1b077aed3SPierre Pronchery /*
2*e7be843bSPierre Pronchery * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
3b077aed3SPierre Pronchery *
4b077aed3SPierre Pronchery * Licensed under the Apache License 2.0 (the "License"). You may not use
5b077aed3SPierre Pronchery * this file except in compliance with the License. You can obtain a copy
6b077aed3SPierre Pronchery * in the file LICENSE in the source distribution or at
7b077aed3SPierre Pronchery * https://www.openssl.org/source/license.html
8b077aed3SPierre Pronchery */
9b077aed3SPierre Pronchery
10b077aed3SPierre Pronchery #include <string.h>
11b077aed3SPierre Pronchery #include <openssl/core_names.h>
12b077aed3SPierre Pronchery #include <openssl/crypto.h>
13b077aed3SPierre Pronchery #include <openssl/evp.h>
14b077aed3SPierre Pronchery #include <openssl/params.h>
15b077aed3SPierre Pronchery #include <openssl/err.h>
16b077aed3SPierre Pronchery #include <openssl/proverr.h>
17*e7be843bSPierre Pronchery #include "internal/numbers.h"
18b077aed3SPierre Pronchery #include "internal/sha3.h"
19b077aed3SPierre Pronchery #include "prov/digestcommon.h"
20b077aed3SPierre Pronchery #include "prov/implementations.h"
21b077aed3SPierre Pronchery
22b077aed3SPierre Pronchery #define SHA3_FLAGS PROV_DIGEST_FLAG_ALGID_ABSENT
23*e7be843bSPierre Pronchery #define SHAKE_FLAGS (PROV_DIGEST_FLAG_XOF | PROV_DIGEST_FLAG_ALGID_ABSENT)
24b077aed3SPierre Pronchery #define KMAC_FLAGS PROV_DIGEST_FLAG_XOF
25b077aed3SPierre Pronchery
26b077aed3SPierre Pronchery /*
27b077aed3SPierre Pronchery * Forward declaration of any unique methods implemented here. This is not strictly
28b077aed3SPierre Pronchery * necessary for the compiler, but provides an assurance that the signatures
29b077aed3SPierre Pronchery * of the functions in the dispatch table are correct.
30b077aed3SPierre Pronchery */
31b077aed3SPierre Pronchery static OSSL_FUNC_digest_init_fn keccak_init;
32b077aed3SPierre Pronchery static OSSL_FUNC_digest_init_fn keccak_init_params;
33b077aed3SPierre Pronchery static OSSL_FUNC_digest_update_fn keccak_update;
34b077aed3SPierre Pronchery static OSSL_FUNC_digest_final_fn keccak_final;
35b077aed3SPierre Pronchery static OSSL_FUNC_digest_freectx_fn keccak_freectx;
36*e7be843bSPierre Pronchery static OSSL_FUNC_digest_copyctx_fn keccak_copyctx;
37b077aed3SPierre Pronchery static OSSL_FUNC_digest_dupctx_fn keccak_dupctx;
38*e7be843bSPierre Pronchery static OSSL_FUNC_digest_squeeze_fn shake_squeeze;
39*e7be843bSPierre Pronchery static OSSL_FUNC_digest_get_ctx_params_fn shake_get_ctx_params;
40*e7be843bSPierre Pronchery static OSSL_FUNC_digest_gettable_ctx_params_fn shake_gettable_ctx_params;
41b077aed3SPierre Pronchery static OSSL_FUNC_digest_set_ctx_params_fn shake_set_ctx_params;
42b077aed3SPierre Pronchery static OSSL_FUNC_digest_settable_ctx_params_fn shake_settable_ctx_params;
43b077aed3SPierre Pronchery static sha3_absorb_fn generic_sha3_absorb;
44b077aed3SPierre Pronchery static sha3_final_fn generic_sha3_final;
45*e7be843bSPierre Pronchery static sha3_squeeze_fn generic_sha3_squeeze;
46b077aed3SPierre Pronchery
47b077aed3SPierre Pronchery #if defined(OPENSSL_CPUID_OBJ) && defined(__s390__) && defined(KECCAK1600_ASM)
48b077aed3SPierre Pronchery /*
49b077aed3SPierre Pronchery * IBM S390X support
50b077aed3SPierre Pronchery */
51b077aed3SPierre Pronchery # include "s390x_arch.h"
52b077aed3SPierre Pronchery # define S390_SHA3 1
53b077aed3SPierre Pronchery # define S390_SHA3_CAPABLE(name) \
54b077aed3SPierre Pronchery ((OPENSSL_s390xcap_P.kimd[0] & S390X_CAPBIT(S390X_##name)) && \
55b077aed3SPierre Pronchery (OPENSSL_s390xcap_P.klmd[0] & S390X_CAPBIT(S390X_##name)))
56b077aed3SPierre Pronchery
57b077aed3SPierre Pronchery #endif
58b077aed3SPierre Pronchery
keccak_init(void * vctx,ossl_unused const OSSL_PARAM params[])59b077aed3SPierre Pronchery static int keccak_init(void *vctx, ossl_unused const OSSL_PARAM params[])
60b077aed3SPierre Pronchery {
61b077aed3SPierre Pronchery if (!ossl_prov_is_running())
62b077aed3SPierre Pronchery return 0;
63b077aed3SPierre Pronchery /* The newctx() handles most of the ctx fixed setup. */
64b077aed3SPierre Pronchery ossl_sha3_reset((KECCAK1600_CTX *)vctx);
65b077aed3SPierre Pronchery return 1;
66b077aed3SPierre Pronchery }
67b077aed3SPierre Pronchery
keccak_init_params(void * vctx,const OSSL_PARAM params[])68b077aed3SPierre Pronchery static int keccak_init_params(void *vctx, const OSSL_PARAM params[])
69b077aed3SPierre Pronchery {
70b077aed3SPierre Pronchery return keccak_init(vctx, NULL)
71b077aed3SPierre Pronchery && shake_set_ctx_params(vctx, params);
72b077aed3SPierre Pronchery }
73b077aed3SPierre Pronchery
keccak_update(void * vctx,const unsigned char * inp,size_t len)74b077aed3SPierre Pronchery static int keccak_update(void *vctx, const unsigned char *inp, size_t len)
75b077aed3SPierre Pronchery {
76b077aed3SPierre Pronchery KECCAK1600_CTX *ctx = vctx;
77b077aed3SPierre Pronchery const size_t bsz = ctx->block_size;
78b077aed3SPierre Pronchery size_t num, rem;
79b077aed3SPierre Pronchery
80b077aed3SPierre Pronchery if (len == 0)
81b077aed3SPierre Pronchery return 1;
82b077aed3SPierre Pronchery
83b077aed3SPierre Pronchery /* Is there anything in the buffer already ? */
84b077aed3SPierre Pronchery if ((num = ctx->bufsz) != 0) {
85b077aed3SPierre Pronchery /* Calculate how much space is left in the buffer */
86b077aed3SPierre Pronchery rem = bsz - num;
87b077aed3SPierre Pronchery /* If the new input does not fill the buffer then just add it */
88b077aed3SPierre Pronchery if (len < rem) {
89b077aed3SPierre Pronchery memcpy(ctx->buf + num, inp, len);
90b077aed3SPierre Pronchery ctx->bufsz += len;
91b077aed3SPierre Pronchery return 1;
92b077aed3SPierre Pronchery }
93b077aed3SPierre Pronchery /* otherwise fill up the buffer and absorb the buffer */
94b077aed3SPierre Pronchery memcpy(ctx->buf + num, inp, rem);
95b077aed3SPierre Pronchery /* Update the input pointer */
96b077aed3SPierre Pronchery inp += rem;
97b077aed3SPierre Pronchery len -= rem;
98b077aed3SPierre Pronchery ctx->meth.absorb(ctx, ctx->buf, bsz);
99b077aed3SPierre Pronchery ctx->bufsz = 0;
100b077aed3SPierre Pronchery }
101b077aed3SPierre Pronchery /* Absorb the input - rem = leftover part of the input < blocksize) */
102b077aed3SPierre Pronchery rem = ctx->meth.absorb(ctx, inp, len);
103b077aed3SPierre Pronchery /* Copy the leftover bit of the input into the buffer */
104b077aed3SPierre Pronchery if (rem) {
105b077aed3SPierre Pronchery memcpy(ctx->buf, inp + len - rem, rem);
106b077aed3SPierre Pronchery ctx->bufsz = rem;
107b077aed3SPierre Pronchery }
108b077aed3SPierre Pronchery return 1;
109b077aed3SPierre Pronchery }
110b077aed3SPierre Pronchery
keccak_final(void * vctx,unsigned char * out,size_t * outl,size_t outlen)111b077aed3SPierre Pronchery static int keccak_final(void *vctx, unsigned char *out, size_t *outl,
112*e7be843bSPierre Pronchery size_t outlen)
113b077aed3SPierre Pronchery {
114b077aed3SPierre Pronchery int ret = 1;
115b077aed3SPierre Pronchery KECCAK1600_CTX *ctx = vctx;
116b077aed3SPierre Pronchery
117b077aed3SPierre Pronchery if (!ossl_prov_is_running())
118b077aed3SPierre Pronchery return 0;
119*e7be843bSPierre Pronchery if (ctx->md_size == SIZE_MAX) {
120*e7be843bSPierre Pronchery ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_LENGTH);
121*e7be843bSPierre Pronchery return 0;
122*e7be843bSPierre Pronchery }
123*e7be843bSPierre Pronchery if (outlen > 0)
124*e7be843bSPierre Pronchery ret = ctx->meth.final(ctx, out, ctx->md_size);
125b077aed3SPierre Pronchery
126b077aed3SPierre Pronchery *outl = ctx->md_size;
127b077aed3SPierre Pronchery return ret;
128b077aed3SPierre Pronchery }
129b077aed3SPierre Pronchery
shake_squeeze(void * vctx,unsigned char * out,size_t * outl,size_t outlen)130*e7be843bSPierre Pronchery static int shake_squeeze(void *vctx, unsigned char *out, size_t *outl,
131*e7be843bSPierre Pronchery size_t outlen)
132*e7be843bSPierre Pronchery {
133*e7be843bSPierre Pronchery int ret = 1;
134*e7be843bSPierre Pronchery KECCAK1600_CTX *ctx = vctx;
135*e7be843bSPierre Pronchery
136*e7be843bSPierre Pronchery if (!ossl_prov_is_running())
137*e7be843bSPierre Pronchery return 0;
138*e7be843bSPierre Pronchery if (ctx->meth.squeeze == NULL)
139*e7be843bSPierre Pronchery return 0;
140*e7be843bSPierre Pronchery if (outlen > 0)
141*e7be843bSPierre Pronchery ret = ctx->meth.squeeze(ctx, out, outlen);
142*e7be843bSPierre Pronchery
143*e7be843bSPierre Pronchery *outl = outlen;
144*e7be843bSPierre Pronchery return ret;
145*e7be843bSPierre Pronchery }
146*e7be843bSPierre Pronchery
147b077aed3SPierre Pronchery /*-
148b077aed3SPierre Pronchery * Generic software version of the absorb() and final().
149b077aed3SPierre Pronchery */
generic_sha3_absorb(void * vctx,const void * inp,size_t len)150b077aed3SPierre Pronchery static size_t generic_sha3_absorb(void *vctx, const void *inp, size_t len)
151b077aed3SPierre Pronchery {
152b077aed3SPierre Pronchery KECCAK1600_CTX *ctx = vctx;
153b077aed3SPierre Pronchery
154*e7be843bSPierre Pronchery if (!(ctx->xof_state == XOF_STATE_INIT ||
155*e7be843bSPierre Pronchery ctx->xof_state == XOF_STATE_ABSORB))
156*e7be843bSPierre Pronchery return 0;
157*e7be843bSPierre Pronchery ctx->xof_state = XOF_STATE_ABSORB;
158b077aed3SPierre Pronchery return SHA3_absorb(ctx->A, inp, len, ctx->block_size);
159b077aed3SPierre Pronchery }
160b077aed3SPierre Pronchery
generic_sha3_final(void * vctx,unsigned char * out,size_t outlen)161*e7be843bSPierre Pronchery static int generic_sha3_final(void *vctx, unsigned char *out, size_t outlen)
162b077aed3SPierre Pronchery {
163*e7be843bSPierre Pronchery return ossl_sha3_final((KECCAK1600_CTX *)vctx, out, outlen);
164b077aed3SPierre Pronchery }
165b077aed3SPierre Pronchery
generic_sha3_squeeze(void * vctx,unsigned char * out,size_t outlen)166*e7be843bSPierre Pronchery static int generic_sha3_squeeze(void *vctx, unsigned char *out, size_t outlen)
167*e7be843bSPierre Pronchery {
168*e7be843bSPierre Pronchery return ossl_sha3_squeeze((KECCAK1600_CTX *)vctx, out, outlen);
169*e7be843bSPierre Pronchery }
170*e7be843bSPierre Pronchery
171*e7be843bSPierre Pronchery static PROV_SHA3_METHOD sha3_generic_md = {
172*e7be843bSPierre Pronchery generic_sha3_absorb,
173*e7be843bSPierre Pronchery generic_sha3_final,
174*e7be843bSPierre Pronchery NULL
175*e7be843bSPierre Pronchery };
176*e7be843bSPierre Pronchery
177*e7be843bSPierre Pronchery static PROV_SHA3_METHOD shake_generic_md =
178b077aed3SPierre Pronchery {
179b077aed3SPierre Pronchery generic_sha3_absorb,
180*e7be843bSPierre Pronchery generic_sha3_final,
181*e7be843bSPierre Pronchery generic_sha3_squeeze
182b077aed3SPierre Pronchery };
183b077aed3SPierre Pronchery
184b077aed3SPierre Pronchery #if defined(S390_SHA3)
185b077aed3SPierre Pronchery
186b077aed3SPierre Pronchery static sha3_absorb_fn s390x_sha3_absorb;
187b077aed3SPierre Pronchery static sha3_final_fn s390x_sha3_final;
188b077aed3SPierre Pronchery static sha3_final_fn s390x_shake_final;
189b077aed3SPierre Pronchery
190b077aed3SPierre Pronchery /*-
191b077aed3SPierre Pronchery * The platform specific parts of the absorb() and final() for S390X.
192b077aed3SPierre Pronchery */
s390x_sha3_absorb(void * vctx,const void * inp,size_t len)193b077aed3SPierre Pronchery static size_t s390x_sha3_absorb(void *vctx, const void *inp, size_t len)
194b077aed3SPierre Pronchery {
195b077aed3SPierre Pronchery KECCAK1600_CTX *ctx = vctx;
196b077aed3SPierre Pronchery size_t rem = len % ctx->block_size;
197*e7be843bSPierre Pronchery unsigned int fc;
198b077aed3SPierre Pronchery
199*e7be843bSPierre Pronchery if (!(ctx->xof_state == XOF_STATE_INIT ||
200*e7be843bSPierre Pronchery ctx->xof_state == XOF_STATE_ABSORB))
201*e7be843bSPierre Pronchery return 0;
202*e7be843bSPierre Pronchery if (len - rem > 0) {
203*e7be843bSPierre Pronchery fc = ctx->pad;
204*e7be843bSPierre Pronchery fc |= ctx->xof_state == XOF_STATE_INIT ? S390X_KIMD_NIP : 0;
205*e7be843bSPierre Pronchery ctx->xof_state = XOF_STATE_ABSORB;
206*e7be843bSPierre Pronchery s390x_kimd(inp, len - rem, fc, ctx->A);
207*e7be843bSPierre Pronchery }
208b077aed3SPierre Pronchery return rem;
209b077aed3SPierre Pronchery }
210b077aed3SPierre Pronchery
s390x_sha3_final(void * vctx,unsigned char * out,size_t outlen)211*e7be843bSPierre Pronchery static int s390x_sha3_final(void *vctx, unsigned char *out, size_t outlen)
212b077aed3SPierre Pronchery {
213b077aed3SPierre Pronchery KECCAK1600_CTX *ctx = vctx;
214*e7be843bSPierre Pronchery unsigned int fc;
215b077aed3SPierre Pronchery
216b077aed3SPierre Pronchery if (!ossl_prov_is_running())
217b077aed3SPierre Pronchery return 0;
218*e7be843bSPierre Pronchery if (!(ctx->xof_state == XOF_STATE_INIT ||
219*e7be843bSPierre Pronchery ctx->xof_state == XOF_STATE_ABSORB))
220*e7be843bSPierre Pronchery return 0;
221*e7be843bSPierre Pronchery fc = ctx->pad | S390X_KLMD_DUFOP;
222*e7be843bSPierre Pronchery fc |= ctx->xof_state == XOF_STATE_INIT ? S390X_KLMD_NIP : 0;
223*e7be843bSPierre Pronchery ctx->xof_state = XOF_STATE_FINAL;
224*e7be843bSPierre Pronchery s390x_klmd(ctx->buf, ctx->bufsz, NULL, 0, fc, ctx->A);
225*e7be843bSPierre Pronchery memcpy(out, ctx->A, outlen);
226b077aed3SPierre Pronchery return 1;
227b077aed3SPierre Pronchery }
228b077aed3SPierre Pronchery
s390x_shake_final(void * vctx,unsigned char * out,size_t outlen)229*e7be843bSPierre Pronchery static int s390x_shake_final(void *vctx, unsigned char *out, size_t outlen)
230b077aed3SPierre Pronchery {
231b077aed3SPierre Pronchery KECCAK1600_CTX *ctx = vctx;
232*e7be843bSPierre Pronchery unsigned int fc;
233b077aed3SPierre Pronchery
234b077aed3SPierre Pronchery if (!ossl_prov_is_running())
235b077aed3SPierre Pronchery return 0;
236*e7be843bSPierre Pronchery if (!(ctx->xof_state == XOF_STATE_INIT ||
237*e7be843bSPierre Pronchery ctx->xof_state == XOF_STATE_ABSORB))
238*e7be843bSPierre Pronchery return 0;
239*e7be843bSPierre Pronchery fc = ctx->pad | S390X_KLMD_DUFOP;
240*e7be843bSPierre Pronchery fc |= ctx->xof_state == XOF_STATE_INIT ? S390X_KLMD_NIP : 0;
241*e7be843bSPierre Pronchery ctx->xof_state = XOF_STATE_FINAL;
242*e7be843bSPierre Pronchery s390x_klmd(ctx->buf, ctx->bufsz, out, outlen, fc, ctx->A);
243b077aed3SPierre Pronchery return 1;
244b077aed3SPierre Pronchery }
245b077aed3SPierre Pronchery
s390x_shake_squeeze(void * vctx,unsigned char * out,size_t outlen)246*e7be843bSPierre Pronchery static int s390x_shake_squeeze(void *vctx, unsigned char *out, size_t outlen)
247b077aed3SPierre Pronchery {
248*e7be843bSPierre Pronchery KECCAK1600_CTX *ctx = vctx;
249*e7be843bSPierre Pronchery unsigned int fc;
250*e7be843bSPierre Pronchery size_t len;
251*e7be843bSPierre Pronchery
252*e7be843bSPierre Pronchery if (!ossl_prov_is_running())
253*e7be843bSPierre Pronchery return 0;
254*e7be843bSPierre Pronchery if (ctx->xof_state == XOF_STATE_FINAL)
255*e7be843bSPierre Pronchery return 0;
256*e7be843bSPierre Pronchery /*
257*e7be843bSPierre Pronchery * On the first squeeze call, finish the absorb process (incl. padding).
258*e7be843bSPierre Pronchery */
259*e7be843bSPierre Pronchery if (ctx->xof_state != XOF_STATE_SQUEEZE) {
260*e7be843bSPierre Pronchery fc = ctx->pad;
261*e7be843bSPierre Pronchery fc |= ctx->xof_state == XOF_STATE_INIT ? S390X_KLMD_NIP : 0;
262*e7be843bSPierre Pronchery ctx->xof_state = XOF_STATE_SQUEEZE;
263*e7be843bSPierre Pronchery s390x_klmd(ctx->buf, ctx->bufsz, out, outlen, fc, ctx->A);
264*e7be843bSPierre Pronchery ctx->bufsz = outlen % ctx->block_size;
265*e7be843bSPierre Pronchery /* reuse ctx->bufsz to count bytes squeezed from current sponge */
266*e7be843bSPierre Pronchery return 1;
267*e7be843bSPierre Pronchery }
268*e7be843bSPierre Pronchery ctx->xof_state = XOF_STATE_SQUEEZE;
269*e7be843bSPierre Pronchery if (ctx->bufsz != 0) {
270*e7be843bSPierre Pronchery len = ctx->block_size - ctx->bufsz;
271*e7be843bSPierre Pronchery if (outlen < len)
272*e7be843bSPierre Pronchery len = outlen;
273*e7be843bSPierre Pronchery memcpy(out, (char *)ctx->A + ctx->bufsz, len);
274*e7be843bSPierre Pronchery out += len;
275*e7be843bSPierre Pronchery outlen -= len;
276*e7be843bSPierre Pronchery ctx->bufsz += len;
277*e7be843bSPierre Pronchery if (ctx->bufsz == ctx->block_size)
278*e7be843bSPierre Pronchery ctx->bufsz = 0;
279*e7be843bSPierre Pronchery }
280*e7be843bSPierre Pronchery if (outlen == 0)
281*e7be843bSPierre Pronchery return 1;
282*e7be843bSPierre Pronchery s390x_klmd(NULL, 0, out, outlen, ctx->pad | S390X_KLMD_PS, ctx->A);
283*e7be843bSPierre Pronchery ctx->bufsz = outlen % ctx->block_size;
284*e7be843bSPierre Pronchery
285*e7be843bSPierre Pronchery return 1;
286*e7be843bSPierre Pronchery }
287*e7be843bSPierre Pronchery
s390x_keccakc_final(void * vctx,unsigned char * out,size_t outlen,int padding)288*e7be843bSPierre Pronchery static int s390x_keccakc_final(void *vctx, unsigned char *out, size_t outlen,
289*e7be843bSPierre Pronchery int padding)
290*e7be843bSPierre Pronchery {
291*e7be843bSPierre Pronchery KECCAK1600_CTX *ctx = vctx;
292*e7be843bSPierre Pronchery size_t bsz = ctx->block_size;
293*e7be843bSPierre Pronchery size_t num = ctx->bufsz;
294*e7be843bSPierre Pronchery size_t needed = outlen;
295*e7be843bSPierre Pronchery unsigned int fc;
296*e7be843bSPierre Pronchery
297*e7be843bSPierre Pronchery if (!ossl_prov_is_running())
298*e7be843bSPierre Pronchery return 0;
299*e7be843bSPierre Pronchery if (!(ctx->xof_state == XOF_STATE_INIT ||
300*e7be843bSPierre Pronchery ctx->xof_state == XOF_STATE_ABSORB))
301*e7be843bSPierre Pronchery return 0;
302*e7be843bSPierre Pronchery fc = ctx->pad;
303*e7be843bSPierre Pronchery fc |= ctx->xof_state == XOF_STATE_INIT ? S390X_KIMD_NIP : 0;
304*e7be843bSPierre Pronchery ctx->xof_state = XOF_STATE_FINAL;
305*e7be843bSPierre Pronchery if (outlen == 0)
306*e7be843bSPierre Pronchery return 1;
307*e7be843bSPierre Pronchery memset(ctx->buf + num, 0, bsz - num);
308*e7be843bSPierre Pronchery ctx->buf[num] = padding;
309*e7be843bSPierre Pronchery ctx->buf[bsz - 1] |= 0x80;
310*e7be843bSPierre Pronchery s390x_kimd(ctx->buf, bsz, fc, ctx->A);
311*e7be843bSPierre Pronchery num = needed > bsz ? bsz : needed;
312*e7be843bSPierre Pronchery memcpy(out, ctx->A, num);
313*e7be843bSPierre Pronchery needed -= num;
314*e7be843bSPierre Pronchery if (needed > 0)
315*e7be843bSPierre Pronchery s390x_klmd(NULL, 0, out + bsz, needed,
316*e7be843bSPierre Pronchery ctx->pad | S390X_KLMD_PS | S390X_KLMD_DUFOP, ctx->A);
317*e7be843bSPierre Pronchery
318*e7be843bSPierre Pronchery return 1;
319*e7be843bSPierre Pronchery }
320*e7be843bSPierre Pronchery
s390x_keccak_final(void * vctx,unsigned char * out,size_t outlen)321*e7be843bSPierre Pronchery static int s390x_keccak_final(void *vctx, unsigned char *out, size_t outlen)
322*e7be843bSPierre Pronchery {
323*e7be843bSPierre Pronchery return s390x_keccakc_final(vctx, out, outlen, 0x01);
324*e7be843bSPierre Pronchery }
325*e7be843bSPierre Pronchery
s390x_kmac_final(void * vctx,unsigned char * out,size_t outlen)326*e7be843bSPierre Pronchery static int s390x_kmac_final(void *vctx, unsigned char *out, size_t outlen)
327*e7be843bSPierre Pronchery {
328*e7be843bSPierre Pronchery return s390x_keccakc_final(vctx, out, outlen, 0x04);
329*e7be843bSPierre Pronchery }
330*e7be843bSPierre Pronchery
s390x_keccakc_squeeze(void * vctx,unsigned char * out,size_t outlen,int padding)331*e7be843bSPierre Pronchery static int s390x_keccakc_squeeze(void *vctx, unsigned char *out, size_t outlen,
332*e7be843bSPierre Pronchery int padding)
333*e7be843bSPierre Pronchery {
334*e7be843bSPierre Pronchery KECCAK1600_CTX *ctx = vctx;
335*e7be843bSPierre Pronchery size_t len;
336*e7be843bSPierre Pronchery unsigned int fc;
337*e7be843bSPierre Pronchery
338*e7be843bSPierre Pronchery if (!ossl_prov_is_running())
339*e7be843bSPierre Pronchery return 0;
340*e7be843bSPierre Pronchery if (ctx->xof_state == XOF_STATE_FINAL)
341*e7be843bSPierre Pronchery return 0;
342*e7be843bSPierre Pronchery /*
343*e7be843bSPierre Pronchery * On the first squeeze call, finish the absorb process
344*e7be843bSPierre Pronchery * by adding the trailing padding and then doing
345*e7be843bSPierre Pronchery * a final absorb.
346*e7be843bSPierre Pronchery */
347*e7be843bSPierre Pronchery if (ctx->xof_state != XOF_STATE_SQUEEZE) {
348*e7be843bSPierre Pronchery len = ctx->block_size - ctx->bufsz;
349*e7be843bSPierre Pronchery memset(ctx->buf + ctx->bufsz, 0, len);
350*e7be843bSPierre Pronchery ctx->buf[ctx->bufsz] = padding;
351*e7be843bSPierre Pronchery ctx->buf[ctx->block_size - 1] |= 0x80;
352*e7be843bSPierre Pronchery fc = ctx->pad;
353*e7be843bSPierre Pronchery fc |= ctx->xof_state == XOF_STATE_INIT ? S390X_KIMD_NIP : 0;
354*e7be843bSPierre Pronchery s390x_kimd(ctx->buf, ctx->block_size, fc, ctx->A);
355*e7be843bSPierre Pronchery ctx->bufsz = 0;
356*e7be843bSPierre Pronchery /* reuse ctx->bufsz to count bytes squeezed from current sponge */
357*e7be843bSPierre Pronchery }
358*e7be843bSPierre Pronchery if (ctx->bufsz != 0 || ctx->xof_state != XOF_STATE_SQUEEZE) {
359*e7be843bSPierre Pronchery len = ctx->block_size - ctx->bufsz;
360*e7be843bSPierre Pronchery if (outlen < len)
361*e7be843bSPierre Pronchery len = outlen;
362*e7be843bSPierre Pronchery memcpy(out, (char *)ctx->A + ctx->bufsz, len);
363*e7be843bSPierre Pronchery out += len;
364*e7be843bSPierre Pronchery outlen -= len;
365*e7be843bSPierre Pronchery ctx->bufsz += len;
366*e7be843bSPierre Pronchery if (ctx->bufsz == ctx->block_size)
367*e7be843bSPierre Pronchery ctx->bufsz = 0;
368*e7be843bSPierre Pronchery }
369*e7be843bSPierre Pronchery ctx->xof_state = XOF_STATE_SQUEEZE;
370*e7be843bSPierre Pronchery if (outlen == 0)
371*e7be843bSPierre Pronchery return 1;
372*e7be843bSPierre Pronchery s390x_klmd(NULL, 0, out, outlen, ctx->pad | S390X_KLMD_PS, ctx->A);
373*e7be843bSPierre Pronchery ctx->bufsz = outlen % ctx->block_size;
374*e7be843bSPierre Pronchery
375*e7be843bSPierre Pronchery return 1;
376*e7be843bSPierre Pronchery }
377*e7be843bSPierre Pronchery
s390x_keccak_squeeze(void * vctx,unsigned char * out,size_t outlen)378*e7be843bSPierre Pronchery static int s390x_keccak_squeeze(void *vctx, unsigned char *out, size_t outlen)
379*e7be843bSPierre Pronchery {
380*e7be843bSPierre Pronchery return s390x_keccakc_squeeze(vctx, out, outlen, 0x01);
381*e7be843bSPierre Pronchery }
382*e7be843bSPierre Pronchery
s390x_kmac_squeeze(void * vctx,unsigned char * out,size_t outlen)383*e7be843bSPierre Pronchery static int s390x_kmac_squeeze(void *vctx, unsigned char *out, size_t outlen)
384*e7be843bSPierre Pronchery {
385*e7be843bSPierre Pronchery return s390x_keccakc_squeeze(vctx, out, outlen, 0x04);
386*e7be843bSPierre Pronchery }
387*e7be843bSPierre Pronchery
388*e7be843bSPierre Pronchery static PROV_SHA3_METHOD sha3_s390x_md = {
389b077aed3SPierre Pronchery s390x_sha3_absorb,
390*e7be843bSPierre Pronchery s390x_sha3_final,
391*e7be843bSPierre Pronchery NULL,
392b077aed3SPierre Pronchery };
393b077aed3SPierre Pronchery
394*e7be843bSPierre Pronchery static PROV_SHA3_METHOD keccak_s390x_md = {
395b077aed3SPierre Pronchery s390x_sha3_absorb,
396*e7be843bSPierre Pronchery s390x_keccak_final,
397*e7be843bSPierre Pronchery s390x_keccak_squeeze,
398b077aed3SPierre Pronchery };
399b077aed3SPierre Pronchery
400*e7be843bSPierre Pronchery static PROV_SHA3_METHOD shake_s390x_md = {
401*e7be843bSPierre Pronchery s390x_sha3_absorb,
402*e7be843bSPierre Pronchery s390x_shake_final,
403*e7be843bSPierre Pronchery s390x_shake_squeeze,
404*e7be843bSPierre Pronchery };
405*e7be843bSPierre Pronchery
406*e7be843bSPierre Pronchery static PROV_SHA3_METHOD kmac_s390x_md = {
407*e7be843bSPierre Pronchery s390x_sha3_absorb,
408*e7be843bSPierre Pronchery s390x_kmac_final,
409*e7be843bSPierre Pronchery s390x_kmac_squeeze,
410*e7be843bSPierre Pronchery };
411*e7be843bSPierre Pronchery
412*e7be843bSPierre Pronchery # define SHAKE_SET_MD(uname, typ) \
413*e7be843bSPierre Pronchery if (S390_SHA3_CAPABLE(uname)) { \
414*e7be843bSPierre Pronchery ctx->pad = S390X_##uname; \
415*e7be843bSPierre Pronchery ctx->meth = typ##_s390x_md; \
416*e7be843bSPierre Pronchery } else { \
417*e7be843bSPierre Pronchery ctx->meth = shake_generic_md; \
418*e7be843bSPierre Pronchery }
419*e7be843bSPierre Pronchery
420b077aed3SPierre Pronchery # define SHA3_SET_MD(uname, typ) \
421b077aed3SPierre Pronchery if (S390_SHA3_CAPABLE(uname)) { \
422b077aed3SPierre Pronchery ctx->pad = S390X_##uname; \
423b077aed3SPierre Pronchery ctx->meth = typ##_s390x_md; \
424b077aed3SPierre Pronchery } else { \
425b077aed3SPierre Pronchery ctx->meth = sha3_generic_md; \
426b077aed3SPierre Pronchery }
427*e7be843bSPierre Pronchery # define KMAC_SET_MD(bitlen) \
428*e7be843bSPierre Pronchery if (S390_SHA3_CAPABLE(SHAKE_##bitlen)) { \
429*e7be843bSPierre Pronchery ctx->pad = S390X_SHAKE_##bitlen; \
430*e7be843bSPierre Pronchery ctx->meth = kmac_s390x_md; \
431*e7be843bSPierre Pronchery } else { \
432*e7be843bSPierre Pronchery ctx->meth = sha3_generic_md; \
433*e7be843bSPierre Pronchery }
434*e7be843bSPierre Pronchery #elif defined(__aarch64__) && defined(KECCAK1600_ASM)
435*e7be843bSPierre Pronchery # include "arm_arch.h"
436*e7be843bSPierre Pronchery
437*e7be843bSPierre Pronchery static sha3_absorb_fn armsha3_sha3_absorb;
438*e7be843bSPierre Pronchery
439*e7be843bSPierre Pronchery size_t SHA3_absorb_cext(uint64_t A[5][5], const unsigned char *inp, size_t len,
440*e7be843bSPierre Pronchery size_t r);
441*e7be843bSPierre Pronchery /*-
442*e7be843bSPierre Pronchery * Hardware-assisted ARMv8.2 SHA3 extension version of the absorb()
443*e7be843bSPierre Pronchery */
armsha3_sha3_absorb(void * vctx,const void * inp,size_t len)444*e7be843bSPierre Pronchery static size_t armsha3_sha3_absorb(void *vctx, const void *inp, size_t len)
445*e7be843bSPierre Pronchery {
446*e7be843bSPierre Pronchery KECCAK1600_CTX *ctx = vctx;
447*e7be843bSPierre Pronchery
448*e7be843bSPierre Pronchery return SHA3_absorb_cext(ctx->A, inp, len, ctx->block_size);
449*e7be843bSPierre Pronchery }
450*e7be843bSPierre Pronchery
451*e7be843bSPierre Pronchery static PROV_SHA3_METHOD sha3_ARMSHA3_md = {
452*e7be843bSPierre Pronchery armsha3_sha3_absorb,
453*e7be843bSPierre Pronchery generic_sha3_final
454*e7be843bSPierre Pronchery };
455*e7be843bSPierre Pronchery static PROV_SHA3_METHOD shake_ARMSHA3_md =
456*e7be843bSPierre Pronchery {
457*e7be843bSPierre Pronchery armsha3_sha3_absorb,
458*e7be843bSPierre Pronchery generic_sha3_final,
459*e7be843bSPierre Pronchery generic_sha3_squeeze
460*e7be843bSPierre Pronchery };
461*e7be843bSPierre Pronchery # define SHAKE_SET_MD(uname, typ) \
462*e7be843bSPierre Pronchery if (OPENSSL_armcap_P & ARMV8_HAVE_SHA3_AND_WORTH_USING) { \
463*e7be843bSPierre Pronchery ctx->meth = shake_ARMSHA3_md; \
464*e7be843bSPierre Pronchery } else { \
465*e7be843bSPierre Pronchery ctx->meth = shake_generic_md; \
466*e7be843bSPierre Pronchery }
467*e7be843bSPierre Pronchery
468*e7be843bSPierre Pronchery # define SHA3_SET_MD(uname, typ) \
469*e7be843bSPierre Pronchery if (OPENSSL_armcap_P & ARMV8_HAVE_SHA3_AND_WORTH_USING) { \
470*e7be843bSPierre Pronchery ctx->meth = sha3_ARMSHA3_md; \
471*e7be843bSPierre Pronchery } else { \
472*e7be843bSPierre Pronchery ctx->meth = sha3_generic_md; \
473*e7be843bSPierre Pronchery }
474*e7be843bSPierre Pronchery # define KMAC_SET_MD(bitlen) \
475*e7be843bSPierre Pronchery if (OPENSSL_armcap_P & ARMV8_HAVE_SHA3_AND_WORTH_USING) { \
476*e7be843bSPierre Pronchery ctx->meth = sha3_ARMSHA3_md; \
477*e7be843bSPierre Pronchery } else { \
478*e7be843bSPierre Pronchery ctx->meth = sha3_generic_md; \
479*e7be843bSPierre Pronchery }
480b077aed3SPierre Pronchery #else
481b077aed3SPierre Pronchery # define SHA3_SET_MD(uname, typ) ctx->meth = sha3_generic_md;
482*e7be843bSPierre Pronchery # define KMAC_SET_MD(bitlen) ctx->meth = sha3_generic_md;
483*e7be843bSPierre Pronchery # define SHAKE_SET_MD(uname, typ) ctx->meth = shake_generic_md;
484b077aed3SPierre Pronchery #endif /* S390_SHA3 */
485b077aed3SPierre Pronchery
486b077aed3SPierre Pronchery #define SHA3_newctx(typ, uname, name, bitlen, pad) \
487b077aed3SPierre Pronchery static OSSL_FUNC_digest_newctx_fn name##_newctx; \
488b077aed3SPierre Pronchery static void *name##_newctx(void *provctx) \
489b077aed3SPierre Pronchery { \
490b077aed3SPierre Pronchery KECCAK1600_CTX *ctx = ossl_prov_is_running() ? OPENSSL_zalloc(sizeof(*ctx)) \
491b077aed3SPierre Pronchery : NULL; \
492b077aed3SPierre Pronchery \
493b077aed3SPierre Pronchery if (ctx == NULL) \
494b077aed3SPierre Pronchery return NULL; \
495b077aed3SPierre Pronchery ossl_sha3_init(ctx, pad, bitlen); \
496b077aed3SPierre Pronchery SHA3_SET_MD(uname, typ) \
497b077aed3SPierre Pronchery return ctx; \
498b077aed3SPierre Pronchery }
499b077aed3SPierre Pronchery
500*e7be843bSPierre Pronchery #define SHAKE_newctx(typ, uname, name, bitlen, mdlen, pad) \
501*e7be843bSPierre Pronchery static OSSL_FUNC_digest_newctx_fn name##_newctx; \
502*e7be843bSPierre Pronchery static void *name##_newctx(void *provctx) \
503*e7be843bSPierre Pronchery { \
504*e7be843bSPierre Pronchery KECCAK1600_CTX *ctx = ossl_prov_is_running() ? OPENSSL_zalloc(sizeof(*ctx))\
505*e7be843bSPierre Pronchery : NULL; \
506*e7be843bSPierre Pronchery \
507*e7be843bSPierre Pronchery if (ctx == NULL) \
508*e7be843bSPierre Pronchery return NULL; \
509*e7be843bSPierre Pronchery ossl_keccak_init(ctx, pad, bitlen, mdlen); \
510*e7be843bSPierre Pronchery if (mdlen == 0) \
511*e7be843bSPierre Pronchery ctx->md_size = SIZE_MAX; \
512*e7be843bSPierre Pronchery SHAKE_SET_MD(uname, typ) \
513*e7be843bSPierre Pronchery return ctx; \
514*e7be843bSPierre Pronchery }
515*e7be843bSPierre Pronchery
516b077aed3SPierre Pronchery #define KMAC_newctx(uname, bitlen, pad) \
517b077aed3SPierre Pronchery static OSSL_FUNC_digest_newctx_fn uname##_newctx; \
518b077aed3SPierre Pronchery static void *uname##_newctx(void *provctx) \
519b077aed3SPierre Pronchery { \
520b077aed3SPierre Pronchery KECCAK1600_CTX *ctx = ossl_prov_is_running() ? OPENSSL_zalloc(sizeof(*ctx)) \
521b077aed3SPierre Pronchery : NULL; \
522b077aed3SPierre Pronchery \
523b077aed3SPierre Pronchery if (ctx == NULL) \
524b077aed3SPierre Pronchery return NULL; \
525*e7be843bSPierre Pronchery ossl_keccak_init(ctx, pad, bitlen, 2 * bitlen); \
526*e7be843bSPierre Pronchery KMAC_SET_MD(bitlen) \
527b077aed3SPierre Pronchery return ctx; \
528b077aed3SPierre Pronchery }
529b077aed3SPierre Pronchery
530b077aed3SPierre Pronchery #define PROV_FUNC_SHA3_DIGEST_COMMON(name, bitlen, blksize, dgstsize, flags) \
531b077aed3SPierre Pronchery PROV_FUNC_DIGEST_GET_PARAM(name, blksize, dgstsize, flags) \
532b077aed3SPierre Pronchery const OSSL_DISPATCH ossl_##name##_functions[] = { \
533b077aed3SPierre Pronchery { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))name##_newctx }, \
534b077aed3SPierre Pronchery { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))keccak_update }, \
535b077aed3SPierre Pronchery { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))keccak_final }, \
536b077aed3SPierre Pronchery { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))keccak_freectx }, \
537b077aed3SPierre Pronchery { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))keccak_dupctx }, \
538*e7be843bSPierre Pronchery { OSSL_FUNC_DIGEST_COPYCTX, (void (*)(void))keccak_copyctx }, \
539b077aed3SPierre Pronchery PROV_DISPATCH_FUNC_DIGEST_GET_PARAMS(name)
540b077aed3SPierre Pronchery
541b077aed3SPierre Pronchery #define PROV_FUNC_SHA3_DIGEST(name, bitlen, blksize, dgstsize, flags) \
542b077aed3SPierre Pronchery PROV_FUNC_SHA3_DIGEST_COMMON(name, bitlen, blksize, dgstsize, flags), \
543b077aed3SPierre Pronchery { OSSL_FUNC_DIGEST_INIT, (void (*)(void))keccak_init }, \
544b077aed3SPierre Pronchery PROV_DISPATCH_FUNC_DIGEST_CONSTRUCT_END
545b077aed3SPierre Pronchery
546b077aed3SPierre Pronchery #define PROV_FUNC_SHAKE_DIGEST(name, bitlen, blksize, dgstsize, flags) \
547b077aed3SPierre Pronchery PROV_FUNC_SHA3_DIGEST_COMMON(name, bitlen, blksize, dgstsize, flags), \
548*e7be843bSPierre Pronchery { OSSL_FUNC_DIGEST_SQUEEZE, (void (*)(void))shake_squeeze }, \
549b077aed3SPierre Pronchery { OSSL_FUNC_DIGEST_INIT, (void (*)(void))keccak_init_params }, \
550b077aed3SPierre Pronchery { OSSL_FUNC_DIGEST_SET_CTX_PARAMS, (void (*)(void))shake_set_ctx_params }, \
551b077aed3SPierre Pronchery { OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS, \
552b077aed3SPierre Pronchery (void (*)(void))shake_settable_ctx_params }, \
553*e7be843bSPierre Pronchery { OSSL_FUNC_DIGEST_GET_CTX_PARAMS, (void (*)(void))shake_get_ctx_params }, \
554*e7be843bSPierre Pronchery { OSSL_FUNC_DIGEST_GETTABLE_CTX_PARAMS, \
555*e7be843bSPierre Pronchery (void (*)(void))shake_gettable_ctx_params }, \
556b077aed3SPierre Pronchery PROV_DISPATCH_FUNC_DIGEST_CONSTRUCT_END
557b077aed3SPierre Pronchery
keccak_freectx(void * vctx)558b077aed3SPierre Pronchery static void keccak_freectx(void *vctx)
559b077aed3SPierre Pronchery {
560b077aed3SPierre Pronchery KECCAK1600_CTX *ctx = (KECCAK1600_CTX *)vctx;
561b077aed3SPierre Pronchery
562b077aed3SPierre Pronchery OPENSSL_clear_free(ctx, sizeof(*ctx));
563b077aed3SPierre Pronchery }
564b077aed3SPierre Pronchery
keccak_copyctx(void * voutctx,void * vinctx)565*e7be843bSPierre Pronchery static void keccak_copyctx(void *voutctx, void *vinctx)
566*e7be843bSPierre Pronchery {
567*e7be843bSPierre Pronchery KECCAK1600_CTX *outctx = (KECCAK1600_CTX *)voutctx;
568*e7be843bSPierre Pronchery KECCAK1600_CTX *inctx = (KECCAK1600_CTX *)vinctx;
569*e7be843bSPierre Pronchery
570*e7be843bSPierre Pronchery *outctx = *inctx;
571*e7be843bSPierre Pronchery }
572*e7be843bSPierre Pronchery
keccak_dupctx(void * ctx)573b077aed3SPierre Pronchery static void *keccak_dupctx(void *ctx)
574b077aed3SPierre Pronchery {
575b077aed3SPierre Pronchery KECCAK1600_CTX *in = (KECCAK1600_CTX *)ctx;
576b077aed3SPierre Pronchery KECCAK1600_CTX *ret = ossl_prov_is_running() ? OPENSSL_malloc(sizeof(*ret))
577b077aed3SPierre Pronchery : NULL;
578b077aed3SPierre Pronchery
579b077aed3SPierre Pronchery if (ret != NULL)
580b077aed3SPierre Pronchery *ret = *in;
581b077aed3SPierre Pronchery return ret;
582b077aed3SPierre Pronchery }
583b077aed3SPierre Pronchery
shake_gettable_ctx_params(ossl_unused void * ctx,ossl_unused void * provctx)584*e7be843bSPierre Pronchery static const OSSL_PARAM *shake_gettable_ctx_params(ossl_unused void *ctx,
585*e7be843bSPierre Pronchery ossl_unused void *provctx)
586*e7be843bSPierre Pronchery {
587*e7be843bSPierre Pronchery static const OSSL_PARAM known_shake_gettable_ctx_params[] = {
588b077aed3SPierre Pronchery {OSSL_DIGEST_PARAM_XOFLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL, 0, 0},
589*e7be843bSPierre Pronchery {OSSL_DIGEST_PARAM_SIZE, OSSL_PARAM_UNSIGNED_INTEGER, NULL, 0, 0},
590b077aed3SPierre Pronchery OSSL_PARAM_END
591b077aed3SPierre Pronchery };
592*e7be843bSPierre Pronchery return known_shake_gettable_ctx_params;
593*e7be843bSPierre Pronchery }
594*e7be843bSPierre Pronchery
shake_get_ctx_params(void * vctx,OSSL_PARAM params[])595*e7be843bSPierre Pronchery static int shake_get_ctx_params(void *vctx, OSSL_PARAM params[])
596*e7be843bSPierre Pronchery {
597*e7be843bSPierre Pronchery OSSL_PARAM *p;
598*e7be843bSPierre Pronchery KECCAK1600_CTX *ctx = (KECCAK1600_CTX *)vctx;
599*e7be843bSPierre Pronchery
600*e7be843bSPierre Pronchery if (ctx == NULL)
601*e7be843bSPierre Pronchery return 0;
602*e7be843bSPierre Pronchery if (ossl_param_is_empty(params))
603*e7be843bSPierre Pronchery return 1;
604*e7be843bSPierre Pronchery
605*e7be843bSPierre Pronchery p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_XOFLEN);
606*e7be843bSPierre Pronchery if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->md_size)) {
607*e7be843bSPierre Pronchery ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
608*e7be843bSPierre Pronchery return 0;
609*e7be843bSPierre Pronchery }
610*e7be843bSPierre Pronchery /* Size is an alias of xoflen */
611*e7be843bSPierre Pronchery p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_SIZE);
612*e7be843bSPierre Pronchery if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->md_size)) {
613*e7be843bSPierre Pronchery ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
614*e7be843bSPierre Pronchery return 0;
615*e7be843bSPierre Pronchery }
616*e7be843bSPierre Pronchery return 1;
617*e7be843bSPierre Pronchery }
618*e7be843bSPierre Pronchery
shake_settable_ctx_params(ossl_unused void * ctx,ossl_unused void * provctx)619b077aed3SPierre Pronchery static const OSSL_PARAM *shake_settable_ctx_params(ossl_unused void *ctx,
620b077aed3SPierre Pronchery ossl_unused void *provctx)
621b077aed3SPierre Pronchery {
622*e7be843bSPierre Pronchery static const OSSL_PARAM known_shake_settable_ctx_params[] = {
623*e7be843bSPierre Pronchery {OSSL_DIGEST_PARAM_XOFLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL, 0, 0},
624*e7be843bSPierre Pronchery {OSSL_DIGEST_PARAM_SIZE, OSSL_PARAM_UNSIGNED_INTEGER, NULL, 0, 0},
625*e7be843bSPierre Pronchery OSSL_PARAM_END
626*e7be843bSPierre Pronchery };
627*e7be843bSPierre Pronchery
628b077aed3SPierre Pronchery return known_shake_settable_ctx_params;
629b077aed3SPierre Pronchery }
630b077aed3SPierre Pronchery
shake_set_ctx_params(void * vctx,const OSSL_PARAM params[])631b077aed3SPierre Pronchery static int shake_set_ctx_params(void *vctx, const OSSL_PARAM params[])
632b077aed3SPierre Pronchery {
633b077aed3SPierre Pronchery const OSSL_PARAM *p;
634b077aed3SPierre Pronchery KECCAK1600_CTX *ctx = (KECCAK1600_CTX *)vctx;
635b077aed3SPierre Pronchery
636b077aed3SPierre Pronchery if (ctx == NULL)
637b077aed3SPierre Pronchery return 0;
638*e7be843bSPierre Pronchery if (ossl_param_is_empty(params))
639b077aed3SPierre Pronchery return 1;
640b077aed3SPierre Pronchery
641b077aed3SPierre Pronchery p = OSSL_PARAM_locate_const(params, OSSL_DIGEST_PARAM_XOFLEN);
642*e7be843bSPierre Pronchery if (p == NULL)
643*e7be843bSPierre Pronchery p = OSSL_PARAM_locate_const(params, OSSL_DIGEST_PARAM_SIZE);
644*e7be843bSPierre Pronchery
645b077aed3SPierre Pronchery if (p != NULL && !OSSL_PARAM_get_size_t(p, &ctx->md_size)) {
646b077aed3SPierre Pronchery ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
647b077aed3SPierre Pronchery return 0;
648b077aed3SPierre Pronchery }
649b077aed3SPierre Pronchery return 1;
650b077aed3SPierre Pronchery }
651b077aed3SPierre Pronchery
652b077aed3SPierre Pronchery #define IMPLEMENT_SHA3_functions(bitlen) \
653b077aed3SPierre Pronchery SHA3_newctx(sha3, SHA3_##bitlen, sha3_##bitlen, bitlen, '\x06') \
654b077aed3SPierre Pronchery PROV_FUNC_SHA3_DIGEST(sha3_##bitlen, bitlen, \
655b077aed3SPierre Pronchery SHA3_BLOCKSIZE(bitlen), SHA3_MDSIZE(bitlen), \
656b077aed3SPierre Pronchery SHA3_FLAGS)
657b077aed3SPierre Pronchery
658*e7be843bSPierre Pronchery #define IMPLEMENT_KECCAK_functions(bitlen) \
659*e7be843bSPierre Pronchery SHA3_newctx(keccak, KECCAK_##bitlen, keccak_##bitlen, bitlen, '\x01') \
660*e7be843bSPierre Pronchery PROV_FUNC_SHA3_DIGEST(keccak_##bitlen, bitlen, \
661b077aed3SPierre Pronchery SHA3_BLOCKSIZE(bitlen), SHA3_MDSIZE(bitlen), \
662*e7be843bSPierre Pronchery SHA3_FLAGS)
663*e7be843bSPierre Pronchery
664*e7be843bSPierre Pronchery #define IMPLEMENT_SHAKE_functions(bitlen) \
665*e7be843bSPierre Pronchery SHAKE_newctx(shake, SHAKE_##bitlen, shake_##bitlen, bitlen, \
666*e7be843bSPierre Pronchery 0 /* no default md length */, '\x1f') \
667*e7be843bSPierre Pronchery PROV_FUNC_SHAKE_DIGEST(shake_##bitlen, bitlen, \
668*e7be843bSPierre Pronchery SHA3_BLOCKSIZE(bitlen), 0, \
669b077aed3SPierre Pronchery SHAKE_FLAGS)
670*e7be843bSPierre Pronchery
671b077aed3SPierre Pronchery #define IMPLEMENT_KMAC_functions(bitlen) \
672b077aed3SPierre Pronchery KMAC_newctx(keccak_kmac_##bitlen, bitlen, '\x04') \
673b077aed3SPierre Pronchery PROV_FUNC_SHAKE_DIGEST(keccak_kmac_##bitlen, bitlen, \
674b077aed3SPierre Pronchery SHA3_BLOCKSIZE(bitlen), KMAC_MDSIZE(bitlen), \
675b077aed3SPierre Pronchery KMAC_FLAGS)
676b077aed3SPierre Pronchery
677b077aed3SPierre Pronchery /* ossl_sha3_224_functions */
678b077aed3SPierre Pronchery IMPLEMENT_SHA3_functions(224)
679b077aed3SPierre Pronchery /* ossl_sha3_256_functions */
680b077aed3SPierre Pronchery IMPLEMENT_SHA3_functions(256)
681b077aed3SPierre Pronchery /* ossl_sha3_384_functions */
682b077aed3SPierre Pronchery IMPLEMENT_SHA3_functions(384)
683b077aed3SPierre Pronchery /* ossl_sha3_512_functions */
684b077aed3SPierre Pronchery IMPLEMENT_SHA3_functions(512)
685*e7be843bSPierre Pronchery /* ossl_keccak_224_functions */
686*e7be843bSPierre Pronchery IMPLEMENT_KECCAK_functions(224)
687*e7be843bSPierre Pronchery /* ossl_keccak_256_functions */
688*e7be843bSPierre Pronchery IMPLEMENT_KECCAK_functions(256)
689*e7be843bSPierre Pronchery /* ossl_keccak_384_functions */
690*e7be843bSPierre Pronchery IMPLEMENT_KECCAK_functions(384)
691*e7be843bSPierre Pronchery /* ossl_keccak_512_functions */
692*e7be843bSPierre Pronchery IMPLEMENT_KECCAK_functions(512)
693b077aed3SPierre Pronchery /* ossl_shake_128_functions */
694b077aed3SPierre Pronchery IMPLEMENT_SHAKE_functions(128)
695b077aed3SPierre Pronchery /* ossl_shake_256_functions */
696b077aed3SPierre Pronchery IMPLEMENT_SHAKE_functions(256)
697b077aed3SPierre Pronchery /* ossl_keccak_kmac_128_functions */
698b077aed3SPierre Pronchery IMPLEMENT_KMAC_functions(128)
699b077aed3SPierre Pronchery /* ossl_keccak_kmac_256_functions */
700b077aed3SPierre Pronchery IMPLEMENT_KMAC_functions(256)
701