Fix Gimli hash on 16n byte inputs

2024-11-27 07:32:44 +00:00 · 2020-12-22 22:32:01 -06:00 · 2020-12-22 22:32:01 -06:00 · d9fe7ea815
commit d9fe7ea815
parent 55b998c98d
1 changed files with 21 additions and 6 deletions
--- a/lib/std/crypto/gimli.zig
+++ b/lib/std/crypto/gimli.zig
@ -229,18 +229,17 @@ pub const Hash = struct {
        const buf = self.state.toSlice();
        var in = data;
        while (in.len > 0) {
-            var left = State.RATE - self.buf_off;
-            if (left == 0) {
-                self.state.permute();
-                self.buf_off = 0;
-                left = State.RATE;
-            }
+            const left = State.RATE - self.buf_off;
            const ps = math.min(in.len, left);
            for (buf[self.buf_off .. self.buf_off + ps]) |*p, i| {
                p.* ^= in[i];
            }
            self.buf_off += ps;
            in = in[ps..];
+            if (self.buf_off == State.RATE) {
+                self.state.permute();
+                self.buf_off = 0;
+            }
        }
    }

@ -277,6 +276,22 @@ test "hash" {
    htest.assertEqual("1C9A03DC6A5DDC5444CFC6F4B154CFF5CF081633B2CEA4D7D0AE7CCFED5AAA44", &md);
 }

+test "hash test vector 17" {
+    var msg: [32 / 2]u8 = undefined;
+    try std.fmt.hexToBytes(&msg, "000102030405060708090A0B0C0D0E0F");
+    var md: [32]u8 = undefined;
+    hash(&md, &msg, .{});
+    htest.assertEqual("404C130AF1B9023A7908200919F690FFBB756D5176E056FFDE320016A37C7282", &md);
+}
+
+test "hash test vector 33" {
+    var msg: [32]u8 = undefined;
+    try std.fmt.hexToBytes(&msg, "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F");
+    var md: [32]u8 = undefined;
+    hash(&md, &msg, .{});
+    htest.assertEqual("A8F4FA28708BDA7EFB4C1914CA4AFA9E475B82D588D36504F87DBB0ED9AB3C4B", &md);
+}
+
 pub const Aead = struct {
    pub const tag_length = State.RATE;
    pub const nonce_length = 16;