Merge pull request #173 from libtom/pr/sha3

demos/tv_gen.c

@@ -85,6 +85,12 @@ void reg_algs(void)
 #ifdef LTC_SHA512
   register_hash (&sha512_desc);
 #endif
+#ifdef LTC_SHA3
+  register_hash (&sha3_224_desc);
+  register_hash (&sha3_256_desc);
+  register_hash (&sha3_384_desc);
+  register_hash (&sha3_512_desc);
+#endif
 #ifdef LTC_RIPEMD128
   register_hash (&rmd128_desc);
 #endif

libtomcrypt_VS2005.vcproj

@@ -594,6 +594,14 @@
 				RelativePath="src\hashes\sha1.c"
 				>
 			</File>
+			<File
+				RelativePath="src\hashes\sha3.c"
+				>
+			</File>
+			<File
+				RelativePath="src\hashes\sha3_test.c"
+				>
+			</File>
 			<File
 				RelativePath="src\hashes\tiger.c"
 				>

libtomcrypt_VS2008.vcproj

@@ -815,6 +815,14 @@
 				RelativePath="src\hashes\sha1.c"
 				>
 			</File>
+			<File
+				RelativePath="src\hashes\sha3.c"
+				>
+			</File>
+			<File
+				RelativePath="src\hashes\sha3_test.c"
+				>
+			</File>
 			<File
 				RelativePath="src\hashes\tiger.c"
 				>

makefile

@@ -70,15 +70,16 @@ src/hashes/chc/chc.o src/hashes/helper/hash_file.o src/hashes/helper/hash_fileha
 src/hashes/helper/hash_memory.o src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \
 src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/rmd256.o src/hashes/rmd320.o \
 src/hashes/sha1.o src/hashes/sha2/sha224.o src/hashes/sha2/sha256.o src/hashes/sha2/sha384.o \
-src/hashes/sha2/sha512.o src/hashes/sha2/sha512_224.o src/hashes/sha2/sha512_256.o src/hashes/tiger.o \
-src/hashes/whirl/whirl.o src/mac/f9/f9_done.o src/mac/f9/f9_file.o src/mac/f9/f9_init.o \
-src/mac/f9/f9_memory.o src/mac/f9/f9_memory_multi.o src/mac/f9/f9_process.o src/mac/f9/f9_test.o \
-src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
-src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o src/mac/hmac/hmac_test.o \
-src/mac/omac/omac_done.o src/mac/omac/omac_file.o src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \
-src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o src/mac/omac/omac_test.o \
-src/mac/pelican/pelican.o src/mac/pelican/pelican_memory.o src/mac/pelican/pelican_test.o \
-src/mac/pmac/pmac_done.o src/mac/pmac/pmac_file.o src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
+src/hashes/sha2/sha512.o src/hashes/sha2/sha512_224.o src/hashes/sha2/sha512_256.o src/hashes/sha3.o \
+src/hashes/sha3_test.o src/hashes/tiger.o src/hashes/whirl/whirl.o src/mac/f9/f9_done.o \
+src/mac/f9/f9_file.o src/mac/f9/f9_init.o src/mac/f9/f9_memory.o src/mac/f9/f9_memory_multi.o \
+src/mac/f9/f9_process.o src/mac/f9/f9_test.o src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o \
+src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o src/mac/hmac/hmac_memory_multi.o \
+src/mac/hmac/hmac_process.o src/mac/hmac/hmac_test.o src/mac/omac/omac_done.o src/mac/omac/omac_file.o \
+src/mac/omac/omac_init.o src/mac/omac/omac_memory.o src/mac/omac/omac_memory_multi.o \
+src/mac/omac/omac_process.o src/mac/omac/omac_test.o src/mac/pelican/pelican.o \
+src/mac/pelican/pelican_memory.o src/mac/pelican/pelican_test.o src/mac/pmac/pmac_done.o \
+src/mac/pmac/pmac_file.o src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
 src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o src/mac/pmac/pmac_process.o \
 src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o src/mac/xcbc/xcbc_done.o \
 src/mac/xcbc/xcbc_file.o src/mac/xcbc/xcbc_init.o src/mac/xcbc/xcbc_memory.o \

makefile.icc

@@ -127,15 +127,16 @@ src/hashes/chc/chc.o src/hashes/helper/hash_file.o src/hashes/helper/hash_fileha
 src/hashes/helper/hash_memory.o src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \
 src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/rmd256.o src/hashes/rmd320.o \
 src/hashes/sha1.o src/hashes/sha2/sha224.o src/hashes/sha2/sha256.o src/hashes/sha2/sha384.o \
-src/hashes/sha2/sha512.o src/hashes/sha2/sha512_224.o src/hashes/sha2/sha512_256.o src/hashes/tiger.o \
-src/hashes/whirl/whirl.o src/mac/f9/f9_done.o src/mac/f9/f9_file.o src/mac/f9/f9_init.o \
-src/mac/f9/f9_memory.o src/mac/f9/f9_memory_multi.o src/mac/f9/f9_process.o src/mac/f9/f9_test.o \
-src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
-src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o src/mac/hmac/hmac_test.o \
-src/mac/omac/omac_done.o src/mac/omac/omac_file.o src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \
-src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o src/mac/omac/omac_test.o \
-src/mac/pelican/pelican.o src/mac/pelican/pelican_memory.o src/mac/pelican/pelican_test.o \
-src/mac/pmac/pmac_done.o src/mac/pmac/pmac_file.o src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
+src/hashes/sha2/sha512.o src/hashes/sha2/sha512_224.o src/hashes/sha2/sha512_256.o src/hashes/sha3.o \
+src/hashes/sha3_test.o src/hashes/tiger.o src/hashes/whirl/whirl.o src/mac/f9/f9_done.o \
+src/mac/f9/f9_file.o src/mac/f9/f9_init.o src/mac/f9/f9_memory.o src/mac/f9/f9_memory_multi.o \
+src/mac/f9/f9_process.o src/mac/f9/f9_test.o src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o \
+src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o src/mac/hmac/hmac_memory_multi.o \
+src/mac/hmac/hmac_process.o src/mac/hmac/hmac_test.o src/mac/omac/omac_done.o src/mac/omac/omac_file.o \
+src/mac/omac/omac_init.o src/mac/omac/omac_memory.o src/mac/omac/omac_memory_multi.o \
+src/mac/omac/omac_process.o src/mac/omac/omac_test.o src/mac/pelican/pelican.o \
+src/mac/pelican/pelican_memory.o src/mac/pelican/pelican_test.o src/mac/pmac/pmac_done.o \
+src/mac/pmac/pmac_file.o src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
 src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o src/mac/pmac/pmac_process.o \
 src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o src/mac/xcbc/xcbc_done.o \
 src/mac/xcbc/xcbc_file.o src/mac/xcbc/xcbc_init.o src/mac/xcbc/xcbc_memory.o \

makefile.mingw

@@ -63,15 +63,16 @@ src/hashes/chc/chc.o src/hashes/helper/hash_file.o src/hashes/helper/hash_fileha
 src/hashes/helper/hash_memory.o src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \
 src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/rmd256.o src/hashes/rmd320.o \
 src/hashes/sha1.o src/hashes/sha2/sha224.o src/hashes/sha2/sha256.o src/hashes/sha2/sha384.o \
-src/hashes/sha2/sha512.o src/hashes/sha2/sha512_224.o src/hashes/sha2/sha512_256.o src/hashes/tiger.o \
-src/hashes/whirl/whirl.o src/mac/f9/f9_done.o src/mac/f9/f9_file.o src/mac/f9/f9_init.o \
-src/mac/f9/f9_memory.o src/mac/f9/f9_memory_multi.o src/mac/f9/f9_process.o src/mac/f9/f9_test.o \
-src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
-src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o src/mac/hmac/hmac_test.o \
-src/mac/omac/omac_done.o src/mac/omac/omac_file.o src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \
-src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o src/mac/omac/omac_test.o \
-src/mac/pelican/pelican.o src/mac/pelican/pelican_memory.o src/mac/pelican/pelican_test.o \
-src/mac/pmac/pmac_done.o src/mac/pmac/pmac_file.o src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
+src/hashes/sha2/sha512.o src/hashes/sha2/sha512_224.o src/hashes/sha2/sha512_256.o src/hashes/sha3.o \
+src/hashes/sha3_test.o src/hashes/tiger.o src/hashes/whirl/whirl.o src/mac/f9/f9_done.o \
+src/mac/f9/f9_file.o src/mac/f9/f9_init.o src/mac/f9/f9_memory.o src/mac/f9/f9_memory_multi.o \
+src/mac/f9/f9_process.o src/mac/f9/f9_test.o src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o \
+src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o src/mac/hmac/hmac_memory_multi.o \
+src/mac/hmac/hmac_process.o src/mac/hmac/hmac_test.o src/mac/omac/omac_done.o src/mac/omac/omac_file.o \
+src/mac/omac/omac_init.o src/mac/omac/omac_memory.o src/mac/omac/omac_memory_multi.o \
+src/mac/omac/omac_process.o src/mac/omac/omac_test.o src/mac/pelican/pelican.o \
+src/mac/pelican/pelican_memory.o src/mac/pelican/pelican_test.o src/mac/pmac/pmac_done.o \
+src/mac/pmac/pmac_file.o src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
 src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o src/mac/pmac/pmac_process.o \
 src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o src/mac/xcbc/xcbc_done.o \
 src/mac/xcbc/xcbc_file.o src/mac/xcbc/xcbc_init.o src/mac/xcbc/xcbc_memory.o \

makefile.msvc

@@ -37,15 +37,16 @@ src/hashes/chc/chc.obj src/hashes/helper/hash_file.obj src/hashes/helper/hash_fi
 src/hashes/helper/hash_memory.obj src/hashes/helper/hash_memory_multi.obj src/hashes/md2.obj src/hashes/md4.obj \
 src/hashes/md5.obj src/hashes/rmd128.obj src/hashes/rmd160.obj src/hashes/rmd256.obj src/hashes/rmd320.obj \
 src/hashes/sha1.obj src/hashes/sha2/sha224.obj src/hashes/sha2/sha256.obj src/hashes/sha2/sha384.obj \
-src/hashes/sha2/sha512.obj src/hashes/sha2/sha512_224.obj src/hashes/sha2/sha512_256.obj src/hashes/tiger.obj \
-src/hashes/whirl/whirl.obj src/mac/f9/f9_done.obj src/mac/f9/f9_file.obj src/mac/f9/f9_init.obj \
-src/mac/f9/f9_memory.obj src/mac/f9/f9_memory_multi.obj src/mac/f9/f9_process.obj src/mac/f9/f9_test.obj \
-src/mac/hmac/hmac_done.obj src/mac/hmac/hmac_file.obj src/mac/hmac/hmac_init.obj src/mac/hmac/hmac_memory.obj \
-src/mac/hmac/hmac_memory_multi.obj src/mac/hmac/hmac_process.obj src/mac/hmac/hmac_test.obj \
-src/mac/omac/omac_done.obj src/mac/omac/omac_file.obj src/mac/omac/omac_init.obj src/mac/omac/omac_memory.obj \
-src/mac/omac/omac_memory_multi.obj src/mac/omac/omac_process.obj src/mac/omac/omac_test.obj \
-src/mac/pelican/pelican.obj src/mac/pelican/pelican_memory.obj src/mac/pelican/pelican_test.obj \
-src/mac/pmac/pmac_done.obj src/mac/pmac/pmac_file.obj src/mac/pmac/pmac_init.obj src/mac/pmac/pmac_memory.obj \
+src/hashes/sha2/sha512.obj src/hashes/sha2/sha512_224.obj src/hashes/sha2/sha512_256.obj src/hashes/sha3.obj \
+src/hashes/sha3_test.obj src/hashes/tiger.obj src/hashes/whirl/whirl.obj src/mac/f9/f9_done.obj \
+src/mac/f9/f9_file.obj src/mac/f9/f9_init.obj src/mac/f9/f9_memory.obj src/mac/f9/f9_memory_multi.obj \
+src/mac/f9/f9_process.obj src/mac/f9/f9_test.obj src/mac/hmac/hmac_done.obj src/mac/hmac/hmac_file.obj \
+src/mac/hmac/hmac_init.obj src/mac/hmac/hmac_memory.obj src/mac/hmac/hmac_memory_multi.obj \
+src/mac/hmac/hmac_process.obj src/mac/hmac/hmac_test.obj src/mac/omac/omac_done.obj src/mac/omac/omac_file.obj \
+src/mac/omac/omac_init.obj src/mac/omac/omac_memory.obj src/mac/omac/omac_memory_multi.obj \
+src/mac/omac/omac_process.obj src/mac/omac/omac_test.obj src/mac/pelican/pelican.obj \
+src/mac/pelican/pelican_memory.obj src/mac/pelican/pelican_test.obj src/mac/pmac/pmac_done.obj \
+src/mac/pmac/pmac_file.obj src/mac/pmac/pmac_init.obj src/mac/pmac/pmac_memory.obj \
 src/mac/pmac/pmac_memory_multi.obj src/mac/pmac/pmac_ntz.obj src/mac/pmac/pmac_process.obj \
 src/mac/pmac/pmac_shift_xor.obj src/mac/pmac/pmac_test.obj src/mac/xcbc/xcbc_done.obj \
 src/mac/xcbc/xcbc_file.obj src/mac/xcbc/xcbc_init.obj src/mac/xcbc/xcbc_memory.obj \

makefile.shared

@@ -60,15 +60,16 @@ src/hashes/chc/chc.o src/hashes/helper/hash_file.o src/hashes/helper/hash_fileha
 src/hashes/helper/hash_memory.o src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \
 src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/rmd256.o src/hashes/rmd320.o \
 src/hashes/sha1.o src/hashes/sha2/sha224.o src/hashes/sha2/sha256.o src/hashes/sha2/sha384.o \
-src/hashes/sha2/sha512.o src/hashes/sha2/sha512_224.o src/hashes/sha2/sha512_256.o src/hashes/tiger.o \
-src/hashes/whirl/whirl.o src/mac/f9/f9_done.o src/mac/f9/f9_file.o src/mac/f9/f9_init.o \
-src/mac/f9/f9_memory.o src/mac/f9/f9_memory_multi.o src/mac/f9/f9_process.o src/mac/f9/f9_test.o \
-src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
-src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o src/mac/hmac/hmac_test.o \
-src/mac/omac/omac_done.o src/mac/omac/omac_file.o src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \
-src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o src/mac/omac/omac_test.o \
-src/mac/pelican/pelican.o src/mac/pelican/pelican_memory.o src/mac/pelican/pelican_test.o \
-src/mac/pmac/pmac_done.o src/mac/pmac/pmac_file.o src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
+src/hashes/sha2/sha512.o src/hashes/sha2/sha512_224.o src/hashes/sha2/sha512_256.o src/hashes/sha3.o \
+src/hashes/sha3_test.o src/hashes/tiger.o src/hashes/whirl/whirl.o src/mac/f9/f9_done.o \
+src/mac/f9/f9_file.o src/mac/f9/f9_init.o src/mac/f9/f9_memory.o src/mac/f9/f9_memory_multi.o \
+src/mac/f9/f9_process.o src/mac/f9/f9_test.o src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o \
+src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o src/mac/hmac/hmac_memory_multi.o \
+src/mac/hmac/hmac_process.o src/mac/hmac/hmac_test.o src/mac/omac/omac_done.o src/mac/omac/omac_file.o \
+src/mac/omac/omac_init.o src/mac/omac/omac_memory.o src/mac/omac/omac_memory_multi.o \
+src/mac/omac/omac_process.o src/mac/omac/omac_test.o src/mac/pelican/pelican.o \
+src/mac/pelican/pelican_memory.o src/mac/pelican/pelican_test.o src/mac/pmac/pmac_done.o \
+src/mac/pmac/pmac_file.o src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
 src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o src/mac/pmac/pmac_process.o \
 src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o src/mac/xcbc/xcbc_done.o \
 src/mac/xcbc/xcbc_file.o src/mac/xcbc/xcbc_init.o src/mac/xcbc/xcbc_memory.o \

makefile.unix

@@ -68,15 +68,16 @@ src/hashes/chc/chc.o src/hashes/helper/hash_file.o src/hashes/helper/hash_fileha
 src/hashes/helper/hash_memory.o src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \
 src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/rmd256.o src/hashes/rmd320.o \
 src/hashes/sha1.o src/hashes/sha2/sha224.o src/hashes/sha2/sha256.o src/hashes/sha2/sha384.o \
-src/hashes/sha2/sha512.o src/hashes/sha2/sha512_224.o src/hashes/sha2/sha512_256.o src/hashes/tiger.o \
-src/hashes/whirl/whirl.o src/mac/f9/f9_done.o src/mac/f9/f9_file.o src/mac/f9/f9_init.o \
-src/mac/f9/f9_memory.o src/mac/f9/f9_memory_multi.o src/mac/f9/f9_process.o src/mac/f9/f9_test.o \
-src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
-src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o src/mac/hmac/hmac_test.o \
-src/mac/omac/omac_done.o src/mac/omac/omac_file.o src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \
-src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o src/mac/omac/omac_test.o \
-src/mac/pelican/pelican.o src/mac/pelican/pelican_memory.o src/mac/pelican/pelican_test.o \
-src/mac/pmac/pmac_done.o src/mac/pmac/pmac_file.o src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
+src/hashes/sha2/sha512.o src/hashes/sha2/sha512_224.o src/hashes/sha2/sha512_256.o src/hashes/sha3.o \
+src/hashes/sha3_test.o src/hashes/tiger.o src/hashes/whirl/whirl.o src/mac/f9/f9_done.o \
+src/mac/f9/f9_file.o src/mac/f9/f9_init.o src/mac/f9/f9_memory.o src/mac/f9/f9_memory_multi.o \
+src/mac/f9/f9_process.o src/mac/f9/f9_test.o src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o \
+src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o src/mac/hmac/hmac_memory_multi.o \
+src/mac/hmac/hmac_process.o src/mac/hmac/hmac_test.o src/mac/omac/omac_done.o src/mac/omac/omac_file.o \
+src/mac/omac/omac_init.o src/mac/omac/omac_memory.o src/mac/omac/omac_memory_multi.o \
+src/mac/omac/omac_process.o src/mac/omac/omac_test.o src/mac/pelican/pelican.o \
+src/mac/pelican/pelican_memory.o src/mac/pelican/pelican_test.o src/mac/pmac/pmac_done.o \
+src/mac/pmac/pmac_file.o src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
 src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o src/mac/pmac/pmac_process.o \
 src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o src/mac/xcbc/xcbc_done.o \
 src/mac/xcbc/xcbc_file.o src/mac/xcbc/xcbc_init.o src/mac/xcbc/xcbc_memory.o \

src/hashes/sha3.c

@@ -0,0 +1,298 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+
+/* based on https://github.com/brainhub/SHA3IUF (public domain) */
+
+#include "tomcrypt.h"
+
+#ifdef LTC_SHA3
+
+const struct ltc_hash_descriptor sha3_224_desc =
+{
+   "sha3_224",                  /* name of hash */
+   17,                          /* internal ID */
+   28,                          /* Size of digest in octets */
+   128,                         /* Input block size in octets */
+   { 2,16,840,1,101,3,4,2,7 },  /* ASN.1 OID */
+   9,                           /* Length OID */
+   &sha3_224_init,
+   &sha3_process,
+   &sha3_done,
+   &sha3_224_test,
+   NULL
+};
+
+const struct ltc_hash_descriptor sha3_256_desc =
+{
+   "sha3_256",                  /* name of hash */
+   18,                          /* internal ID */
+   32,                          /* Size of digest in octets */
+   128,                         /* Input block size in octets */
+   { 2,16,840,1,101,3,4,2,8 },  /* ASN.1 OID */
+   9,                           /* Length OID */
+   &sha3_256_init,
+   &sha3_process,
+   &sha3_done,
+   &sha3_256_test,
+   NULL
+};
+
+const struct ltc_hash_descriptor sha3_384_desc =
+{
+   "sha3_384",                  /* name of hash */
+   19,                          /* internal ID */
+   48,                          /* Size of digest in octets */
+   128,                         /* Input block size in octets */
+   { 2,16,840,1,101,3,4,2,9 },  /* ASN.1 OID */
+   9,                           /* Length OID */
+   &sha3_384_init,
+   &sha3_process,
+   &sha3_done,
+   &sha3_384_test,
+   NULL
+};
+
+const struct ltc_hash_descriptor sha3_512_desc =
+{
+   "sha3_512",                  /* name of hash */
+   20,                          /* internal ID */
+   64,                          /* Size of digest in octets */
+   128,                         /* Input block size in octets */
+   { 2,16,840,1,101,3,4,2,10 }, /* ASN.1 OID */
+   9,                           /* Length OID */
+   &sha3_512_init,
+   &sha3_process,
+   &sha3_done,
+   &sha3_512_test,
+   NULL
+};
+
+#define SHA3_KECCAK_SPONGE_WORDS 25 /* 1600 bits > 200 bytes > 25 x ulong64 */
+#define SHA3_KECCAK_ROUNDS 24
+
+static const ulong64 keccakf_rndc[24] = {
+   CONST64(0x0000000000000001), CONST64(0x0000000000008082),
+   CONST64(0x800000000000808a), CONST64(0x8000000080008000),
+   CONST64(0x000000000000808b), CONST64(0x0000000080000001),
+   CONST64(0x8000000080008081), CONST64(0x8000000000008009),
+   CONST64(0x000000000000008a), CONST64(0x0000000000000088),
+   CONST64(0x0000000080008009), CONST64(0x000000008000000a),
+   CONST64(0x000000008000808b), CONST64(0x800000000000008b),
+   CONST64(0x8000000000008089), CONST64(0x8000000000008003),
+   CONST64(0x8000000000008002), CONST64(0x8000000000000080),
+   CONST64(0x000000000000800a), CONST64(0x800000008000000a),
+   CONST64(0x8000000080008081), CONST64(0x8000000000008080),
+   CONST64(0x0000000080000001), CONST64(0x8000000080008008)
+};
+
+static const unsigned keccakf_rotc[24] = {
+   1, 3, 6, 10, 15, 21, 28, 36, 45, 55, 2, 14, 27, 41, 56, 8, 25, 43, 62, 18, 39, 61, 20, 44
+};
+
+static const unsigned keccakf_piln[24] = {
+   10, 7, 11, 17, 18, 3, 5, 16, 8, 21, 24, 4, 15, 23, 19, 13, 12, 2, 20, 14, 22, 9, 6, 1
+};
+
+static void keccakf(ulong64 s[25])
+{
+   int i, j, round;
+   ulong64 t, bc[5];
+
+   for(round = 0; round < SHA3_KECCAK_ROUNDS; round++) {
+      /* Theta */
+      for(i = 0; i < 5; i++)
+         bc[i] = s[i] ^ s[i + 5] ^ s[i + 10] ^ s[i + 15] ^ s[i + 20];
+
+      for(i = 0; i < 5; i++) {
+         t = bc[(i + 4) % 5] ^ ROL64(bc[(i + 1) % 5], 1);
+         for(j = 0; j < 25; j += 5)
+            s[j + i] ^= t;
+      }
+      /* Rho Pi */
+      t = s[1];
+      for(i = 0; i < 24; i++) {
+         j = keccakf_piln[i];
+         bc[0] = s[j];
+         s[j] = ROL64(t, keccakf_rotc[i]);
+         t = bc[0];
+      }
+      /* Chi */
+      for(j = 0; j < 25; j += 5) {
+         for(i = 0; i < 5; i++)
+            bc[i] = s[j + i];
+         for(i = 0; i < 5; i++)
+            s[j + i] ^= (~bc[(i + 1) % 5]) & bc[(i + 2) % 5];
+      }
+      /* Iota */
+      s[0] ^= keccakf_rndc[round];
+   }
+}
+
+/* Public Inteface */
+
+int sha3_224_init(hash_state *md)
+{
+   LTC_ARGCHK(md != NULL);
+   XMEMSET(&md->sha3, 0, sizeof(md->sha3));
+   md->sha3.capacity_words = 2 * 224 / (8 * sizeof(ulong64));
+   return CRYPT_OK;
+}
+
+int sha3_256_init(hash_state *md)
+{
+   LTC_ARGCHK(md != NULL);
+   XMEMSET(&md->sha3, 0, sizeof(md->sha3));
+   md->sha3.capacity_words = 2 * 256 / (8 * sizeof(ulong64));
+   return CRYPT_OK;
+}
+
+int sha3_384_init(hash_state *md)
+{
+   LTC_ARGCHK(md != NULL);
+   XMEMSET(&md->sha3, 0, sizeof(md->sha3));
+   md->sha3.capacity_words = 2 * 384 / (8 * sizeof(ulong64));
+   return CRYPT_OK;
+}
+
+int sha3_512_init(hash_state *md)
+{
+   LTC_ARGCHK(md != NULL);
+   XMEMSET(&md->sha3, 0, sizeof(md->sha3));
+   md->sha3.capacity_words = 2 * 512 / (8 * sizeof(ulong64));
+   return CRYPT_OK;
+}
+
+int sha3_shake_init(hash_state *md, int num)
+{
+   LTC_ARGCHK(md != NULL);
+   if (num != 128 && num != 256) return CRYPT_INVALID_ARG;
+   XMEMSET(&md->sha3, 0, sizeof(md->sha3));
+   md->sha3.capacity_words = 2 * num / (8 * sizeof(ulong64));
+   return CRYPT_OK;
+}
+
+int sha3_process(hash_state *md, const unsigned char *in, unsigned long inlen)
+{
+   /* 0...7 -- how much is needed to have a word */
+   unsigned old_tail = (8 - md->sha3.byte_index) & 7;
+
+   unsigned long words;
+   unsigned tail;
+   unsigned long i;
+
+   if (inlen == 0) return CRYPT_OK; /* nothing to do */
+   LTC_ARGCHK(md != NULL);
+   LTC_ARGCHK(in != NULL);
+
+   if(inlen < old_tail) {       /* have no complete word or haven't started the word yet */
+      while (inlen--) md->sha3.saved |= (ulong64) (*(in++)) << ((md->sha3.byte_index++) * 8);
+      return CRYPT_OK;
+   }
+
+   if(old_tail) {               /* will have one word to process */
+      inlen -= old_tail;
+      while (old_tail--) md->sha3.saved |= (ulong64) (*(in++)) << ((md->sha3.byte_index++) * 8);
+      /* now ready to add saved to the sponge */
+      md->sha3.s[md->sha3.word_index] ^= md->sha3.saved;
+      md->sha3.byte_index = 0;
+      md->sha3.saved = 0;
+      if(++md->sha3.word_index == (SHA3_KECCAK_SPONGE_WORDS - md->sha3.capacity_words)) {
+         keccakf(md->sha3.s);
+         md->sha3.word_index = 0;
+      }
+   }
+
+   /* now work in full words directly from input */
+   words = inlen / sizeof(ulong64);
+   tail = inlen - words * sizeof(ulong64);
+
+   for(i = 0; i < words; i++, in += sizeof(ulong64)) {
+      ulong64 t;
+      LOAD64L(t, in);
+      md->sha3.s[md->sha3.word_index] ^= t;
+      if(++md->sha3.word_index == (SHA3_KECCAK_SPONGE_WORDS - md->sha3.capacity_words)) {
+         keccakf(md->sha3.s);
+         md->sha3.word_index = 0;
+      }
+   }
+
+   /* finally, save the partial word */
+   while (tail--) {
+      md->sha3.saved |= (ulong64) (*(in++)) << ((md->sha3.byte_index++) * 8);
+   }
+   return CRYPT_OK;
+}
+
+int sha3_done(hash_state *md, unsigned char *hash)
+{
+   LTC_ARGCHK(md   != NULL);
+   LTC_ARGCHK(hash != NULL);
+
+   md->sha3.s[md->sha3.word_index] ^= (md->sha3.saved ^ (CONST64(0x06) << (md->sha3.byte_index * 8)));
+   md->sha3.s[SHA3_KECCAK_SPONGE_WORDS - md->sha3.capacity_words - 1] ^= CONST64(0x8000000000000000);
+   keccakf(md->sha3.s);
+
+#ifndef ENDIAN_LITTLE
+   {
+      unsigned i;
+      for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) {
+         const ulong32 t1 = (ulong32)(md->sha3.s[i] & CONST64(0xFFFFFFFF));
+         const ulong32 t2 = (ulong32)(md->sha3.s[i] >> 32);
+         STORE32L(t1, md->sha3.sb + i * 8);
+         STORE32L(t2, md->sha3.sb + i * 8 + 4);
+      }
+   }
+#endif
+
+   XMEMCPY(hash, md->sha3.sb, md->sha3.capacity_words * 4);
+   return CRYPT_OK;
+}
+
+int sha3_shake_done(hash_state *md, unsigned char *out, unsigned long outlen)
+{
+   unsigned long i = 0;
+   /* sha3_shake_done can be called many times */
+
+   if (outlen == 0) return CRYPT_OK; /* nothing to do */
+   LTC_ARGCHK(md  != NULL);
+   LTC_ARGCHK(out != NULL);
+
+   if (!md->sha3.xof_flag) {
+      /* shake_xof operation must be done only once */
+      md->sha3.s[md->sha3.word_index] ^= (md->sha3.saved ^ (CONST64(0x1F) << (md->sha3.byte_index * 8)));
+      md->sha3.s[SHA3_KECCAK_SPONGE_WORDS - md->sha3.capacity_words - 1] ^= CONST64(0x8000000000000000);
+      keccakf(md->sha3.s);
+      md->sha3.byte_index = 0;
+      md->sha3.xof_flag = 1;
+   }
+
+   while (i < outlen) {
+      if(md->sha3.byte_index >= (SHA3_KECCAK_SPONGE_WORDS - md->sha3.capacity_words) * 8) {
+         keccakf(md->sha3.s);
+         md->sha3.byte_index = 0;
+      }
+      out[i++] = md->sha3.sb[md->sha3.byte_index++];
+   }
+   return CRYPT_OK;
+}
+
+int sha3_shake_memory(int num, const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen)
+{
+   hash_state md;
+   int err;
+   LTC_ARGCHK(in  != NULL);
+   LTC_ARGCHK(out != NULL);
+   LTC_ARGCHK(outlen != NULL);
+   if ((err = sha3_shake_init(&md, num))          != CRYPT_OK) return err;
+   if ((err = sha3_shake_process(&md, in, inlen)) != CRYPT_OK) return err;
+   if ((err = sha3_shake_done(&md, out, *outlen)) != CRYPT_OK) return err;
+   return CRYPT_OK;
+}
+
+#endif

src/hashes/sha3_test.c

@@ -0,0 +1,420 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+
+/* based on https://github.com/brainhub/SHA3IUF (public domain) */
+
+#include "tomcrypt.h"
+
+#ifdef LTC_SHA3
+
+int sha3_224_test(void)
+{
+#ifndef LTC_TEST
+   return CRYPT_NOP;
+#else
+   unsigned char buf[200], hash[200];
+   int i;
+   hash_state c;
+   const unsigned char c1 = 0xa3;
+
+   const unsigned char sha3_224_empty[224 / 8] = {
+      0x6b, 0x4e, 0x03, 0x42, 0x36, 0x67, 0xdb, 0xb7,
+      0x3b, 0x6e, 0x15, 0x45, 0x4f, 0x0e, 0xb1, 0xab,
+      0xd4, 0x59, 0x7f, 0x9a, 0x1b, 0x07, 0x8e, 0x3f,
+      0x5b, 0x5a, 0x6b, 0xc7
+   };
+
+   const unsigned char sha3_224_0xa3_200_times[224 / 8] = {
+      0x93, 0x76, 0x81, 0x6a, 0xba, 0x50, 0x3f, 0x72,
+      0xf9, 0x6c, 0xe7, 0xeb, 0x65, 0xac, 0x09, 0x5d,
+      0xee, 0xe3, 0xbe, 0x4b, 0xf9, 0xbb, 0xc2, 0xa1,
+      0xcb, 0x7e, 0x11, 0xe0
+   };
+
+   XMEMSET(buf, c1, sizeof(buf));
+
+   /* SHA3-224 on an empty buffer */
+   sha3_224_init(&c);
+   sha3_done(&c, hash);
+   if(XMEMCMP(sha3_224_empty, hash, sizeof(sha3_224_empty)) != 0) {
+      printf("SHA3-224() failed\n");
+      return CRYPT_FAIL_TESTVECTOR;
+   }
+
+   /* SHA3-224 in two steps. [FIPS 202] */
+   sha3_224_init(&c);
+   sha3_process(&c, buf, sizeof(buf) / 2);
+   sha3_process(&c, buf + sizeof(buf) / 2, sizeof(buf) / 2);
+   sha3_done(&c, hash);
+   if(XMEMCMP(sha3_224_0xa3_200_times, hash, sizeof(sha3_224_0xa3_200_times)) != 0) {
+      printf("SHA3-224( 0xa3 ... [200 times] ) failed (2 steps)\n");
+      return CRYPT_FAIL_TESTVECTOR;
+   }
+
+   /* SHA3-224 byte-by-byte: 200 steps. [FIPS 202] */
+   i = 200;
+   sha3_224_init(&c);
+   while (i--) {
+       sha3_process(&c, &c1, 1);
+   }
+   sha3_done(&c, hash);
+   if(XMEMCMP(sha3_224_0xa3_200_times, hash, sizeof(sha3_224_0xa3_200_times)) != 0) {
+      printf("SHA3-224( 0xa3 ... [200 times] ) failed (200 steps)\n");
+      return CRYPT_FAIL_TESTVECTOR;
+   }
+
+   return CRYPT_OK;
+#endif
+}
+
+int sha3_256_test(void)
+{
+#ifndef LTC_TEST
+   return CRYPT_NOP;
+#else
+   unsigned char buf[200], hash[200];
+   int i;
+   hash_state c;
+   const unsigned char c1 = 0xa3;
+
+   const unsigned char sha3_256_empty[256 / 8] = {
+      0xa7, 0xff, 0xc6, 0xf8, 0xbf, 0x1e, 0xd7, 0x66,
+      0x51, 0xc1, 0x47, 0x56, 0xa0, 0x61, 0xd6, 0x62,
+      0xf5, 0x80, 0xff, 0x4d, 0xe4, 0x3b, 0x49, 0xfa,
+      0x82, 0xd8, 0x0a, 0x4b, 0x80, 0xf8, 0x43, 0x4a
+   };
+   const unsigned char sha3_256_0xa3_200_times[256 / 8] = {
+      0x79, 0xf3, 0x8a, 0xde, 0xc5, 0xc2, 0x03, 0x07,
+      0xa9, 0x8e, 0xf7, 0x6e, 0x83, 0x24, 0xaf, 0xbf,
+      0xd4, 0x6c, 0xfd, 0x81, 0xb2, 0x2e, 0x39, 0x73,
+      0xc6, 0x5f, 0xa1, 0xbd, 0x9d, 0xe3, 0x17, 0x87
+   };
+
+   XMEMSET(buf, c1, sizeof(buf));
+
+   /* SHA3-256 on an empty buffer */
+   sha3_256_init(&c);
+   sha3_done(&c, hash);
+   if(XMEMCMP(sha3_256_empty, hash, sizeof(sha3_256_empty)) != 0) {
+      printf("SHA3-256() failed\n");
+      return CRYPT_FAIL_TESTVECTOR;
+   }
+
+   /* SHA3-256 as a single buffer. [FIPS 202] */
+   sha3_256_init(&c);
+   sha3_process(&c, buf, sizeof(buf));
+   sha3_done(&c, hash);
+   if(XMEMCMP(sha3_256_0xa3_200_times, hash, sizeof(sha3_256_0xa3_200_times)) != 0) {
+      printf("SHA3-256( 0xa3 ... [200 times] ) failed (1 buffer)\n");
+      return CRYPT_FAIL_TESTVECTOR;
+   }
+
+   /* SHA3-256 in two steps. [FIPS 202] */
+   sha3_256_init(&c);
+   sha3_process(&c, buf, sizeof(buf) / 2);
+   sha3_process(&c, buf + sizeof(buf) / 2, sizeof(buf) / 2);
+   sha3_done(&c, hash);
+   if(XMEMCMP(sha3_256_0xa3_200_times, hash, sizeof(sha3_256_0xa3_200_times)) != 0) {
+      printf("SHA3-256( 0xa3 ... [200 times] ) failed (2 steps)\n");
+      return CRYPT_FAIL_TESTVECTOR;
+   }
+
+   /* SHA3-256 byte-by-byte: 200 steps. [FIPS 202] */
+   i = 200;
+   sha3_256_init(&c);
+   while (i--) {
+       sha3_process(&c, &c1, 1);
+   }
+   sha3_done(&c, hash);
+   if(XMEMCMP(sha3_256_0xa3_200_times, hash, sizeof(sha3_256_0xa3_200_times)) != 0) {
+      printf("SHA3-256( 0xa3 ... [200 times] ) failed (200 steps)\n");
+      return CRYPT_FAIL_TESTVECTOR;
+   }
+
+   /* SHA3-256 byte-by-byte: 135 bytes. Input from [Keccak]. Output
+    * matched with sha3sum. */
+   sha3_256_init(&c);
+   sha3_process(&c, (unsigned char*)
+           "\xb7\x71\xd5\xce\xf5\xd1\xa4\x1a"
+           "\x93\xd1\x56\x43\xd7\x18\x1d\x2a"
+           "\x2e\xf0\xa8\xe8\x4d\x91\x81\x2f"
+           "\x20\xed\x21\xf1\x47\xbe\xf7\x32"
+           "\xbf\x3a\x60\xef\x40\x67\xc3\x73"
+           "\x4b\x85\xbc\x8c\xd4\x71\x78\x0f"
+           "\x10\xdc\x9e\x82\x91\xb5\x83\x39"
+           "\xa6\x77\xb9\x60\x21\x8f\x71\xe7"
+           "\x93\xf2\x79\x7a\xea\x34\x94\x06"
+           "\x51\x28\x29\x06\x5d\x37\xbb\x55"
+           "\xea\x79\x6f\xa4\xf5\x6f\xd8\x89"
+           "\x6b\x49\xb2\xcd\x19\xb4\x32\x15"
+           "\xad\x96\x7c\x71\x2b\x24\xe5\x03"
+           "\x2d\x06\x52\x32\xe0\x2c\x12\x74"
+           "\x09\xd2\xed\x41\x46\xb9\xd7\x5d"
+           "\x76\x3d\x52\xdb\x98\xd9\x49\xd3"
+           "\xb0\xfe\xd6\xa8\x05\x2f\xbb", 1080 / 8);
+   sha3_done(&c, hash);
+   if(XMEMCMP(hash, "\xa1\x9e\xee\x92\xbb\x20\x97\xb6"
+                   "\x4e\x82\x3d\x59\x77\x98\xaa\x18"
+                   "\xbe\x9b\x7c\x73\x6b\x80\x59\xab"
+                   "\xfd\x67\x79\xac\x35\xac\x81\xb5", 256 / 8) != 0) {
+      printf("SHA3-256( b771 ... ) doesn't match the known answer\n");
+      return CRYPT_FAIL_TESTVECTOR;
+   }
+
+   return CRYPT_OK;
+#endif
+}
+
+int sha3_384_test(void)
+{
+#ifndef LTC_TEST
+   return CRYPT_NOP;
+#else
+   unsigned char buf[200], hash[200];
+   int i;
+   hash_state c;
+   const unsigned char c1 = 0xa3;
+
+   const unsigned char sha3_384_0xa3_200_times[384 / 8] = {
+      0x18, 0x81, 0xde, 0x2c, 0xa7, 0xe4, 0x1e, 0xf9,
+      0x5d, 0xc4, 0x73, 0x2b, 0x8f, 0x5f, 0x00, 0x2b,
+      0x18, 0x9c, 0xc1, 0xe4, 0x2b, 0x74, 0x16, 0x8e,
+      0xd1, 0x73, 0x26, 0x49, 0xce, 0x1d, 0xbc, 0xdd,
+      0x76, 0x19, 0x7a, 0x31, 0xfd, 0x55, 0xee, 0x98,
+      0x9f, 0x2d, 0x70, 0x50, 0xdd, 0x47, 0x3e, 0x8f
+   };
+
+   XMEMSET(buf, c1, sizeof(buf));
+
+   /* SHA3-384 as a single buffer. [FIPS 202] */
+   sha3_384_init(&c);
+   sha3_process(&c, buf, sizeof(buf));
+   sha3_done(&c, hash);
+   if(XMEMCMP(sha3_384_0xa3_200_times, hash, sizeof(sha3_384_0xa3_200_times)) != 0) {
+      printf("SHA3-384( 0xa3 ... [200 times] ) failed (1 buffer)\n");
+      return CRYPT_FAIL_TESTVECTOR;
+   }
+
+   /* SHA3-384 in two steps. [FIPS 202] */
+   sha3_384_init(&c);
+   sha3_process(&c, buf, sizeof(buf) / 2);
+   sha3_process(&c, buf + sizeof(buf) / 2, sizeof(buf) / 2);
+   sha3_done(&c, hash);
+   if(XMEMCMP(sha3_384_0xa3_200_times, hash, sizeof(sha3_384_0xa3_200_times)) != 0) {
+      printf("SHA3-384( 0xa3 ... [200 times] ) failed (2 steps)\n");
+      return CRYPT_FAIL_TESTVECTOR;
+   }
+
+   /* SHA3-384 byte-by-byte: 200 steps. [FIPS 202] */
+   i = 200;
+   sha3_384_init(&c);
+   while (i--) {
+       sha3_process(&c, &c1, 1);
+   }
+   sha3_done(&c, hash);
+   if(XMEMCMP(sha3_384_0xa3_200_times, hash, sizeof(sha3_384_0xa3_200_times)) != 0) {
+      printf("SHA3-384( 0xa3 ... [200 times] ) failed (200 steps)\n");
+      return CRYPT_FAIL_TESTVECTOR;
+   }
+
+   return CRYPT_OK;
+#endif
+}
+
+int sha3_512_test(void)
+{
+#ifndef LTC_TEST
+   return CRYPT_NOP;
+#else
+   unsigned char buf[200], hash[200];
+   int i;
+   hash_state c;
+   const unsigned char c1 = 0xa3;
+
+   const unsigned char sha3_512_0xa3_200_times[512 / 8] = {
+      0xe7, 0x6d, 0xfa, 0xd2, 0x20, 0x84, 0xa8, 0xb1,
+      0x46, 0x7f, 0xcf, 0x2f, 0xfa, 0x58, 0x36, 0x1b,
+      0xec, 0x76, 0x28, 0xed, 0xf5, 0xf3, 0xfd, 0xc0,
+      0xe4, 0x80, 0x5d, 0xc4, 0x8c, 0xae, 0xec, 0xa8,
+      0x1b, 0x7c, 0x13, 0xc3, 0x0a, 0xdf, 0x52, 0xa3,
+      0x65, 0x95, 0x84, 0x73, 0x9a, 0x2d, 0xf4, 0x6b,
+      0xe5, 0x89, 0xc5, 0x1c, 0xa1, 0xa4, 0xa8, 0x41,
+      0x6d, 0xf6, 0x54, 0x5a, 0x1c, 0xe8, 0xba, 0x00
+   };
+
+   XMEMSET(buf, c1, sizeof(buf));
+
+   /* SHA3-512 as a single buffer. [FIPS 202] */
+   sha3_512_init(&c);
+   sha3_process(&c, buf, sizeof(buf));
+   sha3_done(&c, hash);
+   if(XMEMCMP(sha3_512_0xa3_200_times, hash, sizeof(sha3_512_0xa3_200_times)) != 0) {
+      printf("SHA3-512( 0xa3 ... [200 times] ) failed (1 buffer)\n");
+      return CRYPT_FAIL_TESTVECTOR;
+   }
+
+   /* SHA3-512 in two steps. [FIPS 202] */
+   sha3_512_init(&c);
+   sha3_process(&c, buf, sizeof(buf) / 2);
+   sha3_process(&c, buf + sizeof(buf) / 2, sizeof(buf) / 2);
+   sha3_done(&c, hash);
+   if(XMEMCMP(sha3_512_0xa3_200_times, hash, sizeof(sha3_512_0xa3_200_times)) != 0) {
+      printf("SHA3-512( 0xa3 ... [200 times] ) failed (2 steps)\n");
+      return CRYPT_FAIL_TESTVECTOR;
+   }
+
+   /* SHA3-512 byte-by-byte: 200 steps. [FIPS 202] */
+   i = 200;
+   sha3_512_init(&c);
+   while (i--) {
+       sha3_process(&c, &c1, 1);
+   }
+   sha3_done(&c, hash);
+   if(XMEMCMP(sha3_512_0xa3_200_times, hash, sizeof(sha3_512_0xa3_200_times)) != 0) {
+      printf("SHA3-512( 0xa3 ... [200 times] ) failed (200 steps)\n");
+      return CRYPT_FAIL_TESTVECTOR;
+   }
+
+   return CRYPT_OK;
+#endif
+}
+
+int sha3_shake_test(void)
+{
+#ifndef LTC_TEST
+   return CRYPT_NOP;
+#else
+   unsigned char buf[200], hash[512];
+   int i;
+   hash_state c;
+   const unsigned char c1 = 0xa3;
+   unsigned long len;
+
+   const unsigned char shake256_empty[32] = {
+      0xab, 0x0b, 0xae, 0x31, 0x63, 0x39, 0x89, 0x43,
+      0x04, 0xe3, 0x58, 0x77, 0xb0, 0xc2, 0x8a, 0x9b,
+      0x1f, 0xd1, 0x66, 0xc7, 0x96, 0xb9, 0xcc, 0x25,
+      0x8a, 0x06, 0x4a, 0x8f, 0x57, 0xe2, 0x7f, 0x2a
+   };
+   const unsigned char shake256_0xa3_200_times[32] = {
+      0x6a, 0x1a, 0x9d, 0x78, 0x46, 0x43, 0x6e, 0x4d,
+      0xca, 0x57, 0x28, 0xb6, 0xf7, 0x60, 0xee, 0xf0,
+      0xca, 0x92, 0xbf, 0x0b, 0xe5, 0x61, 0x5e, 0x96,
+      0x95, 0x9d, 0x76, 0x71, 0x97, 0xa0, 0xbe, 0xeb
+   };
+   const unsigned char shake128_empty[32] = {
+      0x43, 0xe4, 0x1b, 0x45, 0xa6, 0x53, 0xf2, 0xa5,
+      0xc4, 0x49, 0x2c, 0x1a, 0xdd, 0x54, 0x45, 0x12,
+      0xdd, 0xa2, 0x52, 0x98, 0x33, 0x46, 0x2b, 0x71,
+      0xa4, 0x1a, 0x45, 0xbe, 0x97, 0x29, 0x0b, 0x6f
+   };
+   const unsigned char shake128_0xa3_200_times[32] = {
+      0x44, 0xc9, 0xfb, 0x35, 0x9f, 0xd5, 0x6a, 0xc0,
+      0xa9, 0xa7, 0x5a, 0x74, 0x3c, 0xff, 0x68, 0x62,
+      0xf1, 0x7d, 0x72, 0x59, 0xab, 0x07, 0x52, 0x16,
+      0xc0, 0x69, 0x95, 0x11, 0x64, 0x3b, 0x64, 0x39
+   };
+
+   XMEMSET(buf, c1, sizeof(buf));
+
+   /* SHAKE256 on an empty buffer */
+   sha3_shake_init(&c, 256);
+   for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
+   if(XMEMCMP(shake256_empty, hash, sizeof(shake256_empty)) != 0) {
+      printf("SHAKE256('') failed\n");
+      return CRYPT_FAIL_TESTVECTOR;
+   }
+
+   /* SHAKE256 via sha3_shake_memory [FIPS 202] */
+   len = 512;
+   sha3_shake_memory(256, buf, sizeof(buf), hash, &len);
+   if(XMEMCMP(shake256_0xa3_200_times, hash + 480, sizeof(shake256_0xa3_200_times)) != 0) {
+      printf("SHAKE256( 0xa3 ... [200 times] ) failed (sha3_shake_memory)\n");
+      return CRYPT_FAIL_TESTVECTOR;
+   }
+
+   /* SHAKE256 as a single buffer. [FIPS 202] */
+   sha3_shake_init(&c, 256);
+   sha3_shake_process(&c, buf, sizeof(buf));
+   for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
+   if(XMEMCMP(shake256_0xa3_200_times, hash, sizeof(shake256_0xa3_200_times)) != 0) {
+      printf("SHAKE256( 0xa3 ... [200 times] ) failed (1 buffer)\n");
+      return CRYPT_FAIL_TESTVECTOR;
+   }
+
+   /* SHAKE256 in two steps. [FIPS 202] */
+   sha3_shake_init(&c, 256);
+   sha3_shake_process(&c, buf, sizeof(buf) / 2);
+   sha3_shake_process(&c, buf + sizeof(buf) / 2, sizeof(buf) / 2);
+   for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
+   if(XMEMCMP(shake256_0xa3_200_times, hash, sizeof(shake256_0xa3_200_times)) != 0) {
+      printf("SHAKE256( 0xa3 ... [200 times] ) failed (2 steps)\n");
+      return CRYPT_FAIL_TESTVECTOR;
+   }
+
+   /* SHAKE256 byte-by-byte: 200 steps. [FIPS 202] */
+   i = 200;
+   sha3_shake_init(&c, 256);
+   while (i--) sha3_shake_process(&c, &c1, 1);
+   for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
+   if(XMEMCMP(shake256_0xa3_200_times, hash, sizeof(shake256_0xa3_200_times)) != 0) {
+      printf("SHAKE256( 0xa3 ... [200 times] ) failed (200 steps)\n");
+      return CRYPT_FAIL_TESTVECTOR;
+   }
+
+   /* SHAKE128 on an empty buffer */
+   sha3_shake_init(&c, 128);
+   for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
+   if(XMEMCMP(shake128_empty, hash, sizeof(shake128_empty)) != 0) {
+      printf("SHAKE128() failed\n");
+      return CRYPT_FAIL_TESTVECTOR;
+   }
+
+   /* SHAKE128 via sha3_shake_memory [FIPS 202] */
+   len = 512;
+   sha3_shake_memory(128, buf, sizeof(buf), hash, &len);
+   if(XMEMCMP(shake128_0xa3_200_times, hash + 480, sizeof(shake128_0xa3_200_times)) != 0) {
+      printf("SHAKE128( 0xa3 ... [200 times] ) failed (sha3_shake_memory)\n");
+      return CRYPT_FAIL_TESTVECTOR;
+   }
+
+   /* SHAKE128 as a single buffer. [FIPS 202] */
+   sha3_shake_init(&c, 128);
+   sha3_shake_process(&c, buf, sizeof(buf));
+   for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
+   if(XMEMCMP(shake128_0xa3_200_times, hash, sizeof(shake128_0xa3_200_times)) != 0) {
+      printf("SHAKE128( 0xa3 ... [200 times] ) failed (1 buffer)\n");
+      return CRYPT_FAIL_TESTVECTOR;
+   }
+
+   /* SHAKE128 in two steps. [FIPS 202] */
+   sha3_shake_init(&c, 128);
+   sha3_shake_process(&c, buf, sizeof(buf) / 2);
+   sha3_shake_process(&c, buf + sizeof(buf) / 2, sizeof(buf) / 2);
+   for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
+   if(XMEMCMP(shake128_0xa3_200_times, hash, sizeof(shake128_0xa3_200_times)) != 0) {
+      printf("SHAKE128( 0xa3 ... [200 times] ) failed (2 steps)\n");
+      return CRYPT_FAIL_TESTVECTOR;
+   }
+
+   /* SHAKE128 byte-by-byte: 200 steps. [FIPS 202] */
+   i = 200;
+   sha3_shake_init(&c, 128);
+   while (i--) sha3_shake_process(&c, &c1, 1);
+   for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
+   if(XMEMCMP(shake128_0xa3_200_times, hash, sizeof(shake128_0xa3_200_times)) != 0) {
+      printf("SHAKE128( 0xa3 ... [200 times] ) failed (200 steps)\n");
+      return CRYPT_FAIL_TESTVECTOR;
+   }
+
+   return CRYPT_OK;
+#endif
+}
+
+#endif

src/headers/tomcrypt_custom.h

@@ -74,6 +74,7 @@
 
    #define LTC_NO_HASHES
    #define LTC_SHA1
+   #define LTC_SHA3
    #define LTC_SHA512
    #define LTC_SHA384
    #define LTC_SHA256
@@ -223,6 +224,7 @@
 
 #define LTC_CHC_HASH
 #define LTC_WHIRLPOOL
+#define LTC_SHA3
 #define LTC_SHA512
 #define LTC_SHA512_256
 #define LTC_SHA512_224

src/headers/tomcrypt_hash.h

@@ -1,4 +1,15 @@
 /* ---- HASH FUNCTIONS ---- */
+#ifdef LTC_SHA3
+struct sha3_state {
+    ulong64 saved;                  /* the portion of the input message that we didn't consume yet */
+    union { ulong64 s[25]; unsigned char sb[25 * 8]; };
+    unsigned short byte_index;      /* 0..7--the next byte after the set one (starts from 0; 0--none are buffered) */
+    unsigned short word_index;      /* 0..24--the next word to integrate input (starts from 0) */
+    unsigned short capacity_words;  /* the double size of the hash output in words (e.g. 16 for Keccak 512) */
+    unsigned short xof_flag;
+};
+#endif
+
 #ifdef LTC_SHA512
 struct sha512_state {
     ulong64  length, state[8];
@@ -110,6 +121,9 @@ typedef union Hash_state {
 #ifdef LTC_WHIRLPOOL
     struct whirlpool_state whirlpool;
 #endif
+#ifdef LTC_SHA3
+    struct sha3_state sha3;
+#endif
 #ifdef LTC_SHA512
     struct sha512_state sha512;
 #endif
@@ -208,6 +222,30 @@ int whirlpool_test(void);
 extern const struct ltc_hash_descriptor whirlpool_desc;
 #endif
 
+#ifdef LTC_SHA3
+int sha3_512_init(hash_state * md);
+int sha3_512_test(void);
+extern const struct ltc_hash_descriptor sha3_512_desc;
+int sha3_384_init(hash_state * md);
+int sha3_384_test(void);
+extern const struct ltc_hash_descriptor sha3_384_desc;
+int sha3_256_init(hash_state * md);
+int sha3_256_test(void);
+extern const struct ltc_hash_descriptor sha3_256_desc;
+int sha3_224_init(hash_state * md);
+int sha3_224_test(void);
+extern const struct ltc_hash_descriptor sha3_224_desc;
+/* process + done are the same for all variants */
+int sha3_process(hash_state * md, const unsigned char *in, unsigned long inlen);
+int sha3_done(hash_state *md, unsigned char *hash);
+/* SHAKE128 + SHAKE256 */
+int sha3_shake_init(hash_state *md, int num);
+#define sha3_shake_process(a,b,c) sha3_process(a,b,c)
+int sha3_shake_done(hash_state *md, unsigned char *out, unsigned long outlen);
+int sha3_shake_test(void);
+int sha3_shake_memory(int num, const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen);
+#endif
+
 #ifdef LTC_SHA512
 int sha512_init(hash_state * md);
 int sha512_process(hash_state * md, const unsigned char *in, unsigned long inlen);

src/misc/crypt/crypt.c

@@ -126,6 +126,9 @@ const char *crypt_build_settings =
 #endif
 
     "\nHashes built-in:\n"
+#if defined(LTC_SHA3)
+   "   SHA3\n"
+#endif
 #if defined(LTC_SHA512)
    "   SHA-512\n"
 #endif

src/misc/crypt/crypt_sizes.c

@@ -35,6 +35,9 @@ static const crypt_size _crypt_sizes[] = {
 #ifdef LTC_SHA256
     _SZ_STRINGIFY_S(sha256_state),
 #endif
+#ifdef LTC_SHA3
+    _SZ_STRINGIFY_S(sha3_state),
+#endif
 #ifdef LTC_SHA512
     _SZ_STRINGIFY_S(sha512_state),
 #endif

testprof/cipher_hash_test.c

@@ -19,6 +19,9 @@ int cipher_hash_test(void)
       DOX(hash_descriptor[x].test(), hash_descriptor[x].name);
    }
 
+   /* SHAKE128 + SHAKE256 tests are a bit special */
+   DOX(sha3_shake_test(), "sha3_shake");
+
    /* test prngs (test, import/export */
    for (x = 0; prng_descriptor[x].name != NULL; x++) {
       DOX(prng_descriptor[x].test(), prng_descriptor[x].name);

testprof/x86_prof.c

@@ -271,6 +271,12 @@ static void _unregister_all(void)
 #ifdef LTC_SHA512_256
   unregister_hash(&sha512_256_desc);
 #endif
+#ifdef LTC_SHA3
+  unregister_hash(&sha3_224_desc);
+  unregister_hash(&sha3_256_desc);
+  unregister_hash(&sha3_384_desc);
+  unregister_hash(&sha3_512_desc);
+#endif
 #ifdef LTC_RIPEMD128
   unregister_hash(&rmd128_desc);
 #endif
@@ -424,6 +430,12 @@ void reg_algs(void)
 #ifdef LTC_SHA512_256
   register_hash (&sha512_256_desc);
 #endif
+#ifdef LTC_SHA3
+  register_hash (&sha3_224_desc);
+  register_hash (&sha3_256_desc);
+  register_hash (&sha3_384_desc);
+  register_hash (&sha3_512_desc);
+#endif
 #ifdef LTC_RIPEMD128
   register_hash (&rmd128_desc);
 #endif