Botan  2.13.0
Crypto and TLS for C++11
shake_cipher.cpp
Go to the documentation of this file.
1 /*
2 * SHAKE-128
3 * (C) 2016 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #include <botan/shake_cipher.h>
9 #include <botan/exceptn.h>
10 #include <botan/sha3.h>
11 #include <botan/loadstor.h>
12 
13 namespace Botan {
14 
16  m_buf_pos(0)
17  {}
18 
19 void SHAKE_128_Cipher::cipher(const uint8_t in[], uint8_t out[], size_t length)
20  {
21  const size_t SHAKE_128_BYTERATE = (1600-256)/8;
22 
23  verify_key_set(m_state.empty() == false);
24 
25  while(length >= SHAKE_128_BYTERATE - m_buf_pos)
26  {
27  xor_buf(out, in, &m_buffer[m_buf_pos], SHAKE_128_BYTERATE - m_buf_pos);
28  length -= (SHAKE_128_BYTERATE - m_buf_pos);
29  in += (SHAKE_128_BYTERATE - m_buf_pos);
30  out += (SHAKE_128_BYTERATE - m_buf_pos);
31 
32  SHA_3::permute(m_state.data());
33  copy_out_le(m_buffer.data(), SHAKE_128_BYTERATE, m_state.data());
34 
35  m_buf_pos = 0;
36  }
37  xor_buf(out, in, &m_buffer[m_buf_pos], length);
38  m_buf_pos += length;
39  }
40 
41 void SHAKE_128_Cipher::key_schedule(const uint8_t key[], size_t length)
42  {
43  const size_t SHAKE_128_BITRATE = (1600-256);
44  m_state.resize(25);
45  m_buffer.resize(SHAKE_128_BITRATE/8);
46  zeroise(m_state);
47 
48  const size_t S_pos = SHA_3::absorb(SHAKE_128_BITRATE, m_state, 0, key, length);
49  SHA_3::finish(SHAKE_128_BITRATE, m_state, S_pos, 0x1F, 0x80);
50  copy_out_le(m_buffer.data(), m_buffer.size(), m_state.data());
51  }
52 
54  {
55  zap(m_state);
56  zap(m_buffer);
57  m_buf_pos = 0;
58  }
59 
60 void SHAKE_128_Cipher::set_iv(const uint8_t[], size_t length)
61  {
62  /*
63  * This could be supported in some way (say, by treating iv as
64  * a prefix or suffix of the key).
65  */
66  if(length != 0)
67  throw Invalid_IV_Length(name(), length);
68  }
69 
70 void SHAKE_128_Cipher::seek(uint64_t)
71  {
72  throw Not_Implemented("SHAKE_128_Cipher::seek");
73  }
74 
76  {
77  return Key_Length_Specification(1, 160);
78  }
79 
80 std::string SHAKE_128_Cipher::name() const
81  {
82  return "SHAKE-128";
83  }
84 
86  {
87  return new SHAKE_128_Cipher;
88  }
89 
90 }
void cipher(const uint8_t in[], uint8_t out[], size_t length) override
Key_Length_Specification key_spec() const override
void verify_key_set(bool cond) const
Definition: sym_algo.h:89
static void finish(size_t bitrate, secure_vector< uint64_t > &S, size_t S_pos, uint8_t init_pad, uint8_t fini_pad)
Definition: sha3.cpp:168
void zap(std::vector< T, Alloc > &vec)
Definition: secmem.h:170
void copy_out_le(uint8_t out[], size_t out_bytes, const T in[])
Definition: loadstor.h:679
StreamCipher * clone() const override
static size_t absorb(size_t bitrate, secure_vector< uint64_t > &S, size_t S_pos, const uint8_t input[], size_t length)
Definition: sha3.cpp:121
void seek(uint64_t offset) override
void set_iv(const uint8_t iv[], size_t iv_len) override
void xor_buf(uint8_t out[], const uint8_t in[], size_t length)
Definition: mem_ops.h:232
Definition: alg_id.cpp:13
void clear() override
static void permute(uint64_t A[25])
Definition: sha3.cpp:91
std::string name() const override
void zeroise(std::vector< T, Alloc > &vec)
Definition: secmem.h:160