Crypto++ 8.9
Free C++ class library of cryptographic schemes
shake.h
Go to the documentation of this file.
1// shake.h - written and placed in the public domain by Jeffrey Walton
2
3/// \file shake.h
4/// \brief Classes for SHAKE message digests
5/// \details The library provides byte oriented SHAKE128 and SHAKE256 using F1600.
6/// FIPS 202 allows nearly unlimited output sizes, but Crypto++ limits the output
7/// size to <tt>UINT_MAX</tt> due underlying data types.
8/// \sa Keccak, SHA3, SHAKE128, SHAKE256,
9/// <a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf">FIPS 202,
10/// SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions</a>
11/// \since Crypto++ 8.1
12
13#ifndef CRYPTOPP_SHAKE_H
14#define CRYPTOPP_SHAKE_H
15
16#include "cryptlib.h"
17#include "secblock.h"
18
19NAMESPACE_BEGIN(CryptoPP)
20
21/// \brief SHAKE message digest base class
22/// \details SHAKE is the base class for SHAKE128 and SHAKE258.
23/// Library users should instantiate a derived class, and only use SHAKE
24/// as a base class reference or pointer.
25/// \sa Keccak, SHA3, SHAKE128, SHAKE256,
26/// <a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf">FIPS 202,
27/// SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions</a>
28/// \since Crypto++ 8.1
30{
31protected:
32 /// \brief Construct a SHAKE
33 /// \param digestSize the digest size, in bytes
34 /// \details SHAKE is the base class for SHAKE128 and SHAKE256.
35 /// Library users should instantiate a derived class, and only use SHAKE
36 /// as a base class reference or pointer.
37 /// \details This constructor was moved to protected at Crypto++ 8.1
38 /// because users were attempting to create Keccak objects with it.
39 /// \since Crypto++ 8.1
40 SHAKE(unsigned int digestSize) : m_digestSize(digestSize) {Restart();}
41
42public:
43 unsigned int DigestSize() const {return m_digestSize;}
44 unsigned int OptimalDataAlignment() const {return GetAlignmentOf<word64>();}
45
46 void Update(const byte *input, size_t length);
47 void Restart();
48 void TruncatedFinal(byte *hash, size_t size);
49
50protected:
51 inline unsigned int r() const {return BlockSize();}
52
53 // SHAKE-128 and SHAKE-256 effectively allow unlimited
54 // output length. However, we use an unsigned int so
55 // we are limited in practice to UINT_MAX.
56 void ThrowIfInvalidTruncatedSize(size_t size) const;
57
59 unsigned int m_digestSize, m_counter;
60};
61
62/// \brief SHAKE message digest template
63/// \tparam T_Strength the strength of the digest
64/// \since Crypto++ 8.1
65template<unsigned int T_Strength>
66class SHAKE_Final : public SHAKE
67{
68public:
69 CRYPTOPP_CONSTANT(DIGESTSIZE = (T_Strength == 128 ? 32 : 64));
70 CRYPTOPP_CONSTANT(BLOCKSIZE = (T_Strength == 128 ? 1344/8 : 1088/8));
71 static std::string StaticAlgorithmName()
72 { return "SHAKE-" + IntToString(T_Strength); }
73
74 /// \brief Construct a SHAKE-X message digest
75 /// \details SHAKE128 and SHAKE256 don't need the output size in advance
76 /// because the output size does not affect the digest. TruncatedFinal
77 /// produces the correct digest for any output size. However, cSHAKE
78 /// requires the output size in advance because the algorithm uses
79 /// output size as a parameter to the hash function.
80 SHAKE_Final(unsigned int outputSize=DIGESTSIZE) : SHAKE(outputSize) {}
81
82 /// \brief Provides the block size of the compression function
83 /// \return block size of the compression function, in bytes
84 /// \details BlockSize() will return 0 if the hash is not block based
85 /// or does not have an equivalent block size. For example, Keccak
86 /// and SHA-3 do not have a block size, but they do have an equivalent
87 /// to block size called rate expressed as <tt>r</tt>.
88 unsigned int BlockSize() const { return BLOCKSIZE; }
89
90 std::string AlgorithmName() const { return StaticAlgorithmName(); }
91
92private:
93#if !defined(__BORLANDC__)
94 // ensure there was no underflow in the math
95 CRYPTOPP_COMPILE_ASSERT(BLOCKSIZE < 200);
96#endif
97};
98
99/// \brief SHAKE128 message digest
100/// \details The library provides byte oriented SHAKE128 using F1600.
101/// FIPS 202 allows nearly unlimited output sizes, but Crypto++ limits
102/// the output size to <tt>UINT_MAX</tt> due underlying data types.
103/// \sa Keccak, SHA3, SHAKE256,
104/// <a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf">FIPS 202,
105/// SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions</a>
106/// \since Crypto++ 8.1
107class SHAKE128 : public SHAKE_Final<128>
108{
109public:
110 /// \brief Construct a SHAKE128 message digest
111 /// \details SHAKE128 and SHAKE256 don't need the output size in advance
112 /// because the output size does not affect the digest. TruncatedFinal
113 /// produces the correct digest for any output size. However, cSHAKE
114 /// requires the output size in advance because the algorithm uses
115 /// output size as a parameter to the hash function.
116 /// \since Crypto++ 8.1
118
119 /// \brief Construct a SHAKE128 message digest
120 /// \details SHAKE128 and SHAKE256 don't need the output size in advance
121 /// because the output size does not affect the digest. TruncatedFinal
122 /// produces the correct digest for any output size. However, cSHAKE
123 /// requires the output size in advance because the algorithm uses
124 /// output size as a parameter to the hash function.
125 /// \since Crypto++ 8.1
126 SHAKE128(unsigned int outputSize) : SHAKE_Final<128>(outputSize) {}
127};
128
129/// \brief SHAKE256 message digest
130/// \details The library provides byte oriented SHAKE256 using F1600.
131/// FIPS 202 allows nearly unlimited output sizes, but Crypto++ limits
132/// the output size to <tt>UINT_MAX</tt> due underlying data types.
133/// \sa Keccak, SHA3, SHAKE128,
134/// <a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf">FIPS 202,
135/// SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions</a>
136/// \since Crypto++ 8.1
137class SHAKE256 : public SHAKE_Final<256>
138{
139public:
140 /// \brief Construct a SHAKE256 message digest
141 /// \details SHAKE128 and SHAKE256 don't need the output size in advance
142 /// because the output size does not affect the digest. TruncatedFinal
143 /// produces the correct digest for any output size. However, cSHAKE
144 /// requires the output size in advance because the algorithm uses
145 /// output size as a parameter to the hash function.
146 /// \since Crypto++ 8.1
148
149 /// \brief Construct a SHAKE256 message digest
150 /// \details SHAKE128 and SHAKE256 don't need the output size in advance
151 /// because the output size does not affect the digest. TruncatedFinal
152 /// produces the correct digest for any output size. However, cSHAKE
153 /// requires the output size in advance because the algorithm uses
154 /// output size as a parameter to the hash function.
155 /// \since Crypto++ 8.1
156 SHAKE256(unsigned int outputSize) : SHAKE_Final<256>(outputSize) {}
157};
158
159NAMESPACE_END
160
161#endif
Fixed size stack-based SecBlock.
Definition secblock.h:1246
Interface for hash functions and data processing part of MACs.
Definition cryptlib.h:1118
SHAKE128 message digest.
Definition shake.h:108
SHAKE128(unsigned int outputSize)
Construct a SHAKE128 message digest.
Definition shake.h:126
SHAKE128()
Construct a SHAKE128 message digest.
Definition shake.h:117
SHAKE256 message digest.
Definition shake.h:138
SHAKE256(unsigned int outputSize)
Construct a SHAKE256 message digest.
Definition shake.h:156
SHAKE256()
Construct a SHAKE256 message digest.
Definition shake.h:147
SHAKE message digest template.
Definition shake.h:67
unsigned int BlockSize() const
Provides the block size of the compression function.
Definition shake.h:88
SHAKE_Final(unsigned int outputSize=DIGESTSIZE)
Construct a SHAKE-X message digest.
Definition shake.h:80
std::string AlgorithmName() const
Provides the name of this algorithm.
Definition shake.h:90
SHAKE message digest base class.
Definition shake.h:30
unsigned int OptimalDataAlignment() const
Provides input and output data alignment for optimal performance.
Definition shake.h:44
unsigned int DigestSize() const
Provides the digest size of the hash.
Definition shake.h:43
Abstract base classes that provide a uniform interface to this library.
#define CRYPTOPP_COMPILE_ASSERT(expr)
Compile time assertion.
Definition misc.h:153
std::string IntToString(T value, unsigned int base=10)
Converts a value to a string.
Definition misc.h:929
Crypto++ library namespace.
Classes and functions for secure memory allocations.