Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Only SHA3/SHAKE Init Updates via FIPS202 API layer #2101

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Only SHA3/SHAKE Init Updates via FIPS202 API layer #2101

wants to merge 7 commits into from
+53 −43

Conversation

manastasova
Copy link
Contributor

@manastasova manastasova commented Jan 8, 2025
edited
Loading

Issues:

Resolves (some of) #CryptoAlg-2810

Description of changes:

AWS-LC supports SHA3 and SHAKE algorithms though low level SHA3_Init, SHA3_Update, SHA3_Final and SHAKE_init, SHAKE_Final APIs. Currently, there are two issues with the implementation and usage of SHA3 and SHAKE:

  • There is no support for SHAKE_Update function. SHAKE is implemented by calling SHAKE_Init, SHA3_Update and SHAKE_Final.
  • SHAKE_Final allows multiple consecutive calls to enable incremental XOF output generation.

This PR introduces the APIs that need changes in the function parameter list. Particularly, SHA3_Init used a parameter |pad_char|, which was used for differentiating SHA3_Init from SHAKE_Init functions.

This PR introduces only the changes in the Init functions (FIPS202_Init, FIPS202_Reset, SHA3_Init, and SHAKE_Init):

  • Introduce (partially) new API layers - FIPS202, SHA3 and SHAKE.
    • Keccak1600 layer (Keccak1600_Squeeze/Absorb Layer (rename) #2097) implements KeccakF1600 Absorb and Squeeze functions; Keccak1600 layer does not manage internal input/output buffers.
    • FIPS202 layer implements (so far) Reset and Init functions. (Update and Finalize functionalities are to be introduced in following PRs); FIPS202 layer manages the internal input/output buffers, allowing incremental requests (not necessarily multiple of block size) to Update (Absorb) and Squeeze for input/output processing. (Other functionalities, such as zero-ing of bitstate, block size checks, etc. are also handled by FIPS202 API layer).
      • FIPS202 layer implements (so far) Reset and Init common behavior between SHA3 and SHAKE algorithms.
      • FIPS202 layer checks/updates the |ctx->padded| flag when handling a common behavior between SHA3 and SHAKE algorithms.
    • SHA3 layer implements (so far) Init functionality (Update, and Final are to be introduced in following PRs);
    • SHAKE layer implements XOF SHAKE algorithm, therefore, offers (so far) Init functionality (Absorb, Squeeze, and Final functionalities are to be introduced in following PRs);

Call-outs:

All SHA3_Init calls are updated:

  • digests.c
  • sha3_test.cc

Testing:

./crypto/crypto_test --gtest_filter="KeccakInternalTest.*"
./crypto/crypto_test --gtest_filter="SHA3Test.*"
./crypto/crypto_test --gtest_filter="SHAKETest.*"

./crypto/crypto_test --gtest_filter="All/PerKEMTest.*"
./crypto/crypto_test --gtest_filter="All/PQDSAParameterTest.*"

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

manastasova and others added 5 commits January 6, 2025 22:58
@manastasova
Rename Absorb and Squeeze functions to Keccak1600_ layer specific
ff3cbd8 
Clean redefinition of SHAKE blocksize/rate macros; Update their use inside MLKEM and MLDSA.
@manastasova
Update build files in generated-src
680dd43
@manastasova @jakemas
Apply suggestions from code review
872d368 
Fix alignment

Co-authored-by: Jake Massimo <[email protected]>
@manastasova
Merge branch 'main' of github.com:aws/aws-lc into sha3_only_rename
14da500
@manastasova
Only add shanges to Init functions
97b02c6 
Add FIPS202 layer for FIPS202_Init and FIPS202_Reset functions

Introduce SHA3_Init API change; remove the padding character from parameters; is it handled internally by the SHA3/SHAKE functions via the FIPS layer

Introduce SHAKE_Init consuming FIPS202 layer APIs
@manastasova manastasova changed the title SHA3/SHAKE Init Updates via FIPS202 API layer Only SHA3/SHAKE Init Updates via FIPS202 API layer Jan 8, 2025
@codecov-commenter
Copy link

Codecov Report

Attention: Patch coverage is 91.17647% with 3 lines in your changes missing coverage. Please review.

Project coverage is 78.75%. Comparing base (3cea179) to head (95c7e26).

Files with missing lines Patch % Lines
crypto/fipsmodule/sha/sha3.c 90.00% 3 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2101      +/-   ##
==========================================
- Coverage   78.75%   78.75%   -0.01%     
==========================================
  Files         598      598              
  Lines      103657   103664       +7     
  Branches    14720    14723       +3     
==========================================
+ Hits        81637    81642       +5     
- Misses      21368    21369       +1     
- Partials      652      653       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@manastasova manastasova marked this pull request as ready for review January 8, 2025 23:55
@manastasova manastasova requested a review from a team as a code owner January 8, 2025 23:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@manastasova @codecov-commenter