Botan 3.9.0
Crypto and TLS for C&
cshake_xof.cpp
Go to the documentation of this file.
1/*
2 * cSHAKE-128 and cSHAKE-256 as XOFs
3 *
4 * (C) 2016-2023 Jack Lloyd
5 * 2022-2023 René Meusel - Rohde & Schwarz Cybersecurity
6 *
7 * Botan is released under the Simplified BSD License (see license.txt)
8 */
9
10#include <botan/internal/cshake_xof.h>
11
12#include <botan/exceptn.h>
13#include <botan/mem_ops.h>
14#include <botan/internal/keccak_helpers.h>
15#include <botan/internal/loadstor.h>
16#include <botan/internal/mem_utils.h>
17
18namespace Botan {
19
20cSHAKE_XOF::cSHAKE_XOF(size_t capacity, std::vector<uint8_t> function_name) :
21 m_keccak(capacity, 0b00, 2), m_function_name(std::move(function_name)), m_output_generated(false) {
22 BOTAN_ASSERT_NOMSG(capacity == 256 || capacity == 512);
23}
24
25cSHAKE_XOF::cSHAKE_XOF(size_t capacity, std::span<const uint8_t> function_name) :
26 cSHAKE_XOF(capacity, std::vector<uint8_t>{function_name.begin(), function_name.end()}) {}
27
28cSHAKE_XOF::cSHAKE_XOF(size_t capacity, std::string_view function_name) :
30
31void cSHAKE_XOF::reset() {
32 m_keccak.clear();
33 m_output_generated = false;
34}
35
36std::string cSHAKE_XOF::provider() const {
37 return m_keccak.provider();
38}
39
40size_t cSHAKE_XOF::block_size() const {
41 return m_keccak.byte_rate();
42}
43
44bool cSHAKE_XOF::valid_salt_length(size_t salt_length) const {
45 // NIST SP.800-185 Section 3.2
46 // When N and S are both empty strings, cSHAKE(X, L, N, S) is equivalent to
47 // SHAKE as defined in FIPS 202.
48 //
49 // We don't implement the fallback case where N and S are empty. Hence, if
50 // the function name N was defined as 'empty', a salt must be provided.
51 return m_function_name.size() + salt_length > 0;
52}
53
54void cSHAKE_XOF::start_msg(std::span<const uint8_t> salt, std::span<const uint8_t> key) {
55 BOTAN_STATE_CHECK(!m_output_generated);
56 BOTAN_ASSERT_NOMSG(key.empty());
57 keccak_absorb_padded_strings_encoding(*this, block_size(), m_function_name, salt);
58}
59
60void cSHAKE_XOF::add_data(std::span<const uint8_t> input) {
61 BOTAN_STATE_CHECK(!m_output_generated);
62 m_keccak.absorb(input);
63}
64
65void cSHAKE_XOF::generate_bytes(std::span<uint8_t> output) {
66 if(!m_output_generated) {
67 m_output_generated = true;
68 m_keccak.finish();
69 }
70
71 m_keccak.squeeze(output);
72}
73
74} // namespace Botan
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:75
#define BOTAN_STATE_CHECK(expr)
Definition assert.h:49
void absorb(std::span< const uint8_t > input)
Absorb input data into the Keccak sponge.
T output(size_t bytes)
Definition xof.h:153
size_t block_size() const final
cSHAKE_XOF(size_t capacity, std::vector< uint8_t > function_name)
const std::vector< uint8_t > & function_name() const
Definition cshake_xof.h:46
bool valid_salt_length(size_t salt_length) const final
std::string provider() const final
std::span< const uint8_t > as_span_of_bytes(const char *s, size_t len)
Definition mem_utils.h:28
size_t keccak_absorb_padded_strings_encoding(T &sink, size_t padding_mod, Ts... byte_strings)