1 #ifndef SYMMETRIC_H 2 #define SYMMETRIC_H 3 4 #include <stddef.h> 5 #include <stdint.h> 6 #include "params.h" 7 8 #ifdef KYBER_90S 9 10 #include "sha2.h" 11 #include "aes256ctr.h" 12 13 #if (KYBER_SSBYTES != 32) 14 #error "90s variant of Kyber can only generate keys of length 256 bits" 15 #endif 16 17 typedef aes256ctr_ctx xof_state; 18 19 #define XOF_BLOCKBYTES AES256CTR_BLOCKBYTES 20 21 #define hash_h(OUT, IN, INBYTES) sha256(OUT, IN, INBYTES) 22 #define hash_g(OUT, IN, INBYTES) sha512(OUT, IN, INBYTES) 23 #define xof_absorb(STATE, SEED, X, Y) \ 24 aes256ctr_init(STATE, SEED, (X) | ((uint16_t)(Y) << 8)) 25 #define xof_squeezeblocks(OUT, OUTBLOCKS, STATE) \ 26 aes256ctr_squeezeblocks(OUT, OUTBLOCKS, STATE) 27 #define prf(OUT, OUTBYTES, KEY, NONCE) \ 28 aes256ctr_prf(OUT, OUTBYTES, KEY, NONCE) 29 #define kdf(OUT, IN, INBYTES) sha256(OUT, IN, INBYTES) 30 31 #else 32 33 #include "fips202.h" 34 #include "fips202x4.h" 35 36 typedef shake128incctx xof_state; 37 38 #define kyber_shake128_absorb KYBER_NAMESPACE(kyber_shake128_absorb) 39 void kyber_shake128_absorb(shake128incctx *s, 40 const uint8_t seed[KYBER_SYMBYTES], 41 uint8_t x, 42 uint8_t y); 43 44 #define kyber_shake256_prf KYBER_NAMESPACE(kyber_shake256_prf) 45 void kyber_shake256_prf(uint8_t *out, 46 size_t outlen, 47 const uint8_t key[KYBER_SYMBYTES], 48 uint8_t nonce); 49 50 #define XOF_BLOCKBYTES SHAKE128_RATE 51 52 #define hash_h(OUT, IN, INBYTES) sha3_256(OUT, IN, INBYTES) 53 #define hash_g(OUT, IN, INBYTES) sha3_512(OUT, IN, INBYTES) 54 #define xof_absorb(STATE, SEED, X, Y) kyber_shake128_absorb(STATE, SEED, X, Y) 55 #define xof_squeezeblocks(OUT, OUTBLOCKS, STATE) \ 56 shake128_squeezeblocks(OUT, OUTBLOCKS, STATE) 57 #define prf(OUT, OUTBYTES, KEY, NONCE) \ 58 kyber_shake256_prf(OUT, OUTBYTES, KEY, NONCE) 59 #define kdf(OUT, IN, INBYTES) shake256(OUT, KYBER_SSBYTES, IN, INBYTES) 60 61 #endif /* KYBER_90S */ 62 63 #endif /* SYMMETRIC_H */ 64