Botan 3.5.0
Crypto and TLS for C&
cshake_xof.cpp
Go to the documentation of this file.
1/*
2 * cSHAKE-128 and cSHAKE-256 as XOFs
3 *
4 * (C) 2016-2023 Jack Lloyd
5 * 2022-2023 René Meusel - Rohde & Schwarz Cybersecurity
6 *
7 * Botan is released under the Simplified BSD License (see license.txt)
8 */
9
10#include <botan/internal/cshake_xof.h>
11
12#include <botan/exceptn.h>
13#include <botan/mem_ops.h>
14#include <botan/internal/keccak_helpers.h>
15#include <botan/internal/loadstor.h>
16
17namespace Botan {
18
19cSHAKE_XOF::cSHAKE_XOF(size_t capacity, std::vector<uint8_t> function_name) :
20 m_keccak(capacity, 0b00, 2), m_function_name(std::move(function_name)), m_output_generated(false) {
21 BOTAN_ASSERT_NOMSG(capacity == 256 || capacity == 512);
22}
23
24cSHAKE_XOF::cSHAKE_XOF(size_t capacity, std::span<const uint8_t> function_name) :
25 cSHAKE_XOF(capacity, std::vector<uint8_t>{function_name.begin(), function_name.end()}) {}
26
27cSHAKE_XOF::cSHAKE_XOF(size_t capacity, std::string_view function_name) :
28 cSHAKE_XOF(capacity,
29 std::vector<uint8_t>{cast_char_ptr_to_uint8(function_name.data()),
31
32void cSHAKE_XOF::reset() {
33 m_keccak.clear();
34 m_output_generated = false;
35}
36
37std::string cSHAKE_XOF::provider() const {
38 return m_keccak.provider();
39}
40
41size_t cSHAKE_XOF::block_size() const {
42 return m_keccak.byte_rate();
43}
44
45bool cSHAKE_XOF::valid_salt_length(size_t salt_length) const {
46 // NIST SP.800-185 Section 3.2
47 // When N and S are both empty strings, cSHAKE(X, L, N, S) is equivalent to
48 // SHAKE as defined in FIPS 202.
49 //
50 // We don't implement the fallback case where N and S are empty. Hence, if
51 // the function name N was defined as 'empty', a salt must be provided.
52 return m_function_name.size() + salt_length > 0;
53}
54
55void cSHAKE_XOF::start_msg(std::span<const uint8_t> salt, std::span<const uint8_t> key) {
56 BOTAN_STATE_CHECK(!m_output_generated);
57 BOTAN_ASSERT_NOMSG(key.empty());
58 keccak_absorb_padded_strings_encoding(*this, block_size(), m_function_name, salt);
59}
60
61void cSHAKE_XOF::add_data(std::span<const uint8_t> input) {
62 BOTAN_STATE_CHECK(!m_output_generated);
63 m_keccak.absorb(input);
64}
65
66void cSHAKE_XOF::generate_bytes(std::span<uint8_t> output) {
67 if(!m_output_generated) {
68 m_output_generated = true;
69 m_keccak.finish();
70 }
71
72 m_keccak.squeeze(output);
73}
74
75} // namespace Botan
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:59
#define BOTAN_STATE_CHECK(expr)
Definition assert.h:41
void squeeze(std::span< uint8_t > output)
Expand output data from the current Keccak state.
size_t byte_rate() const
Definition keccak_perm.h:55
std::string provider() const
void absorb(std::span< const uint8_t > input)
Absorb input data into the Keccak sponge.
void finish()
Add final padding (as provided in the constructor) and permute.
T output(size_t bytes)
Definition xof.h:155
size_t block_size() const final
cSHAKE_XOF(size_t capacity, std::vector< uint8_t > function_name)
const std::vector< uint8_t > & function_name() const
Definition cshake_xof.h:46
bool valid_salt_length(size_t salt_length) const final
std::string provider() const final
size_t keccak_absorb_padded_strings_encoding(T &sink, size_t padding_mod, Ts... byte_strings)
const uint8_t * cast_char_ptr_to_uint8(const char *s)
Definition mem_ops.h:273