kmac: Replace sha3 dependency with new cshake crate

Author: hoxxep

Cargo.lock

@@ -13,8 +13,8 @@ categories = ["cryptography", "no-std"]
 rust-version = "1.85"
 
 [dependencies]
+cshake = { git = "https://github.com/RustCrypto/hashes", branch = "master" }
 digest = { version = "0.11.0", features = ["mac"] }
-sha3 = "0.11.0-rc.9"
 
 [dev-dependencies]
 digest = { version = "0.11.0", features = ["dev"] }

kmac/Cargo.toml

@@ -78,7 +78,7 @@ use hex_literal::hex;
 let mut mac = Kmac256::new_customization(b"key material", b"customization").unwrap();
 mac.update(b"input message");
 let mut output = [0u8; 32];
-mac.finalize_into(&mut output);
+mac.finalize_into_buf(&mut output);
 
 let expected = hex!("
     85fb77da3a35e4c4b0057c3151e6cc54

kmac/README.md

@@ -1,73 +1,87 @@
 use crate::encoding::{left_encode, right_encode};
-use crate::traits::{CShake, EagerHash};
-use core::fmt;
-use digest::block_api::{
-    AlgorithmName, Block, BlockSizeUser, Buffer, BufferKindUser, Eager, ExtendableOutputCore,
-    FixedOutputCore, UpdateCore, XofReaderCore,
-};
+use cshake::CShake;
+use digest::block_api::BlockSizeUser;
 use digest::common::KeySizeUser;
-use digest::{InvalidLength, Key, KeyInit, MacMarker, Output, OutputSizeUser};
+use digest::typenum::Unsigned;
+use digest::{ExtendableOutput, InvalidLength, Key, KeyInit, MacMarker, Update, XofReader};
 
-pub struct KmacCore<D: EagerHash> {
-    digest: D::Core,
+/// Trait alias for CShake types usable with KMAC.
+pub trait CShakeUser: BlockSizeUser + Update + ExtendableOutput + Clone {
+    fn new_kmac(customization: &[u8]) -> Self;
 }
 
-impl<D: EagerHash> Clone for KmacCore<D> {
+impl CShakeUser for cshake::CShake128 {
+    fn new_kmac(customization: &[u8]) -> Self {
+        CShake::new_with_function_name(b"KMAC", customization)
+    }
+}
+
+impl CShakeUser for cshake::CShake256 {
+    fn new_kmac(customization: &[u8]) -> Self {
+        CShake::new_with_function_name(b"KMAC", customization)
+    }
+}
+
+pub struct KmacInner<D: CShakeUser> {
+    cshake: D,
+}
+
+impl<D: CShakeUser> Clone for KmacInner<D> {
     #[inline(always)]
     fn clone(&self) -> Self {
         Self {
-            digest: self.digest.clone(),
+            cshake: self.cshake.clone(),
         }
     }
 }
 
-impl<D: EagerHash> MacMarker for KmacCore<D> {}
-
-impl<D: EagerHash> BufferKindUser for KmacCore<D> {
-    type BufferKind = Eager;
-}
+impl<D: CShakeUser> MacMarker for KmacInner<D> {}
 
-impl<D: EagerHash> KeySizeUser for KmacCore<D> {
-    type KeySize = <D::Core as BlockSizeUser>::BlockSize;
+impl<D: CShakeUser> KeySizeUser for KmacInner<D> {
+    type KeySize = D::BlockSize;
 }
 
-impl<D: EagerHash> BlockSizeUser for KmacCore<D> {
-    type BlockSize = <D::Core as BlockSizeUser>::BlockSize;
+impl<D: CShakeUser> BlockSizeUser for KmacInner<D> {
+    type BlockSize = D::BlockSize;
 }
 
-impl<D: EagerHash> KmacCore<D> {
+impl<D: CShakeUser> KmacInner<D> {
     #[inline(always)]
     pub fn new_customization(key: &[u8], customisation: &[u8]) -> Self {
-        // digest: bufpad(encode_string(K), bufsize) || X || right_encode(L)
-        //   where bufpad(X, w) = left_encode(len(w)) || X || zeros
-        //   where encode_string(K) = left_encode(len(K)) || K
-        let mut digest = D::Core::new_cshake(customisation);
-        let mut buffer = Buffer::<Self>::default();
+        let mut cshake = D::new_kmac(customisation);
+        let block_size = D::BlockSize::USIZE;
         let mut encode_buffer = [0u8; 9];
 
-        // bytepad, left_encode(w)
-        buffer.digest_blocks(
-            left_encode(D::block_size() as u64, &mut encode_buffer),
-            |blocks| digest.update_blocks(blocks),
-        );
-
-        // encode_string(K), left_encode(len(K)) -- length is in bits
-        buffer.digest_blocks(
-            left_encode(8 * key.len() as u64, &mut encode_buffer),
-            |blocks| digest.update_blocks(blocks),
-        );
-
-        // encode_string(K) copy K into blocks
-        buffer.digest_blocks(key, |blocks| digest.update_blocks(blocks));
-
-        // bytepad, pad the key to the block size
-        digest.update_blocks(&[buffer.pad_with_zeros()]);
+        // bytepad: left_encode(w)
+        let le_w = left_encode(block_size as u64, &mut encode_buffer);
+        let mut total = le_w.len();
+        cshake.update(le_w);
+
+        // encode_string(K): left_encode(8*len(K)) || K
+        let le_k = left_encode(8 * key.len() as u64, &mut encode_buffer);
+        total += le_k.len();
+        cshake.update(le_k);
+
+        total += key.len();
+        cshake.update(key);
+
+        // pad to block boundary
+        let pad_len = (block_size - (total % block_size)) % block_size;
+        if pad_len > 0 {
+            let zeros = [0u8; 168]; // max block size
+            let mut remaining = pad_len;
+            while remaining > 0 {
+                let chunk = core::cmp::min(remaining, zeros.len());
+                cshake.update(&zeros[..chunk]);
+                remaining -= chunk;
+            }
+        }
 
-        Self { digest }
+        Self { cshake }
     }
 }
 
-impl<D: EagerHash> KeyInit for KmacCore<D> {
+impl<D: CShakeUser> KeyInit for KmacInner<D> {
     #[inline]
     fn new(key: &Key<Self>) -> Self {
         Self::new_customization(key.as_slice(), &[])
@@ -79,68 +93,34 @@ impl<D: EagerHash> KeyInit for KmacCore<D> {
     }
 }
 
-impl<D: EagerHash> UpdateCore for KmacCore<D> {
+impl<D: CShakeUser> Update for KmacInner<D> {
     #[inline(always)]
-    fn update_blocks(&mut self, blocks: &[Block<Self>]) {
-        self.digest.update_blocks(blocks);
+    fn update(&mut self, data: &[u8]) {
+        self.cshake.update(data);
     }
 }
 
-impl<D: EagerHash> KmacCore<D> {
-    /// Finalizes the KMAC for any output array size.
+impl<D: CShakeUser> KmacInner<D> {
+    /// Finalizes the KMAC for any output array size (fixed-length output).
     #[inline(always)]
-    pub fn finalize_core(&mut self, buffer: &mut Buffer<Self>, out: &mut [u8]) {
+    pub fn finalize_fixed_inner(mut self, out: &mut [u8]) {
         // right_encode(L), where L = output length in bits
-        buffer.digest_blocks(
-            right_encode(8 * out.len() as u64, &mut [0u8; 9]),
-            |blocks| self.update_blocks(blocks),
-        );
-
-        let mut reader = self.digest.finalize_xof_core(buffer);
-
-        let mut pos = 0;
-        while pos < out.len() {
-            let block = reader.read_block();
-            let to_copy = core::cmp::min(out.len() - pos, block.len());
-            out[pos..pos + to_copy].copy_from_slice(&block[..to_copy]);
-            pos += to_copy;
-        }
-    }
-}
+        let mut encode_buffer = [0u8; 9];
+        let re = right_encode(8 * out.len() as u64, &mut encode_buffer);
+        self.cshake.update(re);
 
-impl<D: EagerHash> FixedOutputCore for KmacCore<D>
-where
-    KmacCore<D>: OutputSizeUser,
-{
-    #[inline(always)]
-    fn finalize_fixed_core(&mut self, buffer: &mut Buffer<Self>, out: &mut Output<Self>) {
-        self.finalize_core(buffer, out.as_mut_slice());
+        let mut reader = self.cshake.finalize_xof();
+        reader.read(out);
     }
-}
-
-impl<D: EagerHash> ExtendableOutputCore for KmacCore<D> {
-    type ReaderCore = <D::Core as ExtendableOutputCore>::ReaderCore;
 
+    /// Finalizes the KMAC for extendable output (XOF).
     #[inline(always)]
-    fn finalize_xof_core(&mut self, buffer: &mut Buffer<Self>) -> Self::ReaderCore {
+    pub fn finalize_xof_inner(mut self) -> D::Reader {
         // right_encode(0), as L = 0 for extendable output
-        buffer.digest_blocks(right_encode(0, &mut [0u8; 9]), |blocks| {
-            self.update_blocks(blocks)
-        });
-        self.digest.finalize_xof_core(buffer)
-    }
-}
-
-impl<D: EagerHash + AlgorithmName> AlgorithmName for KmacCore<D> {
-    fn write_alg_name(f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        f.write_str("Kmac<")?;
-        <D as AlgorithmName>::write_alg_name(f)?;
-        f.write_str(">")
-    }
-}
+        let mut encode_buffer = [0u8; 9];
+        let re = right_encode(0, &mut encode_buffer);
+        self.cshake.update(re);
 
-impl<D: EagerHash + fmt::Debug> fmt::Debug for KmacCore<D> {
-    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        f.write_str("KmacCore { ... }")
+        self.cshake.finalize_xof()
     }
 }