wolf SSL / wolfSSL

wolfSSL SSL/TLS library, support up to TLS1.3

Dependents:   CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more

wolfcrypt/src/sha3.c@16:8e0d178b1d1e, 2020-06-04 (annotated)

Committer:
wolfSSL
Date:
Thu Jun 04 23:57:22 2020 +0000
Revision:
16:8e0d178b1d1e
Parent:
15:117db924cf7c 
wolfSSL 4.4.0

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 15:117db924cf7c 1 /* sha3.c
wolfSSL 15:117db924cf7c 2 *
wolfSSL 16:8e0d178b1d1e 3 * Copyright (C) 2006-2020 wolfSSL Inc.
wolfSSL 15:117db924cf7c 4 *
wolfSSL 15:117db924cf7c 5 * This file is part of wolfSSL.
wolfSSL 15:117db924cf7c 6 *
wolfSSL 15:117db924cf7c 7 * wolfSSL is free software; you can redistribute it and/or modify
wolfSSL 15:117db924cf7c 8 * it under the terms of the GNU General Public License as published by
wolfSSL 15:117db924cf7c 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 15:117db924cf7c 10 * (at your option) any later version.
wolfSSL 15:117db924cf7c 11 *
wolfSSL 15:117db924cf7c 12 * wolfSSL is distributed in the hope that it will be useful,
wolfSSL 15:117db924cf7c 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 15:117db924cf7c 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 15:117db924cf7c 15 * GNU General Public License for more details.
wolfSSL 15:117db924cf7c 16 *
wolfSSL 15:117db924cf7c 17 * You should have received a copy of the GNU General Public License
wolfSSL 15:117db924cf7c 18 * along with this program; if not, write to the Free Software
wolfSSL 15:117db924cf7c 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL 15:117db924cf7c 20 */
wolfSSL 15:117db924cf7c 21
wolfSSL 15:117db924cf7c 22
wolfSSL 15:117db924cf7c 23 #ifdef HAVE_CONFIG_H
wolfSSL 15:117db924cf7c 24 #include <config.h>
wolfSSL 15:117db924cf7c 25 #endif
wolfSSL 15:117db924cf7c 26
wolfSSL 15:117db924cf7c 27 #include <wolfssl/wolfcrypt/settings.h>
wolfSSL 15:117db924cf7c 28
wolfSSL 16:8e0d178b1d1e 29 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_XILINX_CRYPT) && \
wolfSSL 16:8e0d178b1d1e 30 !defined(WOLFSSL_AFALG_XILINX_SHA3)
wolfSSL 15:117db924cf7c 31
wolfSSL 15:117db924cf7c 32 #if defined(HAVE_FIPS) && \
wolfSSL 15:117db924cf7c 33 defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
wolfSSL 15:117db924cf7c 34
wolfSSL 15:117db924cf7c 35 /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
wolfSSL 15:117db924cf7c 36 #define FIPS_NO_WRAPPERS
wolfSSL 15:117db924cf7c 37
wolfSSL 15:117db924cf7c 38 #ifdef USE_WINDOWS_API
wolfSSL 15:117db924cf7c 39 #pragma code_seg(".fipsA$l")
wolfSSL 15:117db924cf7c 40 #pragma const_seg(".fipsB$l")
wolfSSL 15:117db924cf7c 41 #endif
wolfSSL 15:117db924cf7c 42 #endif
wolfSSL 15:117db924cf7c 43
wolfSSL 15:117db924cf7c 44 #include <wolfssl/wolfcrypt/sha3.h>
wolfSSL 15:117db924cf7c 45 #include <wolfssl/wolfcrypt/error-crypt.h>
wolfSSL 16:8e0d178b1d1e 46 #include <wolfssl/wolfcrypt/hash.h>
wolfSSL 15:117db924cf7c 47
wolfSSL 15:117db924cf7c 48 #ifdef NO_INLINE
wolfSSL 15:117db924cf7c 49 #include <wolfssl/wolfcrypt/misc.h>
wolfSSL 15:117db924cf7c 50 #else
wolfSSL 15:117db924cf7c 51 #define WOLFSSL_MISC_INCLUDED
wolfSSL 15:117db924cf7c 52 #include <wolfcrypt/src/misc.c>
wolfSSL 15:117db924cf7c 53 #endif
wolfSSL 15:117db924cf7c 54
wolfSSL 15:117db924cf7c 55
wolfSSL 15:117db924cf7c 56 #ifdef WOLFSSL_SHA3_SMALL
wolfSSL 15:117db924cf7c 57 /* Rotate a 64-bit value left.
wolfSSL 15:117db924cf7c 58 *
wolfSSL 15:117db924cf7c 59 * a Number to rotate left.
wolfSSL 15:117db924cf7c 60 * r Number od bits to rotate left.
wolfSSL 15:117db924cf7c 61 * returns the rotated number.
wolfSSL 15:117db924cf7c 62 */
wolfSSL 15:117db924cf7c 63 #define ROTL64(a, n) (((a)<<(n))|((a)>>(64-(n))))
wolfSSL 15:117db924cf7c 64
wolfSSL 15:117db924cf7c 65 /* An array of values to XOR for block operation. */
wolfSSL 15:117db924cf7c 66 static const word64 hash_keccak_r[24] =
wolfSSL 15:117db924cf7c 67 {
wolfSSL 15:117db924cf7c 68 0x0000000000000001UL, 0x0000000000008082UL,
wolfSSL 15:117db924cf7c 69 0x800000000000808aUL, 0x8000000080008000UL,
wolfSSL 15:117db924cf7c 70 0x000000000000808bUL, 0x0000000080000001UL,
wolfSSL 15:117db924cf7c 71 0x8000000080008081UL, 0x8000000000008009UL,
wolfSSL 15:117db924cf7c 72 0x000000000000008aUL, 0x0000000000000088UL,
wolfSSL 15:117db924cf7c 73 0x0000000080008009UL, 0x000000008000000aUL,
wolfSSL 15:117db924cf7c 74 0x000000008000808bUL, 0x800000000000008bUL,
wolfSSL 15:117db924cf7c 75 0x8000000000008089UL, 0x8000000000008003UL,
wolfSSL 15:117db924cf7c 76 0x8000000000008002UL, 0x8000000000000080UL,
wolfSSL 15:117db924cf7c 77 0x000000000000800aUL, 0x800000008000000aUL,
wolfSSL 15:117db924cf7c 78 0x8000000080008081UL, 0x8000000000008080UL,
wolfSSL 15:117db924cf7c 79 0x0000000080000001UL, 0x8000000080008008UL
wolfSSL 15:117db924cf7c 80 };
wolfSSL 15:117db924cf7c 81
wolfSSL 16:8e0d178b1d1e 82 /* Indices used in swap and rotate operation. */
wolfSSL 15:117db924cf7c 83 #define K_I_0 10
wolfSSL 15:117db924cf7c 84 #define K_I_1 7
wolfSSL 15:117db924cf7c 85 #define K_I_2 11
wolfSSL 15:117db924cf7c 86 #define K_I_3 17
wolfSSL 15:117db924cf7c 87 #define K_I_4 18
wolfSSL 15:117db924cf7c 88 #define K_I_5 3
wolfSSL 15:117db924cf7c 89 #define K_I_6 5
wolfSSL 15:117db924cf7c 90 #define K_I_7 16
wolfSSL 15:117db924cf7c 91 #define K_I_8 8
wolfSSL 15:117db924cf7c 92 #define K_I_9 21
wolfSSL 15:117db924cf7c 93 #define K_I_10 24
wolfSSL 15:117db924cf7c 94 #define K_I_11 4
wolfSSL 15:117db924cf7c 95 #define K_I_12 15
wolfSSL 15:117db924cf7c 96 #define K_I_13 23
wolfSSL 15:117db924cf7c 97 #define K_I_14 19
wolfSSL 15:117db924cf7c 98 #define K_I_15 13
wolfSSL 15:117db924cf7c 99 #define K_I_16 12
wolfSSL 15:117db924cf7c 100 #define K_I_17 2
wolfSSL 15:117db924cf7c 101 #define K_I_18 20
wolfSSL 15:117db924cf7c 102 #define K_I_19 14
wolfSSL 15:117db924cf7c 103 #define K_I_20 22
wolfSSL 15:117db924cf7c 104 #define K_I_21 9
wolfSSL 15:117db924cf7c 105 #define K_I_22 6
wolfSSL 15:117db924cf7c 106 #define K_I_23 1
wolfSSL 15:117db924cf7c 107
wolfSSL 15:117db924cf7c 108 /* Number of bits to rotate in swap and rotate operation. */
wolfSSL 15:117db924cf7c 109 #define K_R_0 1
wolfSSL 15:117db924cf7c 110 #define K_R_1 3
wolfSSL 15:117db924cf7c 111 #define K_R_2 6
wolfSSL 15:117db924cf7c 112 #define K_R_3 10
wolfSSL 15:117db924cf7c 113 #define K_R_4 15
wolfSSL 15:117db924cf7c 114 #define K_R_5 21
wolfSSL 15:117db924cf7c 115 #define K_R_6 28
wolfSSL 15:117db924cf7c 116 #define K_R_7 36
wolfSSL 15:117db924cf7c 117 #define K_R_8 45
wolfSSL 15:117db924cf7c 118 #define K_R_9 55
wolfSSL 15:117db924cf7c 119 #define K_R_10 2
wolfSSL 15:117db924cf7c 120 #define K_R_11 14
wolfSSL 15:117db924cf7c 121 #define K_R_12 27
wolfSSL 15:117db924cf7c 122 #define K_R_13 41
wolfSSL 15:117db924cf7c 123 #define K_R_14 56
wolfSSL 15:117db924cf7c 124 #define K_R_15 8
wolfSSL 15:117db924cf7c 125 #define K_R_16 25
wolfSSL 15:117db924cf7c 126 #define K_R_17 43
wolfSSL 15:117db924cf7c 127 #define K_R_18 62
wolfSSL 15:117db924cf7c 128 #define K_R_19 18
wolfSSL 15:117db924cf7c 129 #define K_R_20 39
wolfSSL 15:117db924cf7c 130 #define K_R_21 61
wolfSSL 15:117db924cf7c 131 #define K_R_22 20
wolfSSL 15:117db924cf7c 132 #define K_R_23 44
wolfSSL 15:117db924cf7c 133
wolfSSL 15:117db924cf7c 134 /* Swap and rotate left operation.
wolfSSL 15:117db924cf7c 135 *
wolfSSL 15:117db924cf7c 136 * s The state.
wolfSSL 15:117db924cf7c 137 * t1 Temporary value.
wolfSSL 15:117db924cf7c 138 * t2 Second temporary value.
wolfSSL 15:117db924cf7c 139 * i The index of the loop.
wolfSSL 15:117db924cf7c 140 */
wolfSSL 15:117db924cf7c 141 #define SWAP_ROTL(s, t1, t2, i) \
wolfSSL 15:117db924cf7c 142 do \
wolfSSL 15:117db924cf7c 143 { \
wolfSSL 15:117db924cf7c 144 t2 = s[K_I_##i]; s[K_I_##i] = ROTL64(t1, K_R_##i); \
wolfSSL 15:117db924cf7c 145 } \
wolfSSL 15:117db924cf7c 146 while (0)
wolfSSL 15:117db924cf7c 147
wolfSSL 15:117db924cf7c 148 /* Mix the XOR of the column's values into each number by column.
wolfSSL 15:117db924cf7c 149 *
wolfSSL 15:117db924cf7c 150 * s The state.
wolfSSL 15:117db924cf7c 151 * b Temporary array of XORed column values.
wolfSSL 15:117db924cf7c 152 * x The index of the column.
wolfSSL 15:117db924cf7c 153 * t Temporary variable.
wolfSSL 15:117db924cf7c 154 */
wolfSSL 15:117db924cf7c 155 #define COL_MIX(s, b, x, t) \
wolfSSL 15:117db924cf7c 156 do \
wolfSSL 15:117db924cf7c 157 { \
wolfSSL 15:117db924cf7c 158 for (x = 0; x < 5; x++) \
wolfSSL 15:117db924cf7c 159 b[x] = s[x + 0] ^ s[x + 5] ^ s[x + 10] ^ s[x + 15] ^ s[x + 20]; \
wolfSSL 15:117db924cf7c 160 for (x = 0; x < 5; x++) \
wolfSSL 15:117db924cf7c 161 { \
wolfSSL 15:117db924cf7c 162 t = b[(x + 4) % 5] ^ ROTL64(b[(x + 1) % 5], 1); \
wolfSSL 15:117db924cf7c 163 s[x + 0] ^= t; \
wolfSSL 15:117db924cf7c 164 s[x + 5] ^= t; \
wolfSSL 15:117db924cf7c 165 s[x + 10] ^= t; \
wolfSSL 15:117db924cf7c 166 s[x + 15] ^= t; \
wolfSSL 15:117db924cf7c 167 s[x + 20] ^= t; \
wolfSSL 15:117db924cf7c 168 } \
wolfSSL 15:117db924cf7c 169 } \
wolfSSL 15:117db924cf7c 170 while (0)
wolfSSL 15:117db924cf7c 171
wolfSSL 15:117db924cf7c 172 #ifdef SHA3_BY_SPEC
wolfSSL 15:117db924cf7c 173 /* Mix the row values.
wolfSSL 15:117db924cf7c 174 * BMI1 has ANDN instruction ((~a) & b) - Haswell and above.
wolfSSL 15:117db924cf7c 175 *
wolfSSL 15:117db924cf7c 176 * s The state.
wolfSSL 15:117db924cf7c 177 * b Temporary array of XORed row values.
wolfSSL 15:117db924cf7c 178 * y The index of the row to work on.
wolfSSL 15:117db924cf7c 179 * x The index of the column.
wolfSSL 15:117db924cf7c 180 * t0 Temporary variable.
wolfSSL 15:117db924cf7c 181 * t1 Temporary variable.
wolfSSL 15:117db924cf7c 182 */
wolfSSL 15:117db924cf7c 183 #define ROW_MIX(s, b, y, x, t0, t1) \
wolfSSL 15:117db924cf7c 184 do \
wolfSSL 15:117db924cf7c 185 { \
wolfSSL 15:117db924cf7c 186 for (y = 0; y < 5; y++) \
wolfSSL 15:117db924cf7c 187 { \
wolfSSL 15:117db924cf7c 188 for (x = 0; x < 5; x++) \
wolfSSL 15:117db924cf7c 189 b[x] = s[y * 5 + x]; \
wolfSSL 15:117db924cf7c 190 for (x = 0; x < 5; x++) \
wolfSSL 15:117db924cf7c 191 s[y * 5 + x] = b[x] ^ (~b[(x + 1) % 5] & b[(x + 2) % 5]); \
wolfSSL 15:117db924cf7c 192 } \
wolfSSL 15:117db924cf7c 193 } \
wolfSSL 15:117db924cf7c 194 while (0)
wolfSSL 15:117db924cf7c 195 #else
wolfSSL 15:117db924cf7c 196 /* Mix the row values.
wolfSSL 15:117db924cf7c 197 * a ^ (~b & c) == a ^ (c & (b ^ c)) == (a ^ b) ^ (b | c)
wolfSSL 15:117db924cf7c 198 *
wolfSSL 15:117db924cf7c 199 * s The state.
wolfSSL 15:117db924cf7c 200 * b Temporary array of XORed row values.
wolfSSL 15:117db924cf7c 201 * y The index of the row to work on.
wolfSSL 15:117db924cf7c 202 * x The index of the column.
wolfSSL 15:117db924cf7c 203 * t0 Temporary variable.
wolfSSL 15:117db924cf7c 204 * t1 Temporary variable.
wolfSSL 15:117db924cf7c 205 */
wolfSSL 15:117db924cf7c 206 #define ROW_MIX(s, b, y, x, t12, t34) \
wolfSSL 15:117db924cf7c 207 do \
wolfSSL 15:117db924cf7c 208 { \
wolfSSL 15:117db924cf7c 209 for (y = 0; y < 5; y++) \
wolfSSL 15:117db924cf7c 210 { \
wolfSSL 15:117db924cf7c 211 for (x = 0; x < 5; x++) \
wolfSSL 15:117db924cf7c 212 b[x] = s[y * 5 + x]; \
wolfSSL 15:117db924cf7c 213 t12 = (b[1] ^ b[2]); t34 = (b[3] ^ b[4]); \
wolfSSL 15:117db924cf7c 214 s[y * 5 + 0] = b[0] ^ (b[2] & t12); \
wolfSSL 15:117db924cf7c 215 s[y * 5 + 1] = t12 ^ (b[2] | b[3]); \
wolfSSL 15:117db924cf7c 216 s[y * 5 + 2] = b[2] ^ (b[4] & t34); \
wolfSSL 15:117db924cf7c 217 s[y * 5 + 3] = t34 ^ (b[4] | b[0]); \
wolfSSL 15:117db924cf7c 218 s[y * 5 + 4] = b[4] ^ (b[1] & (b[0] ^ b[1])); \
wolfSSL 15:117db924cf7c 219 } \
wolfSSL 15:117db924cf7c 220 } \
wolfSSL 15:117db924cf7c 221 while (0)
wolfSSL 15:117db924cf7c 222 #endif /* SHA3_BY_SPEC */
wolfSSL 15:117db924cf7c 223
wolfSSL 15:117db924cf7c 224 /* The block operation performed on the state.
wolfSSL 15:117db924cf7c 225 *
wolfSSL 15:117db924cf7c 226 * s The state.
wolfSSL 15:117db924cf7c 227 */
wolfSSL 15:117db924cf7c 228 static void BlockSha3(word64 *s)
wolfSSL 15:117db924cf7c 229 {
wolfSSL 15:117db924cf7c 230 byte i, x, y;
wolfSSL 15:117db924cf7c 231 word64 t0, t1;
wolfSSL 15:117db924cf7c 232 word64 b[5];
wolfSSL 15:117db924cf7c 233
wolfSSL 15:117db924cf7c 234 for (i = 0; i < 24; i++)
wolfSSL 15:117db924cf7c 235 {
wolfSSL 15:117db924cf7c 236 COL_MIX(s, b, x, t0);
wolfSSL 15:117db924cf7c 237
wolfSSL 15:117db924cf7c 238 t0 = s[1];
wolfSSL 15:117db924cf7c 239 SWAP_ROTL(s, t0, t1, 0);
wolfSSL 15:117db924cf7c 240 SWAP_ROTL(s, t1, t0, 1);
wolfSSL 15:117db924cf7c 241 SWAP_ROTL(s, t0, t1, 2);
wolfSSL 15:117db924cf7c 242 SWAP_ROTL(s, t1, t0, 3);
wolfSSL 15:117db924cf7c 243 SWAP_ROTL(s, t0, t1, 4);
wolfSSL 15:117db924cf7c 244 SWAP_ROTL(s, t1, t0, 5);
wolfSSL 15:117db924cf7c 245 SWAP_ROTL(s, t0, t1, 6);
wolfSSL 15:117db924cf7c 246 SWAP_ROTL(s, t1, t0, 7);
wolfSSL 15:117db924cf7c 247 SWAP_ROTL(s, t0, t1, 8);
wolfSSL 15:117db924cf7c 248 SWAP_ROTL(s, t1, t0, 9);
wolfSSL 15:117db924cf7c 249 SWAP_ROTL(s, t0, t1, 10);
wolfSSL 15:117db924cf7c 250 SWAP_ROTL(s, t1, t0, 11);
wolfSSL 15:117db924cf7c 251 SWAP_ROTL(s, t0, t1, 12);
wolfSSL 15:117db924cf7c 252 SWAP_ROTL(s, t1, t0, 13);
wolfSSL 15:117db924cf7c 253 SWAP_ROTL(s, t0, t1, 14);
wolfSSL 15:117db924cf7c 254 SWAP_ROTL(s, t1, t0, 15);
wolfSSL 15:117db924cf7c 255 SWAP_ROTL(s, t0, t1, 16);
wolfSSL 15:117db924cf7c 256 SWAP_ROTL(s, t1, t0, 17);
wolfSSL 15:117db924cf7c 257 SWAP_ROTL(s, t0, t1, 18);
wolfSSL 15:117db924cf7c 258 SWAP_ROTL(s, t1, t0, 19);
wolfSSL 15:117db924cf7c 259 SWAP_ROTL(s, t0, t1, 20);
wolfSSL 15:117db924cf7c 260 SWAP_ROTL(s, t1, t0, 21);
wolfSSL 15:117db924cf7c 261 SWAP_ROTL(s, t0, t1, 22);
wolfSSL 15:117db924cf7c 262 SWAP_ROTL(s, t1, t0, 23);
wolfSSL 15:117db924cf7c 263
wolfSSL 15:117db924cf7c 264 ROW_MIX(s, b, y, x, t0, t1);
wolfSSL 15:117db924cf7c 265
wolfSSL 15:117db924cf7c 266 s[0] ^= hash_keccak_r[i];
wolfSSL 15:117db924cf7c 267 }
wolfSSL 15:117db924cf7c 268 }
wolfSSL 15:117db924cf7c 269 #else
wolfSSL 15:117db924cf7c 270 /* Rotate a 64-bit value left.
wolfSSL 15:117db924cf7c 271 *
wolfSSL 15:117db924cf7c 272 * a Number to rotate left.
wolfSSL 15:117db924cf7c 273 * r Number od bits to rotate left.
wolfSSL 15:117db924cf7c 274 * returns the rotated number.
wolfSSL 15:117db924cf7c 275 */
wolfSSL 15:117db924cf7c 276 #define ROTL64(a, n) (((a)<<(n))|((a)>>(64-(n))))
wolfSSL 15:117db924cf7c 277
wolfSSL 15:117db924cf7c 278 /* An array of values to XOR for block operation. */
wolfSSL 15:117db924cf7c 279 static const word64 hash_keccak_r[24] =
wolfSSL 15:117db924cf7c 280 {
wolfSSL 15:117db924cf7c 281 0x0000000000000001UL, 0x0000000000008082UL,
wolfSSL 15:117db924cf7c 282 0x800000000000808aUL, 0x8000000080008000UL,
wolfSSL 15:117db924cf7c 283 0x000000000000808bUL, 0x0000000080000001UL,
wolfSSL 15:117db924cf7c 284 0x8000000080008081UL, 0x8000000000008009UL,
wolfSSL 15:117db924cf7c 285 0x000000000000008aUL, 0x0000000000000088UL,
wolfSSL 15:117db924cf7c 286 0x0000000080008009UL, 0x000000008000000aUL,
wolfSSL 15:117db924cf7c 287 0x000000008000808bUL, 0x800000000000008bUL,
wolfSSL 15:117db924cf7c 288 0x8000000000008089UL, 0x8000000000008003UL,
wolfSSL 15:117db924cf7c 289 0x8000000000008002UL, 0x8000000000000080UL,
wolfSSL 15:117db924cf7c 290 0x000000000000800aUL, 0x800000008000000aUL,
wolfSSL 15:117db924cf7c 291 0x8000000080008081UL, 0x8000000000008080UL,
wolfSSL 15:117db924cf7c 292 0x0000000080000001UL, 0x8000000080008008UL
wolfSSL 15:117db924cf7c 293 };
wolfSSL 15:117db924cf7c 294
wolfSSL 16:8e0d178b1d1e 295 /* Indices used in swap and rotate operation. */
wolfSSL 15:117db924cf7c 296 #define KI_0 6
wolfSSL 15:117db924cf7c 297 #define KI_1 12
wolfSSL 15:117db924cf7c 298 #define KI_2 18
wolfSSL 15:117db924cf7c 299 #define KI_3 24
wolfSSL 15:117db924cf7c 300 #define KI_4 3
wolfSSL 15:117db924cf7c 301 #define KI_5 9
wolfSSL 15:117db924cf7c 302 #define KI_6 10
wolfSSL 15:117db924cf7c 303 #define KI_7 16
wolfSSL 15:117db924cf7c 304 #define KI_8 22
wolfSSL 15:117db924cf7c 305 #define KI_9 1
wolfSSL 15:117db924cf7c 306 #define KI_10 7
wolfSSL 15:117db924cf7c 307 #define KI_11 13
wolfSSL 15:117db924cf7c 308 #define KI_12 19
wolfSSL 15:117db924cf7c 309 #define KI_13 20
wolfSSL 15:117db924cf7c 310 #define KI_14 4
wolfSSL 15:117db924cf7c 311 #define KI_15 5
wolfSSL 15:117db924cf7c 312 #define KI_16 11
wolfSSL 15:117db924cf7c 313 #define KI_17 17
wolfSSL 15:117db924cf7c 314 #define KI_18 23
wolfSSL 15:117db924cf7c 315 #define KI_19 2
wolfSSL 15:117db924cf7c 316 #define KI_20 8
wolfSSL 15:117db924cf7c 317 #define KI_21 14
wolfSSL 15:117db924cf7c 318 #define KI_22 15
wolfSSL 15:117db924cf7c 319 #define KI_23 21
wolfSSL 15:117db924cf7c 320
wolfSSL 15:117db924cf7c 321 /* Number of bits to rotate in swap and rotate operation. */
wolfSSL 15:117db924cf7c 322 #define KR_0 44
wolfSSL 15:117db924cf7c 323 #define KR_1 43
wolfSSL 15:117db924cf7c 324 #define KR_2 21
wolfSSL 15:117db924cf7c 325 #define KR_3 14
wolfSSL 15:117db924cf7c 326 #define KR_4 28
wolfSSL 15:117db924cf7c 327 #define KR_5 20
wolfSSL 15:117db924cf7c 328 #define KR_6 3
wolfSSL 15:117db924cf7c 329 #define KR_7 45
wolfSSL 15:117db924cf7c 330 #define KR_8 61
wolfSSL 15:117db924cf7c 331 #define KR_9 1
wolfSSL 15:117db924cf7c 332 #define KR_10 6
wolfSSL 15:117db924cf7c 333 #define KR_11 25
wolfSSL 15:117db924cf7c 334 #define KR_12 8
wolfSSL 15:117db924cf7c 335 #define KR_13 18
wolfSSL 15:117db924cf7c 336 #define KR_14 27
wolfSSL 15:117db924cf7c 337 #define KR_15 36
wolfSSL 15:117db924cf7c 338 #define KR_16 10
wolfSSL 15:117db924cf7c 339 #define KR_17 15
wolfSSL 15:117db924cf7c 340 #define KR_18 56
wolfSSL 15:117db924cf7c 341 #define KR_19 62
wolfSSL 15:117db924cf7c 342 #define KR_20 55
wolfSSL 15:117db924cf7c 343 #define KR_21 39
wolfSSL 15:117db924cf7c 344 #define KR_22 41
wolfSSL 15:117db924cf7c 345 #define KR_23 2
wolfSSL 15:117db924cf7c 346
wolfSSL 15:117db924cf7c 347 /* Mix the XOR of the column's values into each number by column.
wolfSSL 15:117db924cf7c 348 *
wolfSSL 15:117db924cf7c 349 * s The state.
wolfSSL 15:117db924cf7c 350 * b Temporary array of XORed column values.
wolfSSL 15:117db924cf7c 351 * x The index of the column.
wolfSSL 15:117db924cf7c 352 * t Temporary variable.
wolfSSL 15:117db924cf7c 353 */
wolfSSL 15:117db924cf7c 354 #define COL_MIX(s, b, x, t) \
wolfSSL 15:117db924cf7c 355 do \
wolfSSL 15:117db924cf7c 356 { \
wolfSSL 15:117db924cf7c 357 b[0] = s[0] ^ s[5] ^ s[10] ^ s[15] ^ s[20]; \
wolfSSL 15:117db924cf7c 358 b[1] = s[1] ^ s[6] ^ s[11] ^ s[16] ^ s[21]; \
wolfSSL 15:117db924cf7c 359 b[2] = s[2] ^ s[7] ^ s[12] ^ s[17] ^ s[22]; \
wolfSSL 15:117db924cf7c 360 b[3] = s[3] ^ s[8] ^ s[13] ^ s[18] ^ s[23]; \
wolfSSL 15:117db924cf7c 361 b[4] = s[4] ^ s[9] ^ s[14] ^ s[19] ^ s[24]; \
wolfSSL 15:117db924cf7c 362 t = b[(0 + 4) % 5] ^ ROTL64(b[(0 + 1) % 5], 1); \
wolfSSL 15:117db924cf7c 363 s[ 0] ^= t; s[ 5] ^= t; s[10] ^= t; s[15] ^= t; s[20] ^= t; \
wolfSSL 15:117db924cf7c 364 t = b[(1 + 4) % 5] ^ ROTL64(b[(1 + 1) % 5], 1); \
wolfSSL 15:117db924cf7c 365 s[ 1] ^= t; s[ 6] ^= t; s[11] ^= t; s[16] ^= t; s[21] ^= t; \
wolfSSL 15:117db924cf7c 366 t = b[(2 + 4) % 5] ^ ROTL64(b[(2 + 1) % 5], 1); \
wolfSSL 15:117db924cf7c 367 s[ 2] ^= t; s[ 7] ^= t; s[12] ^= t; s[17] ^= t; s[22] ^= t; \
wolfSSL 15:117db924cf7c 368 t = b[(3 + 4) % 5] ^ ROTL64(b[(3 + 1) % 5], 1); \
wolfSSL 15:117db924cf7c 369 s[ 3] ^= t; s[ 8] ^= t; s[13] ^= t; s[18] ^= t; s[23] ^= t; \
wolfSSL 15:117db924cf7c 370 t = b[(4 + 4) % 5] ^ ROTL64(b[(4 + 1) % 5], 1); \
wolfSSL 15:117db924cf7c 371 s[ 4] ^= t; s[ 9] ^= t; s[14] ^= t; s[19] ^= t; s[24] ^= t; \
wolfSSL 15:117db924cf7c 372 } \
wolfSSL 15:117db924cf7c 373 while (0)
wolfSSL 15:117db924cf7c 374
wolfSSL 15:117db924cf7c 375 #define S(s1, i) ROTL64(s1[KI_##i], KR_##i)
wolfSSL 15:117db924cf7c 376
wolfSSL 15:117db924cf7c 377 #ifdef SHA3_BY_SPEC
wolfSSL 15:117db924cf7c 378 /* Mix the row values.
wolfSSL 15:117db924cf7c 379 * BMI1 has ANDN instruction ((~a) & b) - Haswell and above.
wolfSSL 15:117db924cf7c 380 *
wolfSSL 15:117db924cf7c 381 * s2 The new state.
wolfSSL 15:117db924cf7c 382 * s1 The current state.
wolfSSL 15:117db924cf7c 383 * b Temporary array of XORed row values.
wolfSSL 15:117db924cf7c 384 * t0 Temporary variable. (Unused)
wolfSSL 15:117db924cf7c 385 * t1 Temporary variable. (Unused)
wolfSSL 15:117db924cf7c 386 */
wolfSSL 15:117db924cf7c 387 #define ROW_MIX(s2, s1, b, t0, t1) \
wolfSSL 15:117db924cf7c 388 do \
wolfSSL 15:117db924cf7c 389 { \
wolfSSL 15:117db924cf7c 390 b[0] = s1[0]; \
wolfSSL 15:117db924cf7c 391 b[1] = S(s1, 0); \
wolfSSL 15:117db924cf7c 392 b[2] = S(s1, 1); \
wolfSSL 15:117db924cf7c 393 b[3] = S(s1, 2); \
wolfSSL 15:117db924cf7c 394 b[4] = S(s1, 3); \
wolfSSL 15:117db924cf7c 395 s2[0] = b[0] ^ (~b[1] & b[2]); \
wolfSSL 15:117db924cf7c 396 s2[1] = b[1] ^ (~b[2] & b[3]); \
wolfSSL 15:117db924cf7c 397 s2[2] = b[2] ^ (~b[3] & b[4]); \
wolfSSL 15:117db924cf7c 398 s2[3] = b[3] ^ (~b[4] & b[0]); \
wolfSSL 15:117db924cf7c 399 s2[4] = b[4] ^ (~b[0] & b[1]); \
wolfSSL 15:117db924cf7c 400 b[0] = S(s1, 4); \
wolfSSL 15:117db924cf7c 401 b[1] = S(s1, 5); \
wolfSSL 15:117db924cf7c 402 b[2] = S(s1, 6); \
wolfSSL 15:117db924cf7c 403 b[3] = S(s1, 7); \
wolfSSL 15:117db924cf7c 404 b[4] = S(s1, 8); \
wolfSSL 15:117db924cf7c 405 s2[5] = b[0] ^ (~b[1] & b[2]); \
wolfSSL 15:117db924cf7c 406 s2[6] = b[1] ^ (~b[2] & b[3]); \
wolfSSL 15:117db924cf7c 407 s2[7] = b[2] ^ (~b[3] & b[4]); \
wolfSSL 15:117db924cf7c 408 s2[8] = b[3] ^ (~b[4] & b[0]); \
wolfSSL 15:117db924cf7c 409 s2[9] = b[4] ^ (~b[0] & b[1]); \
wolfSSL 15:117db924cf7c 410 b[0] = S(s1, 9); \
wolfSSL 15:117db924cf7c 411 b[1] = S(s1, 10); \
wolfSSL 15:117db924cf7c 412 b[2] = S(s1, 11); \
wolfSSL 15:117db924cf7c 413 b[3] = S(s1, 12); \
wolfSSL 15:117db924cf7c 414 b[4] = S(s1, 13); \
wolfSSL 15:117db924cf7c 415 s2[10] = b[0] ^ (~b[1] & b[2]); \
wolfSSL 15:117db924cf7c 416 s2[11] = b[1] ^ (~b[2] & b[3]); \
wolfSSL 15:117db924cf7c 417 s2[12] = b[2] ^ (~b[3] & b[4]); \
wolfSSL 15:117db924cf7c 418 s2[13] = b[3] ^ (~b[4] & b[0]); \
wolfSSL 15:117db924cf7c 419 s2[14] = b[4] ^ (~b[0] & b[1]); \
wolfSSL 15:117db924cf7c 420 b[0] = S(s1, 14); \
wolfSSL 15:117db924cf7c 421 b[1] = S(s1, 15); \
wolfSSL 15:117db924cf7c 422 b[2] = S(s1, 16); \
wolfSSL 15:117db924cf7c 423 b[3] = S(s1, 17); \
wolfSSL 15:117db924cf7c 424 b[4] = S(s1, 18); \
wolfSSL 15:117db924cf7c 425 s2[15] = b[0] ^ (~b[1] & b[2]); \
wolfSSL 15:117db924cf7c 426 s2[16] = b[1] ^ (~b[2] & b[3]); \
wolfSSL 15:117db924cf7c 427 s2[17] = b[2] ^ (~b[3] & b[4]); \
wolfSSL 15:117db924cf7c 428 s2[18] = b[3] ^ (~b[4] & b[0]); \
wolfSSL 15:117db924cf7c 429 s2[19] = b[4] ^ (~b[0] & b[1]); \
wolfSSL 15:117db924cf7c 430 b[0] = S(s1, 19); \
wolfSSL 15:117db924cf7c 431 b[1] = S(s1, 20); \
wolfSSL 15:117db924cf7c 432 b[2] = S(s1, 21); \
wolfSSL 15:117db924cf7c 433 b[3] = S(s1, 22); \
wolfSSL 15:117db924cf7c 434 b[4] = S(s1, 23); \
wolfSSL 15:117db924cf7c 435 s2[20] = b[0] ^ (~b[1] & b[2]); \
wolfSSL 15:117db924cf7c 436 s2[21] = b[1] ^ (~b[2] & b[3]); \
wolfSSL 15:117db924cf7c 437 s2[22] = b[2] ^ (~b[3] & b[4]); \
wolfSSL 15:117db924cf7c 438 s2[23] = b[3] ^ (~b[4] & b[0]); \
wolfSSL 15:117db924cf7c 439 s2[24] = b[4] ^ (~b[0] & b[1]); \
wolfSSL 15:117db924cf7c 440 } \
wolfSSL 15:117db924cf7c 441 while (0)
wolfSSL 15:117db924cf7c 442 #else
wolfSSL 15:117db924cf7c 443 /* Mix the row values.
wolfSSL 15:117db924cf7c 444 * a ^ (~b & c) == a ^ (c & (b ^ c)) == (a ^ b) ^ (b | c)
wolfSSL 15:117db924cf7c 445 *
wolfSSL 15:117db924cf7c 446 * s2 The new state.
wolfSSL 15:117db924cf7c 447 * s1 The current state.
wolfSSL 15:117db924cf7c 448 * b Temporary array of XORed row values.
wolfSSL 15:117db924cf7c 449 * t12 Temporary variable.
wolfSSL 15:117db924cf7c 450 * t34 Temporary variable.
wolfSSL 15:117db924cf7c 451 */
wolfSSL 15:117db924cf7c 452 #define ROW_MIX(s2, s1, b, t12, t34) \
wolfSSL 15:117db924cf7c 453 do \
wolfSSL 15:117db924cf7c 454 { \
wolfSSL 15:117db924cf7c 455 b[0] = s1[0]; \
wolfSSL 15:117db924cf7c 456 b[1] = S(s1, 0); \
wolfSSL 15:117db924cf7c 457 b[2] = S(s1, 1); \
wolfSSL 15:117db924cf7c 458 b[3] = S(s1, 2); \
wolfSSL 15:117db924cf7c 459 b[4] = S(s1, 3); \
wolfSSL 15:117db924cf7c 460 t12 = (b[1] ^ b[2]); t34 = (b[3] ^ b[4]); \
wolfSSL 15:117db924cf7c 461 s2[0] = b[0] ^ (b[2] & t12); \
wolfSSL 15:117db924cf7c 462 s2[1] = t12 ^ (b[2] | b[3]); \
wolfSSL 15:117db924cf7c 463 s2[2] = b[2] ^ (b[4] & t34); \
wolfSSL 15:117db924cf7c 464 s2[3] = t34 ^ (b[4] | b[0]); \
wolfSSL 15:117db924cf7c 465 s2[4] = b[4] ^ (b[1] & (b[0] ^ b[1])); \
wolfSSL 15:117db924cf7c 466 b[0] = S(s1, 4); \
wolfSSL 15:117db924cf7c 467 b[1] = S(s1, 5); \
wolfSSL 15:117db924cf7c 468 b[2] = S(s1, 6); \
wolfSSL 15:117db924cf7c 469 b[3] = S(s1, 7); \
wolfSSL 15:117db924cf7c 470 b[4] = S(s1, 8); \
wolfSSL 15:117db924cf7c 471 t12 = (b[1] ^ b[2]); t34 = (b[3] ^ b[4]); \
wolfSSL 15:117db924cf7c 472 s2[5] = b[0] ^ (b[2] & t12); \
wolfSSL 15:117db924cf7c 473 s2[6] = t12 ^ (b[2] | b[3]); \
wolfSSL 15:117db924cf7c 474 s2[7] = b[2] ^ (b[4] & t34); \
wolfSSL 15:117db924cf7c 475 s2[8] = t34 ^ (b[4] | b[0]); \
wolfSSL 15:117db924cf7c 476 s2[9] = b[4] ^ (b[1] & (b[0] ^ b[1])); \
wolfSSL 15:117db924cf7c 477 b[0] = S(s1, 9); \
wolfSSL 15:117db924cf7c 478 b[1] = S(s1, 10); \
wolfSSL 15:117db924cf7c 479 b[2] = S(s1, 11); \
wolfSSL 15:117db924cf7c 480 b[3] = S(s1, 12); \
wolfSSL 15:117db924cf7c 481 b[4] = S(s1, 13); \
wolfSSL 15:117db924cf7c 482 t12 = (b[1] ^ b[2]); t34 = (b[3] ^ b[4]); \
wolfSSL 15:117db924cf7c 483 s2[10] = b[0] ^ (b[2] & t12); \
wolfSSL 15:117db924cf7c 484 s2[11] = t12 ^ (b[2] | b[3]); \
wolfSSL 15:117db924cf7c 485 s2[12] = b[2] ^ (b[4] & t34); \
wolfSSL 15:117db924cf7c 486 s2[13] = t34 ^ (b[4] | b[0]); \
wolfSSL 15:117db924cf7c 487 s2[14] = b[4] ^ (b[1] & (b[0] ^ b[1])); \
wolfSSL 15:117db924cf7c 488 b[0] = S(s1, 14); \
wolfSSL 15:117db924cf7c 489 b[1] = S(s1, 15); \
wolfSSL 15:117db924cf7c 490 b[2] = S(s1, 16); \
wolfSSL 15:117db924cf7c 491 b[3] = S(s1, 17); \
wolfSSL 15:117db924cf7c 492 b[4] = S(s1, 18); \
wolfSSL 15:117db924cf7c 493 t12 = (b[1] ^ b[2]); t34 = (b[3] ^ b[4]); \
wolfSSL 15:117db924cf7c 494 s2[15] = b[0] ^ (b[2] & t12); \
wolfSSL 15:117db924cf7c 495 s2[16] = t12 ^ (b[2] | b[3]); \
wolfSSL 15:117db924cf7c 496 s2[17] = b[2] ^ (b[4] & t34); \
wolfSSL 15:117db924cf7c 497 s2[18] = t34 ^ (b[4] | b[0]); \
wolfSSL 15:117db924cf7c 498 s2[19] = b[4] ^ (b[1] & (b[0] ^ b[1])); \
wolfSSL 15:117db924cf7c 499 b[0] = S(s1, 19); \
wolfSSL 15:117db924cf7c 500 b[1] = S(s1, 20); \
wolfSSL 15:117db924cf7c 501 b[2] = S(s1, 21); \
wolfSSL 15:117db924cf7c 502 b[3] = S(s1, 22); \
wolfSSL 15:117db924cf7c 503 b[4] = S(s1, 23); \
wolfSSL 15:117db924cf7c 504 t12 = (b[1] ^ b[2]); t34 = (b[3] ^ b[4]); \
wolfSSL 15:117db924cf7c 505 s2[20] = b[0] ^ (b[2] & t12); \
wolfSSL 15:117db924cf7c 506 s2[21] = t12 ^ (b[2] | b[3]); \
wolfSSL 15:117db924cf7c 507 s2[22] = b[2] ^ (b[4] & t34); \
wolfSSL 15:117db924cf7c 508 s2[23] = t34 ^ (b[4] | b[0]); \
wolfSSL 15:117db924cf7c 509 s2[24] = b[4] ^ (b[1] & (b[0] ^ b[1])); \
wolfSSL 15:117db924cf7c 510 } \
wolfSSL 15:117db924cf7c 511 while (0)
wolfSSL 15:117db924cf7c 512 #endif /* SHA3_BY_SPEC */
wolfSSL 15:117db924cf7c 513
wolfSSL 15:117db924cf7c 514 /* The block operation performed on the state.
wolfSSL 15:117db924cf7c 515 *
wolfSSL 15:117db924cf7c 516 * s The state.
wolfSSL 15:117db924cf7c 517 */
wolfSSL 15:117db924cf7c 518 static void BlockSha3(word64 *s)
wolfSSL 15:117db924cf7c 519 {
wolfSSL 15:117db924cf7c 520 word64 n[25];
wolfSSL 15:117db924cf7c 521 word64 b[5];
wolfSSL 15:117db924cf7c 522 word64 t0;
wolfSSL 15:117db924cf7c 523 #ifndef SHA3_BY_SPEC
wolfSSL 15:117db924cf7c 524 word64 t1;
wolfSSL 15:117db924cf7c 525 #endif
wolfSSL 15:117db924cf7c 526 byte i;
wolfSSL 15:117db924cf7c 527
wolfSSL 15:117db924cf7c 528 for (i = 0; i < 24; i += 2)
wolfSSL 15:117db924cf7c 529 {
wolfSSL 15:117db924cf7c 530 COL_MIX(s, b, x, t0);
wolfSSL 15:117db924cf7c 531 ROW_MIX(n, s, b, t0, t1);
wolfSSL 15:117db924cf7c 532 n[0] ^= hash_keccak_r[i];
wolfSSL 15:117db924cf7c 533
wolfSSL 15:117db924cf7c 534 COL_MIX(n, b, x, t0);
wolfSSL 15:117db924cf7c 535 ROW_MIX(s, n, b, t0, t1);
wolfSSL 15:117db924cf7c 536 s[0] ^= hash_keccak_r[i+1];
wolfSSL 15:117db924cf7c 537 }
wolfSSL 15:117db924cf7c 538 }
wolfSSL 15:117db924cf7c 539 #endif /* WOLFSSL_SHA3_SMALL */
wolfSSL 15:117db924cf7c 540
wolfSSL 15:117db924cf7c 541 /* Convert the array of bytes, in little-endian order, to a 64-bit integer.
wolfSSL 15:117db924cf7c 542 *
wolfSSL 15:117db924cf7c 543 * a Array of bytes.
wolfSSL 15:117db924cf7c 544 * returns a 64-bit integer.
wolfSSL 15:117db924cf7c 545 */
wolfSSL 15:117db924cf7c 546 static word64 Load64BitBigEndian(const byte* a)
wolfSSL 15:117db924cf7c 547 {
wolfSSL 15:117db924cf7c 548 #ifdef BIG_ENDIAN_ORDER
wolfSSL 15:117db924cf7c 549 word64 n = 0;
wolfSSL 15:117db924cf7c 550 int i;
wolfSSL 15:117db924cf7c 551
wolfSSL 15:117db924cf7c 552 for (i = 0; i < 8; i++)
wolfSSL 15:117db924cf7c 553 n |= (word64)a[i] << (8 * i);
wolfSSL 15:117db924cf7c 554
wolfSSL 15:117db924cf7c 555 return n;
wolfSSL 15:117db924cf7c 556 #else
wolfSSL 15:117db924cf7c 557 return *(word64*)a;
wolfSSL 15:117db924cf7c 558 #endif
wolfSSL 15:117db924cf7c 559 }
wolfSSL 15:117db924cf7c 560
wolfSSL 15:117db924cf7c 561 /* Initialize the state for a SHA3-224 hash operation.
wolfSSL 15:117db924cf7c 562 *
wolfSSL 15:117db924cf7c 563 * sha3 wc_Sha3 object holding state.
wolfSSL 15:117db924cf7c 564 * returns 0 on success.
wolfSSL 15:117db924cf7c 565 */
wolfSSL 15:117db924cf7c 566 static int InitSha3(wc_Sha3* sha3)
wolfSSL 15:117db924cf7c 567 {
wolfSSL 15:117db924cf7c 568 int i;
wolfSSL 15:117db924cf7c 569
wolfSSL 15:117db924cf7c 570 for (i = 0; i < 25; i++)
wolfSSL 15:117db924cf7c 571 sha3->s[i] = 0;
wolfSSL 15:117db924cf7c 572 sha3->i = 0;
wolfSSL 16:8e0d178b1d1e 573 #if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
wolfSSL 16:8e0d178b1d1e 574 sha3->flags = 0;
wolfSSL 16:8e0d178b1d1e 575 #endif
wolfSSL 15:117db924cf7c 576
wolfSSL 15:117db924cf7c 577 return 0;
wolfSSL 15:117db924cf7c 578 }
wolfSSL 15:117db924cf7c 579
wolfSSL 15:117db924cf7c 580 /* Update the SHA-3 hash state with message data.
wolfSSL 15:117db924cf7c 581 *
wolfSSL 15:117db924cf7c 582 * sha3 wc_Sha3 object holding state.
wolfSSL 15:117db924cf7c 583 * data Message data to be hashed.
wolfSSL 15:117db924cf7c 584 * len Length of the message data.
wolfSSL 15:117db924cf7c 585 * p Number of 64-bit numbers in a block of data to process.
wolfSSL 15:117db924cf7c 586 * returns 0 on success.
wolfSSL 15:117db924cf7c 587 */
wolfSSL 15:117db924cf7c 588 static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p)
wolfSSL 15:117db924cf7c 589 {
wolfSSL 15:117db924cf7c 590 byte i;
wolfSSL 15:117db924cf7c 591 byte l;
wolfSSL 15:117db924cf7c 592 byte *t;
wolfSSL 15:117db924cf7c 593
wolfSSL 15:117db924cf7c 594 if (sha3->i > 0)
wolfSSL 15:117db924cf7c 595 {
wolfSSL 15:117db924cf7c 596 l = p * 8 - sha3->i;
wolfSSL 15:117db924cf7c 597 if (l > len) {
wolfSSL 15:117db924cf7c 598 l = (byte)len;
wolfSSL 15:117db924cf7c 599 }
wolfSSL 15:117db924cf7c 600
wolfSSL 15:117db924cf7c 601 t = &sha3->t[sha3->i];
wolfSSL 15:117db924cf7c 602 for (i = 0; i < l; i++)
wolfSSL 15:117db924cf7c 603 t[i] = data[i];
wolfSSL 15:117db924cf7c 604 data += i;
wolfSSL 15:117db924cf7c 605 len -= i;
wolfSSL 15:117db924cf7c 606 sha3->i += i;
wolfSSL 15:117db924cf7c 607
wolfSSL 15:117db924cf7c 608 if (sha3->i == p * 8)
wolfSSL 15:117db924cf7c 609 {
wolfSSL 15:117db924cf7c 610 for (i = 0; i < p; i++)
wolfSSL 15:117db924cf7c 611 sha3->s[i] ^= Load64BitBigEndian(sha3->t + 8 * i);
wolfSSL 15:117db924cf7c 612 BlockSha3(sha3->s);
wolfSSL 15:117db924cf7c 613 sha3->i = 0;
wolfSSL 15:117db924cf7c 614 }
wolfSSL 15:117db924cf7c 615 }
wolfSSL 15:117db924cf7c 616 while (len >= ((word32)(p * 8)))
wolfSSL 15:117db924cf7c 617 {
wolfSSL 15:117db924cf7c 618 for (i = 0; i < p; i++)
wolfSSL 15:117db924cf7c 619 sha3->s[i] ^= Load64BitBigEndian(data + 8 * i);
wolfSSL 15:117db924cf7c 620 BlockSha3(sha3->s);
wolfSSL 15:117db924cf7c 621 len -= p * 8;
wolfSSL 15:117db924cf7c 622 data += p * 8;
wolfSSL 15:117db924cf7c 623 }
wolfSSL 15:117db924cf7c 624 for (i = 0; i < len; i++)
wolfSSL 15:117db924cf7c 625 sha3->t[i] = data[i];
wolfSSL 15:117db924cf7c 626 sha3->i += i;
wolfSSL 15:117db924cf7c 627
wolfSSL 15:117db924cf7c 628 return 0;
wolfSSL 15:117db924cf7c 629 }
wolfSSL 15:117db924cf7c 630
wolfSSL 15:117db924cf7c 631 /* Calculate the SHA-3 hash based on all the message data seen.
wolfSSL 15:117db924cf7c 632 *
wolfSSL 15:117db924cf7c 633 * sha3 wc_Sha3 object holding state.
wolfSSL 15:117db924cf7c 634 * hash Buffer to hold the hash result.
wolfSSL 15:117db924cf7c 635 * p Number of 64-bit numbers in a block of data to process.
wolfSSL 15:117db924cf7c 636 * len Number of bytes in output.
wolfSSL 15:117db924cf7c 637 * returns 0 on success.
wolfSSL 15:117db924cf7c 638 */
wolfSSL 16:8e0d178b1d1e 639 static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, byte l)
wolfSSL 15:117db924cf7c 640 {
wolfSSL 15:117db924cf7c 641 byte i;
wolfSSL 15:117db924cf7c 642 byte *s8 = (byte *)sha3->s;
wolfSSL 15:117db924cf7c 643
wolfSSL 15:117db924cf7c 644 sha3->t[p * 8 - 1] = 0x00;
wolfSSL 16:8e0d178b1d1e 645 #ifdef WOLFSSL_HASH_FLAGS
wolfSSL 16:8e0d178b1d1e 646 if (p == WC_SHA3_256_COUNT && sha3->flags & WC_HASH_SHA3_KECCAK256) {
wolfSSL 16:8e0d178b1d1e 647 padChar = 0x01;
wolfSSL 16:8e0d178b1d1e 648 }
wolfSSL 16:8e0d178b1d1e 649 #endif
wolfSSL 16:8e0d178b1d1e 650 sha3->t[ sha3->i] = padChar;
wolfSSL 15:117db924cf7c 651 sha3->t[p * 8 - 1] |= 0x80;
wolfSSL 15:117db924cf7c 652 for (i=sha3->i + 1; i < p * 8 - 1; i++)
wolfSSL 15:117db924cf7c 653 sha3->t[i] = 0;
wolfSSL 15:117db924cf7c 654 for (i = 0; i < p; i++)
wolfSSL 15:117db924cf7c 655 sha3->s[i] ^= Load64BitBigEndian(sha3->t + 8 * i);
wolfSSL 15:117db924cf7c 656 BlockSha3(sha3->s);
wolfSSL 15:117db924cf7c 657 #if defined(BIG_ENDIAN_ORDER)
wolfSSL 15:117db924cf7c 658 ByteReverseWords64(sha3->s, sha3->s, ((l+7)/8)*8);
wolfSSL 15:117db924cf7c 659 #endif
wolfSSL 15:117db924cf7c 660 for (i = 0; i < l; i++)
wolfSSL 15:117db924cf7c 661 hash[i] = s8[i];
wolfSSL 15:117db924cf7c 662
wolfSSL 15:117db924cf7c 663 return 0;
wolfSSL 15:117db924cf7c 664 }
wolfSSL 15:117db924cf7c 665
wolfSSL 15:117db924cf7c 666 /* Initialize the state for a SHA-3 hash operation.
wolfSSL 15:117db924cf7c 667 *
wolfSSL 15:117db924cf7c 668 * sha3 wc_Sha3 object holding state.
wolfSSL 15:117db924cf7c 669 * heap Heap reference for dynamic memory allocation. (Used in async ops.)
wolfSSL 15:117db924cf7c 670 * devId Device identifier for asynchronous operation.
wolfSSL 15:117db924cf7c 671 * returns 0 on success.
wolfSSL 15:117db924cf7c 672 */
wolfSSL 15:117db924cf7c 673 static int wc_InitSha3(wc_Sha3* sha3, void* heap, int devId)
wolfSSL 15:117db924cf7c 674 {
wolfSSL 15:117db924cf7c 675 int ret = 0;
wolfSSL 15:117db924cf7c 676
wolfSSL 15:117db924cf7c 677 if (sha3 == NULL)
wolfSSL 15:117db924cf7c 678 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 679
wolfSSL 15:117db924cf7c 680 sha3->heap = heap;
wolfSSL 15:117db924cf7c 681 ret = InitSha3(sha3);
wolfSSL 15:117db924cf7c 682 if (ret != 0)
wolfSSL 15:117db924cf7c 683 return ret;
wolfSSL 15:117db924cf7c 684
wolfSSL 15:117db924cf7c 685 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA3)
wolfSSL 15:117db924cf7c 686 ret = wolfAsync_DevCtxInit(&sha3->asyncDev,
wolfSSL 15:117db924cf7c 687 WOLFSSL_ASYNC_MARKER_SHA3, sha3->heap, devId);
wolfSSL 15:117db924cf7c 688 #else
wolfSSL 15:117db924cf7c 689 (void)devId;
wolfSSL 15:117db924cf7c 690 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 15:117db924cf7c 691
wolfSSL 15:117db924cf7c 692 return ret;
wolfSSL 15:117db924cf7c 693 }
wolfSSL 15:117db924cf7c 694
wolfSSL 15:117db924cf7c 695 /* Update the SHA-3 hash state with message data.
wolfSSL 15:117db924cf7c 696 *
wolfSSL 15:117db924cf7c 697 * sha3 wc_Sha3 object holding state.
wolfSSL 15:117db924cf7c 698 * data Message data to be hashed.
wolfSSL 15:117db924cf7c 699 * len Length of the message data.
wolfSSL 15:117db924cf7c 700 * p Number of 64-bit numbers in a block of data to process.
wolfSSL 15:117db924cf7c 701 * returns 0 on success.
wolfSSL 15:117db924cf7c 702 */
wolfSSL 15:117db924cf7c 703 static int wc_Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p)
wolfSSL 15:117db924cf7c 704 {
wolfSSL 16:8e0d178b1d1e 705 int ret;
wolfSSL 15:117db924cf7c 706
wolfSSL 15:117db924cf7c 707 if (sha3 == NULL || (data == NULL && len > 0)) {
wolfSSL 15:117db924cf7c 708 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 709 }
wolfSSL 15:117db924cf7c 710
wolfSSL 15:117db924cf7c 711 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA3)
wolfSSL 15:117db924cf7c 712 if (sha3->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA3) {
wolfSSL 16:8e0d178b1d1e 713 #if defined(HAVE_INTEL_QA) && defined(QAT_V2)
wolfSSL 16:8e0d178b1d1e 714 /* QAT only supports SHA3_256 */
wolfSSL 16:8e0d178b1d1e 715 if (p == WC_SHA3_256_COUNT) {
wolfSSL 16:8e0d178b1d1e 716 ret = IntelQaSymSha3(&sha3->asyncDev, NULL, data, len);
wolfSSL 16:8e0d178b1d1e 717 if (ret != NOT_COMPILED_IN)
wolfSSL 16:8e0d178b1d1e 718 return ret;
wolfSSL 16:8e0d178b1d1e 719 /* fall-through when unavailable */
wolfSSL 16:8e0d178b1d1e 720 }
wolfSSL 15:117db924cf7c 721 #endif
wolfSSL 15:117db924cf7c 722 }
wolfSSL 15:117db924cf7c 723 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 15:117db924cf7c 724
wolfSSL 16:8e0d178b1d1e 725 ret = Sha3Update(sha3, data, len, p);
wolfSSL 15:117db924cf7c 726
wolfSSL 15:117db924cf7c 727 return ret;
wolfSSL 15:117db924cf7c 728 }
wolfSSL 15:117db924cf7c 729
wolfSSL 15:117db924cf7c 730 /* Calculate the SHA-3 hash based on all the message data seen.
wolfSSL 15:117db924cf7c 731 *
wolfSSL 15:117db924cf7c 732 * sha3 wc_Sha3 object holding state.
wolfSSL 15:117db924cf7c 733 * hash Buffer to hold the hash result.
wolfSSL 15:117db924cf7c 734 * p Number of 64-bit numbers in a block of data to process.
wolfSSL 15:117db924cf7c 735 * len Number of bytes in output.
wolfSSL 15:117db924cf7c 736 * returns 0 on success.
wolfSSL 15:117db924cf7c 737 */
wolfSSL 15:117db924cf7c 738 static int wc_Sha3Final(wc_Sha3* sha3, byte* hash, byte p, byte len)
wolfSSL 15:117db924cf7c 739 {
wolfSSL 15:117db924cf7c 740 int ret;
wolfSSL 15:117db924cf7c 741
wolfSSL 15:117db924cf7c 742 if (sha3 == NULL || hash == NULL) {
wolfSSL 15:117db924cf7c 743 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 744 }
wolfSSL 15:117db924cf7c 745
wolfSSL 15:117db924cf7c 746 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA3)
wolfSSL 15:117db924cf7c 747 if (sha3->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA3) {
wolfSSL 16:8e0d178b1d1e 748 #if defined(HAVE_INTEL_QA) && defined(QAT_V2)
wolfSSL 16:8e0d178b1d1e 749 /* QAT only supports SHA3_256 */
wolfSSL 16:8e0d178b1d1e 750 /* QAT SHA-3 only supported on v2 (8970 or later cards) */
wolfSSL 16:8e0d178b1d1e 751 if (len == WC_SHA3_256_DIGEST_SIZE) {
wolfSSL 16:8e0d178b1d1e 752 ret = IntelQaSymSha3(&sha3->asyncDev, hash, NULL, len);
wolfSSL 16:8e0d178b1d1e 753 if (ret != NOT_COMPILED_IN)
wolfSSL 16:8e0d178b1d1e 754 return ret;
wolfSSL 16:8e0d178b1d1e 755 /* fall-through when unavailable */
wolfSSL 16:8e0d178b1d1e 756 }
wolfSSL 15:117db924cf7c 757 #endif
wolfSSL 15:117db924cf7c 758 }
wolfSSL 15:117db924cf7c 759 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 15:117db924cf7c 760
wolfSSL 16:8e0d178b1d1e 761 ret = Sha3Final(sha3, 0x06, hash, p, len);
wolfSSL 15:117db924cf7c 762 if (ret != 0)
wolfSSL 15:117db924cf7c 763 return ret;
wolfSSL 15:117db924cf7c 764
wolfSSL 15:117db924cf7c 765 return InitSha3(sha3); /* reset state */
wolfSSL 15:117db924cf7c 766 }
wolfSSL 15:117db924cf7c 767
wolfSSL 15:117db924cf7c 768 /* Dispose of any dynamically allocated data from the SHA3-384 operation.
wolfSSL 15:117db924cf7c 769 * (Required for async ops.)
wolfSSL 15:117db924cf7c 770 *
wolfSSL 15:117db924cf7c 771 * sha3 wc_Sha3 object holding state.
wolfSSL 15:117db924cf7c 772 * returns 0 on success.
wolfSSL 15:117db924cf7c 773 */
wolfSSL 15:117db924cf7c 774 static void wc_Sha3Free(wc_Sha3* sha3)
wolfSSL 15:117db924cf7c 775 {
wolfSSL 15:117db924cf7c 776 (void)sha3;
wolfSSL 15:117db924cf7c 777
wolfSSL 15:117db924cf7c 778 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA3)
wolfSSL 15:117db924cf7c 779 if (sha3 == NULL)
wolfSSL 15:117db924cf7c 780 return;
wolfSSL 15:117db924cf7c 781
wolfSSL 15:117db924cf7c 782 wolfAsync_DevCtxFree(&sha3->asyncDev, WOLFSSL_ASYNC_MARKER_SHA3);
wolfSSL 15:117db924cf7c 783 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 15:117db924cf7c 784 }
wolfSSL 15:117db924cf7c 785
wolfSSL 15:117db924cf7c 786
wolfSSL 15:117db924cf7c 787 /* Copy the state of the SHA3 operation.
wolfSSL 15:117db924cf7c 788 *
wolfSSL 15:117db924cf7c 789 * src wc_Sha3 object holding state top copy.
wolfSSL 15:117db924cf7c 790 * dst wc_Sha3 object to copy into.
wolfSSL 15:117db924cf7c 791 * returns 0 on success.
wolfSSL 15:117db924cf7c 792 */
wolfSSL 15:117db924cf7c 793 static int wc_Sha3Copy(wc_Sha3* src, wc_Sha3* dst)
wolfSSL 15:117db924cf7c 794 {
wolfSSL 15:117db924cf7c 795 int ret = 0;
wolfSSL 15:117db924cf7c 796
wolfSSL 15:117db924cf7c 797 if (src == NULL || dst == NULL)
wolfSSL 15:117db924cf7c 798 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 799
wolfSSL 15:117db924cf7c 800 XMEMCPY(dst, src, sizeof(wc_Sha3));
wolfSSL 15:117db924cf7c 801
wolfSSL 15:117db924cf7c 802 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 15:117db924cf7c 803 ret = wolfAsync_DevCopy(&src->asyncDev, &dst->asyncDev);
wolfSSL 15:117db924cf7c 804 #endif
wolfSSL 16:8e0d178b1d1e 805 #if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
wolfSSL 16:8e0d178b1d1e 806 dst->flags |= WC_HASH_FLAG_ISCOPY;
wolfSSL 16:8e0d178b1d1e 807 #endif
wolfSSL 15:117db924cf7c 808
wolfSSL 15:117db924cf7c 809 return ret;
wolfSSL 15:117db924cf7c 810 }
wolfSSL 15:117db924cf7c 811
wolfSSL 15:117db924cf7c 812 /* Calculate the SHA3-224 hash based on all the message data so far.
wolfSSL 15:117db924cf7c 813 * More message data can be added, after this operation, using the current
wolfSSL 15:117db924cf7c 814 * state.
wolfSSL 15:117db924cf7c 815 *
wolfSSL 15:117db924cf7c 816 * sha3 wc_Sha3 object holding state.
wolfSSL 15:117db924cf7c 817 * hash Buffer to hold the hash result. Must be at least 28 bytes.
wolfSSL 15:117db924cf7c 818 * p Number of 64-bit numbers in a block of data to process.
wolfSSL 15:117db924cf7c 819 * len Number of bytes in output.
wolfSSL 15:117db924cf7c 820 * returns 0 on success.
wolfSSL 15:117db924cf7c 821 */
wolfSSL 15:117db924cf7c 822 static int wc_Sha3GetHash(wc_Sha3* sha3, byte* hash, byte p, byte len)
wolfSSL 15:117db924cf7c 823 {
wolfSSL 15:117db924cf7c 824 int ret;
wolfSSL 15:117db924cf7c 825 wc_Sha3 tmpSha3;
wolfSSL 15:117db924cf7c 826
wolfSSL 15:117db924cf7c 827 if (sha3 == NULL || hash == NULL)
wolfSSL 15:117db924cf7c 828 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 829
wolfSSL 15:117db924cf7c 830 ret = wc_Sha3Copy(sha3, &tmpSha3);
wolfSSL 15:117db924cf7c 831 if (ret == 0) {
wolfSSL 15:117db924cf7c 832 ret = wc_Sha3Final(&tmpSha3, hash, p, len);
wolfSSL 15:117db924cf7c 833 }
wolfSSL 15:117db924cf7c 834 return ret;
wolfSSL 15:117db924cf7c 835 }
wolfSSL 15:117db924cf7c 836
wolfSSL 15:117db924cf7c 837
wolfSSL 15:117db924cf7c 838 /* Initialize the state for a SHA3-224 hash operation.
wolfSSL 15:117db924cf7c 839 *
wolfSSL 15:117db924cf7c 840 * sha3 wc_Sha3 object holding state.
wolfSSL 15:117db924cf7c 841 * heap Heap reference for dynamic memory allocation. (Used in async ops.)
wolfSSL 15:117db924cf7c 842 * devId Device identifier for asynchronous operation.
wolfSSL 15:117db924cf7c 843 * returns 0 on success.
wolfSSL 15:117db924cf7c 844 */
wolfSSL 16:8e0d178b1d1e 845 int wc_InitSha3_224(wc_Sha3* sha3, void* heap, int devId)
wolfSSL 15:117db924cf7c 846 {
wolfSSL 15:117db924cf7c 847 return wc_InitSha3(sha3, heap, devId);
wolfSSL 15:117db924cf7c 848 }
wolfSSL 15:117db924cf7c 849
wolfSSL 15:117db924cf7c 850 /* Update the SHA3-224 hash state with message data.
wolfSSL 15:117db924cf7c 851 *
wolfSSL 15:117db924cf7c 852 * sha3 wc_Sha3 object holding state.
wolfSSL 15:117db924cf7c 853 * data Message data to be hashed.
wolfSSL 15:117db924cf7c 854 * len Length of the message data.
wolfSSL 15:117db924cf7c 855 * returns 0 on success.
wolfSSL 15:117db924cf7c 856 */
wolfSSL 16:8e0d178b1d1e 857 int wc_Sha3_224_Update(wc_Sha3* sha3, const byte* data, word32 len)
wolfSSL 15:117db924cf7c 858 {
wolfSSL 15:117db924cf7c 859 return wc_Sha3Update(sha3, data, len, WC_SHA3_224_COUNT);
wolfSSL 15:117db924cf7c 860 }
wolfSSL 15:117db924cf7c 861
wolfSSL 15:117db924cf7c 862 /* Calculate the SHA3-224 hash based on all the message data seen.
wolfSSL 15:117db924cf7c 863 * The state is initialized ready for a new message to hash.
wolfSSL 15:117db924cf7c 864 *
wolfSSL 15:117db924cf7c 865 * sha3 wc_Sha3 object holding state.
wolfSSL 15:117db924cf7c 866 * hash Buffer to hold the hash result. Must be at least 28 bytes.
wolfSSL 15:117db924cf7c 867 * returns 0 on success.
wolfSSL 15:117db924cf7c 868 */
wolfSSL 16:8e0d178b1d1e 869 int wc_Sha3_224_Final(wc_Sha3* sha3, byte* hash)
wolfSSL 15:117db924cf7c 870 {
wolfSSL 15:117db924cf7c 871 return wc_Sha3Final(sha3, hash, WC_SHA3_224_COUNT, WC_SHA3_224_DIGEST_SIZE);
wolfSSL 15:117db924cf7c 872 }
wolfSSL 15:117db924cf7c 873
wolfSSL 15:117db924cf7c 874 /* Dispose of any dynamically allocated data from the SHA3-224 operation.
wolfSSL 15:117db924cf7c 875 * (Required for async ops.)
wolfSSL 15:117db924cf7c 876 *
wolfSSL 15:117db924cf7c 877 * sha3 wc_Sha3 object holding state.
wolfSSL 15:117db924cf7c 878 * returns 0 on success.
wolfSSL 15:117db924cf7c 879 */
wolfSSL 16:8e0d178b1d1e 880 void wc_Sha3_224_Free(wc_Sha3* sha3)
wolfSSL 15:117db924cf7c 881 {
wolfSSL 15:117db924cf7c 882 wc_Sha3Free(sha3);
wolfSSL 15:117db924cf7c 883 }
wolfSSL 15:117db924cf7c 884
wolfSSL 15:117db924cf7c 885 /* Calculate the SHA3-224 hash based on all the message data so far.
wolfSSL 15:117db924cf7c 886 * More message data can be added, after this operation, using the current
wolfSSL 15:117db924cf7c 887 * state.
wolfSSL 15:117db924cf7c 888 *
wolfSSL 15:117db924cf7c 889 * sha3 wc_Sha3 object holding state.
wolfSSL 15:117db924cf7c 890 * hash Buffer to hold the hash result. Must be at least 28 bytes.
wolfSSL 15:117db924cf7c 891 * returns 0 on success.
wolfSSL 15:117db924cf7c 892 */
wolfSSL 16:8e0d178b1d1e 893 int wc_Sha3_224_GetHash(wc_Sha3* sha3, byte* hash)
wolfSSL 15:117db924cf7c 894 {
wolfSSL 15:117db924cf7c 895 return wc_Sha3GetHash(sha3, hash, WC_SHA3_224_COUNT, WC_SHA3_224_DIGEST_SIZE);
wolfSSL 15:117db924cf7c 896 }
wolfSSL 15:117db924cf7c 897
wolfSSL 15:117db924cf7c 898 /* Copy the state of the SHA3-224 operation.
wolfSSL 15:117db924cf7c 899 *
wolfSSL 15:117db924cf7c 900 * src wc_Sha3 object holding state top copy.
wolfSSL 15:117db924cf7c 901 * dst wc_Sha3 object to copy into.
wolfSSL 15:117db924cf7c 902 * returns 0 on success.
wolfSSL 15:117db924cf7c 903 */
wolfSSL 16:8e0d178b1d1e 904 int wc_Sha3_224_Copy(wc_Sha3* src, wc_Sha3* dst)
wolfSSL 15:117db924cf7c 905 {
wolfSSL 15:117db924cf7c 906 return wc_Sha3Copy(src, dst);
wolfSSL 15:117db924cf7c 907 }
wolfSSL 15:117db924cf7c 908
wolfSSL 15:117db924cf7c 909
wolfSSL 15:117db924cf7c 910 /* Initialize the state for a SHA3-256 hash operation.
wolfSSL 15:117db924cf7c 911 *
wolfSSL 15:117db924cf7c 912 * sha3 wc_Sha3 object holding state.
wolfSSL 15:117db924cf7c 913 * heap Heap reference for dynamic memory allocation. (Used in async ops.)
wolfSSL 15:117db924cf7c 914 * devId Device identifier for asynchronous operation.
wolfSSL 15:117db924cf7c 915 * returns 0 on success.
wolfSSL 15:117db924cf7c 916 */
wolfSSL 16:8e0d178b1d1e 917 int wc_InitSha3_256(wc_Sha3* sha3, void* heap, int devId)
wolfSSL 15:117db924cf7c 918 {
wolfSSL 15:117db924cf7c 919 return wc_InitSha3(sha3, heap, devId);
wolfSSL 15:117db924cf7c 920 }
wolfSSL 15:117db924cf7c 921
wolfSSL 15:117db924cf7c 922 /* Update the SHA3-256 hash state with message data.
wolfSSL 15:117db924cf7c 923 *
wolfSSL 15:117db924cf7c 924 * sha3 wc_Sha3 object holding state.
wolfSSL 15:117db924cf7c 925 * data Message data to be hashed.
wolfSSL 15:117db924cf7c 926 * len Length of the message data.
wolfSSL 15:117db924cf7c 927 * returns 0 on success.
wolfSSL 15:117db924cf7c 928 */
wolfSSL 16:8e0d178b1d1e 929 int wc_Sha3_256_Update(wc_Sha3* sha3, const byte* data, word32 len)
wolfSSL 15:117db924cf7c 930 {
wolfSSL 15:117db924cf7c 931 return wc_Sha3Update(sha3, data, len, WC_SHA3_256_COUNT);
wolfSSL 15:117db924cf7c 932 }
wolfSSL 15:117db924cf7c 933
wolfSSL 15:117db924cf7c 934 /* Calculate the SHA3-256 hash based on all the message data seen.
wolfSSL 15:117db924cf7c 935 * The state is initialized ready for a new message to hash.
wolfSSL 15:117db924cf7c 936 *
wolfSSL 15:117db924cf7c 937 * sha3 wc_Sha3 object holding state.
wolfSSL 15:117db924cf7c 938 * hash Buffer to hold the hash result. Must be at least 32 bytes.
wolfSSL 15:117db924cf7c 939 * returns 0 on success.
wolfSSL 15:117db924cf7c 940 */
wolfSSL 16:8e0d178b1d1e 941 int wc_Sha3_256_Final(wc_Sha3* sha3, byte* hash)
wolfSSL 15:117db924cf7c 942 {
wolfSSL 15:117db924cf7c 943 return wc_Sha3Final(sha3, hash, WC_SHA3_256_COUNT, WC_SHA3_256_DIGEST_SIZE);
wolfSSL 15:117db924cf7c 944 }
wolfSSL 15:117db924cf7c 945
wolfSSL 15:117db924cf7c 946 /* Dispose of any dynamically allocated data from the SHA3-256 operation.
wolfSSL 15:117db924cf7c 947 * (Required for async ops.)
wolfSSL 15:117db924cf7c 948 *
wolfSSL 15:117db924cf7c 949 * sha3 wc_Sha3 object holding state.
wolfSSL 15:117db924cf7c 950 * returns 0 on success.
wolfSSL 15:117db924cf7c 951 */
wolfSSL 16:8e0d178b1d1e 952 void wc_Sha3_256_Free(wc_Sha3* sha3)
wolfSSL 15:117db924cf7c 953 {
wolfSSL 15:117db924cf7c 954 wc_Sha3Free(sha3);
wolfSSL 15:117db924cf7c 955 }
wolfSSL 15:117db924cf7c 956
wolfSSL 15:117db924cf7c 957 /* Calculate the SHA3-256 hash based on all the message data so far.
wolfSSL 15:117db924cf7c 958 * More message data can be added, after this operation, using the current
wolfSSL 15:117db924cf7c 959 * state.
wolfSSL 15:117db924cf7c 960 *
wolfSSL 15:117db924cf7c 961 * sha3 wc_Sha3 object holding state.
wolfSSL 15:117db924cf7c 962 * hash Buffer to hold the hash result. Must be at least 32 bytes.
wolfSSL 15:117db924cf7c 963 * returns 0 on success.
wolfSSL 15:117db924cf7c 964 */
wolfSSL 16:8e0d178b1d1e 965 int wc_Sha3_256_GetHash(wc_Sha3* sha3, byte* hash)
wolfSSL 15:117db924cf7c 966 {
wolfSSL 15:117db924cf7c 967 return wc_Sha3GetHash(sha3, hash, WC_SHA3_256_COUNT, WC_SHA3_256_DIGEST_SIZE);
wolfSSL 15:117db924cf7c 968 }
wolfSSL 15:117db924cf7c 969
wolfSSL 15:117db924cf7c 970 /* Copy the state of the SHA3-256 operation.
wolfSSL 15:117db924cf7c 971 *
wolfSSL 15:117db924cf7c 972 * src wc_Sha3 object holding state top copy.
wolfSSL 15:117db924cf7c 973 * dst wc_Sha3 object to copy into.
wolfSSL 15:117db924cf7c 974 * returns 0 on success.
wolfSSL 15:117db924cf7c 975 */
wolfSSL 16:8e0d178b1d1e 976 int wc_Sha3_256_Copy(wc_Sha3* src, wc_Sha3* dst)
wolfSSL 15:117db924cf7c 977 {
wolfSSL 15:117db924cf7c 978 return wc_Sha3Copy(src, dst);
wolfSSL 15:117db924cf7c 979 }
wolfSSL 15:117db924cf7c 980
wolfSSL 15:117db924cf7c 981
wolfSSL 15:117db924cf7c 982 /* Initialize the state for a SHA3-384 hash operation.
wolfSSL 15:117db924cf7c 983 *
wolfSSL 15:117db924cf7c 984 * sha3 wc_Sha3 object holding state.
wolfSSL 15:117db924cf7c 985 * heap Heap reference for dynamic memory allocation. (Used in async ops.)
wolfSSL 15:117db924cf7c 986 * devId Device identifier for asynchronous operation.
wolfSSL 15:117db924cf7c 987 * returns 0 on success.
wolfSSL 15:117db924cf7c 988 */
wolfSSL 16:8e0d178b1d1e 989 int wc_InitSha3_384(wc_Sha3* sha3, void* heap, int devId)
wolfSSL 15:117db924cf7c 990 {
wolfSSL 15:117db924cf7c 991 return wc_InitSha3(sha3, heap, devId);
wolfSSL 15:117db924cf7c 992 }
wolfSSL 15:117db924cf7c 993
wolfSSL 15:117db924cf7c 994 /* Update the SHA3-384 hash state with message data.
wolfSSL 15:117db924cf7c 995 *
wolfSSL 15:117db924cf7c 996 * sha3 wc_Sha3 object holding state.
wolfSSL 15:117db924cf7c 997 * data Message data to be hashed.
wolfSSL 15:117db924cf7c 998 * len Length of the message data.
wolfSSL 15:117db924cf7c 999 * returns 0 on success.
wolfSSL 15:117db924cf7c 1000 */
wolfSSL 16:8e0d178b1d1e 1001 int wc_Sha3_384_Update(wc_Sha3* sha3, const byte* data, word32 len)
wolfSSL 15:117db924cf7c 1002 {
wolfSSL 15:117db924cf7c 1003 return wc_Sha3Update(sha3, data, len, WC_SHA3_384_COUNT);
wolfSSL 15:117db924cf7c 1004 }
wolfSSL 15:117db924cf7c 1005
wolfSSL 15:117db924cf7c 1006 /* Calculate the SHA3-384 hash based on all the message data seen.
wolfSSL 15:117db924cf7c 1007 * The state is initialized ready for a new message to hash.
wolfSSL 15:117db924cf7c 1008 *
wolfSSL 15:117db924cf7c 1009 * sha3 wc_Sha3 object holding state.
wolfSSL 15:117db924cf7c 1010 * hash Buffer to hold the hash result. Must be at least 48 bytes.
wolfSSL 15:117db924cf7c 1011 * returns 0 on success.
wolfSSL 15:117db924cf7c 1012 */
wolfSSL 16:8e0d178b1d1e 1013 int wc_Sha3_384_Final(wc_Sha3* sha3, byte* hash)
wolfSSL 15:117db924cf7c 1014 {
wolfSSL 15:117db924cf7c 1015 return wc_Sha3Final(sha3, hash, WC_SHA3_384_COUNT, WC_SHA3_384_DIGEST_SIZE);
wolfSSL 15:117db924cf7c 1016 }
wolfSSL 15:117db924cf7c 1017
wolfSSL 15:117db924cf7c 1018 /* Dispose of any dynamically allocated data from the SHA3-384 operation.
wolfSSL 15:117db924cf7c 1019 * (Required for async ops.)
wolfSSL 15:117db924cf7c 1020 *
wolfSSL 15:117db924cf7c 1021 * sha3 wc_Sha3 object holding state.
wolfSSL 15:117db924cf7c 1022 * returns 0 on success.
wolfSSL 15:117db924cf7c 1023 */
wolfSSL 16:8e0d178b1d1e 1024 void wc_Sha3_384_Free(wc_Sha3* sha3)
wolfSSL 15:117db924cf7c 1025 {
wolfSSL 15:117db924cf7c 1026 wc_Sha3Free(sha3);
wolfSSL 15:117db924cf7c 1027 }
wolfSSL 15:117db924cf7c 1028
wolfSSL 15:117db924cf7c 1029 /* Calculate the SHA3-384 hash based on all the message data so far.
wolfSSL 15:117db924cf7c 1030 * More message data can be added, after this operation, using the current
wolfSSL 15:117db924cf7c 1031 * state.
wolfSSL 15:117db924cf7c 1032 *
wolfSSL 15:117db924cf7c 1033 * sha3 wc_Sha3 object holding state.
wolfSSL 15:117db924cf7c 1034 * hash Buffer to hold the hash result. Must be at least 48 bytes.
wolfSSL 15:117db924cf7c 1035 * returns 0 on success.
wolfSSL 15:117db924cf7c 1036 */
wolfSSL 16:8e0d178b1d1e 1037 int wc_Sha3_384_GetHash(wc_Sha3* sha3, byte* hash)
wolfSSL 15:117db924cf7c 1038 {
wolfSSL 15:117db924cf7c 1039 return wc_Sha3GetHash(sha3, hash, WC_SHA3_384_COUNT, WC_SHA3_384_DIGEST_SIZE);
wolfSSL 15:117db924cf7c 1040 }
wolfSSL 15:117db924cf7c 1041
wolfSSL 15:117db924cf7c 1042 /* Copy the state of the SHA3-384 operation.
wolfSSL 15:117db924cf7c 1043 *
wolfSSL 15:117db924cf7c 1044 * src wc_Sha3 object holding state top copy.
wolfSSL 15:117db924cf7c 1045 * dst wc_Sha3 object to copy into.
wolfSSL 15:117db924cf7c 1046 * returns 0 on success.
wolfSSL 15:117db924cf7c 1047 */
wolfSSL 16:8e0d178b1d1e 1048 int wc_Sha3_384_Copy(wc_Sha3* src, wc_Sha3* dst)
wolfSSL 15:117db924cf7c 1049 {
wolfSSL 15:117db924cf7c 1050 return wc_Sha3Copy(src, dst);
wolfSSL 15:117db924cf7c 1051 }
wolfSSL 15:117db924cf7c 1052
wolfSSL 15:117db924cf7c 1053
wolfSSL 15:117db924cf7c 1054 /* Initialize the state for a SHA3-512 hash operation.
wolfSSL 15:117db924cf7c 1055 *
wolfSSL 15:117db924cf7c 1056 * sha3 wc_Sha3 object holding state.
wolfSSL 15:117db924cf7c 1057 * heap Heap reference for dynamic memory allocation. (Used in async ops.)
wolfSSL 15:117db924cf7c 1058 * devId Device identifier for asynchronous operation.
wolfSSL 15:117db924cf7c 1059 * returns 0 on success.
wolfSSL 15:117db924cf7c 1060 */
wolfSSL 16:8e0d178b1d1e 1061 int wc_InitSha3_512(wc_Sha3* sha3, void* heap, int devId)
wolfSSL 15:117db924cf7c 1062 {
wolfSSL 15:117db924cf7c 1063 return wc_InitSha3(sha3, heap, devId);
wolfSSL 15:117db924cf7c 1064 }
wolfSSL 15:117db924cf7c 1065
wolfSSL 15:117db924cf7c 1066 /* Update the SHA3-512 hash state with message data.
wolfSSL 15:117db924cf7c 1067 *
wolfSSL 15:117db924cf7c 1068 * sha3 wc_Sha3 object holding state.
wolfSSL 15:117db924cf7c 1069 * data Message data to be hashed.
wolfSSL 15:117db924cf7c 1070 * len Length of the message data.
wolfSSL 15:117db924cf7c 1071 * returns 0 on success.
wolfSSL 15:117db924cf7c 1072 */
wolfSSL 16:8e0d178b1d1e 1073 int wc_Sha3_512_Update(wc_Sha3* sha3, const byte* data, word32 len)
wolfSSL 15:117db924cf7c 1074 {
wolfSSL 15:117db924cf7c 1075 return wc_Sha3Update(sha3, data, len, WC_SHA3_512_COUNT);
wolfSSL 15:117db924cf7c 1076 }
wolfSSL 15:117db924cf7c 1077
wolfSSL 15:117db924cf7c 1078 /* Calculate the SHA3-512 hash based on all the message data seen.
wolfSSL 15:117db924cf7c 1079 * The state is initialized ready for a new message to hash.
wolfSSL 15:117db924cf7c 1080 *
wolfSSL 15:117db924cf7c 1081 * sha3 wc_Sha3 object holding state.
wolfSSL 15:117db924cf7c 1082 * hash Buffer to hold the hash result. Must be at least 64 bytes.
wolfSSL 15:117db924cf7c 1083 * returns 0 on success.
wolfSSL 15:117db924cf7c 1084 */
wolfSSL 16:8e0d178b1d1e 1085 int wc_Sha3_512_Final(wc_Sha3* sha3, byte* hash)
wolfSSL 15:117db924cf7c 1086 {
wolfSSL 15:117db924cf7c 1087 return wc_Sha3Final(sha3, hash, WC_SHA3_512_COUNT, WC_SHA3_512_DIGEST_SIZE);
wolfSSL 15:117db924cf7c 1088 }
wolfSSL 15:117db924cf7c 1089
wolfSSL 15:117db924cf7c 1090 /* Dispose of any dynamically allocated data from the SHA3-512 operation.
wolfSSL 15:117db924cf7c 1091 * (Required for async ops.)
wolfSSL 15:117db924cf7c 1092 *
wolfSSL 15:117db924cf7c 1093 * sha3 wc_Sha3 object holding state.
wolfSSL 15:117db924cf7c 1094 * returns 0 on success.
wolfSSL 15:117db924cf7c 1095 */
wolfSSL 16:8e0d178b1d1e 1096 void wc_Sha3_512_Free(wc_Sha3* sha3)
wolfSSL 15:117db924cf7c 1097 {
wolfSSL 15:117db924cf7c 1098 wc_Sha3Free(sha3);
wolfSSL 15:117db924cf7c 1099 }
wolfSSL 15:117db924cf7c 1100
wolfSSL 15:117db924cf7c 1101 /* Calculate the SHA3-512 hash based on all the message data so far.
wolfSSL 15:117db924cf7c 1102 * More message data can be added, after this operation, using the current
wolfSSL 15:117db924cf7c 1103 * state.
wolfSSL 15:117db924cf7c 1104 *
wolfSSL 15:117db924cf7c 1105 * sha3 wc_Sha3 object holding state.
wolfSSL 15:117db924cf7c 1106 * hash Buffer to hold the hash result. Must be at least 64 bytes.
wolfSSL 15:117db924cf7c 1107 * returns 0 on success.
wolfSSL 15:117db924cf7c 1108 */
wolfSSL 16:8e0d178b1d1e 1109 int wc_Sha3_512_GetHash(wc_Sha3* sha3, byte* hash)
wolfSSL 15:117db924cf7c 1110 {
wolfSSL 15:117db924cf7c 1111 return wc_Sha3GetHash(sha3, hash, WC_SHA3_512_COUNT, WC_SHA3_512_DIGEST_SIZE);
wolfSSL 15:117db924cf7c 1112 }
wolfSSL 15:117db924cf7c 1113
wolfSSL 15:117db924cf7c 1114 /* Copy the state of the SHA3-512 operation.
wolfSSL 15:117db924cf7c 1115 *
wolfSSL 15:117db924cf7c 1116 * src wc_Sha3 object holding state top copy.
wolfSSL 15:117db924cf7c 1117 * dst wc_Sha3 object to copy into.
wolfSSL 15:117db924cf7c 1118 * returns 0 on success.
wolfSSL 15:117db924cf7c 1119 */
wolfSSL 16:8e0d178b1d1e 1120 int wc_Sha3_512_Copy(wc_Sha3* src, wc_Sha3* dst)
wolfSSL 15:117db924cf7c 1121 {
wolfSSL 15:117db924cf7c 1122 return wc_Sha3Copy(src, dst);
wolfSSL 15:117db924cf7c 1123 }
wolfSSL 15:117db924cf7c 1124
wolfSSL 16:8e0d178b1d1e 1125 #if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
wolfSSL 16:8e0d178b1d1e 1126 int wc_Sha3_SetFlags(wc_Sha3* sha3, word32 flags)
wolfSSL 16:8e0d178b1d1e 1127 {
wolfSSL 16:8e0d178b1d1e 1128 if (sha3) {
wolfSSL 16:8e0d178b1d1e 1129 sha3->flags = flags;
wolfSSL 16:8e0d178b1d1e 1130 }
wolfSSL 16:8e0d178b1d1e 1131 return 0;
wolfSSL 16:8e0d178b1d1e 1132 }
wolfSSL 16:8e0d178b1d1e 1133 int wc_Sha3_GetFlags(wc_Sha3* sha3, word32* flags)
wolfSSL 16:8e0d178b1d1e 1134 {
wolfSSL 16:8e0d178b1d1e 1135 if (sha3 && flags) {
wolfSSL 16:8e0d178b1d1e 1136 *flags = sha3->flags;
wolfSSL 16:8e0d178b1d1e 1137 }
wolfSSL 16:8e0d178b1d1e 1138 return 0;
wolfSSL 16:8e0d178b1d1e 1139 }
wolfSSL 16:8e0d178b1d1e 1140 #endif
wolfSSL 16:8e0d178b1d1e 1141
wolfSSL 16:8e0d178b1d1e 1142 #if defined(WOLFSSL_SHAKE256)
wolfSSL 16:8e0d178b1d1e 1143 /* Initialize the state for a Shake256 hash operation.
wolfSSL 16:8e0d178b1d1e 1144 *
wolfSSL 16:8e0d178b1d1e 1145 * shake wc_Shake object holding state.
wolfSSL 16:8e0d178b1d1e 1146 * heap Heap reference for dynamic memory allocation. (Used in async ops.)
wolfSSL 16:8e0d178b1d1e 1147 * devId Device identifier for asynchronous operation.
wolfSSL 16:8e0d178b1d1e 1148 * returns 0 on success.
wolfSSL 16:8e0d178b1d1e 1149 */
wolfSSL 16:8e0d178b1d1e 1150 int wc_InitShake256(wc_Shake* shake, void* heap, int devId)
wolfSSL 16:8e0d178b1d1e 1151 {
wolfSSL 16:8e0d178b1d1e 1152 return wc_InitSha3(shake, heap, devId);
wolfSSL 16:8e0d178b1d1e 1153 }
wolfSSL 16:8e0d178b1d1e 1154
wolfSSL 16:8e0d178b1d1e 1155 /* Update the SHAKE256 hash state with message data.
wolfSSL 16:8e0d178b1d1e 1156 *
wolfSSL 16:8e0d178b1d1e 1157 * shake wc_Shake object holding state.
wolfSSL 16:8e0d178b1d1e 1158 * data Message data to be hashed.
wolfSSL 16:8e0d178b1d1e 1159 * len Length of the message data.
wolfSSL 16:8e0d178b1d1e 1160 * returns 0 on success.
wolfSSL 16:8e0d178b1d1e 1161 */
wolfSSL 16:8e0d178b1d1e 1162 int wc_Shake256_Update(wc_Shake* shake, const byte* data, word32 len)
wolfSSL 16:8e0d178b1d1e 1163 {
wolfSSL 16:8e0d178b1d1e 1164 if (shake == NULL || (data == NULL && len > 0)) {
wolfSSL 16:8e0d178b1d1e 1165 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 1166 }
wolfSSL 16:8e0d178b1d1e 1167
wolfSSL 16:8e0d178b1d1e 1168 return Sha3Update(shake, data, len, WC_SHA3_256_COUNT);
wolfSSL 16:8e0d178b1d1e 1169 }
wolfSSL 16:8e0d178b1d1e 1170
wolfSSL 16:8e0d178b1d1e 1171 /* Calculate the SHAKE256 hash based on all the message data seen.
wolfSSL 16:8e0d178b1d1e 1172 * The state is initialized ready for a new message to hash.
wolfSSL 16:8e0d178b1d1e 1173 *
wolfSSL 16:8e0d178b1d1e 1174 * shake wc_Shake object holding state.
wolfSSL 16:8e0d178b1d1e 1175 * hash Buffer to hold the hash result. Must be at least 64 bytes.
wolfSSL 16:8e0d178b1d1e 1176 * returns 0 on success.
wolfSSL 16:8e0d178b1d1e 1177 */
wolfSSL 16:8e0d178b1d1e 1178 int wc_Shake256_Final(wc_Shake* shake, byte* hash, word32 hashLen)
wolfSSL 16:8e0d178b1d1e 1179 {
wolfSSL 16:8e0d178b1d1e 1180 int ret;
wolfSSL 16:8e0d178b1d1e 1181
wolfSSL 16:8e0d178b1d1e 1182 if (shake == NULL || hash == NULL) {
wolfSSL 16:8e0d178b1d1e 1183 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 1184 }
wolfSSL 16:8e0d178b1d1e 1185
wolfSSL 16:8e0d178b1d1e 1186 ret = Sha3Final(shake, 0x1f, hash, WC_SHA3_256_COUNT, hashLen);
wolfSSL 16:8e0d178b1d1e 1187 if (ret != 0)
wolfSSL 16:8e0d178b1d1e 1188 return ret;
wolfSSL 16:8e0d178b1d1e 1189
wolfSSL 16:8e0d178b1d1e 1190 return InitSha3(shake); /* reset state */
wolfSSL 16:8e0d178b1d1e 1191 }
wolfSSL 16:8e0d178b1d1e 1192
wolfSSL 16:8e0d178b1d1e 1193 /* Dispose of any dynamically allocated data from the SHAKE256 operation.
wolfSSL 16:8e0d178b1d1e 1194 * (Required for async ops.)
wolfSSL 16:8e0d178b1d1e 1195 *
wolfSSL 16:8e0d178b1d1e 1196 * shake wc_Shake object holding state.
wolfSSL 16:8e0d178b1d1e 1197 * returns 0 on success.
wolfSSL 16:8e0d178b1d1e 1198 */
wolfSSL 16:8e0d178b1d1e 1199 void wc_Shake256_Free(wc_Shake* shake)
wolfSSL 16:8e0d178b1d1e 1200 {
wolfSSL 16:8e0d178b1d1e 1201 wc_Sha3Free(shake);
wolfSSL 16:8e0d178b1d1e 1202 }
wolfSSL 16:8e0d178b1d1e 1203
wolfSSL 16:8e0d178b1d1e 1204 /* Copy the state of the SHA3-512 operation.
wolfSSL 16:8e0d178b1d1e 1205 *
wolfSSL 16:8e0d178b1d1e 1206 * src wc_Shake object holding state top copy.
wolfSSL 16:8e0d178b1d1e 1207 * dst wc_Shake object to copy into.
wolfSSL 16:8e0d178b1d1e 1208 * returns 0 on success.
wolfSSL 16:8e0d178b1d1e 1209 */
wolfSSL 16:8e0d178b1d1e 1210 int wc_Shake256_Copy(wc_Shake* src, wc_Shake* dst)
wolfSSL 16:8e0d178b1d1e 1211 {
wolfSSL 16:8e0d178b1d1e 1212 return wc_Sha3Copy(src, dst);
wolfSSL 16:8e0d178b1d1e 1213 }
wolfSSL 16:8e0d178b1d1e 1214 #endif
wolfSSL 16:8e0d178b1d1e 1215
wolfSSL 15:117db924cf7c 1216 #endif /* WOLFSSL_SHA3 */
wolfSSL 15:117db924cf7c 1217