Botan  2.7.0
Crypto and TLS for C++11
shake_cipher.cpp
Go to the documentation of this file.
1 /*
2 * SHAKE-128
3 * (C) 2016 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #include <botan/shake_cipher.h>
9 #include <botan/exceptn.h>
10 #include <botan/sha3.h>
11 #include <botan/loadstor.h>
12 
13 namespace Botan {
14 
16  m_buf_pos(0)
17  {}
18 
19 void SHAKE_128_Cipher::cipher(const uint8_t in[], uint8_t out[], size_t length)
20  {
21  verify_key_set(m_state.empty() == false);
22 
23  while(length >= m_buffer.size() - m_buf_pos)
24  {
25  xor_buf(out, in, &m_buffer[m_buf_pos], m_buffer.size() - m_buf_pos);
26  length -= (m_buffer.size() - m_buf_pos);
27  in += (m_buffer.size() - m_buf_pos);
28  out += (m_buffer.size() - m_buf_pos);
29 
30  SHA_3::permute(m_state.data());
31  copy_out_le(m_buffer.data(), m_buffer.size(), m_state.data());
32 
33  m_buf_pos = 0;
34  }
35  xor_buf(out, in, &m_buffer[m_buf_pos], length);
36  m_buf_pos += length;
37  }
38 
39 void SHAKE_128_Cipher::key_schedule(const uint8_t key[], size_t length)
40  {
41  m_state.resize(25);
42  m_buffer.resize((1600 - 256) / 8);
43  zeroise(m_state);
44 
45  for(size_t i = 0; i < length/8; ++i)
46  {
47  m_state[i] ^= load_le<uint64_t>(key, i);
48  }
49 
50  m_state[length/8] ^= 0x000000000000001F;
51  m_state[20] ^= 0x8000000000000000;
52 
53  SHA_3::permute(m_state.data());
54  copy_out_le(m_buffer.data(), m_buffer.size(), m_state.data());
55  }
56 
58  {
59  zap(m_state);
60  zap(m_buffer);
61  m_buf_pos = 0;
62  }
63 
64 void SHAKE_128_Cipher::set_iv(const uint8_t[], size_t length)
65  {
66  /*
67  * This could be supported in some way (say, by treating iv as
68  * a prefix or suffix of the key).
69  */
70  if(length != 0)
71  throw Invalid_IV_Length(name(), length);
72  }
73 
74 void SHAKE_128_Cipher::seek(uint64_t)
75  {
76  throw Not_Implemented("SHAKE_128_Cipher::seek");
77  }
78 }
void cipher(const uint8_t in[], uint8_t out[], size_t length) override
void verify_key_set(bool cond) const
Definition: sym_algo.h:89
void zap(std::vector< T, Alloc > &vec)
Definition: secmem.h:193
void copy_out_le(uint8_t out[], size_t out_bytes, const T in[])
Definition: loadstor.h:675
void seek(uint64_t offset) override
void set_iv(const uint8_t iv[], size_t iv_len) override
void xor_buf(uint8_t out[], const uint8_t in[], size_t length)
Definition: mem_ops.h:174
uint64_t load_le< uint64_t >(const uint8_t in[], size_t off)
Definition: loadstor.h:235
Definition: alg_id.cpp:13
void clear() override
static void permute(uint64_t A[25])
Definition: sha3.cpp:14
std::string name() const override
Definition: shake_cipher.h:51
void zeroise(std::vector< T, Alloc > &vec)
Definition: secmem.h:183