From 22d7a77e9e5f409e934ed268692e56707cd169e5 Mon Sep 17 00:00:00 2001 From: "Conrado P. L. Gouvea" Date: Fri, 19 Apr 2019 13:04:53 -0300 Subject: [PATCH] sha3: fix bug in cSHAKE Clone() Clone() made a copy of the Keccak state after invoking clone(), which is not supported, since the "buf" slice in the Keccak state must point to the "storage" array, and if the state is copied directly it will keep pointing to the storage returned by clone(). Fix it by embedding a pointer to the Keccak state instead of the state itself. Change-Id: I7d392963ec65d784a360f6c12a7935a9a9a788b5 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/173018 Reviewed-by: Filippo Valsorda Run-TryBot: Filippo Valsorda TryBot-Result: Gobot Gobot --- sha3/sha3_test.go | 25 ++++++++++++++----------- sha3/shake.go | 6 +++--- 2 files changed, 17 insertions(+), 14 deletions(-) diff --git a/sha3/sha3_test.go b/sha3/sha3_test.go index c4e4498007..005a24247b 100644 --- a/sha3/sha3_test.go +++ b/sha3/sha3_test.go @@ -338,22 +338,25 @@ func TestReset(t *testing.T) { func TestClone(t *testing.T) { out1 := make([]byte, 16) out2 := make([]byte, 16) - in := sequentialBytes(0x100) - for _, v := range testShakes { - h1 := v.constructor(nil, []byte{0x01}) - h1.Write([]byte{0x01}) + // Test for sizes smaller and larger than block size. + for _, size := range []int{0x1, 0x100} { + in := sequentialBytes(size) + for _, v := range testShakes { + h1 := v.constructor(nil, []byte{0x01}) + h1.Write([]byte{0x01}) - h2 := h1.Clone() + h2 := h1.Clone() - h1.Write(in) - h1.Read(out1) + h1.Write(in) + h1.Read(out1) - h2.Write(in) - h2.Read(out2) + h2.Write(in) + h2.Read(out2) - if !bytes.Equal(out1, out2) { - t.Error("\nExpected:\n", hex.EncodeToString(out1), "\ngot:\n", hex.EncodeToString(out2)) + if !bytes.Equal(out1, out2) { + t.Error("\nExpected:\n", hex.EncodeToString(out1), "\ngot:\n", hex.EncodeToString(out2)) + } } } } diff --git a/sha3/shake.go b/sha3/shake.go index a39e5d5129..d7be2954ab 100644 --- a/sha3/shake.go +++ b/sha3/shake.go @@ -41,7 +41,7 @@ type ShakeHash interface { // cSHAKE specific context type cshakeState struct { - state // SHA-3 state context and Read/Write operations + *state // SHA-3 state context and Read/Write operations // initBlock is the cSHAKE specific initialization set of bytes. It is initialized // by newCShake function and stores concatenation of N followed by S, encoded @@ -82,7 +82,7 @@ func leftEncode(value uint64) []byte { } func newCShake(N, S []byte, rate int, dsbyte byte) ShakeHash { - c := cshakeState{state: state{rate: rate, dsbyte: dsbyte}} + c := cshakeState{state: &state{rate: rate, dsbyte: dsbyte}} // leftEncode returns max 9 bytes c.initBlock = make([]byte, 0, 9*2+len(N)+len(S)) @@ -104,7 +104,7 @@ func (c *cshakeState) Reset() { func (c *cshakeState) Clone() ShakeHash { b := make([]byte, len(c.initBlock)) copy(b, c.initBlock) - return &cshakeState{state: *c.clone(), initBlock: b} + return &cshakeState{state: c.clone(), initBlock: b} } // Clone returns copy of SHAKE context within its current state.