/src/SymCrypt/lib/cshake_pattern.c
Line | Count | Source (jump to first uncovered line) |
1 | | // |
2 | | // cshake_pattern.c |
3 | | // |
4 | | // Copyright (c) Microsoft Corporation. Licensed under the MIT license. |
5 | | // |
6 | | |
7 | | |
8 | | // |
9 | | // This source file implements cSHAKE128 and cSHAKE256 |
10 | | // |
11 | | // See the symcrypt.h file for documentation on what the various functions do. |
12 | | // |
13 | | |
14 | | |
15 | | // |
16 | | // SymCryptCShake |
17 | | // |
18 | | VOID |
19 | | SYMCRYPT_CALL |
20 | | SYMCRYPT_Xxx( |
21 | | _In_reads_( cbFunctionNameString ) PCBYTE pbFunctionNameString, |
22 | | SIZE_T cbFunctionNameString, |
23 | | _In_reads_( cbCustomizationString ) PCBYTE pbCustomizationString, |
24 | | SIZE_T cbCustomizationString, |
25 | | _In_reads_( cbData ) PCBYTE pbData, |
26 | | SIZE_T cbData, |
27 | | _Out_writes_( cbResult ) PBYTE pbResult, |
28 | | SIZE_T cbResult) |
29 | 0 | { |
30 | 0 | SYMCRYPT_XXX_STATE state; |
31 | |
|
32 | 0 | SYMCRYPT_XxxInit(&state, |
33 | 0 | pbFunctionNameString, cbFunctionNameString, |
34 | 0 | pbCustomizationString, cbCustomizationString); |
35 | |
|
36 | 0 | SYMCRYPT_XxxAppend(&state, pbData, cbData); |
37 | 0 | SYMCRYPT_XxxExtract(&state, pbResult, cbResult, TRUE); |
38 | 0 | } Unexecuted instantiation: SymCryptCShake128 Unexecuted instantiation: SymCryptCShake256 |
39 | | |
40 | | |
41 | | // |
42 | | // SymCryptCShakeInit |
43 | | // |
44 | | VOID |
45 | | SYMCRYPT_CALL |
46 | | SYMCRYPT_XxxInit( |
47 | | _Out_ PSYMCRYPT_XXX_STATE pState, |
48 | | _In_reads_( cbFunctionNameString ) PCBYTE pbFunctionNameString, |
49 | | SIZE_T cbFunctionNameString, |
50 | | _In_reads_( cbCustomizationString ) PCBYTE pbCustomizationString, |
51 | | SIZE_T cbCustomizationString) |
52 | 0 | { |
53 | 0 | C_ASSERT( sizeof(SYMCRYPT_XXX_STATE) == sizeof(SYMCRYPT_SHAKEXXX_STATE) ); |
54 | |
|
55 | 0 | SYMCRYPT_SHAKEXXX_INIT( (SYMCRYPT_SHAKEXXX_STATE*)pState ); |
56 | | |
57 | | // Perform cSHAKE processing of input strings when any of the input strings is non-empty |
58 | 0 | if (cbFunctionNameString != 0 || cbCustomizationString != 0) |
59 | 0 | { |
60 | | // cSHAKE and SHAKE have different paddings. pState->paddingValue |
61 | | // is set to SYMCRYPT_SHAKE_PADDING_VALUE in the SHAKE initialization above. |
62 | | // We update the padding value here because at least one of the input strings |
63 | | // is non-empty and cSHAKE will not default to SHAKE. |
64 | 0 | pState->ks.paddingValue = SYMCRYPT_CSHAKE_PADDING_VALUE; |
65 | |
|
66 | 0 | SymCryptCShakeEncodeInputStrings(&pState->ks, |
67 | 0 | pbFunctionNameString, cbFunctionNameString, |
68 | 0 | pbCustomizationString, cbCustomizationString); |
69 | 0 | } |
70 | |
|
71 | 0 | SYMCRYPT_SET_MAGIC(pState); |
72 | 0 | } Unexecuted instantiation: SymCryptCShake128Init Unexecuted instantiation: SymCryptCShake256Init |
73 | | |
74 | | // |
75 | | // SymCryptCShakeAppend |
76 | | // |
77 | | VOID |
78 | | SYMCRYPT_CALL |
79 | | SYMCRYPT_XxxAppend( |
80 | | _Inout_ PSYMCRYPT_XXX_STATE pState, |
81 | | _In_reads_( cbData ) PCBYTE pbData, |
82 | | SIZE_T cbData ) |
83 | 0 | { |
84 | | // Fixing of the padding value |
85 | | // |
86 | | // SymCryptKeccakAppend will reset the state, switch to absorb mode, |
87 | | // and append data to the empty state if the state was in squeeze mode |
88 | | // when Append is called. This behavior is equivalent to initializing |
89 | | // cSHAKE with empty input strings, which makes cSHAKE a SHAKE instance. |
90 | | // |
91 | | // cSHAKE and SHAKE have different paddings, so we have to update the |
92 | | // padding value in case it was cSHAKE padding before. |
93 | 0 | if (pState->ks.squeezeMode) |
94 | 0 | { |
95 | 0 | pState->ks.paddingValue = SYMCRYPT_SHAKE_PADDING_VALUE; |
96 | 0 | } |
97 | |
|
98 | 0 | SymCryptKeccakAppend(&pState->ks, pbData, cbData); |
99 | 0 | } Unexecuted instantiation: SymCryptCShake128Append Unexecuted instantiation: SymCryptCShake256Append |
100 | | |
101 | | // |
102 | | // SymCryptCShakeExtract |
103 | | // |
104 | | VOID |
105 | | SYMCRYPT_CALL |
106 | | SYMCRYPT_XxxExtract( |
107 | | _Inout_ PSYMCRYPT_XXX_STATE pState, |
108 | | _Out_writes_(cbResult) PBYTE pbResult, |
109 | | SIZE_T cbResult, |
110 | | BOOLEAN bWipe) |
111 | 0 | { |
112 | 0 | SymCryptKeccakExtract(&pState->ks, pbResult, cbResult, bWipe); |
113 | |
|
114 | 0 | if (bWipe) |
115 | 0 | { |
116 | | // If the state was wiped, set the state as if cSHAKE was initialized |
117 | | // with empty strings, which is equivalent to empty SHAKE state. |
118 | | // We have no way to store the Function Name string and Customization |
119 | | // string information to go back to the initial cSHAKE state. |
120 | 0 | pState->ks.paddingValue = SYMCRYPT_SHAKE_PADDING_VALUE; |
121 | 0 | } |
122 | 0 | } Unexecuted instantiation: SymCryptCShake128Extract Unexecuted instantiation: SymCryptCShake256Extract |
123 | | |
124 | | // |
125 | | // SymCryptCShakeResult |
126 | | // |
127 | | VOID |
128 | | SYMCRYPT_CALL |
129 | | SYMCRYPT_XxxResult( |
130 | | _Inout_ PSYMCRYPT_XXX_STATE pState, |
131 | | _Out_writes_( SYMCRYPT_CSHAKEXXX_RESULT_SIZE ) PBYTE pbResult) |
132 | 0 | { |
133 | 0 | SymCryptKeccakExtract(&pState->ks, pbResult, SYMCRYPT_CSHAKEXXX_RESULT_SIZE, TRUE); |
134 | | |
135 | | // Revert to cSHAKE initialized with empty strings state, i.e., empty SHAKE state |
136 | 0 | pState->ks.paddingValue = SYMCRYPT_SHAKE_PADDING_VALUE; |
137 | 0 | } Unexecuted instantiation: SymCryptCShake128Result Unexecuted instantiation: SymCryptCShake256Result |
138 | | |
139 | | // |
140 | | // SymCryptCShakeStateCopy |
141 | | // |
142 | | VOID |
143 | | SYMCRYPT_CALL |
144 | | SYMCRYPT_XxxStateCopy(_In_ const SYMCRYPT_XXX_STATE* pSrc, _Out_ SYMCRYPT_XXX_STATE* pDst) |
145 | 0 | { |
146 | 0 | SYMCRYPT_CHECK_MAGIC(pSrc); |
147 | 0 | *pDst = *pSrc; |
148 | 0 | SYMCRYPT_SET_MAGIC(pDst); |
149 | 0 | } Unexecuted instantiation: SymCryptCShake128StateCopy Unexecuted instantiation: SymCryptCShake256StateCopy |