doxygen/cshake__xof_8cpp_source.html

/*

 * cSHAKE-128 and cSHAKE-256 as XOFs

 *

 * (C) 2016-2023 Jack Lloyd

 *     2022-2023 René Meusel - Rohde & Schwarz Cybersecurity

 *

 * Botan is released under the Simplified BSD License (see license.txt)

 */


#include <botan/internal/cshake_xof.h>


#include <botan/internal/keccak_helpers.h>

#include <botan/internal/mem_utils.h>


namespace Botan {


cSHAKE_XOF::cSHAKE_XOF(size_t capacity, std::vector<uint8_t> function_name) :

      m_keccak({.capacity_bits = capacity, .padding = KeccakPadding::cshake()}),

      m_function_name(std::move(function_name)),

      m_output_generated(false) {

   BOTAN_ASSERT_NOMSG(capacity == 256 || capacity == 512);

}


cSHAKE_XOF::cSHAKE_XOF(size_t capacity, std::span<const uint8_t> function_name) :

      cSHAKE_XOF(capacity, std::vector<uint8_t>{function_name.begin(), function_name.end()}) {}


cSHAKE_XOF::cSHAKE_XOF(size_t capacity, std::string_view function_name) :

      cSHAKE_XOF(capacity, as_span_of_bytes(function_name)) {}


void cSHAKE_XOF::reset() {

   m_keccak.clear();

   m_output_generated = false;

}


std::string cSHAKE_XOF::provider() const {

   return m_keccak.provider();

}


size_t cSHAKE_XOF::block_size() const {

   return m_keccak.byte_rate();

}


bool cSHAKE_XOF::valid_salt_length(size_t salt_length) const {

   // NIST SP.800-185 Section 3.2

   //     When N and S are both empty strings, cSHAKE(X, L, N, S) is equivalent to

   //     SHAKE as defined in FIPS 202.

   //

   // We don't implement the fallback case where N and S are empty. Hence, if

   // the function name N was defined as 'empty', a salt must be provided.

   return m_function_name.size() + salt_length > 0;

}


void cSHAKE_XOF::start_msg(std::span<const uint8_t> salt, std::span<const uint8_t> key) {

   BOTAN_STATE_CHECK(!m_output_generated);

   BOTAN_ASSERT_NOMSG(key.empty());

   keccak_absorb_padded_strings_encoding(*this, block_size(), m_function_name, salt);

}


void cSHAKE_XOF::add_data(std::span<const uint8_t> input) {

   BOTAN_STATE_CHECK(!m_output_generated);

   m_keccak.absorb(input);

}


void cSHAKE_XOF::generate_bytes(std::span<uint8_t> output) {

   if(!m_output_generated) {

      m_output_generated = true;

      m_keccak.finish();

   }


   m_keccak.squeeze(output);

}


}  // namespace Botan

BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:75

BOTAN_STATE_CHECK
#define BOTAN_STATE_CHECK(expr)
Definition assert.h:49

Botan::Keccak_Permutation::clear
void clear()
Definition keccak_perm.cpp:33

Botan::Keccak_Permutation::absorb
void absorb(std::span< const uint8_t > input)
Absorb input data into the Keccak sponge.
Definition keccak_perm.cpp:38

Botan::XOF::output
T output(size_t bytes)
Definition xof.h:153

Botan::cSHAKE_XOF::block_size
size_t block_size() const final
Definition cshake_xof.cpp:39

Botan::cSHAKE_XOF::cSHAKE_XOF
cSHAKE_XOF(size_t capacity, std::vector< uint8_t > function_name)
Definition cshake_xof.cpp:17

Botan::cSHAKE_XOF::function_name
const std::vector< uint8_t > & function_name() const
Definition cshake_xof.h:46

Botan::cSHAKE_XOF::valid_salt_length
bool valid_salt_length(size_t salt_length) const final
Definition cshake_xof.cpp:43

Botan::cSHAKE_XOF::provider
std::string provider() const final
Definition cshake_xof.cpp:35

Botan
Definition alg_id.cpp:13

Botan::as_span_of_bytes
std::span< const uint8_t > as_span_of_bytes(const char *s, size_t len)
Definition mem_utils.h:28

Botan::keccak_absorb_padded_strings_encoding
size_t keccak_absorb_padded_strings_encoding(T &sink, size_t padding_mod, Ts... byte_strings)
Definition keccak_helpers.h:91

Botan::KeccakPadding::cshake
static constexpr KeccakPadding cshake()
NIST SP.800-185 Section 3.3.
Definition keccak_perm.h:30