MagickCore 7.0.10
sha3.c
Go to the documentation of this file.
1/*
2%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
3% %
4% %
5% SSSSS H H AAA %
6% SS H H A A %
7% SSS HHHHH AAAAA %
8% SS H H A A %
9% SSSSS H H A A %
10% %
11% %
12% Wizard's Toolkit Secure Hash Algorithm 3 Methods %
13% %
14% Software Design %
15% Cristy %
16% March 2012 %
17% %
18% %
19% Copyright @ 1999 ImageMagick Studio LLC, a non-profit organization %
20% dedicated to making software imaging solutions freely available. %
21% %
22% You may not use this file except in compliance with the License. You may %
23% obtain a copy of the License at %
24% %
25% https://imagemagick.org/script/license.php %
26% %
27% Unless required by applicable law or agreed to in writing, software %
28% distributed under the License is distributed on an "AS IS" BASIS, %
29% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. %
30% See the License for the specific language governing permissions and %
31% limitations under the License. %
32% %
33%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
34%
35% SHA-3 uses the "sponge construction", where input is "absorbed" into the hash
36% state at a given rate, an output hash is then "squeezed" from it at the same
37% rate. See http://keccak.noekeon.org/.
38%
39*/
40
41/*
42 Include declarations.
43*/
44#include "wizard/studio.h"
45#include "wizard/exception.h"
46#include "wizard/exception-private.h"
47#include "wizard/memory_.h"
48#include "wizard/sha3.h"
49
50/*
51 Define declarations.
52*/
53#define SHA3Blocksize 64
54#define SHA3Digestsize 64
55#define SHA3Index(x,y) (((x) % 5)+5*((y) % 5))
56#define SHA3Lanes 25
57#define SHA3MaximumRate 1536
58#define SHA3PermutationSize 1600
59#define SHA3RotateLeft(x,offset) ((offset) != 0 ? ((((WizardSizeType) (x)) << \
60 offset) ^ (((WizardSizeType) (x)) >> (64-(offset)))) : (x))
61#define SHA3Rounds 24
62
63/*
64 Typedef declarations.
65*/
66struct _SHA3Info
67{
68 HashType
69 hash;
70
71 unsigned int
72 digestsize,
73 blocksize;
74
75 StringInfo
76 *digest;
77
78 unsigned char
79 state[SHA3PermutationSize/8],
80 message[SHA3MaximumRate/8];
81
82 unsigned int
83 rate,
84 capacity,
85 bits_in_queue;
86
87 size_t
88 length;
89
90 WizardBooleanType
91 squeeze;
92
93 unsigned int
94 squeeze_bits,
95 rho[SHA3Lanes];
96
97 WizardSizeType
98 rounds[SHA3Rounds];
99
100 WizardBooleanType
101 lsb_first;
102
103 time_t
104 timestamp;
105
106 size_t
107 signature;
108};
109
110/*
111%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
112% %
113% %
114% %
115% A c q u i r e S H A I n f o %
116% %
117% %
118% %
119%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
120%
121% AcquireSHA3Info() allocate the SHA3Info structure.
122%
123% The format of the AcquireSHA3Info method is:
124%
125% SHA3Info *AcquireSHA3Info(const HashType hash)
126%
127% A description of each parameter follows:
128%
129% o hash: The hash type.
130%
131*/
132WizardExport SHA3Info *AcquireSHA3Info(const HashType hash)
133{
134 SHA3Info
135 *sha_info;
136
137 unsigned int
138 lsb_first;
139
140 sha_info=(SHA3Info *) AcquireWizardMemory(sizeof(*sha_info));
141 if (sha_info == (SHA3Info *) NULL)
142 ThrowWizardFatalError(HashDomain,MemoryError);
143 (void) memset(sha_info,0,sizeof(*sha_info));
144 sha_info->hash=hash;
145 switch (sha_info->hash)
146 {
147 case SHA3Hash:
148 {
149 sha_info->digestsize=36;
150 break;
151 }
152 case SHA3224Hash:
153 {
154 sha_info->digestsize=28;
155 break;
156 }
157 case SHA3256Hash:
158 {
159 sha_info->digestsize=32;
160 break;
161 }
162 case SHA3384Hash:
163 {
164 sha_info->digestsize=48;
165 break;
166 }
167 case SHA3512Hash:
168 {
169 sha_info->digestsize=64;
170 break;
171 }
172 default:
173 ThrowWizardFatalError(HashDomain,HashIOError);
174 }
175 sha_info->blocksize=SHA3Blocksize;
176 sha_info->digest=AcquireStringInfo(sha_info->digestsize);
177 lsb_first=1;
178 sha_info->lsb_first=(int) (*(char *) &lsb_first) == 1 ? WizardTrue :
179 WizardFalse;
180 sha_info->timestamp=time((time_t *) NULL);
181 sha_info->signature=WizardSignature;
182 (void) InitializeSHA3(sha_info);
183 return(sha_info);
184}
185
186/*
187%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
188% %
189% %
190% %
191% D e s t r o y S H A I n f o %
192% %
193% %
194% %
195%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
196%
197% DestroySHA3Info() zeros memory associated with the SHA3Info structure.
198%
199% The format of the DestroySHA3Info method is:
200%
201% SHA3Info *DestroySHA3Info(SHA3Info *sha_info)
202%
203% A description of each parameter follows:
204%
205% o sha_info: The cipher sha_info.
206%
207*/
208WizardExport SHA3Info *DestroySHA3Info(SHA3Info *sha_info)
209{
210 (void) LogWizardEvent(TraceEvent,GetWizardModule(),"...");
211 assert(sha_info != (SHA3Info *) NULL);
212 assert(sha_info->signature == WizardSignature);
213 if (sha_info->digest != (StringInfo *) NULL)
214 sha_info->digest=DestroyStringInfo(sha_info->digest);
215 sha_info->signature=(~WizardSignature);
216 sha_info=(SHA3Info *) RelinquishWizardMemory(sha_info);
217 return(sha_info);
218}
219
220/*
221%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
222% %
223% %
224% %
225% F i n a l i z e S H A %
226% %
227% %
228% %
229%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
230%
231% FinalizeSHA3() finalizes the SHA3 message accumulator computation.
232%
233% The format of the FinalizeSHA3 method is:
234%
235% WizardBooleanType FinalizeSHA3(SHA3Info *sha_info)
236%
237% A description of each parameter follows:
238%
239% o sha_info: The address of a structure of type SHA3Info.
240%
241*/
242
243static inline void ConvertBytesToWords(const unsigned char *bytes,
244 WizardSizeType *words)
245{
246 ssize_t
247 i;
248
249 for (i=0; i < (SHA3PermutationSize/64); i++)
250 {
251 ssize_t
252 j;
253
254 words[i]=0;
255 for (j=0; j< (64/8); j++)
256 words[i]|=(WizardSizeType) (bytes[i*(64/8)+j]) << (8*j);
257 }
258}
259
260static inline void ConvertWordsToBytes(const WizardSizeType *words,
261 unsigned char *bytes)
262{
263 ssize_t
264 i;
265
266 for (i=0; i < (SHA3PermutationSize/64); i++)
267 {
268 ssize_t
269 j;
270
271 for (j=0; j < (64/8); j++)
272 bytes[i*(64/8)+j]=(unsigned char) ((words[i] >> (8*j)) & 0xFF);
273 }
274}
275
276static void SHA3PermutationOnWords(const SHA3Info *sha_info,
277 WizardSizeType *state)
278{
279 ssize_t
280 i;
281
282 for (i=0; i < SHA3Rounds; i++)
283 {
284 ssize_t
285 x,
286 y;
287
288 WizardSizeType
289 C[5],
290 D[5],
291 T[25];
292
293 /*
294 Theta.
295 */
296 for (x=0; x < 5; x++)
297 {
298 C[x]=0;
299 for (y=0; y < 5; y++)
300 C[x]^=state[SHA3Index(x,y)];
301 }
302 for (x=0; x < 5; x++)
303 D[x]=SHA3RotateLeft(C[(x+1) % 5],1) ^ C[(x+4) % 5];
304 for (x=0; x < 5; x++)
305 for (y=0; y < 5; y++)
306 state[SHA3Index(x,y)]^=D[x];
307 /*
308 Rho.
309 */
310 for (x=0; x < 5; x++)
311 for (y=0; y < 5; y++)
312 state[SHA3Index(x,y)]=SHA3RotateLeft(state[SHA3Index(x,y)],
313 (WizardSizeType) sha_info->rho[SHA3Index(x,y)]);
314 /*
315 Pi.
316 */
317 for (x=0; x < 5; x++)
318 for (y=0; y < 5; y++)
319 T[SHA3Index(x,y)]=state[SHA3Index(x,y)];
320 for (x=0; x < 5; x++)
321 for (y=0; y < 5; y++)
322 state[SHA3Index(0*x+1*y,2*x+3*y)]=T[SHA3Index(x,y)];
323 /*
324 Chi.
325 */
326 for (y=0; y < 5; y++)
327 {
328 for (x=0; x < 5; x++)
329 C[x]=state[SHA3Index(x,y)] ^ ((~state[SHA3Index(x+1,y)]) &
330 state[SHA3Index(x+2,y)]);
331 for (x=0; x< 5; x++)
332 state[SHA3Index(x,y)]=C[x];
333 }
334 /*
335 Iota.
336 */
337 state[SHA3Index(0,0)]^=sha_info->rounds[i];
338 }
339}
340
341static inline void SHA3Permutation(const SHA3Info *sha_info,
342 unsigned char *bytes)
343{
344 WizardSizeType
345 words[SHA3PermutationSize/64];
346
347 if (sha_info->lsb_first != 0)
348 SHA3PermutationOnWords(sha_info,(WizardSizeType *) bytes);
349 else
350 {
351 ConvertBytesToWords(bytes,words);
352 SHA3PermutationOnWords(sha_info,words);
353 ConvertWordsToBytes(words,bytes);
354 }
355}
356
357static inline void SHA3PermutationAfterXor(const SHA3Info *sha_info,
358 const unsigned char *message,const size_t length,unsigned char *state)
359{
360 ssize_t
361 i;
362
363 for (i=0; i < (ssize_t) length; i++)
364 state[i]^=message[i];
365 SHA3Permutation(sha_info,state);
366}
367
368static inline void AbsorbQueue(SHA3Info *sha_info)
369{
370 switch (sha_info->rate)
371 {
372 case 576:
373 {
374 SHA3PermutationAfterXor(sha_info,sha_info->message,72,sha_info->state);
375 break;
376 }
377 case 832:
378 {
379 SHA3PermutationAfterXor(sha_info,sha_info->message,104,sha_info->state);
380 break;
381 }
382 case 1024:
383 {
384 SHA3PermutationAfterXor(sha_info,sha_info->message,128,sha_info->state);
385 break;
386 }
387 case 1088:
388 {
389 SHA3PermutationAfterXor(sha_info,sha_info->message,136,sha_info->state);
390 break;
391 }
392 case 1152:
393 {
394 SHA3PermutationAfterXor(sha_info,sha_info->message,144,sha_info->state);
395 break;
396 }
397 case 1344:
398 {
399 SHA3PermutationAfterXor(sha_info,sha_info->message,168,sha_info->state);
400 break;
401 }
402 default:
403 {
404 SHA3PermutationAfterXor(sha_info,sha_info->message,8*sha_info->rate/64,
405 sha_info->state);
406 break;
407 }
408 }
409 sha_info->bits_in_queue=0;
410}
411
412static inline void PadAndSwitchToSqueezingPhase(SHA3Info *sha_info)
413{
414 if ((sha_info->bits_in_queue+1) == sha_info->rate)
415 {
416 sha_info->message[sha_info->bits_in_queue/8]|=1 <<
417 (sha_info->bits_in_queue % 8);
418 AbsorbQueue(sha_info);
419 memset(sha_info->message,0,sha_info->rate/8);
420 }
421 else
422 {
423 memset(sha_info->message+(sha_info->bits_in_queue+7)/8,0,sha_info->rate/8-
424 (sha_info->bits_in_queue+7)/8);
425 sha_info->message[sha_info->bits_in_queue/8]|=1 <<
426 (sha_info->bits_in_queue % 8);
427 }
428 sha_info->message[(sha_info->rate-1)/8]|=1 << ((sha_info->rate-1) % 8);
429 AbsorbQueue(sha_info);
430 memcpy(sha_info->message,sha_info->state,8*sha_info->rate/64);
431 sha_info->squeeze_bits=sha_info->rate;
432 sha_info->squeeze=WizardTrue;
433}
434
435static inline WizardBooleanType Squeeze(SHA3Info *sha_info,const size_t length,
436 unsigned char *output)
437{
438 ssize_t
439 i;
440
441 size_t
442 bits;
443
444 /*
445 Squeeze output data from the sponge function.
446 */
447 if (sha_info->squeeze == WizardFalse)
448 PadAndSwitchToSqueezingPhase(sha_info);
449 if ((length % 8) != 0)
450 return(WizardFalse); /* must be a multiple of 8 */
451 for (i=0; i < (ssize_t) length; i+=bits)
452 {
453 if (sha_info->squeeze_bits == 0)
454 {
455 SHA3Permutation(sha_info,sha_info->state);
456 memcpy(sha_info->message,sha_info->state,8*sha_info->rate/64);
457 sha_info->squeeze_bits=sha_info->rate;
458 }
459 bits=sha_info->squeeze_bits;
460 if (bits > (length-i))
461 bits=length-i;
462 memcpy(output+i/8,sha_info->message+(sha_info->rate-sha_info->squeeze_bits)/
463 8,bits/8);
464 sha_info->squeeze_bits-=bits;
465 }
466 return(WizardTrue);
467}
468
469WizardExport WizardBooleanType FinalizeSHA3(SHA3Info *sha_info)
470{
471 ssize_t
472 i;
473
474 unsigned char
475 *p,
476 *q;
477
478 SHA3Info
479 clone_info;
480
481 unsigned char
482 digest[SHA3Digestsize];
483
484 WizardBooleanType
485 status;
486
487 /*
488 Add padding and return the message accumulator.
489 */
490 (void) LogWizardEvent(TraceEvent,GetWizardModule(),"...");
491 assert(sha_info != (SHA3Info *) NULL);
492 assert(sha_info->signature == WizardSignature);
493 clone_info=(*sha_info);
494 (void) memset(digest,0,sizeof(*digest));
495 status=Squeeze(&clone_info,clone_info.length,digest);
496 if (status == WizardFalse)
497 return(WizardFalse);
498 p=digest;
499 q=GetStringInfoDatum(sha_info->digest);
500 for (i=0; i < (ssize_t) sha_info->digestsize; i++)
501 *q++=(*p++);
502 return(WizardTrue);
503}
504
505/*
506%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
507% %
508% %
509% %
510% G e t S H A 3 B l o c k s i z e %
511% %
512% %
513% %
514%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
515%
516% GetSHA3Blocksize() returns the SHA3 blocksize.
517%
518% The format of the GetSHA3Blocksize method is:
519%
520% unsigned int *GetSHA3Blocksize(const SHA3Info *sha_info)
521%
522% A description of each parameter follows:
523%
524% o sha_info: The sha3 info.
525%
526*/
527WizardExport unsigned int GetSHA3Blocksize(const SHA3Info *sha_info)
528{
529 (void) LogWizardEvent(TraceEvent,GetWizardModule(),"...");
530 WizardAssert(CipherDomain,sha_info != (SHA3Info *) NULL);
531 WizardAssert(CipherDomain,sha_info->signature == WizardSignature);
532 return(sha_info->blocksize);
533}
534
535/*
536%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
537% %
538% %
539% %
540% G e t S H A 3 D i g e s t %
541% %
542% %
543% %
544%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
545%
546% GetSHA3Digest() returns the SHA3 digest.
547%
548% The format of the GetSHA3Digest method is:
549%
550% const StringInfo *GetSHA3Digest(const SHA3Info *sha_info)
551%
552% A description of each parameter follows:
553%
554% o sha_info: The sha3 info.
555%
556*/
557WizardExport const StringInfo *GetSHA3Digest(const SHA3Info *sha_info)
558{
559 (void) LogWizardEvent(TraceEvent,GetWizardModule(),"...");
560 WizardAssert(HashDomain,sha_info != (SHA3Info *) NULL);
561 WizardAssert(HashDomain,sha_info->signature == WizardSignature);
562 return(sha_info->digest);
563}
564
565/*
566%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
567% %
568% %
569% %
570% G e t S H A 3 D i g e s t s i z e %
571% %
572% %
573% %
574%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
575%
576% GetSHA3Digestsize() returns the SHA3 digest size.
577%
578% The format of the GetSHA3Digestsize method is:
579%
580% unsigned int *GetSHA3Digestsize(const SHA3Info *sha_info)
581%
582% A description of each parameter follows:
583%
584% o sha_info: The sha3 info.
585%
586*/
587WizardExport unsigned int GetSHA3Digestsize(const SHA3Info *sha_info)
588{
589 (void) LogWizardEvent(TraceEvent,GetWizardModule(),"...");
590 WizardAssert(CipherDomain,sha_info != (SHA3Info *) NULL);
591 WizardAssert(CipherDomain,sha_info->signature == WizardSignature);
592 return(sha_info->digestsize);
593}
594
595/*
596%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
597% %
598% %
599% %
600% I n i t i a l i z e S H A 3 %
601% %
602% %
603% %
604%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
605%
606% IntializeSHA3() intializes the SHA3 accumulator.
607%
608% The format of the InitializeSHA3Info method is:
609%
610% WizardBooleanType InitializeSHA3(SHA3Info *sha_info)
611%
612% A description of each parameter follows:
613%
614% o sha_info: The cipher sha_info.
615%
616*/
617
618static inline int LFSR86540(unsigned char *byte)
619{
620 int
621 result;
622
623 /*
624 Primitive polynomial over GF(2): x^8+x^6+x^5+x^4+1.
625 */
626 result=((*byte) & 0x01) != 0;
627 if (((*byte) & 0x80) != 0)
628 (*byte)=((*byte) << 1) ^ 0x71;
629 else
630 (*byte)<<=1;
631 return(result);
632}
633
634static inline void SHA3InitializeRoundConstants(SHA3Info *sha_info)
635{
636 ssize_t
637 i;
638
639 unsigned char
640 byte;
641
642 byte=0x01;
643 for (i=0; i < SHA3Rounds; i++)
644 {
645 ssize_t
646 j;
647
648 ssize_t
649 offset;
650
651 sha_info->rounds[i]=0;
652 for (j=0; j < 7; j++)
653 {
654 offset=(ssize_t) (1 << j)-1;
655 if (LFSR86540(&byte) != 0)
656 sha_info->rounds[i]^=(WizardSizeType) 1 << offset;
657 }
658 }
659}
660
661static inline void SHA3InitializeRho(SHA3Info *sha_info)
662{
663 ssize_t
664 i;
665
666 ssize_t
667 x,
668 y;
669
670 sha_info->rho[SHA3Index(0,0)]=0;
671 x=1;
672 y=0;
673 for (i=0; i < 24; i++)
674 {
675 ssize_t
676 z;
677
678 sha_info->rho[SHA3Index(x,y)]=(unsigned int) (((i+1)*(i+2)/2) % 64);
679 z=x;
680 x=(0*x+1*y) % 5;
681 y=(2*z+3*y) % 5;
682 }
683}
684
685static inline WizardBooleanType InitializeSponge(SHA3Info *sha_info,
686 const unsigned int rate,const unsigned int capacity)
687{
688 if (rate+capacity != 1600)
689 return(WizardFalse);
690 if ((rate <= 0) || (rate >= 1600) || ((rate % 64) != 0))
691 return(WizardFalse);
692 SHA3InitializeRoundConstants(sha_info);
693 SHA3InitializeRho(sha_info);
694 sha_info->rate=rate;
695 sha_info->capacity=capacity;
696 sha_info->length=0;
697 memset(sha_info->state,0,SHA3PermutationSize/8);
698 memset(sha_info->message,0,SHA3MaximumRate/8);
699 sha_info->bits_in_queue=0;
700 sha_info->squeeze=WizardFalse;
701 sha_info->squeeze_bits=0;
702 sha_info->length=capacity/2;
703 return(WizardTrue);
704}
705
706WizardExport WizardBooleanType InitializeSHA3(SHA3Info *sha_info)
707{
708 WizardBooleanType
709 status;
710
711 (void) LogWizardEvent(TraceEvent,GetWizardModule(),"...");
712 assert(sha_info != (SHA3Info *) NULL);
713 assert(sha_info->signature == WizardSignature);
714 switch (sha_info->hash)
715 {
716 case SHA3Hash:
717 {
718 status=InitializeSponge(sha_info,1024,576);
719 break;
720 }
721 case SHA3224Hash:
722 {
723 status=InitializeSponge(sha_info,1152,448);
724 break;
725 }
726 case SHA3256Hash:
727 {
728 status=InitializeSponge(sha_info,1088,512);
729 break;
730 }
731 case SHA3384Hash:
732 {
733 status=InitializeSponge(sha_info,832,768);
734 break;
735 }
736 case SHA3512Hash:
737 {
738 status=InitializeSponge(sha_info,576,1024);
739 break;
740 }
741 default:
742 {
743 status=WizardFalse;
744 break;
745 }
746 }
747 return(status);
748}
749
750/*
751%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
752% %
753% %
754% %
755% U p d a t e S H A %
756% %
757% %
758% %
759%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
760%
761% UpdateSHA3() updates the SHA3 message accumulator.
762%
763% The format of the UpdateSHA3 method is:
764%
765% WizardbooleanType UpdateSHA3(SHA3Info *sha_info,
766% const StringInfo *message)
767%
768% A description of each parameter follows:
769%
770% o sha_info: The address of a structure of type SHA3Info.
771%
772% o message: The message
773%
774*/
775
776static inline WizardBooleanType Absorb(SHA3Info *sha_info,
777 const unsigned char *message,const size_t length)
778{
779 const unsigned char
780 *p;
781
782 ssize_t
783 i;
784
785 size_t
786 bits,
787 blocks,
788 byte;
789
790 /*
791 Give input message for the sponge function to absorb.
792 */
793 if ((sha_info->bits_in_queue % 8) != 0)
794 return(WizardFalse); /* only the last call may contain a partial byte */
795 if (sha_info->squeeze != WizardFalse)
796 return(WizardFalse); /* too late for additional input */
797 for (i=0; i < (ssize_t) length; )
798 {
799 if ((sha_info->bits_in_queue != 0) || (length < sha_info->rate) ||
800 (i > (ssize_t) (length-sha_info->rate)))
801 {
802 bits=(unsigned int) (length-i);
803 if ((bits+sha_info->bits_in_queue) > sha_info->rate)
804 bits=sha_info->rate-sha_info->bits_in_queue;
805 byte=bits % 8;
806 bits-=byte;
807 memcpy(sha_info->message+sha_info->bits_in_queue/8,message+i/8,bits/8);
808 sha_info->bits_in_queue+=bits;
809 i+=bits;
810 if (sha_info->bits_in_queue == sha_info->rate)
811 AbsorbQueue(sha_info);
812 if (byte > 0)
813 {
814 unsigned char
815 mask;
816
817 mask=(unsigned char) ((1 << byte)-1);
818 sha_info->message[sha_info->bits_in_queue/8]=message[i/8] & mask;
819 sha_info->bits_in_queue+=byte;
820 i+=byte;
821 }
822 }
823 else
824 {
825 ssize_t
826 j;
827
828 blocks=(size_t) ((length-i)/sha_info->rate);
829 p=message+i/8;
830 switch (sha_info->rate)
831 {
832 case 576:
833 {
834 for (j=0; j < (ssize_t) blocks; j++)
835 {
836 SHA3PermutationAfterXor(sha_info,p,72,sha_info->state);
837 p+=576/8;
838 }
839 break;
840 }
841 case 832:
842 {
843 for (j=0; j < (ssize_t) blocks; j++)
844 {
845 SHA3PermutationAfterXor(sha_info,p,104,sha_info->state);
846 p+=832/8;
847 }
848 break;
849 }
850 case 1024:
851 {
852 for (j=0; j < (ssize_t) blocks; j++)
853 {
854 SHA3PermutationAfterXor(sha_info,p,128,sha_info->state);
855 p+=1024/8;
856 }
857 break;
858 }
859 case 1088:
860 {
861 for (j=0; j < (ssize_t) blocks; j++)
862 {
863 SHA3PermutationAfterXor(sha_info,p,136,sha_info->state);
864 p+=1088/8;
865 }
866 break;
867 }
868 case 1152:
869 {
870 for (j=0; j < (ssize_t) blocks; j++)
871 {
872 SHA3PermutationAfterXor(sha_info,p,144,sha_info->state);
873 p+=1152/8;
874 }
875 break;
876 }
877 case 1344:
878 {
879 for (j=0; j < (ssize_t) blocks; j++)
880 {
881 SHA3PermutationAfterXor(sha_info,p,168,sha_info->state);
882 p+=1344/8;
883 }
884 break;
885 }
886 default:
887 {
888 for (j=0; j < (ssize_t) blocks; j++)
889 {
890 SHA3PermutationAfterXor(sha_info,sha_info->message,8*
891 sha_info->rate/64,sha_info->state);
892 p+=sha_info->rate/8;
893 }
894 break;
895 }
896 }
897 i+=blocks*sha_info->rate;
898 }
899 }
900 return(WizardTrue);
901}
902
903WizardExport WizardBooleanType UpdateSHA3(SHA3Info *sha_info,
904 const StringInfo *message)
905{
906 WizardBooleanType
907 status;
908
909 assert(sha_info != (SHA3Info *) NULL);
910 assert(sha_info->signature == WizardSignature);
911 status=Absorb(sha_info,GetStringInfoDatum(message),8*
912 GetStringInfoLength(message));
913 return(status);
914}
WizardAssert
#define WizardAssert(domain, predicate)
Definition exception-private.h:46
ThrowWizardFatalError
#define ThrowWizardFatalError(domain, error)
Definition exception-private.h:64
HashDomain
@ HashDomain
Definition exception.h:30
CipherDomain
@ CipherDomain
Definition exception.h:34
MemoryError
@ MemoryError
Definition exception.h:49
HashIOError
@ HashIOError
Definition exception.h:53
HashType
HashType
Definition hash.h:28
SHA3512Hash
@ SHA3512Hash
Definition hash.h:43
SHA3Hash
@ SHA3Hash
Definition hash.h:39
SHA3256Hash
@ SHA3256Hash
Definition hash.h:41
SHA3384Hash
@ SHA3384Hash
Definition hash.h:42
SHA3224Hash
@ SHA3224Hash
Definition hash.h:40
LogWizardEvent
WizardBooleanType LogWizardEvent(const LogEventType type, const char *module, const char *function, const size_t line, const char *format,...)
Definition log.c:1390
TraceEvent
@ TraceEvent
Definition log.h:39
GetWizardModule
#define GetWizardModule()
Definition log.h:30
AcquireWizardMemory
WizardExport void * AcquireWizardMemory(const size_t size)
Definition memory.c:586
RelinquishWizardMemory
WizardExport void * RelinquishWizardMemory(void *memory)
Definition memory.c:1039
memory_.h
WizardExport
#define WizardExport
Definition method-attribute.h:98
WizardSignature
#define WizardSignature
Definition method-attribute.h:104
SHA3Index
#define SHA3Index(x, y)
Definition sha3.c:55
SHA3Rounds
#define SHA3Rounds
Definition sha3.c:61
GetSHA3Digest
WizardExport const StringInfo * GetSHA3Digest(const SHA3Info *sha_info)
Definition sha3.c:557
SHA3InitializeRho
static void SHA3InitializeRho(SHA3Info *sha_info)
Definition sha3.c:661
Squeeze
static WizardBooleanType Squeeze(SHA3Info *sha_info, const size_t length, unsigned char *output)
Definition sha3.c:435
SHA3PermutationSize
#define SHA3PermutationSize
Definition sha3.c:58
SHA3RotateLeft
#define SHA3RotateLeft(x, offset)
Definition sha3.c:59
LFSR86540
static int LFSR86540(unsigned char *byte)
Definition sha3.c:618
SHA3Permutation
static void SHA3Permutation(const SHA3Info *sha_info, unsigned char *bytes)
Definition sha3.c:341
SHA3Digestsize
#define SHA3Digestsize
Definition sha3.c:54
InitializeSHA3
WizardExport WizardBooleanType InitializeSHA3(SHA3Info *sha_info)
Definition sha3.c:706
SHA3PermutationOnWords
static void SHA3PermutationOnWords(const SHA3Info *sha_info, WizardSizeType *state)
Definition sha3.c:276
Absorb
static WizardBooleanType Absorb(SHA3Info *sha_info, const unsigned char *message, const size_t length)
Definition sha3.c:776
PadAndSwitchToSqueezingPhase
static void PadAndSwitchToSqueezingPhase(SHA3Info *sha_info)
Definition sha3.c:412
ConvertWordsToBytes
static void ConvertWordsToBytes(const WizardSizeType *words, unsigned char *bytes)
Definition sha3.c:260
InitializeSponge
static WizardBooleanType InitializeSponge(SHA3Info *sha_info, const unsigned int rate, const unsigned int capacity)
Definition sha3.c:685
SHA3InitializeRoundConstants
static void SHA3InitializeRoundConstants(SHA3Info *sha_info)
Definition sha3.c:634
AbsorbQueue
static void AbsorbQueue(SHA3Info *sha_info)
Definition sha3.c:368
SHA3PermutationAfterXor
static void SHA3PermutationAfterXor(const SHA3Info *sha_info, const unsigned char *message, const size_t length, unsigned char *state)
Definition sha3.c:357
SHA3Blocksize
#define SHA3Blocksize
Definition sha3.c:53
UpdateSHA3
WizardExport WizardBooleanType UpdateSHA3(SHA3Info *sha_info, const StringInfo *message)
Definition sha3.c:903
DestroySHA3Info
WizardExport SHA3Info * DestroySHA3Info(SHA3Info *sha_info)
Definition sha3.c:208
GetSHA3Blocksize
WizardExport unsigned int GetSHA3Blocksize(const SHA3Info *sha_info)
Definition sha3.c:527
SHA3Lanes
#define SHA3Lanes
Definition sha3.c:56
SHA3MaximumRate
#define SHA3MaximumRate
Definition sha3.c:57
AcquireSHA3Info
WizardExport SHA3Info * AcquireSHA3Info(const HashType hash)
Definition sha3.c:132
ConvertBytesToWords
static void ConvertBytesToWords(const unsigned char *bytes, WizardSizeType *words)
Definition sha3.c:243
FinalizeSHA3
WizardExport WizardBooleanType FinalizeSHA3(SHA3Info *sha_info)
Definition sha3.c:469
GetSHA3Digestsize
WizardExport unsigned int GetSHA3Digestsize(const SHA3Info *sha_info)
Definition sha3.c:587
GetStringInfoLength
WizardExport size_t GetStringInfoLength(const StringInfo *string_info)
Definition string.c:1280
AcquireStringInfo
WizardExport StringInfo * AcquireStringInfo(const size_t length)
Definition string.c:179
GetStringInfoDatum
WizardExport unsigned char * GetStringInfoDatum(const StringInfo *string_info)
Definition string.c:1251
DestroyStringInfo
WizardExport StringInfo * DestroyStringInfo(StringInfo *string_info)
Definition string.c:857
_SHA3Info
Definition sha3.c:67
_SHA3Info::timestamp
time_t timestamp
Definition sha3.c:104
_SHA3Info::length
size_t length
Definition sha3.c:88
_SHA3Info::signature
size_t signature
Definition sha3.c:107
_SHA3Info::state
unsigned char state[SHA3PermutationSize/8]
Definition sha3.c:79
_SHA3Info::message
unsigned char message[SHA3MaximumRate/8]
Definition sha3.c:80
_SHA3Info::lsb_first
WizardBooleanType lsb_first
Definition sha3.c:101
_SHA3Info::rate
unsigned int rate
Definition sha3.c:83
_SHA3Info::capacity
unsigned int capacity
Definition sha3.c:84
_SHA3Info::blocksize
unsigned int blocksize
Definition sha3.c:73
_SHA3Info::digest
StringInfo * digest
Definition sha3.c:76
_SHA3Info::digestsize
unsigned int digestsize
Definition sha3.c:72
_SHA3Info::rounds
WizardSizeType rounds[SHA3Rounds]
Definition sha3.c:98
_SHA3Info::squeeze_bits
unsigned int squeeze_bits
Definition sha3.c:94
_SHA3Info::bits_in_queue
unsigned int bits_in_queue
Definition sha3.c:85
_SHA3Info::squeeze
WizardBooleanType squeeze
Definition sha3.c:91
_SHA3Info::hash
HashType hash
Definition sha3.c:69
_SHA3Info::rho
unsigned int rho[SHA3Lanes]
Definition sha3.c:95
_StringInfo
Definition string.c:58
WizardSizeType
size_t WizardSizeType
Definition wizard-type.h:51
WizardBooleanType
WizardBooleanType
Definition wizard-type.h:26
WizardTrue
@ WizardTrue
Definition wizard-type.h:28
WizardFalse
@ WizardFalse
Definition wizard-type.h:27