3_512+SHA512:"
enum {
- ChecksumHeaderLen = 4, /* strlen(CHECKSUM_HEADER) */
- SymlinkHeaderLen = 8, /* strlen(SYMLINK_HEADER) */
- ChecksumLen = 16,
- LegibleChecksumLen = 33
+ MD5ChecksumHeaderLen = 4, /* strlen(MD5_CHECKSUM_HEADER) */
+ ComboChecksumHeaderLen = 16, /* strlen(COMBO_CHECKSUM_HEADER) */
+ SymlinkHeaderLen = 8, /* strlen(SYMLINK_HEADER) */
+ MD5ChecksumLen = 16,
+ ComboChecksumLen = 64+64,
+ LegibleMD5ChecksumLen = ((MD5ChecksumLen * 2) + 1),
+ LegibleComboChecksumLen = ((ComboChecksumLen * 2) + 1)
};
/* List of files */
typedef struct _lfile_t {
TAILQ_ENTRY(_lfile_t) lf_link;
char *lf_name;
} lfile_t;
TAILQ_HEAD(_lfile_head_t, _lfile_t);
@@ -396,16 +400,19 @@ int easy_pkcs7_verify(const char *, size
int easy_pkcs7_sign(const char *, size_t, char **, size_t *, const char *,
const char *);
#endif
int gpg_verify(const char *, size_t, const char *, const char *, size_t);
int detached_gpg_sign(const char *, size_t, char **, size_t *, const char *,
const char *);
+/* digest stuff */
+char *combo_digest_file(const char */*file*/, char */*buf*/);
+
/* License handling */
int add_licenses(const char *);
int acceptable_license(const char *);
int acceptable_pkg_license(const char *);
void load_license_lists(void);
/* Helper functions for memory allocation */
char *xstrdup(const char *);
diff --git a/pkgtools/pkg_install/files/lib/plist.c b/pkgtools/pkg_install/files/lib/plist.c
--- a/pkgtools/pkg_install/files/lib/plist.c
+++ b/pkgtools/pkg_install/files/lib/plist.c
@@ -62,20 +62,24 @@
#if HAVE_ERRNO_H
#include <errno.h>
#endif
#if HAVE_ERR_H
#include <err.h>
#endif
#ifndef NETBSD
#include <nbcompat/md5.h>
+#include <nbcompat/sha2.h>
#else
#include <md5.h>
+#include <sha2.h>
#endif
+#include "sha3.h"
+
static int delete_with_parents(const char *, Boolean, Boolean);
/* This struct defines a plist command type */
typedef struct cmd_t {
const char *c_s; /* string to recognise */
pl_ent_t c_type; /* type of command */
int c_argc; /* # of arguments */
int c_subst; /* can substitute real prefix */
@@ -98,16 +102,37 @@ static const cmd_t cmdv[] = {
{"pkgcfl", PLIST_PKGCFL, 1, 0},
{"pkgdir", PLIST_PKGDIR, 1, 0},
{"dirrm", PLIST_DIR_RM, 1, 0},
{"option", PLIST_OPTION, 1, 0},
{"blddep", PLIST_BLDDEP, 1, 0},
{NULL, FAIL, 0, 0}
};
+/* calculate a combined SHA3_512 and SHA512 digest on the file */
+char *
+combo_digest_file(const char *file, char *buf)
+{
+ int allocated;
+
+ allocated = 0;
+ if (buf == NULL) {
+ buf = calloc(1, LegibleComboChecksumLen);
+ allocated = 1;
+ }
+ if (SHA3_512_File(file, buf) == NULL ||
+ SHA512_File(file, &buf[ComboChecksumLen]) == NULL) {
+ if (allocated) {
+ free(buf);
+ }
+ return NULL;
+ }
+ return buf;
+}
+
/*
* Add an item to the end of a packing list
*/
void
add_plist(package_t *p, pl_ent_t type, const char *arg)
{
plist_t *tmp;
@@ -595,30 +620,44 @@ delete_package(Boolean ign_err, package_
prefix, p->name);
if (isdir(tmp)) {
warnx("attempting to delete directory `%s' as a file\n"
"this packing list is incorrect - ignoring delete request", tmp);
} else {
int restored = 0; /* restored from preserve? */
if (p->next && p->next->type == PLIST_COMMENT) {
- if (strncmp(p->next->name, CHECKSUM_HEADER, ChecksumHeaderLen) == 0) {
- char *cp, buf[LegibleChecksumLen];
+ if (strncmp(p->next->name, MD5_CHECKSUM_HEADER, MD5ChecksumHeaderLen) == 0) {
+ char *cp, buf[LegibleMD5ChecksumLen];
if ((cp = MD5File(tmp, buf)) != NULL) {
/* Mismatch? */
- if (strcmp(cp, p->next->name + ChecksumHeaderLen) != 0) {
+ if (strcmp(cp, p->next->name + MD5ChecksumHeaderLen) != 0) {
printf("original MD5 checksum failed, %s: %s\n",
Force ? "deleting anyway" : "not deleting", tmp);
if (!Force) {
fail = FAIL;
goto pkgdb_cleanup;
}
}
}
+ } else if (strncmp(p->next->name, COMBO_CHECKSUM_HEADER, ComboChecksumHeaderLen) == 0) {
+ char *cp, buf[LegibleComboChecksumLen];
+
+ if ((cp = combo_digest_file(tmp, buf)) != NULL) {
+ /* Mismatch? */
+ if (strcmp(cp, p->next->name + ComboChecksumHeaderLen) != 0) {
+ printf("original combo checksum failed, %s: %s\n",
+ Force ? "deleting anyway" : "not deleting", tmp);
+ if (!Force) {
+ fail = FAIL;
+ goto pkgdb_cleanup;
+ }
+ }
+ }
} else if (strncmp(p->next->name, SYMLINK_HEADER, SymlinkHeaderLen) == 0) {
char buf[MaxPathSize + SymlinkHeaderLen];
int cc;
(void) strlcpy(buf, SYMLINK_HEADER,
sizeof(buf));
if ((cc = readlink(tmp, &buf[SymlinkHeaderLen],
sizeof(buf) - SymlinkHeaderLen - 1)) < 0) {
diff --git a/pkgtools/pkg_install/files/lib/sha3.c b/pkgtools/pkg_install/files/lib/sha3.c
new file mode 100644
--- /dev/null
+++ b/pkgtools/pkg_install/files/lib/sha3.c
@@ -0,0 +1,638 @@
+/*-
+ * Copyright (c) 2015 Taylor R. Campbell
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * SHA-3: FIPS-202, Permutation-Based Hash and Extendable-Ouptut Functions
+ */
+
+#define _POSIX_C_SOURCE 200809L
+
+#include <assert.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <string.h>
+
+#include "keccak.h"
+
+#include "sha3.h"
+
+#define MIN(a,b) ((a) < (b) ? (a) : (b))
+
+void *(*volatile sha3_explicit_memset_impl)(void *, int, size_t) = &memset;
+static void *
+explicit_memset(void *buf, int c, size_t n)
+{
+
+ return (*sha3_explicit_memset_impl)(buf, c, n);
+}
+
+static inline uint64_t
+le64dec(const void *buf)
+{
+ const uint8_t *p = buf;
+
+ return (((uint64_t)p[0]) |
+ ((uint64_t)p[1] << 8) |
+ ((uint64_t)p[2] << 16) |
+ ((uint64_t)p[3] << 24) |
+ ((uint64_t)p[4] << 32) |
+ ((uint64_t)p[5] << 40) |
+ ((uint64_t)p[6] << 48) |
+ ((uint64_t)p[7] << 56));
+}
+
+static inline void
+le64enc(void *buf, uint64_t v)
+{
+ uint8_t *p = buf;
+
+ *p++ = v; v >>= 8;
+ *p++ = v; v >>= 8;
+ *p++ = v; v >>= 8;
+ *p++ = v; v >>= 8;
+ *p++ = v; v >>= 8;
+ *p++ = v; v >>= 8;
+ *p++ = v; v >>= 8;
+ *p++ = v;
+}
+
+/*
+ * Common body. All the SHA-3 functions share code structure. They
+ * differ only in the size of the chunks they split the message into:
+ * for digest size d, they are split into chunks of 200 - d bytes.
+ */
+
+static inline unsigned
+sha3_rate(unsigned d)
+{
+ const unsigned cw = 2*d/8; /* capacity in words */
+
+ return 25 - cw;
+}
+
+static void
+sha3_init(struct sha3 *C, unsigned rw)
+{
+ unsigned iw;
+
+ C->nb = 8*rw;
+ for (iw = 0; iw < 25; iw++)
+ C->A[iw] = 0;
+}
+
+static void
+sha3_update(struct sha3 *C, const uint8_t *data, size_t len, unsigned rw)
+{
+ uint64_t T;
+ unsigned ib, iw; /* index of byte/word */
+
+ assert(0 < C->nb);
+
+ /* If there's a partial word, try to fill it. */
+ if ((C->nb % 8) != 0) {
+ T = 0;
+ for (ib = 0; ib < MIN(len, C->nb % 8); ib++)
+ T |= (uint64_t)data[ib] << (8*ib);
+ C->A[rw - (C->nb + 7)/8] ^= T << (8*(8 - (C->nb % 8)));
+ C->nb -= ib;
+ data += ib;
+ len -= ib;
+
+ /* If we filled the buffer, permute now. */
+ if (C->nb == 0) {
+ keccakf1600(C->A);
+ C->nb = 8*rw;
+ }
+
+ /* If that exhausted the input, we're done. */
+ if (len == 0)
+ return;
+ }
+
+ /* At a word boundary. Fill any partial buffer. */
+ assert((C->nb % 8) == 0);
+ if (C->nb < 8*rw) {
+ for (iw = 0; iw < MIN(len, C->nb)/8; iw++)
+ C->A[rw - C->nb/8 + iw] ^= le64dec(data + 8*iw);
+ C->nb -= 8*iw;
+ data += 8*iw;
+ len -= 8*iw;
+
+ /* If we filled the buffer, permute now. */
+ if (C->nb == 0) {
+ keccakf1600(C->A);
+ C->nb = 8*rw;
+ } else {
+ /* Otherwise, less than a word left. */
+ assert(len < 8);
+ goto partial;
+ }
+ }
+
+ /* At a buffer boundary. Absorb input one buffer at a time. */
+ assert(C->nb == 8*rw);
+ while (8*rw <= len) {
+ for (iw = 0; iw < rw; iw++)
+ C->A[iw] ^= le64dec(data + 8*iw);
+ keccakf1600(C->A);
+ data += 8*rw;
+ len -= 8*rw;
+ }
+
+ /* Partially fill the buffer with as many words as we can. */
+ for (iw = 0; iw < len/8; iw++)
+ C->A[rw - C->nb/8 + iw] ^= le64dec(data + 8*iw);
+ C->nb -= 8*iw;
+ data += 8*iw;
+ len -= 8*iw;
+
+partial:
+ /* Partially fill the last word with as many bytes as we can. */
+ assert(len < 8);
+ assert(0 < C->nb);
+ assert((C->nb % 8) == 0);
+ T = 0;
+ for (ib = 0; ib < len; ib++)
+ T |= (uint64_t)data[ib] << (8*ib);
+ C->A[rw - C->nb/8] ^= T;
+ C->nb -= ib;
+ assert(0 < C->nb);
+}
+
+static void
+sha3_final(uint8_t *h, unsigned d, struct sha3 *C, unsigned rw)
+{
+ unsigned nw, iw;
+
+ assert(d <= 8*25);
+ assert(0 < C->nb);
+
+ /* Append 01, pad with 10*1 up to buffer boundary, LSB first. */
+ nw = (C->nb + 7)/8;
+ assert(0 < nw);
+ assert(nw <= rw);
+ C->A[rw - nw] ^= (uint64_t)0x06 << (8*(8*nw - C->nb));
+ C->A[rw - 1] ^= 0x8000000000000000ULL;
+
+ /* Permute one last time. */
+ keccakf1600(C->A);
+
+ /* Reveal the first 8d bits of state, forget 1600-8d of them. */
+ for (iw = 0; iw < d/8; iw++)
+ le64enc(h + 8*iw, C->A[iw]);
+ h += 8*iw;
+ d -= 8*iw;
+ if (0 < d) {
+ /* For SHA3-224, we need to expose a partial word. */
+ uint64_t T = C->A[iw];
+ do {
+ *h++ = T & 0xff;
+ T >>= 8;
+ } while (--d);
+ }
+ (void)explicit_memset(C->A, 0, sizeof C->A);
+ C->nb = 0;
+}
+
+static void
+shake_final(uint8_t *h, unsigned d, struct sha3 *C, unsigned rw)
+{
+ unsigned nw, iw;
+
+ assert(0 < C->nb);
+
+ /* Append 1111, pad with 10*1 up to buffer boundary, LSB first. */
+ nw = (C->nb + 7)/8;
+ assert(0 < nw);
+ assert(nw <= rw);
+ C->A[rw - nw] ^= (uint64_t)0x1f << (8*(8*nw - C->nb));
+ C->A[rw - 1] ^= 0x8000000000000000ULL;
+
+ /* Permute, reveal first rw words of state, repeat. */
+ while (8*rw <= d) {
+ keccakf1600(C->A);
+ for (iw = 0; iw < rw; iw++)
+ le64enc(h + 8*iw, C->A[iw]);
+ h += 8*iw;
+ d -= 8*iw;
+ }
+
+ /*
+ * If 8*rw (the output rate in bytes) does not divide d, more
+ * words are wanted: permute again and reveal a little more.
+ */
+ if (0 < d) {
+ keccakf1600(C->A);
+ for (iw = 0; iw < d/8; iw++)
+ le64enc(h + 8*iw, C->A[iw]);
+ h += 8*iw;
+ d -= 8*iw;
+
+ /*
+ * If 8 does not divide d, more bytes are wanted:
+ * reveal them.
+ */
+ if (0 < d) {
+ uint64_t T = C->A[iw];
+ do {
+ *h++ = T & 0xff;
+ T >>= 8;
+ } while (--d);
+ }
+ }
+
+ (void)explicit_memset(C->A, 0, sizeof C->A);
+ C->nb = 0;
+}
+
+void
+SHA3_224_Init(SHA3_224_CTX *C)
+{
+
+ sha3_init(&C->C224, sha3_rate(SHA3_224_DIGEST_LENGTH));
+}
+
+void
+SHA3_224_Update(SHA3_224_CTX *C, const uint8_t *data, size_t len)
+{
+
+ sha3_update(&C->C224, data, len, sha3_rate(SHA3_224_DIGEST_LENGTH));
+}
+
+void
+SHA3_224_Final(uint8_t h[SHA3_224_DIGEST_LENGTH], SHA3_224_CTX *C)
+{
+
+ sha3_final(h, SHA3_224_DIGEST_LENGTH, &C->C224,
+ sha3_rate(SHA3_224_DIGEST_LENGTH));
+}
+
+void
+SHA3_256_Init(SHA3_256_CTX *C)
+{
+
+ sha3_init(&C->C256, sha3_rate(SHA3_256_DIGEST_LENGTH));
+}
+
+void
+SHA3_256_Update(SHA3_256_CTX *C, const uint8_t *data, size_t len)
+{
+
+ sha3_update(&C->C256, data, len, sha3_rate(SHA3_256_DIGEST_LENGTH));
+}
+
+void
+SHA3_256_Final(uint8_t h[SHA3_256_DIGEST_LENGTH], SHA3_256_CTX *C)
+{
+
+ sha3_final(h, SHA3_256_DIGEST_LENGTH, &C->C256,
+ sha3_rate(SHA3_256_DIGEST_LENGTH));
+}
+
+void
+SHA3_384_Init(SHA3_384_CTX *C)
+{
+
+ sha3_init(&C->C384, sha3_rate(SHA3_384_DIGEST_LENGTH));
+}
+
+void
+SHA3_384_Update(SHA3_384_CTX *C, const uint8_t *data, size_t len)
+{
+
+ sha3_update(&C->C384, data, len, sha3_rate(SHA3_384_DIGEST_LENGTH));
+}
+
+void
+SHA3_384_Final(uint8_t h[SHA3_384_DIGEST_LENGTH], SHA3_384_CTX *C)
+{
+
+ sha3_final(h, SHA3_384_DIGEST_LENGTH, &C->C384,
+ sha3_rate(SHA3_384_DIGEST_LENGTH));
+}
+
+void
+SHA3_512_Init(SHA3_512_CTX *C)
+{
+
+ sha3_init(&C->C512, sha3_rate(SHA3_512_DIGEST_LENGTH));
+}
+
+void
+SHA3_512_Update(SHA3_512_CTX *C, const uint8_t *data, size_t len)
+{
+
+ sha3_update(&C->C512, data, len, sha3_rate(SHA3_512_DIGEST_LENGTH));
+}
+
+void
+SHA3_512_Final(uint8_t h[SHA3_512_DIGEST_LENGTH], SHA3_512_CTX *C)
+{
+
+ sha3_final(h, SHA3_512_DIGEST_LENGTH, &C->C512,
+ sha3_rate(SHA3_512_DIGEST_LENGTH));
+}
+
+void
+SHAKE128_Init(SHAKE128_CTX *C)
+{
+
+ sha3_init(&C->C128, sha3_rate(128/8));
+}
+
+void
+SHAKE128_Update(SHAKE128_CTX *C, const uint8_t *data, size_t len)
+{
+
+ sha3_update(&C->C128, data, len, sha3_rate(128/8));
+}
+
+void
+SHAKE128_Final(uint8_t *h, size_t d, SHAKE128_CTX *C)
+{
+
+ shake_final(h, d, &C->C128, sha3_rate(128/8));
+}
+
+void
+SHAKE256_Init(SHAKE256_CTX *C)
+{
+
+ sha3_init(&C->C256, sha3_rate(256/8));
+}
+
+void
+SHAKE256_Update(SHAKE256_CTX *C, const uint8_t *data, size_t len)
+{
+
+ sha3_update(&C->C256, data, len, sha3_rate(256/8));
+}
+
+void
+SHAKE256_Final(uint8_t *h, size_t d, SHAKE256_CTX *C)
+{
+
+ shake_final(h, d, &C->C256, sha3_rate(256/8));
+}
+
+static void
+sha3_selftest_prng(void *buf, size_t len, uint32_t seed)
+{
+ uint8_t *p = buf;
+ size_t n = len;
+ uint32_t t, a, b;
+
+ a = 0xdead4bad * seed;
+ b = 1;
+
+ while (n--) {
+ t = a + b;
+ *p++ = t >> 24;
+ a = b;
+ b = t;
+ }
+}
+
+int
+SHA3_Selftest(void)
+{
+ const uint8_t d224_0[] = { /* SHA3-224(0-bit) */
+ 0x6b,0x4e,0x03,0x42,0x36,0x67,0xdb,0xb7,
+ 0x3b,0x6e,0x15,0x45,0x4f,0x0e,0xb1,0xab,
+ 0xd4,0x59,0x7f,0x9a,0x1b,0x07,0x8e,0x3f,
+ 0x5b,0x5a,0x6b,0xc7,
+ };
+ const uint8_t d256_0[] = { /* SHA3-256(0-bit) */
+ 0xa7,0xff,0xc6,0xf8,0xbf,0x1e,0xd7,0x66,
+ 0x51,0xc1,0x47,0x56,0xa0,0x61,0xd6,0x62,
+ 0xf5,0x80,0xff,0x4d,0xe4,0x3b,0x49,0xfa,
+ 0x82,0xd8,0x0a,0x4b,0x80,0xf8,0x43,0x4a,
+ };
+ const uint8_t d384_0[] = { /* SHA3-384(0-bit) */
+ 0x0c,0x63,0xa7,0x5b,0x84,0x5e,0x4f,0x7d,
+ 0x01,0x10,0x7d,0x85,0x2e,0x4c,0x24,0x85,
+ 0xc5,0x1a,0x50,0xaa,0xaa,0x94,0xfc,0x61,
+ 0x99,0x5e,0x71,0xbb,0xee,0x98,0x3a,0x2a,
+ 0xc3,0x71,0x38,0x31,0x26,0x4a,0xdb,0x47,
+ 0xfb,0x6b,0xd1,0xe0,0x58,0xd5,0xf0,0x04,
+ };
+ const uint8_t d512_0[] = { /* SHA3-512(0-bit) */
+ 0xa6,0x9f,0x73,0xcc,0xa2,0x3a,0x9a,0xc5,
+ 0xc8,0xb5,0x67,0xdc,0x18,0x5a,0x75,0x6e,
+ 0x97,0xc9,0x82,0x16,0x4f,0xe2,0x58,0x59,
+ 0xe0,0xd1,0xdc,0xc1,0x47,0x5c,0x80,0xa6,
+ 0x15,0xb2,0x12,0x3a,0xf1,0xf5,0xf9,0x4c,
+ 0x11,0xe3,0xe9,0x40,0x2c,0x3a,0xc5,0x58,
+ 0xf5,0x00,0x19,0x9d,0x95,0xb6,0xd3,0xe3,
+ 0x01,0x75,0x85,0x86,0x28,0x1d,0xcd,0x26,
+ };
+ const uint8_t shake128_0_41[] = { /* SHAKE128(0-bit, 41) */
+ 0x7f,0x9c,0x2b,0xa4,0xe8,0x8f,0x82,0x7d,
+ 0x61,0x60,0x45,0x50,0x76,0x05,0x85,0x3e,
+ 0xd7,0x3b,0x80,0x93,0xf6,0xef,0xbc,0x88,
+ 0xeb,0x1a,0x6e,0xac,0xfa,0x66,0xef,0x26,
+ 0x3c,0xb1,0xee,0xa9,0x88,0x00,0x4b,0x93,0x10,
+ };
+ const uint8_t shake256_0_73[] = { /* SHAKE256(0-bit, 73) */
+ 0x46,0xb9,0xdd,0x2b,0x0b,0xa8,0x8d,0x13,
+ 0x23,0x3b,0x3f,0xeb,0x74,0x3e,0xeb,0x24,
+ 0x3f,0xcd,0x52,0xea,0x62,0xb8,0x1b,0x82,
+ 0xb5,0x0c,0x27,0x64,0x6e,0xd5,0x76,0x2f,
+ 0xd7,0x5d,0xc4,0xdd,0xd8,0xc0,0xf2,0x00,
+ 0xcb,0x05,0x01,0x9d,0x67,0xb5,0x92,0xf6,
+ 0xfc,0x82,0x1c,0x49,0x47,0x9a,0xb4,0x86,
+ 0x40,0x29,0x2e,0xac,0xb3,0xb7,0xc4,0xbe,
+ 0x14,0x1e,0x96,0x61,0x6f,0xb1,0x39,0x57,0x69,
+ };
+ const uint8_t d224_1600[] = { /* SHA3-224(200 * 0xa3) */
+ 0x93,0x76,0x81,0x6a,0xba,0x50,0x3f,0x72,
+ 0xf9,0x6c,0xe7,0xeb,0x65,0xac,0x09,0x5d,
+ 0xee,0xe3,0xbe,0x4b,0xf9,0xbb,0xc2,0xa1,
+ 0xcb,0x7e,0x11,0xe0,
+ };
+ const uint8_t d256_1600[] = { /* SHA3-256(200 * 0xa3) */
+ 0x79,0xf3,0x8a,0xde,0xc5,0xc2,0x03,0x07,
+ 0xa9,0x8e,0xf7,0x6e,0x83,0x24,0xaf,0xbf,
+ 0xd4,0x6c,0xfd,0x81,0xb2,0x2e,0x39,0x73,
+ 0xc6,0x5f,0xa1,0xbd,0x9d,0xe3,0x17,0x87,
+ };
+ const uint8_t d384_1600[] = { /* SHA3-384(200 * 0xa3) */
+ 0x18,0x81,0xde,0x2c,0xa7,0xe4,0x1e,0xf9,
+ 0x5d,0xc4,0x73,0x2b,0x8f,0x5f,0x00,0x2b,
+ 0x18,0x9c,0xc1,0xe4,0x2b,0x74,0x16,0x8e,
+ 0xd1,0x73,0x26,0x49,0xce,0x1d,0xbc,0xdd,
+ 0x76,0x19,0x7a,0x31,0xfd,0x55,0xee,0x98,
+ 0x9f,0x2d,0x70,0x50,0xdd,0x47,0x3e,0x8f,
+ };
+ const uint8_t d512_1600[] = { /* SHA3-512(200 * 0xa3) */
+ 0xe7,0x6d,0xfa,0xd2,0x20,0x84,0xa8,0xb1,
+ 0x46,0x7f,0xcf,0x2f,0xfa,0x58,0x36,0x1b,
+ 0xec,0x76,0x28,0xed,0xf5,0xf3,0xfd,0xc0,
+ 0xe4,0x80,0x5d,0xc4,0x8c,0xae,0xec,0xa8,
+ 0x1b,0x7c,0x13,0xc3,0x0a,0xdf,0x52,0xa3,
+ 0x65,0x95,0x84,0x73,0x9a,0x2d,0xf4,0x6b,
+ 0xe5,0x89,0xc5,0x1c,0xa1,0xa4,0xa8,0x41,
+ 0x6d,0xf6,0x54,0x5a,0x1c,0xe8,0xba,0x00,
+ };
+ const uint8_t shake128_1600_41[] = { /* SHAKE128(200 * 0xa3, 41) */
+ 0x13,0x1a,0xb8,0xd2,0xb5,0x94,0x94,0x6b,
+ 0x9c,0x81,0x33,0x3f,0x9b,0xb6,0xe0,0xce,
+ 0x75,0xc3,0xb9,0x31,0x04,0xfa,0x34,0x69,
+ 0xd3,0x91,0x74,0x57,0x38,0x5d,0xa0,0x37,
+ 0xcf,0x23,0x2e,0xf7,0x16,0x4a,0x6d,0x1e,0xb4,
+ };
+ const uint8_t shake256_1600_73[] = { /* SHAKE256(200 * 0xa3, 73) */
+ 0xcd,0x8a,0x92,0x0e,0xd1,0x41,0xaa,0x04,
+ 0x07,0xa2,0x2d,0x59,0x28,0x86,0x52,0xe9,
+ 0xd9,0xf1,0xa7,0xee,0x0c,0x1e,0x7c,0x1c,
+ 0xa6,0x99,0x42,0x4d,0xa8,0x4a,0x90,0x4d,
+ 0x2d,0x70,0x0c,0xaa,0xe7,0x39,0x6e,0xce,
+ 0x96,0x60,0x44,0x40,0x57,0x7d,0xa4,0xf3,
+ 0xaa,0x22,0xae,0xb8,0x85,0x7f,0x96,0x1c,
+ 0x4c,0xd8,0xe0,0x6f,0x0a,0xe6,0x61,0x0b,
+ 0x10,0x48,0xa7,0xf6,0x4e,0x10,0x74,0xcd,0x62,
+ };
+ const uint8_t d0[] = {
+ 0x6c,0x02,0x1a,0xc6,0x65,0xaf,0x80,0xfb,
+ 0x52,0xe6,0x2d,0x27,0xe5,0x02,0x88,0x84,
+ 0xec,0x1c,0x0c,0xe7,0x0b,0x94,0x55,0x83,
+ 0x19,0xf2,0xbf,0x09,0x86,0xeb,0x1a,0xbb,
+ 0xc3,0x0d,0x1c,0xef,0x22,0xfe,0xc5,0x4c,
+ 0x45,0x90,0x66,0x14,0x00,0x6e,0xc8,0x79,
+ 0xdf,0x1e,0x02,0xbd,0x75,0xe9,0x60,0xd8,
+ 0x60,0x39,0x85,0xc9,0xc4,0xee,0x33,0xab,
+ };
+ const unsigned mlen[6] = { 0, 3, 128, 129, 255, 1024 };
+ uint8_t m[1024], d[73];
+ SHA3_224_CTX sha3224;
+ SHA3_256_CTX sha3256;
+ SHA3_384_CTX sha3384;
+ SHA3_512_CTX sha3512;
+ SHAKE128_CTX shake128;
+ SHAKE256_CTX shake256;
+ SHA3_512_CTX ctx;
+ unsigned mi;
+
+ /*
+ * NIST test vectors from
+ * <http://csrc.nist.gov/groups/ST/toolkit/examples.html#aHashing>:
+ * 0-bit, 1600-bit repeated 0xa3 (= 0b10100011).
+ */
+ SHA3_224_Init(&sha3224);
+ SHA3_224_Final(d, &sha3224);
+ if (memcmp(d, d224_0, 28) != 0)
+ return -1;
+ SHA3_256_Init(&sha3256);
+ SHA3_256_Final(d, &sha3256);
+ if (memcmp(d, d256_0, 32) != 0)
+ return -1;
+ SHA3_384_Init(&sha3384);
+ SHA3_384_Final(d, &sha3384);
+ if (memcmp(d, d384_0, 48) != 0)
+ return -1;
+ SHA3_512_Init(&sha3512);
+ SHA3_512_Final(d, &sha3512);
+ if (memcmp(d, d512_0, 64) != 0)
+ return -1;
+ SHAKE128_Init(&shake128);
+ SHAKE128_Final(d, 41, &shake128);
+ if (memcmp(d, shake128_0_41, 41) != 0)
+ return -1;
+ SHAKE256_Init(&shake256);
+ SHAKE256_Final(d, 73, &shake256);
+ if (memcmp(d, shake256_0_73, 73) != 0)
+ return -1;
+
+ (void)memset(m, 0xa3, 200);
+ SHA3_224_Init(&sha3224);
+ SHA3_224_Update(&sha3224, m, 200);
+ SHA3_224_Final(d, &sha3224);
+ if (memcmp(d, d224_1600, 28) != 0)
+ return -1;
+ SHA3_256_Init(&sha3256);
+ SHA3_256_Update(&sha3256, m, 200);
+ SHA3_256_Final(d, &sha3256);
+ if (memcmp(d, d256_1600, 32) != 0)
+ return -1;
+ SHA3_384_Init(&sha3384);
+ SHA3_384_Update(&sha3384, m, 200);
+ SHA3_384_Final(d, &sha3384);
+ if (memcmp(d, d384_1600, 48) != 0)
+ return -1;
+ SHA3_512_Init(&sha3512);
+ SHA3_512_Update(&sha3512, m, 200);
+ SHA3_512_Final(d, &sha3512);
+ if (memcmp(d, d512_1600, 64) != 0)
+ return -1;
+ SHAKE128_Init(&shake128);
+ SHAKE128_Update(&shake128, m, 200);
+ SHAKE128_Final(d, 41, &shake128);
+ if (memcmp(d, shake128_1600_41, 41) != 0)
+ return -1;
+ SHAKE256_Init(&shake256);
+ SHAKE256_Update(&shake256, m, 200);
+ SHAKE256_Final(d, 73, &shake256);
+ if (memcmp(d, shake256_1600_73, 73) != 0)
+ return -1;
+
+ /*
+ * Hand-crufted test vectors with unaligned message lengths.
+ */
+ SHA3_512_Init(&ctx);
+ for (mi = 0; mi < 6; mi++) {
+ sha3_selftest_prng(m, mlen[mi], (224/8)*mlen[mi]);
+ SHA3_224_Init(&sha3224);
+ SHA3_224_Update(&sha3224, m, mlen[mi]);
+ SHA3_224_Final(d, &sha3224);
+ SHA3_512_Update(&ctx, d, 224/8);
+ }
+ for (mi = 0; mi < 6; mi++) {
+ sha3_selftest_prng(m, mlen[mi], (256/8)*mlen[mi]);
+ SHA3_256_Init(&sha3256);
+ SHA3_256_Update(&sha3256, m, mlen[mi]);
+ SHA3_256_Final(d, &sha3256);
+ SHA3_512_Update(&ctx, d, 256/8);
+ }
+ for (mi = 0; mi < 6; mi++) {
+ sha3_selftest_prng(m, mlen[mi], (384/8)*mlen[mi]);
+ SHA3_384_Init(&sha3384);
+ SHA3_384_Update(&sha3384, m, mlen[mi]);
+ SHA3_384_Final(d, &sha3384);
+ SHA3_512_Update(&ctx, d, 384/8);
+ }
+ for (mi = 0; mi < 6; mi++) {
+ sha3_selftest_prng(m, mlen[mi], (512/8)*mlen[mi]);
+ SHA3_512_Init(&sha3512);
+ SHA3_512_Update(&sha3512, m, mlen[mi]);
+ SHA3_512_Final(d, &sha3512);
+ SHA3_512_Update(&ctx, d, 512/8);
+ }
+ SHA3_512_Final(d, &ctx);
+ if (memcmp(d, d0, 64) != 0)
+ return -1;
+
+ return 0;
+}
diff --git a/pkgtools/pkg_install/files/lib/sha3.h b/pkgtools/pkg_install/files/lib/sha3.h
new file mode 100644
--- /dev/null
+++ b/pkgtools/pkg_install/files/lib/sha3.h
@@ -0,0 +1,139 @@
+/*-
+ * Copyright (c) 2015 Taylor R. Campbell
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef SHA3_H
+#define SHA3_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+struct sha3 {
+ uint64_t A[25];
+ unsigned nb; /* number of bytes remaining to fill buffer */
+};
+
+typedef struct { struct sha3 C224; } SHA3_224_CTX;
+typedef struct { struct sha3 C256; } SHA3_256_CTX;
+typedef struct { struct sha3 C384; } SHA3_384_CTX;
+typedef struct { struct sha3 C512; } SHA3_512_CTX;
+typedef struct { struct sha3 C128; } SHAKE128_CTX;
+typedef struct { struct sha3 C256; } SHAKE256_CTX;
+
+#define SHA3_224_DIGEST_LENGTH 28
+#define SHA3_256_DIGEST_LENGTH 32
+#define SHA3_384_DIGEST_LENGTH 48
+#define SHA3_512_DIGEST_LENGTH 64
+
+#define SHA3_224_DIGEST_STRING_LENGTH ((2 * SHA3_224_DIGEST_LENGTH) + 1)
+#define SHA3_256_DIGEST_STRING_LENGTH ((2 * SHA3_256_DIGEST_LENGTH) + 1)
+#define SHA3_384_DIGEST_STRING_LENGTH ((2 * SHA3_384_DIGEST_LENGTH) + 1)
+#define SHA3_512_DIGEST_STRING_LENGTH ((2 * SHA3_512_DIGEST_LENGTH) + 1)
+
+#ifndef __BEGIN_DECLS
+# if defined(__cplusplus)
+# define __BEGIN_DECLS extern "C" {
+# define __END_DECLS }
+# else
+# define __BEGIN_DECLS
+# define __END_DECLS
+# endif
+#endif
+
+__BEGIN_DECLS
+
+#define SHA3_224_Init nbcompat_SHA3_224_Init
+#define SHA3_224_Update nbcompat_SHA3_224_Update
+#define SHA3_224_Final nbcompat_SHA3_224_Final
+#define SHA3_224_End nbcompat_SHA3_224_End
+#define SHA3_224_Data nbcompat_SHA3_224_Data
+#define SHA3_224_File nbcompat_SHA3_224_File
+
+void SHA3_224_Init(SHA3_224_CTX *);
+void SHA3_224_Update(SHA3_224_CTX *, const uint8_t *, size_t);
+void SHA3_224_Final(uint8_t[SHA3_224_DIGEST_LENGTH], SHA3_224_CTX *);
+
+#define SHA3_256_Init nbcompat_SHA3_256_Init
+#define SHA3_256_Update nbcompat_SHA3_256_Update
+#define SHA3_256_Final nbcompat_SHA3_256_Final
+#define SHA3_256_End nbcompat_SHA3_256_End
+#define SHA3_256_Data nbcompat_SHA3_256_Data
+#define SHA3_256_File nbcompat_SHA3_256_File
+
+void SHA3_256_Init(SHA3_256_CTX *);
+void SHA3_256_Update(SHA3_256_CTX *, const uint8_t *, size_t);
+void SHA3_256_Final(uint8_t[SHA3_256_DIGEST_LENGTH], SHA3_256_CTX *);
+
+#define SHA3_384_Init nbcompat_SHA3_384_Init
+#define SHA3_384_Update nbcompat_SHA3_384_Update
+#define SHA3_384_Final nbcompat_SHA3_384_Final
+#define SHA3_384_End nbcompat_SHA3_384_End
+#define SHA3_384_Data nbcompat_SHA3_384_Data
+#define SHA3_384_File nbcompat_SHA3_384_File
+
+void SHA3_384_Init(SHA3_384_CTX *);
+void SHA3_384_Update(SHA3_384_CTX *, const uint8_t *, size_t);
+void SHA3_384_Final(uint8_t[SHA3_384_DIGEST_LENGTH], SHA3_384_CTX *);
+
+#define SHA3_512_Init nbcompat_SHA3_512_Init
+#define SHA3_512_Update nbcompat_SHA3_512_Update
+#define SHA3_512_Final nbcompat_SHA3_512_Final
+#define SHA3_512_End nbcompat_SHA3_512_End
+#define SHA3_512_Data nbcompat_SHA3_512_Data
+#define SHA3_512_File nbcompat_SHA3_512_File
+
+void SHA3_512_Init(SHA3_512_CTX *);
+void SHA3_512_Update(SHA3_512_CTX *, const uint8_t *, size_t);
+void SHA3_512_Final(uint8_t[SHA3_512_DIGEST_LENGTH], SHA3_512_CTX *);
+
+void SHAKE128_Init(SHAKE128_CTX *);
+void SHAKE128_Update(SHAKE128_CTX *, const uint8_t *, size_t);
+void SHAKE128_Final(uint8_t *, size_t, SHAKE128_CTX *);
+
+void SHAKE256_Init(SHAKE256_CTX *);
+void SHAKE256_Update(SHAKE256_CTX *, const uint8_t *, size_t);
+void SHAKE256_Final(uint8_t *, size_t, SHAKE256_CTX *);
+
+int SHA3_Selftest(void);
+
+char *SHA3_224_End(SHA3_224_CTX*, char[SHA3_224_DIGEST_STRING_LENGTH]);
+char *SHA3_224_Data(const uint8_t*, size_t, unsigned char *);
+char *SHA3_224_File(char *, char *);
+
+char *SHA3_256_End(SHA3_256_CTX*, char[SHA3_256_DIGEST_STRING_LENGTH]);
+char *SHA3_256_Data(const uint8_t*, size_t, unsigned char *);
+char *SHA3_256_File(char *, char *);
+
+char *SHA3_384_End(SHA3_384_CTX*, char[SHA3_384_DIGEST_STRING_LENGTH]);
+char *SHA3_384_Data(const uint8_t*, size_t, unsigned char *);
+char *SHA3_384_File(char *, char *);
+
+char *SHA3_512_End(SHA3_512_CTX*, char[SHA3_512_DIGEST_STRING_LENGTH]);
+char *SHA3_512_Data(const uint8_t*, size_t, unsigned char *);
+char *SHA3_512_File(char *, char *);
+
+__END_DECLS
+
+#endif /* SHA3_H */
diff --git a/pkgtools/pkg_install/files/lib/sha3hl.c b/pkgtools/pkg_install/files/lib/sha3hl.c
new file mode 100644
--- /dev/null
+++ b/pkgtools/pkg_install/files/lib/sha3hl.c
@@ -0,0 +1,316 @@
+/* $NetBSD: sha3hl.c,v 1.8 2011/11/08 18:20:03 joerg Exp $ */
+
+/*
+ * sha3hl.c
+ * This code includes some functions taken from sha2.c, hence the
+ * following licence reproduction.
+ *
+ * This code is not a verbatim copy, since some routines have been added,
+ * and some bugs have been fixed.
+ *
+ * Version 1.0.0beta1
+ *
+ * Written by Aaron D. Gifford <me@aarongifford.com>
+ *
+ * Copyright 2000 Aaron D. Gifford. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the copyright holder nor the names of contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTOR(S) ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTOR(S) BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#ifdef HAVE_ERRNO_H
+#include <errno.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#include "sha3.h"
+#include <assert.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#ifndef _DIAGASSERT
+#define _DIAGASSERT(cond) assert(cond)
+#endif
+
+#ifndef MEMSET_BZERO
+#define MEMSET_BZERO(p,l) memset((p), 0, (l))
+#endif
+
+/*
+ * Constant used by SHA3_224/256/384/512_End() functions for converting the
+ * digest to a readable hexadecimal character string:
+ */
+static const char sha3_hex_digits[] = "0123456789abcdef";
+
+char *
+SHA3_224_File(char *filename, char *buf)
+{
+ unsigned char buffer[BUFSIZ * 20];
+ SHA3_224_CTX ctx;
+ int fd, num, oerrno;
+
+ _DIAGASSERT(filename != NULL);
+ /* XXX: buf may be NULL ? */
+
+ SHA3_224_Init(&ctx);
+
+ if ((fd = open(filename, O_RDONLY)) < 0)
+ return (0);
+
+ while ((num = read(fd, buffer, sizeof(buffer))) > 0)
+ SHA3_224_Update(&ctx, buffer, (size_t) num);
+
+ oerrno = errno;
+ close(fd);
+ errno = oerrno;
+ return (num < 0 ? 0 : SHA3_224_End(&ctx, buf));
+}
+
+
+char *
+SHA3_224_End(SHA3_224_CTX *ctx, char buffer[])
+{
+ unsigned char digest[SHA3_224_DIGEST_LENGTH], *d = digest;
+ unsigned char *ret;
+ int i;
+
+ /* Sanity check: */
+ assert(ctx != NULL);
+
+ if ((ret = buffer) != NULL) {
+ SHA3_224_Final(digest, ctx);
+
+ for (i = 0; i < SHA3_224_DIGEST_LENGTH; i++) {
+ *buffer++ = sha3_hex_digits[(*d & 0xf0) >> 4];
+ *buffer++ = sha3_hex_digits[*d & 0x0f];
+ d++;
+ }
+ *buffer = (char) 0;
+ } else {
+ (void) MEMSET_BZERO(ctx, sizeof(SHA3_224_CTX));
+ }
+ (void) MEMSET_BZERO(digest, SHA3_224_DIGEST_LENGTH);
+ return ret;
+}
+
+char *
+SHA3_224_Data(const uint8_t * data, size_t len, unsigned char *digest)
+{
+ SHA3_224_CTX ctx;
+
+ SHA3_224_Init(&ctx);
+ SHA3_224_Update(&ctx, data, len);
+ return SHA3_224_End(&ctx, digest);
+}
+
+char *
+SHA3_256_File(char *filename, char *buf)
+{
+ unsigned char buffer[BUFSIZ * 20];
+ SHA3_256_CTX ctx;
+ int fd, num, oerrno;
+
+ _DIAGASSERT(filename != NULL);
+ /* XXX: buf may be NULL ? */
+
+ SHA3_256_Init(&ctx);
+
+ if ((fd = open(filename, O_RDONLY)) < 0)
+ return (0);
+
+ while ((num = read(fd, buffer, sizeof(buffer))) > 0)
+ SHA3_256_Update(&ctx, buffer, (size_t) num);
+
+ oerrno = errno;
+ close(fd);
+ errno = oerrno;
+ return (num < 0 ? 0 : SHA3_256_End(&ctx, buf));
+}
+
+
+char *
+SHA3_256_End(SHA3_256_CTX *ctx, char buffer[])
+{
+ unsigned char digest[SHA3_256_DIGEST_LENGTH], *d = digest;
+ unsigned char *ret;
+ int i;
+
+ /* Sanity check: */
+ assert(ctx != NULL);
+
+ if ((ret = buffer) != NULL) {
+ SHA3_256_Final(digest, ctx);
+
+ for (i = 0; i < SHA3_256_DIGEST_LENGTH; i++) {
+ *buffer++ = sha3_hex_digits[(*d & 0xf0) >> 4];
+ *buffer++ = sha3_hex_digits[*d & 0x0f];
+ d++;
+ }
+ *buffer = (char) 0;
+ } else {
+ (void) MEMSET_BZERO(ctx, sizeof(SHA3_256_CTX));
+ }
+ (void) MEMSET_BZERO(digest, SHA3_256_DIGEST_LENGTH);
+ return ret;
+}
+
+char *
+SHA3_256_Data(const uint8_t * data, size_t len, unsigned char *digest)
+{
+ SHA3_256_CTX ctx;
+
+ SHA3_256_Init(&ctx);
+ SHA3_256_Update(&ctx, data, len);
+ return SHA3_256_End(&ctx, digest);
+}
+
+char *
+SHA3_384_File(char *filename, char *buf)
+{
+ unsigned char buffer[BUFSIZ * 20];
+ SHA3_384_CTX ctx;
+ int fd, num, oerrno;
+
+ _DIAGASSERT(filename != NULL);
+ /* XXX: buf may be NULL ? */
+
+ SHA3_384_Init(&ctx);
+
+ if ((fd = open(filename, O_RDONLY)) < 0)
+ return (0);
+
+ while ((num = read(fd, buffer, sizeof(buffer))) > 0)
+ SHA3_384_Update(&ctx, buffer, (size_t) num);
+
+ oerrno = errno;
+ close(fd);
+ errno = oerrno;
+ return (num < 0 ? 0 : SHA3_384_End(&ctx, buf));
+}
+
+
+char *
+SHA3_384_End(SHA3_384_CTX *ctx, char buffer[])
+{
+ unsigned char digest[SHA3_384_DIGEST_LENGTH], *d = digest;
+ unsigned char *ret;
+ int i;
+
+ /* Sanity check: */
+ assert(ctx != NULL);
+
+ if ((ret = buffer) != NULL) {
+ SHA3_384_Final(digest, ctx);
+
+ for (i = 0; i < SHA3_384_DIGEST_LENGTH; i++) {
+ *buffer++ = sha3_hex_digits[(*d & 0xf0) >> 4];
+ *buffer++ = sha3_hex_digits[*d & 0x0f];
+ d++;
+ }
+ *buffer = (char) 0;
+ } else {
+ (void) MEMSET_BZERO(ctx, sizeof(SHA3_384_CTX));
+ }
+ (void) MEMSET_BZERO(digest, SHA3_384_DIGEST_LENGTH);
+ return ret;
+}
+
+char *
+SHA3_384_Data(const uint8_t * data, size_t len, unsigned char *digest)
+{
+ SHA3_384_CTX ctx;
+
+ SHA3_384_Init(&ctx);
+ SHA3_384_Update(&ctx, data, len);
+ return SHA3_384_End(&ctx, digest);
+}
+
+char *
+SHA3_512_File(char *filename, char *buf)
+{
+ unsigned char buffer[BUFSIZ * 20];
+ SHA3_512_CTX ctx;
+ int fd, num, oerrno;
+
+ _DIAGASSERT(filename != NULL);
+ /* XXX: buf may be NULL ? */
+
+ SHA3_512_Init(&ctx);
+
+ if ((fd = open(filename, O_RDONLY)) < 0)
+ return (0);
+
+ while ((num = read(fd, buffer, sizeof(buffer))) > 0)
+ SHA3_512_Update(&ctx, buffer, (size_t) num);
+
+ oerrno = errno;
+ close(fd);
+ errno = oerrno;
+ return (num < 0 ? 0 : SHA3_512_End(&ctx, buf));
+}
+
+
+char *
+SHA3_512_End(SHA3_512_CTX *ctx, char buffer[])
+{
+ unsigned char digest[SHA3_512_DIGEST_LENGTH], *d = digest;
+ unsigned char *ret;
+ int i;
+
+ /* Sanity check: */
+ assert(ctx != NULL);
+
+ if ((ret = buffer) != NULL) {
+ SHA3_512_Final(digest, ctx);
+
+ for (i = 0; i < SHA3_512_DIGEST_LENGTH; i++) {
+ *buffer++ = sha3_hex_digits[(*d & 0xf0) >> 4];
+ *buffer++ = sha3_hex_digits[*d & 0x0f];
+ d++;
+ }
+ *buffer = (char) 0;
+ } else {
+ (void) MEMSET_BZERO(ctx, sizeof(SHA3_512_CTX));
+ }
+ (void) MEMSET_BZERO(digest, SHA3_512_DIGEST_LENGTH);
+ return ret;
+}
+
+char *
+SHA3_512_Data(const uint8_t * data, size_t len, unsigned char *digest)
+{
+ SHA3_512_CTX ctx;
+
+ SHA3_512_Init(&ctx);
+ SHA3_512_Update(&ctx, data, len);
+ return SHA3_512_End(&ctx, digest);
+}
+