2 cSHAKE-256 Digest Wrapper Implementations.
4 Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>
5 SPDX-License-Identifier: BSD-2-Clause-Patent
9 #include "CryptParallelHash.h"
11 #define CSHAKE256_SECURITY_STRENGTH 256
12 #define CSHAKE256_RATE_IN_BYTES 136
14 CONST CHAR8 mZeroPadding
[CSHAKE256_RATE_IN_BYTES
] = { 0 };
17 CShake256 initial function.
19 Initializes user-supplied memory pointed by CShake256Context as cSHAKE-256 hash context for
22 @param[out] CShake256Context Pointer to cSHAKE-256 context being initialized.
23 @param[in] OutputLen The desired number of output length in bytes.
24 @param[in] Name Pointer to the function name string.
25 @param[in] NameLen The length of the function name in bytes.
26 @param[in] Customization Pointer to the customization string.
27 @param[in] CustomizationLen The length of the customization string in bytes.
29 @retval TRUE cSHAKE-256 context initialization succeeded.
30 @retval FALSE cSHAKE-256 context initialization failed.
31 @retval FALSE This interface is not supported.
36 OUT VOID
*CShake256Context
,
40 IN CONST VOID
*Customization
,
41 IN UINTN CustomizationLen
45 UINT8 EncBuf
[sizeof (UINTN
) + 1];
51 // Check input parameters.
53 if ((CShake256Context
== NULL
) || (OutputLen
== 0) || ((NameLen
!= 0) && (Name
== NULL
)) || ((CustomizationLen
!= 0) && (Customization
== NULL
))) {
58 // Initialize KECCAK context with pad value and block size.
60 if ((NameLen
== 0) && (CustomizationLen
== 0)) {
62 // When N and S are both empty strings, cSHAKE(X, L, N, S) is equivalent to
63 // SHAKE as defined in FIPS 202.
65 Status
= (BOOLEAN
)KeccakInit (
66 (Keccak1600_Ctx
*)CShake256Context
,
68 (KECCAK1600_WIDTH
- CSHAKE256_SECURITY_STRENGTH
* 2) / 8,
74 Status
= (BOOLEAN
)KeccakInit (
75 (Keccak1600_Ctx
*)CShake256Context
,
77 (KECCAK1600_WIDTH
- CSHAKE256_SECURITY_STRENGTH
* 2) / 8,
86 // Absorb Absorb bytepad(.., rate).
88 EncLen
= LeftEncode (EncBuf
, CSHAKE256_RATE_IN_BYTES
);
89 Status
= (BOOLEAN
)Sha3Update ((Keccak1600_Ctx
*)CShake256Context
, EncBuf
, EncLen
);
97 // Absorb encode_string(N).
99 EncLen
= LeftEncode (EncBuf
, NameLen
* 8);
100 Status
= (BOOLEAN
)Sha3Update ((Keccak1600_Ctx
*)CShake256Context
, EncBuf
, EncLen
);
106 Status
= (BOOLEAN
)Sha3Update ((Keccak1600_Ctx
*)CShake256Context
, Name
, NameLen
);
111 AbsorbLen
+= NameLen
;
114 // Absorb encode_string(S).
116 EncLen
= LeftEncode (EncBuf
, CustomizationLen
* 8);
117 Status
= (BOOLEAN
)Sha3Update ((Keccak1600_Ctx
*)CShake256Context
, EncBuf
, EncLen
);
123 Status
= (BOOLEAN
)Sha3Update ((Keccak1600_Ctx
*)CShake256Context
, Customization
, CustomizationLen
);
128 AbsorbLen
+= CustomizationLen
;
131 // Absorb zero padding up to rate.
133 PadLen
= CSHAKE256_RATE_IN_BYTES
- AbsorbLen
% CSHAKE256_RATE_IN_BYTES
;
134 Status
= (BOOLEAN
)Sha3Update ((Keccak1600_Ctx
*)CShake256Context
, mZeroPadding
, PadLen
);
144 Digests the input data and updates cSHAKE-256 context.
146 This function performs cSHAKE-256 digest on a data buffer of the specified size.
147 It can be called multiple times to compute the digest of long or discontinuous data streams.
148 cSHAKE-256 context should be already correctly initialized by CShake256Init(), and should not be finalized
149 by CShake256Final(). Behavior with invalid context is undefined.
151 @param[in, out] CShake256Context Pointer to the cSHAKE-256 context.
152 @param[in] Data Pointer to the buffer containing the data to be hashed.
153 @param[in] DataSize Size of Data buffer in bytes.
155 @retval TRUE cSHAKE-256 data digest succeeded.
156 @retval FALSE cSHAKE-256 data digest failed.
157 @retval FALSE This interface is not supported.
163 IN OUT VOID
*CShake256Context
,
169 // Check input parameters.
171 if (CShake256Context
== NULL
) {
176 // Check invalid parameters, in case that only DataLength was checked in OpenSSL.
178 if ((Data
== NULL
) && (DataSize
!= 0)) {
182 return (BOOLEAN
)(Sha3Update ((Keccak1600_Ctx
*)CShake256Context
, Data
, DataSize
));
186 Completes computation of the cSHAKE-256 digest value.
188 This function completes cSHAKE-256 hash computation and retrieves the digest value into
189 the specified memory. After this function has been called, the cSHAKE-256 context cannot
191 cSHAKE-256 context should be already correctly initialized by CShake256Init(), and should not be
192 finalized by CShake256Final(). Behavior with invalid cSHAKE-256 context is undefined.
194 @param[in, out] CShake256Context Pointer to the cSHAKE-256 context.
195 @param[out] HashValue Pointer to a buffer that receives the cSHAKE-256 digest
198 @retval TRUE cSHAKE-256 digest computation succeeded.
199 @retval FALSE cSHAKE-256 digest computation failed.
200 @retval FALSE This interface is not supported.
206 IN OUT VOID
*CShake256Context
,
211 // Check input parameters.
213 if ((CShake256Context
== NULL
) || (HashValue
== NULL
)) {
218 // cSHAKE-256 Hash Finalization.
220 return (BOOLEAN
)(Sha3Final ((Keccak1600_Ctx
*)CShake256Context
, HashValue
));
224 Computes the CSHAKE-256 message digest of a input data buffer.
226 This function performs the CSHAKE-256 message digest of a given data buffer, and places
227 the digest value into the specified memory.
229 @param[in] Data Pointer to the buffer containing the data to be hashed.
230 @param[in] DataSize Size of Data buffer in bytes.
231 @param[in] OutputLen Size of output in bytes.
232 @param[in] Name Pointer to the function name string.
233 @param[in] NameLen Size of the function name in bytes.
234 @param[in] Customization Pointer to the customization string.
235 @param[in] CustomizationLen Size of the customization string in bytes.
236 @param[out] HashValue Pointer to a buffer that receives the CSHAKE-256 digest
239 @retval TRUE CSHAKE-256 digest computation succeeded.
240 @retval FALSE CSHAKE-256 digest computation failed.
241 @retval FALSE This interface is not supported.
252 IN CONST VOID
*Customization
,
253 IN UINTN CustomizationLen
,
261 // Check input parameters.
263 if (HashValue
== NULL
) {
267 if ((Data
== NULL
) && (DataSize
!= 0)) {
271 Status
= CShake256Init (&Ctx
, OutputLen
, Name
, NameLen
, Customization
, CustomizationLen
);
276 Status
= CShake256Update (&Ctx
, Data
, DataSize
);
281 return CShake256Final (&Ctx
, HashValue
);