56a3715ddc
* Replaced round-1 Kyber code with round-2 Kyber code (not yet cleaned/namespaced) * Namespacing for Kyber * Some more work on round-2 Kyber (more namespacing) * Added missing files * Round-2 Kyber768 now passing all tests under Linux * Various small tweaks to make MS compiler happy * Two more tweaks for MS compiler * Added Kyber512 and Kyber1024 (round-2 versions) * Making MS compiler happy * More fixes for MS compiler * Replaced round-1 Kyber code with round-2 Kyber code (not yet cleaned/namespaced) * Namespacing for Kyber * Some more work on round-2 Kyber (more namespacing) * Added missing files * Round-2 Kyber768 now passing all tests under Linux * Various small tweaks to make MS compiler happy * Two more tweaks for MS compiler * Added Kyber512 and Kyber1024 (round-2 versions) * Making MS compiler happy * More fixes for MS compiler * Started more cleanup work on Kyber768 * Replaced round-1 Kyber code with round-2 Kyber code (not yet cleaned/namespaced) * Namespacing for Kyber * Some more work on round-2 Kyber (more namespacing) * Added missing files * Round-2 Kyber768 now passing all tests under Linux * Various small tweaks to make MS compiler happy * Two more tweaks for MS compiler * Added Kyber512 and Kyber1024 (round-2 versions) * Replaced round-1 Kyber code with round-2 Kyber code (not yet cleaned/namespaced) * Namespacing for Kyber * Some more work on round-2 Kyber (more namespacing) * Added missing files * Round-2 Kyber768 now passing all tests under Linux * Various small tweaks to make MS compiler happy * Two more tweaks for MS compiler * Added Kyber512 and Kyber1024 (round-2 versions) * Making MS compiler happy * Making MS compiler happy * More fixes for MS compiler * More fixes for MS compiler * Started more cleanup work on Kyber768 * Kyber768 passing all tests locally * Kyber512 passes all tests locally * Kyber1024 now also passing all tests locally * Now passing all tests with -Wmissing-prototypes * Local tests (on Linux) passing again
65 lines
2.7 KiB
C
65 lines
2.7 KiB
C
#include "fips202.h"
|
|
#include "symmetric.h"
|
|
|
|
#include <stdlib.h>
|
|
|
|
/*************************************************
|
|
* Name: PQCLEAN_KYBER768_CLEAN_kyber_shake128_absorb
|
|
*
|
|
* Description: Absorb step of the SHAKE128 specialized for the Kyber context.
|
|
*
|
|
* Arguments: - uint64_t *s: pointer to (uninitialized) output Keccak state
|
|
* - const unsigned char *input: pointer to KYBER_SYMBYTES input to be absorbed into s
|
|
* - unsigned char i additional byte of input
|
|
* - unsigned char j additional byte of input
|
|
**************************************************/
|
|
void PQCLEAN_KYBER768_CLEAN_kyber_shake128_absorb(keccak_state *s, const unsigned char *input, unsigned char x, unsigned char y) {
|
|
unsigned char extseed[KYBER_SYMBYTES + 2];
|
|
int i;
|
|
|
|
for (i = 0; i < KYBER_SYMBYTES; i++) {
|
|
extseed[i] = input[i];
|
|
}
|
|
extseed[i++] = x;
|
|
extseed[i] = y;
|
|
shake128_absorb(s->s, extseed, KYBER_SYMBYTES + 2);
|
|
}
|
|
|
|
/*************************************************
|
|
* Name: PQCLEAN_KYBER768_CLEAN_kyber_shake128_squeezeblocks
|
|
*
|
|
* Description: Squeeze step of SHAKE128 XOF. Squeezes full blocks of SHAKE128_RATE bytes each.
|
|
* Modifies the state. Can be called multiple times to keep squeezing,
|
|
* i.e., is incremental.
|
|
*
|
|
* Arguments: - unsigned char *output: pointer to output blocks
|
|
* - size_t nblocks: number of blocks to be squeezed (written to output)
|
|
* - keccak_state *s: pointer to in/output Keccak state
|
|
**************************************************/
|
|
void PQCLEAN_KYBER768_CLEAN_kyber_shake128_squeezeblocks(unsigned char *output, size_t nblocks, keccak_state *s) {
|
|
shake128_squeezeblocks(output, nblocks, s->s);
|
|
}
|
|
|
|
/*************************************************
|
|
* Name: PQCLEAN_KYBER768_CLEAN_shake256_prf
|
|
*
|
|
* Description: Usage of SHAKE256 as a PRF, concatenates secret and public input
|
|
* and then generates outlen bytes of SHAKE256 output
|
|
*
|
|
* Arguments: - unsigned char *output: pointer to output
|
|
* - size_t outlen: number of requested output bytes
|
|
* - const unsigned char * key: pointer to the key (of length KYBER_SYMBYTES)
|
|
* - const unsigned char nonce: single-byte nonce (public PRF input)
|
|
**************************************************/
|
|
void PQCLEAN_KYBER768_CLEAN_shake256_prf(unsigned char *output, size_t outlen, const unsigned char *key, unsigned char nonce) {
|
|
unsigned char extkey[KYBER_SYMBYTES + 1];
|
|
size_t i;
|
|
|
|
for (i = 0; i < KYBER_SYMBYTES; i++) {
|
|
extkey[i] = key[i];
|
|
}
|
|
extkey[i] = nonce;
|
|
|
|
shake256(output, outlen, extkey, KYBER_SYMBYTES + 1);
|
|
}
|