| 1 | /* |
|---|---|
| 2 | * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. |
| 3 | * |
| 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
| 5 | * this file except in compliance with the License. You can obtain a copy |
| 6 | * in the file LICENSE in the source distribution or at |
| 7 | * https://www.openssl.org/source/license.html |
| 8 | */ |
| 9 | |
| 10 | #include <string.h> |
| 11 | #include "internal/sha3.h" |
| 12 | |
| 13 | void SHA3_squeeze(uint64_t A[5][5], unsigned char *out, size_t len, size_t r); |
| 14 | |
| 15 | void sha3_reset(KECCAK1600_CTX *ctx) |
| 16 | { |
| 17 | memset(ctx->A, 0, sizeof(ctx->A)); |
| 18 | ctx->bufsz = 0; |
| 19 | } |
| 20 | |
| 21 | int sha3_init(KECCAK1600_CTX *ctx, unsigned char pad, size_t bitlen) |
| 22 | { |
| 23 | size_t bsz = SHA3_BLOCKSIZE(bitlen); |
| 24 | |
| 25 | if (bsz <= sizeof(ctx->buf)) { |
| 26 | sha3_reset(ctx); |
| 27 | ctx->block_size = bsz; |
| 28 | ctx->md_size = bitlen / 8; |
| 29 | ctx->pad = pad; |
| 30 | return 1; |
| 31 | } |
| 32 | |
| 33 | return 0; |
| 34 | } |
| 35 | |
| 36 | int keccak_kmac_init(KECCAK1600_CTX *ctx, unsigned char pad, size_t bitlen) |
| 37 | { |
| 38 | int ret = sha3_init(ctx, pad, bitlen); |
| 39 | |
| 40 | if (ret) |
| 41 | ctx->md_size *= 2; |
| 42 | return ret; |
| 43 | } |
| 44 | |
| 45 | int sha3_update(KECCAK1600_CTX *ctx, const void *_inp, size_t len) |
| 46 | { |
| 47 | const unsigned char *inp = _inp; |
| 48 | size_t bsz = ctx->block_size; |
| 49 | size_t num, rem; |
| 50 | |
| 51 | if (len == 0) |
| 52 | return 1; |
| 53 | |
| 54 | if ((num = ctx->bufsz) != 0) { /* process intermediate buffer? */ |
| 55 | rem = bsz - num; |
| 56 | |
| 57 | if (len < rem) { |
| 58 | memcpy(ctx->buf + num, inp, len); |
| 59 | ctx->bufsz += len; |
| 60 | return 1; |
| 61 | } |
| 62 | /* |
| 63 | * We have enough data to fill or overflow the intermediate |
| 64 | * buffer. So we append |rem| bytes and process the block, |
| 65 | * leaving the rest for later processing... |
| 66 | */ |
| 67 | memcpy(ctx->buf + num, inp, rem); |
| 68 | inp += rem, len -= rem; |
| 69 | (void)SHA3_absorb(ctx->A, ctx->buf, bsz, bsz); |
| 70 | ctx->bufsz = 0; |
| 71 | /* ctx->buf is processed, ctx->num is guaranteed to be zero */ |
| 72 | } |
| 73 | |
| 74 | if (len >= bsz) |
| 75 | rem = SHA3_absorb(ctx->A, inp, len, bsz); |
| 76 | else |
| 77 | rem = len; |
| 78 | |
| 79 | if (rem) { |
| 80 | memcpy(ctx->buf, inp + len - rem, rem); |
| 81 | ctx->bufsz = rem; |
| 82 | } |
| 83 | |
| 84 | return 1; |
| 85 | } |
| 86 | |
| 87 | int sha3_final(unsigned char *md, KECCAK1600_CTX *ctx) |
| 88 | { |
| 89 | size_t bsz = ctx->block_size; |
| 90 | size_t num = ctx->bufsz; |
| 91 | |
| 92 | if (ctx->md_size == 0) |
| 93 | return 1; |
| 94 | |
| 95 | /* |
| 96 | * Pad the data with 10*1. Note that |num| can be |bsz - 1| |
| 97 | * in which case both byte operations below are performed on |
| 98 | * same byte... |
| 99 | */ |
| 100 | memset(ctx->buf + num, 0, bsz - num); |
| 101 | ctx->buf[num] = ctx->pad; |
| 102 | ctx->buf[bsz - 1] |= 0x80; |
| 103 | |
| 104 | (void)SHA3_absorb(ctx->A, ctx->buf, bsz, bsz); |
| 105 | |
| 106 | SHA3_squeeze(ctx->A, md, ctx->md_size, bsz); |
| 107 | |
| 108 | return 1; |
| 109 | } |
| 110 |
Generated on 2020-Jan-04 from project ClickHouse revision 19.17.6
Powered by 
Code Browser 2.1
Generator usage only permitted with license.