Embeddable, dependency-free, MIT-0 licensed C11 implementation of the SHA-3 cryptographic hash functions, eXtendable Output Functions (XOFs), and Hash-based Message Authentication Code functions (HMAC) defined in FIPS 202, SP 800-185, and the draft KangarooTwelve and TurboSHAKE specification.
Includes AVX-512 acceleration, Doxygen-friendly API documentation, and a full test suite with sanitizers enabled and test vectors from the NIST CSRC "Examples With Intermediate Values" site and the Test Vectors section of the draft KangarooTwelve and TurboSHAKE specification.
The following algorithms are implemented:
- SHA3-224, SHA3-256, SHA3-384, and SHA3-512: SHA-3 cryptographic hash functions with fixed-length output, as defined in section 6.1 of FIPS 202.
- HMAC-SHA3-224, HMAC-SHA3-256, HMAC-SHA3-384, HMAC-SHA3-512: HMAC instantiated with SHA-3 hash functions, as specified in section 7 of FIPS 202, RFC 2104, and FIPS 198-1.
- SHAKE128, SHAKE128-XOF, SHAKE256, and SHAKE256-XOF: SHA-3 XOFs with both fixed-length output and arbitrary-length output, as defined in section 6.2 of FIPS 202.
- cSHAKE128, cSHAKE128-XOF, cSHAKE256, and cSHAKE256-XOF: Fixed-length and XOF variants of the customizable-SHAKE primitive, as defined in section 3 of SP 800-185.
- KMAC128, KMAC128-XOF, KMAC256 and KMAC256-XOF: Keccak Message Authentication Code (MAC), as defined in section 4 of SP 800-185.
- TupleHash128, TupleHash128-XOF, TupleHash256, and TupleHash256-XOF: Misuse-resistant hash function and XOF for hashing a tuple of byte strings, as defined in section 5 of SP 800-185.
- ParallelHash128, ParallelHash128-XOF, ParallelHash256, and ParallelHash256-XOF: Hash function and XOF, as defined in section 6 of SP 800-185.
- TurboSHAKE128 and TurboSHAKE256: Faster, reduced-round XOFs, as defined in the draft KangarooTwelve and TurboSHAKE specification.
- KangarooTwelve: Faster, reduced-round XOF with a customzation string, as defined in the draft KangarooTwelve and TurboSHAKE specification.
Use make
to build a shared library and minimal sample application, make doc
to generate HTML-formatted API documentation, and make test
to run the test suite.
Examples
Calculate the SHA3-256 hash of a test string and print the result to standard output:
#include <stdint.h>
#include <stdio.h>
#include "hex.h"
static const uint8_t DATA[] = "this is some test data";
int main(void) {
uint8_t buf[32] = { 0 };
printf("SHA3-256: ");
hex_write(stdout, buf, sizeof(buf));
printf("\n");
return 0;
}
void sha3_256(const uint8_t *src, size_t len, uint8_t dst[static 32])
Calculate SHA3-256 hash of input data.
C11 implementation of FIPS 202, NIST SP 800-185, and the draft KangarooTwelve and TurboSHAKE specific...
Calculate the SHAKE128 hash of a test string and print the first 200 bytes to standard output:
#include <stdint.h>
#include <stdio.h>
#include "hex.h"
static const uint8_t DATA[] = "this is some test data";
int main(void) {
uint8_t buf[200] = { 0 };
printf("SHAKE128 (200 bytes): ");
hex_write(stdout, buf, sizeof(buf));
printf("\n");
return 0;
}
void shake128_xof_once(const uint8_t *src, const size_t src_len, uint8_t *dst, const size_t dst_len)
Absorb data into SHAKE128 XOF, then squeeze bytes out.
TurboSHAKE128 example, using the iterative API:
#include <stdint.h>
#include <stdio.h>
#include <err.h>
#include "hex.h"
int main(void) {
FILE *fh = fopen("/dev/urandom", "rb");
if (!fh) {
err(-1, "fopen()");
}
{
uint8_t buf[1024] = { 0 };
for (size_t i = 0; i < 4096/sizeof(buf); i++) {
if (!fread(buf, sizeof(buf), 1, fh)) {
err(-1, "fread()");
}
}
}
if (!fclose(fh)) {
warn("fclose()");
}
printf("TurboShake128 output:\n");
{
uint8_t buf[32] = { 0 };
for (size_t ofs = 0; ofs < 128; ofs += sizeof(buf)) {
hex_write(stdout, buf, sizeof(buf));
}
}
printf("\n");
return 0;
}
void turboshake128_init(turboshake_t *ts)
Initialize TurboSHAKE128 XOF context.
_Bool turboshake128_absorb(turboshake_t *ts, const uint8_t *src, const size_t len)
Absorb data into TurboSHAKE128 XOF context.
void turboshake128_squeeze(turboshake_t *ts, uint8_t *dst, const size_t len)
Squeeze bytes from TurboSHAKE128 XOF context.
TurboShake XOF context (all members are private).
Definition: sha3.h:2155
See the examples/
directory for more.
Usage
To use this library in your application:
- Copy
sha3.h
and sha3.c
into your source tree.
- Update your build system to compile
sha3.o
.
- Include
sha3.h
in your application.
Documentation
Full API documentation is available online here and in the comments of sha3.h
. If you have Doxygen installed, you can generate HTML-formatted API documentation by typing make doc
.
Tests
Use make test
to build and run the test suite.
The test suite checks each component of this implementation for expected answers and is built with several sanitizers supported by both GCC and Clang. The source code for the test suite is embedded at the bottom of sha3.c
behind a TEST_SHA3
define.
References
License
MIT No Attribution (MIT-0)
Copyright 2023 Paul Duncan
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.