spritz/spritz.h

/* spritz.h, spritz C implementation, header
 *
 * Copyright (c) 2015 Marc Alexander Lehmann <libev@schmorp.de>
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without modifica-
 * tion, are permitted provided that the following conditions are met:
 *
 *   1.  Redistributions of source code must retain the above copyright notice,
 *       this list of conditions and the following disclaimer.
 *
 *   2.  Redistributions in binary form must reproduce the above copyright
 *       notice, this list of conditions and the following disclaimer in the
 *       documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MER-
 * CHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
 * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPE-
 * CIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTH-
 * ERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 * Alternatively, the contents of this file may be used under the terms of
 * the GNU General Public License ("GPL") version 2 or any later version,
 * in which case the provisions of the GPL are applicable instead of
 * the above. If you wish to allow the use of your version of this file
 * only under the terms of the GPL and not to allow others to use your
 * version of this file under the BSD license, indicate your decision
 * by deleting the provisions above and replace them with the notice
 * and other provisions required by the GPL. If you do not delete the
 * provisions above, a recipient may use your version of this file under
 * either the BSD or the GPL.
 */
#ifndef SPRITZ_H
#define SPRITZ_H

#include <stdint.h>
#include <sys/types.h>

/*******************************************************************************/
/* spritz parameters/state type */

enum {
  spritz_N              = 256,
  spritz_aead_blocksize = spritz_N >> 2 /* 64 */
};

typedef struct
{
  uint8_t a, i, j, k, z, w;
  uint8_t S[spritz_N];
} spritz_state;

/*******************************************************************************/
/* the spritz primitives */

void    spritz_init            (spritz_state *s);
void    spritz_update          (spritz_state *s);
void    spritz_whip            (spritz_state *s, uint_fast16_t r);
void    spritz_crush           (spritz_state *s);
void    spritz_shuffle         (spritz_state *s);
void    spritz_absorb          (spritz_state *s, const void *I, size_t I_len);
void    spritz_absorb_stop     (spritz_state *s);
void    spritz_absorb_and_stop (spritz_state *s, const void *I, size_t I_len); /* commonly used helper function */
uint8_t spritz_output          (spritz_state *s);
void    spritz_squeeze         (spritz_state *s, void *P, size_t P_len);
uint8_t spritz_drip            (spritz_state *s);

/*******************************************************************************/
/* the spritz cipher */

/* no IV is used if IV_len == 0 */
void spritz_cipher_init    (spritz_state *s, const void *K, size_t K_len, const void *IV, size_t IV_len);

/* can be called multiple times/incrementally */
/* can work inplace */
void spritz_cipher_encrypt (spritz_state *s, const void *I, void *O, size_t len);
void spritz_cipher_decrypt (spritz_state *s, const void *I, void *O, size_t len);

/*******************************************************************************/
/* the spritz-xor cipher */

/* no IV is used if IV_len == 0 */
static void spritz_cipher_xor_init  (spritz_state *s, const void *K, size_t K_len, const void *IV, size_t IV_len);

/* can be called multiple times/incrementally */
/* can work inplace */
/* works for both encryption and decryption */
       void spritz_cipher_xor_crypt (spritz_state *s, const void *I, void *O, size_t len);

/*******************************************************************************/
/* the spritz hash */

static void spritz_hash_init   (spritz_state *s);
static void spritz_hash_add    (spritz_state *s, const void *M, size_t M_len); /* can be called multiple times/incrementally */
       void spritz_hash_finish (spritz_state *s, void *H, size_t H_len); /* must be called at most once at the end */

/*******************************************************************************/
/* the spritz MAC */

       void spritz_mac_init   (spritz_state *s, const void *K, size_t K_len);
static void spritz_mac_add    (spritz_state *s, const void *M, size_t M_len); /* can be called multiple times/incrementally */
static void spritz_mac_finish (spritz_state *s, void *H, size_t H_len); /* must be called at most once at the end */

/*******************************************************************************/
/* spritz authenticated encryption */

static void spritz_aead_init            (spritz_state *s, const void *K, size_t K_len);
static void spritz_aead_nonce           (spritz_state *s, const void *N, size_t N_len); /* must be called after construction, before associated_data */
static void spritz_aead_associated_data (spritz_state *s, const void *D, size_t D_len); /* must be called after nonce, before crypt */
       void spritz_aead_encrypt         (spritz_state *s, const void *I, void *O, size_t len);
       void spritz_aead_decrypt         (spritz_state *s, const void *I, void *O, size_t len);
/* must be called after associated_data, only once, before finish */
/* works for both encryption and decryption */
static void spritz_aead_finish          (spritz_state *s, void *H, size_t H_len); /* must be called at most once at the end */

/*******************************************************************************/
/* spritz authenticated encryption (xor variant) */

static void spritz_aead_xor_init            (spritz_state *s, const void *K, size_t K_len);
static void spritz_aead_xor_nonce           (spritz_state *s, const void *N, size_t N_len); /* must be called after construction, before associated_data */
static void spritz_aead_xor_associated_data (spritz_state *s, const void *D, size_t D_len); /* must be called after nonce, before crypt */
       void spritz_aead_xor_crypt           (spritz_state *s, const void *I, void *O, size_t len);
/* must be called after associated_data, only once, before finish */
/* works for both encryption and decryption */
static void spritz_aead_xor_finish          (spritz_state *s, void *H, size_t H_len); /* must be called at most once at the end */

/*******************************************************************************/
/* the spritz drbg/csprng */

/* constructor takes a seed if S_len != 0, same as spritz_prng_add */
       void spritz_prng_init (spritz_state *s, const void *S, size_t S_len);
static void spritz_prng_add  (spritz_state *s, const void *S, size_t S_len); /* add additional entropy */
static void spritz_prng_get  (spritz_state *s, void *R, size_t R_len); /* get random bytes */

/*******************************************************************************/
/* inline functions - some functions are so simple, they are defined inline */

/* the spritz-xor cipher inline functions */

static void
spritz_cipher_xor_init (spritz_state *s, const void *K, size_t K_len, const void *IV, size_t IV_len)
{
  spritz_cipher_init (s, K, K_len, IV, IV_len);
}

/* the spritz hash inline functions */

static void
spritz_hash_init (spritz_state *s)
{
  spritz_init (s);
}

static void
spritz_hash_add (spritz_state *s, const void *M, size_t M_len)
{
  spritz_absorb (s, M, M_len);
}

/* the spritz MAC inline functions */

static void
spritz_mac_add (spritz_state *s, const void *M, size_t M_len)
{
  spritz_hash_add (s, M, M_len);
}

static void
spritz_mac_finish (spritz_state *s, void *H, size_t H_len)
{
  spritz_hash_finish (s, H, H_len);
}

/* spritz authenticated encryption inline functions */

static void
spritz_aead_init (spritz_state *s, const void *K, size_t K_len)
{
  spritz_mac_init (s, K, K_len);
}

static void
spritz_aead_nonce (spritz_state *s, const void *N, size_t N_len)
{
  spritz_absorb_and_stop (s, N, N_len);
}

static void
spritz_aead_associated_data (spritz_state *s, const void *D, size_t D_len)
{
  spritz_absorb_and_stop (s, D, D_len);
}

static void
spritz_aead_finish (spritz_state *s, void *H, size_t H_len)
{
  spritz_mac_finish (s, H, H_len);
}

/* spritz authenticated encryption (xor variant) inline functions */

static void
spritz_aead_xor_init (spritz_state *s, const void *K, size_t K_len)
{
  spritz_mac_init (s, K, K_len);
}

static void
spritz_aead_xor_nonce (spritz_state *s, const void *N, size_t N_len)
{
  spritz_absorb_and_stop (s, N, N_len);
}

static void
spritz_aead_xor_associated_data (spritz_state *s, const void *D, size_t D_len)
{
  spritz_absorb_and_stop (s, D, D_len);
}

static void
spritz_aead_xor_finish (spritz_state *s, void *H, size_t H_len)
{
  spritz_mac_finish (s, H, H_len);
}

/* the spritz drbg/csprng inline functions */

static void
spritz_prng_add (spritz_state *s, const void *S, size_t S_len)
{
  spritz_absorb (s, S, S_len);
}

/* get random bytes */
static void
spritz_prng_get (spritz_state *s, void *R, size_t R_len)
{
  spritz_squeeze (s, R, R_len);
}

#endif

Revision:	1.6
Committed:	Sat Jan 10 13:02:26 2015 UTC (9 years, 5 months ago) by root
Content type:	text/plain
Branch:	MAIN
CVS Tags:	rel-1_02, rel-1_0, rel-1_01, HEAD
Changes since 1.5:	+2 -1 lines
Log Message:	* empty log message *
#	Content
1	/* spritz.h, spritz C implementation, header
2	*
3	* Copyright (c) 2015 Marc Alexander Lehmann <libev@schmorp.de>
4	* All rights reserved.
5	*
6	* Redistribution and use in source and binary forms, with or without modifica-
7	* tion, are permitted provided that the following conditions are met:
8	*
9	* 1. Redistributions of source code must retain the above copyright notice,
10	* this list of conditions and the following disclaimer.
11	*
12	* 2. Redistributions in binary form must reproduce the above copyright
13	* notice, this list of conditions and the following disclaimer in the
14	* documentation and/or other materials provided with the distribution.
15	*
16	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
17	* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MER-
18	* CHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
19	* EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPE-
20	* CIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21	* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22	* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23	* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTH-
24	* ERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
25	* OF THE POSSIBILITY OF SUCH DAMAGE.
26	*
27	* Alternatively, the contents of this file may be used under the terms of
28	* the GNU General Public License ("GPL") version 2 or any later version,
29	* in which case the provisions of the GPL are applicable instead of
30	* the above. If you wish to allow the use of your version of this file
31	* only under the terms of the GPL and not to allow others to use your
32	* version of this file under the BSD license, indicate your decision
33	* by deleting the provisions above and replace them with the notice
34	* and other provisions required by the GPL. If you do not delete the
35	* provisions above, a recipient may use your version of this file under
36	* either the BSD or the GPL.
37	*/
38	#ifndef SPRITZ_H
39	#define SPRITZ_H
40
41	#include <stdint.h>
42	#include <sys/types.h>
43
44	/*******************************************************************************/
45	/* spritz parameters/state type */
46
47	enum {
48	spritz_N = 256,
49	spritz_aead_blocksize = spritz_N >> 2 /* 64 */
50	};
51
52	typedef struct
53	{
54	uint8_t a, i, j, k, z, w;
55	uint8_t S[spritz_N];
56	} spritz_state;
57
58	/*******************************************************************************/
59	/* the spritz primitives */
60
61	void spritz_init (spritz_state *s);
62	void spritz_update (spritz_state *s);
63	void spritz_whip (spritz_state *s, uint_fast16_t r);
64	void spritz_crush (spritz_state *s);
65	void spritz_shuffle (spritz_state *s);
66	void spritz_absorb (spritz_state s, const void I, size_t I_len);
67	void spritz_absorb_stop (spritz_state *s);
68	void spritz_absorb_and_stop (spritz_state s, const void I, size_t I_len); /* commonly used helper function */
69	uint8_t spritz_output (spritz_state *s);
70	void spritz_squeeze (spritz_state s, void P, size_t P_len);
71	uint8_t spritz_drip (spritz_state *s);
72
73	/*******************************************************************************/
74	/* the spritz cipher */
75
76	/* no IV is used if IV_len == 0 */
77	void spritz_cipher_init (spritz_state s, const void K, size_t K_len, const void *IV, size_t IV_len);
78
79	/* can be called multiple times/incrementally */
80	/* can work inplace */
81	void spritz_cipher_encrypt (spritz_state s, const void I, void *O, size_t len);
82	void spritz_cipher_decrypt (spritz_state s, const void I, void *O, size_t len);
83
84	/*******************************************************************************/
85	/* the spritz-xor cipher */
86
87	/* no IV is used if IV_len == 0 */
88	static void spritz_cipher_xor_init (spritz_state s, const void K, size_t K_len, const void *IV, size_t IV_len);
89
90	/* can be called multiple times/incrementally */
91	/* can work inplace */
92	/* works for both encryption and decryption */
93	void spritz_cipher_xor_crypt (spritz_state s, const void I, void *O, size_t len);
94
95	/*******************************************************************************/
96	/* the spritz hash */
97
98	static void spritz_hash_init (spritz_state *s);
99	static void spritz_hash_add (spritz_state s, const void M, size_t M_len); /* can be called multiple times/incrementally */
100	void spritz_hash_finish (spritz_state s, void H, size_t H_len); /* must be called at most once at the end */
101
102	/*******************************************************************************/
103	/* the spritz MAC */
104
105	void spritz_mac_init (spritz_state s, const void K, size_t K_len);
106	static void spritz_mac_add (spritz_state s, const void M, size_t M_len); /* can be called multiple times/incrementally */
107	static void spritz_mac_finish (spritz_state s, void H, size_t H_len); /* must be called at most once at the end */
108
109	/*******************************************************************************/
110	/* spritz authenticated encryption */
111
112	static void spritz_aead_init (spritz_state s, const void K, size_t K_len);
113	static void spritz_aead_nonce (spritz_state s, const void N, size_t N_len); /* must be called after construction, before associated_data */
114	static void spritz_aead_associated_data (spritz_state s, const void D, size_t D_len); /* must be called after nonce, before crypt */
115	void spritz_aead_encrypt (spritz_state s, const void I, void *O, size_t len);
116	void spritz_aead_decrypt (spritz_state s, const void I, void *O, size_t len);
117	/* must be called after associated_data, only once, before finish */
118	/* works for both encryption and decryption */
119	static void spritz_aead_finish (spritz_state s, void H, size_t H_len); /* must be called at most once at the end */
120
121	/*******************************************************************************/
122	/* spritz authenticated encryption (xor variant) */
123
124	static void spritz_aead_xor_init (spritz_state s, const void K, size_t K_len);
125	static void spritz_aead_xor_nonce (spritz_state s, const void N, size_t N_len); /* must be called after construction, before associated_data */
126	static void spritz_aead_xor_associated_data (spritz_state s, const void D, size_t D_len); /* must be called after nonce, before crypt */
127	void spritz_aead_xor_crypt (spritz_state s, const void I, void *O, size_t len);
128	/* must be called after associated_data, only once, before finish */
129	/* works for both encryption and decryption */
130	static void spritz_aead_xor_finish (spritz_state s, void H, size_t H_len); /* must be called at most once at the end */
131
132	/*******************************************************************************/
133	/* the spritz drbg/csprng */
134
135	/* constructor takes a seed if S_len != 0, same as spritz_prng_add */
136	void spritz_prng_init (spritz_state s, const void S, size_t S_len);
137	static void spritz_prng_add (spritz_state s, const void S, size_t S_len); /* add additional entropy */
138	static void spritz_prng_get (spritz_state s, void R, size_t R_len); /* get random bytes */
139
140	/*******************************************************************************/
141	/* inline functions - some functions are so simple, they are defined inline */
142
143	/* the spritz-xor cipher inline functions */
144
145	static void
146	spritz_cipher_xor_init (spritz_state s, const void K, size_t K_len, const void *IV, size_t IV_len)
147	{
148	spritz_cipher_init (s, K, K_len, IV, IV_len);
149	}
150
151	/* the spritz hash inline functions */
152
153	static void
154	spritz_hash_init (spritz_state *s)
155	{
156	spritz_init (s);
157	}
158
159	static void
160	spritz_hash_add (spritz_state s, const void M, size_t M_len)
161	{
162	spritz_absorb (s, M, M_len);
163	}
164
165	/* the spritz MAC inline functions */
166
167	static void
168	spritz_mac_add (spritz_state s, const void M, size_t M_len)
169	{
170	spritz_hash_add (s, M, M_len);
171	}
172
173	static void
174	spritz_mac_finish (spritz_state s, void H, size_t H_len)
175	{
176	spritz_hash_finish (s, H, H_len);
177	}
178
179	/* spritz authenticated encryption inline functions */
180
181	static void
182	spritz_aead_init (spritz_state s, const void K, size_t K_len)
183	{
184	spritz_mac_init (s, K, K_len);
185	}
186
187	static void
188	spritz_aead_nonce (spritz_state s, const void N, size_t N_len)
189	{
190	spritz_absorb_and_stop (s, N, N_len);
191	}
192
193	static void
194	spritz_aead_associated_data (spritz_state s, const void D, size_t D_len)
195	{
196	spritz_absorb_and_stop (s, D, D_len);
197	}
198
199	static void
200	spritz_aead_finish (spritz_state s, void H, size_t H_len)
201	{
202	spritz_mac_finish (s, H, H_len);
203	}
204
205	/* spritz authenticated encryption (xor variant) inline functions */
206
207	static void
208	spritz_aead_xor_init (spritz_state s, const void K, size_t K_len)
209	{
210	spritz_mac_init (s, K, K_len);
211	}
212
213	static void
214	spritz_aead_xor_nonce (spritz_state s, const void N, size_t N_len)
215	{
216	spritz_absorb_and_stop (s, N, N_len);
217	}
218
219	static void
220	spritz_aead_xor_associated_data (spritz_state s, const void D, size_t D_len)
221	{
222	spritz_absorb_and_stop (s, D, D_len);
223	}
224
225	static void
226	spritz_aead_xor_finish (spritz_state s, void H, size_t H_len)
227	{
228	spritz_mac_finish (s, H, H_len);
229	}
230
231	/* the spritz drbg/csprng inline functions */
232
233	static void
234	spritz_prng_add (spritz_state s, const void S, size_t S_len)
235	{
236	spritz_absorb (s, S, S_len);
237	}
238
239	/* get random bytes */
240	static void
241	spritz_prng_get (spritz_state s, void R, size_t R_len)
242	{
243	spritz_squeeze (s, R, R_len);
244	}
245
246	#endif
247