sharpetronics/liboqs
1
0
Fork 0
mirror of https://github.com/open-quantum-safe/liboqs.git synced 2025-10-06 00:03:35 -04:00
Code Issues Projects Releases Wiki Activity

Prettyprint

Browse Source
This commit is contained in:
Douglas Stebila 2019-07-04 21:40:51 -04:00
parent d9747e398e
commit 034df22563
4 changed files with 483 additions and 487 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

838
src/crypto/sha3/fips202.c
View File

File diff suppressed because it is too large Load Diff

16
src/crypto/sha3/sha3.h
View File

@ -34,7 +34,7 @@ extern "C" {
void OQS_SHA3_sha3_256(uint8_t *output, const uint8_t *input, size_t inplen);
typedef struct {
uint64_t ctx[26];
uint64_t ctx[26];
} OQS_SHA3_sha3_256_inc_ctx;
void OQS_SHA3_sha3_256_inc_init(OQS_SHA3_sha3_256_inc_ctx *state);
@ -55,7 +55,7 @@ void OQS_SHA3_sha3_256_inc_finalize(uint8_t *output, OQS_SHA3_sha3_256_inc_ctx *
void OQS_SHA3_sha3_384(uint8_t *output, const uint8_t *input, size_t inplen);
typedef struct {
uint64_t ctx[26];
uint64_t ctx[26];
} OQS_SHA3_sha3_384_inc_ctx;
void OQS_SHA3_sha3_384_inc_init(OQS_SHA3_sha3_384_inc_ctx *state);
@ -76,7 +76,7 @@ void OQS_SHA3_sha3_384_inc_finalize(uint8_t *output, OQS_SHA3_sha3_384_inc_ctx *
void OQS_SHA3_sha3_512(uint8_t *output, const uint8_t *input, size_t inplen);
typedef struct {
uint64_t ctx[26];
uint64_t ctx[26];
} OQS_SHA3_sha3_512_inc_ctx;
void OQS_SHA3_sha3_512_inc_init(OQS_SHA3_sha3_512_inc_ctx *state);
@ -100,7 +100,7 @@ void OQS_SHA3_sha3_512_inc_finalize(uint8_t *output, OQS_SHA3_sha3_512_inc_ctx *
void OQS_SHA3_shake128(uint8_t *output, size_t outlen, const uint8_t *input, size_t inplen);
typedef struct {
uint64_t ctx[25];
uint64_t ctx[25];
} OQS_SHA3_shake128_ctx;
/**
@ -131,7 +131,7 @@ void OQS_SHA3_shake128_absorb(OQS_SHA3_shake128_ctx *state, const uint8_t *input
void OQS_SHA3_shake128_squeezeblocks(uint8_t *output, size_t nblocks, OQS_SHA3_shake128_ctx *state);
typedef struct {
uint64_t ctx[26];
uint64_t ctx[26];
} OQS_SHA3_shake128_inc_ctx;
/**
@ -178,7 +178,7 @@ void OQS_SHA3_shake128_inc_squeeze(uint8_t *output, size_t outlen, OQS_SHA3_shak
void OQS_SHA3_shake256(uint8_t *output, size_t outlen, const uint8_t *input, size_t inplen);
typedef struct {
uint64_t ctx[25];
uint64_t ctx[25];
} OQS_SHA3_shake256_ctx;
/**
@ -208,7 +208,7 @@ void OQS_SHA3_shake256_absorb(OQS_SHA3_shake256_ctx *state, const uint8_t *input
void OQS_SHA3_shake256_squeezeblocks(uint8_t *output, size_t nblocks, OQS_SHA3_shake256_ctx *state);
typedef struct {
uint64_t ctx[26];
uint64_t ctx[26];
} OQS_SHA3_shake256_inc_ctx;
/**
@ -249,7 +249,7 @@ void OQS_SHA3_cshake128_inc_absorb(OQS_SHA3_shake128_inc_ctx *state, const uint8
void OQS_SHA3_cshake128_inc_finalize(OQS_SHA3_shake128_inc_ctx *state);
void OQS_SHA3_cshake128_inc_squeeze(uint8_t *output, size_t outlen, OQS_SHA3_shake128_inc_ctx *state);
void OQS_SHA3_cshake256(uint8_t *output, size_t outlen, const uint8_t *name, size_t namelen, const uint8_t* cstm, size_t cstmlen, const uint8_t *input, size_t inlen);
void OQS_SHA3_cshake256(uint8_t *output, size_t outlen, const uint8_t *name, size_t namelen, const uint8_t *cstm, size_t cstmlen, const uint8_t *input, size_t inlen);
void OQS_SHA3_cshake256_inc_init(OQS_SHA3_shake256_inc_ctx *state, const uint8_t *name, size_t namelen, const uint8_t *cstm, size_t cstmlen);
void OQS_SHA3_cshake256_inc_absorb(OQS_SHA3_shake256_inc_ctx *state, const uint8_t *input, size_t inlen);

4
src/crypto/sha3/sha3_c.c
View File

@ -75,7 +75,7 @@ void OQS_SHA3_cshake128_simple(uint8_t *output, size_t outlen, uint16_t cstm, co
for (size_t i = 0; i < 26; ++i) {
state.ctx[i] = 0;
}
/* Note: This function doesn't align exactly to cSHAKE (SP800-185 3.2), which should produce
SHAKE output if S and N = zero (sort of a customized custom-SHAKE function).
Padding is hard-coded as the first 32 bits, plus 16 bits of fixed S,
@ -103,7 +103,6 @@ void OQS_SHA3_cshake128_simple(uint8_t *output, size_t outlen, uint16_t cstm, co
/* generate output */
OQS_SHA3_cshake128_inc_finalize(&state);
OQS_SHA3_cshake128_inc_squeeze(output, outlen, &state);
}
void OQS_SHA3_cshake256_simple(uint8_t *output, size_t outlen, uint16_t cstm, const uint8_t *input, size_t inplen) {
@ -141,5 +140,4 @@ void OQS_SHA3_cshake256_simple(uint8_t *output, size_t outlen, uint16_t cstm, co
/* generate output */
OQS_SHA3_cshake256_inc_finalize(&state);
OQS_SHA3_cshake256_inc_squeeze(output, outlen, &state);
}

112
src/crypto/sha3/sp800-185.c
View File

@ -2,87 +2,87 @@
#include <stdint.h>
static size_t left_encode(uint8_t *encbuf, size_t value) {
size_t n, i, v;
size_t n, i, v;
for (v = value, n = 0; v && (n < sizeof(size_t)); n++, v >>= 8) {
; /* empty */
}
if (n == 0) {
n = 1;
}
for (i = 1; i <= n; i++) {
encbuf[i] = (uint8_t)(value >> (8 * (n-i)));
}
encbuf[0] = (uint8_t)n;
return n + 1;
for (v = value, n = 0; v && (n < sizeof(size_t)); n++, v >>= 8) {
; /* empty */
}
if (n == 0) {
n = 1;
}
for (i = 1; i <= n; i++) {
encbuf[i] = (uint8_t)(value >> (8 * (n - i)));
}
encbuf[0] = (uint8_t) n;
return n + 1;
}
void cshake128_inc_init(shake128incctx *state, const uint8_t *name, size_t namelen, const uint8_t *cstm, size_t cstmlen) {
uint8_t encbuf[sizeof(size_t)+1];
uint8_t encbuf[sizeof(size_t) + 1];
shake128_inc_init(state);
shake128_inc_init(state);
shake128_inc_absorb(state, encbuf, left_encode(encbuf, SHAKE128_RATE));
shake128_inc_absorb(state, encbuf, left_encode(encbuf, SHAKE128_RATE));
shake128_inc_absorb(state, encbuf, left_encode(encbuf, namelen * 8));
shake128_inc_absorb(state, name, namelen);
shake128_inc_absorb(state, encbuf, left_encode(encbuf, namelen * 8));
shake128_inc_absorb(state, name, namelen);
shake128_inc_absorb(state, encbuf, left_encode(encbuf, cstmlen * 8));
shake128_inc_absorb(state, cstm, cstmlen);
shake128_inc_absorb(state, encbuf, left_encode(encbuf, cstmlen * 8));
shake128_inc_absorb(state, cstm, cstmlen);
if (state->ctx[25] != 0) {
state->ctx[25] = SHAKE128_RATE - 1;
encbuf[0] = 0;
shake128_inc_absorb(state, encbuf, 1);
}
if (state->ctx[25] != 0) {
state->ctx[25] = SHAKE128_RATE - 1;
encbuf[0] = 0;
shake128_inc_absorb(state, encbuf, 1);
}
}
void cshake128_inc_absorb(shake128incctx *state, const uint8_t *input, size_t inlen) {
shake128_inc_absorb(state, input, inlen);
shake128_inc_absorb(state, input, inlen);
}
void cshake128_inc_finalize(shake128incctx *state) {
state->ctx[state->ctx[25] >> 3] ^= (uint64_t)0x04 << (8 * (state->ctx[25] & 0x07));
state->ctx[(SHAKE128_RATE - 1) >> 3] ^= (uint64_t)128 << (8 * ((SHAKE128_RATE - 1) & 0x07));
state->ctx[25] = 0;
state->ctx[state->ctx[25] >> 3] ^= (uint64_t) 0x04 << (8 * (state->ctx[25] & 0x07));
state->ctx[(SHAKE128_RATE - 1) >> 3] ^= (uint64_t) 128 << (8 * ((SHAKE128_RATE - 1) & 0x07));
state->ctx[25] = 0;
}
void cshake128_inc_squeeze(uint8_t *output, size_t outlen, shake128incctx *state) {
shake128_inc_squeeze(output, outlen, state);
shake128_inc_squeeze(output, outlen, state);
}
void cshake256_inc_init(shake256incctx *state, const uint8_t *name, size_t namelen, const uint8_t *cstm, size_t cstmlen) {
uint8_t encbuf[sizeof(size_t)+1];
uint8_t encbuf[sizeof(size_t) + 1];
shake256_inc_init(state);
shake256_inc_init(state);
shake256_inc_absorb(state, encbuf, left_encode(encbuf, SHAKE256_RATE));
shake256_inc_absorb(state, encbuf, left_encode(encbuf, SHAKE256_RATE));
shake256_inc_absorb(state, encbuf, left_encode(encbuf, namelen * 8));
shake256_inc_absorb(state, name, namelen);
shake256_inc_absorb(state, encbuf, left_encode(encbuf, namelen * 8));
shake256_inc_absorb(state, name, namelen);
shake256_inc_absorb(state, encbuf, left_encode(encbuf, cstmlen * 8));
shake256_inc_absorb(state, cstm, cstmlen);
shake256_inc_absorb(state, encbuf, left_encode(encbuf, cstmlen * 8));
shake256_inc_absorb(state, cstm, cstmlen);
if (state->ctx[25] != 0) {
state->ctx[25] = SHAKE256_RATE - 1;
encbuf[0] = 0;
shake256_inc_absorb(state, encbuf, 1);
}
if (state->ctx[25] != 0) {
state->ctx[25] = SHAKE256_RATE - 1;
encbuf[0] = 0;
shake256_inc_absorb(state, encbuf, 1);
}
}
void cshake256_inc_absorb(shake256incctx *state, const uint8_t *input, size_t inlen) {
shake256_inc_absorb(state, input, inlen);
shake256_inc_absorb(state, input, inlen);
}
void cshake256_inc_finalize(shake256incctx *state) {
state->ctx[state->ctx[25] >> 3] ^= (uint64_t)0x04 << (8 * (state->ctx[25] & 0x07));
state->ctx[(SHAKE256_RATE - 1) >> 3] ^= (uint64_t)128 << (8 * ((SHAKE256_RATE - 1) & 0x07));
state->ctx[25] = 0;
state->ctx[state->ctx[25] >> 3] ^= (uint64_t) 0x04 << (8 * (state->ctx[25] & 0x07));
state->ctx[(SHAKE256_RATE - 1) >> 3] ^= (uint64_t) 128 << (8 * ((SHAKE256_RATE - 1) & 0x07));
state->ctx[25] = 0;
}
void cshake256_inc_squeeze(uint8_t *output, size_t outlen, shake256incctx *state) {
shake256_inc_squeeze(output, outlen, state);
shake256_inc_squeeze(output, outlen, state);
}
/*************************************************
@ -103,11 +103,11 @@ void cshake128(uint8_t *output, size_t outlen,
const uint8_t *name, size_t namelen,
const uint8_t *cstm, size_t cstmlen,
const uint8_t *input, size_t inlen) {
shake128incctx state;
cshake128_inc_init(&state, name, namelen, cstm, cstmlen);
cshake128_inc_absorb(&state, input, inlen);
cshake128_inc_finalize(&state);
cshake128_inc_squeeze(output, outlen, &state);
shake128incctx state;
cshake128_inc_init(&state, name, namelen, cstm, cstmlen);
cshake128_inc_absorb(&state, input, inlen);
cshake128_inc_finalize(&state);
cshake128_inc_squeeze(output, outlen, &state);
}
/*************************************************
@ -128,9 +128,9 @@ void cshake256(uint8_t *output, size_t outlen,
const uint8_t *name, size_t namelen,
const uint8_t *cstm, size_t cstmlen,
const uint8_t *input, size_t inlen) {
shake256incctx state;
cshake256_inc_init(&state, name, namelen, cstm, cstmlen);
cshake256_inc_absorb(&state, input, inlen);
cshake256_inc_finalize(&state);
cshake256_inc_squeeze(output, outlen, &state);
shake256incctx state;
cshake256_inc_init(&state, name, namelen, cstm, cstmlen);
cshake256_inc_absorb(&state, input, inlen);
cshake256_inc_finalize(&state);
cshake256_inc_squeeze(output, outlen, &state);
}