#ifndef FIPS202_H #define FIPS202_H #include #include #define SHAKE128_RATE 168 #define SHAKE256_RATE 136 #define SHA3_256_RATE 136 #define SHA3_384_RATE 104 #define SHA3_512_RATE 72 #define PQC_SHAKEINCCTX_BYTES (sizeof(uint64_t)*26) #define PQC_SHAKECTX_BYTES (sizeof(uint64_t)*25) // Context for incremental API typedef struct { uint64_t* ctx; } shake128incctx; // Context for non-incremental API typedef struct { uint64_t* ctx; } shake128ctx; // Context for incremental API typedef struct { uint64_t* ctx; } shake256incctx; // Context for non-incremental API typedef struct { uint64_t* ctx; } shake256ctx; // Context for incremental API typedef struct { uint64_t* ctx; } sha3_256incctx; // Context for incremental API typedef struct { uint64_t* ctx; } sha3_384incctx; // Context for incremental API typedef struct { uint64_t* ctx; } sha3_512incctx; /* Initialize the state and absorb the provided input. * * This function does not support being called multiple times * with the same state. */ void shake128_absorb(shake128ctx *state, const uint8_t *input, size_t inlen); /* Squeeze output out of the sponge. * * Supports being called multiple times */ void shake128_squeezeblocks(uint8_t *output, size_t nblocks, shake128ctx *state); /* Free the state */ void shake128_ctx_release(shake128ctx *state); /* Copy the state. */ void shake128_ctx_clone(shake128ctx *dest, const shake128ctx *src); /* Initialize incremental hashing API */ void shake128_inc_init(shake128incctx *state); /* Absorb more information into the XOF. * * Can be called multiple times. */ void shake128_inc_absorb(shake128incctx *state, const uint8_t *input, size_t inlen); // Reset the state void shake128_inc_reset(shake128incctx *state); /* Finalize the XOF for squeezing */ void shake128_inc_finalize(shake128incctx *state); /* Squeeze output out of the sponge. * * Supports being called multiple times */ void shake128_inc_squeeze(uint8_t *output, size_t outlen, shake128incctx *state); /* Copy the context of the SHAKE128 XOF */ void shake128_inc_ctx_clone(shake128incctx* dest, const shake128incctx *src); /* Free the context of the SHAKE128 XOF */ void shake128_inc_ctx_release(shake128incctx *state); /* Initialize the state and absorb the provided input. * * This function does not support being called multiple times * with the same state. */ void shake256_absorb(shake256ctx *state, const uint8_t *input, size_t inlen); /* Squeeze output out of the sponge. * * Supports being called multiple times */ void shake256_squeezeblocks(uint8_t *output, size_t nblocks, shake256ctx *state); // Reset the state void shake256_inc_reset(shake256incctx *state); /* Free the context held by this XOF */ void shake256_ctx_release(shake256ctx *state); /* Copy the context held by this XOF */ void shake256_ctx_clone(shake256ctx *dest, const shake256ctx *src); /* Initialize incremental hashing API */ void shake256_inc_init(shake256incctx *state); void shake256_inc_absorb(shake256incctx *state, const uint8_t *input, size_t inlen); /* Prepares for squeeze phase */ void shake256_inc_finalize(shake256incctx *state); /* Squeeze output out of the sponge. * * Supports being called multiple times */ void shake256_inc_squeeze(uint8_t *output, size_t outlen, shake256incctx *state); /* Copy the state */ void shake256_inc_ctx_clone(shake256incctx* dest, const shake256incctx *src); /* Free the state */ void shake256_inc_ctx_release(shake256incctx *state); /* One-stop SHAKE128 call */ void shake128(uint8_t *output, size_t outlen, const uint8_t *input, size_t inlen); /* One-stop SHAKE256 call */ void shake256(uint8_t *output, size_t outlen, const uint8_t *input, size_t inlen); /* Initialize the incremental hashing state */ void sha3_256_inc_init(sha3_256incctx *state); /* Absorb blocks into SHA3 */ void sha3_256_inc_absorb(sha3_256incctx *state, const uint8_t *input, size_t inlen); /* Obtain the output of the function and free `state` */ void sha3_256_inc_finalize(uint8_t *output, sha3_256incctx *state); /* Copy the context */ void sha3_256_inc_ctx_clone(sha3_256incctx *dest, const sha3_256incctx *src); /* Release the state, don't use if `_finalize` has been used */ void sha3_256_inc_ctx_release(sha3_256incctx *state); void sha3_256(uint8_t *output, const uint8_t *input, size_t inlen); /* Initialize the incremental hashing state */ void sha3_384_inc_init(sha3_384incctx *state); /* Absorb blocks into SHA3 */ void sha3_384_inc_absorb(sha3_384incctx *state, const uint8_t *input, size_t inlen); /* Obtain the output of the function and free `state` */ void sha3_384_inc_finalize(uint8_t *output, sha3_384incctx *state); /* Copy the context */ void sha3_384_inc_ctx_clone(sha3_384incctx *dest, const sha3_384incctx *src); /* Release the state, don't use if `_finalize` has been used */ void sha3_384_inc_ctx_release(sha3_384incctx *state); /* One-stop SHA3-384 shop */ void sha3_384(uint8_t *output, const uint8_t *input, size_t inlen); /* Initialize the incremental hashing state */ void sha3_512_inc_init(sha3_512incctx *state); /* Absorb blocks into SHA3 */ void sha3_512_inc_absorb(sha3_512incctx *state, const uint8_t *input, size_t inlen); /* Obtain the output of the function and free `state` */ void sha3_512_inc_finalize(uint8_t *output, sha3_512incctx *state); /* Copy the context */ void sha3_512_inc_ctx_clone(sha3_512incctx *dest, const sha3_512incctx *src); /* Release the state, don't use if `_finalize` has been used */ void sha3_512_inc_ctx_release(sha3_512incctx *state); /* One-stop SHA3-512 shop */ void sha3_512(uint8_t *output, const uint8_t *input, size_t inlen); #endif