Add constructors for configuring non-default output byte length (#28)

Author: 05nelsonm

README.md

@@ -41,6 +41,8 @@ fun main() {
     // should no longer be utilized because they have been broken.
     HmacMD5(key)
     HmacSHA1(key)
+    
+    key.fill(0)
 }
 ```
 
@@ -58,6 +60,8 @@ fun main() {
     HmacSHA512_224(key)
     HmacSHA512_256(key)
     HmacSHA512t(key, 504)
+    
+    key.fill(0)
 }
 ```
 
@@ -75,6 +79,8 @@ fun main() {
     HmacSHA3_256(key)
     HmacSHA3_384(key)
     HmacSHA3_512(key)
+    
+    key.fill(0)
 }
 ```
 
@@ -90,8 +96,11 @@ fun main() {
     KMAC128(key)     // as a Mac
     KMAC128.xOf(key) // as a Xof (Extendable-Output Function)
 
-    KMAC256(key)
+    val S = "My Customization".encodeToByteArray()
+    KMAC256(key, S, outputLength = 123)
     KMAC256.xOf(key)
+
+    key.fill(0)
 }
 ```
 -->

build.gradle.kts

@@ -32,6 +32,13 @@ allprojects {
 
     repositories {
         mavenCentral()
+
+        if (version.toString().endsWith("-SNAPSHOT")) {
+            // Only allow snapshot dependencies for non-release versions.
+            // This would cause a build failure if attempting to make a release
+            // while depending on a -SNAPSHOT version (such as core or hash).
+            maven("https://s01.oss.sonatype.org/content/repositories/snapshots/")
+        }
     }
 
 }

gradle/libs.versions.toml

@@ -2,8 +2,8 @@
 binaryCompat = "0.13.0"
 bouncyCastle = "1.72"
 configuration = "0.1.0-beta02"
-cryptoCore = "0.2.3"
-cryptoHash = "0.2.3"
+cryptoCore = "0.2.4-SNAPSHOT"
+cryptoHash = "0.2.4-SNAPSHOT"
 encoding = "1.2.1"
 gradleVersions = "0.46.0"
 kotlin = "1.8.10"

library/hmac/hmac/src/commonMain/kotlin/org/kotlincrypto/macs/Hmac.kt

@@ -91,7 +91,6 @@ public abstract class Hmac: Mac {
         }
 
         override fun update(input: Byte) { digest.update(input) }
-        override fun update(input: ByteArray) { digest.update(input) }
         override fun update(input: ByteArray, offset: Int, len: Int) { digest.update(input, offset, len) }
 
         override fun doFinal(): ByteArray {

library/kmac/api/kmac.api

@@ -1,7 +1,9 @@
 public final class org/kotlincrypto/macs/KMAC128 : org/kotlincrypto/macs/Kmac {
 	public static final field Companion Lorg/kotlincrypto/macs/KMAC128$Companion;
+	public static final field MAC_LENGTH I
 	public fun <init> ([B)V
 	public fun <init> ([B[B)V
+	public fun <init> ([B[BI)V
 	public static final fun xOf ([B)Lorg/kotlincrypto/core/Xof;
 	public static final fun xOf ([B[B)Lorg/kotlincrypto/core/Xof;
 }
@@ -14,8 +16,10 @@ public final class org/kotlincrypto/macs/KMAC128$Companion : org/kotlincrypto/ma
 
 public final class org/kotlincrypto/macs/KMAC256 : org/kotlincrypto/macs/Kmac {
 	public static final field Companion Lorg/kotlincrypto/macs/KMAC256$Companion;
+	public static final field MAC_LENGTH I
 	public fun <init> ([B)V
 	public fun <init> ([B[B)V
+	public fun <init> ([B[BI)V
 	public static final fun xOf ([B)Lorg/kotlincrypto/core/Xof;
 	public static final fun xOf ([B[B)Lorg/kotlincrypto/core/Xof;
 }
@@ -29,7 +33,7 @@ public final class org/kotlincrypto/macs/KMAC256$Companion : org/kotlincrypto/ma
 public abstract class org/kotlincrypto/macs/Kmac : org/kotlincrypto/core/Mac, org/kotlincrypto/core/XofAlgorithm {
 	protected static final field Companion Lorg/kotlincrypto/macs/Kmac$Companion;
 	public synthetic fun <init> (Lorg/kotlincrypto/core/Mac$Engine;Lkotlin/jvm/internal/DefaultConstructorMarker;)V
-	public synthetic fun <init> ([B[BILkotlin/jvm/internal/DefaultConstructorMarker;)V
+	public synthetic fun <init> ([B[BIILkotlin/jvm/internal/DefaultConstructorMarker;)V
 }
 
 protected final class org/kotlincrypto/macs/Kmac$Companion {

library/kmac/src/commonMain/kotlin/org/kotlincrypto/macs/KMAC128.kt

@@ -17,6 +17,7 @@ package org.kotlincrypto.macs
 
 import org.kotlincrypto.core.Mac
 import org.kotlincrypto.core.Xof
+import org.kotlincrypto.hash.sha3.CSHAKE128
 import kotlin.jvm.JvmOverloads
 import kotlin.jvm.JvmStatic
 
@@ -28,30 +29,59 @@ import kotlin.jvm.JvmStatic
 public class KMAC128: Kmac {
 
     /**
-     * Creates a new [KMAC128] [Mac] instance with a fixed output [macLength].
+     * Creates a new [KMAC128] [Mac] instance with a default output length
+     * of 32 bytes.
      *
      * @throws [IllegalArgumentException] if [key] is empty.
      * */
     @Throws(IllegalArgumentException::class)
-    public constructor(key: ByteArray): this(key, null)
+    public constructor(
+        key: ByteArray,
+    ): this(key, null)
 
     /**
-     * Creates a new [KMAC128] [Mac] instance with a fixed output [macLength].
+     * Creates a new [KMAC128] [Mac] instance with a default output length
+     * of 32 bytes.
      *
      * @param [S] A user selected customization bit string to define a variant
      *   of the function. When no customization is desired, [S] is set to an
      *   empty or null value. (e.g. "My Customization".encodeToByteArray()).
      * @throws [IllegalArgumentException] if [key] is empty.
      * */
     @Throws(IllegalArgumentException::class)
-    public constructor(key: ByteArray, S: ByteArray?): super(key, S, BIT_STRENGTH_128)
+    public constructor(
+        key: ByteArray,
+        S: ByteArray?,
+    ): this(key, S, MAC_LENGTH)
+
+    /**
+     * Creates a new [KMAC128] [Mac] instance with a non-default output length.
+     *
+     * @param [S] A user selected customization bit string to define a variant
+     *   of the function. When no customization is desired, [S] is set to an
+     *   empty or null value. (e.g. "My Customization".encodeToByteArray()).
+     * @param [outputLength] The number of bytes returned when [doFinal] is invoked
+     * @throws [IllegalArgumentException] if [key] is empty, or [outputLength]
+     *   is negative.
+     * */
+    @Throws(IllegalArgumentException::class)
+    public constructor(
+        key: ByteArray,
+        S: ByteArray?,
+        outputLength: Int,
+    ): super(key, S, BIT_STRENGTH_128, outputLength)
 
     private constructor(engine: Mac.Engine): super(engine)
 
     protected override fun copy(engineCopy: Mac.Engine): Mac = KMAC128(engineCopy)
 
     public companion object: KMACXofFactory<KMAC128>() {
 
+        /**
+         * The default number of bytes output when [doFinal] is invoked (32)
+         * */
+        public const val MAC_LENGTH: Int = CSHAKE128.DIGEST_LENGTH
+
         /**
          * Produces a new [Xof] (Extendable-Output Function) for [KMAC128]
          *
@@ -62,6 +92,6 @@ public class KMAC128: Kmac {
          * */
         @JvmStatic
         @JvmOverloads
-        public fun xOf(key: ByteArray, S: ByteArray? = null): Xof<KMAC128> = KMACXof(KMAC128(key, S))
+        public fun xOf(key: ByteArray, S: ByteArray? = null): Xof<KMAC128> = KMACXof(KMAC128(key, S, 0))
     }
 }

library/kmac/src/commonMain/kotlin/org/kotlincrypto/macs/KMAC256.kt

@@ -17,6 +17,7 @@ package org.kotlincrypto.macs
 
 import org.kotlincrypto.core.Mac
 import org.kotlincrypto.core.Xof
+import org.kotlincrypto.hash.sha3.CSHAKE256
 import kotlin.jvm.JvmOverloads
 import kotlin.jvm.JvmStatic
 
@@ -28,30 +29,59 @@ import kotlin.jvm.JvmStatic
 public class KMAC256: Kmac {
 
     /**
-     * Creates a new [KMAC256] [Mac] instance with a fixed output [macLength].
+     * Creates a new [KMAC256] [Mac] instance with a default output length
+     * of 64 bytes.
      *
      * @throws [IllegalArgumentException] if [key] is empty.
      * */
     @Throws(IllegalArgumentException::class)
-    public constructor(key: ByteArray): this(key, null)
+    public constructor(
+        key: ByteArray,
+    ): this(key, null)
 
     /**
-     * Creates a new [KMAC256] [Mac] instance with a fixed output [macLength].
+     * Creates a new [KMAC256] [Mac] instance with a default output length
+     * of 64 bytes.
      *
      * @param [S] A user selected customization bit string to define a variant
      *   of the function. When no customization is desired, [S] is set to an
      *   empty or null value. (e.g. "My Customization".encodeToByteArray()).
      * @throws [IllegalArgumentException] if [key] is empty.
      * */
     @Throws(IllegalArgumentException::class)
-    public constructor(key: ByteArray, S: ByteArray?): super(key, S, BIT_STRENGTH_256)
+    public constructor(
+        key: ByteArray,
+        S: ByteArray?,
+    ): this(key, S, MAC_LENGTH)
+
+    /**
+     * Creates a new [KMAC256] [Mac] instance with a non-default output length.
+     *
+     * @param [S] A user selected customization bit string to define a variant
+     *   of the function. When no customization is desired, [S] is set to an
+     *   empty or null value. (e.g. "My Customization".encodeToByteArray()).
+     * @param [outputLength] The number of bytes returned when [doFinal] is invoked
+     * @throws [IllegalArgumentException] if [key] is empty, or [outputLength]
+     *   is negative.
+     * */
+    @Throws(IllegalArgumentException::class)
+    public constructor(
+        key: ByteArray,
+        S: ByteArray?,
+        outputLength: Int,
+    ): super(key, S, BIT_STRENGTH_256, outputLength)
 
     private constructor(engine: Mac.Engine): super(engine)
 
     protected override fun copy(engineCopy: Mac.Engine): Mac = KMAC256(engineCopy)
 
     public companion object: KMACXofFactory<KMAC256>() {
 
+        /**
+         * The default number of bytes output when [doFinal] is invoked (64)
+         * */
+        public const val MAC_LENGTH: Int = CSHAKE256.DIGEST_LENGTH
+
         /**
          * Produces a new [Xof] (Extendable-Output Function) for [KMAC256]
          *
@@ -62,6 +92,6 @@ public class KMAC256: Kmac {
          * */
         @JvmStatic
         @JvmOverloads
-        public fun xOf(key: ByteArray, S: ByteArray? = null): Xof<KMAC256> = KMACXof(KMAC256(key, S))
+        public fun xOf(key: ByteArray, S: ByteArray? = null): Xof<KMAC256> = KMACXof(KMAC256(key, S, 0))
     }
 }

library/kmac/src/commonMain/kotlin/org/kotlincrypto/macs/Kmac.kt

@@ -38,7 +38,8 @@ public sealed class Kmac: Mac, XofAlgorithm {
         key: ByteArray,
         S: ByteArray?,
         bitStrength: Int,
-    ): this(Kmac.Engine(key, S, bitStrength))
+        outputLength: Int,
+    ): this(Kmac.Engine(key, S, bitStrength, outputLength))
 
     @OptIn(InternalKotlinCryptoApi::class)
     protected constructor(engine: Mac.Engine): super((engine as Kmac.Engine).algorithm(), engine) {
@@ -48,8 +49,16 @@ public sealed class Kmac: Mac, XofAlgorithm {
     @OptIn(InternalKotlinCryptoApi::class)
     public sealed class KMACXofFactory<A: Kmac>: XofFactory<A>() {
         protected inner class KMACXof(delegate: A): XofDelegate(delegate) {
+
+            init {
+                // While in XOF mode, the arbitrary output length, L, is
+                // represented as 0.
+                require(delegate.macLength() == 0) { "macLength must be 0" }
+            }
+
             override fun newReader(delegateCopy: A): Reader {
-                val reader = delegateCopy.engine.padAndProvideReader(isXofMode = true)
+                // Want to reset the copy Xof here before it gets black holed
+                val reader = delegateCopy.engine.padAndProvideReader(resetXof = true)
 
                 return object : Xof<A>.Reader() {
                     override fun readProtected(out: ByteArray, offset: Int, len: Int, bytesRead: Long) {
@@ -76,20 +85,22 @@ public sealed class Kmac: Mac, XofAlgorithm {
         private val outputLength: Int
 
         @OptIn(InternalKotlinCryptoApi::class)
-        constructor(key: ByteArray, S: ByteArray?, bitStrength: Int): super(key) {
+        constructor(key: ByteArray, S: ByteArray?, bitStrength: Int, outputLength: Int): super(key) {
+            require(outputLength >= 0) { "outputLength cannot be negative" }
+
             this.bitStrength = bitStrength
+            this.outputLength = outputLength
+
             val N = KMAC.encodeToByteArray()
 
             when (bitStrength) {
                 BIT_STRENGTH_128 -> {
                     this.xof = CSHAKE128.xOf(N, S)
                     this.blockSize = CSHAKE128.BLOCK_SIZE
-                    this.outputLength = CSHAKE128.DIGEST_LENGTH
                 }
                 BIT_STRENGTH_256 -> {
                     this.xof = CSHAKE256.xOf(N, S)
                     this.blockSize = CSHAKE256.BLOCK_SIZE
-                    this.outputLength = CSHAKE256.DIGEST_LENGTH
                 }
                 else -> throw IllegalArgumentException("bitStrength must be $BIT_STRENGTH_128 or $BIT_STRENGTH_256")
             }
@@ -121,47 +132,31 @@ public sealed class Kmac: Mac, XofAlgorithm {
         }
 
         override fun update(input: Byte) { xof.update(input) }
-        override fun update(input: ByteArray) { xof.update(input) }
         override fun update(input: ByteArray, offset: Int, len: Int) { xof.update(input, offset, len) }
 
         override fun doFinal(): ByteArray {
             val out = ByteArray(macLength())
-            padAndProvideReader(isXofMode = false).use { read(out) }
+            padAndProvideReader(resetXof = false).use { read(out) }
             return out
         }
 
-        fun padAndProvideReader(isXofMode: Boolean): Xof<*>.Reader {
-            // Depending on if KMAC is being utilized as a Xof or as a Mac,
-            // the output byte length will either be the 0 or macLength(),
-            // respectively.
-            //
-            // https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-185.pdf#4.3.1%20KMAC%20with%20Arbitrary-Length%20Output
-            val outputByteLength = if (isXofMode) 0 else macLength()
-
+        fun padAndProvideReader(resetXof: Boolean): Xof<*>.Reader {
             @OptIn(InternalKotlinCryptoApi::class)
-            val encL = Xof.Utils.rightEncode(outputByteLength * 8L)
+            val encL = Xof.Utils.rightEncode(macLength() * 8L)
             xof.update(encL)
-
-            // If this is being used as a Mac, doFinal was called so no
-            // need to reset unnecessarily here as Mac.doFinal will call
-            // engine.reset() right after output is returned.
-            //
-            // If this is being used as a Xof, padAndProvideReader is
-            // called from a copy and will be single use for that Reader,
-            // so resetting it is needed before it gets black holed.
-            return xof.reader(resetXof = isXofMode)
+            return xof.reader(resetXof = resetXof)
         }
 
         private fun ByteArray.bytepad() {
-            update(this)
+            xof.update(this)
 
             val remainder = size % blockSize
 
             // No padding is needed
             if (remainder == 0) return
 
             repeat(blockSize - remainder) {
-                update(0)
+                xof.update(0)
             }
         }