Coverage Report

Created: 2022-06-23 06:44

/src/botan/src/lib/stream/shake_cipher/shake_cipher.cpp
Line
Count
Source (jump to first uncovered line)
1
/*
2
* SHAKE-128
3
* (C) 2016 Jack Lloyd
4
*
5
* Botan is released under the Simplified BSD License (see license.txt)
6
*/
7
8
#include <botan/internal/shake_cipher.h>
9
#include <botan/exceptn.h>
10
#include <botan/internal/sha3.h>
11
#include <botan/internal/loadstor.h>
12
13
namespace Botan {
14
15
SHAKE_128_Cipher::SHAKE_128_Cipher() :
16
   m_buf_pos(0)
17
0
   {}
18
19
void SHAKE_128_Cipher::cipher(const uint8_t in[], uint8_t out[], size_t length)
20
0
   {
21
0
   const size_t SHAKE_128_BYTERATE = (1600-256)/8;
22
23
0
   verify_key_set(m_state.empty() == false);
24
25
0
   while(length >= SHAKE_128_BYTERATE - m_buf_pos)
26
0
      {
27
0
      xor_buf(out, in, &m_buffer[m_buf_pos], SHAKE_128_BYTERATE - m_buf_pos);
28
0
      length -= (SHAKE_128_BYTERATE - m_buf_pos);
29
0
      in += (SHAKE_128_BYTERATE - m_buf_pos);
30
0
      out += (SHAKE_128_BYTERATE - m_buf_pos);
31
32
0
      SHA_3::permute(m_state.data());
33
0
      copy_out_le(m_buffer.data(), SHAKE_128_BYTERATE, m_state.data());
34
35
0
      m_buf_pos = 0;
36
0
      }
37
0
   xor_buf(out, in, &m_buffer[m_buf_pos], length);
38
0
   m_buf_pos += length;
39
0
   }
40
41
void SHAKE_128_Cipher::key_schedule(const uint8_t key[], size_t length)
42
0
   {
43
0
   const size_t SHAKE_128_BITRATE = (1600-256);
44
0
   m_state.resize(25);
45
0
   m_buffer.resize(SHAKE_128_BITRATE/8);
46
0
   zeroise(m_state);
47
48
0
   const size_t S_pos = SHA_3::absorb(SHAKE_128_BITRATE, m_state, 0, key, length);
49
0
   SHA_3::finish(SHAKE_128_BITRATE, m_state, S_pos, 0x1F, 0x80);
50
0
   copy_out_le(m_buffer.data(), m_buffer.size(), m_state.data());
51
0
   }
52
53
void SHAKE_128_Cipher::clear()
54
0
   {
55
0
   zap(m_state);
56
0
   zap(m_buffer);
57
0
   m_buf_pos = 0;
58
0
   }
59
60
void SHAKE_128_Cipher::set_iv(const uint8_t /*iv*/[], size_t length)
61
0
   {
62
   /*
63
   * This could be supported in some way (say, by treating iv as
64
   * a prefix or suffix of the key).
65
   */
66
0
   if(length != 0)
67
0
      throw Invalid_IV_Length(name(), length);
68
0
   }
69
70
void SHAKE_128_Cipher::seek(uint64_t /*offset*/)
71
0
   {
72
0
   throw Not_Implemented("SHAKE_128_Cipher::seek");
73
0
   }
74
75
Key_Length_Specification SHAKE_128_Cipher::key_spec() const
76
0
   {
77
0
   return Key_Length_Specification(1, 160);
78
0
   }
79
80
std::string SHAKE_128_Cipher::name() const
81
0
   {
82
0
   return "SHAKE-128";
83
0
   }
84
85
std::unique_ptr<StreamCipher> SHAKE_128_Cipher::new_object() const
86
0
   {
87
0
   return std::make_unique<SHAKE_128_Cipher>();
88
0
   }
89
90
}