1 | /* spritz.h */ |
1 | /* spritz.h, spritz C implementation, header |
2 | /* (C)2015 Marc Alexander Lehmann, all rights reserved */ |
2 | * |
|
|
3 | * Copyright (c) 2015 Marc Alexander Lehmann <libev@schmorp.de> |
|
|
4 | * All rights reserved. |
|
|
5 | * |
|
|
6 | * Redistribution and use in source and binary forms, with or without modifica- |
|
|
7 | * tion, are permitted provided that the following conditions are met: |
|
|
8 | * |
|
|
9 | * 1. Redistributions of source code must retain the above copyright notice, |
|
|
10 | * this list of conditions and the following disclaimer. |
|
|
11 | * |
|
|
12 | * 2. Redistributions in binary form must reproduce the above copyright |
|
|
13 | * notice, this list of conditions and the following disclaimer in the |
|
|
14 | * documentation and/or other materials provided with the distribution. |
|
|
15 | * |
|
|
16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED |
|
|
17 | * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MER- |
|
|
18 | * CHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO |
|
|
19 | * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPE- |
|
|
20 | * CIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, |
|
|
21 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; |
|
|
22 | * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, |
|
|
23 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTH- |
|
|
24 | * ERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|
|
25 | * OF THE POSSIBILITY OF SUCH DAMAGE. |
|
|
26 | * |
|
|
27 | * Alternatively, the contents of this file may be used under the terms of |
|
|
28 | * the GNU General Public License ("GPL") version 2 or any later version, |
|
|
29 | * in which case the provisions of the GPL are applicable instead of |
|
|
30 | * the above. If you wish to allow the use of your version of this file |
|
|
31 | * only under the terms of the GPL and not to allow others to use your |
|
|
32 | * version of this file under the BSD license, indicate your decision |
|
|
33 | * by deleting the provisions above and replace them with the notice |
|
|
34 | * and other provisions required by the GPL. If you do not delete the |
|
|
35 | * provisions above, a recipient may use your version of this file under |
|
|
36 | * either the BSD or the GPL. |
|
|
37 | */ |
|
|
38 | #ifndef SPRITZ_H |
|
|
39 | #define SPRITZ_H |
3 | |
40 | |
4 | #include <stdint.h> |
41 | #include <stdint.h> |
5 | #include <sys/types.h> |
42 | #include <sys/types.h> |
6 | |
43 | |
7 | /*******************************************************************************/ |
44 | /*******************************************************************************/ |
8 | /* spritz parameters/state type */ |
45 | /* spritz parameters/state type */ |
9 | |
46 | |
10 | enum { |
47 | enum { |
11 | spritz_N = 256 |
48 | spritz_N = 256, |
|
|
49 | spritz_aead_blocksize = spritz_N >> 2 /* 64 */ |
12 | }; |
50 | }; |
13 | |
51 | |
14 | typedef struct |
52 | typedef struct |
15 | { |
53 | { |
16 | uint8_t a, i, j, k, z, w; |
54 | uint8_t a, i, j, k, z, w; |
… | |
… | |
23 | void spritz_init (spritz_state *s); |
61 | void spritz_init (spritz_state *s); |
24 | void spritz_update (spritz_state *s); |
62 | void spritz_update (spritz_state *s); |
25 | void spritz_whip (spritz_state *s, uint_fast16_t r); |
63 | void spritz_whip (spritz_state *s, uint_fast16_t r); |
26 | void spritz_crush (spritz_state *s); |
64 | void spritz_crush (spritz_state *s); |
27 | void spritz_shuffle (spritz_state *s); |
65 | void spritz_shuffle (spritz_state *s); |
28 | void spritz_absorb_nibble (spritz_state *s, uint8_t x); |
|
|
29 | void spritz_absorb (spritz_state *s, const void *I, size_t I_len); |
66 | void spritz_absorb (spritz_state *s, const void *I, size_t I_len); |
30 | void spritz_absorb_stop (spritz_state *s); |
67 | void spritz_absorb_stop (spritz_state *s); |
31 | void spritz_absorb_and_stop (spritz_state *s, const void *I, size_t I_len); /* commonly used helper function */ |
68 | void spritz_absorb_and_stop (spritz_state *s, const void *I, size_t I_len); /* commonly used helper function */ |
32 | uint8_t spritz_output (spritz_state *s); |
69 | uint8_t spritz_output (spritz_state *s); |
33 | void spritz_squeeze (spritz_state *s, void *P, size_t P_len); |
70 | void spritz_squeeze (spritz_state *s, void *P, size_t P_len); |
34 | uint8_t spritz_drip (spritz_state *s); |
71 | uint8_t spritz_drip (spritz_state *s); |
35 | |
72 | |
36 | /*******************************************************************************/ |
73 | /*******************************************************************************/ |
|
|
74 | /* the spritz cipher */ |
|
|
75 | |
|
|
76 | /* no IV is used if IV_len == 0 */ |
|
|
77 | void spritz_cipher_init (spritz_state *s, const void *K, size_t K_len, const void *IV, size_t IV_len); |
|
|
78 | |
|
|
79 | /* can be called multiple times/incrementally */ |
|
|
80 | /* can work inplace */ |
|
|
81 | void spritz_cipher_encrypt (spritz_state *s, const void *I, void *O, size_t len); |
|
|
82 | void spritz_cipher_decrypt (spritz_state *s, const void *I, void *O, size_t len); |
|
|
83 | |
|
|
84 | /*******************************************************************************/ |
37 | /* the spritz-xor cipher */ |
85 | /* the spritz-xor cipher */ |
38 | |
86 | |
39 | /* no IV is used if IV_len == 0 */ |
87 | /* no IV is used if IV_len == 0 */ |
40 | void spritz_xor_init (spritz_state *s, const void *K, size_t K_len, const void *IV, size_t IV_len); |
88 | static void spritz_cipher_xor_init (spritz_state *s, const void *K, size_t K_len, const void *IV, size_t IV_len); |
41 | |
89 | |
42 | /* can be called multiple times/incrementally */ |
90 | /* can be called multiple times/incrementally */ |
43 | /* can work inplace */ |
91 | /* can work inplace */ |
44 | /* works for both encryption and decryption */ |
92 | /* works for both encryption and decryption */ |
45 | void spritz_xor_crypt (spritz_state *s, const void *I, void *O, size_t len); |
93 | void spritz_cipher_xor_crypt (spritz_state *s, const void *I, void *O, size_t len); |
46 | |
94 | |
47 | /*******************************************************************************/ |
95 | /*******************************************************************************/ |
48 | /* the spritz hash */ |
96 | /* the spritz hash */ |
49 | |
97 | |
50 | static void spritz_hash_init (spritz_state *s); |
98 | static void spritz_hash_init (spritz_state *s); |
… | |
… | |
59 | static void spritz_mac_finish (spritz_state *s, void *H, size_t H_len); /* must be called at most once at the end */ |
107 | static void spritz_mac_finish (spritz_state *s, void *H, size_t H_len); /* must be called at most once at the end */ |
60 | |
108 | |
61 | /*******************************************************************************/ |
109 | /*******************************************************************************/ |
62 | /* spritz authenticated encryption */ |
110 | /* spritz authenticated encryption */ |
63 | |
111 | |
64 | void spritz_aead_init (spritz_state *s, const void *K, size_t K_len); |
112 | static void spritz_aead_init (spritz_state *s, const void *K, size_t K_len); |
65 | static void spritz_aead_nonce (spritz_state *s, const void *N, size_t N_len); /* must be called after construction, before associated_data */ |
113 | static void spritz_aead_nonce (spritz_state *s, const void *N, size_t N_len); /* must be called after construction, before associated_data */ |
66 | static void spritz_aead_associated_data (spritz_state *s, const void *D, size_t D_len); /* must be called after nonce, before crypt */ |
114 | static void spritz_aead_associated_data (spritz_state *s, const void *D, size_t D_len); /* must be called after nonce, before crypt */ |
67 | void spritz_aead_crypt (spritz_state *s, const void *I, void *O, size_t len); |
115 | void spritz_aead_encrypt (spritz_state *s, const void *I, void *O, size_t len); |
|
|
116 | void spritz_aead_decrypt (spritz_state *s, const void *I, void *O, size_t len); |
68 | /* must be called after associated_data, only once, before finish */ |
117 | /* must be called after associated_data, only once, before finish */ |
69 | /* works for both encryption and decryption */ |
118 | /* works for both encryption and decryption */ |
70 | static void spritz_aead_finish (spritz_state *s, void *H, size_t H_len); /* must be called at most once at the end */ |
119 | static void spritz_aead_finish (spritz_state *s, void *H, size_t H_len); /* must be called at most once at the end */ |
71 | |
120 | |
72 | /*******************************************************************************/ |
121 | /*******************************************************************************/ |
|
|
122 | /* spritz authenticated encryption (xor variant) */ |
|
|
123 | |
|
|
124 | static void spritz_aead_xor_init (spritz_state *s, const void *K, size_t K_len); |
|
|
125 | static void spritz_aead_xor_nonce (spritz_state *s, const void *N, size_t N_len); /* must be called after construction, before associated_data */ |
|
|
126 | static void spritz_aead_xor_associated_data (spritz_state *s, const void *D, size_t D_len); /* must be called after nonce, before crypt */ |
|
|
127 | void spritz_aead_xor_crypt (spritz_state *s, const void *I, void *O, size_t len); |
|
|
128 | /* must be called after associated_data, only once, before finish */ |
|
|
129 | /* works for both encryption and decryption */ |
|
|
130 | static void spritz_aead_xor_finish (spritz_state *s, void *H, size_t H_len); /* must be called at most once at the end */ |
|
|
131 | |
|
|
132 | /*******************************************************************************/ |
73 | /* the spritz drbg/csprng */ |
133 | /* the spritz drbg/csprng */ |
74 | |
134 | |
75 | /* constructor takes a seed if S_len != 0, same add spritz_prng_put */ |
135 | /* constructor takes a seed if S_len != 0, same as spritz_prng_add */ |
76 | void spritz_prng_init (spritz_state *s, const void *S, size_t S_len); |
136 | void spritz_prng_init (spritz_state *s, const void *S, size_t S_len); |
77 | static void spritz_prng_put (spritz_state *s, const void *S, size_t S_len); /* add additional entropy */ |
137 | static void spritz_prng_add (spritz_state *s, const void *S, size_t S_len); /* add additional entropy */ |
78 | static void spritz_prng_get (spritz_state *s, void *R, size_t R_len); /* get random bytes */ |
138 | static void spritz_prng_get (spritz_state *s, void *R, size_t R_len); /* get random bytes */ |
79 | |
139 | |
80 | /*******************************************************************************/ |
140 | /*******************************************************************************/ |
81 | /* inline functions - some functions are so simple, they are defined inline */ |
141 | /* inline functions - some functions are so simple, they are defined inline */ |
82 | |
142 | |
|
|
143 | /* the spritz-xor cipher inline functions */ |
|
|
144 | |
|
|
145 | static void |
|
|
146 | spritz_cipher_xor_init (spritz_state *s, const void *K, size_t K_len, const void *IV, size_t IV_len) |
|
|
147 | { |
|
|
148 | spritz_cipher_init (s, K, K_len, IV, IV_len); |
|
|
149 | } |
|
|
150 | |
83 | /* the spritz hash inline functions */ |
151 | /* the spritz hash inline functions */ |
84 | |
152 | |
85 | static void |
153 | static void |
86 | spritz_hash_init (spritz_state *s) |
154 | spritz_hash_init (spritz_state *s) |
87 | { |
155 | { |
… | |
… | |
109 | } |
177 | } |
110 | |
178 | |
111 | /* spritz authenticated encryption inline functions */ |
179 | /* spritz authenticated encryption inline functions */ |
112 | |
180 | |
113 | static void |
181 | static void |
|
|
182 | spritz_aead_init (spritz_state *s, const void *K, size_t K_len) |
|
|
183 | { |
|
|
184 | spritz_mac_init (s, K, K_len); |
|
|
185 | } |
|
|
186 | |
|
|
187 | static void |
114 | spritz_aead_nonce (spritz_state *s, const void *N, size_t N_len) |
188 | spritz_aead_nonce (spritz_state *s, const void *N, size_t N_len) |
115 | { |
189 | { |
116 | spritz_absorb_and_stop (s, N, N_len); |
190 | spritz_absorb_and_stop (s, N, N_len); |
117 | } |
191 | } |
118 | |
192 | |
… | |
… | |
126 | spritz_aead_finish (spritz_state *s, void *H, size_t H_len) |
200 | spritz_aead_finish (spritz_state *s, void *H, size_t H_len) |
127 | { |
201 | { |
128 | spritz_mac_finish (s, H, H_len); |
202 | spritz_mac_finish (s, H, H_len); |
129 | } |
203 | } |
130 | |
204 | |
|
|
205 | /* spritz authenticated encryption (xor variant) inline functions */ |
|
|
206 | |
|
|
207 | static void |
|
|
208 | spritz_aead_xor_init (spritz_state *s, const void *K, size_t K_len) |
|
|
209 | { |
|
|
210 | spritz_mac_init (s, K, K_len); |
|
|
211 | } |
|
|
212 | |
|
|
213 | static void |
|
|
214 | spritz_aead_xor_nonce (spritz_state *s, const void *N, size_t N_len) |
|
|
215 | { |
|
|
216 | spritz_absorb_and_stop (s, N, N_len); |
|
|
217 | } |
|
|
218 | |
|
|
219 | static void |
|
|
220 | spritz_aead_xor_associated_data (spritz_state *s, const void *D, size_t D_len) |
|
|
221 | { |
|
|
222 | spritz_absorb_and_stop (s, D, D_len); |
|
|
223 | } |
|
|
224 | |
|
|
225 | static void |
|
|
226 | spritz_aead_xor_finish (spritz_state *s, void *H, size_t H_len) |
|
|
227 | { |
|
|
228 | spritz_mac_finish (s, H, H_len); |
|
|
229 | } |
|
|
230 | |
131 | /* the spritz drbg/csprng inline functions */ |
231 | /* the spritz drbg/csprng inline functions */ |
132 | |
232 | |
133 | static void |
233 | static void |
134 | spritz_prng_put (spritz_state *s, const void *S, size_t S_len) |
234 | spritz_prng_add (spritz_state *s, const void *S, size_t S_len) |
135 | { |
235 | { |
136 | spritz_absorb (s, S, S_len); |
236 | spritz_absorb (s, S, S_len); |
137 | } |
237 | } |
138 | |
238 | |
139 | /* get random bytes */ |
239 | /* get random bytes */ |
… | |
… | |
141 | spritz_prng_get (spritz_state *s, void *R, size_t R_len) |
241 | spritz_prng_get (spritz_state *s, void *R, size_t R_len) |
142 | { |
242 | { |
143 | spritz_squeeze (s, R, R_len); |
243 | spritz_squeeze (s, R, R_len); |
144 | } |
244 | } |
145 | |
245 | |
|
|
246 | #endif |
|
|
247 | |