2017-01-27 12:05:45 +00:00
|
|
|
// sha3.h - originally written and placed in the public domain by Wei Dai
|
2013-01-19 02:20:00 +00:00
|
|
|
|
2017-11-29 15:54:33 +00:00
|
|
|
/// \file sha3.h
|
|
|
|
|
/// \brief Classes for SHA3 message digests
|
|
|
|
|
/// \details The Crypto++ implementation conforms to the FIPS 202 version of SHA3 using F1600 with XOF d=0x06.
|
|
|
|
|
/// Previous behavior (XOF d=0x01) is available in Keccak classes.
|
|
|
|
|
/// \sa <a href="http://en.wikipedia.org/wiki/SHA-3">SHA-3</a>,
|
|
|
|
|
/// <A HREF="http://csrc.nist.gov/groups/ST/hash/sha-3/fips202_standard_2015.html">SHA-3 STANDARD (FIPS 202)</A>.
|
|
|
|
|
/// \since Crypto++ 5.6.2
|
2015-11-18 20:32:28 +00:00
|
|
|
|
2013-01-19 02:20:00 +00:00
|
|
|
#ifndef CRYPTOPP_SHA3_H
|
|
|
|
|
#define CRYPTOPP_SHA3_H
|
|
|
|
|
|
|
|
|
|
#include "cryptlib.h"
|
|
|
|
|
#include "secblock.h"
|
2019-02-13 19:22:43 +00:00
|
|
|
#include "misc.h"
|
2013-01-19 02:20:00 +00:00
|
|
|
|
|
|
|
|
NAMESPACE_BEGIN(CryptoPP)
|
|
|
|
|
|
2017-11-29 15:54:33 +00:00
|
|
|
/// \brief SHA3 message digest base class
|
|
|
|
|
/// \details The Crypto++ implementation conforms to FIPS 202 version of SHA3 using F1600 with XOF d=0x06.
|
|
|
|
|
/// Previous behavior (XOF d=0x01) is available in Keccak classes.
|
|
|
|
|
/// \details SHA3 is the base class for SHA3_224, SHA3_256, SHA3_384 and SHA3_512.
|
|
|
|
|
/// Library users should instantiate a derived class, and only use SHA3
|
|
|
|
|
/// as a base class reference or pointer.
|
|
|
|
|
/// \sa Keccak, SHA3_224, SHA3_256, SHA3_384 and SHA3_512.
|
|
|
|
|
/// \since Crypto++ 5.6.2
|
2013-01-19 02:20:00 +00:00
|
|
|
class SHA3 : public HashTransformation
|
|
|
|
|
{
|
2019-02-13 04:52:19 +00:00
|
|
|
protected:
|
2019-02-13 00:51:37 +00:00
|
|
|
/// \brief Construct a SHA3
|
|
|
|
|
/// \param digestSize the digest size, in bytes
|
|
|
|
|
/// \details SHA3 is the base class for SHA3_224, SHA3_256, SHA3_384 and SHA3_512.
|
|
|
|
|
/// Library users should instantiate a derived class, and only use SHA3
|
|
|
|
|
/// as a base class reference or pointer.
|
2019-02-13 05:01:58 +00:00
|
|
|
/// \details This constructor was moved to protected at Crypto++ 8.1
|
|
|
|
|
/// because users were attempting to create Keccak objects with it.
|
|
|
|
|
/// \since Crypto++ 5.6.2
|
2019-02-13 00:51:37 +00:00
|
|
|
SHA3(unsigned int digestSize) : m_digestSize(digestSize) {Restart();}
|
2019-02-13 04:52:19 +00:00
|
|
|
|
|
|
|
|
public:
|
2019-02-13 00:51:37 +00:00
|
|
|
unsigned int DigestSize() const {return m_digestSize;}
|
|
|
|
|
unsigned int OptimalDataAlignment() const {return GetAlignmentOf<word64>();}
|
|
|
|
|
|
|
|
|
|
void Update(const byte *input, size_t length);
|
|
|
|
|
void Restart();
|
|
|
|
|
void TruncatedFinal(byte *hash, size_t size);
|
|
|
|
|
|
2013-01-19 02:20:00 +00:00
|
|
|
protected:
|
2019-02-13 00:51:37 +00:00
|
|
|
inline unsigned int r() const {return BlockSize();}
|
2013-01-19 02:20:00 +00:00
|
|
|
|
2019-02-13 00:51:37 +00:00
|
|
|
FixedSizeSecBlock<word64, 25> m_state;
|
|
|
|
|
unsigned int m_digestSize, m_counter;
|
2013-01-19 02:20:00 +00:00
|
|
|
};
|
|
|
|
|
|
2017-11-29 15:54:33 +00:00
|
|
|
/// \brief SHA3 message digest template
|
|
|
|
|
/// \tparam T_DigestSize the size of the digest, in bytes
|
|
|
|
|
/// \since Crypto++ 5.6.2
|
2016-10-01 08:42:42 +00:00
|
|
|
template<unsigned int T_DigestSize>
|
2016-09-21 12:16:10 +00:00
|
|
|
class SHA3_Final : public SHA3
|
2013-01-19 02:20:00 +00:00
|
|
|
{
|
|
|
|
|
public:
|
2019-02-13 00:51:37 +00:00
|
|
|
CRYPTOPP_CONSTANT(DIGESTSIZE = T_DigestSize)
|
|
|
|
|
CRYPTOPP_CONSTANT(BLOCKSIZE = 200 - 2 * DIGESTSIZE)
|
2019-02-13 04:38:38 +00:00
|
|
|
static std::string StaticAlgorithmName()
|
|
|
|
|
{ return "SHA3-" + IntToString(DIGESTSIZE * 8); }
|
2019-02-13 00:51:37 +00:00
|
|
|
|
|
|
|
|
/// \brief Construct a SHA3-X message digest
|
|
|
|
|
SHA3_Final() : SHA3(DIGESTSIZE) {}
|
2019-02-13 04:38:38 +00:00
|
|
|
|
|
|
|
|
/// \brief Provides the block size of the compression function
|
|
|
|
|
/// \return block size of the compression function, in bytes
|
|
|
|
|
/// \details BlockSize() will return 0 if the hash is not block based
|
|
|
|
|
/// or does not have an equivalent block size. For example, Keccak
|
|
|
|
|
/// and SHA-3 do not have a block size, but they do have an equivalent
|
|
|
|
|
/// block size called rate expressed as <tt>r</tt>.
|
2019-02-13 00:51:37 +00:00
|
|
|
unsigned int BlockSize() const { return BLOCKSIZE; }
|
2016-09-21 12:16:10 +00:00
|
|
|
|
2019-02-13 19:22:43 +00:00
|
|
|
std::string AlgorithmName() const { return StaticAlgorithmName(); }
|
|
|
|
|
|
2016-09-21 12:16:10 +00:00
|
|
|
private:
|
2017-09-21 06:01:04 +00:00
|
|
|
#if !defined(__BORLANDC__)
|
2019-02-13 04:38:38 +00:00
|
|
|
// ensure there was no underflow in the math
|
|
|
|
|
CRYPTOPP_COMPILE_ASSERT(BLOCKSIZE < 200);
|
|
|
|
|
// this is a general expectation by HMAC
|
2019-02-13 16:31:18 +00:00
|
|
|
CRYPTOPP_COMPILE_ASSERT((int)BLOCKSIZE > (int)DIGESTSIZE);
|
2017-09-21 06:01:04 +00:00
|
|
|
#endif
|
2016-09-09 00:24:25 +00:00
|
|
|
};
|
2013-01-19 02:20:00 +00:00
|
|
|
|
2017-11-29 15:54:33 +00:00
|
|
|
/// \brief SHA3-224 message digest
|
|
|
|
|
/// \since Crypto++ 5.6.2
|
2019-02-13 00:51:37 +00:00
|
|
|
class SHA3_224 : public SHA3_Final<28> {};
|
2017-07-27 23:15:21 +00:00
|
|
|
|
2017-11-29 15:54:33 +00:00
|
|
|
/// \brief SHA3-256 message digest
|
|
|
|
|
/// \since Crypto++ 5.6.2
|
2019-02-13 00:51:37 +00:00
|
|
|
class SHA3_256 : public SHA3_Final<32> {};
|
2017-07-27 23:15:21 +00:00
|
|
|
|
2017-11-29 15:54:33 +00:00
|
|
|
/// \brief SHA3-384 message digest
|
|
|
|
|
/// \since Crypto++ 5.6.2
|
2019-02-13 00:51:37 +00:00
|
|
|
class SHA3_384 : public SHA3_Final<48> {};
|
2017-07-27 23:15:21 +00:00
|
|
|
|
2017-11-29 15:54:33 +00:00
|
|
|
/// \brief SHA3-512 message digest
|
|
|
|
|
/// \since Crypto++ 5.6.2
|
2019-02-13 00:51:37 +00:00
|
|
|
class SHA3_512 : public SHA3_Final<64> {};
|
2013-01-19 02:20:00 +00:00
|
|
|
|
|
|
|
|
NAMESPACE_END
|
|
|
|
|
|
|
|
|
|
#endif
|
