| 1 | /* |
|---|---|
| 2 | Implementation by the Keccak, Keyak and Ketje Teams, namely, Guido Bertoni, |
| 3 | Joan Daemen, Michaël Peeters, Gilles Van Assche and Ronny Van Keer, hereby |
| 4 | denoted as "the implementer". |
| 5 | |
| 6 | For more information, feedback or questions, please refer to our websites: |
| 7 | http://keccak.noekeon.org/ |
| 8 | http://keyak.noekeon.org/ |
| 9 | http://ketje.noekeon.org/ |
| 10 | |
| 11 | To the extent possible under law, the implementer has waived all copyright |
| 12 | and related or neighboring rights to the source code in this file. |
| 13 | http://creativecommons.org/publicdomain/zero/1.0/ |
| 14 | */ |
| 15 | |
| 16 | #ifndef _KeccakSponge_h_ |
| 17 | #define _KeccakSponge_h_ |
| 18 | |
| 19 | /** General information |
| 20 | * |
| 21 | * The following type and functions are not actually implemented. Their |
| 22 | * documentation is generic, with the prefix Prefix replaced by |
| 23 | * - KeccakWidth200 for a sponge function based on Keccak-f[200] |
| 24 | * - KeccakWidth400 for a sponge function based on Keccak-f[400] |
| 25 | * - KeccakWidth800 for a sponge function based on Keccak-f[800] |
| 26 | * - KeccakWidth1600 for a sponge function based on Keccak-f[1600] |
| 27 | * |
| 28 | * In all these functions, the rate and capacity must sum to the width of the |
| 29 | * chosen permutation. For instance, to use the sponge function |
| 30 | * Keccak[r=1344, c=256], one must use KeccakWidth1600_Sponge() or a combination |
| 31 | * of KeccakWidth1600_SpongeInitialize(), KeccakWidth1600_SpongeAbsorb(), |
| 32 | * KeccakWidth1600_SpongeAbsorbLastFewBits() and |
| 33 | * KeccakWidth1600_SpongeSqueeze(). |
| 34 | * |
| 35 | * The Prefix_SpongeInstance contains the sponge instance attributes for use |
| 36 | * with the Prefix_Sponge* functions. |
| 37 | * It gathers the state processed by the permutation as well as the rate, |
| 38 | * the position of input/output bytes in the state and the phase |
| 39 | * (absorbing or squeezing). |
| 40 | */ |
| 41 | |
| 42 | #ifdef DontReallyInclude_DocumentationOnly |
| 43 | /** Function to evaluate the sponge function Keccak[r, c] in a single call. |
| 44 | * @param rate The value of the rate r. |
| 45 | * @param capacity The value of the capacity c. |
| 46 | * @param input Pointer to the input message (before the suffix). |
| 47 | * @param inputByteLen The length of the input message in bytes. |
| 48 | * @param suffix Byte containing from 0 to 7 suffix bits |
| 49 | * that must be absorbed after @a input. |
| 50 | * These <i>n</i> bits must be in the least significant bit positions. |
| 51 | * These bits must be delimited with a bit 1 at position <i>n</i> |
| 52 | * (counting from 0=LSB to 7=MSB) and followed by bits 0 |
| 53 | * from position <i>n</i>+1 to position 7. |
| 54 | * Some examples: |
| 55 | * - If no bits are to be absorbed, then @a suffix must be 0x01. |
| 56 | * - If the 2-bit sequence 0,0 is to be absorbed, @a suffix must be 0x04. |
| 57 | * - If the 5-bit sequence 0,1,0,0,1 is to be absorbed, @a suffix must be 0x32. |
| 58 | * - If the 7-bit sequence 1,1,0,1,0,0,0 is to be absorbed, @a suffix must be 0x8B. |
| 59 | * . |
| 60 | * @param output Pointer to the output buffer. |
| 61 | * @param outputByteLen The desired number of output bytes. |
| 62 | * @pre One must have r+c equal to the supported width of this implementation |
| 63 | * and the rate a multiple of 8 bits (one byte) in this implementation. |
| 64 | * @pre @a suffix ≠ 0x00 |
| 65 | * @return Zero if successful, 1 otherwise. |
| 66 | */ |
| 67 | int Prefix_Sponge(unsigned int rate, unsigned int capacity, const unsigned char *input, size_t inputByteLen, unsigned char suffix, unsigned char *output, size_t outputByteLen); |
| 68 | |
| 69 | /** |
| 70 | * Function to initialize the state of the Keccak[r, c] sponge function. |
| 71 | * The phase of the sponge function is set to absorbing. |
| 72 | * @param spongeInstance Pointer to the sponge instance to be initialized. |
| 73 | * @param rate The value of the rate r. |
| 74 | * @param capacity The value of the capacity c. |
| 75 | * @pre One must have r+c equal to the supported width of this implementation |
| 76 | * and the rate a multiple of 8 bits (one byte) in this implementation. |
| 77 | * @return Zero if successful, 1 otherwise. |
| 78 | */ |
| 79 | int Prefix_SpongeInitialize(Prefix_SpongeInstance *spongeInstance, unsigned int rate, unsigned int capacity); |
| 80 | |
| 81 | /** |
| 82 | * Function to give input data bytes for the sponge function to absorb. |
| 83 | * @param spongeInstance Pointer to the sponge instance initialized by Prefix_SpongeInitialize(). |
| 84 | * @param data Pointer to the input data. |
| 85 | * @param dataByteLen The number of input bytes provided in the input data. |
| 86 | * @pre The sponge function must be in the absorbing phase, |
| 87 | * i.e., Prefix_SpongeSqueeze() or Prefix_SpongeAbsorbLastFewBits() |
| 88 | * must not have been called before. |
| 89 | * @return Zero if successful, 1 otherwise. |
| 90 | */ |
| 91 | int Prefix_SpongeAbsorb(Prefix_SpongeInstance *spongeInstance, const unsigned char *data, size_t dataByteLen); |
| 92 | |
| 93 | /** |
| 94 | * Function to give input data bits for the sponge function to absorb |
| 95 | * and then to switch to the squeezing phase. |
| 96 | * @param spongeInstance Pointer to the sponge instance initialized by Prefix_SpongeInitialize(). |
| 97 | * @param delimitedData Byte containing from 0 to 7 trailing bits |
| 98 | * that must be absorbed. |
| 99 | * These <i>n</i> bits must be in the least significant bit positions. |
| 100 | * These bits must be delimited with a bit 1 at position <i>n</i> |
| 101 | * (counting from 0=LSB to 7=MSB) and followed by bits 0 |
| 102 | * from position <i>n</i>+1 to position 7. |
| 103 | * Some examples: |
| 104 | * - If no bits are to be absorbed, then @a delimitedData must be 0x01. |
| 105 | * - If the 2-bit sequence 0,0 is to be absorbed, @a delimitedData must be 0x04. |
| 106 | * - If the 5-bit sequence 0,1,0,0,1 is to be absorbed, @a delimitedData must be 0x32. |
| 107 | * - If the 7-bit sequence 1,1,0,1,0,0,0 is to be absorbed, @a delimitedData must be 0x8B. |
| 108 | * . |
| 109 | * @pre The sponge function must be in the absorbing phase, |
| 110 | * i.e., Prefix_SpongeSqueeze() or Prefix_SpongeAbsorbLastFewBits() |
| 111 | * must not have been called before. |
| 112 | * @pre @a delimitedData ≠ 0x00 |
| 113 | * @return Zero if successful, 1 otherwise. |
| 114 | */ |
| 115 | int Prefix_SpongeAbsorbLastFewBits(Prefix_SpongeInstance *spongeInstance, unsigned char delimitedData); |
| 116 | |
| 117 | /** |
| 118 | * Function to squeeze output data from the sponge function. |
| 119 | * If the sponge function was in the absorbing phase, this function |
| 120 | * switches it to the squeezing phase |
| 121 | * as if Prefix_SpongeAbsorbLastFewBits(spongeInstance, 0x01) was called. |
| 122 | * @param spongeInstance Pointer to the sponge instance initialized by Prefix_SpongeInitialize(). |
| 123 | * @param data Pointer to the buffer where to store the output data. |
| 124 | * @param dataByteLen The number of output bytes desired. |
| 125 | * @return Zero if successful, 1 otherwise. |
| 126 | */ |
| 127 | int Prefix_SpongeSqueeze(Prefix_SpongeInstance *spongeInstance, unsigned char *data, size_t dataByteLen); |
| 128 | #endif |
| 129 | |
| 130 | #include <string.h> |
| 131 | #include "align.h" |
| 132 | |
| 133 | #define KCP_DeclareSpongeStructure(prefix, size, alignment) \ |
| 134 | ALIGN(alignment) typedef struct prefix##_SpongeInstanceStruct { \ |
| 135 | unsigned char state[size]; \ |
| 136 | unsigned int rate; \ |
| 137 | unsigned int byteIOIndex; \ |
| 138 | int squeezing; \ |
| 139 | } prefix##_SpongeInstance; |
| 140 | |
| 141 | #define KCP_DeclareSpongeFunctions(prefix) \ |
| 142 | int prefix##_Sponge(unsigned int rate, unsigned int capacity, const unsigned char *input, size_t inputByteLen, unsigned char suffix, unsigned char *output, size_t outputByteLen); \ |
| 143 | int prefix##_SpongeInitialize(prefix##_SpongeInstance *spongeInstance, unsigned int rate, unsigned int capacity); \ |
| 144 | int prefix##_SpongeAbsorb(prefix##_SpongeInstance *spongeInstance, const unsigned char *data, size_t dataByteLen); \ |
| 145 | int prefix##_SpongeAbsorbLastFewBits(prefix##_SpongeInstance *spongeInstance, unsigned char delimitedData); \ |
| 146 | int prefix##_SpongeSqueeze(prefix##_SpongeInstance *spongeInstance, unsigned char *data, size_t dataByteLen); |
| 147 | |
| 148 | #ifndef KeccakP200_excluded |
| 149 | #include "KeccakP-200-SnP.h" |
| 150 | KCP_DeclareSpongeStructure(KeccakWidth200, KeccakP200_stateSizeInBytes, KeccakP200_stateAlignment) |
| 151 | KCP_DeclareSpongeFunctions(KeccakWidth200) |
| 152 | #endif |
| 153 | |
| 154 | #ifndef KeccakP400_excluded |
| 155 | #include "KeccakP-400-SnP.h" |
| 156 | KCP_DeclareSpongeStructure(KeccakWidth400, KeccakP400_stateSizeInBytes, KeccakP400_stateAlignment) |
| 157 | KCP_DeclareSpongeFunctions(KeccakWidth400) |
| 158 | #endif |
| 159 | |
| 160 | #ifndef KeccakP800_excluded |
| 161 | #include "KeccakP-800-SnP.h" |
| 162 | KCP_DeclareSpongeStructure(KeccakWidth800, KeccakP800_stateSizeInBytes, KeccakP800_stateAlignment) |
| 163 | KCP_DeclareSpongeFunctions(KeccakWidth800) |
| 164 | #endif |
| 165 | |
| 166 | #ifndef KeccakP1600_excluded |
| 167 | #include "KeccakP-1600-SnP.h" |
| 168 | KCP_DeclareSpongeStructure(KeccakWidth1600, KeccakP1600_stateSizeInBytes, KeccakP1600_stateAlignment) |
| 169 | KCP_DeclareSpongeFunctions(KeccakWidth1600) |
| 170 | #endif |
| 171 | |
| 172 | #endif |
| 173 |
Generated while processing python/Modules/_sha3/sha3module.c
Generated on 2022-Jun-21 from project python revision v3.10.5
Powered by 
Code Browser 2.1
Generator usage only permitted with license.