summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbrian m. carlson <sandals@crustytoothpaste.net>2015-10-10 18:54:52 +0000
committerbrian m. carlson <sandals@crustytoothpaste.net>2015-10-10 18:54:52 +0000
commit6c3c33be65d361fb70d6000606114f95aa5e4f6d (patch)
treee0cea713ce994ea981802dbf6eead318392a3a07
parent8c3cd45101f127a1e2de42b3a78b69b0b94d2c46 (diff)
keccak: properly complement data for SHAKE.
Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net>
-rw-r--r--impl/hash/keccak/keccak.cc14
1 files changed, 8 insertions, 6 deletions
diff --git a/impl/hash/keccak/keccak.cc b/impl/hash/keccak/keccak.cc
index 5d232fc..e67194d 100644
--- a/impl/hash/keccak/keccak.cc
+++ b/impl/hash/keccak/keccak.cc
@@ -843,12 +843,6 @@ void drew::KeccakCompact::GetDigest(uint8_t *digest, size_t len,
if (!nopad)
Pad();
- m_hash[1+5*0] = ~m_hash[1+5*0];
- m_hash[2+5*0] = ~m_hash[2+5*0];
- m_hash[3+5*1] = ~m_hash[3+5*1];
- m_hash[2+5*2] = ~m_hash[2+5*2];
- m_hash[2+5*3] = ~m_hash[2+5*3];
- m_hash[0+5*4] = ~m_hash[0+5*4];
const size_t nwords = m_r / sizeof(uint64_t);
uint8_t *d = digest;
for (size_t i = 0; i < len; i += m_r, d += m_r) {
@@ -856,7 +850,15 @@ void drew::KeccakCompact::GetDigest(uint8_t *digest, size_t len,
for (size_t y = 0; y < DivideAndRoundUp(nwords, 5); y++)
for (size_t x = 0; x < 5 && (x+(5*y)) < nwords; x++)
b[x + (5*y)] = m_hash[x+5*y];
+ b[1+5*0] = ~b[1+5*0];
+ b[2+5*0] = ~b[2+5*0];
+ b[3+5*1] = ~b[3+5*1];
+ b[2+5*2] = ~b[2+5*2];
+ b[2+5*3] = ~b[2+5*3];
+ b[0+5*4] = ~b[0+5*4];
E::CopyCarefully(d, b, std::min(m_r, len - i));
+ if (i + m_r < len)
+ Transform(m_hash, NULL, 0);
}
}