progs/mkphrase.c: Fix trailing spaces in usage message.

[catacomb] / symm / keccak1600.h

/* -*-c-*-
 *
 * The Keccak-p[1600, n] permutation
 *
 * (c) 2017 Straylight/Edgeware
 */

/*----- Licensing notice --------------------------------------------------*
 *
 * This file is part of Catacomb.
 *
 * Catacomb is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Library General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 *
 * Catacomb is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Library General Public License for more details.
 *
 * You should have received a copy of the GNU Library General Public
 * License along with Catacomb; if not, write to the Free
 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
 * MA 02111-1307, USA.
 */

#ifndef CATACOMB_KECCAK1600_H
#define CATACOMB_KECCAK1600_H

#ifdef __cplusplus
  extern "C" {
#endif

/*----- Notes on the Keccak-p[1600, n] permutation ------------------------*
 *
 * Keccak, by Guido Bertoni, Joan Daemen, Michaël Peeters, and Gilles Van
 * Assche, was the winning submission in NIST's competition to design a new
 * hash function, and is now the basis of the SHA3 standard.
 *
 * The cryptographic primitive, Keccak-p[1600, n], is an unkeyed permutation
 * on strings of 1600 bits.  It's used in the authors' `sponge construction',
 * which splits a 1600-bit state into an `inner part', whose size is known as
 * the `capacity', and an `outer part', whose size is known as the `rate'.
 * The security of the construction is determined by the capacity, and its
 * performance is determined by the rate.
 *
 * This file just implements the permutation and some accessors for the state
 * (which may be represented internally in a strange way, for performance
 * reasons).  Many useful things are defined along with SHA3.
 */

/*----- Header files ------------------------------------------------------*/

#include <mLib/bits.h>

/*----- Data structures ---------------------------------------------------*/

/* There are two possible internal representations for a lane in the state.
 * Which one is in use isn't specified here.  The context simply allows space
 * for either.
 */
typedef kludge64 keccak1600_lane_64;
typedef struct { uint32 even, odd; } keccak1600_lane_i32;

typedef union keccak1600_state {
  keccak1600_lane_64 s64[25];
  keccak1600_lane_i32 si32[25];
} keccak1600_state;

/*----- Functions provided ------------------------------------------------*/

/* --- @keccak1600_p@ --- *
 *
 * Arguments:   @keccak1600_state *z@ = where to write the output state
 *              @conts keccak1600_state *x@ = input state
 *              @unsigned n@ = number of rounds to perform
 *
 * Returns:     ---
 *
 * Use:         Implements the %$\Keccak[1600, n]$% permutation at the core
 *              of Keccak and the SHA-3 standard.
 */

extern void keccak1600_p(keccak1600_state */*z*/,
                         const keccak1600_state */*x*/, unsigned /*n*/);

/* --- @keccack1600_init@ --- *
 *
 * Arguments:   @keccak1600_state *s@ = a state to initialize
 *
 * Returns:     ---
 *
 * Use:         Initialize @s@ to the root state.
 */

extern void keccak1600_init(keccak1600_state */*s*/);

/* --- @keccak1600_mix@ --- *
 *
 * Arguments:   @keccak1600_state *s@ = a state to update
 *              @const kludge64 *p@ = pointer to 64-bit words to mix in
 *              @size_t n@ = size of the input, in 64-bit words
 *
 * Returns:     ---
 *
 * Use:         Mixes data into a %$\Keccak[r, 1600 - r]$% state.  Note that
 *              it's the caller's responsibility to pass in no more than
 *              %$r$% bits of data.
 */

extern void keccak1600_mix(keccak1600_state */*s*/,
                           const kludge64 */*p*/, size_t /*n*/);

/* --- @keccak1600_set@ --- *
 *
 * Arguments:   @keccak1600_state *s@ = a state to update
 *              @const kludge64 *p@ = pointer to 64-bit words to mix in
 *              @size_t n@ = size of the input, in 64-bit words
 *
 * Returns:     ---
 *
 * Use:         Stores data into a %$\Keccak[r, 1600 - r]$% state.  Note that
 *              it's the caller's responsibility to pass in no more than
 *              %$r$% bits of data.
 *
 *              This is not the operation you wanted for ordinary hashing.
 *              It's provided for the use of higher-level protocols which use
 *              duplexing and other fancy sponge features.
 */

extern void keccak1600_set(keccak1600_state */*s*/,
                           const kludge64 */*p*/, size_t /*n*/);

/* --- @keccak1600_extract@ --- *
 *
 * Arguments:   @const keccak1600_state *s@ = a state to extract output from
 *              @kludge64 *p@ = pointer to 64-bit words to write
 *              @size_t n@ = size of the output, in 64-bit words
 *
 * Returns:     ---
 *
 * Use:         Reads output from a %$\Keccak[r, 1600 - r]$% state.  Note
 *              that it's the caller's responsibility to extract no more than
 *              %$r$% bits of data.
 */

extern void keccak1600_extract(const keccak1600_state */*s*/,
                               kludge64 */*p*/, size_t /*n*/);

/*----- That's all, folks -------------------------------------------------*/

#ifdef __cplusplus
  }
#endif

#endif