… | |
… | |
43 | |
43 | |
44 | /*******************************************************************************/ |
44 | /*******************************************************************************/ |
45 | /* spritz parameters/state type */ |
45 | /* spritz parameters/state type */ |
46 | |
46 | |
47 | enum { |
47 | enum { |
48 | spritz_N = 256 |
48 | spritz_N = 256, |
|
|
49 | spritz_aead_blocksize = spritz_N >> 2 /* 64 */ |
49 | }; |
50 | }; |
50 | |
51 | |
51 | typedef struct |
52 | typedef struct |
52 | { |
53 | { |
53 | uint8_t a, i, j, k, z, w; |
54 | uint8_t a, i, j, k, z, w; |
… | |
… | |
68 | uint8_t spritz_output (spritz_state *s); |
69 | uint8_t spritz_output (spritz_state *s); |
69 | void spritz_squeeze (spritz_state *s, void *P, size_t P_len); |
70 | void spritz_squeeze (spritz_state *s, void *P, size_t P_len); |
70 | uint8_t spritz_drip (spritz_state *s); |
71 | uint8_t spritz_drip (spritz_state *s); |
71 | |
72 | |
72 | /*******************************************************************************/ |
73 | /*******************************************************************************/ |
|
|
74 | /* the spritz cipher */ |
|
|
75 | |
|
|
76 | /* no IV is used if IV_len == 0 */ |
|
|
77 | void spritz_cipher_init (spritz_state *s, const void *K, size_t K_len, const void *IV, size_t IV_len); |
|
|
78 | |
|
|
79 | /* can be called multiple times/incrementally */ |
|
|
80 | /* can work inplace */ |
|
|
81 | void spritz_cipher_encrypt (spritz_state *s, const void *I, void *O, size_t len); |
|
|
82 | void spritz_cipher_decrypt (spritz_state *s, const void *I, void *O, size_t len); |
|
|
83 | |
|
|
84 | /*******************************************************************************/ |
73 | /* the spritz-xor cipher */ |
85 | /* the spritz-xor cipher */ |
74 | |
86 | |
75 | /* no IV is used if IV_len == 0 */ |
87 | /* no IV is used if IV_len == 0 */ |
76 | void spritz_cipher_xor_init (spritz_state *s, const void *K, size_t K_len, const void *IV, size_t IV_len); |
88 | static void spritz_cipher_xor_init (spritz_state *s, const void *K, size_t K_len, const void *IV, size_t IV_len); |
77 | |
89 | |
78 | /* can be called multiple times/incrementally */ |
90 | /* can be called multiple times/incrementally */ |
79 | /* can work inplace */ |
91 | /* can work inplace */ |
80 | /* works for both encryption and decryption */ |
92 | /* works for both encryption and decryption */ |
81 | void spritz_cipher_xor_crypt (spritz_state *s, const void *I, void *O, size_t len); |
93 | void spritz_cipher_xor_crypt (spritz_state *s, const void *I, void *O, size_t len); |
82 | |
94 | |
83 | /*******************************************************************************/ |
95 | /*******************************************************************************/ |
84 | /* the spritz hash */ |
96 | /* the spritz hash */ |
85 | |
97 | |
86 | static void spritz_hash_init (spritz_state *s); |
98 | static void spritz_hash_init (spritz_state *s); |
… | |
… | |
94 | static void spritz_mac_add (spritz_state *s, const void *M, size_t M_len); /* can be called multiple times/incrementally */ |
106 | static void spritz_mac_add (spritz_state *s, const void *M, size_t M_len); /* can be called multiple times/incrementally */ |
95 | static void spritz_mac_finish (spritz_state *s, void *H, size_t H_len); /* must be called at most once at the end */ |
107 | static void spritz_mac_finish (spritz_state *s, void *H, size_t H_len); /* must be called at most once at the end */ |
96 | |
108 | |
97 | /*******************************************************************************/ |
109 | /*******************************************************************************/ |
98 | /* spritz authenticated encryption */ |
110 | /* spritz authenticated encryption */ |
|
|
111 | |
|
|
112 | static void spritz_aead_init (spritz_state *s, const void *K, size_t K_len); |
|
|
113 | static void spritz_aead_nonce (spritz_state *s, const void *N, size_t N_len); /* must be called after construction, before associated_data */ |
|
|
114 | static void spritz_aead_associated_data (spritz_state *s, const void *D, size_t D_len); /* must be called after nonce, before crypt */ |
|
|
115 | void spritz_aead_encrypt (spritz_state *s, const void *I, void *O, size_t len); |
|
|
116 | void spritz_aead_decrypt (spritz_state *s, const void *I, void *O, size_t len); |
|
|
117 | /* must be called after associated_data, only once, before finish */ |
|
|
118 | /* works for both encryption and decryption */ |
|
|
119 | static void spritz_aead_finish (spritz_state *s, void *H, size_t H_len); /* must be called at most once at the end */ |
|
|
120 | |
|
|
121 | /*******************************************************************************/ |
|
|
122 | /* spritz authenticated encryption (xor variant) */ |
99 | |
123 | |
100 | static void spritz_aead_xor_init (spritz_state *s, const void *K, size_t K_len); |
124 | static void spritz_aead_xor_init (spritz_state *s, const void *K, size_t K_len); |
101 | static void spritz_aead_xor_nonce (spritz_state *s, const void *N, size_t N_len); /* must be called after construction, before associated_data */ |
125 | static void spritz_aead_xor_nonce (spritz_state *s, const void *N, size_t N_len); /* must be called after construction, before associated_data */ |
102 | static void spritz_aead_xor_associated_data (spritz_state *s, const void *D, size_t D_len); /* must be called after nonce, before crypt */ |
126 | static void spritz_aead_xor_associated_data (spritz_state *s, const void *D, size_t D_len); /* must be called after nonce, before crypt */ |
103 | void spritz_aead_xor_crypt (spritz_state *s, const void *I, void *O, size_t len); |
127 | void spritz_aead_xor_crypt (spritz_state *s, const void *I, void *O, size_t len); |
… | |
… | |
114 | static void spritz_prng_get (spritz_state *s, void *R, size_t R_len); /* get random bytes */ |
138 | static void spritz_prng_get (spritz_state *s, void *R, size_t R_len); /* get random bytes */ |
115 | |
139 | |
116 | /*******************************************************************************/ |
140 | /*******************************************************************************/ |
117 | /* inline functions - some functions are so simple, they are defined inline */ |
141 | /* inline functions - some functions are so simple, they are defined inline */ |
118 | |
142 | |
|
|
143 | /* the spritz-xor cipher inline functions */ |
|
|
144 | |
|
|
145 | static void |
|
|
146 | spritz_cipher_xor_init (spritz_state *s, const void *K, size_t K_len, const void *IV, size_t IV_len) |
|
|
147 | { |
|
|
148 | spritz_cipher_init (s, K, K_len, IV, IV_len); |
|
|
149 | } |
|
|
150 | |
119 | /* the spritz hash inline functions */ |
151 | /* the spritz hash inline functions */ |
120 | |
152 | |
121 | static void |
153 | static void |
122 | spritz_hash_init (spritz_state *s) |
154 | spritz_hash_init (spritz_state *s) |
123 | { |
155 | { |
… | |
… | |
145 | } |
177 | } |
146 | |
178 | |
147 | /* spritz authenticated encryption inline functions */ |
179 | /* spritz authenticated encryption inline functions */ |
148 | |
180 | |
149 | static void |
181 | static void |
|
|
182 | spritz_aead_init (spritz_state *s, const void *K, size_t K_len) |
|
|
183 | { |
|
|
184 | spritz_mac_init (s, K, K_len); |
|
|
185 | } |
|
|
186 | |
|
|
187 | static void |
|
|
188 | spritz_aead_nonce (spritz_state *s, const void *N, size_t N_len) |
|
|
189 | { |
|
|
190 | spritz_absorb_and_stop (s, N, N_len); |
|
|
191 | } |
|
|
192 | |
|
|
193 | static void |
|
|
194 | spritz_aead_associated_data (spritz_state *s, const void *D, size_t D_len) |
|
|
195 | { |
|
|
196 | spritz_absorb_and_stop (s, D, D_len); |
|
|
197 | } |
|
|
198 | |
|
|
199 | static void |
|
|
200 | spritz_aead_finish (spritz_state *s, void *H, size_t H_len) |
|
|
201 | { |
|
|
202 | spritz_mac_finish (s, H, H_len); |
|
|
203 | } |
|
|
204 | |
|
|
205 | /* spritz authenticated encryption (xor variant) inline functions */ |
|
|
206 | |
|
|
207 | static void |
150 | spritz_aead_xor_init (spritz_state *s, const void *K, size_t K_len) |
208 | spritz_aead_xor_init (spritz_state *s, const void *K, size_t K_len) |
151 | { |
209 | { |
152 | spritz_mac_init (s, K, K_len); |
210 | spritz_mac_init (s, K, K_len); |
153 | } |
211 | } |
154 | |
212 | |