/src/botan/build/include/internal/botan/internal/keccak_perm.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Keccak Permutation |
3 | | * (C) 2010,2016 Jack Lloyd |
4 | | * (C) 2023 Falko Strenzke |
5 | | * (C) 2023 René Meusel - Rohde & Schwarz Cybersecurity |
6 | | * |
7 | | * Botan is released under the Simplified BSD License (see license.txt) |
8 | | */ |
9 | | |
10 | | #ifndef BOTAN_KECCAK_PERM_H_ |
11 | | #define BOTAN_KECCAK_PERM_H_ |
12 | | |
13 | | #include <botan/secmem.h> |
14 | | #include <span> |
15 | | #include <string> |
16 | | |
17 | | namespace Botan { |
18 | | |
19 | | /** |
20 | | * KECCAK FIPS |
21 | | * |
22 | | * This file implements Keccak[c] which is specified by NIST FIPS 202 [1], where |
23 | | * "c" is the variable capacity of this hash primitive. Keccak[c] is not a |
24 | | * general purpose hash function, but used as the basic primitive for algorithms |
25 | | * such as SHA-3 and KMAC. This is not to be confused with the "informal" general purpose hash |
26 | | * function which is referred to as "Keccak" and apparently refers to the final |
27 | | * submission version of the Keccak submission in the SHA-3 contest, possibly |
28 | | * what is released by NIST under the name "KECCAK - Final Algorithm Package" [2]. |
29 | | * See also the file keccak.h for the details how the keccak hash function is defined |
30 | | * in terms of the Keccak[c] – a detail which cannot be found in [1]. |
31 | | * |
32 | | * |
33 | | * |
34 | | * [1] FIPS PUB 202 – FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION – SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions |
35 | | * https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf#page=28 |
36 | | * [2] https://csrc.nist.gov/projects/hash-functions/sha-3-project |
37 | | */ |
38 | | class Keccak_Permutation final { |
39 | | public: |
40 | | /** |
41 | | * @brief Instantiate a Keccak permutation |
42 | | * |
43 | | * The @p custom_padding is assumed to be init_pad || 00... || fini_pad |
44 | | * |
45 | | * @param capacity_bits Keccak capacity |
46 | | * @param custom_padding the custom bit padding that is to be appended on the call to finish |
47 | | * @param custom_padding_bit_len the bit length of the custom_padd |
48 | | */ |
49 | | Keccak_Permutation(size_t capacity_bits, uint64_t custom_padding, uint8_t custom_padding_bit_len); |
50 | | |
51 | 0 | size_t capacity() const { return m_capacity; } |
52 | | |
53 | 0 | size_t bit_rate() const { return m_byterate * 8; } |
54 | | |
55 | 0 | size_t byte_rate() const { return m_byterate; } |
56 | | |
57 | | void clear(); |
58 | | std::string provider() const; |
59 | | |
60 | | /** |
61 | | * @brief Absorb input data into the Keccak sponge |
62 | | * |
63 | | * This method can be called multiple times with arbitrary-length buffers. |
64 | | * |
65 | | * @param input the input data |
66 | | */ |
67 | | void absorb(std::span<const uint8_t> input); |
68 | | |
69 | | /** |
70 | | * @brief Expand output data from the current Keccak state |
71 | | * |
72 | | * This method can be called multiple times with arbitrary-length buffers. |
73 | | * |
74 | | * @param output the designated output memory |
75 | | */ |
76 | | void squeeze(std::span<uint8_t> output); |
77 | | |
78 | | /** |
79 | | * @brief Add final padding (as provided in the constructor) and permute |
80 | | */ |
81 | | void finish(); |
82 | | |
83 | | private: |
84 | | void permute(); |
85 | | |
86 | | #if defined(BOTAN_HAS_KECCAK_PERM_BMI2) |
87 | | void permute_bmi2(); |
88 | | #endif |
89 | | |
90 | | private: |
91 | | const size_t m_capacity; |
92 | | const size_t m_byterate; |
93 | | const uint64_t m_custom_padding; |
94 | | const uint8_t m_custom_padding_bit_len; |
95 | | secure_vector<uint64_t> m_S; |
96 | | uint8_t m_S_inpos; |
97 | | uint8_t m_S_outpos; |
98 | | }; |
99 | | |
100 | | } // namespace Botan |
101 | | |
102 | | #endif |