Botan  2.6.0
Crypto and TLS for C++11
shake_cipher.cpp
Go to the documentation of this file.
1 /*
2 * SHAKE-128
3 * (C) 2016 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #include <botan/shake_cipher.h>
9 #include <botan/sha3.h>
10 #include <botan/loadstor.h>
11 
12 namespace Botan {
13 
15  m_buf_pos(0)
16  {}
17 
18 void SHAKE_128_Cipher::cipher(const uint8_t in[], uint8_t out[], size_t length)
19  {
20  verify_key_set(m_state.empty() == false);
21 
22  while(length >= m_buffer.size() - m_buf_pos)
23  {
24  xor_buf(out, in, &m_buffer[m_buf_pos], m_buffer.size() - m_buf_pos);
25  length -= (m_buffer.size() - m_buf_pos);
26  in += (m_buffer.size() - m_buf_pos);
27  out += (m_buffer.size() - m_buf_pos);
28 
29  SHA_3::permute(m_state.data());
30  copy_out_le(m_buffer.data(), m_buffer.size(), m_state.data());
31 
32  m_buf_pos = 0;
33  }
34  xor_buf(out, in, &m_buffer[m_buf_pos], length);
35  m_buf_pos += length;
36  }
37 
38 void SHAKE_128_Cipher::key_schedule(const uint8_t key[], size_t length)
39  {
40  m_state.resize(25);
41  m_buffer.resize((1600 - 256) / 8);
42  zeroise(m_state);
43 
44  for(size_t i = 0; i < length/8; ++i)
45  {
46  m_state[i] ^= load_le<uint64_t>(key, i);
47  }
48 
49  m_state[length/8] ^= 0x000000000000001F;
50  m_state[20] ^= 0x8000000000000000;
51 
52  SHA_3::permute(m_state.data());
53  copy_out_le(m_buffer.data(), m_buffer.size(), m_state.data());
54  }
55 
57  {
58  zap(m_state);
59  zap(m_buffer);
60  m_buf_pos = 0;
61  }
62 
63 void SHAKE_128_Cipher::set_iv(const uint8_t[], size_t length)
64  {
65  /*
66  * This could be supported in some way (say, by treating iv as
67  * a prefix or suffix of the key).
68  */
69  if(length != 0)
70  throw Invalid_IV_Length(name(), length);
71  }
72 
73 void SHAKE_128_Cipher::seek(uint64_t)
74  {
75  throw Not_Implemented("SHAKE_128_Cipher::seek");
76  }
77 }
void cipher(const uint8_t in[], uint8_t out[], size_t length) override
void verify_key_set(bool cond) const
Definition: sym_algo.h:95
void zap(std::vector< T, Alloc > &vec)
Definition: secmem.h:193
void copy_out_le(uint8_t out[], size_t out_bytes, const T in[])
Definition: loadstor.h:675
void seek(uint64_t offset) override
void set_iv(const uint8_t iv[], size_t iv_len) override
void xor_buf(uint8_t out[], const uint8_t in[], size_t length)
Definition: mem_ops.h:174
uint64_t load_le< uint64_t >(const uint8_t in[], size_t off)
Definition: loadstor.h:235
Definition: alg_id.cpp:13
void clear() override
static void permute(uint64_t A[25])
Definition: sha3.cpp:14
std::string name() const override
Definition: shake_cipher.h:51
void zeroise(std::vector< T, Alloc > &vec)
Definition: secmem.h:183