doxygen/shake__cipher_8cpp_source.html

/*

 * SHAKE-128 and SHAKE-256

 * (C) 2016 Jack Lloyd

 *     2022 René Meusel, Michael Boric - Rohde & Schwarz Cybersecurity

 *

 * Botan is released under the Simplified BSD License (see license.txt)

 */


#include <botan/internal/shake_cipher.h>


#include <botan/exceptn.h>

#include <botan/mem_ops.h>


namespace Botan {


SHAKE_Cipher::SHAKE_Cipher(size_t keccak_capacity) :

      m_keccak(keccak_capacity, 0xF, 4),

      m_has_keying_material(false),

      m_keystream_buffer(buffer_size()),

      m_bytes_generated(0) {}


void SHAKE_Cipher::set_iv_bytes(const uint8_t /*iv*/[], size_t length) {

   /*

   * This could be supported in some way (say, by treating iv as

   * a prefix or suffix of the key).

   */

   if(length != 0) {

      throw Invalid_IV_Length(name(), length);

   }

}


void SHAKE_Cipher::seek(uint64_t /*offset*/) {

   throw Not_Implemented("SHAKE_Cipher::seek");

}


void SHAKE_Cipher::clear() {

   m_keccak.clear();

   m_has_keying_material = false;

   zeroise(m_keystream_buffer);

   m_bytes_generated = 0;

}


void SHAKE_Cipher::cipher_bytes(const uint8_t in[], uint8_t out[], size_t length) {

   assert_key_material_set();


   const auto block_size = m_keystream_buffer.size();


   auto cipher_some = [&](size_t bytes) {

      if(bytes > 0) {

         BOTAN_ASSERT_NOMSG(bytes <= block_size);

         BOTAN_ASSERT_NOMSG(bytes <= length);

         generate_keystream_internal(std::span(m_keystream_buffer).first(bytes));

         xor_buf(out, m_keystream_buffer.data(), in, bytes);

         out += bytes;

         in += bytes;

         length -= bytes;

      }

   };


   // Bring us back into alignment with the XOF's underlying blocks

   if(length > block_size) {

      const auto bytes_to_alignment = block_size - m_bytes_generated % block_size;

      cipher_some(bytes_to_alignment);

   }


   // Consume the XOF's output stream block-wise as long as we can

   while(length >= block_size) {

      cipher_some(block_size);

   }


   // Process remaining data, potentially causing misalignment

   cipher_some(length);

}


void SHAKE_Cipher::generate_keystream(uint8_t out[], size_t length) {

   assert_key_material_set();

   generate_keystream_internal({out, length});

}


void SHAKE_Cipher::generate_keystream_internal(std::span<uint8_t> out) {

   m_keccak.squeeze(out);

   m_bytes_generated += out.size();

}


void SHAKE_Cipher::key_schedule(std::span<const uint8_t> key) {

   clear();

   m_keccak.absorb(key);

   m_keccak.finish();

   m_has_keying_material = true;

}


Key_Length_Specification SHAKE_Cipher::key_spec() const {

   return Key_Length_Specification(1, 160);

}


SHAKE_128_Cipher::SHAKE_128_Cipher() : SHAKE_Cipher(256) {}


SHAKE_256_Cipher::SHAKE_256_Cipher() : SHAKE_Cipher(512) {}


}  // namespace Botan

BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:59

Botan::Invalid_IV_Length
Definition exceptn.h:163

Botan::Keccak_Permutation::squeeze
void squeeze(std::span< uint8_t > output)
Expand output data from the current Keccak state.
Definition keccak_perm.cpp:80

Botan::Keccak_Permutation::clear
void clear()
Definition keccak_perm.cpp:42

Botan::Keccak_Permutation::absorb
void absorb(std::span< const uint8_t > input)
Absorb input data into the Keccak sponge.
Definition keccak_perm.cpp:48

Botan::Keccak_Permutation::finish
void finish()
Add final padding (as provided in the constructor) and permute.
Definition keccak_perm.cpp:112

Botan::Key_Length_Specification
Definition sym_algo.h:21

Botan::Not_Implemented
Definition exceptn.h:334

Botan::SHAKE_128_Cipher::SHAKE_128_Cipher
SHAKE_128_Cipher()
Definition shake_cipher.cpp:96

Botan::SHAKE_256_Cipher::SHAKE_256_Cipher
SHAKE_256_Cipher()
Definition shake_cipher.cpp:98

Botan::SHAKE_Cipher
Definition shake_cipher.h:20

Botan::SHAKE_Cipher::clear
void clear() final
Definition shake_cipher.cpp:36

Botan::SHAKE_Cipher::key_spec
Key_Length_Specification key_spec() const final
Definition shake_cipher.cpp:92

Botan::SHAKE_Cipher::SHAKE_Cipher
SHAKE_Cipher(size_t keccak_capacity)
Definition shake_cipher.cpp:16

Botan::SHAKE_Cipher::seek
void seek(uint64_t offset) final
Definition shake_cipher.cpp:32

Botan::SymmetricAlgorithm::name
virtual std::string name() const =0

Botan::SymmetricAlgorithm::assert_key_material_set
void assert_key_material_set() const
Definition sym_algo.h:139

Botan
Definition alg_id.cpp:13

Botan::zeroise
void zeroise(std::vector< T, Alloc > &vec)
Definition secmem.h:108

Botan::xor_buf
constexpr void xor_buf(ranges::contiguous_output_range< uint8_t > auto &&out, ranges::contiguous_range< uint8_t > auto &&in)
Definition mem_ops.h:343