… | |
… | |
33 | * by deleting the provisions above and replace them with the notice |
33 | * by deleting the provisions above and replace them with the notice |
34 | * and other provisions required by the GPL. If you do not delete the |
34 | * and other provisions required by the GPL. If you do not delete the |
35 | * provisions above, a recipient may use your version of this file under |
35 | * provisions above, a recipient may use your version of this file under |
36 | * either the BSD or the GPL. |
36 | * either the BSD or the GPL. |
37 | */ |
37 | */ |
|
|
38 | #ifndef SPRITZ_H |
|
|
39 | #define SPRITZ_H |
38 | |
40 | |
39 | #include <stdint.h> |
41 | #include <stdint.h> |
40 | #include <sys/types.h> |
42 | #include <sys/types.h> |
41 | |
43 | |
42 | /*******************************************************************************/ |
44 | /*******************************************************************************/ |
… | |
… | |
58 | void spritz_init (spritz_state *s); |
60 | void spritz_init (spritz_state *s); |
59 | void spritz_update (spritz_state *s); |
61 | void spritz_update (spritz_state *s); |
60 | void spritz_whip (spritz_state *s, uint_fast16_t r); |
62 | void spritz_whip (spritz_state *s, uint_fast16_t r); |
61 | void spritz_crush (spritz_state *s); |
63 | void spritz_crush (spritz_state *s); |
62 | void spritz_shuffle (spritz_state *s); |
64 | void spritz_shuffle (spritz_state *s); |
63 | void spritz_absorb_nibble (spritz_state *s, uint8_t x); |
|
|
64 | void spritz_absorb (spritz_state *s, const void *I, size_t I_len); |
65 | void spritz_absorb (spritz_state *s, const void *I, size_t I_len); |
65 | void spritz_absorb_stop (spritz_state *s); |
66 | void spritz_absorb_stop (spritz_state *s); |
66 | void spritz_absorb_and_stop (spritz_state *s, const void *I, size_t I_len); /* commonly used helper function */ |
67 | void spritz_absorb_and_stop (spritz_state *s, const void *I, size_t I_len); /* commonly used helper function */ |
67 | uint8_t spritz_output (spritz_state *s); |
68 | uint8_t spritz_output (spritz_state *s); |
68 | void spritz_squeeze (spritz_state *s, void *P, size_t P_len); |
69 | void spritz_squeeze (spritz_state *s, void *P, size_t P_len); |
69 | uint8_t spritz_drip (spritz_state *s); |
70 | uint8_t spritz_drip (spritz_state *s); |
70 | |
71 | |
71 | /*******************************************************************************/ |
72 | /*******************************************************************************/ |
|
|
73 | /* the spritz cipher */ |
|
|
74 | |
|
|
75 | /* no IV is used if IV_len == 0 */ |
|
|
76 | void spritz_cipher_init (spritz_state *s, const void *K, size_t K_len, const void *IV, size_t IV_len); |
|
|
77 | |
|
|
78 | /* can be called multiple times/incrementally */ |
|
|
79 | /* can work inplace */ |
|
|
80 | void spritz_cipher_encrypt (spritz_state *s, const void *I, void *O, size_t len); |
|
|
81 | void spritz_cipher_decrypt (spritz_state *s, const void *I, void *O, size_t len); |
|
|
82 | |
|
|
83 | /*******************************************************************************/ |
72 | /* the spritz-xor cipher */ |
84 | /* the spritz-xor cipher */ |
73 | |
85 | |
74 | /* no IV is used if IV_len == 0 */ |
86 | /* no IV is used if IV_len == 0 */ |
75 | void spritz_xor_init (spritz_state *s, const void *K, size_t K_len, const void *IV, size_t IV_len); |
87 | static void spritz_cipher_xor_init (spritz_state *s, const void *K, size_t K_len, const void *IV, size_t IV_len); |
76 | |
88 | |
77 | /* can be called multiple times/incrementally */ |
89 | /* can be called multiple times/incrementally */ |
78 | /* can work inplace */ |
90 | /* can work inplace */ |
79 | /* works for both encryption and decryption */ |
91 | /* works for both encryption and decryption */ |
80 | void spritz_xor_crypt (spritz_state *s, const void *I, void *O, size_t len); |
92 | void spritz_cipher_xor_crypt (spritz_state *s, const void *I, void *O, size_t len); |
81 | |
93 | |
82 | /*******************************************************************************/ |
94 | /*******************************************************************************/ |
83 | /* the spritz hash */ |
95 | /* the spritz hash */ |
84 | |
96 | |
85 | static void spritz_hash_init (spritz_state *s); |
97 | static void spritz_hash_init (spritz_state *s); |
… | |
… | |
94 | static void spritz_mac_finish (spritz_state *s, void *H, size_t H_len); /* must be called at most once at the end */ |
106 | static void spritz_mac_finish (spritz_state *s, void *H, size_t H_len); /* must be called at most once at the end */ |
95 | |
107 | |
96 | /*******************************************************************************/ |
108 | /*******************************************************************************/ |
97 | /* spritz authenticated encryption */ |
109 | /* spritz authenticated encryption */ |
98 | |
110 | |
99 | void spritz_aead_init (spritz_state *s, const void *K, size_t K_len); |
111 | static void spritz_aead_init (spritz_state *s, const void *K, size_t K_len); |
100 | static void spritz_aead_nonce (spritz_state *s, const void *N, size_t N_len); /* must be called after construction, before associated_data */ |
112 | static void spritz_aead_nonce (spritz_state *s, const void *N, size_t N_len); /* must be called after construction, before associated_data */ |
101 | static void spritz_aead_associated_data (spritz_state *s, const void *D, size_t D_len); /* must be called after nonce, before crypt */ |
113 | static void spritz_aead_associated_data (spritz_state *s, const void *D, size_t D_len); /* must be called after nonce, before crypt */ |
102 | void spritz_aead_crypt (spritz_state *s, const void *I, void *O, size_t len); |
114 | void spritz_aead_encrypt (spritz_state *s, const void *I, void *O, size_t len); |
|
|
115 | void spritz_aead_decrypt (spritz_state *s, const void *I, void *O, size_t len); |
103 | /* must be called after associated_data, only once, before finish */ |
116 | /* must be called after associated_data, only once, before finish */ |
104 | /* works for both encryption and decryption */ |
117 | /* works for both encryption and decryption */ |
105 | static void spritz_aead_finish (spritz_state *s, void *H, size_t H_len); /* must be called at most once at the end */ |
118 | static void spritz_aead_finish (spritz_state *s, void *H, size_t H_len); /* must be called at most once at the end */ |
106 | |
119 | |
107 | /*******************************************************************************/ |
120 | /*******************************************************************************/ |
|
|
121 | /* spritz authenticated encryption (xor variant) */ |
|
|
122 | |
|
|
123 | static void spritz_aead_xor_init (spritz_state *s, const void *K, size_t K_len); |
|
|
124 | static void spritz_aead_xor_nonce (spritz_state *s, const void *N, size_t N_len); /* must be called after construction, before associated_data */ |
|
|
125 | static void spritz_aead_xor_associated_data (spritz_state *s, const void *D, size_t D_len); /* must be called after nonce, before crypt */ |
|
|
126 | void spritz_aead_xor_crypt (spritz_state *s, const void *I, void *O, size_t len); |
|
|
127 | /* must be called after associated_data, only once, before finish */ |
|
|
128 | /* works for both encryption and decryption */ |
|
|
129 | static void spritz_aead_xor_finish (spritz_state *s, void *H, size_t H_len); /* must be called at most once at the end */ |
|
|
130 | |
|
|
131 | /*******************************************************************************/ |
108 | /* the spritz drbg/csprng */ |
132 | /* the spritz drbg/csprng */ |
109 | |
133 | |
110 | /* constructor takes a seed if S_len != 0, same add spritz_prng_put */ |
134 | /* constructor takes a seed if S_len != 0, same as spritz_prng_add */ |
111 | void spritz_prng_init (spritz_state *s, const void *S, size_t S_len); |
135 | void spritz_prng_init (spritz_state *s, const void *S, size_t S_len); |
112 | static void spritz_prng_put (spritz_state *s, const void *S, size_t S_len); /* add additional entropy */ |
136 | static void spritz_prng_add (spritz_state *s, const void *S, size_t S_len); /* add additional entropy */ |
113 | static void spritz_prng_get (spritz_state *s, void *R, size_t R_len); /* get random bytes */ |
137 | static void spritz_prng_get (spritz_state *s, void *R, size_t R_len); /* get random bytes */ |
114 | |
138 | |
115 | /*******************************************************************************/ |
139 | /*******************************************************************************/ |
116 | /* inline functions - some functions are so simple, they are defined inline */ |
140 | /* inline functions - some functions are so simple, they are defined inline */ |
117 | |
141 | |
|
|
142 | /* the spritz-xor cipher inline functions */ |
|
|
143 | |
|
|
144 | static void |
|
|
145 | spritz_cipher_xor_init (spritz_state *s, const void *K, size_t K_len, const void *IV, size_t IV_len) |
|
|
146 | { |
|
|
147 | spritz_cipher_init (s, K, K_len, IV, IV_len); |
|
|
148 | } |
|
|
149 | |
118 | /* the spritz hash inline functions */ |
150 | /* the spritz hash inline functions */ |
119 | |
151 | |
120 | static void |
152 | static void |
121 | spritz_hash_init (spritz_state *s) |
153 | spritz_hash_init (spritz_state *s) |
122 | { |
154 | { |
… | |
… | |
144 | } |
176 | } |
145 | |
177 | |
146 | /* spritz authenticated encryption inline functions */ |
178 | /* spritz authenticated encryption inline functions */ |
147 | |
179 | |
148 | static void |
180 | static void |
|
|
181 | spritz_aead_init (spritz_state *s, const void *K, size_t K_len) |
|
|
182 | { |
|
|
183 | spritz_mac_init (s, K, K_len); |
|
|
184 | } |
|
|
185 | |
|
|
186 | static void |
149 | spritz_aead_nonce (spritz_state *s, const void *N, size_t N_len) |
187 | spritz_aead_nonce (spritz_state *s, const void *N, size_t N_len) |
150 | { |
188 | { |
151 | spritz_absorb_and_stop (s, N, N_len); |
189 | spritz_absorb_and_stop (s, N, N_len); |
152 | } |
190 | } |
153 | |
191 | |
… | |
… | |
161 | spritz_aead_finish (spritz_state *s, void *H, size_t H_len) |
199 | spritz_aead_finish (spritz_state *s, void *H, size_t H_len) |
162 | { |
200 | { |
163 | spritz_mac_finish (s, H, H_len); |
201 | spritz_mac_finish (s, H, H_len); |
164 | } |
202 | } |
165 | |
203 | |
|
|
204 | /* spritz authenticated encryption (xor variant) inline functions */ |
|
|
205 | |
|
|
206 | static void |
|
|
207 | spritz_aead_xor_init (spritz_state *s, const void *K, size_t K_len) |
|
|
208 | { |
|
|
209 | spritz_mac_init (s, K, K_len); |
|
|
210 | } |
|
|
211 | |
|
|
212 | static void |
|
|
213 | spritz_aead_xor_nonce (spritz_state *s, const void *N, size_t N_len) |
|
|
214 | { |
|
|
215 | spritz_absorb_and_stop (s, N, N_len); |
|
|
216 | } |
|
|
217 | |
|
|
218 | static void |
|
|
219 | spritz_aead_xor_associated_data (spritz_state *s, const void *D, size_t D_len) |
|
|
220 | { |
|
|
221 | spritz_absorb_and_stop (s, D, D_len); |
|
|
222 | } |
|
|
223 | |
|
|
224 | static void |
|
|
225 | spritz_aead_xor_finish (spritz_state *s, void *H, size_t H_len) |
|
|
226 | { |
|
|
227 | spritz_mac_finish (s, H, H_len); |
|
|
228 | } |
|
|
229 | |
166 | /* the spritz drbg/csprng inline functions */ |
230 | /* the spritz drbg/csprng inline functions */ |
167 | |
231 | |
168 | static void |
232 | static void |
169 | spritz_prng_put (spritz_state *s, const void *S, size_t S_len) |
233 | spritz_prng_add (spritz_state *s, const void *S, size_t S_len) |
170 | { |
234 | { |
171 | spritz_absorb (s, S, S_len); |
235 | spritz_absorb (s, S, S_len); |
172 | } |
236 | } |
173 | |
237 | |
174 | /* get random bytes */ |
238 | /* get random bytes */ |
… | |
… | |
176 | spritz_prng_get (spritz_state *s, void *R, size_t R_len) |
240 | spritz_prng_get (spritz_state *s, void *R, size_t R_len) |
177 | { |
241 | { |
178 | spritz_squeeze (s, R, R_len); |
242 | spritz_squeeze (s, R, R_len); |
179 | } |
243 | } |
180 | |
244 | |
|
|
245 | #endif |
|
|
246 | |