Add SHAKE-128 and SHAKE-256 as hash functions

author: Jack Lloyd <[email protected]> 2016-11-10 13:25:10 -0500
committer: Jack Lloyd <[email protected]> 2016-11-10 13:25:10 -0500
commit: b7ae8043e963467eb222a44f48d66a1df36d9371 (patch)
tree: f5ec4059e21d874404c60595568a4a3d4d7305c9 /src/lib/hash/sha3
parent: e6bf87b6b0d4d9c3877b79de53de58dc34a3acca (diff)
2 files changed, 76 insertions, 34 deletions
diff --git a/src/lib/hash/sha3/sha3.cpp b/src/lib/hash/sha3/sha3.cpp
index 3897f0588..2361d7d5b 100644
--- a/src/lib/hash/sha3/sha3.cpp
+++ b/src/lib/hash/sha3/sha3.cpp
@@ -109,16 +109,6 @@ SHA_3::SHA_3(size_t output_bits) :
                              std::to_string(output_bits));
    }
 
-SHA_3::SHA_3(size_t output_bits, size_t capacity) :
-   m_output_bits(output_bits),
-   m_bitrate(1600 - capacity),
-   m_S(25),
-   m_S_pos(0)
-   {
-   if(capacity == 0 || capacity >= 1600)
-      throw Invalid_Argument("Impossible SHA-3 capacity specified");
-   }
-
 std::string SHA_3::name() const
    {
    return "SHA-3(" + std::to_string(m_output_bits) + ")";
@@ -135,49 +125,84 @@ void SHA_3::clear()
    m_S_pos = 0;
    }
 
-void SHA_3::add_data(const byte input[], size_t length)
+//static
+size_t SHA_3::absorb(size_t bitrate,
+                     secure_vector<uint64_t>& S, size_t S_pos,
+                     const byte input[], size_t length)
    {
-   if(length == 0)
-      return;
-
-   while(length)
+   while(length > 0)
       {
-      size_t to_take = std::min(length, m_bitrate / 8 - m_S_pos);
+      size_t to_take = std::min(length, bitrate / 8 - S_pos);
 
       length -= to_take;
 
-      while(to_take && m_S_pos % 8)
+      while(to_take && S_pos % 8)
          {
-         m_S[m_S_pos / 8] ^= static_cast<u64bit>(input[0]) << (8 * (m_S_pos % 8));
+         S[S_pos / 8] ^= static_cast<u64bit>(input[0]) << (8 * (S_pos % 8));
 
-         ++m_S_pos;
+         ++S_pos;
          ++input;
          --to_take;
          }
 
       while(to_take && to_take % 8 == 0)
          {
-         m_S[m_S_pos / 8] ^= load_le<u64bit>(input, 0);
-         m_S_pos += 8;
+         S[S_pos / 8] ^= load_le<u64bit>(input, 0);
+         S_pos += 8;
          input += 8;
          to_take -= 8;
          }
 
       while(to_take)
          {
-         m_S[m_S_pos / 8] ^= static_cast<u64bit>(input[0]) << (8 * (m_S_pos % 8));
+         S[S_pos / 8] ^= static_cast<u64bit>(input[0]) << (8 * (S_pos % 8));
 
-         ++m_S_pos;
+         ++S_pos;
          ++input;
          --to_take;
          }
 
-      if(m_S_pos == m_bitrate / 8)
+      if(S_pos == bitrate / 8)
          {
-         SHA_3::permute(m_S.data());
-         m_S_pos = 0;
+         SHA_3::permute(S.data());
+         S_pos = 0;
          }
       }
+
+   return S_pos;
+   }
+
+//static
+void SHA_3::expand(size_t bitrate,
+                   secure_vector<uint64_t>& S,
+                   byte output[], size_t output_length)
+   {
+   BOTAN_ARG_CHECK(bitrate % 8 == 0);
+
+   size_t Si = 0;
+
+   for(size_t i = 0; i != output_length; ++i)
+      {
+      if(i > 0)
+         {
+         if(i % (bitrate / 8) == 0)
+            {
+            SHA_3::permute(S.data());
+            Si = 0;
+            }
+         else if(i % 8 == 0)
+            {
+            Si += 1;
+            }
+         }
+
+      output[i] = get_byte(7 - (i % 8), S[Si]);
+      }
+   }
+
+void SHA_3::add_data(const byte input[], size_t length)
+   {
+   m_S_pos = SHA_3::absorb(m_bitrate, m_S, m_S_pos, input, length);
    }
 
 void SHA_3::final_result(byte output[])
diff --git a/src/lib/hash/sha3/sha3.h b/src/lib/hash/sha3/sha3.h
index c877bd938..649aa12fd 100644
--- a/src/lib/hash/sha3/sha3.h
+++ b/src/lib/hash/sha3/sha3.h
@@ -27,14 +27,6 @@ class BOTAN_DLL SHA_3 : public HashFunction
       */
       SHA_3(size_t output_bits);
 
-      /**
-      * @param output_bits the size of the hash output; must be a
-      * multiple of 8 (ie, byte-wide outputs)
-      * @param capacity the capacity of the spong, normally always
-      * 2*output_bits with SHA-3.
-      */
-      SHA_3(size_t output_bits, size_t capacity);
-
       size_t hash_block_size() const override { return m_bitrate / 8; }
       size_t output_length() const override { return m_output_bits / 8; }
 
@@ -42,6 +34,31 @@ class BOTAN_DLL SHA_3 : public HashFunction
       std::string name() const override;
       void clear() override;
 
+      // Static functions for internal usage
+
+      /**
+      * Absorb data into the provided state
+      * @param bitrate the bitrate to absorb into the sponge
+      * @param S the sponge state
+      * @param S_pos where to begin absorbing into S
+      * @param input the input data
+      * @param length size of input in bytes
+      */
+      static size_t absorb(size_t bitrate,
+                           secure_vector<uint64_t>& S, size_t S_pos,
+                           const byte input[], size_t length);
+
+      /**
+      * Expand from provided state
+      * @param bitrate sponge parameter
+      * @param S the state
+      * @param output the output buffer
+      * @param output_length the size of output in bytes
+      */
+      static void expand(size_t bitrate,
+                         secure_vector<uint64_t>& S,
+                         byte output[], size_t output_length);
+
       /**
       * The bare Keccak-1600 permutation
       */
author	Jack Lloyd <[email protected]>	2016-11-10 13:25:10 -0500
committer	Jack Lloyd <[email protected]>	2016-11-10 13:25:10 -0500
commit	b7ae8043e963467eb222a44f48d66a1df36d9371 (patch)
tree	f5ec4059e21d874404c60595568a4a3d4d7305c9 /src/lib/hash/sha3
parent	e6bf87b6b0d4d9c3877b79de53de58dc34a3acca (diff)