seyi / sha3 Goto Github PK

This library is an implementation of the Secure Hash Algorithm 3
(SHA-3), also known as Keccak.  The implementation is constrained to
messages with an integral number of octets, i.e. sub-byte length
messages are not supported.

NOTE that prior to release 1.0.2 this package had a bug in the
generation of message digests where multiple calls to sha3-update
with partial buffers could lead to input data being ignored and
therefore erroneous message digests being generated.  Uses with
only one call to sha3-update and the high-level routines were not
affected by this bug.

The code should be portable across nearly all ANSI compliant CL
implementations with specialized versions tuned for implementations
that offer unboxed 64bit arithmetic, unboxed 32bit arithmetic and for
implementations with efficient fixnum arithmetic (requiring fixnums
that can represent (unsigned-byte 16)).  Especially the 64 and 32bit
implementations have been mostly optimized for SBCL and CMU CL.  For
those implementations, digests with a 1024 bit-rate (and 288 bit
digest output) can be generated in between 30 (64bit SBCL) to around
100 (32bit CMU CL) cycles/byte on an i7-640M; whereas optimized
C/assembler implementations reach around 12 to 50 cycles/byte on 64/32
bit Intel hardware.  The reason for the discrepancy probably lies in
missing peephole and dependency optimizations in the SBCL/CMU CL
compiler backend.

The mid-level interfaces to the digest routines are the functions

- sha3:sha3-init &key output-bit-length bit-rate
  
  Create and return a new SHA-3 state.  If `output-bit-length' is
  specified then the state will run at the bit rate specified for the
  given output bit length.  If `output-bit-length' is unspecified,
  `bit-rate' can be specified to select a suitable bit rate.  If both
  are left unspecified then a default bit rate of 1024 bits is
  selected, which is suitable for arbitrary output bit lengths of up
  to 288 bits.

- sha3:sha3-copy state
  
  Return an independent copy of the SHA-3 state `state'.

- sha3:sha3-state-p state
  
  Test whether a given object is a SHA-3 state, i.e. is an instance of
  the class sha3:sha3-state.

- sha3:sha3-update state vector &key (start 0) (end (length vector))
  
  Update the given SHA-3 state `state' from `vector', which must be a
  simple-array with element-type (unsigned-byte 8), bounded by `start'
  and `end', which must be numeric bounding-indices.

- sha3:sha3-final state &key output-bit-length
  
  If the given SHA-3 state `state' has not already been finalized,
  finalize it by processing any remaining input in its buffer, with
  suitable padding as specified by the SHA-3 standard.  Returns the
  message digest as a simple-array of (unsigned-byte 8).  The length
  of the returned digest is determined either by the output bit length
  or bit rate specified on state creation, or for the special case of
  default parameters being used, by the optional keyword argument
  `output-bit-length'.  If the state has previously been finalized,
  the function will return the digest again.

For convenience the following high-level functions produce digests in
one step from 1d simple-arrays and streams with element-type
(unsigned-byte 8), as well as files:

- sha3:sha3-digest-vector vector &key (start 0) end (output-bit-length 512)
  
  Calculate an SHA-3 message-digest of data in `vector', which should
  be a 1d simple-array with element type (unsigned-byte 8), bounded by
  `start' and `end'.  The bit length of the message digest produced is
  controlled by `output-bit-length', which can take on the values 224,
  256, 288, 384 and 512, which is the default value.

- sha3:sha3-digest-stream stream &key (output-bit-length 512)
  
  Calculate an SHA-3 message-digest of data read from `stream', which
  should be a stream with element type (unsigned-byte 8).  The bit
  length of the message digest produced is controlled by
  `output-bit-length', which can take on the values 224, 256, 288, 384
  and 512, which is the default value.

- sha3:sha3-digest-file pathname &key (output-bit-length 512)
  
  Calculate an SHA-3 message-digest of the file specified by
  `pathname'.  The bit length of the message digest produced is
  controlled by `output-bit-length', which can take on the values 224,
  256, 288, 384 and 512, which is the default value.

Note that in order to generate a message digest of a string it will
have to be converted to a simple-array with element-type
(unsigned-byte 8) in the proper output-encoding.  This will have to
rely on implementation-specific functions and is not part of the SHA3
library.

The file keccak-reference.lisp contains a slow simple reference
implementation, and testdriver code, which allows testing of the tuned
implementations against this reference and against test data available
from the Keccak Site at: http://keccak.noekeon.org/KeccakKAT-3.zip

The testcases from the Keccak test data can be run with the following
form:

(keccak:test-keccak-msgkat 
 "/Path/To/MsgKatDirectory"
 (lambda (total-bits bit-rate output-bits message)
   (declare (ignore total-bits bit-rate))
   (sha3:sha3-digest-vector message :output-bit-length output-bits)))

This SHA-3 implementation is licensed under the MIT-style license
contained in the file COPYING and the header of each source file.
Many thanks go to the Keccak Team (Guido Bertoni, Joan Daemen, Michaël
Peeters and Gilles Van Assche, cf. http://keccak.noekeon.org) for
their algorithm and excellent documentation and reference
implementations.

Please direct any feedback to [email protected].  A git repository of this
library is available under git://github.com/pmai/sha3.git