Lines Matching +full:- +full:t
2 * FIPS-202 compliant SHA3 implementation
5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
8 * The SHA-3 Secure Hash Standard was published by NIST in 2015.
24 * these; the defaults here should give sensible trade-offs for gcc and clang on aarch64 and
25 * x86-64.
28 #define MBEDTLS_SHA3_THETA_UNROLL 0 //no-check-names
32 #define MBEDTLS_SHA3_CHI_UNROLL 0 //no-check-names
34 #define MBEDTLS_SHA3_CHI_UNROLL 1 //no-check-names
38 #define MBEDTLS_SHA3_PI_UNROLL 1 //no-check-names
41 #define MBEDTLS_SHA3_RHO_UNROLL 1 //no-check-names
58 * Each round uses a 64-bit mask value. In each mask values, only
59 * bits whose position is of the form 2^k-1 can be set, thus only
63 * are moved to bits 4-6. This allows us to make each mask value
94 #define ROTR64(x, y) (((x) << (64U - (y))) | ((x) >> (y))) // 64-bit rotate right
95 #define ABSORB(ctx, idx, v) do { ctx->state[(idx) >> 3] ^= ((uint64_t) (v)) << (((idx) & 0x7) << 3)…
97 #define SQUEEZE(ctx, idx) ((uint8_t) (ctx->state[(idx) >> 3] >> (((idx) & 0x7) << 3)))
104 uint64_t *s = ctx->state; in keccak_f1600()
108 uint64_t t; in keccak_f1600() local
111 #if MBEDTLS_SHA3_THETA_UNROLL == 0 //no-check-names in keccak_f1600()
116 t = lane[(i + 4) % 5] ^ ROTR64(lane[(i + 1) % 5], 63); in keccak_f1600()
117 s[i] ^= t; s[i + 5] ^= t; s[i + 10] ^= t; s[i + 15] ^= t; s[i + 20] ^= t; in keccak_f1600()
126 t = lane[4] ^ ROTR64(lane[1], 63); in keccak_f1600()
127 s[0] ^= t; s[5] ^= t; s[10] ^= t; s[15] ^= t; s[20] ^= t; in keccak_f1600()
129 t = lane[0] ^ ROTR64(lane[2], 63); in keccak_f1600()
130 s[1] ^= t; s[6] ^= t; s[11] ^= t; s[16] ^= t; s[21] ^= t; in keccak_f1600()
132 t = lane[1] ^ ROTR64(lane[3], 63); in keccak_f1600()
133 s[2] ^= t; s[7] ^= t; s[12] ^= t; s[17] ^= t; s[22] ^= t; in keccak_f1600()
135 t = lane[2] ^ ROTR64(lane[4], 63); in keccak_f1600()
136 s[3] ^= t; s[8] ^= t; s[13] ^= t; s[18] ^= t; s[23] ^= t; in keccak_f1600()
138 t = lane[3] ^ ROTR64(lane[0], 63); in keccak_f1600()
139 s[4] ^= t; s[9] ^= t; s[14] ^= t; s[19] ^= t; s[24] ^= t; in keccak_f1600()
144 uint32_t r = rho[(i - 1) >> 2]; in keccak_f1600()
160 t = s[1]; in keccak_f1600()
165 SWAP(s[p & 0xff], t); in keccak_f1600()
171 SWAP(s[MBEDTLS_BYTE_0(p)], t); SWAP(s[MBEDTLS_BYTE_1(p)], t); in keccak_f1600()
172 SWAP(s[MBEDTLS_BYTE_2(p)], t); SWAP(s[MBEDTLS_BYTE_3(p)], t); in keccak_f1600()
174 SWAP(s[MBEDTLS_BYTE_0(p)], t); SWAP(s[MBEDTLS_BYTE_1(p)], t); in keccak_f1600()
175 SWAP(s[MBEDTLS_BYTE_2(p)], t); SWAP(s[MBEDTLS_BYTE_3(p)], t); in keccak_f1600()
177 SWAP(s[MBEDTLS_BYTE_0(p)], t); SWAP(s[MBEDTLS_BYTE_1(p)], t); in keccak_f1600()
178 SWAP(s[MBEDTLS_BYTE_2(p)], t); SWAP(s[MBEDTLS_BYTE_3(p)], t); in keccak_f1600()
180 SWAP(s[MBEDTLS_BYTE_0(p)], t); SWAP(s[MBEDTLS_BYTE_1(p)], t); in keccak_f1600()
181 SWAP(s[MBEDTLS_BYTE_2(p)], t); SWAP(s[MBEDTLS_BYTE_3(p)], t); in keccak_f1600()
183 SWAP(s[MBEDTLS_BYTE_0(p)], t); SWAP(s[MBEDTLS_BYTE_1(p)], t); in keccak_f1600()
184 SWAP(s[MBEDTLS_BYTE_2(p)], t); SWAP(s[MBEDTLS_BYTE_3(p)], t); in keccak_f1600()
186 SWAP(s[MBEDTLS_BYTE_0(p)], t); SWAP(s[MBEDTLS_BYTE_1(p)], t); in keccak_f1600()
187 SWAP(s[MBEDTLS_BYTE_2(p)], t); SWAP(s[MBEDTLS_BYTE_3(p)], t); in keccak_f1600()
191 #if MBEDTLS_SHA3_CHI_UNROLL == 0 //no-check-names in keccak_f1600()
268 * SHA-3 context setup
274 ctx->olen = 224 / 8; in mbedtls_sha3_starts()
275 ctx->max_block_size = 1152 / 8; in mbedtls_sha3_starts()
278 ctx->olen = 256 / 8; in mbedtls_sha3_starts()
279 ctx->max_block_size = 1088 / 8; in mbedtls_sha3_starts()
282 ctx->olen = 384 / 8; in mbedtls_sha3_starts()
283 ctx->max_block_size = 832 / 8; in mbedtls_sha3_starts()
286 ctx->olen = 512 / 8; in mbedtls_sha3_starts()
287 ctx->max_block_size = 576 / 8; in mbedtls_sha3_starts()
293 memset(ctx->state, 0, sizeof(ctx->state)); in mbedtls_sha3_starts()
294 ctx->index = 0; in mbedtls_sha3_starts()
300 * SHA-3 process buffer
307 // 8-byte align index in mbedtls_sha3_update()
308 int align_bytes = 8 - (ctx->index % 8); in mbedtls_sha3_update()
310 for (; align_bytes > 0; align_bytes--) { in mbedtls_sha3_update()
311 ABSORB(ctx, ctx->index, *input++); in mbedtls_sha3_update()
312 ilen--; in mbedtls_sha3_update()
313 ctx->index++; in mbedtls_sha3_update()
315 if ((ctx->index = ctx->index % ctx->max_block_size) == 0) { in mbedtls_sha3_update()
320 // process input in 8-byte chunks in mbedtls_sha3_update()
322 ABSORB(ctx, ctx->index, MBEDTLS_GET_UINT64_LE(input, 0)); in mbedtls_sha3_update()
324 ilen -= 8; in mbedtls_sha3_update()
325 if ((ctx->index = (ctx->index + 8) % ctx->max_block_size) == 0) { in mbedtls_sha3_update()
332 while (ilen-- > 0) { in mbedtls_sha3_update()
333 ABSORB(ctx, ctx->index, *input++); in mbedtls_sha3_update()
334 if ((ctx->index = (ctx->index + 1) % ctx->max_block_size) == 0) { in mbedtls_sha3_update()
347 /* Catch SHA-3 families, with fixed output length */ in mbedtls_sha3_finish()
348 if (ctx->olen > 0) { in mbedtls_sha3_finish()
349 if (ctx->olen > olen) { in mbedtls_sha3_finish()
353 olen = ctx->olen; in mbedtls_sha3_finish()
356 ABSORB(ctx, ctx->index, XOR_BYTE); in mbedtls_sha3_finish()
357 ABSORB(ctx, ctx->max_block_size - 1, 0x80); in mbedtls_sha3_finish()
359 ctx->index = 0; in mbedtls_sha3_finish()
361 while (olen-- > 0) { in mbedtls_sha3_finish()
362 *output++ = SQUEEZE(ctx, ctx->index); in mbedtls_sha3_finish()
364 if ((ctx->index = (ctx->index + 1) % ctx->max_block_size) == 0) { in mbedtls_sha3_finish()
377 * output = SHA-3( input buffer )
406 /**************** Self-tests ****************/
578 return -1; in mbedtls_sha3_kat_test()
669 /* SHA-3 Known Answer Tests (KAT) */ in mbedtls_sha3_self_test()
672 "SHA3-224", MBEDTLS_SHA3_224, i)) { in mbedtls_sha3_self_test()
677 "SHA3-256", MBEDTLS_SHA3_256, i)) { in mbedtls_sha3_self_test()
682 "SHA3-384", MBEDTLS_SHA3_384, i)) { in mbedtls_sha3_self_test()
687 "SHA3-512", MBEDTLS_SHA3_512, i)) { in mbedtls_sha3_self_test()
692 /* SHA-3 long KAT tests */ in mbedtls_sha3_self_test()
694 "SHA3-224", MBEDTLS_SHA3_224)) { in mbedtls_sha3_self_test()
699 "SHA3-256", MBEDTLS_SHA3_256)) { in mbedtls_sha3_self_test()
704 "SHA3-384", MBEDTLS_SHA3_384)) { in mbedtls_sha3_self_test()
709 "SHA3-512", MBEDTLS_SHA3_512)) { in mbedtls_sha3_self_test()