crypto, bugfix: digest returns the wrong result when update is called…

… multiple times in shake256.
fibjs · Aug 24, 2023 · 3b5a0e0 · 3b5a0e0
1 parent a8eeddc
commit 3b5a0e0
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 44 deletions.
diff --git a/fibjs/src/crypto/md_shake.cpp b/fibjs/src/crypto/md_shake.cpp
@@ -28,58 +28,30 @@ static int _start_256(mbedtls_md_context_t* ctx)
 
 static int _update_128(mbedtls_md_context_t* ctx, const unsigned char* input, size_t ilen)
 {
-    shake128_absorb((shake128ctx*)&ctx->md_ctx, input, ilen);
+    shake128_inc_absorb((shake128incctx*)&ctx->md_ctx, input, ilen);
     return 0;
 }
 
 static int _update_256(mbedtls_md_context_t* ctx, const unsigned char* input, size_t ilen)
 {
-    shake256_absorb((shake256ctx*)&ctx->md_ctx, input, ilen);
+    shake256_inc_absorb((shake256incctx*)&ctx->md_ctx, input, ilen);
     return 0;
 }
 
 static int _finish_128(mbedtls_md_context_t* ctx, unsigned char* output)
 {
-    size_t outlen = 16;
-    size_t nblocks = outlen / SHAKE128_RATE;
-    uint8_t t[SHAKE128_RATE];
-
-    shake128_squeezeblocks(output, nblocks, (shake128ctx*)&ctx->md_ctx);
-
-    output += nblocks * SHAKE128_RATE;
-    outlen -= nblocks * SHAKE128_RATE;
-
-    if (outlen) {
-        shake128_squeezeblocks(t, 1, (shake128ctx*)&ctx->md_ctx);
-        for (size_t i = 0; i < outlen; ++i) {
-            output[i] = t[i];
-        }
-    }
-
-    shake128_ctx_release((shake128ctx*)&ctx->md_ctx);
+    shake128_inc_finalize((shake128incctx*)&ctx->md_ctx);
+    shake128_inc_squeeze(output, 16, (shake128incctx*)&ctx->md_ctx);
+    shake128_inc_ctx_release((shake128incctx*)&ctx->md_ctx);
     ctx->md_ctx = NULL;
     return 0;
 }
 
 static int _finish_256(mbedtls_md_context_t* ctx, unsigned char* output)
 {
-    size_t outlen = 32;
-    size_t nblocks = outlen / SHAKE256_RATE;
-    uint8_t t[SHAKE256_RATE];
-
-    shake256_squeezeblocks(output, nblocks, (shake256ctx*)&ctx->md_ctx);
-
-    output += nblocks * SHAKE256_RATE;
-    outlen -= nblocks * SHAKE256_RATE;
-
-    if (outlen) {
-        shake256_squeezeblocks(t, 1, (shake256ctx*)&ctx->md_ctx);
-        for (size_t i = 0; i < outlen; ++i) {
-            output[i] = t[i];
-        }
-    }
-
-    shake256_ctx_release((shake256ctx*)&ctx->md_ctx);
+    shake256_inc_finalize((shake256incctx*)&ctx->md_ctx);
+    shake256_inc_squeeze(output, 32, (shake256incctx*)&ctx->md_ctx);
+    shake256_inc_ctx_release((shake256incctx*)&ctx->md_ctx);
     ctx->md_ctx = NULL;
     return 0;
 }

diff --git a/test/hash_test.js b/test/hash_test.js
@@ -149,6 +149,9 @@ describe("hash", () => {
         var s = crypto.createHash(o.name).update(o.text).sign(sm2_pem);
         assert.ok(crypto.createHash(o.name).update(o.text).verify(pub_sm2_pem, s));
         assert.ok(new crypto.PKey(pub_sm2_pem).verify(crypto.createHash(o.name).update(o.text).digest(), s));
+
+        if (o.text != '')
+            assert.equal(o.hash, hash.digest(hash[o.name], o.text.substr(0, 1)).update(o.text.substr(1)).digest().hex());
     }
 
     function hmac_test(o) {
@@ -785,14 +788,14 @@ describe("hash", () => {
             name: 'SHAKE128',
             key: '',
             text: '',
-            hmac: 'f0378e7884b89146c1a5ab56977c5ed2',
-            base64: '8DeOeIS4kUbBpatWl3xe0g=='
+            hmac: 'e1d42a1194d3302116aa87447fc6e490',
+            base64: '4dQqEZTTMCEWqodEf8bkkA=='
         }, {
             name: 'SHAKE128',
             key: 'key',
             text: 'The quick brown fox jumps over the lazy dog',
-            hmac: '4f36643cbead9886a9a74f4781d42489',
-            base64: 'TzZkPL6tmIapp09HgdQkiQ=='
+            hmac: '173d5415e4ff548fc56cf04516b530f6',
+            base64: 'Fz1UFeT/VI/FbPBFFrUw9g=='
         }];
 
         hmac_case.forEach(hmac_test);
@@ -803,14 +806,14 @@ describe("hash", () => {
             name: 'SHAKE256',
             key: '',
             text: '',
-            hmac: 'a7b5e0262ecad6b6197c4b3b32112a9e55212fb47df59ccc845ac020517b5cf3',
-            base64: 'p7XgJi7K1rYZfEs7MhEqnlUhL7R99ZzMhFrAIFF7XPM='
+            hmac: '8f199276499167ab962c2a3d4c5f835301e013212b0b90ccec223747513feb2c',
+            base64: 'jxmSdkmRZ6uWLCo9TF+DUwHgEyErC5DM7CI3R1E/6yw='
         }, {
             name: 'SHAKE256',
             key: 'key',
             text: 'The quick brown fox jumps over the lazy dog',
-            hmac: '93fb26a27f6eafc5d7527cc59d5a0f6d2f2b49ce01815e7b475b2c3e922ea529',
-            base64: 'k/smon9ur8XXUnzFnVoPbS8rSc4BgV57R1ssPpIupSk='
+            hmac: '749687518fdf578cd372b837c4d521a9ab70ac56a7c8adceecbc9b3322485869',
+            base64: 'dJaHUY/fV4zTcrg3xNUhqatwrFanyK3O7LybMyJIWGk='
         }];
 
         hmac_case.forEach(hmac_test);