Crypto++ 8.2
Free C&
shake.h
Go to the documentation of this file.
1// shake.h - written and placed in the public domain by Jeffrey Walton
2
3/// \file shake.h
4/// \brief Classes for SHAKE message digests
5/// \details The library provides byte oriented SHAKE128 and SHAKE256 using F1600.
6/// FIPS 202 allows nearly unlimited output sizes, but Crypto++ limits the output
7/// size to <tt>UINT_MAX</tt> due underlying data types.
8/// \sa Keccak, SHA3, SHAKE128, SHAKE256,
9/// <a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf">FIPS 202,
10/// SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions</a>
11/// \since Crypto++ 8.1
12
13#ifndef CRYPTOPP_SHAKE_H
14#define CRYPTOPP_SHAKE_H
15
16#include "cryptlib.h"
17#include "secblock.h"
18
19NAMESPACE_BEGIN(CryptoPP)
20
21/// \brief SHAKE message digest base class
22/// \details SHAKE is the base class for SHAKE128 and SHAKE258.
23/// Library users should instantiate a derived class, and only use SHAKE
24/// as a base class reference or pointer.
25/// \sa Keccak, SHA3, SHAKE128, SHAKE256,
26/// <a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf">FIPS 202,
27/// SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions</a>
28/// \since Crypto++ 8.1
30{
31protected:
32 /// \brief Construct a SHAKE
33 /// \param digestSize the digest size, in bytes
34 /// \details SHAKE is the base class for SHAKE128 and SHAKE256.
35 /// Library users should instantiate a derived class, and only use SHAKE
36 /// as a base class reference or pointer.
37 /// \details This constructor was moved to protected at Crypto++ 8.1
38 /// because users were attempting to create Keccak objects with it.
39 /// \since Crypto++ 8.1
40 SHAKE(unsigned int digestSize) : m_digestSize(digestSize) {Restart();}
41
42public:
43 unsigned int DigestSize() const {return m_digestSize;}
44 unsigned int OptimalDataAlignment() const {return GetAlignmentOf<word64>();}
45
46 void Update(const byte *input, size_t length);
47 void Restart();
48 void TruncatedFinal(byte *hash, size_t size);
49
50protected:
51 inline unsigned int r() const {return BlockSize();}
52
53 // SHAKE-128 and SHAKE-256 effectively allow unlimited
54 // output length. However, we use an unsigned int so
55 // we are limited in practice to UINT_MAX.
56 void ThrowIfInvalidTruncatedSize(size_t size) const;
57
59 unsigned int m_digestSize, m_counter;
60};
61
62/// \brief SHAKE message digest template
63/// \tparam T_Strength the strength of the digest
64/// \since Crypto++ 8.1
65template<unsigned int T_Strength>
66class SHAKE_Final : public SHAKE
67{
68public:
69 CRYPTOPP_CONSTANT(DIGESTSIZE = (T_Strength == 128 ? 32 : 64))
70 CRYPTOPP_CONSTANT(BLOCKSIZE = (T_Strength == 128 ? 1344/8 : 1088/8))
71 static std::string StaticAlgorithmName()
72 { return "SHAKE-" + IntToString(T_Strength); }
73
74 /// \brief Construct a SHAKE-X message digest
75 /// \details SHAKE128 and SHAKE256 don't need the output size in advance
76 /// because the output size does not affect the digest. TruncatedFinal
77 /// produces the correct digest for any output size. However, cSHAKE
78 /// requires the output size in advance because the algoirthm uses
79 /// output size as a parameter to the hash function.
80 SHAKE_Final(unsigned int outputSize=DIGESTSIZE) : SHAKE(outputSize) {}
81
82 /// \brief Provides the block size of the compression function
83 /// \return block size of the compression function, in bytes
84 /// \details BlockSize() will return 0 if the hash is not block based
85 /// or does not have an equivalent block size. For example, Keccak
86 /// and SHA-3 do not have a block size, but they do have an equivalent
87 /// to block size called rate expressed as <tt>r</tt>.
88 unsigned int BlockSize() const { return BLOCKSIZE; }
89
90 std::string AlgorithmName() const { return StaticAlgorithmName(); }
91
92private:
93#if !defined(__BORLANDC__)
94 // ensure there was no underflow in the math
95 CRYPTOPP_COMPILE_ASSERT(BLOCKSIZE < 200);
96 // this is a general expectation by HMAC
97 CRYPTOPP_COMPILE_ASSERT((int)BLOCKSIZE > (int)DIGESTSIZE);
98#endif
99};
100
101/// \brief SHAKE128 message digest
102/// \details The library provides byte oriented SHAKE128 using F1600.
103/// FIPS 202 allows nearly unlimited output sizes, but Crypto++ limits
104/// the output size to <tt>UINT_MAX</tt> due underlying data types.
105/// \sa Keccak, SHA3, SHAKE256,
106/// <a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf">FIPS 202,
107/// SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions</a>
108/// \since Crypto++ 8.1
109class SHAKE128 : public SHAKE_Final<128>
110{
111public:
112 /// \brief Construct a SHAKE128 message digest
113 /// \details SHAKE128 and SHAKE256 don't need the output size in advance
114 /// because the output size does not affect the digest. TruncatedFinal
115 /// produces the correct digest for any output size. However, cSHAKE
116 /// requires the output size in advance because the algoirthm uses
117 /// output size as a parameter to the hash function.
118 /// \since Crypto++ 8.1
120
121 /// \brief Construct a SHAKE128 message digest
122 /// \details SHAKE128 and SHAKE256 don't need the output size in advance
123 /// because the output size does not affect the digest. TruncatedFinal
124 /// produces the correct digest for any output size. However, cSHAKE
125 /// requires the output size in advance because the algoirthm uses
126 /// output size as a parameter to the hash function.
127 /// \since Crypto++ 8.1
128 SHAKE128(unsigned int outputSize) : SHAKE_Final<128>(outputSize) {}
129};
130
131/// \brief SHAKE256 message digest
132/// \details The library provides byte oriented SHAKE256 using F1600.
133/// FIPS 202 allows nearly unlimited output sizes, but Crypto++ limits
134/// the output size to <tt>UINT_MAX</tt> due underlying data types.
135/// \sa Keccak, SHA3, SHAKE128,
136/// <a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf">FIPS 202,
137/// SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions</a>
138/// \since Crypto++ 8.1
139class SHAKE256 : public SHAKE_Final<256>
140{
141public:
142 /// \brief Construct a SHAKE256 message digest
143 /// \details SHAKE128 and SHAKE256 don't need the output size in advance
144 /// because the output size does not affect the digest. TruncatedFinal
145 /// produces the correct digest for any output size. However, cSHAKE
146 /// requires the output size in advance because the algoirthm uses
147 /// output size as a parameter to the hash function.
148 /// \since Crypto++ 8.1
150
151 /// \brief Construct a SHAKE256 message digest
152 /// \details SHAKE128 and SHAKE256 don't need the output size in advance
153 /// because the output size does not affect the digest. TruncatedFinal
154 /// produces the correct digest for any output size. However, cSHAKE
155 /// requires the output size in advance because the algoirthm uses
156 /// output size as a parameter to the hash function.
157 /// \since Crypto++ 8.1
158 SHAKE256(unsigned int outputSize) : SHAKE_Final<256>(outputSize) {}
159};
160
161NAMESPACE_END
162
163#endif
Fixed size stack-based SecBlock.
Definition: secblock.h:1078
Interface for hash functions and data processing part of MACs.
Definition: cryptlib.h:1085
SHAKE128 message digest.
Definition: shake.h:110
SHAKE128(unsigned int outputSize)
Construct a SHAKE128 message digest.
Definition: shake.h:128
SHAKE128()
Construct a SHAKE128 message digest.
Definition: shake.h:119
SHAKE256 message digest.
Definition: shake.h:140
SHAKE256(unsigned int outputSize)
Construct a SHAKE256 message digest.
Definition: shake.h:158
SHAKE256()
Construct a SHAKE256 message digest.
Definition: shake.h:149
SHAKE message digest template.
Definition: shake.h:67
unsigned int BlockSize() const
Provides the block size of the compression function.
Definition: shake.h:88
SHAKE_Final(unsigned int outputSize=DIGESTSIZE)
Construct a SHAKE-X message digest.
Definition: shake.h:80
std::string AlgorithmName() const
Provides the name of this algorithm.
Definition: shake.h:90
SHAKE message digest base class.
Definition: shake.h:30
unsigned int OptimalDataAlignment() const
Provides input and output data alignment for optimal performance.
Definition: shake.h:44
unsigned int DigestSize() const
Provides the digest size of the hash.
Definition: shake.h:43
Abstract base classes that provide a uniform interface to this library.
#define CRYPTOPP_COMPILE_ASSERT(expr)
Compile time assertion.
Definition: misc.h:116
std::string IntToString(T value, unsigned int base=10)
Converts a value to a string.
Definition: misc.h:636
Crypto++ library namespace.
Classes and functions for secure memory allocations.