Add xof functions into crypto_digest.[ch]

Added xof functions and operations into xof+digest module.

Follows #24658.

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>

4 files changed, 61 insertions, 59 deletions

diff --git a/src/common/crypto.c b/src/common/crypto.c
index 88cf353a15..edc9e9535d 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -672,56 +672,6 @@ crypto_cipher_decrypt_with_iv(const char *key,
   return (int)(fromlen - CIPHER_IV_LEN);
 }
 
-/** Internal state for a eXtendable-Output Function (XOF). */
-struct crypto_xof_t {
-  keccak_state s;
-};
-
-/** Allocate a new XOF object backed by SHAKE-256.  The security level
- * provided is a function of the length of the output used.  Read and
- * understand FIPS-202 A.2 "Additional Consideration for Extendable-Output
- * Functions" before using this construct.
- */
-crypto_xof_t *
-crypto_xof_new(void)
-{
-  crypto_xof_t *xof;
-  xof = tor_malloc(sizeof(crypto_xof_t));
-  keccak_xof_init(&xof->s, 256);
-  return xof;
-}
-
-/** Absorb bytes into a XOF object.  Must not be called after a call to
- * crypto_xof_squeeze_bytes() for the same instance, and will assert
- * if attempted.
- */
-void
-crypto_xof_add_bytes(crypto_xof_t *xof, const uint8_t *data, size_t len)
-{
-  int i = keccak_xof_absorb(&xof->s, data, len);
-  tor_assert(i == 0);
-}
-
-/** Squeeze bytes out of a XOF object.  Calling this routine will render
- * the XOF instance ineligible to absorb further data.
- */
-void
-crypto_xof_squeeze_bytes(crypto_xof_t *xof, uint8_t *out, size_t len)
-{
-  int i = keccak_xof_squeeze(&xof->s, out, len);
-  tor_assert(i == 0);
-}
-
-/** Cleanse and deallocate a XOF object. */
-void
-crypto_xof_free_(crypto_xof_t *xof)
-{
-  if (!xof)
-    return;
-  memwipe(xof, 0, sizeof(crypto_xof_t));
-  tor_free(xof);
-}
-
 /* DH */
 
 /** Our DH 'g' parameter */
diff --git a/src/common/crypto.h b/src/common/crypto.h
index 3b2eb83730..5967a6f8b6 100644
--- a/src/common/crypto.h
+++ b/src/common/crypto.h
@@ -38,8 +38,6 @@
 #define FINGERPRINT_LEN 49
 
 typedef struct aes_cnt_cipher crypto_cipher_t;
-typedef struct crypto_digest_t crypto_digest_t;
-typedef struct crypto_xof_t crypto_xof_t;
 typedef struct crypto_dh_t crypto_dh_t;
 
 /* global state */
@@ -92,13 +90,6 @@ int crypto_cipher_decrypt_with_iv(const char *key,
                                   char *to, size_t tolen,
                                   const char *from, size_t fromlen);
 
-crypto_xof_t *crypto_xof_new(void);
-void crypto_xof_add_bytes(crypto_xof_t *xof, const uint8_t *data, size_t len);
-void crypto_xof_squeeze_bytes(crypto_xof_t *xof, uint8_t *out, size_t len);
-void crypto_xof_free_(crypto_xof_t *xof);
-#define crypto_xof_free(xof) \
-  FREE_AND_NULL(crypto_xof_t, crypto_xof_free_, (xof))
-
 /* Key negotiation */
 #define DH_TYPE_CIRCUIT 1
 #define DH_TYPE_REND 2
diff --git a/src/common/crypto_digest.c b/src/common/crypto_digest.c
index d316300e8c..f5c3118256 100644
--- a/src/common/crypto_digest.c
+++ b/src/common/crypto_digest.c
@@ -608,3 +608,55 @@ crypto_mac_sha3_256(uint8_t *mac_out, size_t len_out,
   crypto_digest_get_digest(digest, (char *) mac_out, len_out);
   crypto_digest_free(digest);
 }
+
+/* xof functions  */
+
+/** Internal state for a eXtendable-Output Function (XOF). */
+struct crypto_xof_t {
+  keccak_state s;
+};
+
+/** Allocate a new XOF object backed by SHAKE-256.  The security level
+ * provided is a function of the length of the output used.  Read and
+ * understand FIPS-202 A.2 "Additional Consideration for Extendable-Output
+ * Functions" before using this construct.
+ */
+crypto_xof_t *
+crypto_xof_new(void)
+{
+  crypto_xof_t *xof;
+  xof = tor_malloc(sizeof(crypto_xof_t));
+  keccak_xof_init(&xof->s, 256);
+  return xof;
+}
+
+/** Absorb bytes into a XOF object.  Must not be called after a call to
+ * crypto_xof_squeeze_bytes() for the same instance, and will assert
+ * if attempted.
+ */
+void
+crypto_xof_add_bytes(crypto_xof_t *xof, const uint8_t *data, size_t len)
+{
+  int i = keccak_xof_absorb(&xof->s, data, len);
+  tor_assert(i == 0);
+}
+
+/** Squeeze bytes out of a XOF object.  Calling this routine will render
+ * the XOF instance ineligible to absorb further data.
+ */
+void
+crypto_xof_squeeze_bytes(crypto_xof_t *xof, uint8_t *out, size_t len)
+{
+  int i = keccak_xof_squeeze(&xof->s, out, len);
+  tor_assert(i == 0);
+}
+
+/** Cleanse and deallocate a XOF object. */
+void
+crypto_xof_free_(crypto_xof_t *xof)
+{
+  if (!xof)
+    return;
+  memwipe(xof, 0, sizeof(crypto_xof_t));
+  tor_free(xof);
+}
diff --git a/src/common/crypto_digest.h b/src/common/crypto_digest.h
index 4471a58797..a716209a71 100644
--- a/src/common/crypto_digest.h
+++ b/src/common/crypto_digest.h
@@ -67,6 +67,7 @@ typedef struct {
 } common_digests_t;
 
 typedef struct crypto_digest_t crypto_digest_t;
+typedef struct crypto_xof_t crypto_xof_t;
 
 /* public key crypto digest */
 MOCK_DECL(int, crypto_pk_public_checksig_digest,(crypto_pk_t *env,
@@ -116,6 +117,14 @@ void crypto_mac_sha3_256(uint8_t *mac_out, size_t len_out,
                          const uint8_t *key, size_t key_len,
                          const uint8_t *msg, size_t msg_len);
 
+/* xof functions*/
+crypto_xof_t *crypto_xof_new(void);
+void crypto_xof_add_bytes(crypto_xof_t *xof, const uint8_t *data, size_t len);
+void crypto_xof_squeeze_bytes(crypto_xof_t *xof, uint8_t *out, size_t len);
+void crypto_xof_free_(crypto_xof_t *xof);
+#define crypto_xof_free(xof) \
+  FREE_AND_NULL(crypto_xof_t, crypto_xof_free_, (xof))
+
 #ifdef TOR_UNIT_TESTS
 digest_algorithm_t crypto_digest_get_algorithm(crypto_digest_t *digest);
 #endif