keccak: guard against misaligned memory accesses on ARM

The code generated is exactly the same as the direct access one on x86_64
monero-project · Jul 4, 2019 · c223832 · c223832
1 parent 6335509
commit c223832
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 3 deletions.
diff --git a/src/crypto/keccak.c b/src/crypto/keccak.c
@@ -105,9 +105,12 @@ void keccak(const uint8_t *in, size_t inlen, uint8_t *md, int mdlen)
     memset(st, 0, sizeof(st));
 
     for ( ; inlen >= rsiz; inlen -= rsiz, in += rsiz) {
-        for (i = 0; i < rsizw; i++)
+      for (i = 0; i < rsizw; i++) {
-            st[i] ^= swap64le(((uint64_t *) in)[i]);
+        uint64_t ina;
-        keccakf(st, KECCAK_ROUNDS);
+        memcpy(&ina, in + i * 8, 8);
+        st[i] ^= swap64le(ina);
+      }
+      keccakf(st, KECCAK_ROUNDS);
     }
 
     // last block and padding

diff --git a/tests/unit_tests/keccak.cpp b/tests/unit_tests/keccak.cpp
@@ -148,3 +148,20 @@ TEST(keccak, 137_and_1_136)
   TEST_KECCAK(137, chunks);
 }
 
+TEST(keccak, alignment)
+{
+  uint8_t data[6064];
+  __attribute__ ((aligned(16))) char adata[6000];
+
+  for (size_t i = 0; i < sizeof(data) / sizeof(data[0]); ++i)
+    data[i] = i & 1;
+
+  uint8_t md[32], amd[32];
+  for (int offset = 0; offset < 64; ++offset)
+  {
+    memcpy(adata, data + offset, 6000);
+    keccak((const uint8_t*)&data[offset], 6000, md, 32);
+    keccak((const uint8_t*)adata, 6000, amd, 32);
+    ASSERT_TRUE(!memcmp(md, amd, 32));
+  }
+}