9#include <botan/loadstor.h>
10#include <botan/rotate.h>
11#include <botan/internal/sha3_round.h>
12#include <botan/exceptn.h>
13#include <botan/cpuid.h>
19#if defined(BOTAN_HAS_SHA3_BMI2)
22 return permute_bmi2(A);
26 static const uint64_t RC[24] = {
27 0x0000000000000001, 0x0000000000008082, 0x800000000000808A,
28 0x8000000080008000, 0x000000000000808B, 0x0000000080000001,
29 0x8000000080008081, 0x8000000000008009, 0x000000000000008A,
30 0x0000000000000088, 0x0000000080008009, 0x000000008000000A,
31 0x000000008000808B, 0x800000000000008B, 0x8000000000008089,
32 0x8000000000008003, 0x8000000000008002, 0x8000000000000080,
33 0x000000000000800A, 0x800000008000000A, 0x8000000080008081,
34 0x8000000000008080, 0x0000000080000001, 0x8000000080008008
39 for(
size_t i = 0; i != 24; i += 2)
49 const uint8_t input[],
size_t length)
53 size_t to_take = std::min(length, bitrate / 8 - S_pos);
57 while(to_take && S_pos % 8)
59 S[S_pos / 8] ^=
static_cast<uint64_t
>(input[0]) << (8 * (S_pos % 8));
66 while(to_take && to_take % 8 == 0)
76 S[S_pos / 8] ^=
static_cast<uint64_t
>(input[0]) << (8 * (S_pos % 8));
83 if(S_pos == bitrate / 8)
96 uint8_t init_pad, uint8_t fini_pad)
98 BOTAN_ARG_CHECK(bitrate % 64 == 0,
"SHA-3 bitrate must be multiple of 64");
100 S[S_pos / 8] ^=
static_cast<uint64_t
>(init_pad) << (8 * (S_pos % 8));
101 S[(bitrate / 64) - 1] ^=
static_cast<uint64_t
>(fini_pad) << 56;
108 uint8_t output[],
size_t output_length)
110 BOTAN_ARG_CHECK(bitrate % 64 == 0,
"SHA-3 bitrate must be multiple of 64");
112 const size_t byterate = bitrate / 8;
131 m_output_bits(output_bits),
132 m_bitrate(1600 - 2*output_bits),
138 if(output_bits != 224 && output_bits != 256 &&
139 output_bits != 384 && output_bits != 512)
141 std::to_string(output_bits));
146 return "SHA-3(" + std::to_string(m_output_bits) +
")";
151#if defined(BOTAN_HAS_SHA3_BMI2)
152 if(CPUID::has_bmi2())
163 return std::unique_ptr<HashFunction>(
new SHA_3(*
this));
168 return new SHA_3(m_output_bits);
177void SHA_3::add_data(
const uint8_t input[],
size_t length)
179 m_S_pos =
SHA_3::absorb(m_bitrate, m_S, m_S_pos, input, length);
182void SHA_3::final_result(uint8_t output[])
#define BOTAN_ARG_CHECK(expr, msg)
static void permute(uint64_t A[25])
HashFunction * clone() const override
SHA_3(size_t output_bits)
static void finish(size_t bitrate, secure_vector< uint64_t > &S, size_t S_pos, uint8_t init_pad, uint8_t fini_pad)
std::string provider() const override
static size_t absorb(size_t bitrate, secure_vector< uint64_t > &S, size_t S_pos, const uint8_t input[], size_t length)
static void expand(size_t bitrate, secure_vector< uint64_t > &S, uint8_t output[], size_t output_length)
std::string name() const override
size_t output_length() const override
std::unique_ptr< HashFunction > copy_state() const override
void zeroise(std::vector< T, Alloc > &vec)
void copy_out_vec_le(uint8_t out[], size_t out_bytes, const std::vector< T, Alloc > &in)
void SHA3_round(uint64_t T[25], const uint64_t A[25], uint64_t RC)
std::vector< T, secure_allocator< T > > secure_vector
uint64_t load_le< uint64_t >(const uint8_t in[], size_t off)