[mirror_edk2.git] / CryptoPkg / Library / BaseCryptLib / Hash / CryptCShake256.c

/** @file\r
  cSHAKE-256 Digest Wrapper Implementations.\r
\r
Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include "CryptParallelHash.h"\r
\r
#define  CSHAKE256_SECURITY_STRENGTH  256\r
#define  CSHAKE256_RATE_IN_BYTES      136\r
\r
CONST CHAR8  mZeroPadding[CSHAKE256_RATE_IN_BYTES] = { 0 };\r
\r
/**\r
  CShake256 initial function.\r
\r
  Initializes user-supplied memory pointed by CShake256Context as cSHAKE-256 hash context for\r
  subsequent use.\r
\r
  @param[out] CShake256Context  Pointer to cSHAKE-256 context being initialized.\r
  @param[in]  OutputLen         The desired number of output length in bytes.\r
  @param[in]  Name              Pointer to the function name string.\r
  @param[in]  NameLen           The length of the function name in bytes.\r
  @param[in]  Customization     Pointer to the customization string.\r
  @param[in]  CustomizationLen  The length of the customization string in bytes.\r
\r
  @retval TRUE   cSHAKE-256 context initialization succeeded.\r
  @retval FALSE  cSHAKE-256 context initialization failed.\r
  @retval FALSE  This interface is not supported.\r
**/\r
BOOLEAN\r
EFIAPI\r
CShake256Init (\r
  OUT  VOID        *CShake256Context,\r
  IN   UINTN       OutputLen,\r
  IN   CONST VOID  *Name,\r
  IN   UINTN       NameLen,\r
  IN   CONST VOID  *Customization,\r
  IN   UINTN       CustomizationLen\r
  )\r
{\r
  BOOLEAN  Status;\r
  UINT8    EncBuf[sizeof (UINTN) + 1];\r
  UINTN    EncLen;\r
  UINTN    AbsorbLen;\r
  UINTN    PadLen;\r
\r
  //\r
  // Check input parameters.\r
  //\r
  if ((CShake256Context == NULL) || (OutputLen == 0) || ((NameLen != 0) && (Name == NULL)) || ((CustomizationLen != 0) && (Customization == NULL))) {\r
    return FALSE;\r
  }\r
\r
  //\r
  // Initialize KECCAK context with pad value and block size.\r
  //\r
  if ((NameLen == 0) && (CustomizationLen == 0)) {\r
    //\r
    // When N and S are both empty strings, cSHAKE(X, L, N, S) is equivalent to\r
    // SHAKE as defined in FIPS 202.\r
    //\r
    Status = (BOOLEAN)KeccakInit (\r
                        (Keccak1600_Ctx *)CShake256Context,\r
                        '\x1f',\r
                        (KECCAK1600_WIDTH - CSHAKE256_SECURITY_STRENGTH * 2) / 8,\r
                        OutputLen\r
                        );\r
\r
    return Status;\r
  } else {\r
    Status = (BOOLEAN)KeccakInit (\r
                        (Keccak1600_Ctx *)CShake256Context,\r
                        '\x04',\r
                        (KECCAK1600_WIDTH - CSHAKE256_SECURITY_STRENGTH * 2) / 8,\r
                        OutputLen\r
                        );\r
    if (!Status) {\r
      return FALSE;\r
    }\r
\r
    AbsorbLen = 0;\r
    //\r
    // Absorb Absorb bytepad(.., rate).\r
    //\r
    EncLen = LeftEncode (EncBuf, CSHAKE256_RATE_IN_BYTES);\r
    Status = (BOOLEAN)Sha3Update ((Keccak1600_Ctx *)CShake256Context, EncBuf, EncLen);\r
    if (!Status) {\r
      return FALSE;\r
    }\r
\r
    AbsorbLen += EncLen;\r
\r
    //\r
    // Absorb encode_string(N).\r
    //\r
    EncLen = LeftEncode (EncBuf, NameLen * 8);\r
    Status = (BOOLEAN)Sha3Update ((Keccak1600_Ctx *)CShake256Context, EncBuf, EncLen);\r
    if (!Status) {\r
      return FALSE;\r
    }\r
\r
    AbsorbLen += EncLen;\r
    Status     = (BOOLEAN)Sha3Update ((Keccak1600_Ctx *)CShake256Context, Name, NameLen);\r
    if (!Status) {\r
      return FALSE;\r
    }\r
\r
    AbsorbLen += NameLen;\r
\r
    //\r
    // Absorb encode_string(S).\r
    //\r
    EncLen = LeftEncode (EncBuf, CustomizationLen * 8);\r
    Status = (BOOLEAN)Sha3Update ((Keccak1600_Ctx *)CShake256Context, EncBuf, EncLen);\r
    if (!Status) {\r
      return FALSE;\r
    }\r
\r
    AbsorbLen += EncLen;\r
    Status     = (BOOLEAN)Sha3Update ((Keccak1600_Ctx *)CShake256Context, Customization, CustomizationLen);\r
    if (!Status) {\r
      return FALSE;\r
    }\r
\r
    AbsorbLen += CustomizationLen;\r
\r
    //\r
    // Absorb zero padding up to rate.\r
    //\r
    PadLen = CSHAKE256_RATE_IN_BYTES - AbsorbLen % CSHAKE256_RATE_IN_BYTES;\r
    Status = (BOOLEAN)Sha3Update ((Keccak1600_Ctx *)CShake256Context, mZeroPadding, PadLen);\r
    if (!Status) {\r
      return FALSE;\r
    }\r
\r
    return TRUE;\r
  }\r
}\r
\r
/**\r
  Digests the input data and updates cSHAKE-256 context.\r
\r
  This function performs cSHAKE-256 digest on a data buffer of the specified size.\r
  It can be called multiple times to compute the digest of long or discontinuous data streams.\r
  cSHAKE-256 context should be already correctly initialized by CShake256Init(), and should not be finalized\r
  by CShake256Final(). Behavior with invalid context is undefined.\r
\r
  @param[in, out]  CShake256Context   Pointer to the cSHAKE-256 context.\r
  @param[in]       Data               Pointer to the buffer containing the data to be hashed.\r
  @param[in]       DataSize           Size of Data buffer in bytes.\r
\r
  @retval TRUE   cSHAKE-256 data digest succeeded.\r
  @retval FALSE  cSHAKE-256 data digest failed.\r
  @retval FALSE  This interface is not supported.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
CShake256Update (\r
  IN OUT  VOID        *CShake256Context,\r
  IN      CONST VOID  *Data,\r
  IN      UINTN       DataSize\r
  )\r
{\r
  //\r
  // Check input parameters.\r
  //\r
  if (CShake256Context == NULL) {\r
    return FALSE;\r
  }\r
\r
  //\r
  // Check invalid parameters, in case that only DataLength was checked in OpenSSL.\r
  //\r
  if ((Data == NULL) && (DataSize != 0)) {\r
    return FALSE;\r
  }\r
\r
  return (BOOLEAN)(Sha3Update ((Keccak1600_Ctx *)CShake256Context, Data, DataSize));\r
}\r
\r
/**\r
  Completes computation of the cSHAKE-256 digest value.\r
\r
  This function completes cSHAKE-256 hash computation and retrieves the digest value into\r
  the specified memory. After this function has been called, the cSHAKE-256 context cannot\r
  be used again.\r
  cSHAKE-256 context should be already correctly initialized by CShake256Init(), and should not be\r
  finalized by CShake256Final(). Behavior with invalid cSHAKE-256 context is undefined.\r
\r
  @param[in, out]  CShake256Context  Pointer to the cSHAKE-256 context.\r
  @param[out]      HashValue         Pointer to a buffer that receives the cSHAKE-256 digest\r
                                     value.\r
\r
  @retval TRUE   cSHAKE-256 digest computation succeeded.\r
  @retval FALSE  cSHAKE-256 digest computation failed.\r
  @retval FALSE  This interface is not supported.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
CShake256Final (\r
  IN OUT  VOID   *CShake256Context,\r
  OUT     UINT8  *HashValue\r
  )\r
{\r
  //\r
  // Check input parameters.\r
  //\r
  if ((CShake256Context == NULL) || (HashValue == NULL)) {\r
    return FALSE;\r
  }\r
\r
  //\r
  // cSHAKE-256 Hash Finalization.\r
  //\r
  return (BOOLEAN)(Sha3Final ((Keccak1600_Ctx *)CShake256Context, HashValue));\r
}\r
\r
/**\r
  Computes the CSHAKE-256 message digest of a input data buffer.\r
\r
  This function performs the CSHAKE-256 message digest of a given data buffer, and places\r
  the digest value into the specified memory.\r
\r
  @param[in]   Data               Pointer to the buffer containing the data to be hashed.\r
  @param[in]   DataSize           Size of Data buffer in bytes.\r
  @param[in]   OutputLen          Size of output in bytes.\r
  @param[in]   Name               Pointer to the function name string.\r
  @param[in]   NameLen            Size of the function name in bytes.\r
  @param[in]   Customization      Pointer to the customization string.\r
  @param[in]   CustomizationLen   Size of the customization string in bytes.\r
  @param[out]  HashValue          Pointer to a buffer that receives the CSHAKE-256 digest\r
                                  value.\r
\r
  @retval TRUE   CSHAKE-256 digest computation succeeded.\r
  @retval FALSE  CSHAKE-256 digest computation failed.\r
  @retval FALSE  This interface is not supported.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
CShake256HashAll (\r
  IN   CONST VOID  *Data,\r
  IN   UINTN       DataSize,\r
  IN   UINTN       OutputLen,\r
  IN   CONST VOID  *Name,\r
  IN   UINTN       NameLen,\r
  IN   CONST VOID  *Customization,\r
  IN   UINTN       CustomizationLen,\r
  OUT  UINT8       *HashValue\r
  )\r
{\r
  BOOLEAN         Status;\r
  Keccak1600_Ctx  Ctx;\r
\r
  //\r
  // Check input parameters.\r
  //\r
  if (HashValue == NULL) {\r
    return FALSE;\r
  }\r
\r
  if ((Data == NULL) && (DataSize != 0)) {\r
    return FALSE;\r
  }\r
\r
  Status = CShake256Init (&Ctx, OutputLen, Name, NameLen, Customization, CustomizationLen);\r
  if (!Status) {\r
    return FALSE;\r
  }\r
\r
  Status = CShake256Update (&Ctx, Data, DataSize);\r
  if (!Status) {\r
    return FALSE;\r
  }\r
\r
  return CShake256Final (&Ctx, HashValue);\r
}\r
Commit	Line	Data
c1e66210 ZL	1	/** @file\r
	2	cSHAKE-256 Digest Wrapper Implementations.\r
	3	\r
	4	Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>\r
	5	SPDX-License-Identifier: BSD-2-Clause-Patent\r
	6	\r
	7	**/\r
	8	\r
	9	#include "CryptParallelHash.h"\r
	10	\r
	11	#define CSHAKE256_SECURITY_STRENGTH 256\r
	12	#define CSHAKE256_RATE_IN_BYTES 136\r
	13	\r
	14	CONST CHAR8 mZeroPadding[CSHAKE256_RATE_IN_BYTES] = { 0 };\r
	15	\r
	16	/**\r
	17	CShake256 initial function.\r
	18	\r
	19	Initializes user-supplied memory pointed by CShake256Context as cSHAKE-256 hash context for\r
	20	subsequent use.\r
	21	\r
	22	@param[out] CShake256Context Pointer to cSHAKE-256 context being initialized.\r
	23	@param[in] OutputLen The desired number of output length in bytes.\r
	24	@param[in] Name Pointer to the function name string.\r
	25	@param[in] NameLen The length of the function name in bytes.\r
	26	@param[in] Customization Pointer to the customization string.\r
	27	@param[in] CustomizationLen The length of the customization string in bytes.\r
	28	\r
	29	@retval TRUE cSHAKE-256 context initialization succeeded.\r
	30	@retval FALSE cSHAKE-256 context initialization failed.\r
	31	@retval FALSE This interface is not supported.\r
	32	**/\r
	33	BOOLEAN\r
	34	EFIAPI\r
	35	CShake256Init (\r
	36	OUT VOID *CShake256Context,\r
	37	IN UINTN OutputLen,\r
	38	IN CONST VOID *Name,\r
	39	IN UINTN NameLen,\r
	40	IN CONST VOID *Customization,\r
	41	IN UINTN CustomizationLen\r
	42	)\r
	43	{\r
	44	BOOLEAN Status;\r
	45	UINT8 EncBuf[sizeof (UINTN) + 1];\r
	46	UINTN EncLen;\r
	47	UINTN AbsorbLen;\r
	48	UINTN PadLen;\r
	49	\r
	50	//\r
	51	// Check input parameters.\r
	52	//\r
	53	if ((CShake256Context == NULL) \|\| (OutputLen == 0) \|\| ((NameLen != 0) && (Name == NULL)) \|\| ((CustomizationLen != 0) && (Customization == NULL))) {\r
	54	return FALSE;\r
	55	}\r
	56	\r
	57	//\r
	58	// Initialize KECCAK context with pad value and block size.\r
	59	//\r
	60	if ((NameLen == 0) && (CustomizationLen == 0)) {\r
	61	//\r
	62	// When N and S are both empty strings, cSHAKE(X, L, N, S) is equivalent to\r
	63	// SHAKE as defined in FIPS 202.\r
	64	//\r
65	Status = (BOOLEAN)KeccakInit (\r
66	(Keccak1600_Ctx *)CShake256Context,\r
67	'\x1f',\r
68	(KECCAK1600_WIDTH - CSHAKE256_SECURITY_STRENGTH * 2) / 8,\r
69	OutputLen\r
70	);\r
71	\r
72	return Status;\r
73	} else {\r
74	Status = (BOOLEAN)KeccakInit (\r
75	(Keccak1600_Ctx *)CShake256Context,\r
76	'\x04',\r
77	(KECCAK1600_WIDTH - CSHAKE256_SECURITY_STRENGTH * 2) / 8,\r
78	OutputLen\r
79	);\r
80	if (!Status) {\r
81	return FALSE;\r
82	}\r
83	\r
84	AbsorbLen = 0;\r
85	//\r
86	// Absorb Absorb bytepad(.., rate).\r
87	//\r
88	EncLen = LeftEncode (EncBuf, CSHAKE256_RATE_IN_BYTES);\r
89	Status = (BOOLEAN)Sha3Update ((Keccak1600_Ctx *)CShake256Context, EncBuf, EncLen);\r
90	if (!Status) {\r
91	return FALSE;\r
92	}\r
93	\r
94	AbsorbLen += EncLen;\r
95	\r
96	//\r
97	// Absorb encode_string(N).\r
98	//\r
99	EncLen = LeftEncode (EncBuf, NameLen * 8);\r
100	Status = (BOOLEAN)Sha3Update ((Keccak1600_Ctx *)CShake256Context, EncBuf, EncLen);\r
101	if (!Status) {\r
102	return FALSE;\r
103	}\r
104	\r
105	AbsorbLen += EncLen;\r
106	Status = (BOOLEAN)Sha3Update ((Keccak1600_Ctx *)CShake256Context, Name, NameLen);\r
107	if (!Status) {\r
108	return FALSE;\r
109	}\r
110	\r
111	AbsorbLen += NameLen;\r
112	\r
113	//\r
114	// Absorb encode_string(S).\r
115	//\r
116	EncLen = LeftEncode (EncBuf, CustomizationLen * 8);\r
117	Status = (BOOLEAN)Sha3Update ((Keccak1600_Ctx *)CShake256Context, EncBuf, EncLen);\r
118	if (!Status) {\r
119	return FALSE;\r
120	}\r
121	\r
122	AbsorbLen += EncLen;\r
123	Status = (BOOLEAN)Sha3Update ((Keccak1600_Ctx *)CShake256Context, Customization, CustomizationLen);\r
124	if (!Status) {\r
125	return FALSE;\r
126	}\r
127	\r
128	AbsorbLen += CustomizationLen;\r
129	\r
130	//\r
131	// Absorb zero padding up to rate.\r
132	//\r
133	PadLen = CSHAKE256_RATE_IN_BYTES - AbsorbLen % CSHAKE256_RATE_IN_BYTES;\r
134	Status = (BOOLEAN)Sha3Update ((Keccak1600_Ctx *)CShake256Context, mZeroPadding, PadLen);\r
135	if (!Status) {\r
136	return FALSE;\r
137	}\r
138	\r
139	return TRUE;\r
140	}\r
141	}\r
142	\r
143	/**\r
144	Digests the input data and updates cSHAKE-256 context.\r
145	\r
146	This function performs cSHAKE-256 digest on a data buffer of the specified size.\r
147	It can be called multiple times to compute the digest of long or discontinuous data streams.\r
148	cSHAKE-256 context should be already correctly initialized by CShake256Init(), and should not be finalized\r
149	by CShake256Final(). Behavior with invalid context is undefined.\r
150	\r
151	@param[in, out] CShake256Context Pointer to the cSHAKE-256 context.\r
152	@param[in] Data Pointer to the buffer containing the data to be hashed.\r
153	@param[in] DataSize Size of Data buffer in bytes.\r
154	\r
155	@retval TRUE cSHAKE-256 data digest succeeded.\r
156	@retval FALSE cSHAKE-256 data digest failed.\r
157	@retval FALSE This interface is not supported.\r
158	\r
159	**/\r
160	BOOLEAN\r
161	EFIAPI\r
162	CShake256Update (\r
163	IN OUT VOID *CShake256Context,\r
164	IN CONST VOID *Data,\r
165	IN UINTN DataSize\r
166	)\r
167	{\r
168	//\r
169	// Check input parameters.\r
170	//\r
171	if (CShake256Context == NULL) {\r
172	return FALSE;\r
173	}\r
174	\r
175	//\r
176	// Check invalid parameters, in case that only DataLength was checked in OpenSSL.\r
177	//\r
178	if ((Data == NULL) && (DataSize != 0)) {\r
179	return FALSE;\r
180	}\r
181	\r
182	return (BOOLEAN)(Sha3Update ((Keccak1600_Ctx *)CShake256Context, Data, DataSize));\r
183	}\r
184	\r
185	/**\r
186	Completes computation of the cSHAKE-256 digest value.\r
187	\r
188	This function completes cSHAKE-256 hash computation and retrieves the digest value into\r
189	the specified memory. After this function has been called, the cSHAKE-256 context cannot\r
190	be used again.\r
191	cSHAKE-256 context should be already correctly initialized by CShake256Init(), and should not be\r
192	finalized by CShake256Final(). Behavior with invalid cSHAKE-256 context is undefined.\r
193	\r
194	@param[in, out] CShake256Context Pointer to the cSHAKE-256 context.\r
195	@param[out] HashValue Pointer to a buffer that receives the cSHAKE-256 digest\r
196	value.\r
197	\r
198	@retval TRUE cSHAKE-256 digest computation succeeded.\r
199	@retval FALSE cSHAKE-256 digest computation failed.\r
200	@retval FALSE This interface is not supported.\r
201	\r
202	**/\r
203	BOOLEAN\r
204	EFIAPI\r
205	CShake256Final (\r
206	IN OUT VOID *CShake256Context,\r
207	OUT UINT8 *HashValue\r
208	)\r
209	{\r
210	//\r
211	// Check input parameters.\r
212	//\r
213	if ((CShake256Context == NULL) \|\| (HashValue == NULL)) {\r
214	return FALSE;\r
215	}\r
216	\r
217	//\r
218	// cSHAKE-256 Hash Finalization.\r
219	//\r
220	return (BOOLEAN)(Sha3Final ((Keccak1600_Ctx *)CShake256Context, HashValue));\r
221	}\r
222	\r
223	/**\r
224	Computes the CSHAKE-256 message digest of a input data buffer.\r
225	\r
226	This function performs the CSHAKE-256 message digest of a given data buffer, and places\r
227	the digest value into the specified memory.\r
228	\r
229	@param[in] Data Pointer to the buffer containing the data to be hashed.\r
230	@param[in] DataSize Size of Data buffer in bytes.\r
231	@param[in] OutputLen Size of output in bytes.\r
232	@param[in] Name Pointer to the function name string.\r
233	@param[in] NameLen Size of the function name in bytes.\r
234	@param[in] Customization Pointer to the customization string.\r
235	@param[in] CustomizationLen Size of the customization string in bytes.\r
236	@param[out] HashValue Pointer to a buffer that receives the CSHAKE-256 digest\r
237	value.\r
238	\r
239	@retval TRUE CSHAKE-256 digest computation succeeded.\r
240	@retval FALSE CSHAKE-256 digest computation failed.\r
241	@retval FALSE This interface is not supported.\r
242	\r
243	**/\r
244	BOOLEAN\r
245	EFIAPI\r
246	CShake256HashAll (\r
247	IN CONST VOID *Data,\r
248	IN UINTN DataSize,\r
249	IN UINTN OutputLen,\r
250	IN CONST VOID *Name,\r
251	IN UINTN NameLen,\r
252	IN CONST VOID *Customization,\r
253	IN UINTN CustomizationLen,\r
254	OUT UINT8 *HashValue\r
255	)\r
256	{\r
257	BOOLEAN Status;\r
258	Keccak1600_Ctx Ctx;\r
259	\r
260	//\r
261	// Check input parameters.\r
262	//\r
263	if (HashValue == NULL) {\r
264	return FALSE;\r
265	}\r
266	\r
267	if ((Data == NULL) && (DataSize != 0)) {\r
268	return FALSE;\r
269	}\r
270	\r
271	Status = CShake256Init (&Ctx, OutputLen, Name, NameLen, Customization, CustomizationLen);\r
272	if (!Status) {\r
273	return FALSE;\r
274	}\r
275	\r
276	Status = CShake256Update (&Ctx, Data, DataSize);\r
277	if (!Status) {\r
278	return FALSE;\r
279	}\r
280	\r
281	return CShake256Final (&Ctx, HashValue);\r
282	}\r