| /* |
| Implementation by the Keccak, Keyak and Ketje Teams, namely, Guido Bertoni, |
| Joan Daemen, Michaël Peeters, Gilles Van Assche and Ronny Van Keer, hereby |
| denoted as "the implementer". |
| |
| For more information, feedback or questions, please refer to our websites: |
| http://keccak.noekeon.org/ |
| http://keyak.noekeon.org/ |
| http://ketje.noekeon.org/ |
| |
| To the extent possible under law, the implementer has waived all copyright |
| and related or neighboring rights to the source code in this file. |
| http://creativecommons.org/publicdomain/zero/1.0/ |
| */ |
| |
| #ifndef _KeccakSponge_h_ |
| #define _KeccakSponge_h_ |
| |
| /** General information |
| * |
| * The following type and functions are not actually implemented. Their |
| * documentation is generic, with the prefix Prefix replaced by |
| * - KeccakWidth200 for a sponge function based on Keccak-f[200] |
| * - KeccakWidth400 for a sponge function based on Keccak-f[400] |
| * - KeccakWidth800 for a sponge function based on Keccak-f[800] |
| * - KeccakWidth1600 for a sponge function based on Keccak-f[1600] |
| * |
| * In all these functions, the rate and capacity must sum to the width of the |
| * chosen permutation. For instance, to use the sponge function |
| * Keccak[r=1344, c=256], one must use KeccakWidth1600_Sponge() or a combination |
| * of KeccakWidth1600_SpongeInitialize(), KeccakWidth1600_SpongeAbsorb(), |
| * KeccakWidth1600_SpongeAbsorbLastFewBits() and |
| * KeccakWidth1600_SpongeSqueeze(). |
| * |
| * The Prefix_SpongeInstance contains the sponge instance attributes for use |
| * with the Prefix_Sponge* functions. |
| * It gathers the state processed by the permutation as well as the rate, |
| * the position of input/output bytes in the state and the phase |
| * (absorbing or squeezing). |
| */ |
| |
| #ifdef DontReallyInclude_DocumentationOnly |
| /** Function to evaluate the sponge function Keccak[r, c] in a single call. |
| * @param rate The value of the rate r. |
| * @param capacity The value of the capacity c. |
| * @param input Pointer to the input message (before the suffix). |
| * @param inputByteLen The length of the input message in bytes. |
| * @param suffix Byte containing from 0 to 7 suffix bits |
| * that must be absorbed after @a input. |
| * These <i>n</i> bits must be in the least significant bit positions. |
| * These bits must be delimited with a bit 1 at position <i>n</i> |
| * (counting from 0=LSB to 7=MSB) and followed by bits 0 |
| * from position <i>n</i>+1 to position 7. |
| * Some examples: |
| * - If no bits are to be absorbed, then @a suffix must be 0x01. |
| * - If the 2-bit sequence 0,0 is to be absorbed, @a suffix must be 0x04. |
| * - If the 5-bit sequence 0,1,0,0,1 is to be absorbed, @a suffix must be 0x32. |
| * - If the 7-bit sequence 1,1,0,1,0,0,0 is to be absorbed, @a suffix must be 0x8B. |
| * . |
| * @param output Pointer to the output buffer. |
| * @param outputByteLen The desired number of output bytes. |
| * @pre One must have r+c equal to the supported width of this implementation |
| * and the rate a multiple of 8 bits (one byte) in this implementation. |
| * @pre @a suffix ≠ 0x00 |
| * @return Zero if successful, 1 otherwise. |
| */ |
| int Prefix_Sponge(unsigned int rate, unsigned int capacity, const unsigned char *input, size_t inputByteLen, unsigned char suffix, unsigned char *output, size_t outputByteLen); |
| |
| /** |
| * Function to initialize the state of the Keccak[r, c] sponge function. |
| * The phase of the sponge function is set to absorbing. |
| * @param spongeInstance Pointer to the sponge instance to be initialized. |
| * @param rate The value of the rate r. |
| * @param capacity The value of the capacity c. |
| * @pre One must have r+c equal to the supported width of this implementation |
| * and the rate a multiple of 8 bits (one byte) in this implementation. |
| * @return Zero if successful, 1 otherwise. |
| */ |
| int Prefix_SpongeInitialize(Prefix_SpongeInstance *spongeInstance, unsigned int rate, unsigned int capacity); |
| |
| /** |
| * Function to give input data bytes for the sponge function to absorb. |
| * @param spongeInstance Pointer to the sponge instance initialized by Prefix_SpongeInitialize(). |
| * @param data Pointer to the input data. |
| * @param dataByteLen The number of input bytes provided in the input data. |
| * @pre The sponge function must be in the absorbing phase, |
| * i.e., Prefix_SpongeSqueeze() or Prefix_SpongeAbsorbLastFewBits() |
| * must not have been called before. |
| * @return Zero if successful, 1 otherwise. |
| */ |
| int Prefix_SpongeAbsorb(Prefix_SpongeInstance *spongeInstance, const unsigned char *data, size_t dataByteLen); |
| |
| /** |
| * Function to give input data bits for the sponge function to absorb |
| * and then to switch to the squeezing phase. |
| * @param spongeInstance Pointer to the sponge instance initialized by Prefix_SpongeInitialize(). |
| * @param delimitedData Byte containing from 0 to 7 trailing bits |
| * that must be absorbed. |
| * These <i>n</i> bits must be in the least significant bit positions. |
| * These bits must be delimited with a bit 1 at position <i>n</i> |
| * (counting from 0=LSB to 7=MSB) and followed by bits 0 |
| * from position <i>n</i>+1 to position 7. |
| * Some examples: |
| * - If no bits are to be absorbed, then @a delimitedData must be 0x01. |
| * - If the 2-bit sequence 0,0 is to be absorbed, @a delimitedData must be 0x04. |
| * - If the 5-bit sequence 0,1,0,0,1 is to be absorbed, @a delimitedData must be 0x32. |
| * - If the 7-bit sequence 1,1,0,1,0,0,0 is to be absorbed, @a delimitedData must be 0x8B. |
| * . |
| * @pre The sponge function must be in the absorbing phase, |
| * i.e., Prefix_SpongeSqueeze() or Prefix_SpongeAbsorbLastFewBits() |
| * must not have been called before. |
| * @pre @a delimitedData ≠ 0x00 |
| * @return Zero if successful, 1 otherwise. |
| */ |
| int Prefix_SpongeAbsorbLastFewBits(Prefix_SpongeInstance *spongeInstance, unsigned char delimitedData); |
| |
| /** |
| * Function to squeeze output data from the sponge function. |
| * If the sponge function was in the absorbing phase, this function |
| * switches it to the squeezing phase |
| * as if Prefix_SpongeAbsorbLastFewBits(spongeInstance, 0x01) was called. |
| * @param spongeInstance Pointer to the sponge instance initialized by Prefix_SpongeInitialize(). |
| * @param data Pointer to the buffer where to store the output data. |
| * @param dataByteLen The number of output bytes desired. |
| * @return Zero if successful, 1 otherwise. |
| */ |
| int Prefix_SpongeSqueeze(Prefix_SpongeInstance *spongeInstance, unsigned char *data, size_t dataByteLen); |
| #endif |
| |
| #include <string.h> |
| #include "align.h" |
| |
| #define KCP_DeclareSpongeStructure(prefix, size, alignment) \ |
| ALIGN(alignment) typedef struct prefix##_SpongeInstanceStruct { \ |
| unsigned char state[size]; \ |
| unsigned int rate; \ |
| unsigned int byteIOIndex; \ |
| int squeezing; \ |
| } prefix##_SpongeInstance; |
| |
| #define KCP_DeclareSpongeFunctions(prefix) \ |
| int prefix##_Sponge(unsigned int rate, unsigned int capacity, const unsigned char *input, size_t inputByteLen, unsigned char suffix, unsigned char *output, size_t outputByteLen); \ |
| int prefix##_SpongeInitialize(prefix##_SpongeInstance *spongeInstance, unsigned int rate, unsigned int capacity); \ |
| int prefix##_SpongeAbsorb(prefix##_SpongeInstance *spongeInstance, const unsigned char *data, size_t dataByteLen); \ |
| int prefix##_SpongeAbsorbLastFewBits(prefix##_SpongeInstance *spongeInstance, unsigned char delimitedData); \ |
| int prefix##_SpongeSqueeze(prefix##_SpongeInstance *spongeInstance, unsigned char *data, size_t dataByteLen); |
| |
| #ifndef KeccakP200_excluded |
| #include "KeccakP-200-SnP.h" |
| KCP_DeclareSpongeStructure(KeccakWidth200, KeccakP200_stateSizeInBytes, KeccakP200_stateAlignment) |
| KCP_DeclareSpongeFunctions(KeccakWidth200) |
| #endif |
| |
| #ifndef KeccakP400_excluded |
| #include "KeccakP-400-SnP.h" |
| KCP_DeclareSpongeStructure(KeccakWidth400, KeccakP400_stateSizeInBytes, KeccakP400_stateAlignment) |
| KCP_DeclareSpongeFunctions(KeccakWidth400) |
| #endif |
| |
| #ifndef KeccakP800_excluded |
| #include "KeccakP-800-SnP.h" |
| KCP_DeclareSpongeStructure(KeccakWidth800, KeccakP800_stateSizeInBytes, KeccakP800_stateAlignment) |
| KCP_DeclareSpongeFunctions(KeccakWidth800) |
| #endif |
| |
| #ifndef KeccakP1600_excluded |
| #include "KeccakP-1600-SnP.h" |
| KCP_DeclareSpongeStructure(KeccakWidth1600, KeccakP1600_stateSizeInBytes, KeccakP1600_stateAlignment) |
| KCP_DeclareSpongeFunctions(KeccakWidth1600) |
| #endif |
| |
| #endif |