spritz/spritz.h

/* spritz.h, spritz C implementation, header
 *
 * Copyright (c) 2015 Marc Alexander Lehmann <libev@schmorp.de>
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without modifica-
 * tion, are permitted provided that the following conditions are met:
 *
 *   1.  Redistributions of source code must retain the above copyright notice,
 *       this list of conditions and the following disclaimer.
 *
 *   2.  Redistributions in binary form must reproduce the above copyright
 *       notice, this list of conditions and the following disclaimer in the
 *       documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MER-
 * CHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
 * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPE-
 * CIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTH-
 * ERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 * Alternatively, the contents of this file may be used under the terms of
 * the GNU General Public License ("GPL") version 2 or any later version,
 * in which case the provisions of the GPL are applicable instead of
 * the above. If you wish to allow the use of your version of this file
 * only under the terms of the GPL and not to allow others to use your
 * version of this file under the BSD license, indicate your decision
 * by deleting the provisions above and replace them with the notice
 * and other provisions required by the GPL. If you do not delete the
 * provisions above, a recipient may use your version of this file under
 * either the BSD or the GPL.
 */
#ifndef SPRITZ_H
#define SPRITZ_H

#include <stdint.h>
#include <sys/types.h>

/*******************************************************************************/
/* spritz parameters/state type */

enum {
  spritz_N = 256
};

typedef struct
{
  uint8_t a, i, j, k, z, w;
  uint8_t S[spritz_N];
} spritz_state;

/*******************************************************************************/
/* the spritz primitives */

void    spritz_init            (spritz_state *s);
void    spritz_update          (spritz_state *s);
void    spritz_whip            (spritz_state *s, uint_fast16_t r);
void    spritz_crush           (spritz_state *s);
void    spritz_shuffle         (spritz_state *s);
void    spritz_absorb          (spritz_state *s, const void *I, size_t I_len);
void    spritz_absorb_stop     (spritz_state *s);
void    spritz_absorb_and_stop (spritz_state *s, const void *I, size_t I_len); /* commonly used helper function */
uint8_t spritz_output          (spritz_state *s);
void    spritz_squeeze         (spritz_state *s, void *P, size_t P_len);
uint8_t spritz_drip            (spritz_state *s);

/*******************************************************************************/
/* the spritz cipher */

/* no IV is used if IV_len == 0 */
void spritz_cipher_init    (spritz_state *s, const void *K, size_t K_len, const void *IV, size_t IV_len);

/* can be called multiple times/incrementally */
/* can work inplace */
void spritz_cipher_encrypt (spritz_state *s, const void *I, void *O, size_t len);
void spritz_cipher_decrypt (spritz_state *s, const void *I, void *O, size_t len);

/*******************************************************************************/
/* the spritz-xor cipher */

/* no IV is used if IV_len == 0 */
static void spritz_cipher_xor_init  (spritz_state *s, const void *K, size_t K_len, const void *IV, size_t IV_len);

/* can be called multiple times/incrementally */
/* can work inplace */
/* works for both encryption and decryption */
       void spritz_cipher_xor_crypt (spritz_state *s, const void *I, void *O, size_t len);

/*******************************************************************************/
/* the spritz hash */

static void spritz_hash_init   (spritz_state *s);
static void spritz_hash_add    (spritz_state *s, const void *M, size_t M_len); /* can be called multiple times/incrementally */
       void spritz_hash_finish (spritz_state *s, void *H, size_t H_len); /* must be called at most once at the end */

/*******************************************************************************/
/* the spritz MAC */

       void spritz_mac_init   (spritz_state *s, const void *K, size_t K_len);
static void spritz_mac_add    (spritz_state *s, const void *M, size_t M_len); /* can be called multiple times/incrementally */
static void spritz_mac_finish (spritz_state *s, void *H, size_t H_len); /* must be called at most once at the end */

/*******************************************************************************/
/* spritz authenticated encryption */

static void spritz_aead_init            (spritz_state *s, const void *K, size_t K_len);
static void spritz_aead_nonce           (spritz_state *s, const void *N, size_t N_len); /* must be called after construction, before associated_data */
static void spritz_aead_associated_data (spritz_state *s, const void *D, size_t D_len); /* must be called after nonce, before crypt */
       void spritz_aead_encrypt         (spritz_state *s, const void *I, void *O, size_t len);
       void spritz_aead_decrypt         (spritz_state *s, const void *I, void *O, size_t len);
/* must be called after associated_data, only once, before finish */
/* works for both encryption and decryption */
static void spritz_aead_finish          (spritz_state *s, void *H, size_t H_len); /* must be called at most once at the end */

/*******************************************************************************/
/* spritz authenticated encryption (xor variant) */

static void spritz_aead_xor_init            (spritz_state *s, const void *K, size_t K_len);
static void spritz_aead_xor_nonce           (spritz_state *s, const void *N, size_t N_len); /* must be called after construction, before associated_data */
static void spritz_aead_xor_associated_data (spritz_state *s, const void *D, size_t D_len); /* must be called after nonce, before crypt */
       void spritz_aead_xor_crypt           (spritz_state *s, const void *I, void *O, size_t len);
/* must be called after associated_data, only once, before finish */
/* works for both encryption and decryption */
static void spritz_aead_xor_finish          (spritz_state *s, void *H, size_t H_len); /* must be called at most once at the end */

/*******************************************************************************/
/* the spritz drbg/csprng */

/* constructor takes a seed if S_len != 0, same as spritz_prng_add */
       void spritz_prng_init (spritz_state *s, const void *S, size_t S_len);
static void spritz_prng_add  (spritz_state *s, const void *S, size_t S_len); /* add additional entropy */
static void spritz_prng_get  (spritz_state *s, void *R, size_t R_len); /* get random bytes */

/*******************************************************************************/
/* inline functions - some functions are so simple, they are defined inline */

/* the spritz-xor cipher inline functions */

static void
spritz_cipher_xor_init (spritz_state *s, const void *K, size_t K_len, const void *IV, size_t IV_len)
{
  spritz_cipher_init (s, K, K_len, IV, IV_len);
}

/* the spritz hash inline functions */

static void
spritz_hash_init (spritz_state *s)
{
  spritz_init (s);
}

static void
spritz_hash_add (spritz_state *s, const void *M, size_t M_len)
{
  spritz_absorb (s, M, M_len);
}

/* the spritz MAC inline functions */

static void
spritz_mac_add (spritz_state *s, const void *M, size_t M_len)
{
  spritz_hash_add (s, M, M_len);
}

static void
spritz_mac_finish (spritz_state *s, void *H, size_t H_len)
{
  spritz_hash_finish (s, H, H_len);
}

/* spritz authenticated encryption inline functions */

static void
spritz_aead_init (spritz_state *s, const void *K, size_t K_len)
{
  spritz_mac_init (s, K, K_len);
}

static void
spritz_aead_nonce (spritz_state *s, const void *N, size_t N_len)
{
  spritz_absorb_and_stop (s, N, N_len);
}

static void
spritz_aead_associated_data (spritz_state *s, const void *D, size_t D_len)
{
  spritz_absorb_and_stop (s, D, D_len);
}

static void
spritz_aead_finish (spritz_state *s, void *H, size_t H_len)
{
  spritz_mac_finish (s, H, H_len);
}

/* spritz authenticated encryption (xor variant) inline functions */

static void
spritz_aead_xor_init (spritz_state *s, const void *K, size_t K_len)
{
  spritz_mac_init (s, K, K_len);
}

static void
spritz_aead_xor_nonce (spritz_state *s, const void *N, size_t N_len)
{
  spritz_absorb_and_stop (s, N, N_len);
}

static void
spritz_aead_xor_associated_data (spritz_state *s, const void *D, size_t D_len)
{
  spritz_absorb_and_stop (s, D, D_len);
}

static void
spritz_aead_xor_finish (spritz_state *s, void *H, size_t H_len)
{
  spritz_mac_finish (s, H, H_len);
}

/* the spritz drbg/csprng inline functions */

static void
spritz_prng_add (spritz_state *s, const void *S, size_t S_len)
{
  spritz_absorb (s, S, S_len);
}

/* get random bytes */
static void
spritz_prng_get (spritz_state *s, void *R, size_t R_len)
{
  spritz_squeeze (s, R, R_len);
}

#endif

Revision:	1.5
Committed:	Sat Jan 10 08:29:03 2015 UTC (9 years, 5 months ago) by root
Content type:	text/plain
Branch:	MAIN
CVS Tags:	rel-0_2
Changes since 1.4:	+59 -2 lines
Log Message:	* empty log message *
#	User	Rev	Content
1	root	1.3	/* spritz.h, spritz C implementation, header
2			*
3			* Copyright (c) 2015 Marc Alexander Lehmann <libev@schmorp.de>
4			* All rights reserved.
5			*
6			* Redistribution and use in source and binary forms, with or without modifica-
7			* tion, are permitted provided that the following conditions are met:
8			*
9			* 1. Redistributions of source code must retain the above copyright notice,
10			* this list of conditions and the following disclaimer.
11			*
12			* 2. Redistributions in binary form must reproduce the above copyright
13			* notice, this list of conditions and the following disclaimer in the
14			* documentation and/or other materials provided with the distribution.
15			*
16			* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
17			* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MER-
18			* CHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
19			* EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPE-
20			* CIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21			* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22			* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23			* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTH-
24			* ERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
25			* OF THE POSSIBILITY OF SUCH DAMAGE.
26			*
27			* Alternatively, the contents of this file may be used under the terms of
28			* the GNU General Public License ("GPL") version 2 or any later version,
29			* in which case the provisions of the GPL are applicable instead of
30			* the above. If you wish to allow the use of your version of this file
31			* only under the terms of the GPL and not to allow others to use your
32			* version of this file under the BSD license, indicate your decision
33			* by deleting the provisions above and replace them with the notice
34			* and other provisions required by the GPL. If you do not delete the
35			* provisions above, a recipient may use your version of this file under
36			* either the BSD or the GPL.
37			*/
38	root	1.4	#ifndef SPRITZ_H
39			#define SPRITZ_H
40	root	1.1
41			#include <stdint.h>
42			#include <sys/types.h>
43
44			/*******************************************************************************/
45			/* spritz parameters/state type */
46
47			enum {
48			spritz_N = 256
49			};
50
51			typedef struct
52			{
53			uint8_t a, i, j, k, z, w;
54			uint8_t S[spritz_N];
55			} spritz_state;
56
57			/*******************************************************************************/
58			/* the spritz primitives */
59
60			void spritz_init (spritz_state *s);
61			void spritz_update (spritz_state *s);
62			void spritz_whip (spritz_state *s, uint_fast16_t r);
63			void spritz_crush (spritz_state *s);
64			void spritz_shuffle (spritz_state *s);
65			void spritz_absorb (spritz_state s, const void I, size_t I_len);
66			void spritz_absorb_stop (spritz_state *s);
67			void spritz_absorb_and_stop (spritz_state s, const void I, size_t I_len); /* commonly used helper function */
68			uint8_t spritz_output (spritz_state *s);
69			void spritz_squeeze (spritz_state s, void P, size_t P_len);
70			uint8_t spritz_drip (spritz_state *s);
71
72			/*******************************************************************************/
73	root	1.5	/* the spritz cipher */
74
75			/* no IV is used if IV_len == 0 */
76			void spritz_cipher_init (spritz_state s, const void K, size_t K_len, const void *IV, size_t IV_len);
77
78			/* can be called multiple times/incrementally */
79			/* can work inplace */
80			void spritz_cipher_encrypt (spritz_state s, const void I, void *O, size_t len);
81			void spritz_cipher_decrypt (spritz_state s, const void I, void *O, size_t len);
82
83			/*******************************************************************************/
84	root	1.1	/* the spritz-xor cipher */
85
86			/* no IV is used if IV_len == 0 */
87	root	1.5	static void spritz_cipher_xor_init (spritz_state s, const void K, size_t K_len, const void *IV, size_t IV_len);
88	root	1.1
89			/* can be called multiple times/incrementally */
90			/* can work inplace */
91			/* works for both encryption and decryption */
92	root	1.5	void spritz_cipher_xor_crypt (spritz_state s, const void I, void *O, size_t len);
93	root	1.1
94			/*******************************************************************************/
95			/* the spritz hash */
96
97			static void spritz_hash_init (spritz_state *s);
98			static void spritz_hash_add (spritz_state s, const void M, size_t M_len); /* can be called multiple times/incrementally */
99			void spritz_hash_finish (spritz_state s, void H, size_t H_len); /* must be called at most once at the end */
100
101			/*******************************************************************************/
102			/* the spritz MAC */
103
104			void spritz_mac_init (spritz_state s, const void K, size_t K_len);
105			static void spritz_mac_add (spritz_state s, const void M, size_t M_len); /* can be called multiple times/incrementally */
106			static void spritz_mac_finish (spritz_state s, void H, size_t H_len); /* must be called at most once at the end */
107
108			/*******************************************************************************/
109			/* spritz authenticated encryption */
110
111	root	1.5	static void spritz_aead_init (spritz_state s, const void K, size_t K_len);
112			static void spritz_aead_nonce (spritz_state s, const void N, size_t N_len); /* must be called after construction, before associated_data */
113			static void spritz_aead_associated_data (spritz_state s, const void D, size_t D_len); /* must be called after nonce, before crypt */
114			void spritz_aead_encrypt (spritz_state s, const void I, void *O, size_t len);
115			void spritz_aead_decrypt (spritz_state s, const void I, void *O, size_t len);
116			/* must be called after associated_data, only once, before finish */
117			/* works for both encryption and decryption */
118			static void spritz_aead_finish (spritz_state s, void H, size_t H_len); /* must be called at most once at the end */
119
120			/*******************************************************************************/
121			/* spritz authenticated encryption (xor variant) */
122
123	root	1.4	static void spritz_aead_xor_init (spritz_state s, const void K, size_t K_len);
124			static void spritz_aead_xor_nonce (spritz_state s, const void N, size_t N_len); /* must be called after construction, before associated_data */
125			static void spritz_aead_xor_associated_data (spritz_state s, const void D, size_t D_len); /* must be called after nonce, before crypt */
126			void spritz_aead_xor_crypt (spritz_state s, const void I, void *O, size_t len);
127	root	1.1	/* must be called after associated_data, only once, before finish */
128			/* works for both encryption and decryption */
129	root	1.4	static void spritz_aead_xor_finish (spritz_state s, void H, size_t H_len); /* must be called at most once at the end */
130	root	1.1
131			/*******************************************************************************/
132			/* the spritz drbg/csprng */
133
134	root	1.4	/* constructor takes a seed if S_len != 0, same as spritz_prng_add */
135	root	1.1	void spritz_prng_init (spritz_state s, const void S, size_t S_len);
136	root	1.4	static void spritz_prng_add (spritz_state s, const void S, size_t S_len); /* add additional entropy */
137	root	1.1	static void spritz_prng_get (spritz_state s, void R, size_t R_len); /* get random bytes */
138
139			/*******************************************************************************/
140			/* inline functions - some functions are so simple, they are defined inline */
141
142	root	1.5	/* the spritz-xor cipher inline functions */
143
144			static void
145			spritz_cipher_xor_init (spritz_state s, const void K, size_t K_len, const void *IV, size_t IV_len)
146			{
147			spritz_cipher_init (s, K, K_len, IV, IV_len);
148			}
149
150	root	1.1	/* the spritz hash inline functions */
151
152			static void
153			spritz_hash_init (spritz_state *s)
154			{
155			spritz_init (s);
156			}
157
158			static void
159			spritz_hash_add (spritz_state s, const void M, size_t M_len)
160			{
161			spritz_absorb (s, M, M_len);
162			}
163
164			/* the spritz MAC inline functions */
165
166			static void
167			spritz_mac_add (spritz_state s, const void M, size_t M_len)
168			{
169			spritz_hash_add (s, M, M_len);
170			}
171
172			static void
173			spritz_mac_finish (spritz_state s, void H, size_t H_len)
174			{
175			spritz_hash_finish (s, H, H_len);
176			}
177
178			/* spritz authenticated encryption inline functions */
179
180			static void
181	root	1.5	spritz_aead_init (spritz_state s, const void K, size_t K_len)
182			{
183			spritz_mac_init (s, K, K_len);
184			}
185
186			static void
187			spritz_aead_nonce (spritz_state s, const void N, size_t N_len)
188			{
189			spritz_absorb_and_stop (s, N, N_len);
190			}
191
192			static void
193			spritz_aead_associated_data (spritz_state s, const void D, size_t D_len)
194			{
195			spritz_absorb_and_stop (s, D, D_len);
196			}
197
198			static void
199			spritz_aead_finish (spritz_state s, void H, size_t H_len)
200			{
201			spritz_mac_finish (s, H, H_len);
202			}
203
204			/* spritz authenticated encryption (xor variant) inline functions */
205
206			static void
207	root	1.4	spritz_aead_xor_init (spritz_state s, const void K, size_t K_len)
208			{
209			spritz_mac_init (s, K, K_len);
210			}
211
212			static void
213			spritz_aead_xor_nonce (spritz_state s, const void N, size_t N_len)
214	root	1.1	{
215			spritz_absorb_and_stop (s, N, N_len);
216			}
217
218			static void
219	root	1.4	spritz_aead_xor_associated_data (spritz_state s, const void D, size_t D_len)
220	root	1.1	{
221			spritz_absorb_and_stop (s, D, D_len);
222			}
223
224			static void
225	root	1.4	spritz_aead_xor_finish (spritz_state s, void H, size_t H_len)
226	root	1.1	{
227			spritz_mac_finish (s, H, H_len);
228			}
229
230			/* the spritz drbg/csprng inline functions */
231
232			static void
233	root	1.4	spritz_prng_add (spritz_state s, const void S, size_t S_len)
234	root	1.1	{
235			spritz_absorb (s, S, S_len);
236			}
237
238			/* get random bytes */
239			static void
240			spritz_prng_get (spritz_state s, void R, size_t R_len)
241			{
242			spritz_squeeze (s, R, R_len);
243			}
244
245	root	1.4	#endif
246