2 * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include "internal/sha3.h"
13 void SHA3_squeeze(uint64_t A[5][5], unsigned char *out, size_t len, size_t r);
15 void sha3_reset(KECCAK1600_CTX *ctx)
17 memset(ctx->A, 0, sizeof(ctx->A));
21 int sha3_init(KECCAK1600_CTX *ctx, unsigned char pad, size_t bitlen)
23 size_t bsz = SHA3_BLOCKSIZE(bitlen);
25 if (bsz <= sizeof(ctx->buf)) {
27 ctx->block_size = bsz;
28 ctx->md_size = bitlen / 8;
36 int keccak_kmac_init(KECCAK1600_CTX *ctx, unsigned char pad, size_t bitlen)
38 int ret = sha3_init(ctx, pad, bitlen);
45 int sha3_update(KECCAK1600_CTX *ctx, const void *_inp, size_t len)
47 const unsigned char *inp = _inp;
48 size_t bsz = ctx->block_size;
54 if ((num = ctx->bufsz) != 0) { /* process intermediate buffer? */
58 memcpy(ctx->buf + num, inp, len);
63 * We have enough data to fill or overflow the intermediate
64 * buffer. So we append |rem| bytes and process the block,
65 * leaving the rest for later processing...
67 memcpy(ctx->buf + num, inp, rem);
68 inp += rem, len -= rem;
69 (void)SHA3_absorb(ctx->A, ctx->buf, bsz, bsz);
71 /* ctx->buf is processed, ctx->num is guaranteed to be zero */
75 rem = SHA3_absorb(ctx->A, inp, len, bsz);
80 memcpy(ctx->buf, inp + len - rem, rem);
87 int sha3_final(unsigned char *md, KECCAK1600_CTX *ctx)
89 size_t bsz = ctx->block_size;
90 size_t num = ctx->bufsz;
92 if (ctx->md_size == 0)
96 * Pad the data with 10*1. Note that |num| can be |bsz - 1|
97 * in which case both byte operations below are performed on
100 memset(ctx->buf + num, 0, bsz - num);
101 ctx->buf[num] = ctx->pad;
102 ctx->buf[bsz - 1] |= 0x80;
104 (void)SHA3_absorb(ctx->A, ctx->buf, bsz, bsz);
106 SHA3_squeeze(ctx->A, md, ctx->md_size, bsz);