Crypto++  8.6
Free C++ class library of cryptographic schemes
shake.h
Go to the documentation of this file.
1 // shake.h - written and placed in the public domain by Jeffrey Walton
2 
3 /// \file shake.h
4 /// \brief Classes for SHAKE message digests
5 /// \details The library provides byte oriented SHAKE128 and SHAKE256 using F1600.
6 /// FIPS 202 allows nearly unlimited output sizes, but Crypto++ limits the output
7 /// size to <tt>UINT_MAX</tt> due underlying data types.
8 /// \sa Keccak, SHA3, SHAKE128, SHAKE256,
9 /// <a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf">FIPS 202,
10 /// SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions</a>
11 /// \since Crypto++ 8.1
12 
13 #ifndef CRYPTOPP_SHAKE_H
14 #define CRYPTOPP_SHAKE_H
15 
16 #include "cryptlib.h"
17 #include "secblock.h"
18 
19 NAMESPACE_BEGIN(CryptoPP)
20 
21 /// \brief SHAKE message digest base class
22 /// \details SHAKE is the base class for SHAKE128 and SHAKE258.
23 /// Library users should instantiate a derived class, and only use SHAKE
24 /// as a base class reference or pointer.
25 /// \sa Keccak, SHA3, SHAKE128, SHAKE256,
26 /// <a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf">FIPS 202,
27 /// SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions</a>
28 /// \since Crypto++ 8.1
29 class SHAKE : public HashTransformation
30 {
31 protected:
32  /// \brief Construct a SHAKE
33  /// \param digestSize the digest size, in bytes
34  /// \details SHAKE is the base class for SHAKE128 and SHAKE256.
35  /// Library users should instantiate a derived class, and only use SHAKE
36  /// as a base class reference or pointer.
37  /// \details This constructor was moved to protected at Crypto++ 8.1
38  /// because users were attempting to create Keccak objects with it.
39  /// \since Crypto++ 8.1
40  SHAKE(unsigned int digestSize) : m_digestSize(digestSize) {Restart();}
41 
42 public:
43  unsigned int DigestSize() const {return m_digestSize;}
44  unsigned int OptimalDataAlignment() const {return GetAlignmentOf<word64>();}
45 
46  void Update(const byte *input, size_t length);
47  void Restart();
48  void TruncatedFinal(byte *hash, size_t size);
49 
50 protected:
51  inline unsigned int r() const {return BlockSize();}
52 
53  // SHAKE-128 and SHAKE-256 effectively allow unlimited
54  // output length. However, we use an unsigned int so
55  // we are limited in practice to UINT_MAX.
56  void ThrowIfInvalidTruncatedSize(size_t size) const;
57 
59  unsigned int m_digestSize, m_counter;
60 };
61 
62 /// \brief SHAKE message digest template
63 /// \tparam T_Strength the strength of the digest
64 /// \since Crypto++ 8.1
65 template<unsigned int T_Strength>
66 class SHAKE_Final : public SHAKE
67 {
68 public:
69  CRYPTOPP_CONSTANT(DIGESTSIZE = (T_Strength == 128 ? 32 : 64));
70  CRYPTOPP_CONSTANT(BLOCKSIZE = (T_Strength == 128 ? 1344/8 : 1088/8));
71  static std::string StaticAlgorithmName()
72  { return "SHAKE-" + IntToString(T_Strength); }
73 
74  /// \brief Construct a SHAKE-X message digest
75  /// \details SHAKE128 and SHAKE256 don't need the output size in advance
76  /// because the output size does not affect the digest. TruncatedFinal
77  /// produces the correct digest for any output size. However, cSHAKE
78  /// requires the output size in advance because the algoirthm uses
79  /// output size as a parameter to the hash function.
80  SHAKE_Final(unsigned int outputSize=DIGESTSIZE) : SHAKE(outputSize) {}
81 
82  /// \brief Provides the block size of the compression function
83  /// \return block size of the compression function, in bytes
84  /// \details BlockSize() will return 0 if the hash is not block based
85  /// or does not have an equivalent block size. For example, Keccak
86  /// and SHA-3 do not have a block size, but they do have an equivalent
87  /// to block size called rate expressed as <tt>r</tt>.
88  unsigned int BlockSize() const { return BLOCKSIZE; }
89 
90  std::string AlgorithmName() const { return StaticAlgorithmName(); }
91 
92 private:
93 #if !defined(__BORLANDC__)
94  // ensure there was no underflow in the math
95  CRYPTOPP_COMPILE_ASSERT(BLOCKSIZE < 200);
96 #endif
97 };
98 
99 /// \brief SHAKE128 message digest
100 /// \details The library provides byte oriented SHAKE128 using F1600.
101 /// FIPS 202 allows nearly unlimited output sizes, but Crypto++ limits
102 /// the output size to <tt>UINT_MAX</tt> due underlying data types.
103 /// \sa Keccak, SHA3, SHAKE256,
104 /// <a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf">FIPS 202,
105 /// SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions</a>
106 /// \since Crypto++ 8.1
107 class SHAKE128 : public SHAKE_Final<128>
108 {
109 public:
110  /// \brief Construct a SHAKE128 message digest
111  /// \details SHAKE128 and SHAKE256 don't need the output size in advance
112  /// because the output size does not affect the digest. TruncatedFinal
113  /// produces the correct digest for any output size. However, cSHAKE
114  /// requires the output size in advance because the algoirthm uses
115  /// output size as a parameter to the hash function.
116  /// \since Crypto++ 8.1
117  SHAKE128() {}
118 
119  /// \brief Construct a SHAKE128 message digest
120  /// \details SHAKE128 and SHAKE256 don't need the output size in advance
121  /// because the output size does not affect the digest. TruncatedFinal
122  /// produces the correct digest for any output size. However, cSHAKE
123  /// requires the output size in advance because the algoirthm uses
124  /// output size as a parameter to the hash function.
125  /// \since Crypto++ 8.1
126  SHAKE128(unsigned int outputSize) : SHAKE_Final<128>(outputSize) {}
127 };
128 
129 /// \brief SHAKE256 message digest
130 /// \details The library provides byte oriented SHAKE256 using F1600.
131 /// FIPS 202 allows nearly unlimited output sizes, but Crypto++ limits
132 /// the output size to <tt>UINT_MAX</tt> due underlying data types.
133 /// \sa Keccak, SHA3, SHAKE128,
134 /// <a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf">FIPS 202,
135 /// SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions</a>
136 /// \since Crypto++ 8.1
137 class SHAKE256 : public SHAKE_Final<256>
138 {
139 public:
140  /// \brief Construct a SHAKE256 message digest
141  /// \details SHAKE128 and SHAKE256 don't need the output size in advance
142  /// because the output size does not affect the digest. TruncatedFinal
143  /// produces the correct digest for any output size. However, cSHAKE
144  /// requires the output size in advance because the algoirthm uses
145  /// output size as a parameter to the hash function.
146  /// \since Crypto++ 8.1
147  SHAKE256() {}
148 
149  /// \brief Construct a SHAKE256 message digest
150  /// \details SHAKE128 and SHAKE256 don't need the output size in advance
151  /// because the output size does not affect the digest. TruncatedFinal
152  /// produces the correct digest for any output size. However, cSHAKE
153  /// requires the output size in advance because the algoirthm uses
154  /// output size as a parameter to the hash function.
155  /// \since Crypto++ 8.1
156  SHAKE256(unsigned int outputSize) : SHAKE_Final<256>(outputSize) {}
157 };
158 
159 NAMESPACE_END
160 
161 #endif
SHAKE_Final
SHAKE message digest template.
Definition: shake.h:66
SHAKE_Final::AlgorithmName
std::string AlgorithmName() const
Provides the name of this algorithm.
Definition: shake.h:90
HashTransformation
Interface for hash functions and data processing part of MACs.
Definition: cryptlib.h:1112
secblock.h
Classes and functions for secure memory allocations.
SHAKE
SHAKE message digest base class.
Definition: shake.h:29
SHAKE128::SHAKE128
SHAKE128()
Construct a SHAKE128 message digest.
Definition: shake.h:117
SHAKE128
SHAKE128 message digest.
Definition: shake.h:107
SHAKE256::SHAKE256
SHAKE256(unsigned int outputSize)
Construct a SHAKE256 message digest.
Definition: shake.h:156
CRYPTOPP_COMPILE_ASSERT
#define CRYPTOPP_COMPILE_ASSERT(expr)
Compile time assertion.
Definition: misc.h:151
SHAKE256::SHAKE256
SHAKE256()
Construct a SHAKE256 message digest.
Definition: shake.h:147
SHAKE::DigestSize
unsigned int DigestSize() const
Provides the digest size of the hash.
Definition: shake.h:43
IntToString
std::string IntToString(T value, unsigned int base=10)
Converts a value to a string.
Definition: misc.h:724
SHAKE_Final::BlockSize
unsigned int BlockSize() const
Provides the block size of the compression function.
Definition: shake.h:88
FixedSizeSecBlock< word64, 25 >
SHAKE128::SHAKE128
SHAKE128(unsigned int outputSize)
Construct a SHAKE128 message digest.
Definition: shake.h:126
CryptoPP
Crypto++ library namespace.
SHAKE_Final::SHAKE_Final
SHAKE_Final(unsigned int outputSize=DIGESTSIZE)
Construct a SHAKE-X message digest.
Definition: shake.h:80
SHAKE::OptimalDataAlignment
unsigned int OptimalDataAlignment() const
Provides input and output data alignment for optimal performance.
Definition: shake.h:44
SHAKE256
SHAKE256 message digest.
Definition: shake.h:137
cryptlib.h
Abstract base classes that provide a uniform interface to this library.