mirror of
https://github.com/shadps4-emu/ext-cryptopp.git
synced 2024-11-24 02:19:41 +00:00
164 lines
7.1 KiB
C++
164 lines
7.1 KiB
C++
// shake.h - written and placed in the public domain by Jeffrey Walton
|
|
|
|
/// \file shake.h
|
|
/// \brief Classes for SHAKE message digests
|
|
/// \details The library provides byte oriented SHAKE128 and SHAKE256 using F1600.
|
|
/// FIPS 202 allows nearly unlimited output sizes, but Crypto++ limits the output
|
|
/// size to <tt>UINT_MAX</tt> due underlying data types.
|
|
/// \sa Keccak, SHA3, SHAKE128, SHAKE256,
|
|
/// <a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf">FIPS 202,
|
|
/// SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions</a>
|
|
/// \since Crypto++ 8.1
|
|
|
|
#ifndef CRYPTOPP_SHAKE_H
|
|
#define CRYPTOPP_SHAKE_H
|
|
|
|
#include "cryptlib.h"
|
|
#include "secblock.h"
|
|
|
|
NAMESPACE_BEGIN(CryptoPP)
|
|
|
|
/// \brief SHAKE message digest base class
|
|
/// \details SHAKE is the base class for SHAKE128 and SHAKE258.
|
|
/// Library users should instantiate a derived class, and only use SHAKE
|
|
/// as a base class reference or pointer.
|
|
/// \sa Keccak, SHA3, SHAKE128, SHAKE256,
|
|
/// <a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf">FIPS 202,
|
|
/// SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions</a>
|
|
/// \since Crypto++ 8.1
|
|
class SHAKE : public HashTransformation
|
|
{
|
|
protected:
|
|
/// \brief Construct a SHAKE
|
|
/// \param digestSize the digest size, in bytes
|
|
/// \details SHAKE is the base class for SHAKE128 and SHAKE256.
|
|
/// Library users should instantiate a derived class, and only use SHAKE
|
|
/// as a base class reference or pointer.
|
|
/// \details This constructor was moved to protected at Crypto++ 8.1
|
|
/// because users were attempting to create Keccak objects with it.
|
|
/// \since Crypto++ 8.1
|
|
SHAKE(unsigned int digestSize) : m_digestSize(digestSize) {Restart();}
|
|
|
|
public:
|
|
unsigned int DigestSize() const {return m_digestSize;}
|
|
unsigned int OptimalDataAlignment() const {return GetAlignmentOf<word64>();}
|
|
|
|
void Update(const byte *input, size_t length);
|
|
void Restart();
|
|
void TruncatedFinal(byte *hash, size_t size);
|
|
|
|
protected:
|
|
inline unsigned int r() const {return BlockSize();}
|
|
|
|
// SHAKE-128 and SHAKE-256 effectively allow unlimited
|
|
// output length. However, we use an unsigned int so
|
|
// we are limited in practice to UINT_MAX.
|
|
void ThrowIfInvalidTruncatedSize(size_t size) const;
|
|
|
|
FixedSizeSecBlock<word64, 25> m_state;
|
|
unsigned int m_digestSize, m_counter;
|
|
};
|
|
|
|
/// \brief SHAKE message digest template
|
|
/// \tparam T_Strength the strength of the digest
|
|
/// \since Crypto++ 8.1
|
|
template<unsigned int T_Strength>
|
|
class SHAKE_Final : public SHAKE
|
|
{
|
|
public:
|
|
CRYPTOPP_CONSTANT(DIGESTSIZE = (T_Strength == 128 ? 32 : 64))
|
|
CRYPTOPP_CONSTANT(BLOCKSIZE = (T_Strength == 128 ? 1344/8 : 1088/8))
|
|
static std::string StaticAlgorithmName()
|
|
{ return "SHAKE-" + IntToString(T_Strength); }
|
|
|
|
/// \brief Construct a SHAKE-X message digest
|
|
/// \details SHAKE128 and SHAKE256 don't need the output size in advance
|
|
/// because the output size does not affect the digest. TruncatedFinal
|
|
/// produces the correct digest for any output size. However, cSHAKE
|
|
/// requires the output size in advance because the algoirthm uses
|
|
/// output size as a parameter to the hash function.
|
|
SHAKE_Final(unsigned int outputSize=DIGESTSIZE) : SHAKE(outputSize) {}
|
|
|
|
/// \brief Provides the block size of the compression function
|
|
/// \return block size of the compression function, in bytes
|
|
/// \details BlockSize() will return 0 if the hash is not block based
|
|
/// or does not have an equivalent block size. For example, Keccak
|
|
/// and SHA-3 do not have a block size, but they do have an equivalent
|
|
/// to block size called rate expressed as <tt>r</tt>.
|
|
unsigned int BlockSize() const { return BLOCKSIZE; }
|
|
|
|
std::string AlgorithmName() const { return StaticAlgorithmName(); }
|
|
|
|
private:
|
|
#if !defined(__BORLANDC__)
|
|
// ensure there was no underflow in the math
|
|
CRYPTOPP_COMPILE_ASSERT(BLOCKSIZE < 200);
|
|
// this is a general expectation by HMAC
|
|
CRYPTOPP_COMPILE_ASSERT((int)BLOCKSIZE > (int)DIGESTSIZE);
|
|
#endif
|
|
};
|
|
|
|
/// \brief SHAKE128 message digest
|
|
/// \details The library provides byte oriented SHAKE128 using F1600.
|
|
/// FIPS 202 allows nearly unlimited output sizes, but Crypto++ limits
|
|
/// the output size to <tt>UINT_MAX</tt> due underlying data types.
|
|
/// \sa Keccak, SHA3, SHAKE256,
|
|
/// <a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf">FIPS 202,
|
|
/// SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions</a>
|
|
/// \since Crypto++ 8.1
|
|
class SHAKE128 : public SHAKE_Final<128>
|
|
{
|
|
public:
|
|
/// \brief Construct a SHAKE128 message digest
|
|
/// \details SHAKE128 and SHAKE256 don't need the output size in advance
|
|
/// because the output size does not affect the digest. TruncatedFinal
|
|
/// produces the correct digest for any output size. However, cSHAKE
|
|
/// requires the output size in advance because the algoirthm uses
|
|
/// output size as a parameter to the hash function.
|
|
/// \since Crypto++ 8.1
|
|
SHAKE128() {}
|
|
|
|
/// \brief Construct a SHAKE128 message digest
|
|
/// \details SHAKE128 and SHAKE256 don't need the output size in advance
|
|
/// because the output size does not affect the digest. TruncatedFinal
|
|
/// produces the correct digest for any output size. However, cSHAKE
|
|
/// requires the output size in advance because the algoirthm uses
|
|
/// output size as a parameter to the hash function.
|
|
/// \since Crypto++ 8.1
|
|
SHAKE128(unsigned int outputSize) : SHAKE_Final<128>(outputSize) {}
|
|
};
|
|
|
|
/// \brief SHAKE256 message digest
|
|
/// \details The library provides byte oriented SHAKE256 using F1600.
|
|
/// FIPS 202 allows nearly unlimited output sizes, but Crypto++ limits
|
|
/// the output size to <tt>UINT_MAX</tt> due underlying data types.
|
|
/// \sa Keccak, SHA3, SHAKE128,
|
|
/// <a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf">FIPS 202,
|
|
/// SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions</a>
|
|
/// \since Crypto++ 8.1
|
|
class SHAKE256 : public SHAKE_Final<256>
|
|
{
|
|
public:
|
|
/// \brief Construct a SHAKE256 message digest
|
|
/// \details SHAKE128 and SHAKE256 don't need the output size in advance
|
|
/// because the output size does not affect the digest. TruncatedFinal
|
|
/// produces the correct digest for any output size. However, cSHAKE
|
|
/// requires the output size in advance because the algoirthm uses
|
|
/// output size as a parameter to the hash function.
|
|
/// \since Crypto++ 8.1
|
|
SHAKE256() {}
|
|
|
|
/// \brief Construct a SHAKE256 message digest
|
|
/// \details SHAKE128 and SHAKE256 don't need the output size in advance
|
|
/// because the output size does not affect the digest. TruncatedFinal
|
|
/// produces the correct digest for any output size. However, cSHAKE
|
|
/// requires the output size in advance because the algoirthm uses
|
|
/// output size as a parameter to the hash function.
|
|
/// \since Crypto++ 8.1
|
|
SHAKE256(unsigned int outputSize) : SHAKE_Final<256>(outputSize) {}
|
|
};
|
|
|
|
NAMESPACE_END
|
|
|
|
#endif
|