Add xof functions into crypto_digest.[ch]
Added xof functions and operations into xof+digest module. Follows #24658. Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
This commit is contained in:
Fernando Fernandez Mancera
parent
f8b1493681
commit
202d27af71
|
|
@ -672,56 +672,6 @@ crypto_cipher_decrypt_with_iv(const char *key,
|
|||
return (int)(fromlen - CIPHER_IV_LEN);
|
||||
}
|
||||
|
||||
/** Internal state for a eXtendable-Output Function (XOF). */
|
||||
struct crypto_xof_t {
|
||||
keccak_state s;
|
||||
};
|
||||
|
||||
/** Allocate a new XOF object backed by SHAKE-256. The security level
|
||||
* provided is a function of the length of the output used. Read and
|
||||
* understand FIPS-202 A.2 "Additional Consideration for Extendable-Output
|
||||
* Functions" before using this construct.
|
||||
*/
|
||||
crypto_xof_t *
|
||||
crypto_xof_new(void)
|
||||
{
|
||||
crypto_xof_t *xof;
|
||||
xof = tor_malloc(sizeof(crypto_xof_t));
|
||||
keccak_xof_init(&xof->s, 256);
|
||||
return xof;
|
||||
}
|
||||
|
||||
/** Absorb bytes into a XOF object. Must not be called after a call to
|
||||
* crypto_xof_squeeze_bytes() for the same instance, and will assert
|
||||
* if attempted.
|
||||
*/
|
||||
void
|
||||
crypto_xof_add_bytes(crypto_xof_t *xof, const uint8_t *data, size_t len)
|
||||
{
|
||||
int i = keccak_xof_absorb(&xof->s, data, len);
|
||||
tor_assert(i == 0);
|
||||
}
|
||||
|
||||
/** Squeeze bytes out of a XOF object. Calling this routine will render
|
||||
* the XOF instance ineligible to absorb further data.
|
||||
*/
|
||||
void
|
||||
crypto_xof_squeeze_bytes(crypto_xof_t *xof, uint8_t *out, size_t len)
|
||||
{
|
||||
int i = keccak_xof_squeeze(&xof->s, out, len);
|
||||
tor_assert(i == 0);
|
||||
}
|
||||
|
||||
/** Cleanse and deallocate a XOF object. */
|
||||
void
|
||||
crypto_xof_free_(crypto_xof_t *xof)
|
||||
{
|
||||
if (!xof)
|
||||
return;
|
||||
memwipe(xof, 0, sizeof(crypto_xof_t));
|
||||
tor_free(xof);
|
||||
}
|
||||
|
||||
/* DH */
|
||||
|
||||
/** Our DH 'g' parameter */
|
||||
|
|
|
|||
|
|
@ -38,8 +38,6 @@
|
|||
#define FINGERPRINT_LEN 49
|
||||
|
||||
typedef struct aes_cnt_cipher crypto_cipher_t;
|
||||
typedef struct crypto_digest_t crypto_digest_t;
|
||||
typedef struct crypto_xof_t crypto_xof_t;
|
||||
typedef struct crypto_dh_t crypto_dh_t;
|
||||
|
||||
/* global state */
|
||||
|
|
@ -92,13 +90,6 @@ int crypto_cipher_decrypt_with_iv(const char *key,
|
|||
char *to, size_t tolen,
|
||||
const char *from, size_t fromlen);
|
||||
|
||||
crypto_xof_t *crypto_xof_new(void);
|
||||
void crypto_xof_add_bytes(crypto_xof_t *xof, const uint8_t *data, size_t len);
|
||||
void crypto_xof_squeeze_bytes(crypto_xof_t *xof, uint8_t *out, size_t len);
|
||||
void crypto_xof_free_(crypto_xof_t *xof);
|
||||
#define crypto_xof_free(xof) \
|
||||
FREE_AND_NULL(crypto_xof_t, crypto_xof_free_, (xof))
|
||||
|
||||
/* Key negotiation */
|
||||
#define DH_TYPE_CIRCUIT 1
|
||||
#define DH_TYPE_REND 2
|
||||
|
|
|
|||
|
|
@ -608,3 +608,55 @@ crypto_mac_sha3_256(uint8_t *mac_out, size_t len_out,
|
|||
crypto_digest_get_digest(digest, (char *) mac_out, len_out);
|
||||
crypto_digest_free(digest);
|
||||
}
|
||||
|
||||
/* xof functions */
|
||||
|
||||
/** Internal state for a eXtendable-Output Function (XOF). */
|
||||
struct crypto_xof_t {
|
||||
keccak_state s;
|
||||
};
|
||||
|
||||
/** Allocate a new XOF object backed by SHAKE-256. The security level
|
||||
* provided is a function of the length of the output used. Read and
|
||||
* understand FIPS-202 A.2 "Additional Consideration for Extendable-Output
|
||||
* Functions" before using this construct.
|
||||
*/
|
||||
crypto_xof_t *
|
||||
crypto_xof_new(void)
|
||||
{
|
||||
crypto_xof_t *xof;
|
||||
xof = tor_malloc(sizeof(crypto_xof_t));
|
||||
keccak_xof_init(&xof->s, 256);
|
||||
return xof;
|
||||
}
|
||||
|
||||
/** Absorb bytes into a XOF object. Must not be called after a call to
|
||||
* crypto_xof_squeeze_bytes() for the same instance, and will assert
|
||||
* if attempted.
|
||||
*/
|
||||
void
|
||||
crypto_xof_add_bytes(crypto_xof_t *xof, const uint8_t *data, size_t len)
|
||||
{
|
||||
int i = keccak_xof_absorb(&xof->s, data, len);
|
||||
tor_assert(i == 0);
|
||||
}
|
||||
|
||||
/** Squeeze bytes out of a XOF object. Calling this routine will render
|
||||
* the XOF instance ineligible to absorb further data.
|
||||
*/
|
||||
void
|
||||
crypto_xof_squeeze_bytes(crypto_xof_t *xof, uint8_t *out, size_t len)
|
||||
{
|
||||
int i = keccak_xof_squeeze(&xof->s, out, len);
|
||||
tor_assert(i == 0);
|
||||
}
|
||||
|
||||
/** Cleanse and deallocate a XOF object. */
|
||||
void
|
||||
crypto_xof_free_(crypto_xof_t *xof)
|
||||
{
|
||||
if (!xof)
|
||||
return;
|
||||
memwipe(xof, 0, sizeof(crypto_xof_t));
|
||||
tor_free(xof);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -67,6 +67,7 @@ typedef struct {
|
|||
} common_digests_t;
|
||||
|
||||
typedef struct crypto_digest_t crypto_digest_t;
|
||||
typedef struct crypto_xof_t crypto_xof_t;
|
||||
|
||||
/* public key crypto digest */
|
||||
MOCK_DECL(int, crypto_pk_public_checksig_digest,(crypto_pk_t *env,
|
||||
|
|
@ -116,6 +117,14 @@ void crypto_mac_sha3_256(uint8_t *mac_out, size_t len_out,
|
|||
const uint8_t *key, size_t key_len,
|
||||
const uint8_t *msg, size_t msg_len);
|
||||
|
||||
/* xof functions*/
|
||||
crypto_xof_t *crypto_xof_new(void);
|
||||
void crypto_xof_add_bytes(crypto_xof_t *xof, const uint8_t *data, size_t len);
|
||||
void crypto_xof_squeeze_bytes(crypto_xof_t *xof, uint8_t *out, size_t len);
|
||||
void crypto_xof_free_(crypto_xof_t *xof);
|
||||
#define crypto_xof_free(xof) \
|
||||
FREE_AND_NULL(crypto_xof_t, crypto_xof_free_, (xof))
|
||||
|
||||
#ifdef TOR_UNIT_TESTS
|
||||
digest_algorithm_t crypto_digest_get_algorithm(crypto_digest_t *digest);
|
||||
#endif
|
||||
|
|
|
|||
Loading…
Reference in New Issue