Documentation
¶
Overview ¶
Package duplex implements a cryptographic duplex construction using the Simpira-1024 permutation.
This package provides the core duplex state management for the Newplex cryptographic framework. It implements a sponge-like construction with a 1024-bit state, 256-bit capacity, and 752-bit rate, offering 128-bit security against generic attacks. The duplex supports absorption, squeezing, encryption/decryption operations, and includes STROBE-like framing for domain separation.
Index ¶
- type State
- func (d *State) Absorb(b []byte)
- func (d *State) AbsorbByte(b byte)
- func (d *State) AbsorbHeader(op byte, label string)
- func (d *State) AbsorbLEB128(x uint64)
- func (d *State) AppendBinary(b []byte) ([]byte, error)
- func (d *State) Clear()
- func (d *State) Decrypt(plaintext, ciphertext []byte)
- func (d *State) Encrypt(ciphertext, plaintext []byte)
- func (d *State) Equal(d2 *State) int
- func (d *State) Frame(id byte)
- func (d *State) MarshalBinary() (data []byte, err error)
- func (d *State) Permute()
- func (d *State) Ratchet()
- func (d *State) Squeeze(out []byte)
- func (d *State) UnmarshalBinary(data []byte) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type State ¶
type State struct {
// contains filtered or unexported fields
}
A State is the state of a cryptographic duplex, sans padding or framing schemes. It uses the Simpira-1024 permutation, has a width of 1024 bits, a capacity of 256 bits, 8 bits of framing, 8 bits of padding, and a rate of 752 bits. This offers 128 bits of security for collision resistance, 256 bits of security for state recovery, and 128 bits of security for birthday-bound indistinguishability.
In addition to using SHA-3's pad10*1 scheme for each block of permutation input, it also uses a STROBE-like framing mechanism for domain separation of sets of operations.
func (*State) Absorb ¶
Absorb updates the duplex's state with the given data, running the permutation as the rate is exhausted.
Multiple Absorb calls are effectively the same thing as a single Absorb call with concatenated inputs.
func (*State) AbsorbHeader ¶
AbsorbHeader absorbs the common protocol operation header pattern:
Frame + AbsorbByte(op) + Absorb(label) + Frame + AbsorbByte(op|0x80)
in a single pass, avoiding per-byte overflow checks when the header fits within the remaining rate.
The fast path inlines the two Frame() calls and their associated absorptions. Given a starting rateIdx of R, the layout within the rate is:
state[R] ^= frameIdx // First Frame(): absorb the old frameIdx
state[R+1] ^= op // AbsorbByte(op): absorb the metadata opcode
state[R+2..R+2+n) ^= label // Absorb(label): absorb the label bytes
state[R+2+n] ^= R+1 // Second Frame(): absorb the new frameIdx
// (frameIdx was set to R+1 after the first
// Frame absorbed the old value at R, then
// the opcode byte advanced rateIdx to R+1,
// so Frame() records R+1 as the start of
// the metadata frame)
state[R+3+n] ^= op | 0x80 // AbsorbByte(op|0x80): absorb the data opcode
After the fast path:
frameIdx = R + 3 + n (start of the data frame, i.e., the position after
the second Frame's AbsorbByte advanced rateIdx)
rateIdx = R + 4 + n (= R + headerLen, ready for the operation's payload)
This is equivalent to the slow path but avoids five separate boundary checks.
func (*State) AbsorbLEB128 ¶
AbsorbLEB128 absorbs the LEB128 form of the given value.
func (*State) AppendBinary ¶
AppendBinary appends the binary representation of the duplex's state to the given slice. It implements encoding.BinaryAppender.
func (*State) Decrypt ¶
Decrypt XORs the given ciphertext slice with the duplex's state, copies the result to the given plaintext slice, and updates the duplex's state with the ciphertext.
Multiple Decrypt calls are effectively the same thing as a single Decrypt call with concatenated inputs.
func (*State) Encrypt ¶
Encrypt XORs the given plaintext slice with the duplex's state, copies the result to the given ciphertext slice, and updates the duplex's state with the ciphertext.
Multiple Encrypt calls are effectively the same thing as a single Encrypt call with concatenated inputs.
func (*State) Frame ¶
Frame absorbs the current frame index, updates the frame index to be the current rate index, and absorbs the given identifier byte.
func (*State) MarshalBinary ¶
MarshalBinary returns the binary representation of the duplex's state. It implements encoding.BinaryMarshaler.
func (*State) Permute ¶
func (d *State) Permute()
Permute applies a Frame-oriented padding scheme to the state by absorbing the Frame index into the rate or potentially overflowing into the first of two padding bytes, then applies SHA-3's pad10*1 padding scheme to the entire, unpadded rate. Finally, it permutes the entire state with Simpira-1024 and resets rateIdx and frameIdx.
func (*State) Ratchet ¶
func (d *State) Ratchet()
Ratchet applies the Simpira-1024 permutation if needed, then zeros out 256 bits of the rate, preventing rollback.
func (*State) Squeeze ¶
Squeeze fills the given slice with data from the duplex's state and zeros out the portion of the duplex's state which was returned, running the permutation as the state becomes exhausted.
Multiple Squeeze calls are effectively the same thing as a single Squeeze call with concatenated outputs.
func (*State) UnmarshalBinary ¶
UnmarshalBinary restores the duplex's state from the given binary representation. It implements encoding.BinaryUnmarshaler.
Source Files