Import Keccak reference implementation version 3.2.
This commit is contained in:
commit
8a53c2438b
7 changed files with 547 additions and 0 deletions
2
.gitignore
vendored
Normal file
2
.gitignore
vendored
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
*.DS_Store
|
||||||
|
*.o
|
6
KeccakF-1600-int-set.h
Normal file
6
KeccakF-1600-int-set.h
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
#define ProvideFast576
|
||||||
|
#define ProvideFast832
|
||||||
|
#define ProvideFast1024
|
||||||
|
#define ProvideFast1088
|
||||||
|
#define ProvideFast1152
|
||||||
|
#define ProvideFast1344
|
46
KeccakF-1600-interface.h
Normal file
46
KeccakF-1600-interface.h
Normal file
|
@ -0,0 +1,46 @@
|
||||||
|
/*
|
||||||
|
The Keccak sponge function, designed by Guido Bertoni, Joan Daemen,
|
||||||
|
Michaël Peeters and Gilles Van Assche. For more information, feedback or
|
||||||
|
questions, please refer to our website: http://keccak.noekeon.org/
|
||||||
|
|
||||||
|
Implementation by the designers,
|
||||||
|
hereby denoted as "the implementer".
|
||||||
|
|
||||||
|
To the extent possible under law, the implementer has waived all copyright
|
||||||
|
and related or neighboring rights to the source code in this file.
|
||||||
|
http://creativecommons.org/publicdomain/zero/1.0/
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef _KeccakPermutationInterface_h_
|
||||||
|
#define _KeccakPermutationInterface_h_
|
||||||
|
|
||||||
|
#include "KeccakF-1600-int-set.h"
|
||||||
|
|
||||||
|
void KeccakInitialize( void );
|
||||||
|
void KeccakInitializeState(unsigned char *state);
|
||||||
|
void KeccakPermutation(unsigned char *state);
|
||||||
|
#ifdef ProvideFast576
|
||||||
|
void KeccakAbsorb576bits(unsigned char *state, const unsigned char *data);
|
||||||
|
#endif
|
||||||
|
#ifdef ProvideFast832
|
||||||
|
void KeccakAbsorb832bits(unsigned char *state, const unsigned char *data);
|
||||||
|
#endif
|
||||||
|
#ifdef ProvideFast1024
|
||||||
|
void KeccakAbsorb1024bits(unsigned char *state, const unsigned char *data);
|
||||||
|
#endif
|
||||||
|
#ifdef ProvideFast1088
|
||||||
|
void KeccakAbsorb1088bits(unsigned char *state, const unsigned char *data);
|
||||||
|
#endif
|
||||||
|
#ifdef ProvideFast1152
|
||||||
|
void KeccakAbsorb1152bits(unsigned char *state, const unsigned char *data);
|
||||||
|
#endif
|
||||||
|
#ifdef ProvideFast1344
|
||||||
|
void KeccakAbsorb1344bits(unsigned char *state, const unsigned char *data);
|
||||||
|
#endif
|
||||||
|
void KeccakAbsorb(unsigned char *state, const unsigned char *data, unsigned int laneCount);
|
||||||
|
#ifdef ProvideFast1024
|
||||||
|
void KeccakExtract1024bits(const unsigned char *state, unsigned char *data);
|
||||||
|
#endif
|
||||||
|
void KeccakExtract(const unsigned char *state, unsigned char *data, unsigned int laneCount);
|
||||||
|
|
||||||
|
#endif
|
81
KeccakNISTInterface.c
Normal file
81
KeccakNISTInterface.c
Normal file
|
@ -0,0 +1,81 @@
|
||||||
|
/*
|
||||||
|
The Keccak sponge function, designed by Guido Bertoni, Joan Daemen,
|
||||||
|
Michaël Peeters and Gilles Van Assche. For more information, feedback or
|
||||||
|
questions, please refer to our website: http://keccak.noekeon.org/
|
||||||
|
|
||||||
|
Implementation by the designers,
|
||||||
|
hereby denoted as "the implementer".
|
||||||
|
|
||||||
|
To the extent possible under law, the implementer has waived all copyright
|
||||||
|
and related or neighboring rights to the source code in this file.
|
||||||
|
http://creativecommons.org/publicdomain/zero/1.0/
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <string.h>
|
||||||
|
#include "KeccakNISTInterface.h"
|
||||||
|
#include "KeccakF-1600-interface.h"
|
||||||
|
|
||||||
|
HashReturn Init(hashState *state, int hashbitlen)
|
||||||
|
{
|
||||||
|
switch(hashbitlen) {
|
||||||
|
case 0: // Default parameters, arbitrary length output
|
||||||
|
InitSponge((spongeState*)state, 1024, 576);
|
||||||
|
break;
|
||||||
|
case 224:
|
||||||
|
InitSponge((spongeState*)state, 1152, 448);
|
||||||
|
break;
|
||||||
|
case 256:
|
||||||
|
InitSponge((spongeState*)state, 1088, 512);
|
||||||
|
break;
|
||||||
|
case 384:
|
||||||
|
InitSponge((spongeState*)state, 832, 768);
|
||||||
|
break;
|
||||||
|
case 512:
|
||||||
|
InitSponge((spongeState*)state, 576, 1024);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
return BAD_HASHLEN;
|
||||||
|
}
|
||||||
|
state->fixedOutputLength = hashbitlen;
|
||||||
|
return SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
|
HashReturn Update(hashState *state, const BitSequence *data, DataLength databitlen)
|
||||||
|
{
|
||||||
|
if ((databitlen % 8) == 0)
|
||||||
|
return Absorb((spongeState*)state, data, databitlen);
|
||||||
|
else {
|
||||||
|
HashReturn ret = Absorb((spongeState*)state, data, databitlen - (databitlen % 8));
|
||||||
|
if (ret == SUCCESS) {
|
||||||
|
unsigned char lastByte;
|
||||||
|
// Align the last partial byte to the least significant bits
|
||||||
|
lastByte = data[databitlen/8] >> (8 - (databitlen % 8));
|
||||||
|
return Absorb((spongeState*)state, &lastByte, databitlen % 8);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
HashReturn Final(hashState *state, BitSequence *hashval)
|
||||||
|
{
|
||||||
|
return Squeeze(state, hashval, state->fixedOutputLength);
|
||||||
|
}
|
||||||
|
|
||||||
|
HashReturn Hash(int hashbitlen, const BitSequence *data, DataLength databitlen, BitSequence *hashval)
|
||||||
|
{
|
||||||
|
hashState state;
|
||||||
|
HashReturn result;
|
||||||
|
|
||||||
|
if ((hashbitlen != 224) && (hashbitlen != 256) && (hashbitlen != 384) && (hashbitlen != 512))
|
||||||
|
return BAD_HASHLEN; // Only the four fixed output lengths available through this API
|
||||||
|
result = Init(&state, hashbitlen);
|
||||||
|
if (result != SUCCESS)
|
||||||
|
return result;
|
||||||
|
result = Update(&state, data, databitlen);
|
||||||
|
if (result != SUCCESS)
|
||||||
|
return result;
|
||||||
|
result = Final(&state, hashval);
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
70
KeccakNISTInterface.h
Normal file
70
KeccakNISTInterface.h
Normal file
|
@ -0,0 +1,70 @@
|
||||||
|
/*
|
||||||
|
The Keccak sponge function, designed by Guido Bertoni, Joan Daemen,
|
||||||
|
Michaël Peeters and Gilles Van Assche. For more information, feedback or
|
||||||
|
questions, please refer to our website: http://keccak.noekeon.org/
|
||||||
|
|
||||||
|
Implementation by the designers,
|
||||||
|
hereby denoted as "the implementer".
|
||||||
|
|
||||||
|
To the extent possible under law, the implementer has waived all copyright
|
||||||
|
and related or neighboring rights to the source code in this file.
|
||||||
|
http://creativecommons.org/publicdomain/zero/1.0/
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef _KeccakNISTInterface_h_
|
||||||
|
#define _KeccakNISTInterface_h_
|
||||||
|
|
||||||
|
#include "KeccakSponge.h"
|
||||||
|
|
||||||
|
typedef unsigned char BitSequence;
|
||||||
|
typedef unsigned long long DataLength;
|
||||||
|
typedef enum { SUCCESS = 0, FAIL = 1, BAD_HASHLEN = 2 } HashReturn;
|
||||||
|
|
||||||
|
typedef spongeState hashState;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Function to initialize the state of the Keccak[r, c] sponge function.
|
||||||
|
* The rate r and capacity c values are determined from @a hashbitlen.
|
||||||
|
* @param state Pointer to the state of the sponge function to be initialized.
|
||||||
|
* @param hashbitlen The desired number of output bits,
|
||||||
|
* or 0 for Keccak[] with default parameters
|
||||||
|
* and arbitrarily-long output.
|
||||||
|
* @pre The value of hashbitlen must be one of 0, 224, 256, 384 and 512.
|
||||||
|
* @return SUCCESS if successful, BAD_HASHLEN if the value of hashbitlen is incorrect.
|
||||||
|
*/
|
||||||
|
HashReturn Init(hashState *state, int hashbitlen);
|
||||||
|
/**
|
||||||
|
* Function to give input data for the sponge function to absorb.
|
||||||
|
* @param state Pointer to the state of the sponge function initialized by Init().
|
||||||
|
* @param data Pointer to the input data.
|
||||||
|
* When @a databitLen is not a multiple of 8, the last bits of data must be
|
||||||
|
* in the most significant bits of the last byte.
|
||||||
|
* @param databitLen The number of input bits provided in the input data.
|
||||||
|
* @pre In the previous call to Absorb(), databitLen was a multiple of 8.
|
||||||
|
* @return SUCCESS if successful, FAIL otherwise.
|
||||||
|
*/
|
||||||
|
HashReturn Update(hashState *state, const BitSequence *data, DataLength databitlen);
|
||||||
|
/**
|
||||||
|
* Function to squeeze output data from the sponge function.
|
||||||
|
* If @a hashbitlen was not 0 in the call to Init(), the number of output bits is equal to @a hashbitlen.
|
||||||
|
* If @a hashbitlen was 0 in the call to Init(), the output bits must be extracted using the Squeeze() function.
|
||||||
|
* @param state Pointer to the state of the sponge function initialized by Init().
|
||||||
|
* @param hashval Pointer to the buffer where to store the output data.
|
||||||
|
* @return SUCCESS if successful, FAIL otherwise.
|
||||||
|
*/
|
||||||
|
HashReturn Final(hashState *state, BitSequence *hashval);
|
||||||
|
/**
|
||||||
|
* Function to compute a hash using the Keccak[r, c] sponge function.
|
||||||
|
* The rate r and capacity c values are determined from @a hashbitlen.
|
||||||
|
* @param hashbitlen The desired number of output bits.
|
||||||
|
* @param data Pointer to the input data.
|
||||||
|
* When @a databitLen is not a multiple of 8, the last bits of data must be
|
||||||
|
* in the most significant bits of the last byte.
|
||||||
|
* @param databitLen The number of input bits provided in the input data.
|
||||||
|
* @param hashval Pointer to the buffer where to store the output data.
|
||||||
|
* @pre The value of hashbitlen must be one of 224, 256, 384 and 512.
|
||||||
|
* @return SUCCESS if successful, BAD_HASHLEN if the value of hashbitlen is incorrect.
|
||||||
|
*/
|
||||||
|
HashReturn Hash(int hashbitlen, const BitSequence *data, DataLength databitlen, BitSequence *hashval);
|
||||||
|
|
||||||
|
#endif
|
266
KeccakSponge.c
Normal file
266
KeccakSponge.c
Normal file
|
@ -0,0 +1,266 @@
|
||||||
|
/*
|
||||||
|
The Keccak sponge function, designed by Guido Bertoni, Joan Daemen,
|
||||||
|
Michaël Peeters and Gilles Van Assche. For more information, feedback or
|
||||||
|
questions, please refer to our website: http://keccak.noekeon.org/
|
||||||
|
|
||||||
|
Implementation by the designers,
|
||||||
|
hereby denoted as "the implementer".
|
||||||
|
|
||||||
|
To the extent possible under law, the implementer has waived all copyright
|
||||||
|
and related or neighboring rights to the source code in this file.
|
||||||
|
http://creativecommons.org/publicdomain/zero/1.0/
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <string.h>
|
||||||
|
#include "KeccakSponge.h"
|
||||||
|
#include "KeccakF-1600-interface.h"
|
||||||
|
#ifdef KeccakReference
|
||||||
|
#include "displayIntermediateValues.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
|
int InitSponge(spongeState *state, unsigned int rate, unsigned int capacity)
|
||||||
|
{
|
||||||
|
if (rate+capacity != 1600)
|
||||||
|
return 1;
|
||||||
|
if ((rate <= 0) || (rate >= 1600) || ((rate % 64) != 0))
|
||||||
|
return 1;
|
||||||
|
KeccakInitialize();
|
||||||
|
state->rate = rate;
|
||||||
|
state->capacity = capacity;
|
||||||
|
state->fixedOutputLength = 0;
|
||||||
|
KeccakInitializeState(state->state);
|
||||||
|
memset(state->dataQueue, 0, KeccakMaximumRateInBytes);
|
||||||
|
state->bitsInQueue = 0;
|
||||||
|
state->squeezing = 0;
|
||||||
|
state->bitsAvailableForSqueezing = 0;
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
void AbsorbQueue(spongeState *state)
|
||||||
|
{
|
||||||
|
// state->bitsInQueue is assumed to be equal to state->rate
|
||||||
|
#ifdef KeccakReference
|
||||||
|
displayBytes(1, "Block to be absorbed", state->dataQueue, state->rate/8);
|
||||||
|
#endif
|
||||||
|
#ifdef ProvideFast576
|
||||||
|
if (state->rate == 576)
|
||||||
|
KeccakAbsorb576bits(state->state, state->dataQueue);
|
||||||
|
else
|
||||||
|
#endif
|
||||||
|
#ifdef ProvideFast832
|
||||||
|
if (state->rate == 832)
|
||||||
|
KeccakAbsorb832bits(state->state, state->dataQueue);
|
||||||
|
else
|
||||||
|
#endif
|
||||||
|
#ifdef ProvideFast1024
|
||||||
|
if (state->rate == 1024)
|
||||||
|
KeccakAbsorb1024bits(state->state, state->dataQueue);
|
||||||
|
else
|
||||||
|
#endif
|
||||||
|
#ifdef ProvideFast1088
|
||||||
|
if (state->rate == 1088)
|
||||||
|
KeccakAbsorb1088bits(state->state, state->dataQueue);
|
||||||
|
else
|
||||||
|
#endif
|
||||||
|
#ifdef ProvideFast1152
|
||||||
|
if (state->rate == 1152)
|
||||||
|
KeccakAbsorb1152bits(state->state, state->dataQueue);
|
||||||
|
else
|
||||||
|
#endif
|
||||||
|
#ifdef ProvideFast1344
|
||||||
|
if (state->rate == 1344)
|
||||||
|
KeccakAbsorb1344bits(state->state, state->dataQueue);
|
||||||
|
else
|
||||||
|
#endif
|
||||||
|
KeccakAbsorb(state->state, state->dataQueue, state->rate/64);
|
||||||
|
state->bitsInQueue = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
int Absorb(spongeState *state, const unsigned char *data, unsigned long long databitlen)
|
||||||
|
{
|
||||||
|
unsigned long long i, j, wholeBlocks;
|
||||||
|
unsigned int partialBlock, partialByte;
|
||||||
|
const unsigned char *curData;
|
||||||
|
|
||||||
|
if ((state->bitsInQueue % 8) != 0)
|
||||||
|
return 1; // Only the last call may contain a partial byte
|
||||||
|
if (state->squeezing)
|
||||||
|
return 1; // Too late for additional input
|
||||||
|
|
||||||
|
i = 0;
|
||||||
|
while(i < databitlen) {
|
||||||
|
if ((state->bitsInQueue == 0) && (databitlen >= state->rate) && (i <= (databitlen-state->rate))) {
|
||||||
|
wholeBlocks = (databitlen-i)/state->rate;
|
||||||
|
curData = data+i/8;
|
||||||
|
#ifdef ProvideFast576
|
||||||
|
if (state->rate == 576) {
|
||||||
|
for(j=0; j<wholeBlocks; j++, curData+=576/8) {
|
||||||
|
#ifdef KeccakReference
|
||||||
|
displayBytes(1, "Block to be absorbed", curData, state->rate/8);
|
||||||
|
#endif
|
||||||
|
KeccakAbsorb576bits(state->state, curData);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif
|
||||||
|
#ifdef ProvideFast832
|
||||||
|
if (state->rate == 832) {
|
||||||
|
for(j=0; j<wholeBlocks; j++, curData+=832/8) {
|
||||||
|
#ifdef KeccakReference
|
||||||
|
displayBytes(1, "Block to be absorbed", curData, state->rate/8);
|
||||||
|
#endif
|
||||||
|
KeccakAbsorb832bits(state->state, curData);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif
|
||||||
|
#ifdef ProvideFast1024
|
||||||
|
if (state->rate == 1024) {
|
||||||
|
for(j=0; j<wholeBlocks; j++, curData+=1024/8) {
|
||||||
|
#ifdef KeccakReference
|
||||||
|
displayBytes(1, "Block to be absorbed", curData, state->rate/8);
|
||||||
|
#endif
|
||||||
|
KeccakAbsorb1024bits(state->state, curData);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif
|
||||||
|
#ifdef ProvideFast1088
|
||||||
|
if (state->rate == 1088) {
|
||||||
|
for(j=0; j<wholeBlocks; j++, curData+=1088/8) {
|
||||||
|
#ifdef KeccakReference
|
||||||
|
displayBytes(1, "Block to be absorbed", curData, state->rate/8);
|
||||||
|
#endif
|
||||||
|
KeccakAbsorb1088bits(state->state, curData);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif
|
||||||
|
#ifdef ProvideFast1152
|
||||||
|
if (state->rate == 1152) {
|
||||||
|
for(j=0; j<wholeBlocks; j++, curData+=1152/8) {
|
||||||
|
#ifdef KeccakReference
|
||||||
|
displayBytes(1, "Block to be absorbed", curData, state->rate/8);
|
||||||
|
#endif
|
||||||
|
KeccakAbsorb1152bits(state->state, curData);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif
|
||||||
|
#ifdef ProvideFast1344
|
||||||
|
if (state->rate == 1344) {
|
||||||
|
for(j=0; j<wholeBlocks; j++, curData+=1344/8) {
|
||||||
|
#ifdef KeccakReference
|
||||||
|
displayBytes(1, "Block to be absorbed", curData, state->rate/8);
|
||||||
|
#endif
|
||||||
|
KeccakAbsorb1344bits(state->state, curData);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif
|
||||||
|
{
|
||||||
|
for(j=0; j<wholeBlocks; j++, curData+=state->rate/8) {
|
||||||
|
#ifdef KeccakReference
|
||||||
|
displayBytes(1, "Block to be absorbed", curData, state->rate/8);
|
||||||
|
#endif
|
||||||
|
KeccakAbsorb(state->state, curData, state->rate/64);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
i += wholeBlocks*state->rate;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
partialBlock = (unsigned int)(databitlen - i);
|
||||||
|
if (partialBlock+state->bitsInQueue > state->rate)
|
||||||
|
partialBlock = state->rate-state->bitsInQueue;
|
||||||
|
partialByte = partialBlock % 8;
|
||||||
|
partialBlock -= partialByte;
|
||||||
|
memcpy(state->dataQueue+state->bitsInQueue/8, data+i/8, partialBlock/8);
|
||||||
|
state->bitsInQueue += partialBlock;
|
||||||
|
i += partialBlock;
|
||||||
|
if (state->bitsInQueue == state->rate)
|
||||||
|
AbsorbQueue(state);
|
||||||
|
if (partialByte > 0) {
|
||||||
|
unsigned char mask = (1 << partialByte)-1;
|
||||||
|
state->dataQueue[state->bitsInQueue/8] = data[i/8] & mask;
|
||||||
|
state->bitsInQueue += partialByte;
|
||||||
|
i += partialByte;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
void PadAndSwitchToSqueezingPhase(spongeState *state)
|
||||||
|
{
|
||||||
|
// Note: the bits are numbered from 0=LSB to 7=MSB
|
||||||
|
if (state->bitsInQueue + 1 == state->rate) {
|
||||||
|
state->dataQueue[state->bitsInQueue/8 ] |= 1 << (state->bitsInQueue % 8);
|
||||||
|
AbsorbQueue(state);
|
||||||
|
memset(state->dataQueue, 0, state->rate/8);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
memset(state->dataQueue + (state->bitsInQueue+7)/8, 0, state->rate/8 - (state->bitsInQueue+7)/8);
|
||||||
|
state->dataQueue[state->bitsInQueue/8 ] |= 1 << (state->bitsInQueue % 8);
|
||||||
|
}
|
||||||
|
state->dataQueue[(state->rate-1)/8] |= 1 << ((state->rate-1) % 8);
|
||||||
|
AbsorbQueue(state);
|
||||||
|
|
||||||
|
#ifdef KeccakReference
|
||||||
|
displayText(1, "--- Switching to squeezing phase ---");
|
||||||
|
#endif
|
||||||
|
#ifdef ProvideFast1024
|
||||||
|
if (state->rate == 1024) {
|
||||||
|
KeccakExtract1024bits(state->state, state->dataQueue);
|
||||||
|
state->bitsAvailableForSqueezing = 1024;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif
|
||||||
|
{
|
||||||
|
KeccakExtract(state->state, state->dataQueue, state->rate/64);
|
||||||
|
state->bitsAvailableForSqueezing = state->rate;
|
||||||
|
}
|
||||||
|
#ifdef KeccakReference
|
||||||
|
displayBytes(1, "Block available for squeezing", state->dataQueue, state->bitsAvailableForSqueezing/8);
|
||||||
|
#endif
|
||||||
|
state->squeezing = 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
int Squeeze(spongeState *state, unsigned char *output, unsigned long long outputLength)
|
||||||
|
{
|
||||||
|
unsigned long long i;
|
||||||
|
unsigned int partialBlock;
|
||||||
|
|
||||||
|
if (!state->squeezing)
|
||||||
|
PadAndSwitchToSqueezingPhase(state);
|
||||||
|
if ((outputLength % 8) != 0)
|
||||||
|
return 1; // Only multiple of 8 bits are allowed, truncation can be done at user level
|
||||||
|
|
||||||
|
i = 0;
|
||||||
|
while(i < outputLength) {
|
||||||
|
if (state->bitsAvailableForSqueezing == 0) {
|
||||||
|
KeccakPermutation(state->state);
|
||||||
|
#ifdef ProvideFast1024
|
||||||
|
if (state->rate == 1024) {
|
||||||
|
KeccakExtract1024bits(state->state, state->dataQueue);
|
||||||
|
state->bitsAvailableForSqueezing = 1024;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif
|
||||||
|
{
|
||||||
|
KeccakExtract(state->state, state->dataQueue, state->rate/64);
|
||||||
|
state->bitsAvailableForSqueezing = state->rate;
|
||||||
|
}
|
||||||
|
#ifdef KeccakReference
|
||||||
|
displayBytes(1, "Block available for squeezing", state->dataQueue, state->bitsAvailableForSqueezing/8);
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
partialBlock = state->bitsAvailableForSqueezing;
|
||||||
|
if ((unsigned long long)partialBlock > outputLength - i)
|
||||||
|
partialBlock = (unsigned int)(outputLength - i);
|
||||||
|
memcpy(output+i/8, state->dataQueue+(state->rate-state->bitsAvailableForSqueezing)/8, partialBlock/8);
|
||||||
|
state->bitsAvailableForSqueezing -= partialBlock;
|
||||||
|
i += partialBlock;
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
}
|
76
KeccakSponge.h
Normal file
76
KeccakSponge.h
Normal file
|
@ -0,0 +1,76 @@
|
||||||
|
/*
|
||||||
|
The Keccak sponge function, designed by Guido Bertoni, Joan Daemen,
|
||||||
|
Michaël Peeters and Gilles Van Assche. For more information, feedback or
|
||||||
|
questions, please refer to our website: http://keccak.noekeon.org/
|
||||||
|
|
||||||
|
Implementation by the designers,
|
||||||
|
hereby denoted as "the implementer".
|
||||||
|
|
||||||
|
To the extent possible under law, the implementer has waived all copyright
|
||||||
|
and related or neighboring rights to the source code in this file.
|
||||||
|
http://creativecommons.org/publicdomain/zero/1.0/
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef _KeccakSponge_h_
|
||||||
|
#define _KeccakSponge_h_
|
||||||
|
|
||||||
|
#define KeccakPermutationSize 1600
|
||||||
|
#define KeccakPermutationSizeInBytes (KeccakPermutationSize/8)
|
||||||
|
#define KeccakMaximumRate 1536
|
||||||
|
#define KeccakMaximumRateInBytes (KeccakMaximumRate/8)
|
||||||
|
|
||||||
|
#if defined(__GNUC__)
|
||||||
|
#define ALIGN __attribute__ ((aligned(32)))
|
||||||
|
#elif defined(_MSC_VER)
|
||||||
|
#define ALIGN __declspec(align(32))
|
||||||
|
#else
|
||||||
|
#define ALIGN
|
||||||
|
#endif
|
||||||
|
|
||||||
|
ALIGN typedef struct spongeStateStruct {
|
||||||
|
ALIGN unsigned char state[KeccakPermutationSizeInBytes];
|
||||||
|
ALIGN unsigned char dataQueue[KeccakMaximumRateInBytes];
|
||||||
|
unsigned int rate;
|
||||||
|
unsigned int capacity;
|
||||||
|
unsigned int bitsInQueue;
|
||||||
|
unsigned int fixedOutputLength;
|
||||||
|
int squeezing;
|
||||||
|
unsigned int bitsAvailableForSqueezing;
|
||||||
|
} spongeState;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Function to initialize the state of the Keccak[r, c] sponge function.
|
||||||
|
* The sponge function is set to the absorbing phase.
|
||||||
|
* @param state Pointer to the state of the sponge function to be initialized.
|
||||||
|
* @param rate The value of the rate r.
|
||||||
|
* @param capacity The value of the capacity c.
|
||||||
|
* @pre One must have r+c=1600 and the rate a multiple of 64 bits in this implementation.
|
||||||
|
* @return Zero if successful, 1 otherwise.
|
||||||
|
*/
|
||||||
|
int InitSponge(spongeState *state, unsigned int rate, unsigned int capacity);
|
||||||
|
/**
|
||||||
|
* Function to give input data for the sponge function to absorb.
|
||||||
|
* @param state Pointer to the state of the sponge function initialized by InitSponge().
|
||||||
|
* @param data Pointer to the input data.
|
||||||
|
* When @a databitLen is not a multiple of 8, the last bits of data must be
|
||||||
|
* in the least significant bits of the last byte.
|
||||||
|
* @param databitLen The number of input bits provided in the input data.
|
||||||
|
* @pre In the previous call to Absorb(), databitLen was a multiple of 8.
|
||||||
|
* @pre The sponge function must be in the absorbing phase,
|
||||||
|
* i.e., Squeeze() must not have been called before.
|
||||||
|
* @return Zero if successful, 1 otherwise.
|
||||||
|
*/
|
||||||
|
int Absorb(spongeState *state, const unsigned char *data, unsigned long long databitlen);
|
||||||
|
/**
|
||||||
|
* Function to squeeze output data from the sponge function.
|
||||||
|
* If the sponge function was in the absorbing phase, this function
|
||||||
|
* switches it to the squeezing phase.
|
||||||
|
* @param state Pointer to the state of the sponge function initialized by InitSponge().
|
||||||
|
* @param output Pointer to the buffer where to store the output data.
|
||||||
|
* @param outputLength The number of output bits desired.
|
||||||
|
* It must be a multiple of 8.
|
||||||
|
* @return Zero if successful, 1 otherwise.
|
||||||
|
*/
|
||||||
|
int Squeeze(spongeState *state, unsigned char *output, unsigned long long outputLength);
|
||||||
|
|
||||||
|
#endif
|
Loading…
Reference in a new issue