Fix after FIPS202 function renaming

mkannwischer · mkannwischer · commit a8d2d6a8b0ef · 2025-10-04T08:33:02.000+08:00
Signed-off-by: Matthias J. Kannwischer &lt;matthias@kannwischer.eu&gt;
diff --git a/mldsa/sign.c b/mldsa/sign.c
@@ -231,15 +231,15 @@ int crypto_sign_keypair(uint8_t *pk, uint8_t *sk)
   return result;
 }
 
-static void shake256_absorb_with_residual(keccak_state *state,
-                                          const uint8_t *in, size_t inlen,
-                                          uint8_t *residual, size_t *pos)
+static void mld_shake256_absorb_with_residual(mld_shake256ctx *state,
+                                              const uint8_t *in, size_t inlen,
+                                              uint8_t *residual, size_t *pos)
 __contract__(
     requires(0 <= *pos && pos <= 8)
-    requires(memory_no_alias(state, sizeof(uint64_t) * MLD_KECCAK_LANES))
+    requires(memory_no_alias(state, sizeof(mld_shake256ctx)))
     requires(in == NULL || memory_no_alias(in, inlen))
     requires(memory_no_alias(residual, 8))
-    assigns(memory_slice(state, sizeof(uint64_t) * MLD_KECCAK_LANES))
+    assigns(memory_slice(state, sizeof(mld_shake256ctx)))
     assigns(memory_slice(residual, 8))
     assigns(*pos)
 )
@@ -256,14 +256,14 @@ __contract__(
       *pos += nb;
       if (*pos == 8)
       {
-        shake256_absorb(state, residual, 8U);
+        mld_shake256_absorb(state, residual, 8U);
         *pos = 0;
       }
     }
     nb = inlen & ~7UL;
     if (nb)
     {
-      shake256_absorb(state, in, nb);
+      mld_shake256_absorb(state, in, nb);
       in += nb;
       inlen -= nb;
     }
@@ -312,23 +312,22 @@ __contract__(
   assigns(memory_slice(out, outlen))
 )
 {
-  keccak_state state;
+  mld_shake256ctx state;
   uint8_t buf[8];
   size_t pos = 0;
-  shake256_init(&state);
-  shake256_absorb_with_residual(&state, in1, in1len, buf, &pos);
-  shake256_absorb_with_residual(&state, in2, in2len, buf, &pos);
-  shake256_absorb_with_residual(&state, in3, in3len, buf, &pos);
+  mld_shake256_init(&state);
+  mld_shake256_absorb_with_residual(&state, in1, in1len, buf, &pos);
+  mld_shake256_absorb_with_residual(&state, in2, in2len, buf, &pos);
+  mld_shake256_absorb_with_residual(&state, in3, in3len, buf, &pos);
   if (pos)
   {
-    shake256_absorb(&state, buf, pos);
+    mld_shake256_absorb(&state, buf, pos);
   }
   mld_shake256_finalize(&state);
   mld_shake256_squeeze(out, outlen, &state);
   mld_shake256_release(&state);
 
   /* @[FIPS204, Section 3.6.3] Destruction of intermediate values. */
-  mld_zeroize(&state, sizeof(state));
   mld_zeroize(&buf, sizeof(buf));
 }
 

Original file line number	Diff line number	Diff line change
`@@ -231,15 +231,15 @@ int crypto_sign_keypair(uint8_t pk, uint8_t sk)`
`231`	`231`	`return result;`
`232`	`232`	`}`
`233`	`233`
`234`		`-static void shake256_absorb_with_residual(keccak_state *state,`
`235`		`- const uint8_t *in, size_t inlen,`
`236`		`- uint8_t residual, size_t pos)`
	`234`	`+static void mld_shake256_absorb_with_residual(mld_shake256ctx *state,`
	`235`	`+ const uint8_t *in, size_t inlen,`
	`236`	`+ uint8_t residual, size_t pos)`
`237`	`237`	`__contract__(`
`238`	`238`	`requires(0 <= *pos && pos <= 8)`
`239`		`- requires(memory_no_alias(state, sizeof(uint64_t) * MLD_KECCAK_LANES))`
	`239`	`+ requires(memory_no_alias(state, sizeof(mld_shake256ctx)))`
`240`	`240`	`requires(in == NULL \|\| memory_no_alias(in, inlen))`
`241`	`241`	`requires(memory_no_alias(residual, 8))`
`242`		`- assigns(memory_slice(state, sizeof(uint64_t) * MLD_KECCAK_LANES))`
	`242`	`+ assigns(memory_slice(state, sizeof(mld_shake256ctx)))`
`243`	`243`	`assigns(memory_slice(residual, 8))`
`244`	`244`	`assigns(*pos)`
`245`	`245`	`)`
`@@ -256,14 +256,14 @@ __contract__(`
`256`	`256`	`*pos += nb;`
`257`	`257`	`if (*pos == 8)`
`258`	`258`	`{`
`259`		`- shake256_absorb(state, residual, 8U);`
	`259`	`+ mld_shake256_absorb(state, residual, 8U);`
`260`	`260`	`*pos = 0;`
`261`	`261`	`}`
`262`	`262`	`}`
`263`	`263`	`nb = inlen & ~7UL;`
`264`	`264`	`if (nb)`
`265`	`265`	`{`
`266`		`- shake256_absorb(state, in, nb);`
	`266`	`+ mld_shake256_absorb(state, in, nb);`
`267`	`267`	`in += nb;`
`268`	`268`	`inlen -= nb;`
`269`	`269`	`}`
`@@ -312,23 +312,22 @@ __contract__(`
`312`	`312`	`assigns(memory_slice(out, outlen))`
`313`	`313`	`)`
`314`	`314`	`{`
`315`		`- keccak_state state;`
	`315`	`+ mld_shake256ctx state;`
`316`	`316`	`uint8_t buf[8];`
`317`	`317`	`size_t pos = 0;`
`318`		`- shake256_init(&state);`
`319`		`- shake256_absorb_with_residual(&state, in1, in1len, buf, &pos);`
`320`		`- shake256_absorb_with_residual(&state, in2, in2len, buf, &pos);`
`321`		`- shake256_absorb_with_residual(&state, in3, in3len, buf, &pos);`
	`318`	`+ mld_shake256_init(&state);`
	`319`	`+ mld_shake256_absorb_with_residual(&state, in1, in1len, buf, &pos);`
	`320`	`+ mld_shake256_absorb_with_residual(&state, in2, in2len, buf, &pos);`
	`321`	`+ mld_shake256_absorb_with_residual(&state, in3, in3len, buf, &pos);`
`322`	`322`	`if (pos)`
`323`	`323`	`{`
`324`		`- shake256_absorb(&state, buf, pos);`
	`324`	`+ mld_shake256_absorb(&state, buf, pos);`
`325`	`325`	`}`
`326`	`326`	`mld_shake256_finalize(&state);`
`327`	`327`	`mld_shake256_squeeze(out, outlen, &state);`
`328`	`328`	`mld_shake256_release(&state);`
`329`	`329`
`330`	`330`	`/* @[FIPS204, Section 3.6.3] Destruction of intermediate values. */`
`331`		`- mld_zeroize(&state, sizeof(state));`
`332`	`331`	`mld_zeroize(&buf, sizeof(buf));`
`333`	`332`	`}`
`334`	`333`