From aa72f7392588f9d10dd016d67810b21e2b5f4677 Mon Sep 17 00:00:00 2001
From: Elliot Saba <staticfloat@gmail.com>
Date: Tue, 23 Apr 2024 15:12:32 -0700
Subject: [PATCH] [SHA3] Fix padding special-case (#108)

* [SHA3] Fix padding special-case

The previous logic was incorrect, luckily the fix is actually simpler
than the old logic.

* fix test

* Update src/types.jl

Co-authored-by: inky <git@wo-class.cn>

---------

Co-authored-by: inky <git@wo-class.cn>
---
 src/sha3.jl       |  9 +++------
 test/constants.jl | 32 +++++++++++++++++++++++++++++---
 test/runtests.jl  |  2 +-
 3 files changed, 33 insertions(+), 10 deletions(-)

diff --git a/src/sha3.jl b/src/sha3.jl
index 58393cc..0d3c313 100644
--- a/src/sha3.jl
+++ b/src/sha3.jl
@@ -66,12 +66,9 @@ function digest!(context::T) where {T<:SHA3_CTX}
             # Finish it off with a 0x80
             context.buffer[end] = 0x80
         else
-            # Otherwise, we have to add on a whole new buffer just for the zeros and 0x80
-            context.buffer[end] = 0x06
-            transform!(context)
-
-            context.buffer[1:end-1] .= 0x0
-            context.buffer[end] = 0x80
+            # Otherwise, we have just a single byte of padding to add
+            # X-ref: https://crypto.stackexchange.com/a/40515
+            context.buffer[end] = 0x86
         end
 
         # Final transform:
diff --git a/test/constants.jl b/test/constants.jl
index 105940f..4b38cd6 100644
--- a/test/constants.jl
+++ b/test/constants.jl
@@ -3,11 +3,26 @@ lorem = "Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmo
 so_many_as_array = repeat([0x61], 1000000)
 so_many_as_tuple = ntuple((i) -> 0x61, 1000000)
 
-data = Any["", "test", lorem, IOBuffer(UInt8['\0']), so_many_as_array, so_many_as_tuple]
+data = Any[
+    "",
+    "test",
+    lorem,
+    IOBuffer(UInt8['\0']),
+    repeat([0x00], SHA.blocklen(SHA.SHA3_512_CTX) - 1),
+    so_many_as_array,
+    so_many_as_tuple,
+]
 
 # Descriptions of the data, the SHA functions we'll run on the data, etc...
-data_desc = ["the empty string", "the string \"test\"", "lorem ipsum",
-             "0 file", "one million a's Array", "one million a's Tuple"]
+data_desc = [
+    "the empty string",
+    "the string \"test\"",
+    "lorem ipsum",
+    "0 file",
+    "71 0's",
+    "one million a's Array",
+    "one million a's Tuple",
+]
 sha_types = Dict(sha1 => SHA.SHA1_CTX,
             sha2_224 => SHA.SHA2_224_CTX, sha2_256 => SHA.SHA2_256_CTX, sha2_384 => SHA.SHA2_384_CTX, sha2_512 => SHA.SHA2_512_CTX,
             sha2_512_224 => SHA.SHA2_512_224_CTX, sha2_512_256 => SHA.SHA2_512_256_CTX,
@@ -31,6 +46,7 @@ answers = Dict(
         "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3",
         "19afa2a4a37462c7b940a6c4c61363d49c3a35f4",
         "5ba93c9db0cff93f52b521d7420e43f6eda2784f",
+        "ae9c81906afe9cc485d6808c62a7e2fd227ac6c6",
         "34aa973cd4c4daa4f61eeb2bdbad27316534016f",
         "34aa973cd4c4daa4f61eeb2bdbad27316534016f"
     ],
@@ -39,6 +55,7 @@ answers = Dict(
         "90a3ed9e32b2aaf4c61c410eb925426119e1a9dc53d4286ade99a809",
         "6a0644abcf1e2cecbec2814443dab5f24b7ad8ebb66c75667ab67959",
         "fff9292b4201617bdc4d3053fce02734166a683d7d858a7f5f59b073",
+        "3c76898e8f63d13ce03c37bfba507ac51f4f56422c5f4a049ed3a02c",
         "20794655980c91d8bbb4c1ea97618a4bf03f42581948b2ee4ee7ad67",
         "20794655980c91d8bbb4c1ea97618a4bf03f42581948b2ee4ee7ad67"
     ],
@@ -47,6 +64,7 @@ answers = Dict(
         "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08",
         "2c7c3d5f244f1a40069a32224215e0cf9b42485c99d80f357d76f006359c7a18",
         "6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d",
+        "0805dcdc42ca47abdc3d8fe11f8e0c7a108602022f71ab349648cfdd30a75aa6",
         "cdc76e5c9914fb9281a1c7e284d73e67f1809a48a497200e046d39ccc7112cd0",
         "cdc76e5c9914fb9281a1c7e284d73e67f1809a48a497200e046d39ccc7112cd0"
     ],
@@ -55,6 +73,7 @@ answers = Dict(
         "768412320f7b0aa5812fce428dc4706b3cae50e02a64caa16a782249bfe8efc4b7ef1ccb126255d196047dfedf17a0a9",
         "63980fd0425cd2c3d8a400ee0f2671ef135db03b947ec1af21b6e28f19c16ca272036469541f4d8e336ac6d1da50580f",
         "bec021b4f368e3069134e012c2b4307083d3a9bdd206e24e5f0d86e13d6636655933ec2b413465966817a9c208a11717",
+        "a1cc246f33d6117af295aa5c8554af5c320d5345fb5dfbf040ba6467abe999931bf3eab4c354bc9bf947a28da257793b",
         "9d0e1809716474cb086e834e310a4a1ced149e9c00f248527972cec5704c2a5b07b8b3dc38ecc4ebae97ddd87f3d8985",
         "9d0e1809716474cb086e834e310a4a1ced149e9c00f248527972cec5704c2a5b07b8b3dc38ecc4ebae97ddd87f3d8985"
     ],
@@ -63,6 +82,7 @@ answers = Dict(
         "ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff",
         "f41d92bc9fc1157a0d1387e67f3d0893b70f7039d3d46d8115b5079d45ad601159398c79c281681e2da09bf7d9f8c23b41d1a0a3c5b528a7f2735933a4353194",
         "b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee",
+        "e1403027c2f55d2dc4972b35b16e9401d0a9b5e055839e650b242fb12051051f72ef760214bf436ba9dd2b0d67daa2d55a783e782717d53966465b8c291acbfc",
         "e718483d0ce769644e2e42c7bc15b4638e1f98b13b2044285632a803afa973ebde0ff244877ea60a4cb0432ce577c31beb009c5c2c49aa2e4eadb217ad8cc09b",
         "e718483d0ce769644e2e42c7bc15b4638e1f98b13b2044285632a803afa973ebde0ff244877ea60a4cb0432ce577c31beb009c5c2c49aa2e4eadb217ad8cc09b"
     ],
@@ -71,6 +91,7 @@ answers = Dict(
         "06001bf08dfb17d2b54925116823be230e98b5c6c278303bc4909a8c",
         "3a312b004a593b706790a4a5b25309eb7c83efb85a4d1f0a8440e09e",
         "283bb59af7081ed08197227d8f65b9591ffe1155be43e9550e57f941",
+        "248d0549a1c049cfa48a45c56ace68cbe5a4fbeb53c685cc87294f45",
         "37ab331d76f0d36de422bd0edeb22a28accd487b7a8453ae965dd287",
         "37ab331d76f0d36de422bd0edeb22a28accd487b7a8453ae965dd287"
     ],
@@ -79,6 +100,7 @@ answers = Dict(
         "3d37fe58435e0d87323dee4a2c1b339ef954de63716ee79f5747f94d974f913f",
         "9423e3863ebb6f22b9464aeb873a39d757ef6b6a87c4bc55642f69052741fc43",
         "10baad1713566ac2333467bddb0597dec9066120dd72ac2dcb8394221dcbe43d",
+        "ae78e496b5e14648d064c88ec6165782776a13078627200ea146bc79be48a578",
         "9a59a052930187a97038cae692f30708aa6491923ef5194394dc68d56c74fb21",
         "9a59a052930187a97038cae692f30708aa6491923ef5194394dc68d56c74fb21"
     ],
@@ -88,6 +110,7 @@ answers = Dict(
         "3797bf0afbbfca4a7bbba7602a2b552746876517a7f9b7ce2db0ae7b",
         "ea5395370949ad8c7d2ca3e7c045ef3306fe3a3f4740de452ef87a28",
         "bdd5167212d2dc69665f5a8875ab87f23d5ce7849132f56371a19096",
+        "23d056090c76004dacc1e3825fc7249d0cf37444ed17952cf64ccb2f",
         "d69335b93325192e516a912e6d19a15cb51c6ed5c15243e7a7fd653c",
         "d69335b93325192e516a912e6d19a15cb51c6ed5c15243e7a7fd653c"
     ],
@@ -96,6 +119,7 @@ answers = Dict(
         "36f028580bb02cc8272a9a020f4200e346e276ae664e45ee80745574e2f5ab80",
         "8c8142d2ca964ab307ace567ddd5764f17ebb76eb8ff25543ab54c14fe2ab139",
         "5d53469f20fef4f8eab52b88044ede69c77a6a68a60728609fc4a65ff531e7d0",
+        "c977561c52fd7401efef9f9e9c9aa00097f45b64ee1d9d5d750297f0825a2148",
         "5c8875ae474a3634ba4fd55ec85bffd661f32aca75c6d699d0cdcb6c115891c1",
         "5c8875ae474a3634ba4fd55ec85bffd661f32aca75c6d699d0cdcb6c115891c1",
     ],
@@ -104,6 +128,7 @@ answers = Dict(
         "e516dabb23b6e30026863543282780a3ae0dccf05551cf0295178d7ff0f1b41eecb9db3ff219007c4e097260d58621bd",
         "eb9fbba3eb916a4efe384b3125f5d03ceb9c5c1b94431ac30fa86c54408b92701ca5d2628cd7113aa5541177ec3ccd1d",
         "127677f8b66725bbcb7c3eae9698351ca41e0eb6d66c784bd28dcdb3b5fb12d0c8e840342db03ad1ae180b92e3504933",
+        "f76e941180b782cf014e49464d2522f08bdbfb71ac55356a6ed85ea6e498e15d4703a1c969b8e000f7b2ad00aa2d566b",
         "eee9e24d78c1855337983451df97c8ad9eedf256c6334f8e948d252d5e0e76847aa0774ddb90a842190d2c558b4b8340",
         "eee9e24d78c1855337983451df97c8ad9eedf256c6334f8e948d252d5e0e76847aa0774ddb90a842190d2c558b4b8340",
     ],
@@ -112,6 +137,7 @@ answers = Dict(
         "9ece086e9bac491fac5c1d1046ca11d737b92a2b2ebd93f005d7b710110c0a678288166e7fbe796883a4f2e9b3ca9f484f521d0ce464345cc1aec96779149c14",
         "3a4318353396a12dfd20442cfce1d8ad4d7e732e85cc56b01b4cf9057a41c8827c0a03c70812e76ace68d776759225c213b4f581aac0dba5dd43b785b1a33fe5",
         "7127aab211f82a18d06cf7578ff49d5089017944139aa60d8bee057811a15fb55a53887600a3eceba004de51105139f32506fe5b53e1913bfa6b32e716fe97da",
+        "cd87417194c917561a59c7f2eb4b95145971e32e8e4ef3b23b0f190bfd29e3692cc7975275750a27df95d5c6a99b7a341e1b8a38a750a51aca5b77bae41fbbfc",
         "3c3a876da14034ab60627c077bb98f7e120a2a5370212dffb3385a18d4f38859ed311d0a9d5141ce9cc5c66ee689b266a8aa18ace8282a0e0db596c90b0a7b87",
         "3c3a876da14034ab60627c077bb98f7e120a2a5370212dffb3385a18d4f38859ed311d0a9d5141ce9cc5c66ee689b266a8aa18ace8282a0e0db596c90b0a7b87",
     ]
diff --git a/test/runtests.jl b/test/runtests.jl
index 2dd9106..14491f8 100644
--- a/test/runtests.jl
+++ b/test/runtests.jl
@@ -106,7 +106,7 @@ end
         "1ec3e5ebb442c09e7ab7a1ee18edfa1a9ec771ad243e3e3d65cad1730416109a0890e29f9314babd7ab018a246b2f9639af29ee09aec2352a2f94dc12a2f6109"
     # test `digest!` branch: @assert  usedspace == blocklen(T) - 1
     @test sha3_512("0" ^ 71) |> bytes2hex ==
-        "e6bb5d7cdde31df695c20516581127d9dab6e8d6c5196203d96a55251ce886b4824538baeaa519add156fd61633fec1ecffcc3e5d6c5a6d5da0f1c4d4e6f405e"
+        "2bdaca04f78ae216331557358d124c0b79305735e5a65fa91a8d6504c92fe1a780ee992a5f0233dad0b79875333a40d1c26d435684442492ad1e3166ef19809b"
     @test sha3_512("0" ^ 72) |> bytes2hex ==
         "69eb8ccde4eec57d5e78512bf29081dc15d3ca650d5bf15cc9c0dfd7d7c477c067504fb99c7c787df248a9897cbeaeafeae563e855205660363dd700e1d43eee"
 end