Commit 64a6def6 authored by Niels Möller's avatar Niels Möller

Support for SHAKE256, based on patch by Daiki Ueno.

* shake256.c (sha3_256_shake): New file and function.
* Makefile.in (nettle_SOURCES): Add shake256.c.
* testsuite/testutils.c (test_hash): Allow arbitrary digest size,
if hash->digest_size == 0.
* testsuite/shake.awk: New script to extract test vectors.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Add shake256-test.c.
(DISTFILES): Add shake.awk.
parent 4c658fbf
2019-12-25 Niels Möller <nisse@lysator.liu.se>
Support for SHAKE256, based on patch by Daiki Ueno.
* shake256.c (sha3_256_shake): New file and function.
* Makefile.in (nettle_SOURCES): Add shake256.c.
* testsuite/testutils.c (test_hash): Allow arbitrary digest size,
if hash->digest_size == 0.
* testsuite/shake.awk: New script to extract test vectors.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Add shake256-test.c.
(DISTFILES): Add shake.awk.
* sha3.c (_sha3_pad): Generalized with an argument for the magic
suffix defining the sha3 instance.
* sha3-internal.h (_sha3_pad_hash): New macro, for SHA3 hashes.
......
......@@ -129,7 +129,8 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \
sha512-224-meta.c sha512-256-meta.c \
sha3.c sha3-permute.c \
sha3-224.c sha3-224-meta.c sha3-256.c sha3-256-meta.c \
sha3-384.c sha3-384-meta.c sha3-512.c sha3-512-meta.c\
sha3-384.c sha3-384-meta.c sha3-512.c sha3-512-meta.c \
shake256.c \
serpent-set-key.c serpent-encrypt.c serpent-decrypt.c \
serpent-meta.c \
twofish.c twofish-meta.c \
......
......@@ -40,6 +40,7 @@
#define _sha3_pad _nettle_sha3_pad
#define SHA3_HASH_MAGIC 6
#define SHA3_SHAKE_MAGIC 0x1f
unsigned
_sha3_update (struct sha3_state *state,
......@@ -55,5 +56,8 @@ _sha3_pad (struct sha3_state *state,
#define _sha3_pad_hash(state, block_size, block, pos) \
_sha3_pad (state, block_size, block, pos, SHA3_HASH_MAGIC)
#define _sha3_pad_shake(state, block_size, block, pos) \
_sha3_pad (state, block_size, block, pos, SHA3_SHAKE_MAGIC)
#endif
......@@ -48,6 +48,7 @@ extern "C" {
#define sha3_256_init nettle_sha3_256_init
#define sha3_256_update nettle_sha3_256_update
#define sha3_256_digest nettle_sha3_256_digest
#define sha3_256_shake nettle_sha3_256_shake
#define sha3_384_init nettle_sha3_384_init
#define sha3_384_update nettle_sha3_384_update
#define sha3_384_digest nettle_sha3_384_digest
......@@ -135,6 +136,13 @@ sha3_256_digest(struct sha3_256_ctx *ctx,
size_t length,
uint8_t *digest);
/* Alternative digest function implementing shake256, with arbitrary
digest size */
void
sha3_256_shake(struct sha3_256_ctx *ctx,
size_t length,
uint8_t *digest);
struct sha3_384_ctx
{
struct sha3_state state;
......
/* shake256.c
The SHAKE256 hash function, arbitrary length output.
Copyright (C) 2017 Daiki Ueno
Copyright (C) 2017 Red Hat, Inc.
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <stddef.h>
#include <string.h>
#include "sha3.h"
#include "sha3-internal.h"
#include "nettle-write.h"
void
sha3_256_shake (struct sha3_256_ctx *ctx,
size_t length,
uint8_t *dst)
{
_sha3_pad_shake (&ctx->state, SHA3_256_BLOCK_SIZE, ctx->block, ctx->index);
while (length > SHA3_256_BLOCK_SIZE)
{
_nettle_write_le64 (SHA3_256_BLOCK_SIZE, dst, ctx->state.a);
length -= SHA3_256_BLOCK_SIZE;
dst += SHA3_256_BLOCK_SIZE;
sha3_permute (&ctx->state);
}
_nettle_write_le64 (length, dst, ctx->state.a);
sha3_256_init (ctx);
}
......@@ -100,6 +100,9 @@ sha3-384-test$(EXEEXT): sha3-384-test.$(OBJEXT)
sha3-512-test$(EXEEXT): sha3-512-test.$(OBJEXT)
$(LINK) sha3-512-test.$(OBJEXT) $(TEST_OBJS) -o sha3-512-test$(EXEEXT)
shake256-test$(EXEEXT): shake256-test.$(OBJEXT)
$(LINK) shake256-test.$(OBJEXT) $(TEST_OBJS) -o shake256-test$(EXEEXT)
serpent-test$(EXEEXT): serpent-test.$(OBJEXT)
$(LINK) serpent-test.$(OBJEXT) $(TEST_OBJS) -o serpent-test$(EXEEXT)
......
......@@ -24,6 +24,7 @@ TS_NETTLE_SOURCES = aes-test.c arcfour-test.c arctwo-test.c \
sha384-test.c sha512-test.c sha512-224-test.c sha512-256-test.c \
sha3-permute-test.c sha3-224-test.c sha3-256-test.c \
sha3-384-test.c sha3-512-test.c \
shake256-test.c \
serpent-test.c twofish-test.c version-test.c \
knuth-lfib-test.c \
cbc-test.c cfb-test.c ctr-test.c gcm-test.c eax-test.c ccm-test.c \
......
#! /usr/bin/awk -f
# This script is used to process the Keccak testvectors, originally
# we used http://keccak.noekeon.org/KeccakKAT-3.zip.
# For the updated NIST version, test vectors can be found at
# https://github.com/gvanas/KeccakCodePackage/tree/master/TestVectors
/^Len/ { len = $3 }
/^Msg/ { msg = $3 }
/^Squeezed/ { md = $3;
if (len % 8 == 0)
printf("test_hash_extendable(&nettle_shakexxx, /* %d octets */\nSHEX(\"%s\"),\nSHEX(\"%s\"));\n",
len / 8, len ? msg : "", md);
}
This diff is collapsed.
......@@ -866,33 +866,36 @@ test_hash(const struct nettle_hash *hash,
const struct tstring *digest)
{
void *ctx = xalloc(hash->context_size);
uint8_t *buffer = xalloc(hash->digest_size);
uint8_t *buffer = xalloc(digest->length);
uint8_t *input;
unsigned offset;
/* Here, hash->digest_size zero means arbitrary size. */
if (hash->digest_size)
ASSERT (digest->length == hash->digest_size);
hash->init(ctx);
hash->update(ctx, msg->length, msg->data);
hash->digest(ctx, hash->digest_size, buffer);
hash->digest(ctx, digest->length, buffer);
if (MEMEQ(hash->digest_size, digest->data, buffer) == 0)
if (MEMEQ(digest->length, digest->data, buffer) == 0)
{
fprintf(stdout, "\nGot:\n");
print_hex(hash->digest_size, buffer);
print_hex(digest->length, buffer);
fprintf(stdout, "\nExpected:\n");
print_hex(hash->digest_size, digest->data);
print_hex(digest->length, digest->data);
abort();
}
memset(buffer, 0, hash->digest_size);
memset(buffer, 0, digest->length);
hash->update(ctx, msg->length, msg->data);
hash->digest(ctx, hash->digest_size - 1, buffer);
ASSERT(digest->length > 0);
hash->digest(ctx, digest->length - 1, buffer);
ASSERT(MEMEQ(hash->digest_size - 1, digest->data, buffer));
ASSERT(MEMEQ(digest->length - 1, digest->data, buffer));
ASSERT(buffer[hash->digest_size - 1] == 0);
ASSERT(buffer[digest->length - 1] == 0);
input = xalloc (msg->length + 16);
for (offset = 0; offset < 16; offset++)
......@@ -900,13 +903,13 @@ test_hash(const struct nettle_hash *hash,
memset (input, 0, msg->length + 16);
memcpy (input + offset, msg->data, msg->length);
hash->update (ctx, msg->length, input + offset);
hash->digest (ctx, hash->digest_size, buffer);
if (MEMEQ(hash->digest_size, digest->data, buffer) == 0)
hash->digest (ctx, digest->length, buffer);
if (MEMEQ(digest->length, digest->data, buffer) == 0)
{
fprintf(stdout, "hash input address: %p\nGot:\n", input + offset);
print_hex(hash->digest_size, buffer);
print_hex(digest->length, buffer);
fprintf(stdout, "\nExpected:\n");
print_hex(hash->digest_size, digest->data);
print_hex(digest->length, digest->data);
abort();
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment