diff --git a/crypto/dilithium/pqcrystals_dilithium_ref_common/params.h b/crypto/dilithium/pqcrystals_dilithium_ref_common/params.h index f67d751664..633de6accd 100644 --- a/crypto/dilithium/pqcrystals_dilithium_ref_common/params.h +++ b/crypto/dilithium/pqcrystals_dilithium_ref_common/params.h @@ -41,7 +41,7 @@ typedef struct { #define ML_DSA_L_MAX (7) #define ML_DSA_C_TILDE_BYTES_MAX (64) #define ML_DSA_POLYW1_PACKEDBYTES_MAX (192) -#define ML_DSA_POLY_UNIFORM_ETA_NBLOCKS_MAX ((227 + SHAKE256_RATE - 1)/SHAKE256_RATE) +#define ML_DSA_POLY_UNIFORM_ETA_NBLOCKS_MAX ((227 + SHAKE256_BLOCKSIZE - 1)/SHAKE256_BLOCKSIZE) #define ML_DSA_POLYZ_PACKEDBYTES_MAX (576) void ml_dsa_44_params_init(ml_dsa_params *params); diff --git a/crypto/dilithium/pqcrystals_dilithium_ref_common/poly.c b/crypto/dilithium/pqcrystals_dilithium_ref_common/poly.c index 063212864b..42809f98e3 100644 --- a/crypto/dilithium/pqcrystals_dilithium_ref_common/poly.c +++ b/crypto/dilithium/pqcrystals_dilithium_ref_common/poly.c @@ -301,14 +301,14 @@ static unsigned int ml_dsa_rej_uniform(int32_t *a, * - const uint8_t seed[]: byte array with seed of length SEEDBYTES * - uint16_t nonce: 2-byte nonce **************************************************/ -#define POLY_UNIFORM_NBLOCKS ((768 + SHAKE128_RATE - 1)/ SHAKE128_RATE) +#define POLY_UNIFORM_NBLOCKS ((768 + SHAKE128_BLOCKSIZE - 1)/ SHAKE128_BLOCKSIZE) void ml_dsa_poly_uniform(ml_dsa_poly *a, const uint8_t seed[ML_DSA_SEEDBYTES], uint16_t nonce) { unsigned int i, ctr, off; - unsigned int buflen = POLY_UNIFORM_NBLOCKS*SHAKE128_RATE; - uint8_t buf[POLY_UNIFORM_NBLOCKS*SHAKE128_RATE + 2]; + unsigned int buflen = POLY_UNIFORM_NBLOCKS*SHAKE128_BLOCKSIZE; + uint8_t buf[POLY_UNIFORM_NBLOCKS*SHAKE128_BLOCKSIZE + 2]; KECCAK1600_CTX state; uint8_t t[2]; @@ -328,7 +328,7 @@ void ml_dsa_poly_uniform(ml_dsa_poly *a, buf[i] = buf[buflen - off + i]; SHAKE_Final(buf + off, &state, POLY_UNIFORM_NBLOCKS * SHAKE128_BLOCKSIZE); - buflen = SHAKE128_RATE + off; + buflen = SHAKE128_BLOCKSIZE + off; ctr += ml_dsa_rej_uniform(a->coeffs + ctr, ML_DSA_N - ctr, buf, buflen); } /* FIPS 204. Section 3.6.3 Destruction of intermediate values. */ @@ -409,8 +409,8 @@ void ml_dsa_poly_uniform_eta(ml_dsa_params *params, uint16_t nonce) { unsigned int ctr; - unsigned int buflen = ML_DSA_POLY_UNIFORM_ETA_NBLOCKS_MAX * SHAKE256_RATE; - uint8_t buf[ML_DSA_POLY_UNIFORM_ETA_NBLOCKS_MAX * SHAKE256_RATE]; + unsigned int buflen = ML_DSA_POLY_UNIFORM_ETA_NBLOCKS_MAX * SHAKE256_BLOCKSIZE; + uint8_t buf[ML_DSA_POLY_UNIFORM_ETA_NBLOCKS_MAX * SHAKE256_BLOCKSIZE]; KECCAK1600_CTX state; uint8_t t[2]; @@ -426,7 +426,7 @@ void ml_dsa_poly_uniform_eta(ml_dsa_params *params, while(ctr < ML_DSA_N) { SHAKE_Final(buf, &state, SHAKE256_BLOCKSIZE); - ctr += rej_eta(params, a->coeffs + ctr, ML_DSA_N - ctr, buf, SHAKE256_RATE); + ctr += rej_eta(params, a->coeffs + ctr, ML_DSA_N - ctr, buf, SHAKE256_BLOCKSIZE); } /* FIPS 204. Section 3.6.3 Destruction of intermediate values. */ OPENSSL_cleanse(buf, sizeof(buf)); @@ -445,13 +445,13 @@ void ml_dsa_poly_uniform_eta(ml_dsa_params *params, * - const uint8_t seed[]: byte array with seed of length CRHBYTES * - uint16_t nonce: 16-bit nonce **************************************************/ -#define POLY_UNIFORM_GAMMA1_NBLOCKS ((ML_DSA_POLYZ_PACKEDBYTES_MAX + SHAKE256_RATE - 1) / SHAKE256_RATE) +#define POLY_UNIFORM_GAMMA1_NBLOCKS ((ML_DSA_POLYZ_PACKEDBYTES_MAX + SHAKE256_BLOCKSIZE - 1) / SHAKE256_BLOCKSIZE) void ml_dsa_poly_uniform_gamma1(ml_dsa_params *params, ml_dsa_poly *a, const uint8_t seed[ML_DSA_CRHBYTES], uint16_t nonce) { - uint8_t buf[POLY_UNIFORM_GAMMA1_NBLOCKS * SHAKE256_RATE]; + uint8_t buf[POLY_UNIFORM_GAMMA1_NBLOCKS * SHAKE256_BLOCKSIZE]; KECCAK1600_CTX state; uint8_t t[2]; @@ -483,7 +483,7 @@ void ml_dsa_poly_uniform_gamma1(ml_dsa_params *params, void ml_dsa_poly_challenge(ml_dsa_params *params, ml_dsa_poly *c, const uint8_t *seed) { unsigned int i, b, pos; uint64_t signs; - uint8_t buf[SHAKE256_RATE]; + uint8_t buf[SHAKE256_BLOCKSIZE]; KECCAK1600_CTX state; SHAKE_Init(&state, SHAKE256_BLOCKSIZE); @@ -501,7 +501,7 @@ void ml_dsa_poly_challenge(ml_dsa_params *params, ml_dsa_poly *c, const uint8_t } for(i = ML_DSA_N-params->tau; i < ML_DSA_N; ++i) { do { - if(pos >= SHAKE256_RATE) { + if(pos >= SHAKE256_BLOCKSIZE) { SHAKE_Final(buf, &state, SHAKE256_BLOCKSIZE); pos = 0; } diff --git a/crypto/fipsmodule/ml_kem/ml_kem_ref/symmetric-shake.c b/crypto/fipsmodule/ml_kem/ml_kem_ref/symmetric-shake.c index 02f2f0f70a..d31d7136fd 100644 --- a/crypto/fipsmodule/ml_kem/ml_kem_ref/symmetric-shake.c +++ b/crypto/fipsmodule/ml_kem/ml_kem_ref/symmetric-shake.c @@ -37,7 +37,7 @@ void kyber_shake128_absorb(KECCAK1600_CTX *ctx, * Name: kyber_shake128_squeeze * * Description: Squeeze step of SHAKE128 XOF. Squeezes full blocks of -* SHAKE128_RATE bytes each. Can be called multiple times +* SHAKE128_BLOCKSIZE bytes each. Can be called multiple times * to keep squeezing. Assumes new block has not yet been * started. * diff --git a/crypto/fipsmodule/sha/asm/keccak1600-armv8.pl b/crypto/fipsmodule/sha/asm/keccak1600-armv8.pl index 38b14d1389..adae3b017a 100755 --- a/crypto/fipsmodule/sha/asm/keccak1600-armv8.pl +++ b/crypto/fipsmodule/sha/asm/keccak1600-armv8.pl @@ -343,10 +343,10 @@ AARCH64_VALIDATE_LINK_REGISTER ret .size KeccakF1600,.-KeccakF1600 -.globl SHA3_Absorb_hw -.type SHA3_Absorb_hw,%function +.globl Keccak1600_Absorb_hw +.type Keccak1600_Absorb_hw,%function .align 5 -SHA3_Absorb_hw: +Keccak1600_Absorb_hw: AARCH64_SIGN_LINK_REGISTER stp x29,x30,[sp,#-128]! add x29,sp,#0 @@ -438,15 +438,15 @@ ldp x29,x30,[sp],#128 AARCH64_VALIDATE_LINK_REGISTER ret -.size SHA3_Absorb_hw,.-SHA3_Absorb_hw +.size Keccak1600_Absorb_hw,.-Keccak1600_Absorb_hw ___ { my ($A_flat,$out,$len,$bsz) = map("x$_",(19..22)); $code.=<<___; -.globl SHA3_Squeeze_hw -.type SHA3_Squeeze_hw,%function +.globl Keccak1600_Squeeze_hw +.type Keccak1600_Squeeze_hw,%function .align 5 -SHA3_Squeeze_hw: +Keccak1600_Squeeze_hw: AARCH64_SIGN_LINK_REGISTER stp x29,x30,[sp,#-48]! add x29,sp,#0 @@ -512,7 +512,7 @@ ldp x29,x30,[sp],#48 AARCH64_VALIDATE_LINK_REGISTER ret -.size SHA3_Squeeze_hw,.-SHA3_Squeeze_hw +.size Keccak1600_Squeeze_hw,.-Keccak1600_Squeeze_hw ___ } }}} {{{ @@ -650,10 +650,10 @@ my ($ctx,$inp,$len,$bsz) = map("x$_",(0..3)); $code.=<<___; -.globl SHA3_Absorb_cext -.type SHA3_Absorb_cext,%function +.globl Keccak1600_Absorb_cext +.type Keccak1600_Absorb_cext,%function .align 5 -SHA3_Absorb_cext: +Keccak1600_Absorb_cext: AARCH64_SIGN_LINK_REGISTER stp x29,x30,[sp,#-80]! add x29,sp,#0 @@ -722,16 +722,16 @@ ldp x29,x30,[sp],#80 AARCH64_VALIDATE_LINK_REGISTER ret -.size SHA3_Absorb_cext,.-SHA3_Absorb_cext +.size Keccak1600_Absorb_cext,.-Keccak1600_Absorb_cext ___ } { my ($ctx,$out,$len,$bsz) = map("x$_",(0..3)); $code.=<<___; -.globl SHA3_Squeeze_cext -.type SHA3_Squeeze_cext,%function +.globl Keccak1600_Squeeze_cext +.type Keccak1600_Squeeze_cext,%function .align 5 -SHA3_Squeeze_cext: +Keccak1600_Squeeze_cext: AARCH64_SIGN_LINK_REGISTER stp x29,x30,[sp,#-16]! add x29,sp,#0 @@ -787,7 +787,7 @@ ldr x29,[sp],#16 AARCH64_VALIDATE_LINK_REGISTER ret -.size SHA3_Squeeze_cext,.-SHA3_Squeeze_cext +.size Keccak1600_Squeeze_cext,.-Keccak1600_Squeeze_cext ___ } }}} $code.=<<___; diff --git a/crypto/fipsmodule/sha/internal.h b/crypto/fipsmodule/sha/internal.h index c796a51c5f..2a42d6aa8a 100644 --- a/crypto/fipsmodule/sha/internal.h +++ b/crypto/fipsmodule/sha/internal.h @@ -39,7 +39,7 @@ extern "C" { // SHA3 constants, from NIST FIPS202. // https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf -#define SHA3_ROWS 5 +#define KECCAK1600_ROWS 5 #define KECCAK1600_WIDTH 1600 #define SHA3_224_CAPACITY_BYTES 56 @@ -64,11 +64,9 @@ extern "C" { // SHAKE constants, from NIST FIPS202. // https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf #define SHAKE_PAD_CHAR 0x1F -#define SHAKE128_BLOCKSIZE (KECCAK1600_WIDTH - 128 * 2) / 8 -#define SHAKE256_BLOCKSIZE (KECCAK1600_WIDTH - 256 * 2) / 8 -#define SHAKE128_RATE 168 -#define SHAKE256_RATE 136 -#define XOF_BLOCKBYTES SHAKE128_RATE +#define SHAKE128_BLOCKSIZE ((KECCAK1600_WIDTH - 128 * 2) / 8) +#define SHAKE256_BLOCKSIZE ((KECCAK1600_WIDTH - 256 * 2) / 8) +#define XOF_BLOCKBYTES SHAKE128_BLOCKSIZE // SHAKE128 has the maximum block size among the SHA3/SHAKE algorithms. #define SHA3_MAX_BLOCKSIZE SHAKE128_BLOCKSIZE @@ -78,7 +76,7 @@ typedef struct keccak_st KECCAK1600_CTX; // The data buffer should have at least the maximum number of // block size bytes to fit any SHA3/SHAKE block length. struct keccak_st { - uint64_t A[SHA3_ROWS][SHA3_ROWS]; + uint64_t A[KECCAK1600_ROWS][KECCAK1600_ROWS]; size_t block_size; // cached ctx->digest->block_size size_t md_size; // output length, variable in XOF (SHAKE) size_t buf_load; // used bytes in below buffer @@ -400,41 +398,39 @@ OPENSSL_EXPORT uint8_t *SHAKE256(const uint8_t *data, const size_t in_len, // SHAKE_Init initializes |ctx| with specified |block_size|, returns 1 on // success and 0 on failure. Calls SHA3_Init under the hood. -OPENSSL_EXPORT int SHAKE_Init(KECCAK1600_CTX *ctx, size_t block_size); +int SHAKE_Init(KECCAK1600_CTX *ctx, size_t block_size); // SHAKE_Final writes |len| bytes of finalized digest to |md|, returns 1 on // success and 0 on failure. Calls SHA3_Final under the hood. -OPENSSL_EXPORT int SHAKE_Final(uint8_t *md, KECCAK1600_CTX *ctx, size_t len); +int SHAKE_Final(uint8_t *md, KECCAK1600_CTX *ctx, size_t len); // SHA3_Reset zeros the bitstate and the amount of processed input. -OPENSSL_EXPORT void SHA3_Reset(KECCAK1600_CTX *ctx); +void SHA3_Reset(KECCAK1600_CTX *ctx); // SHA3_Init initialises |ctx| fields and returns 1 on success and 0 on failure. -OPENSSL_EXPORT int SHA3_Init(KECCAK1600_CTX *ctx, uint8_t pad, - size_t bitlen); +OPENSSL_EXPORT int SHA3_Init(KECCAK1600_CTX *ctx, uint8_t pad, size_t bitlen); // SHA3_Update processes all data blocks that don't need pad through -// |SHA3_Absorb| and returns 1 and 0 on failure. -OPENSSL_EXPORT int SHA3_Update(KECCAK1600_CTX *ctx, const void *data, - size_t len); +// |Keccak1600_Absorb| and returns 1 and 0 on failure. +int SHA3_Update(KECCAK1600_CTX *ctx, const void *data, size_t len); -// SHA3_Final pads the last data block and processes it through |SHA3_Absorb|. -// It processes the data through |SHA3_Squeeze| and returns 1 and 0 on failure. -OPENSSL_EXPORT int SHA3_Final(uint8_t *md, KECCAK1600_CTX *ctx); +// SHA3_Final pads the last data block and processes it through |Keccak1600_Absorb|. +// It processes the data through |Keccak1600_Squeeze| and returns 1 and 0 on failure. +int SHA3_Final(uint8_t *md, KECCAK1600_CTX *ctx); -// SHA3_Absorb processes the largest multiple of |r| out of |len| bytes and +// Keccak1600_Absorb processes the largest multiple of |r| out of |len| bytes and // returns the remaining number of bytes. -OPENSSL_EXPORT size_t SHA3_Absorb(uint64_t A[SHA3_ROWS][SHA3_ROWS], - const uint8_t *data, size_t len, size_t r); +size_t Keccak1600_Absorb(uint64_t A[KECCAK1600_ROWS][KECCAK1600_ROWS], + const uint8_t *data, size_t len, size_t r); -// SHA3_Squeeze generates |out| value of |len| bytes (per call). It can be called +// Keccak1600_Squeeze generates |out| value of |len| bytes (per call). It can be called // multiple times when used as eXtendable Output Function. |padded| indicates -// whether it is the first call to SHA3_Squeeze; i.e., if the current block has -// been already processed and padded right after the last call to SHA3_Absorb. +// whether it is the first call to Keccak1600_Squeeze; i.e., if the current block has +// been already processed and padded right after the last call to Keccak1600_Absorb. // Squeezes full blocks of |r| bytes each. When performing multiple squeezes, any // left over bytes from previous squeezes are not consumed, and |len| must be a // multiple of the block size (except on the final squeeze). -OPENSSL_EXPORT void SHA3_Squeeze(uint64_t A[SHA3_ROWS][SHA3_ROWS], +OPENSSL_EXPORT void Keccak1600_Squeeze(uint64_t A[KECCAK1600_ROWS][KECCAK1600_ROWS], uint8_t *out, size_t len, size_t r, int padded); #if defined(__cplusplus) diff --git a/crypto/fipsmodule/sha/keccak1600.c b/crypto/fipsmodule/sha/keccak1600.c index a8d9872ec1..f39a668810 100644 --- a/crypto/fipsmodule/sha/keccak1600.c +++ b/crypto/fipsmodule/sha/keccak1600.c @@ -23,7 +23,7 @@ #if !defined(KECCAK1600_ASM) -static const uint8_t rhotates[SHA3_ROWS][SHA3_ROWS] = { +static const uint8_t rhotates[KECCAK1600_ROWS][KECCAK1600_ROWS] = { { 0, 1, 62, 28, 27 }, { 36, 44, 6, 55, 20 }, { 3, 10, 43, 25, 39 }, @@ -103,9 +103,9 @@ static uint64_t ROL64(uint64_t val, int offset) // it with actual data (see round loop below). // It ensures best compiler interpretation to assembly and provides best // instruction per processed byte ratio at minimal round unroll factor. -static void Round(uint64_t R[SHA3_ROWS][SHA3_ROWS], uint64_t A[SHA3_ROWS][SHA3_ROWS], size_t i) +static void Round(uint64_t R[KECCAK1600_ROWS][KECCAK1600_ROWS], uint64_t A[KECCAK1600_ROWS][KECCAK1600_ROWS], size_t i) { - uint64_t C[SHA3_ROWS], D[SHA3_ROWS]; + uint64_t C[KECCAK1600_ROWS], D[KECCAK1600_ROWS]; assert(i < (sizeof(iotas) / sizeof(iotas[0]))); @@ -222,9 +222,9 @@ static void Round(uint64_t R[SHA3_ROWS][SHA3_ROWS], uint64_t A[SHA3_ROWS][SHA3_R #endif } -static void KeccakF1600(uint64_t A[SHA3_ROWS][SHA3_ROWS]) +static void KeccakF1600(uint64_t A[KECCAK1600_ROWS][KECCAK1600_ROWS]) { - uint64_t T[SHA3_ROWS][SHA3_ROWS]; + uint64_t T[KECCAK1600_ROWS][KECCAK1600_ROWS]; size_t i; #ifdef KECCAK_COMPLEMENTING_TRANSFORM @@ -323,7 +323,7 @@ static uint64_t BitDeinterleave(uint64_t Ai) return Ai; } - // SHA3_Absorb can be called multiple times; at each invocation the + // Keccak1600_Absorb can be called multiple times; at each invocation the // largest multiple of |r| out of |len| bytes are processed. The // remaining amount of bytes is returned. This is done to spare caller // trouble of calculating the largest multiple of |r|. |r| can be viewed @@ -331,7 +331,7 @@ static uint64_t BitDeinterleave(uint64_t Ai) // 72, but can also be (1600 - 448)/8 = 144. All this means that message // padding and intermediate sub-block buffering, byte- or bitwise, is // caller's responsibility. -size_t SHA3_Absorb(uint64_t A[SHA3_ROWS][SHA3_ROWS], const uint8_t *inp, size_t len, +size_t Keccak1600_Absorb(uint64_t A[KECCAK1600_ROWS][KECCAK1600_ROWS], const uint8_t *inp, size_t len, size_t r) { uint64_t *A_flat = (uint64_t *)A; @@ -356,8 +356,8 @@ size_t SHA3_Absorb(uint64_t A[SHA3_ROWS][SHA3_ROWS], const uint8_t *inp, size_t return len; } -void SHA3_Squeeze(uint64_t A[SHA3_ROWS][SHA3_ROWS], uint8_t *out, size_t len, size_t r, int padded) -// SHA3_Squeeze can be called multiple times to incrementally +void Keccak1600_Squeeze(uint64_t A[KECCAK1600_ROWS][KECCAK1600_ROWS], uint8_t *out, size_t len, size_t r, int padded) +// Keccak1600_Squeeze can be called multiple times to incrementally { uint64_t *A_flat = (uint64_t *)A; size_t i, w = r / 8; @@ -396,19 +396,19 @@ void SHA3_Squeeze(uint64_t A[SHA3_ROWS][SHA3_ROWS], uint8_t *out, size_t len, si #else -size_t SHA3_Absorb_hw(uint64_t A[SHA3_ROWS][SHA3_ROWS], const uint8_t *inp, size_t len, +size_t Keccak1600_Absorb_hw(uint64_t A[KECCAK1600_ROWS][KECCAK1600_ROWS], const uint8_t *inp, size_t len, size_t r); -size_t SHA3_Absorb(uint64_t A[SHA3_ROWS][SHA3_ROWS], const uint8_t *inp, size_t len, +size_t Keccak1600_Absorb(uint64_t A[KECCAK1600_ROWS][KECCAK1600_ROWS], const uint8_t *inp, size_t len, size_t r) { - return SHA3_Absorb_hw(A, inp, len, r); + return Keccak1600_Absorb_hw(A, inp, len, r); } -size_t SHA3_Squeeze_hw(uint64_t A[SHA3_ROWS][SHA3_ROWS], const uint8_t *out, size_t len, +size_t Keccak1600_Squeeze_hw(uint64_t A[KECCAK1600_ROWS][KECCAK1600_ROWS], const uint8_t *out, size_t len, size_t r, int padded); -void SHA3_Squeeze(uint64_t A[SHA3_ROWS][SHA3_ROWS], uint8_t *out, size_t len, size_t r, int padded) { - SHA3_Squeeze_hw(A, out, len, r, padded); +void Keccak1600_Squeeze(uint64_t A[KECCAK1600_ROWS][KECCAK1600_ROWS], uint8_t *out, size_t len, size_t r, int padded) { + Keccak1600_Squeeze_hw(A, out, len, r, padded); } #endif // !KECCAK1600_ASM diff --git a/crypto/fipsmodule/sha/sha3.c b/crypto/fipsmodule/sha/sha3.c index c6cbd7cabc..c08f99e744 100644 --- a/crypto/fipsmodule/sha/sha3.c +++ b/crypto/fipsmodule/sha/sha3.c @@ -180,7 +180,7 @@ int SHA3_Update(KECCAK1600_CTX *ctx, const void *data, size_t len) { // leaving the rest for later processing. memcpy(ctx->buf + num, data_ptr_copy, rem); data_ptr_copy += rem, len -= rem; - if (SHA3_Absorb(ctx->A, ctx->buf, block_size, block_size) != 0 ) { + if (Keccak1600_Absorb(ctx->A, ctx->buf, block_size, block_size) != 0 ) { return 0; } ctx->buf_load = 0; @@ -188,7 +188,7 @@ int SHA3_Update(KECCAK1600_CTX *ctx, const void *data, size_t len) { } if (len >= block_size) { - rem = SHA3_Absorb(ctx->A, data_ptr_copy, len, block_size); + rem = Keccak1600_Absorb(ctx->A, data_ptr_copy, len, block_size); } else { rem = len; @@ -218,12 +218,12 @@ int SHA3_Final(uint8_t *md, KECCAK1600_CTX *ctx) { ctx->buf[num] = ctx->pad; ctx->buf[block_size - 1] |= 0x80; - if (SHA3_Absorb(ctx->A, ctx->buf, block_size, block_size) != 0) { + if (Keccak1600_Absorb(ctx->A, ctx->buf, block_size, block_size) != 0) { return 0; } } - SHA3_Squeeze(ctx->A, md, ctx->md_size, block_size, ctx->padded); + Keccak1600_Squeeze(ctx->A, md, ctx->md_size, block_size, ctx->padded); ctx->padded = 1; FIPS_service_indicator_update_state(); diff --git a/crypto/fipsmodule/sha/sha3_test.cc b/crypto/fipsmodule/sha/sha3_test.cc index 421a57fe95..23cba17886 100644 --- a/crypto/fipsmodule/sha/sha3_test.cc +++ b/crypto/fipsmodule/sha/sha3_test.cc @@ -211,7 +211,7 @@ TEST(KeccakInternalTest, SqueezeOutputBufferOverflow) { EXPECT_TRUE(SHA3_Init(&ctx, SHA3_PAD_CHAR, SHA3_384_DIGEST_BITLENGTH)); out.resize(out_len + canary.size()); std::copy(canary.begin(), canary.end(), out.end() - canary.size()); - SHA3_Squeeze(ctx.A, out.data(), out_len, ctx.block_size, 1); + Keccak1600_Squeeze(ctx.A, out.data(), out_len, ctx.block_size, 1); EXPECT_TRUE(std::equal(out.end() - canary.size(), out.end(), canary.begin()) == true); } diff --git a/generated-src/ios-aarch64/crypto/fipsmodule/keccak1600-armv8.S b/generated-src/ios-aarch64/crypto/fipsmodule/keccak1600-armv8.S index 06ca1701b8..712d37dd89 100644 --- a/generated-src/ios-aarch64/crypto/fipsmodule/keccak1600-armv8.S +++ b/generated-src/ios-aarch64/crypto/fipsmodule/keccak1600-armv8.S @@ -240,11 +240,11 @@ KeccakF1600: AARCH64_VALIDATE_LINK_REGISTER ret -.globl _SHA3_Absorb_hw -.private_extern _SHA3_Absorb_hw +.globl _Keccak1600_Absorb_hw +.private_extern _Keccak1600_Absorb_hw .align 5 -_SHA3_Absorb_hw: +_Keccak1600_Absorb_hw: AARCH64_SIGN_LINK_REGISTER stp x29,x30,[sp,#-128]! add x29,sp,#0 @@ -473,11 +473,11 @@ Labsorbed: AARCH64_VALIDATE_LINK_REGISTER ret -.globl _SHA3_Squeeze_hw -.private_extern _SHA3_Squeeze_hw +.globl _Keccak1600_Squeeze_hw +.private_extern _Keccak1600_Squeeze_hw .align 5 -_SHA3_Squeeze_hw: +_Keccak1600_Squeeze_hw: AARCH64_SIGN_LINK_REGISTER stp x29,x30,[sp,#-48]! add x29,sp,#0 @@ -672,11 +672,11 @@ KeccakF1600_cext: AARCH64_VALIDATE_LINK_REGISTER ret -.globl _SHA3_Absorb_cext -.private_extern _SHA3_Absorb_cext +.globl _Keccak1600_Absorb_cext +.private_extern _Keccak1600_Absorb_cext .align 5 -_SHA3_Absorb_cext: +_Keccak1600_Absorb_cext: AARCH64_SIGN_LINK_REGISTER stp x29,x30,[sp,#-80]! add x29,sp,#0 @@ -890,11 +890,11 @@ Labsorbed_ce: AARCH64_VALIDATE_LINK_REGISTER ret -.globl _SHA3_Squeeze_cext -.private_extern _SHA3_Squeeze_cext +.globl _Keccak1600_Squeeze_cext +.private_extern _Keccak1600_Squeeze_cext .align 5 -_SHA3_Squeeze_cext: +_Keccak1600_Squeeze_cext: AARCH64_SIGN_LINK_REGISTER stp x29,x30,[sp,#-16]! add x29,sp,#0 diff --git a/generated-src/linux-aarch64/crypto/fipsmodule/keccak1600-armv8.S b/generated-src/linux-aarch64/crypto/fipsmodule/keccak1600-armv8.S index 89e7bb0480..d3a90567bc 100644 --- a/generated-src/linux-aarch64/crypto/fipsmodule/keccak1600-armv8.S +++ b/generated-src/linux-aarch64/crypto/fipsmodule/keccak1600-armv8.S @@ -240,11 +240,11 @@ KeccakF1600: AARCH64_VALIDATE_LINK_REGISTER ret .size KeccakF1600,.-KeccakF1600 -.globl SHA3_Absorb_hw -.hidden SHA3_Absorb_hw -.type SHA3_Absorb_hw,%function +.globl Keccak1600_Absorb_hw +.hidden Keccak1600_Absorb_hw +.type Keccak1600_Absorb_hw,%function .align 5 -SHA3_Absorb_hw: +Keccak1600_Absorb_hw: AARCH64_SIGN_LINK_REGISTER stp x29,x30,[sp,#-128]! add x29,sp,#0 @@ -472,12 +472,12 @@ SHA3_Absorb_hw: ldp x29,x30,[sp],#128 AARCH64_VALIDATE_LINK_REGISTER ret -.size SHA3_Absorb_hw,.-SHA3_Absorb_hw -.globl SHA3_Squeeze_hw -.hidden SHA3_Squeeze_hw -.type SHA3_Squeeze_hw,%function +.size Keccak1600_Absorb_hw,.-Keccak1600_Absorb_hw +.globl Keccak1600_Squeeze_hw +.hidden Keccak1600_Squeeze_hw +.type Keccak1600_Squeeze_hw,%function .align 5 -SHA3_Squeeze_hw: +Keccak1600_Squeeze_hw: AARCH64_SIGN_LINK_REGISTER stp x29,x30,[sp,#-48]! add x29,sp,#0 @@ -543,7 +543,7 @@ SHA3_Squeeze_hw: ldp x29,x30,[sp],#48 AARCH64_VALIDATE_LINK_REGISTER ret -.size SHA3_Squeeze_hw,.-SHA3_Squeeze_hw +.size Keccak1600_Squeeze_hw,.-Keccak1600_Squeeze_hw .type KeccakF1600_ce,%function .align 5 KeccakF1600_ce: @@ -672,11 +672,11 @@ KeccakF1600_cext: AARCH64_VALIDATE_LINK_REGISTER ret .size KeccakF1600_cext,.-KeccakF1600_cext -.globl SHA3_Absorb_cext -.hidden SHA3_Absorb_cext -.type SHA3_Absorb_cext,%function +.globl Keccak1600_Absorb_cext +.hidden Keccak1600_Absorb_cext +.type Keccak1600_Absorb_cext,%function .align 5 -SHA3_Absorb_cext: +Keccak1600_Absorb_cext: AARCH64_SIGN_LINK_REGISTER stp x29,x30,[sp,#-80]! add x29,sp,#0 @@ -889,12 +889,12 @@ SHA3_Absorb_cext: ldp x29,x30,[sp],#80 AARCH64_VALIDATE_LINK_REGISTER ret -.size SHA3_Absorb_cext,.-SHA3_Absorb_cext -.globl SHA3_Squeeze_cext -.hidden SHA3_Squeeze_cext -.type SHA3_Squeeze_cext,%function +.size Keccak1600_Absorb_cext,.-Keccak1600_Absorb_cext +.globl Keccak1600_Squeeze_cext +.hidden Keccak1600_Squeeze_cext +.type Keccak1600_Squeeze_cext,%function .align 5 -SHA3_Squeeze_cext: +Keccak1600_Squeeze_cext: AARCH64_SIGN_LINK_REGISTER stp x29,x30,[sp,#-16]! add x29,sp,#0 @@ -950,7 +950,7 @@ SHA3_Squeeze_cext: ldr x29,[sp],#16 AARCH64_VALIDATE_LINK_REGISTER ret -.size SHA3_Squeeze_cext,.-SHA3_Squeeze_cext +.size Keccak1600_Squeeze_cext,.-Keccak1600_Squeeze_cext .byte 75,101,99,99,97,107,45,49,54,48,48,32,97,98,115,111,114,98,32,97,110,100,32,115,113,117,101,101,122,101,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .align 2 #endif // !OPENSSL_NO_ASM && defined(OPENSSL_AARCH64) && defined(__ELF__) diff --git a/generated-src/win-aarch64/crypto/fipsmodule/keccak1600-armv8.S b/generated-src/win-aarch64/crypto/fipsmodule/keccak1600-armv8.S index 902e4be8a0..610f90022b 100644 --- a/generated-src/win-aarch64/crypto/fipsmodule/keccak1600-armv8.S +++ b/generated-src/win-aarch64/crypto/fipsmodule/keccak1600-armv8.S @@ -244,13 +244,13 @@ KeccakF1600: AARCH64_VALIDATE_LINK_REGISTER ret -.globl SHA3_Absorb_hw +.globl Keccak1600_Absorb_hw -.def SHA3_Absorb_hw +.def Keccak1600_Absorb_hw .type 32 .endef .align 5 -SHA3_Absorb_hw: +Keccak1600_Absorb_hw: AARCH64_SIGN_LINK_REGISTER stp x29,x30,[sp,#-128]! add x29,sp,#0 @@ -479,13 +479,13 @@ Labsorbed: AARCH64_VALIDATE_LINK_REGISTER ret -.globl SHA3_Squeeze_hw +.globl Keccak1600_Squeeze_hw -.def SHA3_Squeeze_hw +.def Keccak1600_Squeeze_hw .type 32 .endef .align 5 -SHA3_Squeeze_hw: +Keccak1600_Squeeze_hw: AARCH64_SIGN_LINK_REGISTER stp x29,x30,[sp,#-48]! add x29,sp,#0 @@ -684,13 +684,13 @@ KeccakF1600_cext: AARCH64_VALIDATE_LINK_REGISTER ret -.globl SHA3_Absorb_cext +.globl Keccak1600_Absorb_cext -.def SHA3_Absorb_cext +.def Keccak1600_Absorb_cext .type 32 .endef .align 5 -SHA3_Absorb_cext: +Keccak1600_Absorb_cext: AARCH64_SIGN_LINK_REGISTER stp x29,x30,[sp,#-80]! add x29,sp,#0 @@ -904,13 +904,13 @@ Labsorbed_ce: AARCH64_VALIDATE_LINK_REGISTER ret -.globl SHA3_Squeeze_cext +.globl Keccak1600_Squeeze_cext -.def SHA3_Squeeze_cext +.def Keccak1600_Squeeze_cext .type 32 .endef .align 5 -SHA3_Squeeze_cext: +Keccak1600_Squeeze_cext: AARCH64_SIGN_LINK_REGISTER stp x29,x30,[sp,#-16]! add x29,sp,#0