shake.c
Go to the documentation of this file.
1 /**
2  * @file shake.c
3  * @brief SHAKE128 and SHAKE256 extendable-output functions
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCRYPTO Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @section Description
28  *
29  * SHAKE is a function on binary data in which the output can be extended to any
30  * desired length. SHAKE128 supports 128 bits of security strength. SHAKE256
31  * supports 256 bits of security strength. Refer to FIPS 202 for more details
32  *
33  * @author Oryx Embedded SARL (www.oryx-embedded.com)
34  * @version 2.4.4
35  **/
36 
37 //Switch to the appropriate trace level
38 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
39 
40 //Dependencies
41 #include "core/crypto.h"
42 #include "xof/shake.h"
43 
44 //Check crypto library configuration
45 #if (SHAKE_SUPPORT == ENABLED)
46 
47 //SHAKE128 object identifier (2.16.840.1.101.3.4.2.11)
48 const uint8_t shake128Oid[9] = {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x0B};
49 //SHAKE256 object identifier (2.16.840.1.101.3.4.2.12)
50 const uint8_t shake256Oid[9] = {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x0C};
51 
52 
53 /**
54  * @brief Digest a message using SHAKE128 or SHAKE256
55  * @param[in] strength Number of bits of security (128 for SHAKE128 and
56  * 256 for SHAKE256)
57  * @param[in] input Pointer to the input data
58  * @param[in] inputLen Length of the input data
59  * @param[out] output Pointer to the output data
60  * @param[in] outputLen Expected length of the output data
61  * @return Error code
62  **/
63 
64 error_t shakeCompute(uint_t strength, const void *input, size_t inputLen,
65  uint8_t *output, size_t outputLen)
66 {
67  error_t error;
68 #if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
69  ShakeContext *context;
70 #else
71  ShakeContext context[1];
72 #endif
73 
74  //Check parameters
75  if(input == NULL && inputLen != 0)
76  return ERROR_INVALID_PARAMETER;
77 
78  if(output == NULL && outputLen != 0)
79  return ERROR_INVALID_PARAMETER;
80 
81 #if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
82  //Allocate a memory buffer to hold the SHAKE context
83  context = cryptoAllocMem(sizeof(ShakeContext));
84  //Failed to allocate memory?
85  if(context == NULL)
86  return ERROR_OUT_OF_MEMORY;
87 #endif
88 
89  //Initialize the SHAKE context
90  error = shakeInit(context, strength);
91 
92  //Check status code
93  if(!error)
94  {
95  //Absorb input data
96  shakeAbsorb(context, input, inputLen);
97  //Finish absorbing phase
98  shakeFinal(context);
99  //Extract data from the squeezing phase
100  shakeSqueeze(context, output, outputLen);
101  }
102 
103 #if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
104  //Free previously allocated memory
105  cryptoFreeMem(context);
106 #endif
107 
108  //Return status code
109  return error;
110 }
111 
112 
113 /**
114  * @brief Initialize SHAKE context
115  * @param[in] context Pointer to the SHAKE context to initialize
116  * @param[in] strength Number of bits of security (128 for SHAKE128 and
117  * 256 for SHAKE256)
118  * @return Error code
119  **/
120 
121 error_t shakeInit(ShakeContext *context, uint_t strength)
122 {
123  error_t error;
124 
125  //SHAKE128 and SHAKE256 provides respectively 128 and 256 bits of security
126  if(strength == 128 || strength == 256)
127  {
128  //Initialize Keccak context
129  error = keccakInit(&context->keccakContext, 2 * strength);
130  }
131  else
132  {
133  //Report an error
134  error = ERROR_INVALID_PARAMETER;
135  }
136 
137  //Return status code
138  return error;
139 }
140 
141 
142 /**
143  * @brief Absorb data
144  * @param[in] context Pointer to the SHAKE context
145  * @param[in] input Pointer to the buffer being hashed
146  * @param[in] length Length of the buffer
147  **/
148 
149 void shakeAbsorb(ShakeContext *context, const void *input, size_t length)
150 {
151  //Absorb the input data
152  keccakAbsorb(&context->keccakContext, input, length);
153 }
154 
155 
156 /**
157  * @brief Finish absorbing phase
158  * @param[in] context Pointer to the SHAKE context
159  **/
160 
161 void shakeFinal(ShakeContext *context)
162 {
163  //Finish absorbing phase (padding byte is 0x1F for XOFs)
164  keccakFinal(&context->keccakContext, KECCAK_SHAKE_PAD);
165 }
166 
167 
168 /**
169  * @brief Extract data from the squeezing phase
170  * @param[in] context Pointer to the SHAKE context
171  * @param[out] output Output string
172  * @param[in] length Desired output length, in bytes
173  **/
174 
175 void shakeSqueeze(ShakeContext *context, uint8_t *output, size_t length)
176 {
177  //Extract data from the squeezing phase
178  keccakSqueeze(&context->keccakContext, output, length);
179 }
180 
181 #endif
KECCAK_SHAKE_PAD
#define KECCAK_SHAKE_PAD
Definition: keccak.h:95
shake.h
SHAKE128 and SHAKE256 extendable-output functions.
ERROR_OUT_OF_MEMORY
@ ERROR_OUT_OF_MEMORY
Definition: error.h:63
keccakFinal
void keccakFinal(KeccakContext *context, uint8_t pad)
Finish absorbing phase.
Definition: keccak.c:374
ERROR_INVALID_PARAMETER
@ ERROR_INVALID_PARAMETER
Invalid parameter.
Definition: error.h:47
error_t
error_t
Error codes.
Definition: error.h:43
shakeInit
error_t shakeInit(ShakeContext *context, uint_t strength)
Initialize SHAKE context.
Definition: shake.c:121
shake256Oid
const uint8_t shake256Oid[9]
Definition: shake.c:50
shakeAbsorb
void shakeAbsorb(ShakeContext *context, const void *input, size_t length)
Absorb data.
Definition: shake.c:149
crypto.h
General definitions for cryptographic algorithms.
shakeSqueeze
void shakeSqueeze(ShakeContext *context, uint8_t *output, size_t length)
Extract data from the squeezing phase.
Definition: shake.c:175
ShakeContext
SHAKE algorithm context.
Definition: shake.h:49
length
uint8_t length
Definition: tcp.h:368
ShakeContext::keccakContext
KeccakContext keccakContext
Definition: shake.h:50
keccakSqueeze
void keccakSqueeze(KeccakContext *context, uint8_t *output, size_t length)
Extract data from the squeezing phase.
Definition: keccak.c:418
keccakAbsorb
void keccakAbsorb(KeccakContext *context, const void *input, size_t length)
Absorb data.
Definition: m460_crypto_hash.c:490
cryptoFreeMem
#define cryptoFreeMem(p)
Definition: crypto.h:791
cryptoAllocMem
#define cryptoAllocMem(size)
Definition: crypto.h:786
keccakInit
error_t keccakInit(KeccakContext *context, uint_t capacity)
Initialize Keccak context.
Definition: keccak.c:285
shakeFinal
void shakeFinal(ShakeContext *context)
Finish absorbing phase.
Definition: shake.c:161
shake128Oid
const uint8_t shake128Oid[9]
Definition: shake.c:48
uint_t
unsigned int uint_t
Definition: compiler_port.h:50
shakeCompute
error_t shakeCompute(uint_t strength, const void *input, size_t inputLen, uint8_t *output, size_t outputLen)
Digest a message using SHAKE128 or SHAKE256.
Definition: shake.c:64