From 3d77edddab4447049ccd3d1e8f5b9f8f3023c037 Mon Sep 17 00:00:00 2001 From: Paul Duncan Date: Sat, 2 Sep 2023 23:16:27 -0400 Subject: sha3.c: add pad parameter to internal xof functions --- sha3.c | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/sha3.c b/sha3.c index ec03185..71c7ad9 100644 --- a/sha3.c +++ b/sha3.c @@ -244,7 +244,7 @@ static inline void xof_init(sha3_xof_t * const xof) { memset(xof, 0, sizeof(sha3_xof_t)); } -static inline _Bool xof_absorb(sha3_xof_t * const xof, const size_t rate, const uint8_t *m, size_t m_len) { +static inline _Bool xof_absorb(sha3_xof_t * const xof, const size_t rate, const uint8_t * const m, size_t m_len) { // check state if (xof->squeezing) { return false; @@ -264,10 +264,10 @@ static inline _Bool xof_absorb(sha3_xof_t * const xof, const size_t rate, const return true; } -static inline void xof_absorb_done(sha3_xof_t * const xof, const size_t rate) { +static inline void xof_absorb_done(sha3_xof_t * const xof, const size_t rate, const uint8_t pad) { // append suffix (s6.2) and padding // (note: suffix and padding are ambiguous in spec) - xof->a.u8[xof->num_bytes] ^= 0x1f; + xof->a.u8[xof->num_bytes] ^= pad; xof->a.u8[rate - 1] ^= 0x80; // permute @@ -278,11 +278,11 @@ static inline void xof_absorb_done(sha3_xof_t * const xof, const size_t rate) { xof->squeezing = true; } -static inline void xof_squeeze(sha3_xof_t * const xof, const size_t rate, uint8_t * const dst, const size_t dst_len) { +static inline void xof_squeeze(sha3_xof_t * const xof, const size_t rate, const uint8_t pad, uint8_t * const dst, const size_t dst_len) { // check state if (!xof->squeezing) { // finalize absorb - xof_absorb_done(xof, rate); + xof_absorb_done(xof, rate, pad); } for (size_t i = 0; i < dst_len; i++) { @@ -294,7 +294,7 @@ static inline void xof_squeeze(sha3_xof_t * const xof, const size_t rate, uint8_ } } -static inline void xof_once(const size_t rate, const uint8_t * const src, const size_t src_len, uint8_t * const dst, const size_t dst_len) { +static inline void xof_once(const size_t rate, const uint8_t pad, const uint8_t * const src, const size_t src_len, uint8_t * const dst, const size_t dst_len) { // init sha3_xof_t xof; xof_init(&xof); @@ -303,10 +303,11 @@ static inline void xof_once(const size_t rate, const uint8_t * const src, const (void) xof_absorb(&xof, rate, src, src_len); // squeeze - xof_squeeze(&xof, rate, dst, dst_len); + xof_squeeze(&xof, rate, pad, dst, dst_len); } #define SHAKE128_XOF_RATE (200 - 2 * 16) +#define SHAKE128_XOF_PAD 0x1f void shake128_xof_init(sha3_xof_t * const xof) { xof_init(xof); @@ -317,14 +318,15 @@ _Bool shake128_xof_absorb(sha3_xof_t * const xof, const uint8_t * const m, const } void shake128_xof_squeeze(sha3_xof_t * const xof, uint8_t * const dst, const size_t dst_len) { - xof_squeeze(xof, SHAKE128_XOF_RATE, dst, dst_len); + xof_squeeze(xof, SHAKE128_XOF_RATE, SHAKE128_XOF_PAD, dst, dst_len); } void shake128_xof_once(const uint8_t * const src, const size_t src_len, uint8_t * const dst, const size_t dst_len) { - xof_once(SHAKE128_XOF_RATE, src, src_len, dst, dst_len); + xof_once(SHAKE128_XOF_RATE, SHAKE128_XOF_PAD, src, src_len, dst, dst_len); } #define SHAKE256_XOF_RATE (200 - 2 * 32) +#define SHAKE256_XOF_PAD 0x1f void shake256_xof_init(sha3_xof_t * const xof) { xof_init(xof); @@ -335,11 +337,11 @@ _Bool shake256_xof_absorb(sha3_xof_t * const xof, const uint8_t * const m, const } void shake256_xof_squeeze(sha3_xof_t * const xof, uint8_t * const dst, const size_t dst_len) { - xof_squeeze(xof, SHAKE256_XOF_RATE, dst, dst_len); + xof_squeeze(xof, SHAKE256_XOF_RATE, SHAKE256_XOF_PAD, dst, dst_len); } void shake256_xof_once(const uint8_t * const src, const size_t src_len, uint8_t * const dst, const size_t dst_len) { - xof_once(SHAKE256_XOF_RATE, src, src_len, dst, dst_len); + xof_once(SHAKE256_XOF_RATE, SHAKE256_XOF_PAD, src, src_len, dst, dst_len); } #ifdef SHA3_TEST -- cgit v1.2.3