2024-03-24 Niels Möller <nisse@lysator.liu.se>
* sha3.c (_nettle_sha3_update): Use MD_FILL_OR_RETURN_INDEX.
+ (sha3_xor_block): New function, taken out from sha3_absorb.
+ (_nettle_sha3_pad): Call sha3_xor_block, not sha3_absorb.
+ * sha3-internal.h (_sha3_pad_shake): By above change, no longer
+ implies sha3_permute.
+ (_sha3_pad_hash): Update, to still include a
+ call to sha3_permute.
+ * shake256.c (sha3_256_shake, sha3_256_shake_output): Update to
+ call sha3_permute before generating output.
2024-03-20 Niels Möller <nisse@lysator.liu.se>
_nettle_sha3_pad (struct sha3_state *state,
unsigned block_size, uint8_t *block, unsigned pos, uint8_t magic);
-#define _sha3_pad_hash(state, block_size, block, pos) \
- _nettle_sha3_pad (state, block_size, block, pos, SHA3_HASH_MAGIC)
+#define _sha3_pad_hash(state, block_size, block, pos) do { \
+ _nettle_sha3_pad (state, block_size, block, pos, SHA3_HASH_MAGIC); \
+ sha3_permute (state); \
+ } while (0)
#define _sha3_pad_shake(state, block_size, block, pos) \
_nettle_sha3_pad (state, block_size, block, pos, SHA3_SHAKE_MAGIC)
#include "md-internal.h"
#include "memxor.h"
+#if WORDS_BIGENDIAN
static void
-sha3_absorb (struct sha3_state *state, unsigned length, const uint8_t *data)
+sha3_xor_block (struct sha3_state *state, unsigned length, const uint8_t *data)
{
assert ( (length & 7) == 0);
-#if WORDS_BIGENDIAN
{
uint64_t *p;
for (p = state->a; length > 0; p++, length -= 8, data += 8)
*p ^= LE_READ_UINT64 (data);
}
+}
#else /* !WORDS_BIGENDIAN */
- memxor (state->a, data, length);
+#define sha3_xor_block(state, length, data) memxor (state->a, data, length)
#endif
+static void
+sha3_absorb (struct sha3_state *state, unsigned length, const uint8_t *data)
+{
+ sha3_xor_block (state, length, data);
sha3_permute (state);
}
memset (block + pos, 0, block_size - pos);
block[block_size - 1] |= 0x80;
- sha3_absorb (state, block_size, block);
+ sha3_xor_block (state, block_size, block);
}
_sha3_pad_shake (&ctx->state, SHA3_256_BLOCK_SIZE, ctx->block, ctx->index);
while (length > SHA3_256_BLOCK_SIZE)
{
+ sha3_permute (&ctx->state);
_nettle_write_le64 (SHA3_256_BLOCK_SIZE, dst, ctx->state.a);
length -= SHA3_256_BLOCK_SIZE;
dst += SHA3_256_BLOCK_SIZE;
- sha3_permute (&ctx->state);
}
+ sha3_permute (&ctx->state);
_nettle_write_le64 (length, dst, ctx->state.a);
sha3_256_init (ctx);
/* Write full blocks. */
while (length > sizeof (ctx->block))
{
+ sha3_permute (&ctx->state);
_nettle_write_le64 (sizeof (ctx->block), digest, ctx->state.a);
length -= sizeof (ctx->block);
digest += sizeof (ctx->block);
- sha3_permute (&ctx->state);
}
if (length > 0)
{
/* Fill in the buffer for next call. */
- _nettle_write_le64 (sizeof (ctx->block), ctx->block, ctx->state.a);
sha3_permute (&ctx->state);
+ _nettle_write_le64 (sizeof (ctx->block), ctx->block, ctx->state.a);
memcpy (digest, ctx->block, length);
ctx->index = length | INDEX_HIGH_BIT;
}
projects / thirdparty / nettle.git / commitdiff
