sha3.c 2.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109
  1. /*
  2. * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <string.h>
  10. #include "internal/sha3.h"
  11. void SHA3_squeeze(uint64_t A[5][5], unsigned char *out, size_t len, size_t r);
  12. void sha3_reset(KECCAK1600_CTX *ctx)
  13. {
  14. memset(ctx->A, 0, sizeof(ctx->A));
  15. ctx->bufsz = 0;
  16. }
  17. int sha3_init(KECCAK1600_CTX *ctx, unsigned char pad, size_t bitlen)
  18. {
  19. size_t bsz = SHA3_BLOCKSIZE(bitlen);
  20. if (bsz <= sizeof(ctx->buf)) {
  21. sha3_reset(ctx);
  22. ctx->block_size = bsz;
  23. ctx->md_size = bitlen / 8;
  24. ctx->pad = pad;
  25. return 1;
  26. }
  27. return 0;
  28. }
  29. int keccak_kmac_init(KECCAK1600_CTX *ctx, unsigned char pad, size_t bitlen)
  30. {
  31. int ret = sha3_init(ctx, pad, bitlen);
  32. if (ret)
  33. ctx->md_size *= 2;
  34. return ret;
  35. }
  36. int sha3_update(KECCAK1600_CTX *ctx, const void *_inp, size_t len)
  37. {
  38. const unsigned char *inp = _inp;
  39. size_t bsz = ctx->block_size;
  40. size_t num, rem;
  41. if (len == 0)
  42. return 1;
  43. if ((num = ctx->bufsz) != 0) { /* process intermediate buffer? */
  44. rem = bsz - num;
  45. if (len < rem) {
  46. memcpy(ctx->buf + num, inp, len);
  47. ctx->bufsz += len;
  48. return 1;
  49. }
  50. /*
  51. * We have enough data to fill or overflow the intermediate
  52. * buffer. So we append |rem| bytes and process the block,
  53. * leaving the rest for later processing...
  54. */
  55. memcpy(ctx->buf + num, inp, rem);
  56. inp += rem, len -= rem;
  57. (void)SHA3_absorb(ctx->A, ctx->buf, bsz, bsz);
  58. ctx->bufsz = 0;
  59. /* ctx->buf is processed, ctx->num is guaranteed to be zero */
  60. }
  61. if (len >= bsz)
  62. rem = SHA3_absorb(ctx->A, inp, len, bsz);
  63. else
  64. rem = len;
  65. if (rem) {
  66. memcpy(ctx->buf, inp + len - rem, rem);
  67. ctx->bufsz = rem;
  68. }
  69. return 1;
  70. }
  71. int sha3_final(unsigned char *md, KECCAK1600_CTX *ctx)
  72. {
  73. size_t bsz = ctx->block_size;
  74. size_t num = ctx->bufsz;
  75. if (ctx->md_size == 0)
  76. return 1;
  77. /*
  78. * Pad the data with 10*1. Note that |num| can be |bsz - 1|
  79. * in which case both byte operations below are performed on
  80. * same byte...
  81. */
  82. memset(ctx->buf + num, 0, bsz - num);
  83. ctx->buf[num] = ctx->pad;
  84. ctx->buf[bsz - 1] |= 0x80;
  85. (void)SHA3_absorb(ctx->A, ctx->buf, bsz, bsz);
  86. SHA3_squeeze(ctx->A, md, ctx->md_size, bsz);
  87. return 1;
  88. }