Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(28801)

Delta Between Two Patch Sets: Modules/_sha3/kcp/KeccakSponge.h

Issue 16113: Add SHA-3 (Keccak) support
Left Patch Set: Created 6 years, 11 months ago
Right Patch Set: Created 3 years ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
Right: Side by side diff | Download
« no previous file with change/comment | « Modules/_sha3/kcp/KeccakSponge.c ('k') | Modules/_sha3/kcp/KeccakSponge.inc » ('j') | no next file with change/comment »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
LEFTRIGHT
(no file at all)
1 /*
2 Implementation by the Keccak, Keyak and Ketje Teams, namely, Guido Bertoni,
3 Joan Daemen, Michaël Peeters, Gilles Van Assche and Ronny Van Keer, hereby
4 denoted as "the implementer".
5
6 For more information, feedback or questions, please refer to our websites:
7 http://keccak.noekeon.org/
8 http://keyak.noekeon.org/
9 http://ketje.noekeon.org/
10
11 To the extent possible under law, the implementer has waived all copyright
12 and related or neighboring rights to the source code in this file.
13 http://creativecommons.org/publicdomain/zero/1.0/
14 */
15
16 #ifndef _KeccakSponge_h_
17 #define _KeccakSponge_h_
18
19 /** General information
20 *
21 * The following type and functions are not actually implemented. Their
22 * documentation is generic, with the prefix Prefix replaced by
23 * - KeccakWidth200 for a sponge function based on Keccak-f[200]
24 * - KeccakWidth400 for a sponge function based on Keccak-f[400]
25 * - KeccakWidth800 for a sponge function based on Keccak-f[800]
26 * - KeccakWidth1600 for a sponge function based on Keccak-f[1600]
27 *
28 * In all these functions, the rate and capacity must sum to the width of the
29 * chosen permutation. For instance, to use the sponge function
30 * Keccak[r=1344, c=256], one must use KeccakWidth1600_Sponge() or a combinatio n
31 * of KeccakWidth1600_SpongeInitialize(), KeccakWidth1600_SpongeAbsorb(),
32 * KeccakWidth1600_SpongeAbsorbLastFewBits() and
33 * KeccakWidth1600_SpongeSqueeze().
34 *
35 * The Prefix_SpongeInstance contains the sponge instance attributes for use
36 * with the Prefix_Sponge* functions.
37 * It gathers the state processed by the permutation as well as the rate,
38 * the position of input/output bytes in the state and the phase
39 * (absorbing or squeezing).
40 */
41
42 #ifdef DontReallyInclude_DocumentationOnly
43 /** Function to evaluate the sponge function Keccak[r, c] in a single call.
44 * @param rate The value of the rate r.
45 * @param capacity The value of the capacity c.
46 * @param input Pointer to the input message (before the suffix).
47 * @param inputByteLen The length of the input message in bytes.
48 * @param suffix Byte containing from 0 to 7 suffix bits
49 * that must be absorbed after @a input.
50 * These <i>n</i> bits must be in the least significant bit positions.
51 * These bits must be delimited with a bit 1 at positio n <i>n</i>
52 * (counting from 0=LSB to 7=MSB) and followed by bits 0
53 * from position <i>n</i>+1 to position 7.
54 * Some examples:
55 * - If no bits are to be absorbed, then @a suffix must be 0x01.
56 * - If the 2-bit sequence 0,0 is to be absorbed, @ a suffix must be 0x04.
57 * - If the 5-bit sequence 0,1,0,0,1 is to be absor bed, @a suffix must be 0x32.
58 * - If the 7-bit sequence 1,1,0,1,0,0,0 is to be a bsorbed, @a suffix must be 0x8B.
59 * .
60 * @param output Pointer to the output buffer.
61 * @param outputByteLen The desired number of output bytes.
62 * @pre One must have r+c equal to the supported width of this implementatio n
63 * and the rate a multiple of 8 bits (one byte) in this implementation.
64 * @pre @a suffix ≠ 0x00
65 * @return Zero if successful, 1 otherwise.
66 */
67 int Prefix_Sponge(unsigned int rate, unsigned int capacity, const unsigned char *input, size_t inputByteLen, unsigned char suffix, unsigned char *output, size_t outputByteLen);
68
69 /**
70 * Function to initialize the state of the Keccak[r, c] sponge function.
71 * The phase of the sponge function is set to absorbing.
72 * @param spongeInstance Pointer to the sponge instance to be initialized.
73 * @param rate The value of the rate r.
74 * @param capacity The value of the capacity c.
75 * @pre One must have r+c equal to the supported width of this implementatio n
76 * and the rate a multiple of 8 bits (one byte) in this implementation.
77 * @return Zero if successful, 1 otherwise.
78 */
79 int Prefix_SpongeInitialize(Prefix_SpongeInstance *spongeInstance, unsigned int rate, unsigned int capacity);
80
81 /**
82 * Function to give input data bytes for the sponge function to absorb.
83 * @param spongeInstance Pointer to the sponge instance initialized by Prefix _SpongeInitialize().
84 * @param data Pointer to the input data.
85 * @param dataByteLen The number of input bytes provided in the input data.
86 * @pre The sponge function must be in the absorbing phase,
87 * i.e., Prefix_SpongeSqueeze() or Prefix_SpongeAbsorbLastFewBits()
88 * must not have been called before.
89 * @return Zero if successful, 1 otherwise.
90 */
91 int Prefix_SpongeAbsorb(Prefix_SpongeInstance *spongeInstance, const unsigned ch ar *data, size_t dataByteLen);
92
93 /**
94 * Function to give input data bits for the sponge function to absorb
95 * and then to switch to the squeezing phase.
96 * @param spongeInstance Pointer to the sponge instance initialized by Prefix _SpongeInitialize().
97 * @param delimitedData Byte containing from 0 to 7 trailing bits
98 * that must be absorbed.
99 * These <i>n</i> bits must be in the least significant bit positions.
100 * These bits must be delimited with a bit 1 at position <i >n</i>
101 * (counting from 0=LSB to 7=MSB) and followed by bits 0
102 * from position <i>n</i>+1 to position 7.
103 * Some examples:
104 * - If no bits are to be absorbed, then @a delimitedDa ta must be 0x01.
105 * - If the 2-bit sequence 0,0 is to be absorbed, @a de limitedData must be 0x04.
106 * - If the 5-bit sequence 0,1,0,0,1 is to be absorbed, @a delimitedData must be 0x32.
107 * - If the 7-bit sequence 1,1,0,1,0,0,0 is to be absor bed, @a delimitedData must be 0x8B.
108 * .
109 * @pre The sponge function must be in the absorbing phase,
110 * i.e., Prefix_SpongeSqueeze() or Prefix_SpongeAbsorbLastFewBits()
111 * must not have been called before.
112 * @pre @a delimitedData ≠ 0x00
113 * @return Zero if successful, 1 otherwise.
114 */
115 int Prefix_SpongeAbsorbLastFewBits(Prefix_SpongeInstance *spongeInstance, unsign ed char delimitedData);
116
117 /**
118 * Function to squeeze output data from the sponge function.
119 * If the sponge function was in the absorbing phase, this function
120 * switches it to the squeezing phase
121 * as if Prefix_SpongeAbsorbLastFewBits(spongeInstance, 0x01) was called.
122 * @param spongeInstance Pointer to the sponge instance initialized by Prefix _SpongeInitialize().
123 * @param data Pointer to the buffer where to store the output data.
124 * @param dataByteLen The number of output bytes desired.
125 * @return Zero if successful, 1 otherwise.
126 */
127 int Prefix_SpongeSqueeze(Prefix_SpongeInstance *spongeInstance, unsigned char *d ata, size_t dataByteLen);
128 #endif
129
130 #include <string.h>
131 #include "align.h"
132
133 #define KCP_DeclareSpongeStructure(prefix, size, alignment) \
134 ALIGN(alignment) typedef struct prefix##_SpongeInstanceStruct { \
135 unsigned char state[size]; \
136 unsigned int rate; \
137 unsigned int byteIOIndex; \
138 int squeezing; \
139 } prefix##_SpongeInstance;
140
141 #define KCP_DeclareSpongeFunctions(prefix) \
142 int prefix##_Sponge(unsigned int rate, unsigned int capacity, const unsigned char *input, size_t inputByteLen, unsigned char suffix, unsigned char *output, size_t outputByteLen); \
143 int prefix##_SpongeInitialize(prefix##_SpongeInstance *spongeInstance, unsig ned int rate, unsigned int capacity); \
144 int prefix##_SpongeAbsorb(prefix##_SpongeInstance *spongeInstance, const uns igned char *data, size_t dataByteLen); \
145 int prefix##_SpongeAbsorbLastFewBits(prefix##_SpongeInstance *spongeInstance , unsigned char delimitedData); \
146 int prefix##_SpongeSqueeze(prefix##_SpongeInstance *spongeInstance, unsigned char *data, size_t dataByteLen);
147
148 #ifndef KeccakP200_excluded
149 #include "KeccakP-200-SnP.h"
150 KCP_DeclareSpongeStructure(KeccakWidth200, KeccakP200_stateSizeInBytes, Kecc akP200_stateAlignment)
151 KCP_DeclareSpongeFunctions(KeccakWidth200)
152 #endif
153
154 #ifndef KeccakP400_excluded
155 #include "KeccakP-400-SnP.h"
156 KCP_DeclareSpongeStructure(KeccakWidth400, KeccakP400_stateSizeInBytes, Kecc akP400_stateAlignment)
157 KCP_DeclareSpongeFunctions(KeccakWidth400)
158 #endif
159
160 #ifndef KeccakP800_excluded
161 #include "KeccakP-800-SnP.h"
162 KCP_DeclareSpongeStructure(KeccakWidth800, KeccakP800_stateSizeInBytes, Kecc akP800_stateAlignment)
163 KCP_DeclareSpongeFunctions(KeccakWidth800)
164 #endif
165
166 #ifndef KeccakP1600_excluded
167 #include "KeccakP-1600-SnP.h"
168 KCP_DeclareSpongeStructure(KeccakWidth1600, KeccakP1600_stateSizeInBytes, Ke ccakP1600_stateAlignment)
169 KCP_DeclareSpongeFunctions(KeccakWidth1600)
170 #endif
171
172 #endif
LEFTRIGHT

RSS Feeds Recent Issues | This issue
This is Rietveld 894c83f36cb7+