OLD | NEW |
(Empty) | |
| 1 /* |
| 2 Implementation by the Keccak, Keyak and Ketje Teams, namely, Guido Bertoni, |
| 3 Joan Daemen, Michaël Peeters, Gilles Van Assche and Ronny Van Keer, hereby |
| 4 denoted as "the implementer". |
| 5 |
| 6 For more information, feedback or questions, please refer to our websites: |
| 7 http://keccak.noekeon.org/ |
| 8 http://keyak.noekeon.org/ |
| 9 http://ketje.noekeon.org/ |
| 10 |
| 11 To the extent possible under law, the implementer has waived all copyright |
| 12 and related or neighboring rights to the source code in this file. |
| 13 http://creativecommons.org/publicdomain/zero/1.0/ |
| 14 */ |
| 15 |
| 16 #ifndef _KeccakSponge_h_ |
| 17 #define _KeccakSponge_h_ |
| 18 |
| 19 /** General information |
| 20 * |
| 21 * The following type and functions are not actually implemented. Their |
| 22 * documentation is generic, with the prefix Prefix replaced by |
| 23 * - KeccakWidth200 for a sponge function based on Keccak-f[200] |
| 24 * - KeccakWidth400 for a sponge function based on Keccak-f[400] |
| 25 * - KeccakWidth800 for a sponge function based on Keccak-f[800] |
| 26 * - KeccakWidth1600 for a sponge function based on Keccak-f[1600] |
| 27 * |
| 28 * In all these functions, the rate and capacity must sum to the width of the |
| 29 * chosen permutation. For instance, to use the sponge function |
| 30 * Keccak[r=1344, c=256], one must use KeccakWidth1600_Sponge() or a combinatio
n |
| 31 * of KeccakWidth1600_SpongeInitialize(), KeccakWidth1600_SpongeAbsorb(), |
| 32 * KeccakWidth1600_SpongeAbsorbLastFewBits() and |
| 33 * KeccakWidth1600_SpongeSqueeze(). |
| 34 * |
| 35 * The Prefix_SpongeInstance contains the sponge instance attributes for use |
| 36 * with the Prefix_Sponge* functions. |
| 37 * It gathers the state processed by the permutation as well as the rate, |
| 38 * the position of input/output bytes in the state and the phase |
| 39 * (absorbing or squeezing). |
| 40 */ |
| 41 |
| 42 #ifdef DontReallyInclude_DocumentationOnly |
| 43 /** Function to evaluate the sponge function Keccak[r, c] in a single call. |
| 44 * @param rate The value of the rate r. |
| 45 * @param capacity The value of the capacity c. |
| 46 * @param input Pointer to the input message (before the suffix). |
| 47 * @param inputByteLen The length of the input message in bytes. |
| 48 * @param suffix Byte containing from 0 to 7 suffix bits |
| 49 * that must be absorbed after @a input. |
| 50 * These <i>n</i> bits must be in the least significant
bit positions. |
| 51 * These bits must be delimited with a bit 1 at positio
n <i>n</i> |
| 52 * (counting from 0=LSB to 7=MSB) and followed by bits
0 |
| 53 * from position <i>n</i>+1 to position 7. |
| 54 * Some examples: |
| 55 * - If no bits are to be absorbed, then @a suffix
must be 0x01. |
| 56 * - If the 2-bit sequence 0,0 is to be absorbed, @
a suffix must be 0x04. |
| 57 * - If the 5-bit sequence 0,1,0,0,1 is to be absor
bed, @a suffix must be 0x32. |
| 58 * - If the 7-bit sequence 1,1,0,1,0,0,0 is to be a
bsorbed, @a suffix must be 0x8B. |
| 59 * . |
| 60 * @param output Pointer to the output buffer. |
| 61 * @param outputByteLen The desired number of output bytes. |
| 62 * @pre One must have r+c equal to the supported width of this implementatio
n |
| 63 * and the rate a multiple of 8 bits (one byte) in this implementation. |
| 64 * @pre @a suffix ≠ 0x00 |
| 65 * @return Zero if successful, 1 otherwise. |
| 66 */ |
| 67 int Prefix_Sponge(unsigned int rate, unsigned int capacity, const unsigned char
*input, size_t inputByteLen, unsigned char suffix, unsigned char *output, size_t
outputByteLen); |
| 68 |
| 69 /** |
| 70 * Function to initialize the state of the Keccak[r, c] sponge function. |
| 71 * The phase of the sponge function is set to absorbing. |
| 72 * @param spongeInstance Pointer to the sponge instance to be initialized. |
| 73 * @param rate The value of the rate r. |
| 74 * @param capacity The value of the capacity c. |
| 75 * @pre One must have r+c equal to the supported width of this implementatio
n |
| 76 * and the rate a multiple of 8 bits (one byte) in this implementation. |
| 77 * @return Zero if successful, 1 otherwise. |
| 78 */ |
| 79 int Prefix_SpongeInitialize(Prefix_SpongeInstance *spongeInstance, unsigned int
rate, unsigned int capacity); |
| 80 |
| 81 /** |
| 82 * Function to give input data bytes for the sponge function to absorb. |
| 83 * @param spongeInstance Pointer to the sponge instance initialized by Prefix
_SpongeInitialize(). |
| 84 * @param data Pointer to the input data. |
| 85 * @param dataByteLen The number of input bytes provided in the input data. |
| 86 * @pre The sponge function must be in the absorbing phase, |
| 87 * i.e., Prefix_SpongeSqueeze() or Prefix_SpongeAbsorbLastFewBits() |
| 88 * must not have been called before. |
| 89 * @return Zero if successful, 1 otherwise. |
| 90 */ |
| 91 int Prefix_SpongeAbsorb(Prefix_SpongeInstance *spongeInstance, const unsigned ch
ar *data, size_t dataByteLen); |
| 92 |
| 93 /** |
| 94 * Function to give input data bits for the sponge function to absorb |
| 95 * and then to switch to the squeezing phase. |
| 96 * @param spongeInstance Pointer to the sponge instance initialized by Prefix
_SpongeInitialize(). |
| 97 * @param delimitedData Byte containing from 0 to 7 trailing bits |
| 98 * that must be absorbed. |
| 99 * These <i>n</i> bits must be in the least significant bit
positions. |
| 100 * These bits must be delimited with a bit 1 at position <i
>n</i> |
| 101 * (counting from 0=LSB to 7=MSB) and followed by bits 0 |
| 102 * from position <i>n</i>+1 to position 7. |
| 103 * Some examples: |
| 104 * - If no bits are to be absorbed, then @a delimitedDa
ta must be 0x01. |
| 105 * - If the 2-bit sequence 0,0 is to be absorbed, @a de
limitedData must be 0x04. |
| 106 * - If the 5-bit sequence 0,1,0,0,1 is to be absorbed,
@a delimitedData must be 0x32. |
| 107 * - If the 7-bit sequence 1,1,0,1,0,0,0 is to be absor
bed, @a delimitedData must be 0x8B. |
| 108 * . |
| 109 * @pre The sponge function must be in the absorbing phase, |
| 110 * i.e., Prefix_SpongeSqueeze() or Prefix_SpongeAbsorbLastFewBits() |
| 111 * must not have been called before. |
| 112 * @pre @a delimitedData ≠ 0x00 |
| 113 * @return Zero if successful, 1 otherwise. |
| 114 */ |
| 115 int Prefix_SpongeAbsorbLastFewBits(Prefix_SpongeInstance *spongeInstance, unsign
ed char delimitedData); |
| 116 |
| 117 /** |
| 118 * Function to squeeze output data from the sponge function. |
| 119 * If the sponge function was in the absorbing phase, this function |
| 120 * switches it to the squeezing phase |
| 121 * as if Prefix_SpongeAbsorbLastFewBits(spongeInstance, 0x01) was called. |
| 122 * @param spongeInstance Pointer to the sponge instance initialized by Prefix
_SpongeInitialize(). |
| 123 * @param data Pointer to the buffer where to store the output data. |
| 124 * @param dataByteLen The number of output bytes desired. |
| 125 * @return Zero if successful, 1 otherwise. |
| 126 */ |
| 127 int Prefix_SpongeSqueeze(Prefix_SpongeInstance *spongeInstance, unsigned char *d
ata, size_t dataByteLen); |
| 128 #endif |
| 129 |
| 130 #include <string.h> |
| 131 #include "align.h" |
| 132 |
| 133 #define KCP_DeclareSpongeStructure(prefix, size, alignment) \ |
| 134 ALIGN(alignment) typedef struct prefix##_SpongeInstanceStruct { \ |
| 135 unsigned char state[size]; \ |
| 136 unsigned int rate; \ |
| 137 unsigned int byteIOIndex; \ |
| 138 int squeezing; \ |
| 139 } prefix##_SpongeInstance; |
| 140 |
| 141 #define KCP_DeclareSpongeFunctions(prefix) \ |
| 142 int prefix##_Sponge(unsigned int rate, unsigned int capacity, const unsigned
char *input, size_t inputByteLen, unsigned char suffix, unsigned char *output,
size_t outputByteLen); \ |
| 143 int prefix##_SpongeInitialize(prefix##_SpongeInstance *spongeInstance, unsig
ned int rate, unsigned int capacity); \ |
| 144 int prefix##_SpongeAbsorb(prefix##_SpongeInstance *spongeInstance, const uns
igned char *data, size_t dataByteLen); \ |
| 145 int prefix##_SpongeAbsorbLastFewBits(prefix##_SpongeInstance *spongeInstance
, unsigned char delimitedData); \ |
| 146 int prefix##_SpongeSqueeze(prefix##_SpongeInstance *spongeInstance, unsigned
char *data, size_t dataByteLen); |
| 147 |
| 148 #ifndef KeccakP200_excluded |
| 149 #include "KeccakP-200-SnP.h" |
| 150 KCP_DeclareSpongeStructure(KeccakWidth200, KeccakP200_stateSizeInBytes, Kecc
akP200_stateAlignment) |
| 151 KCP_DeclareSpongeFunctions(KeccakWidth200) |
| 152 #endif |
| 153 |
| 154 #ifndef KeccakP400_excluded |
| 155 #include "KeccakP-400-SnP.h" |
| 156 KCP_DeclareSpongeStructure(KeccakWidth400, KeccakP400_stateSizeInBytes, Kecc
akP400_stateAlignment) |
| 157 KCP_DeclareSpongeFunctions(KeccakWidth400) |
| 158 #endif |
| 159 |
| 160 #ifndef KeccakP800_excluded |
| 161 #include "KeccakP-800-SnP.h" |
| 162 KCP_DeclareSpongeStructure(KeccakWidth800, KeccakP800_stateSizeInBytes, Kecc
akP800_stateAlignment) |
| 163 KCP_DeclareSpongeFunctions(KeccakWidth800) |
| 164 #endif |
| 165 |
| 166 #ifndef KeccakP1600_excluded |
| 167 #include "KeccakP-1600-SnP.h" |
| 168 KCP_DeclareSpongeStructure(KeccakWidth1600, KeccakP1600_stateSizeInBytes, Ke
ccakP1600_stateAlignment) |
| 169 KCP_DeclareSpongeFunctions(KeccakWidth1600) |
| 170 #endif |
| 171 |
| 172 #endif |
OLD | NEW |