RFR: JDK-8338587 - Internal XOF Methods for SHAKE128 and SHAKE256

[Ferenc Rakoczi]

On Sat, 24 Aug 2024 19:11:09 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> In preparation for the new PQC algorithms implementations, internal XOF (eXtendable Output Function) methods are added to the SHAKE128 and SHAKE256 implementations.
>
> src/java.base/share/classes/sun/security/provider/SHA3.java line 72:
> 
>> 70:     private final byte suffix;
>> 71:     private long[] state = new long[DM*DM];
>> 72:     private int squeezeOffset = -1;
> 
> Add some comment for `squeezeOffset`.

I am adding the comment.

> src/java.base/share/classes/sun/security/provider/SHA3.java line 154:
> 
>> 152:             System.arraycopy(byteState, 0,
>> 153:                     out, ofs, numBytes - (numLongs - 1) * 8);
>> 154:         }
> 
> I still think you can set `numLongs` to be `numBytes/8`. Then there is no need to do a single set on line 149. The code will be
> 
>         int numLongs = numBytes / 8;
> 
>         for (int i = 0; i < numLongs; i++) {
>             asLittleEndian.set(out, ofs, state[i]);
>             ofs += 8;
>         }
>         if (numBytes % 8 != 0) {
>             byte[] byteState = new byte[8];
>             asLittleEndian.set(byteState, 0, state[numLongs]);
>             System.arraycopy(byteState, 0, out, ofs, numBytes % 8);
>         }

I am changing it as suggested.

> src/java.base/share/classes/sun/security/provider/SHA3.java line 434:
> 
>> 432:     /*
>> 433:      * The SHAKE128 extendable output function.
>> 434:      */
> 
> Please add a comment describing what would happen if `update` is called after `squeeze`.

I am doing that.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/20631#discussion_r1731320009
PR Review Comment: https://git.openjdk.org/jdk/pull/20631#discussion_r1731318891
PR Review Comment: https://git.openjdk.org/jdk/pull/20631#discussion_r1731319493