wolfSSL SSL/TLS library, support up to TLS1.3
Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more
wolfcrypt/src/sha3.c@16:8e0d178b1d1e, 2020-06-04 (annotated)
- Committer:
- wolfSSL
- Date:
- Thu Jun 04 23:57:22 2020 +0000
- Revision:
- 16:8e0d178b1d1e
- Parent:
- 15:117db924cf7c
wolfSSL 4.4.0
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
wolfSSL | 15:117db924cf7c | 1 | /* sha3.c |
wolfSSL | 15:117db924cf7c | 2 | * |
wolfSSL | 16:8e0d178b1d1e | 3 | * Copyright (C) 2006-2020 wolfSSL Inc. |
wolfSSL | 15:117db924cf7c | 4 | * |
wolfSSL | 15:117db924cf7c | 5 | * This file is part of wolfSSL. |
wolfSSL | 15:117db924cf7c | 6 | * |
wolfSSL | 15:117db924cf7c | 7 | * wolfSSL is free software; you can redistribute it and/or modify |
wolfSSL | 15:117db924cf7c | 8 | * it under the terms of the GNU General Public License as published by |
wolfSSL | 15:117db924cf7c | 9 | * the Free Software Foundation; either version 2 of the License, or |
wolfSSL | 15:117db924cf7c | 10 | * (at your option) any later version. |
wolfSSL | 15:117db924cf7c | 11 | * |
wolfSSL | 15:117db924cf7c | 12 | * wolfSSL is distributed in the hope that it will be useful, |
wolfSSL | 15:117db924cf7c | 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
wolfSSL | 15:117db924cf7c | 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
wolfSSL | 15:117db924cf7c | 15 | * GNU General Public License for more details. |
wolfSSL | 15:117db924cf7c | 16 | * |
wolfSSL | 15:117db924cf7c | 17 | * You should have received a copy of the GNU General Public License |
wolfSSL | 15:117db924cf7c | 18 | * along with this program; if not, write to the Free Software |
wolfSSL | 15:117db924cf7c | 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA |
wolfSSL | 15:117db924cf7c | 20 | */ |
wolfSSL | 15:117db924cf7c | 21 | |
wolfSSL | 15:117db924cf7c | 22 | |
wolfSSL | 15:117db924cf7c | 23 | #ifdef HAVE_CONFIG_H |
wolfSSL | 15:117db924cf7c | 24 | #include <config.h> |
wolfSSL | 15:117db924cf7c | 25 | #endif |
wolfSSL | 15:117db924cf7c | 26 | |
wolfSSL | 15:117db924cf7c | 27 | #include <wolfssl/wolfcrypt/settings.h> |
wolfSSL | 15:117db924cf7c | 28 | |
wolfSSL | 16:8e0d178b1d1e | 29 | #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_XILINX_CRYPT) && \ |
wolfSSL | 16:8e0d178b1d1e | 30 | !defined(WOLFSSL_AFALG_XILINX_SHA3) |
wolfSSL | 15:117db924cf7c | 31 | |
wolfSSL | 15:117db924cf7c | 32 | #if defined(HAVE_FIPS) && \ |
wolfSSL | 15:117db924cf7c | 33 | defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) |
wolfSSL | 15:117db924cf7c | 34 | |
wolfSSL | 15:117db924cf7c | 35 | /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ |
wolfSSL | 15:117db924cf7c | 36 | #define FIPS_NO_WRAPPERS |
wolfSSL | 15:117db924cf7c | 37 | |
wolfSSL | 15:117db924cf7c | 38 | #ifdef USE_WINDOWS_API |
wolfSSL | 15:117db924cf7c | 39 | #pragma code_seg(".fipsA$l") |
wolfSSL | 15:117db924cf7c | 40 | #pragma const_seg(".fipsB$l") |
wolfSSL | 15:117db924cf7c | 41 | #endif |
wolfSSL | 15:117db924cf7c | 42 | #endif |
wolfSSL | 15:117db924cf7c | 43 | |
wolfSSL | 15:117db924cf7c | 44 | #include <wolfssl/wolfcrypt/sha3.h> |
wolfSSL | 15:117db924cf7c | 45 | #include <wolfssl/wolfcrypt/error-crypt.h> |
wolfSSL | 16:8e0d178b1d1e | 46 | #include <wolfssl/wolfcrypt/hash.h> |
wolfSSL | 15:117db924cf7c | 47 | |
wolfSSL | 15:117db924cf7c | 48 | #ifdef NO_INLINE |
wolfSSL | 15:117db924cf7c | 49 | #include <wolfssl/wolfcrypt/misc.h> |
wolfSSL | 15:117db924cf7c | 50 | #else |
wolfSSL | 15:117db924cf7c | 51 | #define WOLFSSL_MISC_INCLUDED |
wolfSSL | 15:117db924cf7c | 52 | #include <wolfcrypt/src/misc.c> |
wolfSSL | 15:117db924cf7c | 53 | #endif |
wolfSSL | 15:117db924cf7c | 54 | |
wolfSSL | 15:117db924cf7c | 55 | |
wolfSSL | 15:117db924cf7c | 56 | #ifdef WOLFSSL_SHA3_SMALL |
wolfSSL | 15:117db924cf7c | 57 | /* Rotate a 64-bit value left. |
wolfSSL | 15:117db924cf7c | 58 | * |
wolfSSL | 15:117db924cf7c | 59 | * a Number to rotate left. |
wolfSSL | 15:117db924cf7c | 60 | * r Number od bits to rotate left. |
wolfSSL | 15:117db924cf7c | 61 | * returns the rotated number. |
wolfSSL | 15:117db924cf7c | 62 | */ |
wolfSSL | 15:117db924cf7c | 63 | #define ROTL64(a, n) (((a)<<(n))|((a)>>(64-(n)))) |
wolfSSL | 15:117db924cf7c | 64 | |
wolfSSL | 15:117db924cf7c | 65 | /* An array of values to XOR for block operation. */ |
wolfSSL | 15:117db924cf7c | 66 | static const word64 hash_keccak_r[24] = |
wolfSSL | 15:117db924cf7c | 67 | { |
wolfSSL | 15:117db924cf7c | 68 | 0x0000000000000001UL, 0x0000000000008082UL, |
wolfSSL | 15:117db924cf7c | 69 | 0x800000000000808aUL, 0x8000000080008000UL, |
wolfSSL | 15:117db924cf7c | 70 | 0x000000000000808bUL, 0x0000000080000001UL, |
wolfSSL | 15:117db924cf7c | 71 | 0x8000000080008081UL, 0x8000000000008009UL, |
wolfSSL | 15:117db924cf7c | 72 | 0x000000000000008aUL, 0x0000000000000088UL, |
wolfSSL | 15:117db924cf7c | 73 | 0x0000000080008009UL, 0x000000008000000aUL, |
wolfSSL | 15:117db924cf7c | 74 | 0x000000008000808bUL, 0x800000000000008bUL, |
wolfSSL | 15:117db924cf7c | 75 | 0x8000000000008089UL, 0x8000000000008003UL, |
wolfSSL | 15:117db924cf7c | 76 | 0x8000000000008002UL, 0x8000000000000080UL, |
wolfSSL | 15:117db924cf7c | 77 | 0x000000000000800aUL, 0x800000008000000aUL, |
wolfSSL | 15:117db924cf7c | 78 | 0x8000000080008081UL, 0x8000000000008080UL, |
wolfSSL | 15:117db924cf7c | 79 | 0x0000000080000001UL, 0x8000000080008008UL |
wolfSSL | 15:117db924cf7c | 80 | }; |
wolfSSL | 15:117db924cf7c | 81 | |
wolfSSL | 16:8e0d178b1d1e | 82 | /* Indices used in swap and rotate operation. */ |
wolfSSL | 15:117db924cf7c | 83 | #define K_I_0 10 |
wolfSSL | 15:117db924cf7c | 84 | #define K_I_1 7 |
wolfSSL | 15:117db924cf7c | 85 | #define K_I_2 11 |
wolfSSL | 15:117db924cf7c | 86 | #define K_I_3 17 |
wolfSSL | 15:117db924cf7c | 87 | #define K_I_4 18 |
wolfSSL | 15:117db924cf7c | 88 | #define K_I_5 3 |
wolfSSL | 15:117db924cf7c | 89 | #define K_I_6 5 |
wolfSSL | 15:117db924cf7c | 90 | #define K_I_7 16 |
wolfSSL | 15:117db924cf7c | 91 | #define K_I_8 8 |
wolfSSL | 15:117db924cf7c | 92 | #define K_I_9 21 |
wolfSSL | 15:117db924cf7c | 93 | #define K_I_10 24 |
wolfSSL | 15:117db924cf7c | 94 | #define K_I_11 4 |
wolfSSL | 15:117db924cf7c | 95 | #define K_I_12 15 |
wolfSSL | 15:117db924cf7c | 96 | #define K_I_13 23 |
wolfSSL | 15:117db924cf7c | 97 | #define K_I_14 19 |
wolfSSL | 15:117db924cf7c | 98 | #define K_I_15 13 |
wolfSSL | 15:117db924cf7c | 99 | #define K_I_16 12 |
wolfSSL | 15:117db924cf7c | 100 | #define K_I_17 2 |
wolfSSL | 15:117db924cf7c | 101 | #define K_I_18 20 |
wolfSSL | 15:117db924cf7c | 102 | #define K_I_19 14 |
wolfSSL | 15:117db924cf7c | 103 | #define K_I_20 22 |
wolfSSL | 15:117db924cf7c | 104 | #define K_I_21 9 |
wolfSSL | 15:117db924cf7c | 105 | #define K_I_22 6 |
wolfSSL | 15:117db924cf7c | 106 | #define K_I_23 1 |
wolfSSL | 15:117db924cf7c | 107 | |
wolfSSL | 15:117db924cf7c | 108 | /* Number of bits to rotate in swap and rotate operation. */ |
wolfSSL | 15:117db924cf7c | 109 | #define K_R_0 1 |
wolfSSL | 15:117db924cf7c | 110 | #define K_R_1 3 |
wolfSSL | 15:117db924cf7c | 111 | #define K_R_2 6 |
wolfSSL | 15:117db924cf7c | 112 | #define K_R_3 10 |
wolfSSL | 15:117db924cf7c | 113 | #define K_R_4 15 |
wolfSSL | 15:117db924cf7c | 114 | #define K_R_5 21 |
wolfSSL | 15:117db924cf7c | 115 | #define K_R_6 28 |
wolfSSL | 15:117db924cf7c | 116 | #define K_R_7 36 |
wolfSSL | 15:117db924cf7c | 117 | #define K_R_8 45 |
wolfSSL | 15:117db924cf7c | 118 | #define K_R_9 55 |
wolfSSL | 15:117db924cf7c | 119 | #define K_R_10 2 |
wolfSSL | 15:117db924cf7c | 120 | #define K_R_11 14 |
wolfSSL | 15:117db924cf7c | 121 | #define K_R_12 27 |
wolfSSL | 15:117db924cf7c | 122 | #define K_R_13 41 |
wolfSSL | 15:117db924cf7c | 123 | #define K_R_14 56 |
wolfSSL | 15:117db924cf7c | 124 | #define K_R_15 8 |
wolfSSL | 15:117db924cf7c | 125 | #define K_R_16 25 |
wolfSSL | 15:117db924cf7c | 126 | #define K_R_17 43 |
wolfSSL | 15:117db924cf7c | 127 | #define K_R_18 62 |
wolfSSL | 15:117db924cf7c | 128 | #define K_R_19 18 |
wolfSSL | 15:117db924cf7c | 129 | #define K_R_20 39 |
wolfSSL | 15:117db924cf7c | 130 | #define K_R_21 61 |
wolfSSL | 15:117db924cf7c | 131 | #define K_R_22 20 |
wolfSSL | 15:117db924cf7c | 132 | #define K_R_23 44 |
wolfSSL | 15:117db924cf7c | 133 | |
wolfSSL | 15:117db924cf7c | 134 | /* Swap and rotate left operation. |
wolfSSL | 15:117db924cf7c | 135 | * |
wolfSSL | 15:117db924cf7c | 136 | * s The state. |
wolfSSL | 15:117db924cf7c | 137 | * t1 Temporary value. |
wolfSSL | 15:117db924cf7c | 138 | * t2 Second temporary value. |
wolfSSL | 15:117db924cf7c | 139 | * i The index of the loop. |
wolfSSL | 15:117db924cf7c | 140 | */ |
wolfSSL | 15:117db924cf7c | 141 | #define SWAP_ROTL(s, t1, t2, i) \ |
wolfSSL | 15:117db924cf7c | 142 | do \ |
wolfSSL | 15:117db924cf7c | 143 | { \ |
wolfSSL | 15:117db924cf7c | 144 | t2 = s[K_I_##i]; s[K_I_##i] = ROTL64(t1, K_R_##i); \ |
wolfSSL | 15:117db924cf7c | 145 | } \ |
wolfSSL | 15:117db924cf7c | 146 | while (0) |
wolfSSL | 15:117db924cf7c | 147 | |
wolfSSL | 15:117db924cf7c | 148 | /* Mix the XOR of the column's values into each number by column. |
wolfSSL | 15:117db924cf7c | 149 | * |
wolfSSL | 15:117db924cf7c | 150 | * s The state. |
wolfSSL | 15:117db924cf7c | 151 | * b Temporary array of XORed column values. |
wolfSSL | 15:117db924cf7c | 152 | * x The index of the column. |
wolfSSL | 15:117db924cf7c | 153 | * t Temporary variable. |
wolfSSL | 15:117db924cf7c | 154 | */ |
wolfSSL | 15:117db924cf7c | 155 | #define COL_MIX(s, b, x, t) \ |
wolfSSL | 15:117db924cf7c | 156 | do \ |
wolfSSL | 15:117db924cf7c | 157 | { \ |
wolfSSL | 15:117db924cf7c | 158 | for (x = 0; x < 5; x++) \ |
wolfSSL | 15:117db924cf7c | 159 | b[x] = s[x + 0] ^ s[x + 5] ^ s[x + 10] ^ s[x + 15] ^ s[x + 20]; \ |
wolfSSL | 15:117db924cf7c | 160 | for (x = 0; x < 5; x++) \ |
wolfSSL | 15:117db924cf7c | 161 | { \ |
wolfSSL | 15:117db924cf7c | 162 | t = b[(x + 4) % 5] ^ ROTL64(b[(x + 1) % 5], 1); \ |
wolfSSL | 15:117db924cf7c | 163 | s[x + 0] ^= t; \ |
wolfSSL | 15:117db924cf7c | 164 | s[x + 5] ^= t; \ |
wolfSSL | 15:117db924cf7c | 165 | s[x + 10] ^= t; \ |
wolfSSL | 15:117db924cf7c | 166 | s[x + 15] ^= t; \ |
wolfSSL | 15:117db924cf7c | 167 | s[x + 20] ^= t; \ |
wolfSSL | 15:117db924cf7c | 168 | } \ |
wolfSSL | 15:117db924cf7c | 169 | } \ |
wolfSSL | 15:117db924cf7c | 170 | while (0) |
wolfSSL | 15:117db924cf7c | 171 | |
wolfSSL | 15:117db924cf7c | 172 | #ifdef SHA3_BY_SPEC |
wolfSSL | 15:117db924cf7c | 173 | /* Mix the row values. |
wolfSSL | 15:117db924cf7c | 174 | * BMI1 has ANDN instruction ((~a) & b) - Haswell and above. |
wolfSSL | 15:117db924cf7c | 175 | * |
wolfSSL | 15:117db924cf7c | 176 | * s The state. |
wolfSSL | 15:117db924cf7c | 177 | * b Temporary array of XORed row values. |
wolfSSL | 15:117db924cf7c | 178 | * y The index of the row to work on. |
wolfSSL | 15:117db924cf7c | 179 | * x The index of the column. |
wolfSSL | 15:117db924cf7c | 180 | * t0 Temporary variable. |
wolfSSL | 15:117db924cf7c | 181 | * t1 Temporary variable. |
wolfSSL | 15:117db924cf7c | 182 | */ |
wolfSSL | 15:117db924cf7c | 183 | #define ROW_MIX(s, b, y, x, t0, t1) \ |
wolfSSL | 15:117db924cf7c | 184 | do \ |
wolfSSL | 15:117db924cf7c | 185 | { \ |
wolfSSL | 15:117db924cf7c | 186 | for (y = 0; y < 5; y++) \ |
wolfSSL | 15:117db924cf7c | 187 | { \ |
wolfSSL | 15:117db924cf7c | 188 | for (x = 0; x < 5; x++) \ |
wolfSSL | 15:117db924cf7c | 189 | b[x] = s[y * 5 + x]; \ |
wolfSSL | 15:117db924cf7c | 190 | for (x = 0; x < 5; x++) \ |
wolfSSL | 15:117db924cf7c | 191 | s[y * 5 + x] = b[x] ^ (~b[(x + 1) % 5] & b[(x + 2) % 5]); \ |
wolfSSL | 15:117db924cf7c | 192 | } \ |
wolfSSL | 15:117db924cf7c | 193 | } \ |
wolfSSL | 15:117db924cf7c | 194 | while (0) |
wolfSSL | 15:117db924cf7c | 195 | #else |
wolfSSL | 15:117db924cf7c | 196 | /* Mix the row values. |
wolfSSL | 15:117db924cf7c | 197 | * a ^ (~b & c) == a ^ (c & (b ^ c)) == (a ^ b) ^ (b | c) |
wolfSSL | 15:117db924cf7c | 198 | * |
wolfSSL | 15:117db924cf7c | 199 | * s The state. |
wolfSSL | 15:117db924cf7c | 200 | * b Temporary array of XORed row values. |
wolfSSL | 15:117db924cf7c | 201 | * y The index of the row to work on. |
wolfSSL | 15:117db924cf7c | 202 | * x The index of the column. |
wolfSSL | 15:117db924cf7c | 203 | * t0 Temporary variable. |
wolfSSL | 15:117db924cf7c | 204 | * t1 Temporary variable. |
wolfSSL | 15:117db924cf7c | 205 | */ |
wolfSSL | 15:117db924cf7c | 206 | #define ROW_MIX(s, b, y, x, t12, t34) \ |
wolfSSL | 15:117db924cf7c | 207 | do \ |
wolfSSL | 15:117db924cf7c | 208 | { \ |
wolfSSL | 15:117db924cf7c | 209 | for (y = 0; y < 5; y++) \ |
wolfSSL | 15:117db924cf7c | 210 | { \ |
wolfSSL | 15:117db924cf7c | 211 | for (x = 0; x < 5; x++) \ |
wolfSSL | 15:117db924cf7c | 212 | b[x] = s[y * 5 + x]; \ |
wolfSSL | 15:117db924cf7c | 213 | t12 = (b[1] ^ b[2]); t34 = (b[3] ^ b[4]); \ |
wolfSSL | 15:117db924cf7c | 214 | s[y * 5 + 0] = b[0] ^ (b[2] & t12); \ |
wolfSSL | 15:117db924cf7c | 215 | s[y * 5 + 1] = t12 ^ (b[2] | b[3]); \ |
wolfSSL | 15:117db924cf7c | 216 | s[y * 5 + 2] = b[2] ^ (b[4] & t34); \ |
wolfSSL | 15:117db924cf7c | 217 | s[y * 5 + 3] = t34 ^ (b[4] | b[0]); \ |
wolfSSL | 15:117db924cf7c | 218 | s[y * 5 + 4] = b[4] ^ (b[1] & (b[0] ^ b[1])); \ |
wolfSSL | 15:117db924cf7c | 219 | } \ |
wolfSSL | 15:117db924cf7c | 220 | } \ |
wolfSSL | 15:117db924cf7c | 221 | while (0) |
wolfSSL | 15:117db924cf7c | 222 | #endif /* SHA3_BY_SPEC */ |
wolfSSL | 15:117db924cf7c | 223 | |
wolfSSL | 15:117db924cf7c | 224 | /* The block operation performed on the state. |
wolfSSL | 15:117db924cf7c | 225 | * |
wolfSSL | 15:117db924cf7c | 226 | * s The state. |
wolfSSL | 15:117db924cf7c | 227 | */ |
wolfSSL | 15:117db924cf7c | 228 | static void BlockSha3(word64 *s) |
wolfSSL | 15:117db924cf7c | 229 | { |
wolfSSL | 15:117db924cf7c | 230 | byte i, x, y; |
wolfSSL | 15:117db924cf7c | 231 | word64 t0, t1; |
wolfSSL | 15:117db924cf7c | 232 | word64 b[5]; |
wolfSSL | 15:117db924cf7c | 233 | |
wolfSSL | 15:117db924cf7c | 234 | for (i = 0; i < 24; i++) |
wolfSSL | 15:117db924cf7c | 235 | { |
wolfSSL | 15:117db924cf7c | 236 | COL_MIX(s, b, x, t0); |
wolfSSL | 15:117db924cf7c | 237 | |
wolfSSL | 15:117db924cf7c | 238 | t0 = s[1]; |
wolfSSL | 15:117db924cf7c | 239 | SWAP_ROTL(s, t0, t1, 0); |
wolfSSL | 15:117db924cf7c | 240 | SWAP_ROTL(s, t1, t0, 1); |
wolfSSL | 15:117db924cf7c | 241 | SWAP_ROTL(s, t0, t1, 2); |
wolfSSL | 15:117db924cf7c | 242 | SWAP_ROTL(s, t1, t0, 3); |
wolfSSL | 15:117db924cf7c | 243 | SWAP_ROTL(s, t0, t1, 4); |
wolfSSL | 15:117db924cf7c | 244 | SWAP_ROTL(s, t1, t0, 5); |
wolfSSL | 15:117db924cf7c | 245 | SWAP_ROTL(s, t0, t1, 6); |
wolfSSL | 15:117db924cf7c | 246 | SWAP_ROTL(s, t1, t0, 7); |
wolfSSL | 15:117db924cf7c | 247 | SWAP_ROTL(s, t0, t1, 8); |
wolfSSL | 15:117db924cf7c | 248 | SWAP_ROTL(s, t1, t0, 9); |
wolfSSL | 15:117db924cf7c | 249 | SWAP_ROTL(s, t0, t1, 10); |
wolfSSL | 15:117db924cf7c | 250 | SWAP_ROTL(s, t1, t0, 11); |
wolfSSL | 15:117db924cf7c | 251 | SWAP_ROTL(s, t0, t1, 12); |
wolfSSL | 15:117db924cf7c | 252 | SWAP_ROTL(s, t1, t0, 13); |
wolfSSL | 15:117db924cf7c | 253 | SWAP_ROTL(s, t0, t1, 14); |
wolfSSL | 15:117db924cf7c | 254 | SWAP_ROTL(s, t1, t0, 15); |
wolfSSL | 15:117db924cf7c | 255 | SWAP_ROTL(s, t0, t1, 16); |
wolfSSL | 15:117db924cf7c | 256 | SWAP_ROTL(s, t1, t0, 17); |
wolfSSL | 15:117db924cf7c | 257 | SWAP_ROTL(s, t0, t1, 18); |
wolfSSL | 15:117db924cf7c | 258 | SWAP_ROTL(s, t1, t0, 19); |
wolfSSL | 15:117db924cf7c | 259 | SWAP_ROTL(s, t0, t1, 20); |
wolfSSL | 15:117db924cf7c | 260 | SWAP_ROTL(s, t1, t0, 21); |
wolfSSL | 15:117db924cf7c | 261 | SWAP_ROTL(s, t0, t1, 22); |
wolfSSL | 15:117db924cf7c | 262 | SWAP_ROTL(s, t1, t0, 23); |
wolfSSL | 15:117db924cf7c | 263 | |
wolfSSL | 15:117db924cf7c | 264 | ROW_MIX(s, b, y, x, t0, t1); |
wolfSSL | 15:117db924cf7c | 265 | |
wolfSSL | 15:117db924cf7c | 266 | s[0] ^= hash_keccak_r[i]; |
wolfSSL | 15:117db924cf7c | 267 | } |
wolfSSL | 15:117db924cf7c | 268 | } |
wolfSSL | 15:117db924cf7c | 269 | #else |
wolfSSL | 15:117db924cf7c | 270 | /* Rotate a 64-bit value left. |
wolfSSL | 15:117db924cf7c | 271 | * |
wolfSSL | 15:117db924cf7c | 272 | * a Number to rotate left. |
wolfSSL | 15:117db924cf7c | 273 | * r Number od bits to rotate left. |
wolfSSL | 15:117db924cf7c | 274 | * returns the rotated number. |
wolfSSL | 15:117db924cf7c | 275 | */ |
wolfSSL | 15:117db924cf7c | 276 | #define ROTL64(a, n) (((a)<<(n))|((a)>>(64-(n)))) |
wolfSSL | 15:117db924cf7c | 277 | |
wolfSSL | 15:117db924cf7c | 278 | /* An array of values to XOR for block operation. */ |
wolfSSL | 15:117db924cf7c | 279 | static const word64 hash_keccak_r[24] = |
wolfSSL | 15:117db924cf7c | 280 | { |
wolfSSL | 15:117db924cf7c | 281 | 0x0000000000000001UL, 0x0000000000008082UL, |
wolfSSL | 15:117db924cf7c | 282 | 0x800000000000808aUL, 0x8000000080008000UL, |
wolfSSL | 15:117db924cf7c | 283 | 0x000000000000808bUL, 0x0000000080000001UL, |
wolfSSL | 15:117db924cf7c | 284 | 0x8000000080008081UL, 0x8000000000008009UL, |
wolfSSL | 15:117db924cf7c | 285 | 0x000000000000008aUL, 0x0000000000000088UL, |
wolfSSL | 15:117db924cf7c | 286 | 0x0000000080008009UL, 0x000000008000000aUL, |
wolfSSL | 15:117db924cf7c | 287 | 0x000000008000808bUL, 0x800000000000008bUL, |
wolfSSL | 15:117db924cf7c | 288 | 0x8000000000008089UL, 0x8000000000008003UL, |
wolfSSL | 15:117db924cf7c | 289 | 0x8000000000008002UL, 0x8000000000000080UL, |
wolfSSL | 15:117db924cf7c | 290 | 0x000000000000800aUL, 0x800000008000000aUL, |
wolfSSL | 15:117db924cf7c | 291 | 0x8000000080008081UL, 0x8000000000008080UL, |
wolfSSL | 15:117db924cf7c | 292 | 0x0000000080000001UL, 0x8000000080008008UL |
wolfSSL | 15:117db924cf7c | 293 | }; |
wolfSSL | 15:117db924cf7c | 294 | |
wolfSSL | 16:8e0d178b1d1e | 295 | /* Indices used in swap and rotate operation. */ |
wolfSSL | 15:117db924cf7c | 296 | #define KI_0 6 |
wolfSSL | 15:117db924cf7c | 297 | #define KI_1 12 |
wolfSSL | 15:117db924cf7c | 298 | #define KI_2 18 |
wolfSSL | 15:117db924cf7c | 299 | #define KI_3 24 |
wolfSSL | 15:117db924cf7c | 300 | #define KI_4 3 |
wolfSSL | 15:117db924cf7c | 301 | #define KI_5 9 |
wolfSSL | 15:117db924cf7c | 302 | #define KI_6 10 |
wolfSSL | 15:117db924cf7c | 303 | #define KI_7 16 |
wolfSSL | 15:117db924cf7c | 304 | #define KI_8 22 |
wolfSSL | 15:117db924cf7c | 305 | #define KI_9 1 |
wolfSSL | 15:117db924cf7c | 306 | #define KI_10 7 |
wolfSSL | 15:117db924cf7c | 307 | #define KI_11 13 |
wolfSSL | 15:117db924cf7c | 308 | #define KI_12 19 |
wolfSSL | 15:117db924cf7c | 309 | #define KI_13 20 |
wolfSSL | 15:117db924cf7c | 310 | #define KI_14 4 |
wolfSSL | 15:117db924cf7c | 311 | #define KI_15 5 |
wolfSSL | 15:117db924cf7c | 312 | #define KI_16 11 |
wolfSSL | 15:117db924cf7c | 313 | #define KI_17 17 |
wolfSSL | 15:117db924cf7c | 314 | #define KI_18 23 |
wolfSSL | 15:117db924cf7c | 315 | #define KI_19 2 |
wolfSSL | 15:117db924cf7c | 316 | #define KI_20 8 |
wolfSSL | 15:117db924cf7c | 317 | #define KI_21 14 |
wolfSSL | 15:117db924cf7c | 318 | #define KI_22 15 |
wolfSSL | 15:117db924cf7c | 319 | #define KI_23 21 |
wolfSSL | 15:117db924cf7c | 320 | |
wolfSSL | 15:117db924cf7c | 321 | /* Number of bits to rotate in swap and rotate operation. */ |
wolfSSL | 15:117db924cf7c | 322 | #define KR_0 44 |
wolfSSL | 15:117db924cf7c | 323 | #define KR_1 43 |
wolfSSL | 15:117db924cf7c | 324 | #define KR_2 21 |
wolfSSL | 15:117db924cf7c | 325 | #define KR_3 14 |
wolfSSL | 15:117db924cf7c | 326 | #define KR_4 28 |
wolfSSL | 15:117db924cf7c | 327 | #define KR_5 20 |
wolfSSL | 15:117db924cf7c | 328 | #define KR_6 3 |
wolfSSL | 15:117db924cf7c | 329 | #define KR_7 45 |
wolfSSL | 15:117db924cf7c | 330 | #define KR_8 61 |
wolfSSL | 15:117db924cf7c | 331 | #define KR_9 1 |
wolfSSL | 15:117db924cf7c | 332 | #define KR_10 6 |
wolfSSL | 15:117db924cf7c | 333 | #define KR_11 25 |
wolfSSL | 15:117db924cf7c | 334 | #define KR_12 8 |
wolfSSL | 15:117db924cf7c | 335 | #define KR_13 18 |
wolfSSL | 15:117db924cf7c | 336 | #define KR_14 27 |
wolfSSL | 15:117db924cf7c | 337 | #define KR_15 36 |
wolfSSL | 15:117db924cf7c | 338 | #define KR_16 10 |
wolfSSL | 15:117db924cf7c | 339 | #define KR_17 15 |
wolfSSL | 15:117db924cf7c | 340 | #define KR_18 56 |
wolfSSL | 15:117db924cf7c | 341 | #define KR_19 62 |
wolfSSL | 15:117db924cf7c | 342 | #define KR_20 55 |
wolfSSL | 15:117db924cf7c | 343 | #define KR_21 39 |
wolfSSL | 15:117db924cf7c | 344 | #define KR_22 41 |
wolfSSL | 15:117db924cf7c | 345 | #define KR_23 2 |
wolfSSL | 15:117db924cf7c | 346 | |
wolfSSL | 15:117db924cf7c | 347 | /* Mix the XOR of the column's values into each number by column. |
wolfSSL | 15:117db924cf7c | 348 | * |
wolfSSL | 15:117db924cf7c | 349 | * s The state. |
wolfSSL | 15:117db924cf7c | 350 | * b Temporary array of XORed column values. |
wolfSSL | 15:117db924cf7c | 351 | * x The index of the column. |
wolfSSL | 15:117db924cf7c | 352 | * t Temporary variable. |
wolfSSL | 15:117db924cf7c | 353 | */ |
wolfSSL | 15:117db924cf7c | 354 | #define COL_MIX(s, b, x, t) \ |
wolfSSL | 15:117db924cf7c | 355 | do \ |
wolfSSL | 15:117db924cf7c | 356 | { \ |
wolfSSL | 15:117db924cf7c | 357 | b[0] = s[0] ^ s[5] ^ s[10] ^ s[15] ^ s[20]; \ |
wolfSSL | 15:117db924cf7c | 358 | b[1] = s[1] ^ s[6] ^ s[11] ^ s[16] ^ s[21]; \ |
wolfSSL | 15:117db924cf7c | 359 | b[2] = s[2] ^ s[7] ^ s[12] ^ s[17] ^ s[22]; \ |
wolfSSL | 15:117db924cf7c | 360 | b[3] = s[3] ^ s[8] ^ s[13] ^ s[18] ^ s[23]; \ |
wolfSSL | 15:117db924cf7c | 361 | b[4] = s[4] ^ s[9] ^ s[14] ^ s[19] ^ s[24]; \ |
wolfSSL | 15:117db924cf7c | 362 | t = b[(0 + 4) % 5] ^ ROTL64(b[(0 + 1) % 5], 1); \ |
wolfSSL | 15:117db924cf7c | 363 | s[ 0] ^= t; s[ 5] ^= t; s[10] ^= t; s[15] ^= t; s[20] ^= t; \ |
wolfSSL | 15:117db924cf7c | 364 | t = b[(1 + 4) % 5] ^ ROTL64(b[(1 + 1) % 5], 1); \ |
wolfSSL | 15:117db924cf7c | 365 | s[ 1] ^= t; s[ 6] ^= t; s[11] ^= t; s[16] ^= t; s[21] ^= t; \ |
wolfSSL | 15:117db924cf7c | 366 | t = b[(2 + 4) % 5] ^ ROTL64(b[(2 + 1) % 5], 1); \ |
wolfSSL | 15:117db924cf7c | 367 | s[ 2] ^= t; s[ 7] ^= t; s[12] ^= t; s[17] ^= t; s[22] ^= t; \ |
wolfSSL | 15:117db924cf7c | 368 | t = b[(3 + 4) % 5] ^ ROTL64(b[(3 + 1) % 5], 1); \ |
wolfSSL | 15:117db924cf7c | 369 | s[ 3] ^= t; s[ 8] ^= t; s[13] ^= t; s[18] ^= t; s[23] ^= t; \ |
wolfSSL | 15:117db924cf7c | 370 | t = b[(4 + 4) % 5] ^ ROTL64(b[(4 + 1) % 5], 1); \ |
wolfSSL | 15:117db924cf7c | 371 | s[ 4] ^= t; s[ 9] ^= t; s[14] ^= t; s[19] ^= t; s[24] ^= t; \ |
wolfSSL | 15:117db924cf7c | 372 | } \ |
wolfSSL | 15:117db924cf7c | 373 | while (0) |
wolfSSL | 15:117db924cf7c | 374 | |
wolfSSL | 15:117db924cf7c | 375 | #define S(s1, i) ROTL64(s1[KI_##i], KR_##i) |
wolfSSL | 15:117db924cf7c | 376 | |
wolfSSL | 15:117db924cf7c | 377 | #ifdef SHA3_BY_SPEC |
wolfSSL | 15:117db924cf7c | 378 | /* Mix the row values. |
wolfSSL | 15:117db924cf7c | 379 | * BMI1 has ANDN instruction ((~a) & b) - Haswell and above. |
wolfSSL | 15:117db924cf7c | 380 | * |
wolfSSL | 15:117db924cf7c | 381 | * s2 The new state. |
wolfSSL | 15:117db924cf7c | 382 | * s1 The current state. |
wolfSSL | 15:117db924cf7c | 383 | * b Temporary array of XORed row values. |
wolfSSL | 15:117db924cf7c | 384 | * t0 Temporary variable. (Unused) |
wolfSSL | 15:117db924cf7c | 385 | * t1 Temporary variable. (Unused) |
wolfSSL | 15:117db924cf7c | 386 | */ |
wolfSSL | 15:117db924cf7c | 387 | #define ROW_MIX(s2, s1, b, t0, t1) \ |
wolfSSL | 15:117db924cf7c | 388 | do \ |
wolfSSL | 15:117db924cf7c | 389 | { \ |
wolfSSL | 15:117db924cf7c | 390 | b[0] = s1[0]; \ |
wolfSSL | 15:117db924cf7c | 391 | b[1] = S(s1, 0); \ |
wolfSSL | 15:117db924cf7c | 392 | b[2] = S(s1, 1); \ |
wolfSSL | 15:117db924cf7c | 393 | b[3] = S(s1, 2); \ |
wolfSSL | 15:117db924cf7c | 394 | b[4] = S(s1, 3); \ |
wolfSSL | 15:117db924cf7c | 395 | s2[0] = b[0] ^ (~b[1] & b[2]); \ |
wolfSSL | 15:117db924cf7c | 396 | s2[1] = b[1] ^ (~b[2] & b[3]); \ |
wolfSSL | 15:117db924cf7c | 397 | s2[2] = b[2] ^ (~b[3] & b[4]); \ |
wolfSSL | 15:117db924cf7c | 398 | s2[3] = b[3] ^ (~b[4] & b[0]); \ |
wolfSSL | 15:117db924cf7c | 399 | s2[4] = b[4] ^ (~b[0] & b[1]); \ |
wolfSSL | 15:117db924cf7c | 400 | b[0] = S(s1, 4); \ |
wolfSSL | 15:117db924cf7c | 401 | b[1] = S(s1, 5); \ |
wolfSSL | 15:117db924cf7c | 402 | b[2] = S(s1, 6); \ |
wolfSSL | 15:117db924cf7c | 403 | b[3] = S(s1, 7); \ |
wolfSSL | 15:117db924cf7c | 404 | b[4] = S(s1, 8); \ |
wolfSSL | 15:117db924cf7c | 405 | s2[5] = b[0] ^ (~b[1] & b[2]); \ |
wolfSSL | 15:117db924cf7c | 406 | s2[6] = b[1] ^ (~b[2] & b[3]); \ |
wolfSSL | 15:117db924cf7c | 407 | s2[7] = b[2] ^ (~b[3] & b[4]); \ |
wolfSSL | 15:117db924cf7c | 408 | s2[8] = b[3] ^ (~b[4] & b[0]); \ |
wolfSSL | 15:117db924cf7c | 409 | s2[9] = b[4] ^ (~b[0] & b[1]); \ |
wolfSSL | 15:117db924cf7c | 410 | b[0] = S(s1, 9); \ |
wolfSSL | 15:117db924cf7c | 411 | b[1] = S(s1, 10); \ |
wolfSSL | 15:117db924cf7c | 412 | b[2] = S(s1, 11); \ |
wolfSSL | 15:117db924cf7c | 413 | b[3] = S(s1, 12); \ |
wolfSSL | 15:117db924cf7c | 414 | b[4] = S(s1, 13); \ |
wolfSSL | 15:117db924cf7c | 415 | s2[10] = b[0] ^ (~b[1] & b[2]); \ |
wolfSSL | 15:117db924cf7c | 416 | s2[11] = b[1] ^ (~b[2] & b[3]); \ |
wolfSSL | 15:117db924cf7c | 417 | s2[12] = b[2] ^ (~b[3] & b[4]); \ |
wolfSSL | 15:117db924cf7c | 418 | s2[13] = b[3] ^ (~b[4] & b[0]); \ |
wolfSSL | 15:117db924cf7c | 419 | s2[14] = b[4] ^ (~b[0] & b[1]); \ |
wolfSSL | 15:117db924cf7c | 420 | b[0] = S(s1, 14); \ |
wolfSSL | 15:117db924cf7c | 421 | b[1] = S(s1, 15); \ |
wolfSSL | 15:117db924cf7c | 422 | b[2] = S(s1, 16); \ |
wolfSSL | 15:117db924cf7c | 423 | b[3] = S(s1, 17); \ |
wolfSSL | 15:117db924cf7c | 424 | b[4] = S(s1, 18); \ |
wolfSSL | 15:117db924cf7c | 425 | s2[15] = b[0] ^ (~b[1] & b[2]); \ |
wolfSSL | 15:117db924cf7c | 426 | s2[16] = b[1] ^ (~b[2] & b[3]); \ |
wolfSSL | 15:117db924cf7c | 427 | s2[17] = b[2] ^ (~b[3] & b[4]); \ |
wolfSSL | 15:117db924cf7c | 428 | s2[18] = b[3] ^ (~b[4] & b[0]); \ |
wolfSSL | 15:117db924cf7c | 429 | s2[19] = b[4] ^ (~b[0] & b[1]); \ |
wolfSSL | 15:117db924cf7c | 430 | b[0] = S(s1, 19); \ |
wolfSSL | 15:117db924cf7c | 431 | b[1] = S(s1, 20); \ |
wolfSSL | 15:117db924cf7c | 432 | b[2] = S(s1, 21); \ |
wolfSSL | 15:117db924cf7c | 433 | b[3] = S(s1, 22); \ |
wolfSSL | 15:117db924cf7c | 434 | b[4] = S(s1, 23); \ |
wolfSSL | 15:117db924cf7c | 435 | s2[20] = b[0] ^ (~b[1] & b[2]); \ |
wolfSSL | 15:117db924cf7c | 436 | s2[21] = b[1] ^ (~b[2] & b[3]); \ |
wolfSSL | 15:117db924cf7c | 437 | s2[22] = b[2] ^ (~b[3] & b[4]); \ |
wolfSSL | 15:117db924cf7c | 438 | s2[23] = b[3] ^ (~b[4] & b[0]); \ |
wolfSSL | 15:117db924cf7c | 439 | s2[24] = b[4] ^ (~b[0] & b[1]); \ |
wolfSSL | 15:117db924cf7c | 440 | } \ |
wolfSSL | 15:117db924cf7c | 441 | while (0) |
wolfSSL | 15:117db924cf7c | 442 | #else |
wolfSSL | 15:117db924cf7c | 443 | /* Mix the row values. |
wolfSSL | 15:117db924cf7c | 444 | * a ^ (~b & c) == a ^ (c & (b ^ c)) == (a ^ b) ^ (b | c) |
wolfSSL | 15:117db924cf7c | 445 | * |
wolfSSL | 15:117db924cf7c | 446 | * s2 The new state. |
wolfSSL | 15:117db924cf7c | 447 | * s1 The current state. |
wolfSSL | 15:117db924cf7c | 448 | * b Temporary array of XORed row values. |
wolfSSL | 15:117db924cf7c | 449 | * t12 Temporary variable. |
wolfSSL | 15:117db924cf7c | 450 | * t34 Temporary variable. |
wolfSSL | 15:117db924cf7c | 451 | */ |
wolfSSL | 15:117db924cf7c | 452 | #define ROW_MIX(s2, s1, b, t12, t34) \ |
wolfSSL | 15:117db924cf7c | 453 | do \ |
wolfSSL | 15:117db924cf7c | 454 | { \ |
wolfSSL | 15:117db924cf7c | 455 | b[0] = s1[0]; \ |
wolfSSL | 15:117db924cf7c | 456 | b[1] = S(s1, 0); \ |
wolfSSL | 15:117db924cf7c | 457 | b[2] = S(s1, 1); \ |
wolfSSL | 15:117db924cf7c | 458 | b[3] = S(s1, 2); \ |
wolfSSL | 15:117db924cf7c | 459 | b[4] = S(s1, 3); \ |
wolfSSL | 15:117db924cf7c | 460 | t12 = (b[1] ^ b[2]); t34 = (b[3] ^ b[4]); \ |
wolfSSL | 15:117db924cf7c | 461 | s2[0] = b[0] ^ (b[2] & t12); \ |
wolfSSL | 15:117db924cf7c | 462 | s2[1] = t12 ^ (b[2] | b[3]); \ |
wolfSSL | 15:117db924cf7c | 463 | s2[2] = b[2] ^ (b[4] & t34); \ |
wolfSSL | 15:117db924cf7c | 464 | s2[3] = t34 ^ (b[4] | b[0]); \ |
wolfSSL | 15:117db924cf7c | 465 | s2[4] = b[4] ^ (b[1] & (b[0] ^ b[1])); \ |
wolfSSL | 15:117db924cf7c | 466 | b[0] = S(s1, 4); \ |
wolfSSL | 15:117db924cf7c | 467 | b[1] = S(s1, 5); \ |
wolfSSL | 15:117db924cf7c | 468 | b[2] = S(s1, 6); \ |
wolfSSL | 15:117db924cf7c | 469 | b[3] = S(s1, 7); \ |
wolfSSL | 15:117db924cf7c | 470 | b[4] = S(s1, 8); \ |
wolfSSL | 15:117db924cf7c | 471 | t12 = (b[1] ^ b[2]); t34 = (b[3] ^ b[4]); \ |
wolfSSL | 15:117db924cf7c | 472 | s2[5] = b[0] ^ (b[2] & t12); \ |
wolfSSL | 15:117db924cf7c | 473 | s2[6] = t12 ^ (b[2] | b[3]); \ |
wolfSSL | 15:117db924cf7c | 474 | s2[7] = b[2] ^ (b[4] & t34); \ |
wolfSSL | 15:117db924cf7c | 475 | s2[8] = t34 ^ (b[4] | b[0]); \ |
wolfSSL | 15:117db924cf7c | 476 | s2[9] = b[4] ^ (b[1] & (b[0] ^ b[1])); \ |
wolfSSL | 15:117db924cf7c | 477 | b[0] = S(s1, 9); \ |
wolfSSL | 15:117db924cf7c | 478 | b[1] = S(s1, 10); \ |
wolfSSL | 15:117db924cf7c | 479 | b[2] = S(s1, 11); \ |
wolfSSL | 15:117db924cf7c | 480 | b[3] = S(s1, 12); \ |
wolfSSL | 15:117db924cf7c | 481 | b[4] = S(s1, 13); \ |
wolfSSL | 15:117db924cf7c | 482 | t12 = (b[1] ^ b[2]); t34 = (b[3] ^ b[4]); \ |
wolfSSL | 15:117db924cf7c | 483 | s2[10] = b[0] ^ (b[2] & t12); \ |
wolfSSL | 15:117db924cf7c | 484 | s2[11] = t12 ^ (b[2] | b[3]); \ |
wolfSSL | 15:117db924cf7c | 485 | s2[12] = b[2] ^ (b[4] & t34); \ |
wolfSSL | 15:117db924cf7c | 486 | s2[13] = t34 ^ (b[4] | b[0]); \ |
wolfSSL | 15:117db924cf7c | 487 | s2[14] = b[4] ^ (b[1] & (b[0] ^ b[1])); \ |
wolfSSL | 15:117db924cf7c | 488 | b[0] = S(s1, 14); \ |
wolfSSL | 15:117db924cf7c | 489 | b[1] = S(s1, 15); \ |
wolfSSL | 15:117db924cf7c | 490 | b[2] = S(s1, 16); \ |
wolfSSL | 15:117db924cf7c | 491 | b[3] = S(s1, 17); \ |
wolfSSL | 15:117db924cf7c | 492 | b[4] = S(s1, 18); \ |
wolfSSL | 15:117db924cf7c | 493 | t12 = (b[1] ^ b[2]); t34 = (b[3] ^ b[4]); \ |
wolfSSL | 15:117db924cf7c | 494 | s2[15] = b[0] ^ (b[2] & t12); \ |
wolfSSL | 15:117db924cf7c | 495 | s2[16] = t12 ^ (b[2] | b[3]); \ |
wolfSSL | 15:117db924cf7c | 496 | s2[17] = b[2] ^ (b[4] & t34); \ |
wolfSSL | 15:117db924cf7c | 497 | s2[18] = t34 ^ (b[4] | b[0]); \ |
wolfSSL | 15:117db924cf7c | 498 | s2[19] = b[4] ^ (b[1] & (b[0] ^ b[1])); \ |
wolfSSL | 15:117db924cf7c | 499 | b[0] = S(s1, 19); \ |
wolfSSL | 15:117db924cf7c | 500 | b[1] = S(s1, 20); \ |
wolfSSL | 15:117db924cf7c | 501 | b[2] = S(s1, 21); \ |
wolfSSL | 15:117db924cf7c | 502 | b[3] = S(s1, 22); \ |
wolfSSL | 15:117db924cf7c | 503 | b[4] = S(s1, 23); \ |
wolfSSL | 15:117db924cf7c | 504 | t12 = (b[1] ^ b[2]); t34 = (b[3] ^ b[4]); \ |
wolfSSL | 15:117db924cf7c | 505 | s2[20] = b[0] ^ (b[2] & t12); \ |
wolfSSL | 15:117db924cf7c | 506 | s2[21] = t12 ^ (b[2] | b[3]); \ |
wolfSSL | 15:117db924cf7c | 507 | s2[22] = b[2] ^ (b[4] & t34); \ |
wolfSSL | 15:117db924cf7c | 508 | s2[23] = t34 ^ (b[4] | b[0]); \ |
wolfSSL | 15:117db924cf7c | 509 | s2[24] = b[4] ^ (b[1] & (b[0] ^ b[1])); \ |
wolfSSL | 15:117db924cf7c | 510 | } \ |
wolfSSL | 15:117db924cf7c | 511 | while (0) |
wolfSSL | 15:117db924cf7c | 512 | #endif /* SHA3_BY_SPEC */ |
wolfSSL | 15:117db924cf7c | 513 | |
wolfSSL | 15:117db924cf7c | 514 | /* The block operation performed on the state. |
wolfSSL | 15:117db924cf7c | 515 | * |
wolfSSL | 15:117db924cf7c | 516 | * s The state. |
wolfSSL | 15:117db924cf7c | 517 | */ |
wolfSSL | 15:117db924cf7c | 518 | static void BlockSha3(word64 *s) |
wolfSSL | 15:117db924cf7c | 519 | { |
wolfSSL | 15:117db924cf7c | 520 | word64 n[25]; |
wolfSSL | 15:117db924cf7c | 521 | word64 b[5]; |
wolfSSL | 15:117db924cf7c | 522 | word64 t0; |
wolfSSL | 15:117db924cf7c | 523 | #ifndef SHA3_BY_SPEC |
wolfSSL | 15:117db924cf7c | 524 | word64 t1; |
wolfSSL | 15:117db924cf7c | 525 | #endif |
wolfSSL | 15:117db924cf7c | 526 | byte i; |
wolfSSL | 15:117db924cf7c | 527 | |
wolfSSL | 15:117db924cf7c | 528 | for (i = 0; i < 24; i += 2) |
wolfSSL | 15:117db924cf7c | 529 | { |
wolfSSL | 15:117db924cf7c | 530 | COL_MIX(s, b, x, t0); |
wolfSSL | 15:117db924cf7c | 531 | ROW_MIX(n, s, b, t0, t1); |
wolfSSL | 15:117db924cf7c | 532 | n[0] ^= hash_keccak_r[i]; |
wolfSSL | 15:117db924cf7c | 533 | |
wolfSSL | 15:117db924cf7c | 534 | COL_MIX(n, b, x, t0); |
wolfSSL | 15:117db924cf7c | 535 | ROW_MIX(s, n, b, t0, t1); |
wolfSSL | 15:117db924cf7c | 536 | s[0] ^= hash_keccak_r[i+1]; |
wolfSSL | 15:117db924cf7c | 537 | } |
wolfSSL | 15:117db924cf7c | 538 | } |
wolfSSL | 15:117db924cf7c | 539 | #endif /* WOLFSSL_SHA3_SMALL */ |
wolfSSL | 15:117db924cf7c | 540 | |
wolfSSL | 15:117db924cf7c | 541 | /* Convert the array of bytes, in little-endian order, to a 64-bit integer. |
wolfSSL | 15:117db924cf7c | 542 | * |
wolfSSL | 15:117db924cf7c | 543 | * a Array of bytes. |
wolfSSL | 15:117db924cf7c | 544 | * returns a 64-bit integer. |
wolfSSL | 15:117db924cf7c | 545 | */ |
wolfSSL | 15:117db924cf7c | 546 | static word64 Load64BitBigEndian(const byte* a) |
wolfSSL | 15:117db924cf7c | 547 | { |
wolfSSL | 15:117db924cf7c | 548 | #ifdef BIG_ENDIAN_ORDER |
wolfSSL | 15:117db924cf7c | 549 | word64 n = 0; |
wolfSSL | 15:117db924cf7c | 550 | int i; |
wolfSSL | 15:117db924cf7c | 551 | |
wolfSSL | 15:117db924cf7c | 552 | for (i = 0; i < 8; i++) |
wolfSSL | 15:117db924cf7c | 553 | n |= (word64)a[i] << (8 * i); |
wolfSSL | 15:117db924cf7c | 554 | |
wolfSSL | 15:117db924cf7c | 555 | return n; |
wolfSSL | 15:117db924cf7c | 556 | #else |
wolfSSL | 15:117db924cf7c | 557 | return *(word64*)a; |
wolfSSL | 15:117db924cf7c | 558 | #endif |
wolfSSL | 15:117db924cf7c | 559 | } |
wolfSSL | 15:117db924cf7c | 560 | |
wolfSSL | 15:117db924cf7c | 561 | /* Initialize the state for a SHA3-224 hash operation. |
wolfSSL | 15:117db924cf7c | 562 | * |
wolfSSL | 15:117db924cf7c | 563 | * sha3 wc_Sha3 object holding state. |
wolfSSL | 15:117db924cf7c | 564 | * returns 0 on success. |
wolfSSL | 15:117db924cf7c | 565 | */ |
wolfSSL | 15:117db924cf7c | 566 | static int InitSha3(wc_Sha3* sha3) |
wolfSSL | 15:117db924cf7c | 567 | { |
wolfSSL | 15:117db924cf7c | 568 | int i; |
wolfSSL | 15:117db924cf7c | 569 | |
wolfSSL | 15:117db924cf7c | 570 | for (i = 0; i < 25; i++) |
wolfSSL | 15:117db924cf7c | 571 | sha3->s[i] = 0; |
wolfSSL | 15:117db924cf7c | 572 | sha3->i = 0; |
wolfSSL | 16:8e0d178b1d1e | 573 | #if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) |
wolfSSL | 16:8e0d178b1d1e | 574 | sha3->flags = 0; |
wolfSSL | 16:8e0d178b1d1e | 575 | #endif |
wolfSSL | 15:117db924cf7c | 576 | |
wolfSSL | 15:117db924cf7c | 577 | return 0; |
wolfSSL | 15:117db924cf7c | 578 | } |
wolfSSL | 15:117db924cf7c | 579 | |
wolfSSL | 15:117db924cf7c | 580 | /* Update the SHA-3 hash state with message data. |
wolfSSL | 15:117db924cf7c | 581 | * |
wolfSSL | 15:117db924cf7c | 582 | * sha3 wc_Sha3 object holding state. |
wolfSSL | 15:117db924cf7c | 583 | * data Message data to be hashed. |
wolfSSL | 15:117db924cf7c | 584 | * len Length of the message data. |
wolfSSL | 15:117db924cf7c | 585 | * p Number of 64-bit numbers in a block of data to process. |
wolfSSL | 15:117db924cf7c | 586 | * returns 0 on success. |
wolfSSL | 15:117db924cf7c | 587 | */ |
wolfSSL | 15:117db924cf7c | 588 | static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p) |
wolfSSL | 15:117db924cf7c | 589 | { |
wolfSSL | 15:117db924cf7c | 590 | byte i; |
wolfSSL | 15:117db924cf7c | 591 | byte l; |
wolfSSL | 15:117db924cf7c | 592 | byte *t; |
wolfSSL | 15:117db924cf7c | 593 | |
wolfSSL | 15:117db924cf7c | 594 | if (sha3->i > 0) |
wolfSSL | 15:117db924cf7c | 595 | { |
wolfSSL | 15:117db924cf7c | 596 | l = p * 8 - sha3->i; |
wolfSSL | 15:117db924cf7c | 597 | if (l > len) { |
wolfSSL | 15:117db924cf7c | 598 | l = (byte)len; |
wolfSSL | 15:117db924cf7c | 599 | } |
wolfSSL | 15:117db924cf7c | 600 | |
wolfSSL | 15:117db924cf7c | 601 | t = &sha3->t[sha3->i]; |
wolfSSL | 15:117db924cf7c | 602 | for (i = 0; i < l; i++) |
wolfSSL | 15:117db924cf7c | 603 | t[i] = data[i]; |
wolfSSL | 15:117db924cf7c | 604 | data += i; |
wolfSSL | 15:117db924cf7c | 605 | len -= i; |
wolfSSL | 15:117db924cf7c | 606 | sha3->i += i; |
wolfSSL | 15:117db924cf7c | 607 | |
wolfSSL | 15:117db924cf7c | 608 | if (sha3->i == p * 8) |
wolfSSL | 15:117db924cf7c | 609 | { |
wolfSSL | 15:117db924cf7c | 610 | for (i = 0; i < p; i++) |
wolfSSL | 15:117db924cf7c | 611 | sha3->s[i] ^= Load64BitBigEndian(sha3->t + 8 * i); |
wolfSSL | 15:117db924cf7c | 612 | BlockSha3(sha3->s); |
wolfSSL | 15:117db924cf7c | 613 | sha3->i = 0; |
wolfSSL | 15:117db924cf7c | 614 | } |
wolfSSL | 15:117db924cf7c | 615 | } |
wolfSSL | 15:117db924cf7c | 616 | while (len >= ((word32)(p * 8))) |
wolfSSL | 15:117db924cf7c | 617 | { |
wolfSSL | 15:117db924cf7c | 618 | for (i = 0; i < p; i++) |
wolfSSL | 15:117db924cf7c | 619 | sha3->s[i] ^= Load64BitBigEndian(data + 8 * i); |
wolfSSL | 15:117db924cf7c | 620 | BlockSha3(sha3->s); |
wolfSSL | 15:117db924cf7c | 621 | len -= p * 8; |
wolfSSL | 15:117db924cf7c | 622 | data += p * 8; |
wolfSSL | 15:117db924cf7c | 623 | } |
wolfSSL | 15:117db924cf7c | 624 | for (i = 0; i < len; i++) |
wolfSSL | 15:117db924cf7c | 625 | sha3->t[i] = data[i]; |
wolfSSL | 15:117db924cf7c | 626 | sha3->i += i; |
wolfSSL | 15:117db924cf7c | 627 | |
wolfSSL | 15:117db924cf7c | 628 | return 0; |
wolfSSL | 15:117db924cf7c | 629 | } |
wolfSSL | 15:117db924cf7c | 630 | |
wolfSSL | 15:117db924cf7c | 631 | /* Calculate the SHA-3 hash based on all the message data seen. |
wolfSSL | 15:117db924cf7c | 632 | * |
wolfSSL | 15:117db924cf7c | 633 | * sha3 wc_Sha3 object holding state. |
wolfSSL | 15:117db924cf7c | 634 | * hash Buffer to hold the hash result. |
wolfSSL | 15:117db924cf7c | 635 | * p Number of 64-bit numbers in a block of data to process. |
wolfSSL | 15:117db924cf7c | 636 | * len Number of bytes in output. |
wolfSSL | 15:117db924cf7c | 637 | * returns 0 on success. |
wolfSSL | 15:117db924cf7c | 638 | */ |
wolfSSL | 16:8e0d178b1d1e | 639 | static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, byte l) |
wolfSSL | 15:117db924cf7c | 640 | { |
wolfSSL | 15:117db924cf7c | 641 | byte i; |
wolfSSL | 15:117db924cf7c | 642 | byte *s8 = (byte *)sha3->s; |
wolfSSL | 15:117db924cf7c | 643 | |
wolfSSL | 15:117db924cf7c | 644 | sha3->t[p * 8 - 1] = 0x00; |
wolfSSL | 16:8e0d178b1d1e | 645 | #ifdef WOLFSSL_HASH_FLAGS |
wolfSSL | 16:8e0d178b1d1e | 646 | if (p == WC_SHA3_256_COUNT && sha3->flags & WC_HASH_SHA3_KECCAK256) { |
wolfSSL | 16:8e0d178b1d1e | 647 | padChar = 0x01; |
wolfSSL | 16:8e0d178b1d1e | 648 | } |
wolfSSL | 16:8e0d178b1d1e | 649 | #endif |
wolfSSL | 16:8e0d178b1d1e | 650 | sha3->t[ sha3->i] = padChar; |
wolfSSL | 15:117db924cf7c | 651 | sha3->t[p * 8 - 1] |= 0x80; |
wolfSSL | 15:117db924cf7c | 652 | for (i=sha3->i + 1; i < p * 8 - 1; i++) |
wolfSSL | 15:117db924cf7c | 653 | sha3->t[i] = 0; |
wolfSSL | 15:117db924cf7c | 654 | for (i = 0; i < p; i++) |
wolfSSL | 15:117db924cf7c | 655 | sha3->s[i] ^= Load64BitBigEndian(sha3->t + 8 * i); |
wolfSSL | 15:117db924cf7c | 656 | BlockSha3(sha3->s); |
wolfSSL | 15:117db924cf7c | 657 | #if defined(BIG_ENDIAN_ORDER) |
wolfSSL | 15:117db924cf7c | 658 | ByteReverseWords64(sha3->s, sha3->s, ((l+7)/8)*8); |
wolfSSL | 15:117db924cf7c | 659 | #endif |
wolfSSL | 15:117db924cf7c | 660 | for (i = 0; i < l; i++) |
wolfSSL | 15:117db924cf7c | 661 | hash[i] = s8[i]; |
wolfSSL | 15:117db924cf7c | 662 | |
wolfSSL | 15:117db924cf7c | 663 | return 0; |
wolfSSL | 15:117db924cf7c | 664 | } |
wolfSSL | 15:117db924cf7c | 665 | |
wolfSSL | 15:117db924cf7c | 666 | /* Initialize the state for a SHA-3 hash operation. |
wolfSSL | 15:117db924cf7c | 667 | * |
wolfSSL | 15:117db924cf7c | 668 | * sha3 wc_Sha3 object holding state. |
wolfSSL | 15:117db924cf7c | 669 | * heap Heap reference for dynamic memory allocation. (Used in async ops.) |
wolfSSL | 15:117db924cf7c | 670 | * devId Device identifier for asynchronous operation. |
wolfSSL | 15:117db924cf7c | 671 | * returns 0 on success. |
wolfSSL | 15:117db924cf7c | 672 | */ |
wolfSSL | 15:117db924cf7c | 673 | static int wc_InitSha3(wc_Sha3* sha3, void* heap, int devId) |
wolfSSL | 15:117db924cf7c | 674 | { |
wolfSSL | 15:117db924cf7c | 675 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 676 | |
wolfSSL | 15:117db924cf7c | 677 | if (sha3 == NULL) |
wolfSSL | 15:117db924cf7c | 678 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 679 | |
wolfSSL | 15:117db924cf7c | 680 | sha3->heap = heap; |
wolfSSL | 15:117db924cf7c | 681 | ret = InitSha3(sha3); |
wolfSSL | 15:117db924cf7c | 682 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 683 | return ret; |
wolfSSL | 15:117db924cf7c | 684 | |
wolfSSL | 15:117db924cf7c | 685 | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA3) |
wolfSSL | 15:117db924cf7c | 686 | ret = wolfAsync_DevCtxInit(&sha3->asyncDev, |
wolfSSL | 15:117db924cf7c | 687 | WOLFSSL_ASYNC_MARKER_SHA3, sha3->heap, devId); |
wolfSSL | 15:117db924cf7c | 688 | #else |
wolfSSL | 15:117db924cf7c | 689 | (void)devId; |
wolfSSL | 15:117db924cf7c | 690 | #endif /* WOLFSSL_ASYNC_CRYPT */ |
wolfSSL | 15:117db924cf7c | 691 | |
wolfSSL | 15:117db924cf7c | 692 | return ret; |
wolfSSL | 15:117db924cf7c | 693 | } |
wolfSSL | 15:117db924cf7c | 694 | |
wolfSSL | 15:117db924cf7c | 695 | /* Update the SHA-3 hash state with message data. |
wolfSSL | 15:117db924cf7c | 696 | * |
wolfSSL | 15:117db924cf7c | 697 | * sha3 wc_Sha3 object holding state. |
wolfSSL | 15:117db924cf7c | 698 | * data Message data to be hashed. |
wolfSSL | 15:117db924cf7c | 699 | * len Length of the message data. |
wolfSSL | 15:117db924cf7c | 700 | * p Number of 64-bit numbers in a block of data to process. |
wolfSSL | 15:117db924cf7c | 701 | * returns 0 on success. |
wolfSSL | 15:117db924cf7c | 702 | */ |
wolfSSL | 15:117db924cf7c | 703 | static int wc_Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p) |
wolfSSL | 15:117db924cf7c | 704 | { |
wolfSSL | 16:8e0d178b1d1e | 705 | int ret; |
wolfSSL | 15:117db924cf7c | 706 | |
wolfSSL | 15:117db924cf7c | 707 | if (sha3 == NULL || (data == NULL && len > 0)) { |
wolfSSL | 15:117db924cf7c | 708 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 709 | } |
wolfSSL | 15:117db924cf7c | 710 | |
wolfSSL | 15:117db924cf7c | 711 | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA3) |
wolfSSL | 15:117db924cf7c | 712 | if (sha3->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA3) { |
wolfSSL | 16:8e0d178b1d1e | 713 | #if defined(HAVE_INTEL_QA) && defined(QAT_V2) |
wolfSSL | 16:8e0d178b1d1e | 714 | /* QAT only supports SHA3_256 */ |
wolfSSL | 16:8e0d178b1d1e | 715 | if (p == WC_SHA3_256_COUNT) { |
wolfSSL | 16:8e0d178b1d1e | 716 | ret = IntelQaSymSha3(&sha3->asyncDev, NULL, data, len); |
wolfSSL | 16:8e0d178b1d1e | 717 | if (ret != NOT_COMPILED_IN) |
wolfSSL | 16:8e0d178b1d1e | 718 | return ret; |
wolfSSL | 16:8e0d178b1d1e | 719 | /* fall-through when unavailable */ |
wolfSSL | 16:8e0d178b1d1e | 720 | } |
wolfSSL | 15:117db924cf7c | 721 | #endif |
wolfSSL | 15:117db924cf7c | 722 | } |
wolfSSL | 15:117db924cf7c | 723 | #endif /* WOLFSSL_ASYNC_CRYPT */ |
wolfSSL | 15:117db924cf7c | 724 | |
wolfSSL | 16:8e0d178b1d1e | 725 | ret = Sha3Update(sha3, data, len, p); |
wolfSSL | 15:117db924cf7c | 726 | |
wolfSSL | 15:117db924cf7c | 727 | return ret; |
wolfSSL | 15:117db924cf7c | 728 | } |
wolfSSL | 15:117db924cf7c | 729 | |
wolfSSL | 15:117db924cf7c | 730 | /* Calculate the SHA-3 hash based on all the message data seen. |
wolfSSL | 15:117db924cf7c | 731 | * |
wolfSSL | 15:117db924cf7c | 732 | * sha3 wc_Sha3 object holding state. |
wolfSSL | 15:117db924cf7c | 733 | * hash Buffer to hold the hash result. |
wolfSSL | 15:117db924cf7c | 734 | * p Number of 64-bit numbers in a block of data to process. |
wolfSSL | 15:117db924cf7c | 735 | * len Number of bytes in output. |
wolfSSL | 15:117db924cf7c | 736 | * returns 0 on success. |
wolfSSL | 15:117db924cf7c | 737 | */ |
wolfSSL | 15:117db924cf7c | 738 | static int wc_Sha3Final(wc_Sha3* sha3, byte* hash, byte p, byte len) |
wolfSSL | 15:117db924cf7c | 739 | { |
wolfSSL | 15:117db924cf7c | 740 | int ret; |
wolfSSL | 15:117db924cf7c | 741 | |
wolfSSL | 15:117db924cf7c | 742 | if (sha3 == NULL || hash == NULL) { |
wolfSSL | 15:117db924cf7c | 743 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 744 | } |
wolfSSL | 15:117db924cf7c | 745 | |
wolfSSL | 15:117db924cf7c | 746 | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA3) |
wolfSSL | 15:117db924cf7c | 747 | if (sha3->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA3) { |
wolfSSL | 16:8e0d178b1d1e | 748 | #if defined(HAVE_INTEL_QA) && defined(QAT_V2) |
wolfSSL | 16:8e0d178b1d1e | 749 | /* QAT only supports SHA3_256 */ |
wolfSSL | 16:8e0d178b1d1e | 750 | /* QAT SHA-3 only supported on v2 (8970 or later cards) */ |
wolfSSL | 16:8e0d178b1d1e | 751 | if (len == WC_SHA3_256_DIGEST_SIZE) { |
wolfSSL | 16:8e0d178b1d1e | 752 | ret = IntelQaSymSha3(&sha3->asyncDev, hash, NULL, len); |
wolfSSL | 16:8e0d178b1d1e | 753 | if (ret != NOT_COMPILED_IN) |
wolfSSL | 16:8e0d178b1d1e | 754 | return ret; |
wolfSSL | 16:8e0d178b1d1e | 755 | /* fall-through when unavailable */ |
wolfSSL | 16:8e0d178b1d1e | 756 | } |
wolfSSL | 15:117db924cf7c | 757 | #endif |
wolfSSL | 15:117db924cf7c | 758 | } |
wolfSSL | 15:117db924cf7c | 759 | #endif /* WOLFSSL_ASYNC_CRYPT */ |
wolfSSL | 15:117db924cf7c | 760 | |
wolfSSL | 16:8e0d178b1d1e | 761 | ret = Sha3Final(sha3, 0x06, hash, p, len); |
wolfSSL | 15:117db924cf7c | 762 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 763 | return ret; |
wolfSSL | 15:117db924cf7c | 764 | |
wolfSSL | 15:117db924cf7c | 765 | return InitSha3(sha3); /* reset state */ |
wolfSSL | 15:117db924cf7c | 766 | } |
wolfSSL | 15:117db924cf7c | 767 | |
wolfSSL | 15:117db924cf7c | 768 | /* Dispose of any dynamically allocated data from the SHA3-384 operation. |
wolfSSL | 15:117db924cf7c | 769 | * (Required for async ops.) |
wolfSSL | 15:117db924cf7c | 770 | * |
wolfSSL | 15:117db924cf7c | 771 | * sha3 wc_Sha3 object holding state. |
wolfSSL | 15:117db924cf7c | 772 | * returns 0 on success. |
wolfSSL | 15:117db924cf7c | 773 | */ |
wolfSSL | 15:117db924cf7c | 774 | static void wc_Sha3Free(wc_Sha3* sha3) |
wolfSSL | 15:117db924cf7c | 775 | { |
wolfSSL | 15:117db924cf7c | 776 | (void)sha3; |
wolfSSL | 15:117db924cf7c | 777 | |
wolfSSL | 15:117db924cf7c | 778 | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA3) |
wolfSSL | 15:117db924cf7c | 779 | if (sha3 == NULL) |
wolfSSL | 15:117db924cf7c | 780 | return; |
wolfSSL | 15:117db924cf7c | 781 | |
wolfSSL | 15:117db924cf7c | 782 | wolfAsync_DevCtxFree(&sha3->asyncDev, WOLFSSL_ASYNC_MARKER_SHA3); |
wolfSSL | 15:117db924cf7c | 783 | #endif /* WOLFSSL_ASYNC_CRYPT */ |
wolfSSL | 15:117db924cf7c | 784 | } |
wolfSSL | 15:117db924cf7c | 785 | |
wolfSSL | 15:117db924cf7c | 786 | |
wolfSSL | 15:117db924cf7c | 787 | /* Copy the state of the SHA3 operation. |
wolfSSL | 15:117db924cf7c | 788 | * |
wolfSSL | 15:117db924cf7c | 789 | * src wc_Sha3 object holding state top copy. |
wolfSSL | 15:117db924cf7c | 790 | * dst wc_Sha3 object to copy into. |
wolfSSL | 15:117db924cf7c | 791 | * returns 0 on success. |
wolfSSL | 15:117db924cf7c | 792 | */ |
wolfSSL | 15:117db924cf7c | 793 | static int wc_Sha3Copy(wc_Sha3* src, wc_Sha3* dst) |
wolfSSL | 15:117db924cf7c | 794 | { |
wolfSSL | 15:117db924cf7c | 795 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 796 | |
wolfSSL | 15:117db924cf7c | 797 | if (src == NULL || dst == NULL) |
wolfSSL | 15:117db924cf7c | 798 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 799 | |
wolfSSL | 15:117db924cf7c | 800 | XMEMCPY(dst, src, sizeof(wc_Sha3)); |
wolfSSL | 15:117db924cf7c | 801 | |
wolfSSL | 15:117db924cf7c | 802 | #ifdef WOLFSSL_ASYNC_CRYPT |
wolfSSL | 15:117db924cf7c | 803 | ret = wolfAsync_DevCopy(&src->asyncDev, &dst->asyncDev); |
wolfSSL | 15:117db924cf7c | 804 | #endif |
wolfSSL | 16:8e0d178b1d1e | 805 | #if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) |
wolfSSL | 16:8e0d178b1d1e | 806 | dst->flags |= WC_HASH_FLAG_ISCOPY; |
wolfSSL | 16:8e0d178b1d1e | 807 | #endif |
wolfSSL | 15:117db924cf7c | 808 | |
wolfSSL | 15:117db924cf7c | 809 | return ret; |
wolfSSL | 15:117db924cf7c | 810 | } |
wolfSSL | 15:117db924cf7c | 811 | |
wolfSSL | 15:117db924cf7c | 812 | /* Calculate the SHA3-224 hash based on all the message data so far. |
wolfSSL | 15:117db924cf7c | 813 | * More message data can be added, after this operation, using the current |
wolfSSL | 15:117db924cf7c | 814 | * state. |
wolfSSL | 15:117db924cf7c | 815 | * |
wolfSSL | 15:117db924cf7c | 816 | * sha3 wc_Sha3 object holding state. |
wolfSSL | 15:117db924cf7c | 817 | * hash Buffer to hold the hash result. Must be at least 28 bytes. |
wolfSSL | 15:117db924cf7c | 818 | * p Number of 64-bit numbers in a block of data to process. |
wolfSSL | 15:117db924cf7c | 819 | * len Number of bytes in output. |
wolfSSL | 15:117db924cf7c | 820 | * returns 0 on success. |
wolfSSL | 15:117db924cf7c | 821 | */ |
wolfSSL | 15:117db924cf7c | 822 | static int wc_Sha3GetHash(wc_Sha3* sha3, byte* hash, byte p, byte len) |
wolfSSL | 15:117db924cf7c | 823 | { |
wolfSSL | 15:117db924cf7c | 824 | int ret; |
wolfSSL | 15:117db924cf7c | 825 | wc_Sha3 tmpSha3; |
wolfSSL | 15:117db924cf7c | 826 | |
wolfSSL | 15:117db924cf7c | 827 | if (sha3 == NULL || hash == NULL) |
wolfSSL | 15:117db924cf7c | 828 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 829 | |
wolfSSL | 15:117db924cf7c | 830 | ret = wc_Sha3Copy(sha3, &tmpSha3); |
wolfSSL | 15:117db924cf7c | 831 | if (ret == 0) { |
wolfSSL | 15:117db924cf7c | 832 | ret = wc_Sha3Final(&tmpSha3, hash, p, len); |
wolfSSL | 15:117db924cf7c | 833 | } |
wolfSSL | 15:117db924cf7c | 834 | return ret; |
wolfSSL | 15:117db924cf7c | 835 | } |
wolfSSL | 15:117db924cf7c | 836 | |
wolfSSL | 15:117db924cf7c | 837 | |
wolfSSL | 15:117db924cf7c | 838 | /* Initialize the state for a SHA3-224 hash operation. |
wolfSSL | 15:117db924cf7c | 839 | * |
wolfSSL | 15:117db924cf7c | 840 | * sha3 wc_Sha3 object holding state. |
wolfSSL | 15:117db924cf7c | 841 | * heap Heap reference for dynamic memory allocation. (Used in async ops.) |
wolfSSL | 15:117db924cf7c | 842 | * devId Device identifier for asynchronous operation. |
wolfSSL | 15:117db924cf7c | 843 | * returns 0 on success. |
wolfSSL | 15:117db924cf7c | 844 | */ |
wolfSSL | 16:8e0d178b1d1e | 845 | int wc_InitSha3_224(wc_Sha3* sha3, void* heap, int devId) |
wolfSSL | 15:117db924cf7c | 846 | { |
wolfSSL | 15:117db924cf7c | 847 | return wc_InitSha3(sha3, heap, devId); |
wolfSSL | 15:117db924cf7c | 848 | } |
wolfSSL | 15:117db924cf7c | 849 | |
wolfSSL | 15:117db924cf7c | 850 | /* Update the SHA3-224 hash state with message data. |
wolfSSL | 15:117db924cf7c | 851 | * |
wolfSSL | 15:117db924cf7c | 852 | * sha3 wc_Sha3 object holding state. |
wolfSSL | 15:117db924cf7c | 853 | * data Message data to be hashed. |
wolfSSL | 15:117db924cf7c | 854 | * len Length of the message data. |
wolfSSL | 15:117db924cf7c | 855 | * returns 0 on success. |
wolfSSL | 15:117db924cf7c | 856 | */ |
wolfSSL | 16:8e0d178b1d1e | 857 | int wc_Sha3_224_Update(wc_Sha3* sha3, const byte* data, word32 len) |
wolfSSL | 15:117db924cf7c | 858 | { |
wolfSSL | 15:117db924cf7c | 859 | return wc_Sha3Update(sha3, data, len, WC_SHA3_224_COUNT); |
wolfSSL | 15:117db924cf7c | 860 | } |
wolfSSL | 15:117db924cf7c | 861 | |
wolfSSL | 15:117db924cf7c | 862 | /* Calculate the SHA3-224 hash based on all the message data seen. |
wolfSSL | 15:117db924cf7c | 863 | * The state is initialized ready for a new message to hash. |
wolfSSL | 15:117db924cf7c | 864 | * |
wolfSSL | 15:117db924cf7c | 865 | * sha3 wc_Sha3 object holding state. |
wolfSSL | 15:117db924cf7c | 866 | * hash Buffer to hold the hash result. Must be at least 28 bytes. |
wolfSSL | 15:117db924cf7c | 867 | * returns 0 on success. |
wolfSSL | 15:117db924cf7c | 868 | */ |
wolfSSL | 16:8e0d178b1d1e | 869 | int wc_Sha3_224_Final(wc_Sha3* sha3, byte* hash) |
wolfSSL | 15:117db924cf7c | 870 | { |
wolfSSL | 15:117db924cf7c | 871 | return wc_Sha3Final(sha3, hash, WC_SHA3_224_COUNT, WC_SHA3_224_DIGEST_SIZE); |
wolfSSL | 15:117db924cf7c | 872 | } |
wolfSSL | 15:117db924cf7c | 873 | |
wolfSSL | 15:117db924cf7c | 874 | /* Dispose of any dynamically allocated data from the SHA3-224 operation. |
wolfSSL | 15:117db924cf7c | 875 | * (Required for async ops.) |
wolfSSL | 15:117db924cf7c | 876 | * |
wolfSSL | 15:117db924cf7c | 877 | * sha3 wc_Sha3 object holding state. |
wolfSSL | 15:117db924cf7c | 878 | * returns 0 on success. |
wolfSSL | 15:117db924cf7c | 879 | */ |
wolfSSL | 16:8e0d178b1d1e | 880 | void wc_Sha3_224_Free(wc_Sha3* sha3) |
wolfSSL | 15:117db924cf7c | 881 | { |
wolfSSL | 15:117db924cf7c | 882 | wc_Sha3Free(sha3); |
wolfSSL | 15:117db924cf7c | 883 | } |
wolfSSL | 15:117db924cf7c | 884 | |
wolfSSL | 15:117db924cf7c | 885 | /* Calculate the SHA3-224 hash based on all the message data so far. |
wolfSSL | 15:117db924cf7c | 886 | * More message data can be added, after this operation, using the current |
wolfSSL | 15:117db924cf7c | 887 | * state. |
wolfSSL | 15:117db924cf7c | 888 | * |
wolfSSL | 15:117db924cf7c | 889 | * sha3 wc_Sha3 object holding state. |
wolfSSL | 15:117db924cf7c | 890 | * hash Buffer to hold the hash result. Must be at least 28 bytes. |
wolfSSL | 15:117db924cf7c | 891 | * returns 0 on success. |
wolfSSL | 15:117db924cf7c | 892 | */ |
wolfSSL | 16:8e0d178b1d1e | 893 | int wc_Sha3_224_GetHash(wc_Sha3* sha3, byte* hash) |
wolfSSL | 15:117db924cf7c | 894 | { |
wolfSSL | 15:117db924cf7c | 895 | return wc_Sha3GetHash(sha3, hash, WC_SHA3_224_COUNT, WC_SHA3_224_DIGEST_SIZE); |
wolfSSL | 15:117db924cf7c | 896 | } |
wolfSSL | 15:117db924cf7c | 897 | |
wolfSSL | 15:117db924cf7c | 898 | /* Copy the state of the SHA3-224 operation. |
wolfSSL | 15:117db924cf7c | 899 | * |
wolfSSL | 15:117db924cf7c | 900 | * src wc_Sha3 object holding state top copy. |
wolfSSL | 15:117db924cf7c | 901 | * dst wc_Sha3 object to copy into. |
wolfSSL | 15:117db924cf7c | 902 | * returns 0 on success. |
wolfSSL | 15:117db924cf7c | 903 | */ |
wolfSSL | 16:8e0d178b1d1e | 904 | int wc_Sha3_224_Copy(wc_Sha3* src, wc_Sha3* dst) |
wolfSSL | 15:117db924cf7c | 905 | { |
wolfSSL | 15:117db924cf7c | 906 | return wc_Sha3Copy(src, dst); |
wolfSSL | 15:117db924cf7c | 907 | } |
wolfSSL | 15:117db924cf7c | 908 | |
wolfSSL | 15:117db924cf7c | 909 | |
wolfSSL | 15:117db924cf7c | 910 | /* Initialize the state for a SHA3-256 hash operation. |
wolfSSL | 15:117db924cf7c | 911 | * |
wolfSSL | 15:117db924cf7c | 912 | * sha3 wc_Sha3 object holding state. |
wolfSSL | 15:117db924cf7c | 913 | * heap Heap reference for dynamic memory allocation. (Used in async ops.) |
wolfSSL | 15:117db924cf7c | 914 | * devId Device identifier for asynchronous operation. |
wolfSSL | 15:117db924cf7c | 915 | * returns 0 on success. |
wolfSSL | 15:117db924cf7c | 916 | */ |
wolfSSL | 16:8e0d178b1d1e | 917 | int wc_InitSha3_256(wc_Sha3* sha3, void* heap, int devId) |
wolfSSL | 15:117db924cf7c | 918 | { |
wolfSSL | 15:117db924cf7c | 919 | return wc_InitSha3(sha3, heap, devId); |
wolfSSL | 15:117db924cf7c | 920 | } |
wolfSSL | 15:117db924cf7c | 921 | |
wolfSSL | 15:117db924cf7c | 922 | /* Update the SHA3-256 hash state with message data. |
wolfSSL | 15:117db924cf7c | 923 | * |
wolfSSL | 15:117db924cf7c | 924 | * sha3 wc_Sha3 object holding state. |
wolfSSL | 15:117db924cf7c | 925 | * data Message data to be hashed. |
wolfSSL | 15:117db924cf7c | 926 | * len Length of the message data. |
wolfSSL | 15:117db924cf7c | 927 | * returns 0 on success. |
wolfSSL | 15:117db924cf7c | 928 | */ |
wolfSSL | 16:8e0d178b1d1e | 929 | int wc_Sha3_256_Update(wc_Sha3* sha3, const byte* data, word32 len) |
wolfSSL | 15:117db924cf7c | 930 | { |
wolfSSL | 15:117db924cf7c | 931 | return wc_Sha3Update(sha3, data, len, WC_SHA3_256_COUNT); |
wolfSSL | 15:117db924cf7c | 932 | } |
wolfSSL | 15:117db924cf7c | 933 | |
wolfSSL | 15:117db924cf7c | 934 | /* Calculate the SHA3-256 hash based on all the message data seen. |
wolfSSL | 15:117db924cf7c | 935 | * The state is initialized ready for a new message to hash. |
wolfSSL | 15:117db924cf7c | 936 | * |
wolfSSL | 15:117db924cf7c | 937 | * sha3 wc_Sha3 object holding state. |
wolfSSL | 15:117db924cf7c | 938 | * hash Buffer to hold the hash result. Must be at least 32 bytes. |
wolfSSL | 15:117db924cf7c | 939 | * returns 0 on success. |
wolfSSL | 15:117db924cf7c | 940 | */ |
wolfSSL | 16:8e0d178b1d1e | 941 | int wc_Sha3_256_Final(wc_Sha3* sha3, byte* hash) |
wolfSSL | 15:117db924cf7c | 942 | { |
wolfSSL | 15:117db924cf7c | 943 | return wc_Sha3Final(sha3, hash, WC_SHA3_256_COUNT, WC_SHA3_256_DIGEST_SIZE); |
wolfSSL | 15:117db924cf7c | 944 | } |
wolfSSL | 15:117db924cf7c | 945 | |
wolfSSL | 15:117db924cf7c | 946 | /* Dispose of any dynamically allocated data from the SHA3-256 operation. |
wolfSSL | 15:117db924cf7c | 947 | * (Required for async ops.) |
wolfSSL | 15:117db924cf7c | 948 | * |
wolfSSL | 15:117db924cf7c | 949 | * sha3 wc_Sha3 object holding state. |
wolfSSL | 15:117db924cf7c | 950 | * returns 0 on success. |
wolfSSL | 15:117db924cf7c | 951 | */ |
wolfSSL | 16:8e0d178b1d1e | 952 | void wc_Sha3_256_Free(wc_Sha3* sha3) |
wolfSSL | 15:117db924cf7c | 953 | { |
wolfSSL | 15:117db924cf7c | 954 | wc_Sha3Free(sha3); |
wolfSSL | 15:117db924cf7c | 955 | } |
wolfSSL | 15:117db924cf7c | 956 | |
wolfSSL | 15:117db924cf7c | 957 | /* Calculate the SHA3-256 hash based on all the message data so far. |
wolfSSL | 15:117db924cf7c | 958 | * More message data can be added, after this operation, using the current |
wolfSSL | 15:117db924cf7c | 959 | * state. |
wolfSSL | 15:117db924cf7c | 960 | * |
wolfSSL | 15:117db924cf7c | 961 | * sha3 wc_Sha3 object holding state. |
wolfSSL | 15:117db924cf7c | 962 | * hash Buffer to hold the hash result. Must be at least 32 bytes. |
wolfSSL | 15:117db924cf7c | 963 | * returns 0 on success. |
wolfSSL | 15:117db924cf7c | 964 | */ |
wolfSSL | 16:8e0d178b1d1e | 965 | int wc_Sha3_256_GetHash(wc_Sha3* sha3, byte* hash) |
wolfSSL | 15:117db924cf7c | 966 | { |
wolfSSL | 15:117db924cf7c | 967 | return wc_Sha3GetHash(sha3, hash, WC_SHA3_256_COUNT, WC_SHA3_256_DIGEST_SIZE); |
wolfSSL | 15:117db924cf7c | 968 | } |
wolfSSL | 15:117db924cf7c | 969 | |
wolfSSL | 15:117db924cf7c | 970 | /* Copy the state of the SHA3-256 operation. |
wolfSSL | 15:117db924cf7c | 971 | * |
wolfSSL | 15:117db924cf7c | 972 | * src wc_Sha3 object holding state top copy. |
wolfSSL | 15:117db924cf7c | 973 | * dst wc_Sha3 object to copy into. |
wolfSSL | 15:117db924cf7c | 974 | * returns 0 on success. |
wolfSSL | 15:117db924cf7c | 975 | */ |
wolfSSL | 16:8e0d178b1d1e | 976 | int wc_Sha3_256_Copy(wc_Sha3* src, wc_Sha3* dst) |
wolfSSL | 15:117db924cf7c | 977 | { |
wolfSSL | 15:117db924cf7c | 978 | return wc_Sha3Copy(src, dst); |
wolfSSL | 15:117db924cf7c | 979 | } |
wolfSSL | 15:117db924cf7c | 980 | |
wolfSSL | 15:117db924cf7c | 981 | |
wolfSSL | 15:117db924cf7c | 982 | /* Initialize the state for a SHA3-384 hash operation. |
wolfSSL | 15:117db924cf7c | 983 | * |
wolfSSL | 15:117db924cf7c | 984 | * sha3 wc_Sha3 object holding state. |
wolfSSL | 15:117db924cf7c | 985 | * heap Heap reference for dynamic memory allocation. (Used in async ops.) |
wolfSSL | 15:117db924cf7c | 986 | * devId Device identifier for asynchronous operation. |
wolfSSL | 15:117db924cf7c | 987 | * returns 0 on success. |
wolfSSL | 15:117db924cf7c | 988 | */ |
wolfSSL | 16:8e0d178b1d1e | 989 | int wc_InitSha3_384(wc_Sha3* sha3, void* heap, int devId) |
wolfSSL | 15:117db924cf7c | 990 | { |
wolfSSL | 15:117db924cf7c | 991 | return wc_InitSha3(sha3, heap, devId); |
wolfSSL | 15:117db924cf7c | 992 | } |
wolfSSL | 15:117db924cf7c | 993 | |
wolfSSL | 15:117db924cf7c | 994 | /* Update the SHA3-384 hash state with message data. |
wolfSSL | 15:117db924cf7c | 995 | * |
wolfSSL | 15:117db924cf7c | 996 | * sha3 wc_Sha3 object holding state. |
wolfSSL | 15:117db924cf7c | 997 | * data Message data to be hashed. |
wolfSSL | 15:117db924cf7c | 998 | * len Length of the message data. |
wolfSSL | 15:117db924cf7c | 999 | * returns 0 on success. |
wolfSSL | 15:117db924cf7c | 1000 | */ |
wolfSSL | 16:8e0d178b1d1e | 1001 | int wc_Sha3_384_Update(wc_Sha3* sha3, const byte* data, word32 len) |
wolfSSL | 15:117db924cf7c | 1002 | { |
wolfSSL | 15:117db924cf7c | 1003 | return wc_Sha3Update(sha3, data, len, WC_SHA3_384_COUNT); |
wolfSSL | 15:117db924cf7c | 1004 | } |
wolfSSL | 15:117db924cf7c | 1005 | |
wolfSSL | 15:117db924cf7c | 1006 | /* Calculate the SHA3-384 hash based on all the message data seen. |
wolfSSL | 15:117db924cf7c | 1007 | * The state is initialized ready for a new message to hash. |
wolfSSL | 15:117db924cf7c | 1008 | * |
wolfSSL | 15:117db924cf7c | 1009 | * sha3 wc_Sha3 object holding state. |
wolfSSL | 15:117db924cf7c | 1010 | * hash Buffer to hold the hash result. Must be at least 48 bytes. |
wolfSSL | 15:117db924cf7c | 1011 | * returns 0 on success. |
wolfSSL | 15:117db924cf7c | 1012 | */ |
wolfSSL | 16:8e0d178b1d1e | 1013 | int wc_Sha3_384_Final(wc_Sha3* sha3, byte* hash) |
wolfSSL | 15:117db924cf7c | 1014 | { |
wolfSSL | 15:117db924cf7c | 1015 | return wc_Sha3Final(sha3, hash, WC_SHA3_384_COUNT, WC_SHA3_384_DIGEST_SIZE); |
wolfSSL | 15:117db924cf7c | 1016 | } |
wolfSSL | 15:117db924cf7c | 1017 | |
wolfSSL | 15:117db924cf7c | 1018 | /* Dispose of any dynamically allocated data from the SHA3-384 operation. |
wolfSSL | 15:117db924cf7c | 1019 | * (Required for async ops.) |
wolfSSL | 15:117db924cf7c | 1020 | * |
wolfSSL | 15:117db924cf7c | 1021 | * sha3 wc_Sha3 object holding state. |
wolfSSL | 15:117db924cf7c | 1022 | * returns 0 on success. |
wolfSSL | 15:117db924cf7c | 1023 | */ |
wolfSSL | 16:8e0d178b1d1e | 1024 | void wc_Sha3_384_Free(wc_Sha3* sha3) |
wolfSSL | 15:117db924cf7c | 1025 | { |
wolfSSL | 15:117db924cf7c | 1026 | wc_Sha3Free(sha3); |
wolfSSL | 15:117db924cf7c | 1027 | } |
wolfSSL | 15:117db924cf7c | 1028 | |
wolfSSL | 15:117db924cf7c | 1029 | /* Calculate the SHA3-384 hash based on all the message data so far. |
wolfSSL | 15:117db924cf7c | 1030 | * More message data can be added, after this operation, using the current |
wolfSSL | 15:117db924cf7c | 1031 | * state. |
wolfSSL | 15:117db924cf7c | 1032 | * |
wolfSSL | 15:117db924cf7c | 1033 | * sha3 wc_Sha3 object holding state. |
wolfSSL | 15:117db924cf7c | 1034 | * hash Buffer to hold the hash result. Must be at least 48 bytes. |
wolfSSL | 15:117db924cf7c | 1035 | * returns 0 on success. |
wolfSSL | 15:117db924cf7c | 1036 | */ |
wolfSSL | 16:8e0d178b1d1e | 1037 | int wc_Sha3_384_GetHash(wc_Sha3* sha3, byte* hash) |
wolfSSL | 15:117db924cf7c | 1038 | { |
wolfSSL | 15:117db924cf7c | 1039 | return wc_Sha3GetHash(sha3, hash, WC_SHA3_384_COUNT, WC_SHA3_384_DIGEST_SIZE); |
wolfSSL | 15:117db924cf7c | 1040 | } |
wolfSSL | 15:117db924cf7c | 1041 | |
wolfSSL | 15:117db924cf7c | 1042 | /* Copy the state of the SHA3-384 operation. |
wolfSSL | 15:117db924cf7c | 1043 | * |
wolfSSL | 15:117db924cf7c | 1044 | * src wc_Sha3 object holding state top copy. |
wolfSSL | 15:117db924cf7c | 1045 | * dst wc_Sha3 object to copy into. |
wolfSSL | 15:117db924cf7c | 1046 | * returns 0 on success. |
wolfSSL | 15:117db924cf7c | 1047 | */ |
wolfSSL | 16:8e0d178b1d1e | 1048 | int wc_Sha3_384_Copy(wc_Sha3* src, wc_Sha3* dst) |
wolfSSL | 15:117db924cf7c | 1049 | { |
wolfSSL | 15:117db924cf7c | 1050 | return wc_Sha3Copy(src, dst); |
wolfSSL | 15:117db924cf7c | 1051 | } |
wolfSSL | 15:117db924cf7c | 1052 | |
wolfSSL | 15:117db924cf7c | 1053 | |
wolfSSL | 15:117db924cf7c | 1054 | /* Initialize the state for a SHA3-512 hash operation. |
wolfSSL | 15:117db924cf7c | 1055 | * |
wolfSSL | 15:117db924cf7c | 1056 | * sha3 wc_Sha3 object holding state. |
wolfSSL | 15:117db924cf7c | 1057 | * heap Heap reference for dynamic memory allocation. (Used in async ops.) |
wolfSSL | 15:117db924cf7c | 1058 | * devId Device identifier for asynchronous operation. |
wolfSSL | 15:117db924cf7c | 1059 | * returns 0 on success. |
wolfSSL | 15:117db924cf7c | 1060 | */ |
wolfSSL | 16:8e0d178b1d1e | 1061 | int wc_InitSha3_512(wc_Sha3* sha3, void* heap, int devId) |
wolfSSL | 15:117db924cf7c | 1062 | { |
wolfSSL | 15:117db924cf7c | 1063 | return wc_InitSha3(sha3, heap, devId); |
wolfSSL | 15:117db924cf7c | 1064 | } |
wolfSSL | 15:117db924cf7c | 1065 | |
wolfSSL | 15:117db924cf7c | 1066 | /* Update the SHA3-512 hash state with message data. |
wolfSSL | 15:117db924cf7c | 1067 | * |
wolfSSL | 15:117db924cf7c | 1068 | * sha3 wc_Sha3 object holding state. |
wolfSSL | 15:117db924cf7c | 1069 | * data Message data to be hashed. |
wolfSSL | 15:117db924cf7c | 1070 | * len Length of the message data. |
wolfSSL | 15:117db924cf7c | 1071 | * returns 0 on success. |
wolfSSL | 15:117db924cf7c | 1072 | */ |
wolfSSL | 16:8e0d178b1d1e | 1073 | int wc_Sha3_512_Update(wc_Sha3* sha3, const byte* data, word32 len) |
wolfSSL | 15:117db924cf7c | 1074 | { |
wolfSSL | 15:117db924cf7c | 1075 | return wc_Sha3Update(sha3, data, len, WC_SHA3_512_COUNT); |
wolfSSL | 15:117db924cf7c | 1076 | } |
wolfSSL | 15:117db924cf7c | 1077 | |
wolfSSL | 15:117db924cf7c | 1078 | /* Calculate the SHA3-512 hash based on all the message data seen. |
wolfSSL | 15:117db924cf7c | 1079 | * The state is initialized ready for a new message to hash. |
wolfSSL | 15:117db924cf7c | 1080 | * |
wolfSSL | 15:117db924cf7c | 1081 | * sha3 wc_Sha3 object holding state. |
wolfSSL | 15:117db924cf7c | 1082 | * hash Buffer to hold the hash result. Must be at least 64 bytes. |
wolfSSL | 15:117db924cf7c | 1083 | * returns 0 on success. |
wolfSSL | 15:117db924cf7c | 1084 | */ |
wolfSSL | 16:8e0d178b1d1e | 1085 | int wc_Sha3_512_Final(wc_Sha3* sha3, byte* hash) |
wolfSSL | 15:117db924cf7c | 1086 | { |
wolfSSL | 15:117db924cf7c | 1087 | return wc_Sha3Final(sha3, hash, WC_SHA3_512_COUNT, WC_SHA3_512_DIGEST_SIZE); |
wolfSSL | 15:117db924cf7c | 1088 | } |
wolfSSL | 15:117db924cf7c | 1089 | |
wolfSSL | 15:117db924cf7c | 1090 | /* Dispose of any dynamically allocated data from the SHA3-512 operation. |
wolfSSL | 15:117db924cf7c | 1091 | * (Required for async ops.) |
wolfSSL | 15:117db924cf7c | 1092 | * |
wolfSSL | 15:117db924cf7c | 1093 | * sha3 wc_Sha3 object holding state. |
wolfSSL | 15:117db924cf7c | 1094 | * returns 0 on success. |
wolfSSL | 15:117db924cf7c | 1095 | */ |
wolfSSL | 16:8e0d178b1d1e | 1096 | void wc_Sha3_512_Free(wc_Sha3* sha3) |
wolfSSL | 15:117db924cf7c | 1097 | { |
wolfSSL | 15:117db924cf7c | 1098 | wc_Sha3Free(sha3); |
wolfSSL | 15:117db924cf7c | 1099 | } |
wolfSSL | 15:117db924cf7c | 1100 | |
wolfSSL | 15:117db924cf7c | 1101 | /* Calculate the SHA3-512 hash based on all the message data so far. |
wolfSSL | 15:117db924cf7c | 1102 | * More message data can be added, after this operation, using the current |
wolfSSL | 15:117db924cf7c | 1103 | * state. |
wolfSSL | 15:117db924cf7c | 1104 | * |
wolfSSL | 15:117db924cf7c | 1105 | * sha3 wc_Sha3 object holding state. |
wolfSSL | 15:117db924cf7c | 1106 | * hash Buffer to hold the hash result. Must be at least 64 bytes. |
wolfSSL | 15:117db924cf7c | 1107 | * returns 0 on success. |
wolfSSL | 15:117db924cf7c | 1108 | */ |
wolfSSL | 16:8e0d178b1d1e | 1109 | int wc_Sha3_512_GetHash(wc_Sha3* sha3, byte* hash) |
wolfSSL | 15:117db924cf7c | 1110 | { |
wolfSSL | 15:117db924cf7c | 1111 | return wc_Sha3GetHash(sha3, hash, WC_SHA3_512_COUNT, WC_SHA3_512_DIGEST_SIZE); |
wolfSSL | 15:117db924cf7c | 1112 | } |
wolfSSL | 15:117db924cf7c | 1113 | |
wolfSSL | 15:117db924cf7c | 1114 | /* Copy the state of the SHA3-512 operation. |
wolfSSL | 15:117db924cf7c | 1115 | * |
wolfSSL | 15:117db924cf7c | 1116 | * src wc_Sha3 object holding state top copy. |
wolfSSL | 15:117db924cf7c | 1117 | * dst wc_Sha3 object to copy into. |
wolfSSL | 15:117db924cf7c | 1118 | * returns 0 on success. |
wolfSSL | 15:117db924cf7c | 1119 | */ |
wolfSSL | 16:8e0d178b1d1e | 1120 | int wc_Sha3_512_Copy(wc_Sha3* src, wc_Sha3* dst) |
wolfSSL | 15:117db924cf7c | 1121 | { |
wolfSSL | 15:117db924cf7c | 1122 | return wc_Sha3Copy(src, dst); |
wolfSSL | 15:117db924cf7c | 1123 | } |
wolfSSL | 15:117db924cf7c | 1124 | |
wolfSSL | 16:8e0d178b1d1e | 1125 | #if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) |
wolfSSL | 16:8e0d178b1d1e | 1126 | int wc_Sha3_SetFlags(wc_Sha3* sha3, word32 flags) |
wolfSSL | 16:8e0d178b1d1e | 1127 | { |
wolfSSL | 16:8e0d178b1d1e | 1128 | if (sha3) { |
wolfSSL | 16:8e0d178b1d1e | 1129 | sha3->flags = flags; |
wolfSSL | 16:8e0d178b1d1e | 1130 | } |
wolfSSL | 16:8e0d178b1d1e | 1131 | return 0; |
wolfSSL | 16:8e0d178b1d1e | 1132 | } |
wolfSSL | 16:8e0d178b1d1e | 1133 | int wc_Sha3_GetFlags(wc_Sha3* sha3, word32* flags) |
wolfSSL | 16:8e0d178b1d1e | 1134 | { |
wolfSSL | 16:8e0d178b1d1e | 1135 | if (sha3 && flags) { |
wolfSSL | 16:8e0d178b1d1e | 1136 | *flags = sha3->flags; |
wolfSSL | 16:8e0d178b1d1e | 1137 | } |
wolfSSL | 16:8e0d178b1d1e | 1138 | return 0; |
wolfSSL | 16:8e0d178b1d1e | 1139 | } |
wolfSSL | 16:8e0d178b1d1e | 1140 | #endif |
wolfSSL | 16:8e0d178b1d1e | 1141 | |
wolfSSL | 16:8e0d178b1d1e | 1142 | #if defined(WOLFSSL_SHAKE256) |
wolfSSL | 16:8e0d178b1d1e | 1143 | /* Initialize the state for a Shake256 hash operation. |
wolfSSL | 16:8e0d178b1d1e | 1144 | * |
wolfSSL | 16:8e0d178b1d1e | 1145 | * shake wc_Shake object holding state. |
wolfSSL | 16:8e0d178b1d1e | 1146 | * heap Heap reference for dynamic memory allocation. (Used in async ops.) |
wolfSSL | 16:8e0d178b1d1e | 1147 | * devId Device identifier for asynchronous operation. |
wolfSSL | 16:8e0d178b1d1e | 1148 | * returns 0 on success. |
wolfSSL | 16:8e0d178b1d1e | 1149 | */ |
wolfSSL | 16:8e0d178b1d1e | 1150 | int wc_InitShake256(wc_Shake* shake, void* heap, int devId) |
wolfSSL | 16:8e0d178b1d1e | 1151 | { |
wolfSSL | 16:8e0d178b1d1e | 1152 | return wc_InitSha3(shake, heap, devId); |
wolfSSL | 16:8e0d178b1d1e | 1153 | } |
wolfSSL | 16:8e0d178b1d1e | 1154 | |
wolfSSL | 16:8e0d178b1d1e | 1155 | /* Update the SHAKE256 hash state with message data. |
wolfSSL | 16:8e0d178b1d1e | 1156 | * |
wolfSSL | 16:8e0d178b1d1e | 1157 | * shake wc_Shake object holding state. |
wolfSSL | 16:8e0d178b1d1e | 1158 | * data Message data to be hashed. |
wolfSSL | 16:8e0d178b1d1e | 1159 | * len Length of the message data. |
wolfSSL | 16:8e0d178b1d1e | 1160 | * returns 0 on success. |
wolfSSL | 16:8e0d178b1d1e | 1161 | */ |
wolfSSL | 16:8e0d178b1d1e | 1162 | int wc_Shake256_Update(wc_Shake* shake, const byte* data, word32 len) |
wolfSSL | 16:8e0d178b1d1e | 1163 | { |
wolfSSL | 16:8e0d178b1d1e | 1164 | if (shake == NULL || (data == NULL && len > 0)) { |
wolfSSL | 16:8e0d178b1d1e | 1165 | return BAD_FUNC_ARG; |
wolfSSL | 16:8e0d178b1d1e | 1166 | } |
wolfSSL | 16:8e0d178b1d1e | 1167 | |
wolfSSL | 16:8e0d178b1d1e | 1168 | return Sha3Update(shake, data, len, WC_SHA3_256_COUNT); |
wolfSSL | 16:8e0d178b1d1e | 1169 | } |
wolfSSL | 16:8e0d178b1d1e | 1170 | |
wolfSSL | 16:8e0d178b1d1e | 1171 | /* Calculate the SHAKE256 hash based on all the message data seen. |
wolfSSL | 16:8e0d178b1d1e | 1172 | * The state is initialized ready for a new message to hash. |
wolfSSL | 16:8e0d178b1d1e | 1173 | * |
wolfSSL | 16:8e0d178b1d1e | 1174 | * shake wc_Shake object holding state. |
wolfSSL | 16:8e0d178b1d1e | 1175 | * hash Buffer to hold the hash result. Must be at least 64 bytes. |
wolfSSL | 16:8e0d178b1d1e | 1176 | * returns 0 on success. |
wolfSSL | 16:8e0d178b1d1e | 1177 | */ |
wolfSSL | 16:8e0d178b1d1e | 1178 | int wc_Shake256_Final(wc_Shake* shake, byte* hash, word32 hashLen) |
wolfSSL | 16:8e0d178b1d1e | 1179 | { |
wolfSSL | 16:8e0d178b1d1e | 1180 | int ret; |
wolfSSL | 16:8e0d178b1d1e | 1181 | |
wolfSSL | 16:8e0d178b1d1e | 1182 | if (shake == NULL || hash == NULL) { |
wolfSSL | 16:8e0d178b1d1e | 1183 | return BAD_FUNC_ARG; |
wolfSSL | 16:8e0d178b1d1e | 1184 | } |
wolfSSL | 16:8e0d178b1d1e | 1185 | |
wolfSSL | 16:8e0d178b1d1e | 1186 | ret = Sha3Final(shake, 0x1f, hash, WC_SHA3_256_COUNT, hashLen); |
wolfSSL | 16:8e0d178b1d1e | 1187 | if (ret != 0) |
wolfSSL | 16:8e0d178b1d1e | 1188 | return ret; |
wolfSSL | 16:8e0d178b1d1e | 1189 | |
wolfSSL | 16:8e0d178b1d1e | 1190 | return InitSha3(shake); /* reset state */ |
wolfSSL | 16:8e0d178b1d1e | 1191 | } |
wolfSSL | 16:8e0d178b1d1e | 1192 | |
wolfSSL | 16:8e0d178b1d1e | 1193 | /* Dispose of any dynamically allocated data from the SHAKE256 operation. |
wolfSSL | 16:8e0d178b1d1e | 1194 | * (Required for async ops.) |
wolfSSL | 16:8e0d178b1d1e | 1195 | * |
wolfSSL | 16:8e0d178b1d1e | 1196 | * shake wc_Shake object holding state. |
wolfSSL | 16:8e0d178b1d1e | 1197 | * returns 0 on success. |
wolfSSL | 16:8e0d178b1d1e | 1198 | */ |
wolfSSL | 16:8e0d178b1d1e | 1199 | void wc_Shake256_Free(wc_Shake* shake) |
wolfSSL | 16:8e0d178b1d1e | 1200 | { |
wolfSSL | 16:8e0d178b1d1e | 1201 | wc_Sha3Free(shake); |
wolfSSL | 16:8e0d178b1d1e | 1202 | } |
wolfSSL | 16:8e0d178b1d1e | 1203 | |
wolfSSL | 16:8e0d178b1d1e | 1204 | /* Copy the state of the SHA3-512 operation. |
wolfSSL | 16:8e0d178b1d1e | 1205 | * |
wolfSSL | 16:8e0d178b1d1e | 1206 | * src wc_Shake object holding state top copy. |
wolfSSL | 16:8e0d178b1d1e | 1207 | * dst wc_Shake object to copy into. |
wolfSSL | 16:8e0d178b1d1e | 1208 | * returns 0 on success. |
wolfSSL | 16:8e0d178b1d1e | 1209 | */ |
wolfSSL | 16:8e0d178b1d1e | 1210 | int wc_Shake256_Copy(wc_Shake* src, wc_Shake* dst) |
wolfSSL | 16:8e0d178b1d1e | 1211 | { |
wolfSSL | 16:8e0d178b1d1e | 1212 | return wc_Sha3Copy(src, dst); |
wolfSSL | 16:8e0d178b1d1e | 1213 | } |
wolfSSL | 16:8e0d178b1d1e | 1214 | #endif |
wolfSSL | 16:8e0d178b1d1e | 1215 | |
wolfSSL | 15:117db924cf7c | 1216 | #endif /* WOLFSSL_SHA3 */ |
wolfSSL | 15:117db924cf7c | 1217 |