use ronkathon sha3 primitive

Author: lonerapier

src/hashes/sha3.rs

@@ -41,6 +41,19 @@ const RHO: [[u32; 5]; 5] =
     27, 20, 39, 8, 14,
   ]];
 
+/// Type alias for SHA3-224.
+pub type Sha3_224 = Sha3<28>;
+/// Type alias for SHA3-256.
+pub type Sha3_256 = Sha3<32>;
+/// Type alias for SHA3-384.
+pub type Sha3_384 = Sha3<48>;
+/// Type alias for SHA3-512.
+pub type Sha3_512 = Sha3<64>;
+/// Type alias for SHAKE128.
+pub type Shake128 = Shake<128>;
+/// Type alias for SHAKE256.
+pub type Shake256 = Shake<256>;
+
 #[derive(Clone, Debug)]
 struct KeccakState {
   lanes: [[u64; 5]; 5],
@@ -277,19 +290,6 @@ impl<const SECURITY_BITS: usize> Shake<SECURITY_BITS> {
   }
 }
 
-/// Type alias for SHA3-224.
-pub type Sha3_224 = Sha3<28>;
-/// Type alias for SHA3-256.
-pub type Sha3_256 = Sha3<32>;
-/// Type alias for SHA3-384.
-pub type Sha3_384 = Sha3<48>;
-/// Type alias for SHA3-512.
-pub type Sha3_512 = Sha3<64>;
-/// Type alias for SHAKE128.
-pub type Shake128 = Shake<128>;
-/// Type alias for SHAKE256.
-pub type Shake256 = Shake<256>;
-
 #[cfg(test)]
 mod tests {
   use hex_literal::hex;

src/kem/kyber/auxiliary.rs

@@ -2,49 +2,48 @@
 //! - [`prf`] - Pseudorandom function
 //! - [`h`], [`g`] - Hash function
 //! - [`Xof`] - Extendable output function
-use sha3::{
-  digest::{ExtendableOutput, Update, XofReader},
-  Digest, Shake128, Shake256,
-};
+
+use crate::hashes::sha3::{Sha3_256, Sha3_512, Shake128, Shake256};
 
 pub fn prf<const ETA: usize>(s: &[u8], b: u8) -> [u8; 64 * ETA] {
   assert!(s.len() == 32);
 
-  let mut hasher = Shake256::default();
-  hasher.update(&s);
+  let mut hasher = Shake256::new();
+  hasher.update(s);
   hasher.update(&[b]);
   let mut res = [0u8; 64 * ETA];
-  XofReader::read(&mut hasher.finalize_xof(), &mut res);
+  hasher.squeeze(&mut res);
   res
 }
 
-pub fn h(s: &[u8]) -> [u8; 32] { sha3::Sha3_256::digest(s).into() }
+pub fn h(s: &[u8]) -> [u8; 32] {
+  let mut hasher = Sha3_256::new();
+  hasher.update(s);
+  hasher.finalize()
+}
 
 pub fn j(s: &[u8]) -> [u8; 32] {
-  let mut hasher = Shake256::default();
+  let mut hasher = Shake256::new();
   hasher.update(s);
-  let mut reader = hasher.finalize_xof();
   let mut res = [0u8; 32];
-  XofReader::read(&mut reader, &mut res);
+  hasher.squeeze(&mut res);
   res
 }
 
 pub fn g(c: &[u8]) -> ([u8; 32], [u8; 32]) {
-  let res = sha3::Sha3_512::digest(c);
-  (res[..32].try_into().unwrap(), res[32..].try_into().unwrap())
+  let mut hasher = Sha3_512::new();
+  hasher.update(c);
+  let res = hasher.finalize();
+  let (h0, h1) = res.split_at(32);
+  (h0.try_into().unwrap(), h1.try_into().unwrap())
 }
 
 pub struct Xof(Shake128);
 
 impl Xof {
-  pub fn init() -> Self { Self(Shake128::default()) }
+  pub fn init() -> Self { Self(Shake128::new()) }
 
-  pub fn absorb(mut self, input: &[u8]) -> impl XofReader {
-    self.0.update(input);
-    self.0.finalize_xof()
-  }
+  pub fn absorb(&mut self, input: &[u8]) { self.0.update(input); }
 
-  pub fn squeeze(reader: &mut impl XofReader, output: &mut [u8]) {
-    XofReader::read(reader, output);
-  }
+  pub fn squeeze(&mut self, output: &mut [u8]) { self.0.squeeze(output); }
 }

src/kem/kyber/encode.rs

@@ -93,7 +93,7 @@ pub fn byte_decode_polyvec<B: Basis, const D: usize, const K: usize, const d: us
   let mut f = Vec::with_capacity(K);
 
   for bytes in encoded_bytes.chunks(32 * d) {
-    let coeffs = byte_decode::<d, D>(bytes.try_into().unwrap());
+    let coeffs = byte_decode::<d, D>(bytes);
     f.push(Polynomial { coefficients: coeffs, basis: basis.clone() })
   }
 
@@ -109,7 +109,7 @@ mod tests {
   fn generate_test_data() -> [MlKemField; 256] {
     let mut data = [MlKemField { value: 0 }; 256];
     for i in 0..256 {
-      data[i].value = i as usize;
+      data[i].value = i;
     }
     data
   }

src/kem/kyber/mod.rs

@@ -375,7 +375,7 @@ impl<const K: usize> MlKem<K> {
     [(); 64 * eta1 * 8]:,
   {
     let (ek_pke, dk_pke) = self.kpke.pke_keygen::<eta1>(d);
-    let ek: [u8; 384 * K + 32] = ek_pke.0.clone();
+    let ek: [u8; 384 * K + 32] = ek_pke.0;
     let h = h(&ek);
 
     (MlKemEncapsKey(ek), MlKemDecapsKey { dk_pke, ek_pke, h, z })

src/kem/kyber/sampling.rs

@@ -10,11 +10,12 @@ pub fn sample_ntt(rho: &[u8], j: u8, i: u8) -> [MlKemField; 256] {
 
   let mut ntt = [MlKemField::ZERO; 256];
 
-  let mut xof = Xof::init().absorb(&input);
+  let mut xof = Xof::init();
+  xof.absorb(&input);
   let mut j = 0;
   while j < 256 {
     let mut buf = [0u8; 3];
-    Xof::squeeze(&mut xof, &mut buf);
+    xof.squeeze(&mut buf);
 
     let d_1 = buf[0] as usize + ((buf[1] as usize & 0xf) << 8);
     let d_2 = (buf[1] >> 4) as usize + ((buf[2] as usize) << 4);

src/lib.rs

@@ -22,7 +22,6 @@
 #![feature(const_option)]
 #![feature(generic_const_exprs)]
 #![feature(specialization)]
-#![feature(test)]
 #![warn(missing_docs)]
 
 pub mod algebra;