From e2d8ba51ecd9a302641e63bf7aafbcddb8da1375 Mon Sep 17 00:00:00 2001 From: Mattias Andrée Date: Sat, 26 Feb 2022 14:09:49 +0100 Subject: Fix libkeccak_degeneralise_spec and add missing error: LIBKECCAK_GENERALISED_SPEC_ERROR_STATE_BITRATE_CAPACITY_INCONSISTENCY MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Mattias Andrée --- libkeccak.h | 10 +++++++++- libkeccak_degeneralise_spec.3 | 4 ++++ libkeccak_degeneralise_spec.c | 34 ++++++++++++++++------------------ 3 files changed, 29 insertions(+), 19 deletions(-) diff --git a/libkeccak.h b/libkeccak.h index 1244aec..932c5de 100644 --- a/libkeccak.h +++ b/libkeccak.h @@ -160,6 +160,14 @@ */ #define LIBKECCAK_GENERALISED_SPEC_ERROR_OUTPUT_NONPOSITIVE 11 +/** + * Invalid `struct libkeccak_generalised_spec.state_size`, + * `struct libkeccak_generalised_spec.bitrate`, and + * `struct libkeccak_generalised_spec.capacity`: + * `.bitrate + .capacity != .state_size` + */ +#define LIBKECCAK_GENERALISED_SPEC_ERROR_STATE_BITRATE_CAPACITY_INCONSISTENCY 12 + /** * Data structure that describes the parameters @@ -313,7 +321,7 @@ libkeccak_spec_rawshake(struct libkeccak_spec *spec, long int x, long int d) } /** - * Fill in a `struct libkeccak_spec` for a SHAKEx hashing +< * Fill in a `struct libkeccak_spec` for a SHAKEx hashing * * @param spec:struct libkeccak_spec * The specifications datastructure to fill in * @param x:long The value of x in `SHAKEx`, half the capacity diff --git a/libkeccak_degeneralise_spec.3 b/libkeccak_degeneralise_spec.3 index bed40c4..b4819b3 100644 --- a/libkeccak_degeneralise_spec.3 +++ b/libkeccak_degeneralise_spec.3 @@ -84,6 +84,10 @@ modulus 8, that is, it was not in whole bytes. .TP .B LIBKECCAK_GENERALISED_SPEC_ERROR_OUTPUT_NONPOSITIVE The specified output size was non-positive. +.TP +.B LIBKECCAK_GENERALISED_SPEC_ERROR_STATE_BITRATE_CAPACITY_INCONSISTENCY +The sum of the bitrate and the capacity does not equal +the state size (25 times the word size). .PP Note that there may be more than one error. Only the first detected is returned. diff --git a/libkeccak_degeneralise_spec.c b/libkeccak_degeneralise_spec.c index 7fc51aa..99c8e00 100644 --- a/libkeccak_degeneralise_spec.c +++ b/libkeccak_degeneralise_spec.c @@ -81,29 +81,27 @@ libkeccak_degeneralise_spec(struct libkeccak_generalised_spec *restrict spec, st } - if (!have_bitrate && !have_capacity && !have_output) { - state_size = deft(state_size, 1600L); - output = ((state_size << 5) / 100L + 7L) & ~0x07L; - bitrate = output << 1; - capacity = state_size - bitrate; - output = output >= 8 ? output : 8; - } else if (!have_bitrate && !have_capacity) { - bitrate = 1024; - capacity = 1600 - 1024; - state_size = deft(state_size, bitrate + capacity); - } else if (!have_bitrate) { + if (have_bitrate + have_capacity == 2) { + if (!have_state_size) { + state_size = bitrate + capacity; + output = deft(output, capacity * 2L <= 8 ? 8 : capacity * 2L); + } else if (state_size != bitrate + capacity) { + return LIBKECCAK_GENERALISED_SPEC_ERROR_STATE_BITRATE_CAPACITY_INCONSISTENCY; + } + } else if (have_bitrate + have_capacity == 1) { state_size = deft(state_size, 1600L); - bitrate = state_size - capacity; - output = deft(output, capacity == 8 ? 8 : (capacity << 1)); - } else if (!have_capacity) { + bitrate = deft(bitrate, state_size - capacity); + capacity = deft(capacity, state_size - bitrate); + output = deft(output, capacity * 2L <= 8 ? 8 : capacity * 2L); + } else { state_size = deft(state_size, 1600L); + output = deft(output, (state_size * 32L / 100L + 7L) & ~7L); + bitrate = 2L * output; capacity = state_size - bitrate; - output = deft(output, capacity == 8 ? 8 : (capacity << 1)); - } else { - state_size = deft(state_size, bitrate + capacity); - output = deft(output, capacity == 8 ? 8 : (capacity << 1)); + output = deft(output, bitrate / 2L <= 8 ? 8 : bitrate / 2L); } + spec->capacity = output_spec->capacity = capacity; spec->bitrate = output_spec->bitrate = bitrate; spec->output = output_spec->output = output; -- cgit v1.2.3-70-g09d2