Update externals with latest versions.
This commit is contained in:
133
src/sha3.c
133
src/sha3.c
@@ -23,22 +23,15 @@
|
||||
#include "sha3.h"
|
||||
|
||||
#define SHA3_ASSERT( x )
|
||||
#if defined(_MSC_VER)
|
||||
#define SHA3_TRACE( format, ...)
|
||||
#define SHA3_TRACE_BUF( format, buf, l, ...)
|
||||
#else
|
||||
#define SHA3_TRACE(format, args...)
|
||||
#define SHA3_TRACE_BUF(format, buf, l, args...)
|
||||
#endif
|
||||
#define SHA3_TRACE_BUF(format, buf, l)
|
||||
|
||||
//#define SHA3_USE_KECCAK
|
||||
/*
|
||||
* Define SHA3_USE_KECCAK to run "pure" Keccak, as opposed to SHA3.
|
||||
* The tests that this macro enables use the input and output from [Keccak]
|
||||
* (see the reference below). The used test vectors aren't correct for SHA3,
|
||||
* however, they are helpful to verify the implementation.
|
||||
* SHA3_USE_KECCAK only changes one line of code in Finalize.
|
||||
* This flag is used to configure "pure" Keccak, as opposed to NIST SHA3.
|
||||
*/
|
||||
#define SHA3_USE_KECCAK_FLAG 0x80000000
|
||||
#define SHA3_CW(x) ((x) & (~SHA3_USE_KECCAK_FLAG))
|
||||
|
||||
|
||||
#if defined(_MSC_VER)
|
||||
#define SHA3_CONST(x) x
|
||||
@@ -123,30 +116,44 @@ keccakf(uint64_t s[25])
|
||||
/* *************************** Public Inteface ************************ */
|
||||
|
||||
/* For Init or Reset call these: */
|
||||
sha3_return_t
|
||||
sha3_Init(void *priv, unsigned bitSize) {
|
||||
sha3_context *ctx = (sha3_context *) priv;
|
||||
if( bitSize != 256 && bitSize != 384 && bitSize != 512 )
|
||||
return SHA3_RETURN_BAD_PARAMS;
|
||||
memset(ctx, 0, sizeof(*ctx));
|
||||
ctx->capacityWords = 2 * bitSize / (8 * sizeof(uint64_t));
|
||||
return SHA3_RETURN_OK;
|
||||
}
|
||||
|
||||
void
|
||||
sha3_Init256(void *priv)
|
||||
{
|
||||
sha3_context *ctx = (sha3_context *) priv;
|
||||
memset(ctx, 0, sizeof(*ctx));
|
||||
ctx->capacityWords = 2 * 256 / (8 * sizeof(uint64_t));
|
||||
sha3_Init(priv, 256);
|
||||
}
|
||||
|
||||
void
|
||||
sha3_Init384(void *priv)
|
||||
{
|
||||
sha3_context *ctx = (sha3_context *) priv;
|
||||
memset(ctx, 0, sizeof(*ctx));
|
||||
ctx->capacityWords = 2 * 384 / (8 * sizeof(uint64_t));
|
||||
sha3_Init(priv, 384);
|
||||
}
|
||||
|
||||
void
|
||||
sha3_Init512(void *priv)
|
||||
{
|
||||
sha3_context *ctx = (sha3_context *) priv;
|
||||
memset(ctx, 0, sizeof(*ctx));
|
||||
ctx->capacityWords = 2 * 512 / (8 * sizeof(uint64_t));
|
||||
sha3_Init(priv, 512);
|
||||
}
|
||||
|
||||
enum SHA3_FLAGS
|
||||
sha3_SetFlags(void *priv, enum SHA3_FLAGS flags)
|
||||
{
|
||||
sha3_context *ctx = (sha3_context *) priv;
|
||||
flags &= SHA3_FLAGS_KECCAK;
|
||||
ctx->capacityWords |= (flags == SHA3_FLAGS_KECCAK ? SHA3_USE_KECCAK_FLAG : 0);
|
||||
return flags;
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
sha3_Update(void *priv, void const *bufIn, size_t len)
|
||||
{
|
||||
@@ -164,7 +171,7 @@ sha3_Update(void *priv, void const *bufIn, size_t len)
|
||||
SHA3_TRACE_BUF("called to update with:", buf, len);
|
||||
|
||||
SHA3_ASSERT(ctx->byteIndex < 8);
|
||||
SHA3_ASSERT(ctx->wordIndex < sizeof(ctx->s) / sizeof(ctx->s[0]));
|
||||
SHA3_ASSERT(ctx->wordIndex < sizeof(ctx->u.s) / sizeof(ctx->u.s[0]));
|
||||
|
||||
if(len < old_tail) { /* have no complete word or haven't started
|
||||
* the word yet */
|
||||
@@ -185,13 +192,13 @@ sha3_Update(void *priv, void const *bufIn, size_t len)
|
||||
ctx->saved |= (uint64_t) (*(buf++)) << ((ctx->byteIndex++) * 8);
|
||||
|
||||
/* now ready to add saved to the sponge */
|
||||
ctx->s[ctx->wordIndex] ^= ctx->saved;
|
||||
ctx->u.s[ctx->wordIndex] ^= ctx->saved;
|
||||
SHA3_ASSERT(ctx->byteIndex == 8);
|
||||
ctx->byteIndex = 0;
|
||||
ctx->saved = 0;
|
||||
if(++ctx->wordIndex ==
|
||||
(SHA3_KECCAK_SPONGE_WORDS - ctx->capacityWords)) {
|
||||
keccakf(ctx->s);
|
||||
(SHA3_KECCAK_SPONGE_WORDS - SHA3_CW(ctx->capacityWords))) {
|
||||
keccakf(ctx->u.s);
|
||||
ctx->wordIndex = 0;
|
||||
}
|
||||
}
|
||||
@@ -217,10 +224,10 @@ sha3_Update(void *priv, void const *bufIn, size_t len)
|
||||
#if defined(__x86_64__ ) || defined(__i386__)
|
||||
SHA3_ASSERT(memcmp(&t, buf, 8) == 0);
|
||||
#endif
|
||||
ctx->s[ctx->wordIndex] ^= t;
|
||||
ctx->u.s[ctx->wordIndex] ^= t;
|
||||
if(++ctx->wordIndex ==
|
||||
(SHA3_KECCAK_SPONGE_WORDS - ctx->capacityWords)) {
|
||||
keccakf(ctx->s);
|
||||
(SHA3_KECCAK_SPONGE_WORDS - SHA3_CW(ctx->capacityWords))) {
|
||||
keccakf(ctx->u.s);
|
||||
ctx->wordIndex = 0;
|
||||
}
|
||||
}
|
||||
@@ -253,21 +260,22 @@ sha3_Finalize(void *priv)
|
||||
* Overall, we feed 0, then 1, and finally 1 to start padding. Without
|
||||
* M || 01, we would simply use 1 to start padding. */
|
||||
|
||||
#ifndef SHA3_USE_KECCAK
|
||||
/* SHA3 version */
|
||||
ctx->s[ctx->wordIndex] ^=
|
||||
(ctx->saved ^ ((uint64_t) ((uint64_t) (0x02 | (1 << 2)) <<
|
||||
((ctx->byteIndex) * 8))));
|
||||
#else
|
||||
/* For testing the "pure" Keccak version */
|
||||
ctx->s[ctx->wordIndex] ^=
|
||||
(ctx->saved ^ ((uint64_t) ((uint64_t) 1 << (ctx->byteIndex *
|
||||
8))));
|
||||
#endif
|
||||
uint64_t t;
|
||||
|
||||
ctx->s[SHA3_KECCAK_SPONGE_WORDS - ctx->capacityWords - 1] ^=
|
||||
if( ctx->capacityWords & SHA3_USE_KECCAK_FLAG ) {
|
||||
/* Keccak version */
|
||||
t = (uint64_t)(((uint64_t) 1) << (ctx->byteIndex * 8));
|
||||
}
|
||||
else {
|
||||
/* SHA3 version */
|
||||
t = (uint64_t)(((uint64_t)(0x02 | (1 << 2))) << ((ctx->byteIndex) * 8));
|
||||
}
|
||||
|
||||
ctx->u.s[ctx->wordIndex] ^= ctx->saved ^ t;
|
||||
|
||||
ctx->u.s[SHA3_KECCAK_SPONGE_WORDS - SHA3_CW(ctx->capacityWords) - 1] ^=
|
||||
SHA3_CONST(0x8000000000000000UL);
|
||||
keccakf(ctx->s);
|
||||
keccakf(ctx->u.s);
|
||||
|
||||
/* Return first bytes of the ctx->s. This conversion is not needed for
|
||||
* little-endian platforms e.g. wrap with #if !defined(__BYTE_ORDER__)
|
||||
@@ -277,20 +285,39 @@ sha3_Finalize(void *priv)
|
||||
{
|
||||
unsigned i;
|
||||
for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) {
|
||||
const unsigned t1 = (uint32_t) ctx->s[i];
|
||||
const unsigned t2 = (uint32_t) ((ctx->s[i] >> 16) >> 16);
|
||||
ctx->sb[i * 8 + 0] = (uint8_t) (t1);
|
||||
ctx->sb[i * 8 + 1] = (uint8_t) (t1 >> 8);
|
||||
ctx->sb[i * 8 + 2] = (uint8_t) (t1 >> 16);
|
||||
ctx->sb[i * 8 + 3] = (uint8_t) (t1 >> 24);
|
||||
ctx->sb[i * 8 + 4] = (uint8_t) (t2);
|
||||
ctx->sb[i * 8 + 5] = (uint8_t) (t2 >> 8);
|
||||
ctx->sb[i * 8 + 6] = (uint8_t) (t2 >> 16);
|
||||
ctx->sb[i * 8 + 7] = (uint8_t) (t2 >> 24);
|
||||
const unsigned t1 = (uint32_t) ctx->u.s[i];
|
||||
const unsigned t2 = (uint32_t) ((ctx->u.s[i] >> 16) >> 16);
|
||||
ctx->u.sb[i * 8 + 0] = (uint8_t) (t1);
|
||||
ctx->u.sb[i * 8 + 1] = (uint8_t) (t1 >> 8);
|
||||
ctx->u.sb[i * 8 + 2] = (uint8_t) (t1 >> 16);
|
||||
ctx->u.sb[i * 8 + 3] = (uint8_t) (t1 >> 24);
|
||||
ctx->u.sb[i * 8 + 4] = (uint8_t) (t2);
|
||||
ctx->u.sb[i * 8 + 5] = (uint8_t) (t2 >> 8);
|
||||
ctx->u.sb[i * 8 + 6] = (uint8_t) (t2 >> 16);
|
||||
ctx->u.sb[i * 8 + 7] = (uint8_t) (t2 >> 24);
|
||||
}
|
||||
}
|
||||
|
||||
SHA3_TRACE_BUF("Hash: (first 32 bytes)", ctx->sb, 256 / 8);
|
||||
SHA3_TRACE_BUF("Hash: (first 32 bytes)", ctx->u.sb, 256 / 8);
|
||||
|
||||
return (ctx->sb);
|
||||
return (ctx->u.sb);
|
||||
}
|
||||
|
||||
sha3_return_t sha3_HashBuffer( unsigned bitSize, enum SHA3_FLAGS flags, const void *in, unsigned inBytes, void *out, unsigned outBytes ) {
|
||||
sha3_return_t err;
|
||||
sha3_context c;
|
||||
|
||||
err = sha3_Init(&c, bitSize);
|
||||
if( err != SHA3_RETURN_OK )
|
||||
return err;
|
||||
if( sha3_SetFlags(&c, flags) != flags ) {
|
||||
return SHA3_RETURN_BAD_PARAMS;
|
||||
}
|
||||
sha3_Update(&c, in, inBytes);
|
||||
const void *h = sha3_Finalize(&c);
|
||||
|
||||
if(outBytes > bitSize/8)
|
||||
outBytes = bitSize/8;
|
||||
memcpy(out, h, outBytes);
|
||||
return SHA3_RETURN_OK;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user