5878070409

Committed 16 Aug 2023 11:15AM UTC coverage: 91.7% (+0.002%) from 91.698%

Build # 5878070409

Build Type

Pull #3672

github

Committed by

web-flow

Commit Message

Merge 9a39e705a into fc4b4271f

Pull Request Pull Request #3672: Feature: Use XOF interface in Kyber and Dilithium

Run Details

78640 of 85758 relevant lines covered (91.7%)

12421647.74 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

84.72

/src/lib/hash/sha3/sha3.cpp

/*
* SHA-3
* (C) 2010,2016 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/internal/sha3.h>

#include <botan/exceptn.h>
#include <botan/internal/cpuid.h>
#include <botan/internal/fmt.h>
#include <botan/internal/loadstor.h>
#include <botan/internal/sha3_round.h>

namespace Botan {

//static
void SHA_3::permute(uint64_t A[25]) {
#if defined(BOTAN_HAS_SHA3_BMI2)
   if(CPUID::has_bmi2()) {
      return permute_bmi2(A);
   }
#endif

   static const uint64_t RC[24] = {0x0000000000000001, 0x0000000000008082, 0x800000000000808A, 0x8000000080008000,
                                   0x000000000000808B, 0x0000000080000001, 0x8000000080008081, 0x8000000000008009,
                                   0x000000000000008A, 0x0000000000000088, 0x0000000080008009, 0x000000008000000A,
                                   0x000000008000808B, 0x800000000000008B, 0x8000000000008089, 0x8000000000008003,
                                   0x8000000000008002, 0x8000000000000080, 0x000000000000800A, 0x800000008000000A,
                                   0x8000000080008081, 0x8000000000008080, 0x0000000080000001, 0x8000000080008008};

   uint64_t T[25];

   for(size_t i = 0; i != 24; i += 2) {
      SHA3_round(T, A, RC[i + 0]);
      SHA3_round(A, T, RC[i + 1]);
   }
}

//static
size_t SHA_3::absorb(size_t bitrate, secure_vector<uint64_t>& S, size_t S_pos, const uint8_t input[], size_t length) {
   while(length > 0) {
      size_t to_take = std::min(length, bitrate / 8 - S_pos);

      length -= to_take;

      while(to_take && S_pos % 8) {
         S[S_pos / 8] ^= static_cast<uint64_t>(input[0]) << (8 * (S_pos % 8));

         ++S_pos;
         ++input;
         --to_take;
      }

      while(to_take && to_take % 8 == 0) {
         S[S_pos / 8] ^= load_le<uint64_t>(input, 0);
         S_pos += 8;
         input += 8;
         to_take -= 8;
      }

      while(to_take) {
         S[S_pos / 8] ^= static_cast<uint64_t>(input[0]) << (8 * (S_pos % 8));

         ++S_pos;
         ++input;
         --to_take;
      }

      if(S_pos == bitrate / 8) {
         SHA_3::permute(S.data());
         S_pos = 0;
      }
   }

   return S_pos;
}

//static
void SHA_3::finish(size_t bitrate, secure_vector<uint64_t>& S, size_t S_pos, uint8_t init_pad, uint8_t fini_pad) {
   BOTAN_ARG_CHECK(bitrate % 64 == 0, "SHA-3 bitrate must be multiple of 64");

   S[S_pos / 8] ^= static_cast<uint64_t>(init_pad) << (8 * (S_pos % 8));
   S[(bitrate / 64) - 1] ^= static_cast<uint64_t>(fini_pad) << 56;
   SHA_3::permute(S.data());
}

//static
void SHA_3::expand(size_t bitrate, secure_vector<uint64_t>& S, uint8_t output[], size_t output_length) {
   BOTAN_ARG_CHECK(bitrate % 64 == 0, "SHA-3 bitrate must be multiple of 64");

   const size_t byterate = bitrate / 8;

   while(output_length > 0) {
      const size_t copying = std::min(byterate, output_length);

      copy_out_vec_le(output, copying, S);

      output += copying;
      output_length -= copying;

      if(output_length > 0) {
         SHA_3::permute(S.data());
      }
   }
}

SHA_3::SHA_3(size_t output_bits) : m_output_bits(output_bits), m_bitrate(1600 - 2 * output_bits), m_S(25), m_S_pos(0) {
   // We only support the parameters for SHA-3 in this constructor

   if(output_bits != 224 && output_bits != 256 && output_bits != 384 && output_bits != 512) {
      throw Invalid_Argument(fmt("SHA_3: Invalid output length {}", output_bits));
   }
}

std::string SHA_3::name() const {
   return fmt("SHA-3({})", m_output_bits);
}

std::string SHA_3::provider() const {
#if defined(BOTAN_HAS_SHA3_BMI2)
   if(CPUID::has_bmi2()) {
      return "bmi2";
   }
#endif

   return "base";
}

std::unique_ptr<HashFunction> SHA_3::copy_state() const {
   return std::make_unique<SHA_3>(*this);
}

std::unique_ptr<HashFunction> SHA_3::new_object() const {
   return std::make_unique<SHA_3>(m_output_bits);
}

void SHA_3::clear() {
   zeroise(m_S);
   m_S_pos = 0;
}

void SHA_3::add_data(const uint8_t input[], size_t length) {
   m_S_pos = SHA_3::absorb(m_bitrate, m_S, m_S_pos, input, length);
}

void SHA_3::final_result(uint8_t output[]) {
   SHA_3::finish(m_bitrate, m_S, m_S_pos, 0x06, 0x80);

   /*
   * We never have to run the permutation again because we only support
   * limited output lengths
   */
   copy_out_vec_le(output, m_output_bits / 8, m_S);

   clear();
}

}  // namespace Botan

1	/*
2	* SHA-3
3	* (C) 2010,2016 Jack Lloyd
4	*
5	* Botan is released under the Simplified BSD License (see license.txt)
6	*/
7
8	#include <botan/internal/sha3.h>
9
10	#include <botan/exceptn.h>
11	#include <botan/internal/cpuid.h>
12	#include <botan/internal/fmt.h>
13	#include <botan/internal/loadstor.h>
14	#include <botan/internal/sha3_round.h>
15
16	namespace Botan {
17
18	//static
19	void SHA_3::permute(uint64_t A[25]) {	151,013,972✔
20	#if defined(BOTAN_HAS_SHA3_BMI2)
21	if(CPUID::has_bmi2()) {	151,013,972✔
22	return permute_bmi2(A);	151,004,304✔
23	}
24	#endif
25
26	static const uint64_t RC[24] = {0x0000000000000001, 0x0000000000008082, 0x800000000000808A, 0x8000000080008000,
27	0x000000000000808B, 0x0000000080000001, 0x8000000080008081, 0x8000000000008009,
28	0x000000000000008A, 0x0000000000000088, 0x0000000080008009, 0x000000008000000A,
29	0x000000008000808B, 0x800000000000008B, 0x8000000000008089, 0x8000000000008003,
30	0x8000000000008002, 0x8000000000000080, 0x000000000000800A, 0x800000008000000A,
31	0x8000000080008081, 0x8000000000008080, 0x0000000080000001, 0x8000000080008008};
32
33	uint64_t T[25];
34
35	for(size_t i = 0; i != 24; i += 2) {	125,684✔
36	SHA3_round(T, A, RC[i + 0]);	116,016✔
37	SHA3_round(A, T, RC[i + 1]);	116,016✔
38	}
39	}
40
41	//static
42	size_t SHA_3::absorb(size_t bitrate, secure_vector<uint64_t>& S, size_t S_pos, const uint8_t input[], size_t length) {	330,164,345✔
43	while(length > 0) {	727,751,695✔
44	size_t to_take = std::min(length, bitrate / 8 - S_pos);	397,587,350✔
45
46	length -= to_take;	397,587,350✔
47
48	while(to_take && S_pos % 8) {	551,437,114✔
49	S[S_pos / 8] ^= static_cast<uint64_t>(input[0]) << (8 * (S_pos % 8));	153,849,764✔
50
51	++S_pos;	153,849,764✔
52	++input;	153,849,764✔
53	--to_take;	153,849,764✔
54	}
55
56	while(to_take && to_take % 8 == 0) {	1,705,908,123✔
57	S[S_pos / 8] ^= load_le<uint64_t>(input, 0);	1,308,320,773✔
58	S_pos += 8;	1,308,320,773✔
59	input += 8;	1,308,320,773✔
60	to_take -= 8;	1,308,320,773✔
61	}
62
63	while(to_take) {	3,575,582,642✔
64	S[S_pos / 8] ^= static_cast<uint64_t>(input[0]) << (8 * (S_pos % 8));	3,177,995,292✔
65
66	++S_pos;	3,177,995,292✔
67	++input;	3,177,995,292✔
68	--to_take;	3,177,995,292✔
69	}
70
71	if(S_pos == bitrate / 8) {	397,587,350✔
72	SHA_3::permute(S.data());	68,934,661✔
73	S_pos = 0;	68,934,661✔
74	}
75	}
76
77	return S_pos;	330,164,345✔
78	}
79
80	//static
81	void SHA_3::finish(size_t bitrate, secure_vector<uint64_t>& S, size_t S_pos, uint8_t init_pad, uint8_t fini_pad) {	81,616,202✔
82	BOTAN_ARG_CHECK(bitrate % 64 == 0, "SHA-3 bitrate must be multiple of 64");	81,616,202✔
83
84	S[S_pos / 8] ^= static_cast<uint64_t>(init_pad) << (8 * (S_pos % 8));	81,616,202✔
85	S[(bitrate / 64) - 1] ^= static_cast<uint64_t>(fini_pad) << 56;	81,616,202✔
86	SHA_3::permute(S.data());	81,616,202✔
87	}	81,616,202✔
88
89	//static
90	void SHA_3::expand(size_t bitrate, secure_vector<uint64_t>& S, uint8_t output[], size_t output_length) {	×
91	BOTAN_ARG_CHECK(bitrate % 64 == 0, "SHA-3 bitrate must be multiple of 64");	×
92
93	const size_t byterate = bitrate / 8;	×
94
95	while(output_length > 0) {	×
96	const size_t copying = std::min(byterate, output_length);	×
97
98	copy_out_vec_le(output, copying, S);	×
99
100	output += copying;	×
101	output_length -= copying;	×
102
103	if(output_length > 0) {	×
104	SHA_3::permute(S.data());	×
105	}
106	}
107	}	×
108
109	SHA_3::SHA_3(size_t output_bits) : m_output_bits(output_bits), m_bitrate(1600 - 2 * output_bits), m_S(25), m_S_pos(0) {	9,609✔
110	// We only support the parameters for SHA-3 in this constructor
111
112	if(output_bits != 224 && output_bits != 256 && output_bits != 384 && output_bits != 512) {	9,609✔
113	throw Invalid_Argument(fmt("SHA_3: Invalid output length {}", output_bits));	2✔
114	}
115	}	9,609✔
116
117	std::string SHA_3::name() const {	2,616✔
118	return fmt("SHA-3({})", m_output_bits);	2,616✔
119	}
120
121	std::string SHA_3::provider() const {	808✔
122	#if defined(BOTAN_HAS_SHA3_BMI2)
123	if(CPUID::has_bmi2()) {	808✔
124	return "bmi2";	404✔
125	}
126	#endif
127
128	return "base";	404✔
129	}
130
131	std::unique_ptr<HashFunction> SHA_3::copy_state() const {	760✔
132	return std::make_unique<SHA_3>(*this);	760✔
133	}
134
135	std::unique_ptr<HashFunction> SHA_3::new_object() const {	2,778✔
136	return std::make_unique<SHA_3>(m_output_bits);	2,778✔
137	}
138
139	void SHA_3::clear() {	13,925✔
140	zeroise(m_S);	13,925✔
141	m_S_pos = 0;	13,925✔
142	}	13,925✔
143
144	void SHA_3::add_data(const uint8_t input[], size_t length) {	16,815,508✔
145	m_S_pos = SHA_3::absorb(m_bitrate, m_S, m_S_pos, input, length);	16,815,508✔
146	}	16,815,508✔
147
148	void SHA_3::final_result(uint8_t output[]) {	12,829✔
149	SHA_3::finish(m_bitrate, m_S, m_S_pos, 0x06, 0x80);	12,829✔
150
151	/*
152	* We never have to run the permutation again because we only support
153	* limited output lengths
154	*/
155	copy_out_vec_le(output, m_output_bits / 8, m_S);	12,829✔
156
157	clear();	12,829✔
158	}	12,829✔
159
160	} // namespace Botan

randombit / botan / 5878070409

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous