FIPS202/XOFs

Rust implementation of the SHAKE128 and SHAKE256 extendable-output functions (XOFs) from the SHA3 standard as specified in FIPS202.

This is just an exercise focusing on low-level crypto. It is not intended to be published as crate.

The interface is crude. No "update/digest" semantics and message queue, the whole bytestring must be already present in the buffer (see below).

Aknowledgement

Certain ideas have been taken from this C implementation by the Keccak Team (see also here for a more compact version), which readably reorganizes the tweetable TweetFIPS202 implementation by D. J. Bernstein, P. Schwabe and G. Van Assche. An optimized form of the Keccak-F permutation function has been taken from the XMSS reference implementation.

Application

$ cargo run --example [shake128|shake256]

Usage

This is not available as a crate. Clone the project, include your program in examples/ and execute it with cargo run. For example, the following program computes the SHAKE256-digest of length 12 of a UTF-8 encoded "abc".

examples/sample.rs

use fips202::{shake128, shake256};

fn main() {

    // Preparations

    let input = &mut "abc".as_bytes().to_owned();   // the bytestring to be hashed
    let mut inlen = input.len();                    // length of original input
    let mut output = [0u8; 12];                     // will hold the final digest
    let outlen = output.len();                      // length of final digest

    // Hashing

    shake256(&mut output, outlen, input, &mut inlen);

    // Print result as hex string

    for byte in &output {
        print!("{:02x}", byte);
    }
    println!();
}

Running the program should produce the following result:

$ cargo run --example sample
483366601360a8771c686308

Tests

$ cargo test

Benchmarks

$ cargo bench