Botan 2.19.3
Crypto and TLS for C&
shake_cipher.cpp
Go to the documentation of this file.
1/*
2* SHAKE-128
3* (C) 2016 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/shake_cipher.h>
9#include <botan/exceptn.h>
10#include <botan/sha3.h>
11#include <botan/loadstor.h>
12
13namespace Botan {
14
16 m_buf_pos(0)
17 {}
18
19void SHAKE_128_Cipher::cipher(const uint8_t in[], uint8_t out[], size_t length)
20 {
21 const size_t SHAKE_128_BYTERATE = (1600-256)/8;
22
23 verify_key_set(m_state.empty() == false);
24
25 while(length >= SHAKE_128_BYTERATE - m_buf_pos)
26 {
27 xor_buf(out, in, &m_buffer[m_buf_pos], SHAKE_128_BYTERATE - m_buf_pos);
28 length -= (SHAKE_128_BYTERATE - m_buf_pos);
29 in += (SHAKE_128_BYTERATE - m_buf_pos);
30 out += (SHAKE_128_BYTERATE - m_buf_pos);
31
32 SHA_3::permute(m_state.data());
33 copy_out_le(m_buffer.data(), SHAKE_128_BYTERATE, m_state.data());
34
35 m_buf_pos = 0;
36 }
37 xor_buf(out, in, &m_buffer[m_buf_pos], length);
38 m_buf_pos += length;
39 }
40
41void SHAKE_128_Cipher::key_schedule(const uint8_t key[], size_t length)
42 {
43 const size_t SHAKE_128_BITRATE = (1600-256);
44 m_state.resize(25);
45 m_buffer.resize(SHAKE_128_BITRATE/8);
46 zeroise(m_state);
47
48 const size_t S_pos = SHA_3::absorb(SHAKE_128_BITRATE, m_state, 0, key, length);
49 SHA_3::finish(SHAKE_128_BITRATE, m_state, S_pos, 0x1F, 0x80);
50 copy_out_le(m_buffer.data(), m_buffer.size(), m_state.data());
51 }
52
54 {
55 zap(m_state);
56 zap(m_buffer);
57 m_buf_pos = 0;
58 }
59
60void SHAKE_128_Cipher::set_iv(const uint8_t[], size_t length)
61 {
62 /*
63 * This could be supported in some way (say, by treating iv as
64 * a prefix or suffix of the key).
65 */
66 if(length != 0)
67 throw Invalid_IV_Length(name(), length);
68 }
69
71 {
72 throw Not_Implemented("SHAKE_128_Cipher::seek");
73 }
74
79
80std::string SHAKE_128_Cipher::name() const
81 {
82 return "SHAKE-128";
83 }
84
86 {
87 return new SHAKE_128_Cipher;
88 }
89
90}
void set_iv(const uint8_t iv[], size_t iv_len) override
StreamCipher * clone() const override
void cipher(const uint8_t in[], uint8_t out[], size_t length) override
void seek(uint64_t offset) override
Key_Length_Specification key_spec() const override
std::string name() const override
static void permute(uint64_t A[25])
Definition sha3.cpp:17
static void finish(size_t bitrate, secure_vector< uint64_t > &S, size_t S_pos, uint8_t init_pad, uint8_t fini_pad)
Definition sha3.cpp:94
static size_t absorb(size_t bitrate, secure_vector< uint64_t > &S, size_t S_pos, const uint8_t input[], size_t length)
Definition sha3.cpp:47
void verify_key_set(bool cond) const
Definition sym_algo.h:171
void zeroise(std::vector< T, Alloc > &vec)
Definition secmem.h:114
void copy_out_le(uint8_t out[], size_t out_bytes, const T in[])
Definition loadstor.h:679
void zap(std::vector< T, Alloc > &vec)
Definition secmem.h:124
void xor_buf(uint8_t out[], const uint8_t in[], size_t length)
Definition mem_ops.h:262