diff options
| author | Matthew Dempsky <mdempsky@google.com> | 2023-09-09 18:06:46 -0700 |
|---|---|---|
| committer | Gopher Robot <gobot@golang.org> | 2023-09-10 18:25:15 +0000 |
| commit | 3f0842a46434ea6f56bf6e684c2b83d90e9cff07 (patch) | |
| tree | 8fe050a8c6dd303fd8cdfc140af062c25ae762f1 /sha3/sha3.go | |
| parent | e90f1e17ee2ffe351a8295e8ae8b66afda2969c6 (diff) | |
| download | go-x-crypto-3f0842a46434ea6f56bf6e684c2b83d90e9cff07.tar.xz | |
sha3: have ShakeHash extend hash.Hash
Package sha3 recommends the SHAKE functions for new uses, but this is
currently somewhat inconvenient because ShakeHash does not implement
hash.Hash. This is understandable, as SHAKE supports arbitrary-length
outputs whereas hash.Hash only supports fixed-length outputs. But
there's a natural fixed-length output to provide: the minimum output
that still provides SHAKE's full-strength generic security.
While here, tweak Sum so that its temporary buffer can be stack
allocated.
Also, tweak the panic message in Write so that the error text is more
readily understandable to Go programmers without needing to be
familiar with crypto jargon, and add a similar check in Sum.
Change-Id: Icf037d3990a71de5630f8825606614443f8c5245
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/526937
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Adam Langley <agl@google.com>
Auto-Submit: Matthew Dempsky <mdempsky@google.com>
Diffstat (limited to 'sha3/sha3.go')
| -rw-r--r-- | sha3/sha3.go | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/sha3/sha3.go b/sha3/sha3.go index fa182be..4884d17 100644 --- a/sha3/sha3.go +++ b/sha3/sha3.go @@ -121,11 +121,11 @@ func (d *state) padAndPermute(dsbyte byte) { copyOut(d, d.buf) } -// Write absorbs more data into the hash's state. It produces an error -// if more data is written to the ShakeHash after writing +// Write absorbs more data into the hash's state. It panics if any +// output has already been read. func (d *state) Write(p []byte) (written int, err error) { if d.state != spongeAbsorbing { - panic("sha3: write to sponge after read") + panic("sha3: Write after Read") } if d.buf == nil { d.buf = d.storage.asBytes()[:0] @@ -182,12 +182,16 @@ func (d *state) Read(out []byte) (n int, err error) { } // Sum applies padding to the hash state and then squeezes out the desired -// number of output bytes. +// number of output bytes. It panics if any output has already been read. func (d *state) Sum(in []byte) []byte { + if d.state != spongeAbsorbing { + panic("sha3: Sum after Read") + } + // Make a copy of the original hash so that caller can keep writing // and summing. dup := d.clone() - hash := make([]byte, dup.outputLen) + hash := make([]byte, dup.outputLen, 64) // explicit cap to allow stack allocation dup.Read(hash) return append(in, hash...) } |