sha3.h

   1 /* sha3.h
   2
   3    The sha3 hash function (aka Keccak).
   4
   5    Copyright (C) 2012 Niels Möller
   6
   7    This file is part of GNU Nettle.
   8
   9    GNU Nettle is free software: you can redistribute it and/or
  10    modify it under the terms of either:
  11
  12      * the GNU Lesser General Public License as published by the Free
  13        Software Foundation; either version 3 of the License, or (at your
  14        option) any later version.
  15
  16    or
  17
  18      * the GNU General Public License as published by the Free
  19        Software Foundation; either version 2 of the License, or (at your
  20        option) any later version.
  21
  22    or both in parallel, as here.
  23
  24    GNU Nettle is distributed in the hope that it will be useful,
  25    but WITHOUT ANY WARRANTY; without even the implied warranty of
  26    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  27    General Public License for more details.
  28
  29    You should have received copies of the GNU General Public License and
  30    the GNU Lesser General Public License along with this program.  If
  31    not, see http://www.gnu.org/licenses/.
  32 */
  33
  34 #ifndef NETTLE_SHA3_H_INCLUDED
  35 #define NETTLE_SHA3_H_INCLUDED
  36
  37 #include "nettle-types.h"
  38
  39 #ifdef __cplusplus
  40 extern "C" {
  41 #endif
  42
  43 /* Name mangling */
  44 #define sha3_permute nettle_sha3_permute
  45 #define sha3_224_init nettle_sha3_224_init
  46 #define sha3_224_update nettle_sha3_224_update
  47 #define sha3_224_digest nettle_sha3_224_digest
  48 #define sha3_256_init nettle_sha3_256_init
  49 #define sha3_256_update nettle_sha3_256_update
  50 #define sha3_256_digest nettle_sha3_256_digest
  51 #define sha3_256_shake nettle_sha3_256_shake
  52 #define sha3_384_init nettle_sha3_384_init
  53 #define sha3_384_update nettle_sha3_384_update
  54 #define sha3_384_digest nettle_sha3_384_digest
  55 #define sha3_512_init nettle_sha3_512_init
  56 #define sha3_512_update nettle_sha3_512_update
  57 #define sha3_512_digest nettle_sha3_512_digest
  58
  59 /* Indicates that SHA3 is the NIST FIPS 202 version. */
  60 #define NETTLE_SHA3_FIPS202 1
  61
  62 /* The sha3 state is a 5x5 matrix of 64-bit words. In the notation of
  63    Keccak description, S[x,y] is element x + 5*y, so if x is
  64    interpreted as the row index and y the column index, it is stored
  65    in column-major order. */
  66 #define SHA3_STATE_LENGTH 25
  67
  68 /* The "width" is 1600 bits or 200 octets */
  69 struct sha3_state
  70 {
  71   uint64_t a[SHA3_STATE_LENGTH];
  72 };
  73
  74 void
  75 sha3_permute (struct sha3_state *state);
  76
  77 /* The "capacity" is set to 2*(digest size), 512 bits or 64 octets.
  78    The "rate" is the width - capacity, or width - 2 * (digest
  79    size). */
  80
  81 #define SHA3_224_DIGEST_SIZE 28
  82 #define SHA3_224_BLOCK_SIZE 144
  83
  84 #define SHA3_256_DIGEST_SIZE 32
  85 #define SHA3_256_BLOCK_SIZE 136
  86
  87 #define SHA3_384_DIGEST_SIZE 48
  88 #define SHA3_384_BLOCK_SIZE 104
  89
  90 #define SHA3_512_DIGEST_SIZE 64
  91 #define SHA3_512_BLOCK_SIZE 72
  92
  93 /* For backwards compatibility */
  94 #define SHA3_224_DATA_SIZE SHA3_224_BLOCK_SIZE
  95 #define SHA3_256_DATA_SIZE SHA3_256_BLOCK_SIZE
  96 #define SHA3_384_DATA_SIZE SHA3_384_BLOCK_SIZE
  97 #define SHA3_512_DATA_SIZE SHA3_512_BLOCK_SIZE
  98
  99 struct sha3_224_ctx
 100 {
 101   struct sha3_state state;
 102   unsigned index;
 103   uint8_t block[SHA3_224_BLOCK_SIZE];
 104 };
 105
 106 void
 107 sha3_224_init (struct sha3_224_ctx *ctx);
 108
 109 void
 110 sha3_224_update (struct sha3_224_ctx *ctx,
 111                  size_t length,
 112                  const uint8_t *data);
 113
 114 void
 115 sha3_224_digest(struct sha3_224_ctx *ctx,
 116                 size_t length,
 117                 uint8_t *digest);
 118
 119 struct sha3_256_ctx
 120 {
 121   struct sha3_state state;
 122   unsigned index;
 123   uint8_t block[SHA3_256_BLOCK_SIZE];
 124 };
 125
 126 void
 127 sha3_256_init (struct sha3_256_ctx *ctx);
 128
 129 void
 130 sha3_256_update (struct sha3_256_ctx *ctx,
 131                  size_t length,
 132                  const uint8_t *data);
 133
 134 void
 135 sha3_256_digest(struct sha3_256_ctx *ctx,
 136                 size_t length,
 137                 uint8_t *digest);
 138
 139 /* Alternative digest function implementing shake256, with arbitrary
 140    digest size */
 141 void
 142 sha3_256_shake(struct sha3_256_ctx *ctx,
 143                size_t length,
 144                uint8_t *digest);
 145
 146 struct sha3_384_ctx
 147 {
 148   struct sha3_state state;
 149   unsigned index;
 150   uint8_t block[SHA3_384_BLOCK_SIZE];
 151 };
 152
 153 void
 154 sha3_384_init (struct sha3_384_ctx *ctx);
 155
 156 void
 157 sha3_384_update (struct sha3_384_ctx *ctx,
 158                  size_t length,
 159                  const uint8_t *data);
 160
 161 void
 162 sha3_384_digest(struct sha3_384_ctx *ctx,
 163                 size_t length,
 164                 uint8_t *digest);
 165
 166 struct sha3_512_ctx
 167 {
 168   struct sha3_state state;
 169   unsigned index;
 170   uint8_t block[SHA3_512_BLOCK_SIZE];
 171 };
 172
 173 void
 174 sha3_512_init (struct sha3_512_ctx *ctx);
 175
 176 void
 177 sha3_512_update (struct sha3_512_ctx *ctx,
 178                  size_t length,
 179                  const uint8_t *data);
 180
 181 void
 182 sha3_512_digest(struct sha3_512_ctx *ctx,
 183                 size_t length,
 184                 uint8_t *digest);
 185
 186 #ifdef __cplusplus
 187 }
 188 #endif
 189
 190 #endif /* NETTLE_SHA3_H_INCLUDED */