1 #ifndef SYMMETRIC_H
2 #define SYMMETRIC_H
3 
4 #include <stddef.h>
5 #include <stdint.h>
6 #include "params.h"
7 
8 #ifdef KYBER_90S
9 
10 #include "aes256ctr.h"
11 #include "sha2.h"
12 
13 #if (KYBER_SSBYTES != 32)
14 #error "90s variant of Kyber can only generate keys of length 256 bits"
15 #endif
16 
17 typedef aes256ctr_ctx xof_state;
18 
19 #define kyber_aes256xof_absorb KYBER_NAMESPACE(kyber_aes256xof_absorb)
20 void kyber_aes256xof_absorb(aes256ctr_ctx *state, const uint8_t seed[32], uint8_t x, uint8_t y);
21 
22 #define kyber_aes256ctr_prf KYBER_NAMESPACE(kyber_aes256ctr_prf)
23 void kyber_aes256ctr_prf(uint8_t *out, size_t outlen, const uint8_t key[32], uint8_t nonce);
24 
25 #define XOF_BLOCKBYTES AES256CTR_BLOCKBYTES
26 
27 #define hash_h(OUT, IN, INBYTES) sha256(OUT, IN, INBYTES)
28 #define hash_g(OUT, IN, INBYTES) sha512(OUT, IN, INBYTES)
29 #define xof_init(STATE)
30 #define xof_absorb(STATE, SEED, X, Y) kyber_aes256xof_absorb(STATE, SEED, X, Y)
31 #define xof_squeezeblocks(OUT, OUTBLOCKS, STATE) aes256ctr_squeezeblocks(OUT, OUTBLOCKS, STATE)
32 #define xof_release(STATE)
33 #define prf(OUT, OUTBYTES, KEY, NONCE) kyber_aes256ctr_prf(OUT, OUTBYTES, KEY, NONCE)
34 #define kdf(OUT, IN, INBYTES) sha256(OUT, IN, INBYTES)
35 
36 #else
37 
38 #include "fips202.h"
39 
40 typedef shake128incctx xof_state;
41 
42 #define kyber_shake128_absorb KYBER_NAMESPACE(kyber_shake128_absorb)
43 void kyber_shake128_absorb(shake128incctx *s,
44                            const uint8_t seed[KYBER_SYMBYTES],
45                            uint8_t x,
46                            uint8_t y);
47 
48 #define kyber_shake256_prf KYBER_NAMESPACE(kyber_shake256_prf)
49 void kyber_shake256_prf(uint8_t *out, size_t outlen, const uint8_t key[KYBER_SYMBYTES], uint8_t nonce);
50 
51 #define XOF_BLOCKBYTES SHAKE128_RATE
52 
53 #define hash_h(OUT, IN, INBYTES) sha3_256(OUT, IN, INBYTES)
54 #define hash_g(OUT, IN, INBYTES) sha3_512(OUT, IN, INBYTES)
55 #define xof_init(STATE) shake128_inc_init(STATE)
56 #define xof_absorb(STATE, SEED, X, Y) kyber_shake128_absorb(STATE, SEED, X, Y)
57 #define xof_squeezeblocks(OUT, OUTBLOCKS, STATE) shake128_squeezeblocks(OUT, OUTBLOCKS, STATE)
58 #define xof_release(STATE) shake128_inc_ctx_release(STATE)
59 #define prf(OUT, OUTBYTES, KEY, NONCE) kyber_shake256_prf(OUT, OUTBYTES, KEY, NONCE)
60 #define kdf(OUT, IN, INBYTES) shake256(OUT, KYBER_SSBYTES, IN, INBYTES)
61 
62 #endif /* KYBER_90S */
63 
64 #endif /* SYMMETRIC_H */
65