jmg
/
ed448goldilocks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
159 Commits
2 Branches
1.6 MiB
 
 
 
 
 
Tree: a6b94cb600
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a6b94cb600'
${ noResults }
ed448goldilocks/include/shake.hxx

206 lines
6.2 KiB
Raw Blame History 

  1. /**

  2.  * @file shake.hxx

  3.  * @copyright

  4.  *   Based on CC0 code by David Leon Gil, 2015 \n

  5.  *   Copyright (c) 2015 Cryptography Research, Inc.  \n

  6.  *   Released under the MIT License.  See LICENSE.txt for license information.

  7.  * @author Mike Hamburg

  8.  * @brief SHA-3-n and SHAKE-n instances, C++ wrapper.

  9.  * @warning EXPERIMENTAL!  The names, parameter orders etc are likely to change.

  10.  */

  11. 

  12. #ifndef __SHAKE_HXX__

  13. #define __SHAKE_HXX__

  14. 

  15. #include "shake.h"

  16. #include <string>

  17. #include <sys/types.h>

  18. 

  19. /** @cond internal */

  20. #if __cplusplus >= 201103L

  21. #define DELETE = delete

  22. #define NOEXCEPT noexcept

  23. #define EXPLICIT_CON explicit

  24. #define GET_DATA(str) ((const unsigned char *)&(str)[0])

  25. #else

  26. #define DELETE

  27. #define NOEXCEPT throw()

  28. #define EXPLICIT_CON

  29. #define GET_DATA(str) ((const unsigned char *)((str).data()))

  30. #endif

  31. /** @endcond */

  32. 

  33. namespace decaf {

  34. 

  35. /** A Keccak sponge internal class */

  36. class KeccakSponge {

  37. protected:

  38.     /** The C-wrapper sponge state */

  39.     keccak_sponge_t sp;

  40. 

  41.     /** Initialize from parameters */

  42.     inline KeccakSponge(const struct kparams_s *params) NOEXCEPT { sponge_init(sp, params); }

  43.     

  44.     /** No initialization */

  45.     inline KeccakSponge(const NOINIT &) NOEXCEPT { }

  46. 

  47. public:

  48.     /** Destructor zeroizes state */

  49.     inline ~KeccakSponge() NOEXCEPT { sponge_destroy(sp); }

  50. };

  51. 

  52. /**

  53.  * Hash function derived from Keccak

  54.  * @todo throw exceptions when hash is misused.

  55.  */

  56. class KeccakHash : public KeccakSponge {

  57. protected:

  58.     /** Initialize from parameters */

  59.     inline KeccakHash(const kparams_s *params) NOEXCEPT : KeccakSponge(params) {}

  60.     

  61. public:

  62.     /** Add more data to running hash */

  63.     inline void update(const uint8_t *__restrict__ in, size_t len) { sha3_update(sp,in,len); }

  64. 

  65.     /** Add more data to running hash, C++ version. */

  66.     inline void update(const Block &s) { sha3_update(sp,s.data(),s.size()); }

  67.     

  68.     /** Add more data, stream version. */

  69.     inline KeccakHash &operator<<(const Block &s) { update(s); return *this; }

  70.     

  71.     /** Same as <<. */

  72.     inline KeccakHash &operator+=(const Block &s) { return *this << s; }

  73.     

  74.     /**

  75.      * @brief Output bytes from the sponge.

  76.      * @todo make this throw exceptions.

  77.      */

  78.     inline void output(TmpBuffer b) { sha3_output(sp,b.data(),b.size()); }

  79.     

  80.     /**

  81.      * @brief Output bytes from the sponge.

  82.      * @todo make this throw exceptions.

  83.      */

  84.     inline void output(Buffer &b) { sha3_output(sp,b.data(),b.size()); }

  85.     

  86.     /** @brief Output bytes from the sponge. */

  87.     inline SecureBuffer output(size_t len) {

  88.         SecureBuffer buffer(len);

  89.         sha3_output(sp,buffer,len);

  90.         return buffer;

  91.     }

  92.     

  93.     /** @brief Return the sponge's default output size. */

  94.     inline size_t default_output_size() const NOEXCEPT {

  95.         return sponge_default_output_bytes(sp);

  96.     }

  97.     

  98.     /** Output the default number of bytes. */

  99.     inline SecureBuffer output() {

  100.         return output(default_output_size());

  101.     }

  102. };

  103. 

  104. /** Fixed-output-length SHA3 */

  105. template<int bits> class SHA3 : public KeccakHash {

  106. private:

  107.     /** Get the parameter template block for this hash */

  108.     const struct kparams_s *get_params();

  109. public:

  110.     /** Initializer */

  111.     inline SHA3() NOEXCEPT : KeccakHash(get_params()) {}

  112. };

  113. 

  114. /** Variable-output-length SHAKE */

  115. template<int bits>

  116. class SHAKE : public KeccakHash {

  117. private:

  118.     /** Get the parameter template block for this hash */

  119.     const struct kparams_s *get_params();

  120. public:

  121.     /** Initializer */

  122.     inline SHAKE() NOEXCEPT : KeccakHash(get_params()) {}

  123. };

  124. 

  125. /** @cond internal */

  126. template<> const struct kparams_s *SHAKE<128>::get_params() { return &SHAKE128_params_s; }

  127. template<> const struct kparams_s *SHAKE<256>::get_params() { return &SHAKE256_params_s; }

  128. template<> const struct kparams_s *SHA3<224>::get_params() { return &SHA3_224_params_s; }

  129. template<> const struct kparams_s *SHA3<256>::get_params() { return &SHA3_256_params_s; }

  130. template<> const struct kparams_s *SHA3<384>::get_params() { return &SHA3_384_params_s; }

  131. template<> const struct kparams_s *SHA3<512>::get_params() { return &SHA3_512_params_s; }

  132. /** @endcond */

  133.     

  134. /** Sponge-based random-number generator */

  135. class SpongeRng : private KeccakSponge {

  136. public:

  137.     class RngException : public std::exception {

  138.     private:

  139.         const char *const what_;

  140.     public:

  141.         const int err_code;

  142.         const char *what() const NOEXCEPT { return what_; }

  143.         RngException(int err_code, const char *what_) NOEXCEPT : what_(what_), err_code(err_code) {}

  144.     };

  145.     

  146.     /** Initialize, deterministically by default, from block */

  147.     inline SpongeRng( const Block &in, bool deterministic = true )

  148.     : KeccakSponge((NOINIT())) {

  149.         spongerng_init_from_buffer(sp,in.data(),in.size(),deterministic);

  150.     }

  151.     

  152.     /** Initialize, non-deterministically by default, from C/C++ filename */

  153.     inline SpongeRng( const std::string &in = "/dev/urandom", size_t len = 32, bool deterministic = false )

  154.         throw(RngException)

  155.     : KeccakSponge((NOINIT())) {

  156.         int ret = spongerng_init_from_file(sp,in.c_str(),len,deterministic);

  157.         if (ret) {

  158.             throw RngException(ret, "Couldn't load from file");

  159.         }

  160.     }

  161.     

  162.     /** Read data to a buffer. */

  163.     inline void read(Buffer &buffer) { spongerng_next(sp,buffer.data(),buffer.size()); }

  164.     

  165.     /** Read data to a buffer. */

  166.     inline void read(TmpBuffer buffer) { read((Buffer &)buffer); }

  167.     

  168.     /** Read data to a C++ string 

  169.      * @warning TODO Future versions of this function may throw RngException if a

  170.      * nondeterministic RNG fails a reseed.

  171.      */

  172.     inline SecureBuffer read(size_t length) throw(std::bad_alloc) {

  173.         SecureBuffer out(length); read(out); return out;

  174.     }

  175.     

  176. private:

  177.     SpongeRng(const SpongeRng &) DELETE;

  178.     SpongeRng &operator=(const SpongeRng &) DELETE;

  179. };

  180. 

  181. /**@cond internal*/

  182. /* FIXME: multiple sizes */

  183. decaf<448>::Scalar::Scalar(SpongeRng &rng) {

  184.     *this = rng.read(SER_BYTES);

  185. }

  186. 

  187. decaf<448>::Point::Point(SpongeRng &rng, bool uniform) {

  188.     SecureBuffer buffer((uniform ? 2 : 1) * HASH_BYTES);

  189.     rng.read(buffer);

  190.     if (uniform) {

  191.         decaf_448_point_from_hash_uniform(p,buffer);

  192.     } else {

  193.         decaf_448_point_from_hash_nonuniform(p,buffer);

  194.     }

  195. }

  196. /**@endcond*/

  197.   

  198. } /* namespace decaf */

  199. 

  200. #undef NOEXCEPT

  201. #undef EXPLICIT_CON

  202. #undef GET_DATA

  203. #undef DELETE

  204. 

  205. #endif /* __SHAKE_HXX__ */