crypto/sha3: make the zero value of SHAKE useable

qiulaidongfeng · seankhliao · commit 9570036ca5a9 · 2025-11-21T13:27:43.000-08:00
For #75154 Change-Id: Iee5a11ebea8c74b9abab4c077dc7990fe8f562dd Reviewed-on: https://go-review.googlesource.com/c/go/+/718521 Reviewed-by: Sean Liao <sean@liao.dev> Reviewed-by: Mark Freeman <markfreeman@google.com> Reviewed-by: Junyang Shao <shaojunyang@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
diff --git a/src/crypto/sha3/sha3.go b/src/crypto/sha3/sha3.go
@@ -188,10 +188,17 @@ func (d *SHA3) Clone() (hash.Cloner, error) {
 }
 
 // SHAKE is an instance of a SHAKE extendable output function.
+// The zero value is a usable SHAKE256 hash.
 type SHAKE struct {
 	s sha3.SHAKE
 }
 
+func (s *SHAKE) init() {
+	if s.s.Size() == 0 {
+		*s = *NewSHAKE256()
+	}
+}
+
 // NewSHAKE128 creates a new SHAKE128 XOF.
 func NewSHAKE128() *SHAKE {
 	return &SHAKE{*sha3.NewShake128()}
@@ -224,37 +231,44 @@ func NewCSHAKE256(N, S []byte) *SHAKE {
 //
 // It panics if any output has already been read.
 func (s *SHAKE) Write(p []byte) (n int, err error) {
+	s.init()
 	return s.s.Write(p)
 }
 
 // Read squeezes more output from the XOF.
 //
 // Any call to Write after a call to Read will panic.
 func (s *SHAKE) Read(p []byte) (n int, err error) {
+	s.init()
 	return s.s.Read(p)
 }
 
 // Reset resets the XOF to its initial state.
 func (s *SHAKE) Reset() {
+	s.init()
 	s.s.Reset()
 }
 
 // BlockSize returns the rate of the XOF.
 func (s *SHAKE) BlockSize() int {
+	s.init()
 	return s.s.BlockSize()
 }
 
 // MarshalBinary implements [encoding.BinaryMarshaler].
 func (s *SHAKE) MarshalBinary() ([]byte, error) {
+	s.init()
 	return s.s.MarshalBinary()
 }
 
 // AppendBinary implements [encoding.BinaryAppender].
 func (s *SHAKE) AppendBinary(p []byte) ([]byte, error) {
+	s.init()
 	return s.s.AppendBinary(p)
 }
 
 // UnmarshalBinary implements [encoding.BinaryUnmarshaler].
 func (s *SHAKE) UnmarshalBinary(data []byte) error {
+	s.init()
 	return s.s.UnmarshalBinary(data)
 }
diff --git a/src/crypto/sha3/sha3_test.go b/src/crypto/sha3/sha3_test.go
@@ -37,10 +37,11 @@ var testShakes = map[string]struct {
 	defCustomStr string
 }{
 	// NewCSHAKE without customization produces same result as SHAKE
-	"SHAKE128":  {NewCSHAKE128, "", ""},
-	"SHAKE256":  {NewCSHAKE256, "", ""},
-	"cSHAKE128": {NewCSHAKE128, "CSHAKE128", "CustomString"},
-	"cSHAKE256": {NewCSHAKE256, "CSHAKE256", "CustomString"},
+	"SHAKE128":   {NewCSHAKE128, "", ""},
+	"SHAKE256":   {NewCSHAKE256, "", ""},
+	"cSHAKE128":  {NewCSHAKE128, "CSHAKE128", "CustomString"},
+	"cSHAKE256":  {NewCSHAKE256, "CSHAKE256", "CustomString"},
+	"SHAKE-Zero": {func(N []byte, S []byte) *SHAKE { return &SHAKE{} }, "", ""},
 }
 
 func TestSHA3Hash(t *testing.T) {
