diff options
author | Paul Duncan <pabs@pablotron.org> | 2024-05-09 01:19:01 -0400 |
---|---|---|
committer | Paul Duncan <pabs@pablotron.org> | 2024-05-09 01:19:01 -0400 |
commit | 976ec83f90442bc4c8aaa04c55daedcc56b04473 (patch) | |
tree | 488ef1adf9dcca2e26f6477f0871dca4c7f68ca4 | |
parent | 531ce003d7f94a0adebe6a1eaebdbcf087d69bae (diff) | |
download | sha3-976ec83f90442bc4c8aaa04c55daedcc56b04473.tar.bz2 sha3-976ec83f90442bc4c8aaa04c55daedcc56b04473.zip |
sha3.[hc]: add sha3_xof12_t, refactor xor12 and turboshake functions to use it
-rw-r--r-- | sha3.c | 22 | ||||
-rw-r--r-- | sha3.h | 18 |
2 files changed, 28 insertions, 12 deletions
@@ -1776,8 +1776,8 @@ static inline void xof_once(const size_t rate, const uint8_t pad, const uint8_t * * @param[in,out] xof XOF12 context. */ -static inline void xof12_init(sha3_xof_t * const xof) { - memset(xof, 0, sizeof(sha3_xof_t)); +static inline void xof12_init(sha3_xof12_t * const xof) { + memset(xof, 0, sizeof(sha3_xof12_t)); } /** @@ -1787,11 +1787,11 @@ static inline void xof12_init(sha3_xof_t * const xof) { * Called by `xof12_absorb()` and `xof12_once()`. * * @param[in,out] xof XOF12 context. - * @param[in] rate Rate of XOF function. + * @param[in] rate Rate of XOF12 function. * @param[in] m Pointer to buffer containing chunk of input message. * @param[in] m_len Length of input message chunk, in bytes. */ -static inline void xof12_absorb_raw(sha3_xof_t * const xof, const size_t rate, const uint8_t *m, size_t m_len) { +static inline void xof12_absorb_raw(sha3_xof12_t * const xof, const size_t rate, const uint8_t *m, size_t m_len) { xof->num_bytes = absorb_12(&(xof->a), xof->num_bytes, rate, m, m_len); } @@ -1806,7 +1806,7 @@ static inline void xof12_absorb_raw(sha3_xof_t * const xof, const size_t rate, c * @return `true` if the input message chunk was absorbed, or `false` if * this XOF context has already been squeezed. */ -static inline _Bool xof12_absorb(sha3_xof_t * const xof, const size_t rate, const uint8_t * const m, size_t m_len) { +static inline _Bool xof12_absorb(sha3_xof12_t * const xof, const size_t rate, const uint8_t * const m, size_t m_len) { // check context state if (xof->squeezing) { // xof has already been squeezed, return error @@ -1823,10 +1823,10 @@ static inline _Bool xof12_absorb(sha3_xof_t * const xof, const size_t rate, cons * from absorbing to squeezing. * * @param[in,out] xof XOF12 context. - * @param[in] rate Rate of XOF function. - * @param[in] pad Padding byte of XOF function. + * @param[in] rate Rate of XOF12 function. + * @param[in] pad Padding byte of XOF12 function. */ -static inline void xof12_absorb_done(sha3_xof_t * const xof, const size_t rate, const uint8_t pad) { +static inline void xof12_absorb_done(sha3_xof12_t * const xof, const size_t rate, const uint8_t pad) { // append suffix (s6.2) and padding // (note: suffix and padding are ambiguous in spec) xof->a.u8[xof->num_bytes] ^= pad; @@ -1848,7 +1848,7 @@ static inline void xof12_absorb_done(sha3_xof_t * const xof, const size_t rate, * @param[out] dst Pointer to destination buffer. * @param[out] dst_len Length of destination buffer, in bytes. */ -static inline void xof12_squeeze_raw(sha3_xof_t * const xof, const size_t rate, uint8_t *dst, size_t dst_len) { +static inline void xof12_squeeze_raw(sha3_xof12_t * const xof, const size_t rate, uint8_t *dst, size_t dst_len) { if (!xof->num_bytes) { // num_bytes is zero, so we are reading from the start of the // internal state buffer. while `dst_len` is greater than rate, @@ -1898,7 +1898,7 @@ static inline void xof12_squeeze_raw(sha3_xof_t * const xof, const size_t rate, * @param[out] dst Pointer to destination buffer. * @param[in] dst_len Length of destination buffer, in bytes. */ -static inline void xof12_squeeze(sha3_xof_t * const xof, const size_t rate, const uint8_t pad, uint8_t * const dst, const size_t dst_len) { +static inline void xof12_squeeze(sha3_xof12_t * const xof, const size_t rate, const uint8_t pad, uint8_t * const dst, const size_t dst_len) { // check state if (!xof->squeezing) { // finalize absorb @@ -1920,7 +1920,7 @@ static inline void xof12_squeeze(sha3_xof_t * const xof, const size_t rate, cons */ static inline void xof12_once(const size_t rate, const uint8_t pad, const uint8_t * const src, const size_t src_len, uint8_t * const dst, const size_t dst_len) { // init - sha3_xof_t xof; + sha3_xof12_t xof; xof12_init(&xof); // absorb @@ -1988,6 +1988,22 @@ void parallelhash256_xof_once(const parallelhash_params_t params, const uint8_t */ /** + * @brief Iterative [XOF][] context (all members are private) for XOFs + * with 12 round permutations. + * @ingroup turboshake + * + * @note Used internally by TurboSHAKE and KangarooTwelve. + * + * [xof]: https://en.wikipedia.org/wiki/Extendable-output_function + * "Extendable-Output Function (XOF)" + */ +typedef struct { + size_t num_bytes; /**< number of bytes absorbed */ + sha3_state_t a; /**< internal state */ + _Bool squeezing; /**< mode (absorbing or squeezing) */ +} sha3_xof12_t; + +/** * @brief Absorb bytes into TurboSHAKE128 [XOF][], then squeeze bytes out. * @ingroup turboshake * @@ -2091,7 +2107,7 @@ void turboshake256_custom(const uint8_t pad, const uint8_t *src, const size_t sr * "Extendable-Output Function (XOF)" */ typedef struct { - sha3_xof_t xof; /**< XOF context (private) */ + sha3_xof12_t xof; /**< XOF context (private) */ uint8_t pad; /**< Padding byte (private) */ } turboshake_t; |