jmg
/
ed448goldilocks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
109 Commits
2 Branches
1.6 MiB
 
 
 
 
 
Tree: 90cb3b238a
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '90cb3b238a'
${ noResults }
ed448goldilocks/include/shake.h

227 lines
6.6 KiB
Raw Blame History 

  1. /**

  2.  * @file shake.h

  3.  * @copyright

  4.  *   Based on CC0 code by David Leon Gil, 2015 \n

  5.  *   Copyright (c) 2015 Cryptography Research, Inc.  \n

  6.  *   Released under the MIT License.  See LICENSE.txt for license information.

  7.  * @author Mike Hamburg

  8.  * @brief SHA-3-n and SHAKE-n instances.

  9.  * @warning EXPERIMENTAL!  The names, parameter orders etc are likely to change.

  10.  */

  11. 

  12. #ifndef __SHAKE_H__

  13. #define __SHAKE_H__

  14. 

  15. #include <stdint.h>

  16. #include <sys/types.h>

  17. 

  18. /* TODO: unify with other headers (maybe all into one??); add nonnull attributes */

  19. #define API_VIS __attribute__((visibility("default")))

  20. #define WARN_UNUSED __attribute__((warn_unused_result))

  21. 

  22. /* TODO: different containing structs for each primitive? */

  23. #ifndef INTERNAL_SPONGE_STRUCT

  24.     typedef struct keccak_sponge_s {

  25.         uint64_t opaque[26];

  26.     } keccak_sponge_t[1];

  27.     struct kparams_s;

  28. #endif

  29. 

  30. /**

  31.  * @brief Initialize a sponge context object.

  32.  * @param [out] sponge The object to initialize.

  33.  * @param [in] params The sponge's parameter description.

  34.  */

  35. void sponge_init (

  36.     keccak_sponge_t sponge,

  37.     const struct kparams_s *params

  38. ) API_VIS;

  39. 

  40. /**

  41.  * @brief Absorb data into a SHA3 or SHAKE hash context.

  42.  * @param [inout] sponge The context.

  43.  * @param [in] in The input data.

  44.  * @param [in] len The input data's length in bytes.

  45.  */

  46. void sha3_update (

  47.     struct keccak_sponge_s * __restrict__ sponge,

  48.     const uint8_t *in,

  49.     size_t len

  50. ) API_VIS;

  51. 

  52. /**

  53.  * @brief Squeeze output data from a SHA3 or SHAKE hash context.

  54.  * This does not destroy or re-initialize the hash context, and

  55.  * sha3 output can be called more times.

  56.  *

  57.  * @param [inout] sponge The context.

  58.  * @param [out] in The output data.

  59.  * @param [in] len The requested output data length in bytes.

  60.  */  

  61. void sha3_output (

  62.     keccak_sponge_t sponge,

  63.     uint8_t * __restrict__ out,

  64.     size_t len

  65. ) API_VIS;

  66. 

  67. /**

  68.  * @brief Destroy a SHA3 or SHAKE sponge context by overwriting it with 0.

  69.  * @param [out] sponge The context.

  70.  */  

  71. void sponge_destroy (

  72.     keccak_sponge_t sponge

  73. ) API_VIS;

  74. 

  75. /**

  76.  * @brief Hash (in) to (out)

  77.  * @param [in] in The input data.

  78.  * @param [in] inlen The length of the input data.

  79.  * @param [out] out A buffer for the output data.

  80.  * @param [in] outlen The length of the output data.

  81.  * @param [in] params The parameters of the sponge hash.

  82.  */  

  83. void sponge_hash (

  84.     const uint8_t *in,

  85.     size_t inlen,

  86.     uint8_t *out,

  87.     size_t outlen,

  88.     const struct kparams_s *params

  89. ) API_VIS;

  90. 

  91. /* TODO: expand/doxygenate individual SHAKE/SHA3 instances? */

  92. 

  93. #define DECSHAKE(n) \

  94.     extern const struct kparams_s *SHAKE##n##_params API_VIS; \

  95.     static inline void shake##n##_init(keccak_sponge_t sponge) { \

  96.         sponge_init(sponge, SHAKE##n##_params); \

  97.     } \

  98.     static inline void shake##n##_update(keccak_sponge_t sponge, const uint8_t *in, size_t inlen ) { \

  99.         sha3_update(sponge, in, inlen); \

  100.     } \

  101.     static inline void shake##n##_final(keccak_sponge_t sponge, uint8_t *out, size_t outlen ) { \

  102.         sha3_output(sponge, out, outlen); \

  103.         sponge_init(sponge, SHAKE##n##_params); \

  104.     } \

  105.     static inline void shake##n##_hash(uint8_t *out, size_t outlen, const uint8_t *in, size_t inlen) { \

  106.         sponge_hash(in,inlen,out,outlen,SHAKE##n##_params); \

  107.     } \

  108.     static inline void shake##n##_destroy( keccak_sponge_t sponge ) { \

  109.         sponge_destroy(sponge); \

  110.     }

  111.     

  112. #define DECSHA3(n) \

  113.     extern const struct kparams_s *SHA3_##n##_params API_VIS; \

  114.     static inline void sha3_##n##_init(keccak_sponge_t sponge) { \

  115.         sponge_init(sponge, SHA3_##n##_params); \

  116.     } \

  117.     static inline void sha3_##n##_update(keccak_sponge_t sponge, const uint8_t *in, size_t inlen ) { \

  118.         sha3_update(sponge, in, inlen); \

  119.     } \

  120.     static inline void sha3_##n##_final(keccak_sponge_t sponge, uint8_t *out, size_t outlen ) { \

  121.         sha3_output(sponge, out, outlen); \

  122.         sponge_init(sponge, SHA3_##n##_params); \

  123.     } \

  124.     static inline void sha3_##n##_hash(uint8_t *out, size_t outlen, const uint8_t *in, size_t inlen) { \

  125.         sponge_hash(in,inlen,out,outlen,SHA3_##n##_params); \

  126.     } \

  127.     static inline void sha3_##n##_destroy( keccak_sponge_t sponge ) { \

  128.         sponge_destroy(sponge); \

  129.     }

  130. 

  131. DECSHAKE(128)

  132. DECSHAKE(256)

  133. DECSHA3(224)

  134. DECSHA3(256)

  135. DECSHA3(384)

  136. DECSHA3(512)

  137. 

  138. /**

  139.  * @brief Initialize a sponge-based CSPRNG from a buffer.

  140.  *

  141.  * @param [out] sponge The sponge object.

  142.  * @param [in] in The initial data.

  143.  * @param [in] len The length of the initial data.

  144.  * @param [in] deterministic If zero, allow RNG to stir in nondeterministic

  145.  * data from RDRAND or RDTSC.

  146.  */

  147. void spongerng_init_from_buffer (

  148.     keccak_sponge_t sponge,

  149.     const uint8_t * __restrict__ in,

  150.     size_t len,

  151.     int deterministic

  152. ) API_VIS;

  153. 

  154. /* FIXME!! This interface has the opposite retval convention from other functions

  155.  * in the library.  (0=success).  Should they be harmonized?

  156.  */

  157. 

  158. /**

  159.  * @brief Initialize a sponge-based CSPRNG from a file.

  160.  *

  161.  * @param [out] sponge The sponge object.

  162.  * @param [in] file A name of a file containing initial data.

  163.  * @param [in] len The length of the initial data.  Must be positive.

  164.  * @param [in] deterministic If zero, allow RNG to stir in nondeterministic

  165.  * data from RDRAND or RDTSC.

  166.  *

  167.  * @retval 0 Success.

  168.  * @retval positive An error has occurred, and this was the errno.

  169.  * @retval -1 An unknown error has occurred.

  170.  * @retval -2 len was 0.

  171.  */

  172. int spongerng_init_from_file (

  173.     keccak_sponge_t sponge,

  174.     const char *file,

  175.     size_t len,

  176.     int deterministic

  177. ) API_VIS WARN_UNUSED;

  178. 

  179. 

  180. /* FIXME!! This interface has the opposite retval convention from other functions

  181.  * in the library.  (0=success).  Should they be harmonized?

  182.  */

  183. 

  184. /**

  185.  * @brief Initialize a nondeterministic sponge-based CSPRNG from /dev/urandom.

  186.  *

  187.  * @param [out] sponge The sponge object.

  188.  *

  189.  * @retval 0 Success.

  190.  * @retval positive An error has occurred, and this was the errno.

  191.  * @retval -1 An unknown error has occurred.

  192.  */

  193. int spongerng_init_from_dev_urandom (

  194.     keccak_sponge_t sponge

  195. ) API_VIS WARN_UNUSED;

  196. 

  197. /**

  198.  * @brief Output bytes from a sponge-based CSPRNG.

  199.  *

  200.  * @param [inout] sponge The sponge object.

  201.  * @param [out] out The output buffer.

  202.  * @param [in] out The output buffer's length.

  203.  */

  204. void spongerng_next (

  205.     keccak_sponge_t sponge,

  206.     uint8_t * __restrict__ out,

  207.     size_t len

  208. ) API_VIS;

  209. 

  210. /**

  211.  * @brief Stir entropy data into a sponge-based CSPRNG from a buffer.

  212.  *

  213.  * @param [out] sponge The sponge object.

  214.  * @param [in] in The entropy data.

  215.  * @param [in] len The length of the initial data.

  216.  */

  217. void spongerng_stir (

  218.     keccak_sponge_t sponge,

  219.     const uint8_t * __restrict__ in,

  220.     size_t len

  221. ) API_VIS;

  222. 

  223. #undef API_VIS

  224. #undef WARN_UNUSED

  225.     

  226. #endif /* __SHAKE_H__ */