1 | /* spritz.h */ |
1 | /* spritz.h, spritz C implementation, header |
2 | /* (C)2015 Marc Alexander Lehmann, all rights reserved */ |
2 | * |
|
|
3 | * Copyright (c) 2015 Marc Alexander Lehmann <libev@schmorp.de> |
|
|
4 | * All rights reserved. |
|
|
5 | * |
|
|
6 | * Redistribution and use in source and binary forms, with or without modifica- |
|
|
7 | * tion, are permitted provided that the following conditions are met: |
|
|
8 | * |
|
|
9 | * 1. Redistributions of source code must retain the above copyright notice, |
|
|
10 | * this list of conditions and the following disclaimer. |
|
|
11 | * |
|
|
12 | * 2. Redistributions in binary form must reproduce the above copyright |
|
|
13 | * notice, this list of conditions and the following disclaimer in the |
|
|
14 | * documentation and/or other materials provided with the distribution. |
|
|
15 | * |
|
|
16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED |
|
|
17 | * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MER- |
|
|
18 | * CHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO |
|
|
19 | * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPE- |
|
|
20 | * CIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, |
|
|
21 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; |
|
|
22 | * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, |
|
|
23 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTH- |
|
|
24 | * ERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|
|
25 | * OF THE POSSIBILITY OF SUCH DAMAGE. |
|
|
26 | * |
|
|
27 | * Alternatively, the contents of this file may be used under the terms of |
|
|
28 | * the GNU General Public License ("GPL") version 2 or any later version, |
|
|
29 | * in which case the provisions of the GPL are applicable instead of |
|
|
30 | * the above. If you wish to allow the use of your version of this file |
|
|
31 | * only under the terms of the GPL and not to allow others to use your |
|
|
32 | * version of this file under the BSD license, indicate your decision |
|
|
33 | * by deleting the provisions above and replace them with the notice |
|
|
34 | * and other provisions required by the GPL. If you do not delete the |
|
|
35 | * provisions above, a recipient may use your version of this file under |
|
|
36 | * either the BSD or the GPL. |
|
|
37 | */ |
|
|
38 | #ifndef SPRITZ_H |
|
|
39 | #define SPRITZ_H |
3 | |
40 | |
4 | #include <stdint.h> |
41 | #include <stdint.h> |
5 | #include <sys/types.h> |
42 | #include <sys/types.h> |
6 | |
43 | |
7 | /*******************************************************************************/ |
44 | /*******************************************************************************/ |
… | |
… | |
23 | void spritz_init (spritz_state *s); |
60 | void spritz_init (spritz_state *s); |
24 | void spritz_update (spritz_state *s); |
61 | void spritz_update (spritz_state *s); |
25 | void spritz_whip (spritz_state *s, uint_fast16_t r); |
62 | void spritz_whip (spritz_state *s, uint_fast16_t r); |
26 | void spritz_crush (spritz_state *s); |
63 | void spritz_crush (spritz_state *s); |
27 | void spritz_shuffle (spritz_state *s); |
64 | void spritz_shuffle (spritz_state *s); |
28 | void spritz_absorb_nibble (spritz_state *s, uint8_t x); |
|
|
29 | void spritz_absorb (spritz_state *s, const void *I, size_t I_len); |
65 | void spritz_absorb (spritz_state *s, const void *I, size_t I_len); |
30 | void spritz_absorb_stop (spritz_state *s); |
66 | void spritz_absorb_stop (spritz_state *s); |
31 | void spritz_absorb_and_stop (spritz_state *s, const void *I, size_t I_len); /* commonly used helper function */ |
67 | void spritz_absorb_and_stop (spritz_state *s, const void *I, size_t I_len); /* commonly used helper function */ |
32 | uint8_t spritz_output (spritz_state *s); |
68 | uint8_t spritz_output (spritz_state *s); |
33 | void spritz_squeeze (spritz_state *s, void *P, size_t P_len); |
69 | void spritz_squeeze (spritz_state *s, void *P, size_t P_len); |
34 | uint8_t spritz_drip (spritz_state *s); |
70 | uint8_t spritz_drip (spritz_state *s); |
35 | |
71 | |
36 | /*******************************************************************************/ |
72 | /*******************************************************************************/ |
|
|
73 | /* the spritz cipher */ |
|
|
74 | |
|
|
75 | /* no IV is used if IV_len == 0 */ |
|
|
76 | void spritz_cipher_init (spritz_state *s, const void *K, size_t K_len, const void *IV, size_t IV_len); |
|
|
77 | |
|
|
78 | /* can be called multiple times/incrementally */ |
|
|
79 | /* can work inplace */ |
|
|
80 | void spritz_cipher_encrypt (spritz_state *s, const void *I, void *O, size_t len); |
|
|
81 | void spritz_cipher_decrypt (spritz_state *s, const void *I, void *O, size_t len); |
|
|
82 | |
|
|
83 | /*******************************************************************************/ |
37 | /* the spritz-xor cipher */ |
84 | /* the spritz-xor cipher */ |
38 | |
85 | |
39 | /* no IV is used if IV_len == 0 */ |
86 | /* no IV is used if IV_len == 0 */ |
40 | void spritz_xor_init (spritz_state *s, const void *K, size_t K_len, const void *IV, size_t IV_len); |
87 | static void spritz_cipher_xor_init (spritz_state *s, const void *K, size_t K_len, const void *IV, size_t IV_len); |
41 | |
88 | |
42 | /* can be called multiple times/incrementally */ |
89 | /* can be called multiple times/incrementally */ |
43 | /* can work inplace */ |
90 | /* can work inplace */ |
44 | /* works for both encryption and decryption */ |
91 | /* works for both encryption and decryption */ |
45 | void spritz_xor_crypt (spritz_state *s, const void *I, void *O, size_t len); |
92 | void spritz_cipher_xor_crypt (spritz_state *s, const void *I, void *O, size_t len); |
46 | |
93 | |
47 | /*******************************************************************************/ |
94 | /*******************************************************************************/ |
48 | /* the spritz hash */ |
95 | /* the spritz hash */ |
49 | |
96 | |
50 | static void spritz_hash_init (spritz_state *s); |
97 | static void spritz_hash_init (spritz_state *s); |
… | |
… | |
59 | static void spritz_mac_finish (spritz_state *s, void *H, size_t H_len); /* must be called at most once at the end */ |
106 | static void spritz_mac_finish (spritz_state *s, void *H, size_t H_len); /* must be called at most once at the end */ |
60 | |
107 | |
61 | /*******************************************************************************/ |
108 | /*******************************************************************************/ |
62 | /* spritz authenticated encryption */ |
109 | /* spritz authenticated encryption */ |
63 | |
110 | |
64 | void spritz_aead_init (spritz_state *s, const void *K, size_t K_len); |
111 | static void spritz_aead_init (spritz_state *s, const void *K, size_t K_len); |
65 | static void spritz_aead_nonce (spritz_state *s, const void *N, size_t N_len); /* must be called after construction, before associated_data */ |
112 | static void spritz_aead_nonce (spritz_state *s, const void *N, size_t N_len); /* must be called after construction, before associated_data */ |
66 | static void spritz_aead_associated_data (spritz_state *s, const void *D, size_t D_len); /* must be called after nonce, before crypt */ |
113 | static void spritz_aead_associated_data (spritz_state *s, const void *D, size_t D_len); /* must be called after nonce, before crypt */ |
67 | void spritz_aead_crypt (spritz_state *s, const void *I, void *O, size_t len); |
114 | void spritz_aead_encrypt (spritz_state *s, const void *I, void *O, size_t len); |
|
|
115 | void spritz_aead_decrypt (spritz_state *s, const void *I, void *O, size_t len); |
68 | /* must be called after associated_data, only once, before finish */ |
116 | /* must be called after associated_data, only once, before finish */ |
69 | /* works for both encryption and decryption */ |
117 | /* works for both encryption and decryption */ |
70 | static void spritz_aead_finish (spritz_state *s, void *H, size_t H_len); /* must be called at most once at the end */ |
118 | static void spritz_aead_finish (spritz_state *s, void *H, size_t H_len); /* must be called at most once at the end */ |
71 | |
119 | |
72 | /*******************************************************************************/ |
120 | /*******************************************************************************/ |
|
|
121 | /* spritz authenticated encryption (xor variant) */ |
|
|
122 | |
|
|
123 | static void spritz_aead_xor_init (spritz_state *s, const void *K, size_t K_len); |
|
|
124 | static void spritz_aead_xor_nonce (spritz_state *s, const void *N, size_t N_len); /* must be called after construction, before associated_data */ |
|
|
125 | static void spritz_aead_xor_associated_data (spritz_state *s, const void *D, size_t D_len); /* must be called after nonce, before crypt */ |
|
|
126 | void spritz_aead_xor_crypt (spritz_state *s, const void *I, void *O, size_t len); |
|
|
127 | /* must be called after associated_data, only once, before finish */ |
|
|
128 | /* works for both encryption and decryption */ |
|
|
129 | static void spritz_aead_xor_finish (spritz_state *s, void *H, size_t H_len); /* must be called at most once at the end */ |
|
|
130 | |
|
|
131 | /*******************************************************************************/ |
73 | /* the spritz drbg/csprng */ |
132 | /* the spritz drbg/csprng */ |
74 | |
133 | |
75 | /* constructor takes a seed if S_len != 0, same add spritz_prng_put */ |
134 | /* constructor takes a seed if S_len != 0, same as spritz_prng_add */ |
76 | void spritz_prng_init (spritz_state *s, const void *S, size_t S_len); |
135 | void spritz_prng_init (spritz_state *s, const void *S, size_t S_len); |
77 | static void spritz_prng_put (spritz_state *s, const void *S, size_t S_len); /* add additional entropy */ |
136 | static void spritz_prng_add (spritz_state *s, const void *S, size_t S_len); /* add additional entropy */ |
78 | static void spritz_prng_get (spritz_state *s, void *R, size_t R_len); /* get random bytes */ |
137 | static void spritz_prng_get (spritz_state *s, void *R, size_t R_len); /* get random bytes */ |
79 | |
138 | |
80 | /*******************************************************************************/ |
139 | /*******************************************************************************/ |
81 | /* inline functions - some functions are so simple, they are defined inline */ |
140 | /* inline functions - some functions are so simple, they are defined inline */ |
82 | |
141 | |
|
|
142 | /* the spritz-xor cipher inline functions */ |
|
|
143 | |
|
|
144 | static void |
|
|
145 | spritz_cipher_xor_init (spritz_state *s, const void *K, size_t K_len, const void *IV, size_t IV_len) |
|
|
146 | { |
|
|
147 | spritz_cipher_init (s, K, K_len, IV, IV_len); |
|
|
148 | } |
|
|
149 | |
83 | /* the spritz hash inline functions */ |
150 | /* the spritz hash inline functions */ |
84 | |
151 | |
85 | static void |
152 | static void |
86 | spritz_hash_init (spritz_state *s) |
153 | spritz_hash_init (spritz_state *s) |
87 | { |
154 | { |
… | |
… | |
109 | } |
176 | } |
110 | |
177 | |
111 | /* spritz authenticated encryption inline functions */ |
178 | /* spritz authenticated encryption inline functions */ |
112 | |
179 | |
113 | static void |
180 | static void |
|
|
181 | spritz_aead_init (spritz_state *s, const void *K, size_t K_len) |
|
|
182 | { |
|
|
183 | spritz_mac_init (s, K, K_len); |
|
|
184 | } |
|
|
185 | |
|
|
186 | static void |
114 | spritz_aead_nonce (spritz_state *s, const void *N, size_t N_len) |
187 | spritz_aead_nonce (spritz_state *s, const void *N, size_t N_len) |
115 | { |
188 | { |
116 | spritz_absorb_and_stop (s, N, N_len); |
189 | spritz_absorb_and_stop (s, N, N_len); |
117 | } |
190 | } |
118 | |
191 | |
… | |
… | |
126 | spritz_aead_finish (spritz_state *s, void *H, size_t H_len) |
199 | spritz_aead_finish (spritz_state *s, void *H, size_t H_len) |
127 | { |
200 | { |
128 | spritz_mac_finish (s, H, H_len); |
201 | spritz_mac_finish (s, H, H_len); |
129 | } |
202 | } |
130 | |
203 | |
|
|
204 | /* spritz authenticated encryption (xor variant) inline functions */ |
|
|
205 | |
|
|
206 | static void |
|
|
207 | spritz_aead_xor_init (spritz_state *s, const void *K, size_t K_len) |
|
|
208 | { |
|
|
209 | spritz_mac_init (s, K, K_len); |
|
|
210 | } |
|
|
211 | |
|
|
212 | static void |
|
|
213 | spritz_aead_xor_nonce (spritz_state *s, const void *N, size_t N_len) |
|
|
214 | { |
|
|
215 | spritz_absorb_and_stop (s, N, N_len); |
|
|
216 | } |
|
|
217 | |
|
|
218 | static void |
|
|
219 | spritz_aead_xor_associated_data (spritz_state *s, const void *D, size_t D_len) |
|
|
220 | { |
|
|
221 | spritz_absorb_and_stop (s, D, D_len); |
|
|
222 | } |
|
|
223 | |
|
|
224 | static void |
|
|
225 | spritz_aead_xor_finish (spritz_state *s, void *H, size_t H_len) |
|
|
226 | { |
|
|
227 | spritz_mac_finish (s, H, H_len); |
|
|
228 | } |
|
|
229 | |
131 | /* the spritz drbg/csprng inline functions */ |
230 | /* the spritz drbg/csprng inline functions */ |
132 | |
231 | |
133 | static void |
232 | static void |
134 | spritz_prng_put (spritz_state *s, const void *S, size_t S_len) |
233 | spritz_prng_add (spritz_state *s, const void *S, size_t S_len) |
135 | { |
234 | { |
136 | spritz_absorb (s, S, S_len); |
235 | spritz_absorb (s, S, S_len); |
137 | } |
236 | } |
138 | |
237 | |
139 | /* get random bytes */ |
238 | /* get random bytes */ |
… | |
… | |
141 | spritz_prng_get (spritz_state *s, void *R, size_t R_len) |
240 | spritz_prng_get (spritz_state *s, void *R, size_t R_len) |
142 | { |
241 | { |
143 | spritz_squeeze (s, R, R_len); |
242 | spritz_squeeze (s, R, R_len); |
144 | } |
243 | } |
145 | |
244 | |
|
|
245 | #endif |
|
|
246 | |