modify sha3 impl to support pre-standard keccak

bdivrik · Feb 3, 2016 · af0d618 · af0d618
1 parent a33f688
commit af0d618
Show file tree

Hide file tree

Showing 3 changed files with 55 additions and 3 deletions.
diff --git a/sha3/keccak.c b/sha3/keccak.c
@@ -55,6 +55,7 @@ keccakf1600_theta(secret uint64_t A[25])
 	unsigned y;
 
 	C0 = C1 = C2 = C3 = C4 = 0;
+#pragma GCC diagnostic ignored "-pedantic"
 	FOR5(y, {
 		C0 ^= A[0 + 5*y];
 		C1 ^= A[1 + 5*y];
@@ -69,6 +70,7 @@ keccakf1600_theta(secret uint64_t A[25])
 		A[3 + 5*y] ^= C2 ^ rol64(C4, 1);
 		A[4 + 5*y] ^= C3 ^ rol64(C0, 1);
 	});
+#pragma GCC diagnostic pop
 }
 
 static inline void
@@ -113,6 +115,7 @@ keccakf1600_chi(secret uint64_t A[25])
 	secret uint64_t B0, B1, B2, B3, B4;
 	unsigned y;
 
+#pragma GCC diagnostic ignored "-pedantic"
 	FOR5(y, {
 		B0 = A[0 + 5*y];
 		B1 = A[1 + 5*y];
@@ -125,6 +128,7 @@ keccakf1600_chi(secret uint64_t A[25])
 		A[3 + 5*y] ^= ~B4 & B0;
 		A[4 + 5*y] ^= ~B0 & B1;
 	});
+#pragma GCC diagnostic pop
 }
 
 static void

diff --git a/sha3/sha3.c b/sha3/sha3.c
@@ -182,8 +182,8 @@ sha3_update(struct sha3 *C, const uint8_t *data, size_t len, unsigned rw)
 	assert(0 < C->nb);
 }
 
-static void
-sha3_final(uint8_t *h, unsigned d, struct sha3 *C, unsigned rw)
+static inline void
+sha3_or_keccak_final(uint8_t *h, unsigned d, struct sha3 *C, unsigned rw, uint64_t padding)
 {
 	unsigned nw, iw;
 
@@ -194,7 +194,7 @@ sha3_final(uint8_t *h, unsigned d, struct sha3 *C, unsigned rw)
 	nw = (C->nb + 7)/8;
 	assert(0 < nw);
 	assert(nw <= rw);
-	C->A[rw - nw] ^= (uint64_t)0x06 << (8*(8*nw - C->nb));
+	C->A[rw - nw] ^= padding << (8*(8*nw - C->nb));
 	C->A[rw - 1] ^= 0x8000000000000000ULL;
 
 	/* Permute one last time.  */
@@ -217,6 +217,18 @@ sha3_final(uint8_t *h, unsigned d, struct sha3 *C, unsigned rw)
 	C->nb = 0;
 }
 
+static void
+sha3_final(uint8_t *h, unsigned d, struct sha3 *C, unsigned rw)
+{
+    sha3_or_keccak_final(h, d, C, rw, 0x06);
+}
+
+static void
+keccak_final(uint8_t *h, unsigned d, struct sha3 *C, unsigned rw)
+{
+    sha3_or_keccak_final(h, d, C, rw, 0x01);
+}
+
 static void
 shake_final(uint8_t *h, unsigned d, struct sha3 *C, unsigned rw)
 {
@@ -398,6 +410,30 @@ SHAKE256_Final(uint8_t *h, size_t d, SHAKE256_CTX *C)
 	shake_final(h, d, &C->C256, sha3_rate(256/8));
 }
 
+void
+KECCAK_256_Final(uint8_t h[SHA3_256_DIGEST_LENGTH], SHA3_256_CTX *C)
+{
+
+	keccak_final(h, SHA3_256_DIGEST_LENGTH, &C->C256,
+	    sha3_rate(SHA3_256_DIGEST_LENGTH));
+}
+
+void
+KECCAK_384_Final(uint8_t h[SHA3_384_DIGEST_LENGTH], SHA3_384_CTX *C)
+{
+
+	keccak_final(h, SHA3_384_DIGEST_LENGTH, &C->C384,
+	    sha3_rate(SHA3_384_DIGEST_LENGTH));
+}
+
+void
+KECCAK_512_Final(uint8_t h[SHA3_512_DIGEST_LENGTH], SHA3_512_CTX *C)
+{
+
+	keccak_final(h, SHA3_512_DIGEST_LENGTH, &C->C512,
+	    sha3_rate(SHA3_512_DIGEST_LENGTH));
+}
+
 static void
 sha3_selftest_prng(void *buf, size_t len, uint32_t seed)
 {

diff --git a/sha3/sha3.h b/sha3/sha3.h
@@ -71,6 +71,18 @@ void	SHAKE256_Init(SHAKE256_CTX *);
 void	SHAKE256_Update(SHAKE256_CTX *, const uint8_t *, size_t);
 void	SHAKE256_Final(uint8_t *, size_t, SHAKE256_CTX *);
 
+#define KECCAK_256_Init SHA3_256_Init
+#define KECCAK_256_Update SHA3_256_Update
+void	KECCAK_256_Final(uint8_t[SHA3_256_DIGEST_LENGTH], SHA3_256_CTX *);
+
+#define KECCAK_384_Init SHA3_384_Init
+#define KECCAK_384_Update SHA3_384_Update
+void	KECCAK_384_Final(uint8_t[SHA3_384_DIGEST_LENGTH], SHA3_384_CTX *);
+
+#define KECCAK_512_Init SHA3_512_Init
+#define KECCAK_512_Update SHA3_512_Update
+void	KECCAK_512_Final(uint8_t[SHA3_512_DIGEST_LENGTH], SHA3_512_CTX *);
+
 int	SHA3_Selftest(void);
 
 #endif	/* SHA3_H */