70ee483d320a270993b56c713e350b736edd753fAki Tuomi/* -------------------------------------------------------------------------
70ee483d320a270993b56c713e350b736edd753fAki Tuomi * Works when compiled for either 32-bit or 64-bit targets, optimized for
70ee483d320a270993b56c713e350b736edd753fAki Tuomi * 64 bit.
70ee483d320a270993b56c713e350b736edd753fAki Tuomi *
70ee483d320a270993b56c713e350b736edd753fAki Tuomi * Canonical implementation of Init/Update/Finalize for SHA-3 byte input.
70ee483d320a270993b56c713e350b736edd753fAki Tuomi *
70ee483d320a270993b56c713e350b736edd753fAki Tuomi * SHA3-256, SHA3-384, SHA-512 are implemented. SHA-224 can easily be added.
70ee483d320a270993b56c713e350b736edd753fAki Tuomi *
70ee483d320a270993b56c713e350b736edd753fAki Tuomi * Based on code from http://keccak.noekeon.org/ .
70ee483d320a270993b56c713e350b736edd753fAki Tuomi *
70ee483d320a270993b56c713e350b736edd753fAki Tuomi * I place the code that I wrote into public domain, free to use.
70ee483d320a270993b56c713e350b736edd753fAki Tuomi *
70ee483d320a270993b56c713e350b736edd753fAki Tuomi * I would appreciate if you give credits to this work if you used it to
70ee483d320a270993b56c713e350b736edd753fAki Tuomi * write or test * your code.
70ee483d320a270993b56c713e350b736edd753fAki Tuomi *
70ee483d320a270993b56c713e350b736edd753fAki Tuomi * Aug 2015. Andrey Jivsov. crypto@brainhub.org
70ee483d320a270993b56c713e350b736edd753fAki Tuomi *
70ee483d320a270993b56c713e350b736edd753fAki Tuomi * Modified for Dovecot oy use
70ee483d320a270993b56c713e350b736edd753fAki Tuomi * Oct 2016. Aki Tuomi <aki.tuomi@dovecot.fi>
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomi * ---------------------------------------------------------------------- */
70ee483d320a270993b56c713e350b736edd753fAki Tuomi#include "lib.h"
70ee483d320a270993b56c713e350b736edd753fAki Tuomi#include "sha3.h"
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomi#include <stdio.h>
70ee483d320a270993b56c713e350b736edd753fAki Tuomi#include <stdint.h>
70ee483d320a270993b56c713e350b736edd753fAki Tuomi#include <string.h>
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomi#if defined(_MSC_VER)
70ee483d320a270993b56c713e350b736edd753fAki Tuomi#define SHA3_CONST(x) x
70ee483d320a270993b56c713e350b736edd753fAki Tuomi#else
70ee483d320a270993b56c713e350b736edd753fAki Tuomi#define SHA3_CONST(x) x##L
70ee483d320a270993b56c713e350b736edd753fAki Tuomi#endif
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomi/* The following state definition should normally be in a separate
70ee483d320a270993b56c713e350b736edd753fAki Tuomi * header file
70ee483d320a270993b56c713e350b736edd753fAki Tuomi */
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomi#ifndef SHA3_ROTL64
70ee483d320a270993b56c713e350b736edd753fAki Tuomi#define SHA3_ROTL64(x, y) \
70ee483d320a270993b56c713e350b736edd753fAki Tuomi (((x) << (y)) | ((x) >> ((sizeof(uint64_t)*8) - (y))))
70ee483d320a270993b56c713e350b736edd753fAki Tuomi#endif
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomistatic const uint64_t keccakf_rndc[24] = {
70ee483d320a270993b56c713e350b736edd753fAki Tuomi SHA3_CONST(0x0000000000000001UL), SHA3_CONST(0x0000000000008082UL),
70ee483d320a270993b56c713e350b736edd753fAki Tuomi SHA3_CONST(0x800000000000808aUL), SHA3_CONST(0x8000000080008000UL),
70ee483d320a270993b56c713e350b736edd753fAki Tuomi SHA3_CONST(0x000000000000808bUL), SHA3_CONST(0x0000000080000001UL),
70ee483d320a270993b56c713e350b736edd753fAki Tuomi SHA3_CONST(0x8000000080008081UL), SHA3_CONST(0x8000000000008009UL),
70ee483d320a270993b56c713e350b736edd753fAki Tuomi SHA3_CONST(0x000000000000008aUL), SHA3_CONST(0x0000000000000088UL),
70ee483d320a270993b56c713e350b736edd753fAki Tuomi SHA3_CONST(0x0000000080008009UL), SHA3_CONST(0x000000008000000aUL),
70ee483d320a270993b56c713e350b736edd753fAki Tuomi SHA3_CONST(0x000000008000808bUL), SHA3_CONST(0x800000000000008bUL),
70ee483d320a270993b56c713e350b736edd753fAki Tuomi SHA3_CONST(0x8000000000008089UL), SHA3_CONST(0x8000000000008003UL),
70ee483d320a270993b56c713e350b736edd753fAki Tuomi SHA3_CONST(0x8000000000008002UL), SHA3_CONST(0x8000000000000080UL),
70ee483d320a270993b56c713e350b736edd753fAki Tuomi SHA3_CONST(0x000000000000800aUL), SHA3_CONST(0x800000008000000aUL),
70ee483d320a270993b56c713e350b736edd753fAki Tuomi SHA3_CONST(0x8000000080008081UL), SHA3_CONST(0x8000000000008080UL),
70ee483d320a270993b56c713e350b736edd753fAki Tuomi SHA3_CONST(0x0000000080000001UL), SHA3_CONST(0x8000000080008008UL)
70ee483d320a270993b56c713e350b736edd753fAki Tuomi};
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomistatic const unsigned keccakf_rotc[24] = {
70ee483d320a270993b56c713e350b736edd753fAki Tuomi 1, 3, 6, 10, 15, 21, 28, 36, 45, 55, 2, 14, 27, 41, 56, 8, 25, 43, 62,
70ee483d320a270993b56c713e350b736edd753fAki Tuomi 18, 39, 61, 20, 44
70ee483d320a270993b56c713e350b736edd753fAki Tuomi};
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomistatic const unsigned keccakf_piln[24] = {
70ee483d320a270993b56c713e350b736edd753fAki Tuomi 10, 7, 11, 17, 18, 3, 5, 16, 8, 21, 24, 4, 15, 23, 19, 13, 12, 2, 20,
70ee483d320a270993b56c713e350b736edd753fAki Tuomi 14, 22, 9, 6, 1
70ee483d320a270993b56c713e350b736edd753fAki Tuomi};
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomi/* generally called after SHA3_KECCAK_SPONGE_WORDS-ctx->capacityWords words
70ee483d320a270993b56c713e350b736edd753fAki Tuomi * are XORed into the state s
70ee483d320a270993b56c713e350b736edd753fAki Tuomi */
70ee483d320a270993b56c713e350b736edd753fAki Tuomistatic void
70ee483d320a270993b56c713e350b736edd753fAki Tuomikeccakf(uint64_t s[25])
70ee483d320a270993b56c713e350b736edd753fAki Tuomi{
70ee483d320a270993b56c713e350b736edd753fAki Tuomi int i, j, round;
70ee483d320a270993b56c713e350b736edd753fAki Tuomi uint64_t t, bc[5];
70ee483d320a270993b56c713e350b736edd753fAki Tuomi#define KECCAK_ROUNDS 24
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomi for(round = 0; round < KECCAK_ROUNDS; round++) {
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomi /* Theta */
70ee483d320a270993b56c713e350b736edd753fAki Tuomi for(i = 0; i < 5; i++)
70ee483d320a270993b56c713e350b736edd753fAki Tuomi bc[i] = s[i] ^ s[i + 5] ^ s[i + 10] ^ s[i + 15] ^ s[i + 20];
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomi for(i = 0; i < 5; i++) {
70ee483d320a270993b56c713e350b736edd753fAki Tuomi t = bc[(i + 4) % 5] ^ SHA3_ROTL64(bc[(i + 1) % 5], 1);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi for(j = 0; j < 25; j += 5)
70ee483d320a270993b56c713e350b736edd753fAki Tuomi s[j + i] ^= t;
70ee483d320a270993b56c713e350b736edd753fAki Tuomi }
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomi /* Rho Pi */
70ee483d320a270993b56c713e350b736edd753fAki Tuomi t = s[1];
70ee483d320a270993b56c713e350b736edd753fAki Tuomi for(i = 0; i < 24; i++) {
70ee483d320a270993b56c713e350b736edd753fAki Tuomi j = keccakf_piln[i];
70ee483d320a270993b56c713e350b736edd753fAki Tuomi bc[0] = s[j];
70ee483d320a270993b56c713e350b736edd753fAki Tuomi s[j] = SHA3_ROTL64(t, keccakf_rotc[i]);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi t = bc[0];
70ee483d320a270993b56c713e350b736edd753fAki Tuomi }
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomi /* Chi */
70ee483d320a270993b56c713e350b736edd753fAki Tuomi for(j = 0; j < 25; j += 5) {
70ee483d320a270993b56c713e350b736edd753fAki Tuomi for(i = 0; i < 5; i++)
70ee483d320a270993b56c713e350b736edd753fAki Tuomi bc[i] = s[j + i];
70ee483d320a270993b56c713e350b736edd753fAki Tuomi for(i = 0; i < 5; i++)
70ee483d320a270993b56c713e350b736edd753fAki Tuomi s[j + i] ^= (~bc[(i + 1) % 5]) & bc[(i + 2) % 5];
70ee483d320a270993b56c713e350b736edd753fAki Tuomi }
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomi /* Iota */
70ee483d320a270993b56c713e350b736edd753fAki Tuomi s[0] ^= keccakf_rndc[round];
70ee483d320a270993b56c713e350b736edd753fAki Tuomi }
70ee483d320a270993b56c713e350b736edd753fAki Tuomi}
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
211c638d81d382517d196ad47565e0d85012c927klemens/* *************************** Public Interface ************************ */
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomivoid sha3_256_init(void *context)
70ee483d320a270993b56c713e350b736edd753fAki Tuomi{
70ee483d320a270993b56c713e350b736edd753fAki Tuomi struct sha3_ctx *ctx = context;
efe78d3ba24fc866af1c79b9223dc0809ba26cadStephan Bosch i_zero(ctx);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi ctx->capacityWords = 2 * 256 / (8 * sizeof(uint64_t));
70ee483d320a270993b56c713e350b736edd753fAki Tuomi}
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomivoid sha3_512_init(void *context)
70ee483d320a270993b56c713e350b736edd753fAki Tuomi{
70ee483d320a270993b56c713e350b736edd753fAki Tuomi struct sha3_ctx *ctx = context;
efe78d3ba24fc866af1c79b9223dc0809ba26cadStephan Bosch i_zero(ctx);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi ctx->capacityWords = 2 * 512 / (8 * sizeof(uint64_t));
70ee483d320a270993b56c713e350b736edd753fAki Tuomi}
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomivoid sha3_loop(void *context, const void *data, size_t len)
70ee483d320a270993b56c713e350b736edd753fAki Tuomi{
70ee483d320a270993b56c713e350b736edd753fAki Tuomi struct sha3_ctx *ctx = context;
70ee483d320a270993b56c713e350b736edd753fAki Tuomi /* 0...7 -- how much is needed to have a word */
70ee483d320a270993b56c713e350b736edd753fAki Tuomi unsigned old_tail = (8 - ctx->byteIndex) & 7;
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomi size_t words;
70ee483d320a270993b56c713e350b736edd753fAki Tuomi unsigned tail;
70ee483d320a270993b56c713e350b736edd753fAki Tuomi size_t i;
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomi const uint8_t *buf = data;
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomi i_assert(ctx->byteIndex < 8);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi i_assert(ctx->wordIndex < sizeof(ctx->s) / sizeof(ctx->s[0]));
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomi if(len < old_tail) { /* have no complete word or haven't started
70ee483d320a270993b56c713e350b736edd753fAki Tuomi * the word yet */
70ee483d320a270993b56c713e350b736edd753fAki Tuomi /* endian-independent code follows: */
a05819736f348d0c5ac8b4966ac6b04c21e1a391Timo Sirainen while (len > 0) {
a05819736f348d0c5ac8b4966ac6b04c21e1a391Timo Sirainen len--;
70ee483d320a270993b56c713e350b736edd753fAki Tuomi ctx->saved |= (uint64_t) (*(buf++)) <<
70ee483d320a270993b56c713e350b736edd753fAki Tuomi ((ctx->byteIndex++) * 8);
a05819736f348d0c5ac8b4966ac6b04c21e1a391Timo Sirainen }
70ee483d320a270993b56c713e350b736edd753fAki Tuomi i_assert(ctx->byteIndex < 8);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi return;
70ee483d320a270993b56c713e350b736edd753fAki Tuomi }
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
34742a4b92c16c300e3d75731685b678712340b2Timo Sirainen if(old_tail != 0) { /* will have one word to process */
70ee483d320a270993b56c713e350b736edd753fAki Tuomi /* endian-independent code follows: */
70ee483d320a270993b56c713e350b736edd753fAki Tuomi len -= old_tail;
a05819736f348d0c5ac8b4966ac6b04c21e1a391Timo Sirainen while (old_tail > 0) {
a05819736f348d0c5ac8b4966ac6b04c21e1a391Timo Sirainen old_tail--;
70ee483d320a270993b56c713e350b736edd753fAki Tuomi ctx->saved |= (uint64_t) (*(buf++)) <<
70ee483d320a270993b56c713e350b736edd753fAki Tuomi ((ctx->byteIndex++) * 8);
a05819736f348d0c5ac8b4966ac6b04c21e1a391Timo Sirainen }
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomi /* now ready to add saved to the sponge */
70ee483d320a270993b56c713e350b736edd753fAki Tuomi ctx->s[ctx->wordIndex] ^= ctx->saved;
70ee483d320a270993b56c713e350b736edd753fAki Tuomi i_assert(ctx->byteIndex == 8);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi ctx->byteIndex = 0;
70ee483d320a270993b56c713e350b736edd753fAki Tuomi ctx->saved = 0;
70ee483d320a270993b56c713e350b736edd753fAki Tuomi if(++ctx->wordIndex ==
70ee483d320a270993b56c713e350b736edd753fAki Tuomi (SHA3_KECCAK_SPONGE_WORDS -
70ee483d320a270993b56c713e350b736edd753fAki Tuomi ctx->capacityWords)) {
70ee483d320a270993b56c713e350b736edd753fAki Tuomi keccakf(ctx->s);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi ctx->wordIndex = 0;
70ee483d320a270993b56c713e350b736edd753fAki Tuomi }
70ee483d320a270993b56c713e350b736edd753fAki Tuomi }
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomi /* now work in full words directly from input */
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomi i_assert(ctx->byteIndex == 0);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomi words = len / sizeof(uint64_t);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi tail = len - words * sizeof(uint64_t);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomi for(i = 0; i < words; i++, buf += sizeof(uint64_t)) {
70ee483d320a270993b56c713e350b736edd753fAki Tuomi const uint64_t t = (uint64_t) (buf[0]) |
70ee483d320a270993b56c713e350b736edd753fAki Tuomi ((uint64_t) (buf[1]) << 8 * 1) |
70ee483d320a270993b56c713e350b736edd753fAki Tuomi ((uint64_t) (buf[2]) << 8 * 2) |
70ee483d320a270993b56c713e350b736edd753fAki Tuomi ((uint64_t) (buf[3]) << 8 * 3) |
70ee483d320a270993b56c713e350b736edd753fAki Tuomi ((uint64_t) (buf[4]) << 8 * 4) |
70ee483d320a270993b56c713e350b736edd753fAki Tuomi ((uint64_t) (buf[5]) << 8 * 5) |
70ee483d320a270993b56c713e350b736edd753fAki Tuomi ((uint64_t) (buf[6]) << 8 * 6) |
70ee483d320a270993b56c713e350b736edd753fAki Tuomi ((uint64_t) (buf[7]) << 8 * 7);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi#if defined(__x86_64__ ) || defined(__i386__)
70ee483d320a270993b56c713e350b736edd753fAki Tuomi i_assert(memcmp(&t, buf, 8) == 0);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi#endif
70ee483d320a270993b56c713e350b736edd753fAki Tuomi ctx->s[ctx->wordIndex] ^= t;
70ee483d320a270993b56c713e350b736edd753fAki Tuomi if(++ctx->wordIndex ==
70ee483d320a270993b56c713e350b736edd753fAki Tuomi (SHA3_KECCAK_SPONGE_WORDS - ctx->capacityWords)) {
70ee483d320a270993b56c713e350b736edd753fAki Tuomi keccakf(ctx->s);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi ctx->wordIndex = 0;
70ee483d320a270993b56c713e350b736edd753fAki Tuomi }
70ee483d320a270993b56c713e350b736edd753fAki Tuomi }
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomi /* finally, save the partial word */
70ee483d320a270993b56c713e350b736edd753fAki Tuomi i_assert(ctx->byteIndex == 0 && tail < 8);
a05819736f348d0c5ac8b4966ac6b04c21e1a391Timo Sirainen while (tail > 0) {
a05819736f348d0c5ac8b4966ac6b04c21e1a391Timo Sirainen tail--;
70ee483d320a270993b56c713e350b736edd753fAki Tuomi ctx->saved |= (uint64_t) (*(buf++)) << ((ctx->byteIndex++) * 8);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi }
70ee483d320a270993b56c713e350b736edd753fAki Tuomi i_assert(ctx->byteIndex < 8);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi}
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomi/* This is simply the 'update' with the padding block.
70ee483d320a270993b56c713e350b736edd753fAki Tuomi * The padding block is 0x01 || 0x00* || 0x80. First 0x01 and last 0x80
70ee483d320a270993b56c713e350b736edd753fAki Tuomi * bytes are always present, but they can be the same byte.
70ee483d320a270993b56c713e350b736edd753fAki Tuomi */
70ee483d320a270993b56c713e350b736edd753fAki Tuomistatic void
70ee483d320a270993b56c713e350b736edd753fAki Tuomisha3_finalize(struct sha3_ctx *ctx)
70ee483d320a270993b56c713e350b736edd753fAki Tuomi{
70ee483d320a270993b56c713e350b736edd753fAki Tuomi /* Append 2-bit suffix 01, per SHA-3 spec. Instead of 1 for padding we
70ee483d320a270993b56c713e350b736edd753fAki Tuomi * use 1<<2 below. The 0x02 below corresponds to the suffix 01.
70ee483d320a270993b56c713e350b736edd753fAki Tuomi * Overall, we feed 0, then 1, and finally 1 to start padding. Without
70ee483d320a270993b56c713e350b736edd753fAki Tuomi * M || 01, we would simply use 1 to start padding. */
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomi /* SHA3 version */
70ee483d320a270993b56c713e350b736edd753fAki Tuomi ctx->s[ctx->wordIndex] ^=
70ee483d320a270993b56c713e350b736edd753fAki Tuomi (ctx->saved ^ ((uint64_t) ((uint64_t) (0x02 | (1 << 2)) <<
70ee483d320a270993b56c713e350b736edd753fAki Tuomi ((ctx->byteIndex) * 8))));
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomi ctx->s[SHA3_KECCAK_SPONGE_WORDS - ctx->capacityWords - 1] ^=
70ee483d320a270993b56c713e350b736edd753fAki Tuomi SHA3_CONST(0x8000000000000000UL);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi keccakf(ctx->s);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
182093c9a4e02a1c6672597da45767625c6b970eAki Tuomi#ifdef WORDS_BIGENDIAN
70ee483d320a270993b56c713e350b736edd753fAki Tuomi {
70ee483d320a270993b56c713e350b736edd753fAki Tuomi unsigned i;
70ee483d320a270993b56c713e350b736edd753fAki Tuomi for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) {
70ee483d320a270993b56c713e350b736edd753fAki Tuomi const unsigned t1 = (uint32_t) ctx->s[i];
70ee483d320a270993b56c713e350b736edd753fAki Tuomi const unsigned t2 = (uint32_t) ((ctx->s[i] >> 16) >> 16);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi ctx->sb[i * 8 + 0] = (uint8_t) (t1);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi ctx->sb[i * 8 + 1] = (uint8_t) (t1 >> 8);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi ctx->sb[i * 8 + 2] = (uint8_t) (t1 >> 16);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi ctx->sb[i * 8 + 3] = (uint8_t) (t1 >> 24);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi ctx->sb[i * 8 + 4] = (uint8_t) (t2);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi ctx->sb[i * 8 + 5] = (uint8_t) (t2 >> 8);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi ctx->sb[i * 8 + 6] = (uint8_t) (t2 >> 16);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi ctx->sb[i * 8 + 7] = (uint8_t) (t2 >> 24);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi }
70ee483d320a270993b56c713e350b736edd753fAki Tuomi }
70ee483d320a270993b56c713e350b736edd753fAki Tuomi#endif
70ee483d320a270993b56c713e350b736edd753fAki Tuomi}
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomivoid sha3_256_result(void *context,
70ee483d320a270993b56c713e350b736edd753fAki Tuomi unsigned char digest[STATIC_ARRAY SHA256_RESULTLEN])
70ee483d320a270993b56c713e350b736edd753fAki Tuomi{
70ee483d320a270993b56c713e350b736edd753fAki Tuomi struct sha3_ctx *ctx = context;
70ee483d320a270993b56c713e350b736edd753fAki Tuomi sha3_finalize(ctx);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi memcpy(digest, ctx->sb, SHA256_RESULTLEN);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi}
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomivoid sha3_512_result(void *context,
70ee483d320a270993b56c713e350b736edd753fAki Tuomi unsigned char digest[STATIC_ARRAY SHA512_RESULTLEN])
70ee483d320a270993b56c713e350b736edd753fAki Tuomi{
70ee483d320a270993b56c713e350b736edd753fAki Tuomi struct sha3_ctx *ctx = context;
70ee483d320a270993b56c713e350b736edd753fAki Tuomi sha3_finalize(ctx);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi memcpy(digest, ctx->sb, SHA512_RESULTLEN);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi}
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomivoid sha3_256_get_digest(const void *data, size_t size,
70ee483d320a270993b56c713e350b736edd753fAki Tuomi unsigned char digest[STATIC_ARRAY SHA256_RESULTLEN])
70ee483d320a270993b56c713e350b736edd753fAki Tuomi{
70ee483d320a270993b56c713e350b736edd753fAki Tuomi struct sha3_ctx ctx;
70ee483d320a270993b56c713e350b736edd753fAki Tuomi sha3_256_init(&ctx);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi sha3_loop(&ctx, data, size);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi sha3_256_result(&ctx, digest);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi}
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomivoid sha3_512_get_digest(const void *data, size_t size,
70ee483d320a270993b56c713e350b736edd753fAki Tuomi unsigned char digest[STATIC_ARRAY SHA512_RESULTLEN])
70ee483d320a270993b56c713e350b736edd753fAki Tuomi{
70ee483d320a270993b56c713e350b736edd753fAki Tuomi struct sha3_ctx ctx;
70ee483d320a270993b56c713e350b736edd753fAki Tuomi sha3_512_init(&ctx);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi sha3_loop(&ctx, data, size);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi sha3_512_result(&ctx, digest);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi}
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomistatic void hash_method_init_sha3_256(void *context)
70ee483d320a270993b56c713e350b736edd753fAki Tuomi{
70ee483d320a270993b56c713e350b736edd753fAki Tuomi sha3_256_init(context);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi}
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomistatic void hash_method_loop_sha3(void *context, const void *data, size_t size)
70ee483d320a270993b56c713e350b736edd753fAki Tuomi{
70ee483d320a270993b56c713e350b736edd753fAki Tuomi sha3_loop(context, data, size);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi}
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomistatic void hash_method_result_sha3_256(void *context, unsigned char *result_r)
70ee483d320a270993b56c713e350b736edd753fAki Tuomi{
70ee483d320a270993b56c713e350b736edd753fAki Tuomi sha3_256_result(context, result_r);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi}
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomiconst struct hash_method hash_method_sha3_256 = {
70ee483d320a270993b56c713e350b736edd753fAki Tuomi "sha3-256",
70ee483d320a270993b56c713e350b736edd753fAki Tuomi sizeof(struct sha3_ctx),
70ee483d320a270993b56c713e350b736edd753fAki Tuomi SHA256_RESULTLEN,
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomi hash_method_init_sha3_256,
70ee483d320a270993b56c713e350b736edd753fAki Tuomi hash_method_loop_sha3,
70ee483d320a270993b56c713e350b736edd753fAki Tuomi hash_method_result_sha3_256
70ee483d320a270993b56c713e350b736edd753fAki Tuomi};
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomistatic void hash_method_init_sha3_512(void *context)
70ee483d320a270993b56c713e350b736edd753fAki Tuomi{
70ee483d320a270993b56c713e350b736edd753fAki Tuomi sha3_512_init(context);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi}
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomistatic void hash_method_result_sha3_512(void *context, unsigned char *result_r)
70ee483d320a270993b56c713e350b736edd753fAki Tuomi{
70ee483d320a270993b56c713e350b736edd753fAki Tuomi sha3_512_result(context, result_r);
70ee483d320a270993b56c713e350b736edd753fAki Tuomi}
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomiconst struct hash_method hash_method_sha3_512 = {
70ee483d320a270993b56c713e350b736edd753fAki Tuomi "sha3-512",
70ee483d320a270993b56c713e350b736edd753fAki Tuomi sizeof(struct sha3_ctx),
70ee483d320a270993b56c713e350b736edd753fAki Tuomi SHA512_RESULTLEN,
70ee483d320a270993b56c713e350b736edd753fAki Tuomi
70ee483d320a270993b56c713e350b736edd753fAki Tuomi hash_method_init_sha3_512,
70ee483d320a270993b56c713e350b736edd753fAki Tuomi hash_method_loop_sha3,
70ee483d320a270993b56c713e350b736edd753fAki Tuomi hash_method_result_sha3_512
70ee483d320a270993b56c713e350b736edd753fAki Tuomi};