[ { "path": ".gitignore", "content": "/*.o\n/*.a\n/sha3sum\n/sha3test\n" }, { "path": "LICENSE", "content": "MIT License\n\nCopyright (c) 2020 brainhub\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n" }, { "path": "Makefile", "content": ".POSIX:\nCC = c99\nCFLAGS = -std=c99 -Wall -Wextra -Wpedantic -O2 -g\nLDFLAGS =\nLDLIBS =\nPREFIX = /usr/local\n\nall: libsha3.a sha3sum sha3test\n\n.SUFFIXES: .c .o\n.c.o:\n\t$(CC) -c $(CFLAGS) -o $@ $<\n\nlibsha3.a: sha3.o\n\tar rsv $@ sha3.o\n\nsha3sum: sha3.o sha3sum.o\n\t$(CC) $(LDFLAGS) -o $@ sha3.o sha3sum.o $(LDLIBS)\n\nsha3fuzz: sha3.c fuzz/sha3fuzz.c\n\tclang -g --std=c99 -fsanitize=fuzzer,address -O0 -I . -o $@ $^\n\nsha3test: sha3.o sha3test.o\n\t$(CC) $(LDFLAGS) -o $@ sha3.o sha3test.o $(LDLIBS)\n\ncheck: sha3test\n\t./sha3test\n\nclean:\n\trm -f *.o libsha3.a sha3sum sha3test sha3fuzz\n\ninstall:\n\tmkdir -p $(DESTDIR)$(PREFIX)/include \\\n\t\t$(DESTDIR)$(PREFIX)/lib \\\n\t\t$(DESTDIR)$(PREFIX)/bin\n\tinstall sha3.h $(DESTDIR)$(PREFIX)/include\n\tinstall -m 755 libsha3.a $(DESTDIR)$(PREFIX)/lib\n\tinstall -m 755 sha3sum $(DESTDIR)$(PREFIX)/bin\n\nuninstall:\n\trm -f \\\n\t\t$(DESTDIR)$(PREFIX)/include/sha3.h \\\n\t\t$(DESTDIR)$(PREFIX)/lib/libsha3.a \\\n\t\t$(DESTDIR)$(PREFIX)/bin/sha3sum\n\n.PHONY: all check clean install uninstall\n" }, { "path": "README.md", "content": "# C implementation of SHA-3 and Keccak with Init/Update/Finalize API\n\nThe purpose of this project is:\n\n* provide an API that hashes bytes, not bits\n* provide a simple reference implementation of a SHA-3 message digest algorithm, as defined in the [FIPS 202][fips202_standard] standard\n* assist developers in the [Ethereum](https://www.ethereum.org/) blockchain ecosystem by providing the Keccak function used there\n* implement the hashing API that employs the __IUF__ paradigm (or `Init`, `Update`, `Finalize` style)\n* answer the design questions, such as:\n * what does the state for IUF look like?\n * how small can the state be (224 bytes on a 64-bit system for a unified SHA-3 algorithm)\n * what is the incremental cost of adding e.g. SHA3-384 to a SHA3-256 implementation?\n\nThe implementation is written in C and uses `uint64_t` types to manage the SHA-3 state. The code will compile and run on 64-bit and 32-bit architectures (`gcc` and `gcc -m32` on `x86_64` were tested).\n\n[fips202_standard]: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf \"FIPS 202 standard\"\n\n## License, prior work\n\nThis work is licensed with a standard [MIT license](LICENSE). I appreciate, but do not require, any attribution to this work if you used the code or ideas. I thank you for this in advance.\n\nThis is a clean-room implementation of IUF API for SHA3. The `keccakf()` is based on the code from [keccak.noekeon.org](http://keccak.noekeon.org/).\n\n1600-bit message hashing test vectors are [NIST test vectors](http://csrc.nist.gov/groups/ST/toolkit/examples.html).\n\n## Overview of the API\n\nLet's hash 'abc' with SHA3-256 using two methods: single buffer (but using IUF paradigm), and using the IUF API. \n\n sha3_context c;\n uint8_t *hash;\n\nSingle-buffer hashing:\n\n sha3_Init256(&c);\n sha3_Update(&c, \"abc\", 3);\n hash = sha3_Finalize(&c);\n // 'hash' points to a buffer inside 'c'\n // with the value of SHA3-256\n\nAlternatively, IUF hashing:\n\n sha3_Init256(&c);\n sha3_Update(&c, \"a\", 1);\n sha3_Update(&c, \"bc\", 2);\n hash = sha3_Finalize(&c);\n\n // no free for 'c' is needed\n\nThe `hash` points to the same `256/8=32` bytes in both cases.\n\nThere is also a single-call hashing API:\n\n sha3_HashBuffer(256, SHA3_FLAGS_KECCAK, \"abc\", 3, out, sizeof(out));\n // out contains 256 bits of Keccak256, or less if sizeof(out)<32\n\n## How to use Keccak version\n\nCall `sha3_SetFlags(&c, SHA3_FLAGS_KECCAK)` immediately after `sha3_InitX` or no later than `sha3_Finalize`. This change cannot be undone for the given hash context.\n\n## Building\n\n $ make\n\nSee `Makefile` for details. See also below for specific examples.\n\n## Self-tests\n\n $ make test\n Keccak-256 tests passed OK\n SHA3-256, SHA3-384, SHA3-512 tests passed OK\n\nor \n\n $ make CFLAGS=-m32 LDFLAGS=-m32 test\n Keccak-256 tests passed OK\n SHA3-256, SHA3-384, SHA3-512 tests passed OK\n\nThere is also `sha3sum` test program that takes following parameters:\n\n sha3sum 256|384|512 file_path \n\nor for Keccak version:\n\n sha3sum 256|384|512 -k file_path \n\n### SHA-3 / Linux sha3sum example\n\n $ touch empty.txt\n $ gcc -Wall sha3.c sha3sum.c -o sha3sum && ./sha3sum 256 empty.txt\n a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a empty.txt\n\nCompare with Linux `sha3sum`:\n\n $ sha3sum -a 256 empty.txt\n a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a empty.txt\n\n### Keccak256 / Solidity example\n\n $ echo -n \"abc\" > abc\n $ sha3sum 256 -k abc\n 4e03657aea45a94fc7d47ba826c8d667c0d1e6e33a64a036ec44f58fa12d6c45 abc\n\nThis corresponds to the result obtained in Solidity JavaScript test framework.\n\n console.log(web3.utils.sha3('abc'));\n // prints 0x4e03657aea45a94fc7d47ba826c8d667c0d1e6e33a64a036ec44f58fa12d6c45\n\n## API\n\n* the same `sha3_context` object maintains the state for SHA3-256, SHA3-384, or SHA3-512 algorithm;\n* the hash algorithm used is determined by how the context was initialized with `sha3_InitX`, e.g. `sha3_Init256`, `sha3_Init384`, or `sha3_Init512` call;\n* `sha3_Update` and `sha3_Finalize` are the same for regardless the type of the algorithm (`X`);\n* the buffer returned by `sha3_Finalize` will have `X` bits of hash;\n* `sha3_InitX` also works as Reset (zeroization) of the hash context; no Free function is needed;\n\nSee [`sha3.h`](sha3.h) for the exact interface.\n\n## API fuzzing\n\n $ fuzz/run.sh\n\nThe fuzzing script expects clang installed.\n\n## Credits\n\nThanks to @ralight for moving the test code into separate `sha3test.c`\n\n## Notes\n\nSHA3-224 is not supported, but can easily be added.\n\nThe code was written to work with the Microsoft Visual Studio compiler (under `_MSC_VER`), but this build target was not tested.\n\nThis project was created to support [SHA3 in OpenPGP](https://tools.ietf.org/html/draft-jivsov-openpgp-sha3) work, but it applies to other protocols and formats, e.g. TLS.\n\n" }, { "path": "fuzz/run.sh", "content": "#!/bin/sh\n\nTHIS_SCRIPT=$(readlink -f $0)\nP=`dirname $THIS_SCRIPT`\nTOP=`dirname $P`\n\ncd $TOP\nmake sha3fuzz && ./sha3fuzz $P/seeds -max_total_time=100\n" }, { "path": "fuzz/seeds/0a5dec3f2ed57a024ccba1041dc85e54e09f74d4", "content": "+\u0002" }, { "path": "fuzz/seeds/19852f1f4d08174b77ba2c88e0d8ec1455348b22", "content": "3\n\u0002" }, { "path": "fuzz/seeds/2daa36d007df33c974630657696ef4fbc665ca12", "content": "\ndd\u001d" }, { "path": "fuzz/seeds/3c363836cf4e16666669a25da280a1865c2d2874", "content": "d" }, { "path": "fuzz/seeds/71853c6197a6a7f222db0f1978c7cb232b87c5ee", "content": "\n\n" }, { "path": "fuzz/seeds/98fc3c55ad129219ed5ffa43cd36a83fd6c2248e", "content": "\n" }, { "path": "fuzz/seeds/a4bf6fc7ed78f9cdc178168a3a60070f3fae68ab", "content": "\n:\n" }, { "path": "fuzz/seeds/a979ef10cc6f6a36df6b8a323307ee3bb2e2db9c", "content": "+" }, { "path": "fuzz/seeds/b69e21c4d029acf5779df9a7167cb0b3d76b6a91", "content": "vvvvv3\n\u0002" }, { "path": "fuzz/seeds/c63ae6dd4fc9f9dda66970e827d13f7c73fe841c", "content": "M" }, { "path": "fuzz/seeds/f45250b51fd7511ea177e87492cfb303b73517b3", "content": "" }, { "path": "fuzz/sha3fuzz.c", "content": "#include \n#include \n#include \n\n#include \"sha3.h\"\n\nint LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {\n\tsha3_context c;\n\tconst void *hash;\n\tuint8_t b;\n\tuint8_t buf[512/8];\n\tunsigned is_keccak;\n\n\tif( Size < 1 )\n\t\treturn 0;\n\n\tb = Data[0];\n\tSize --;\n\tData ++;\n\n\tis_keccak = b & (1<<2);\n\n\tswitch(b & 3) {\n\t\tcase 0:\n\t\t\tsha3_Init256(&c);\n\t\t\tbreak;\n\t\tcase 1:\n\t\t\tsha3_Init384(&c);\n\t\t\tbreak;\n\t\tcase 2:\n\t\t\tsha3_Init512(&c);\n\t\t\tbreak;\n\t\tcase 3:\n\t\t\tif(Size >= 2)\n\t\t\t\tsha3_HashBuffer((unsigned)Data[0] << 1, \n\t\t\t\t\t\tData[1]/*SHA3_FLAGS_KECCAK or NONE*/, \n\t\t\t\t\t\tData + 2, Size-2, buf, sizeof(buf));\n\t\t\treturn 0;\n\t}\n\n\tif( is_keccak )\n\t\tsha3_SetFlags( &c, SHA3_FLAGS_KECCAK );\n\n\tsha3_Update(&c, Data, Size);\n\thash = sha3_Finalize(&c);\n\n\treturn 0;\n}\n\n" }, { "path": "sha3.c", "content": "/* -------------------------------------------------------------------------\n * Works when compiled for either 32-bit or 64-bit targets, optimized for \n * 64 bit.\n *\n * Canonical implementation of Init/Update/Finalize for SHA-3 byte input. \n *\n * SHA3-256, SHA3-384, SHA-512 are implemented. SHA-224 can easily be added.\n *\n * Based on code from http://keccak.noekeon.org/ .\n *\n * I place the code that I wrote into public domain, free to use. \n *\n * I would appreciate if you give credits to this work if you used it to \n * write or test * your code.\n *\n * Aug 2015. Andrey Jivsov. crypto@brainhub.org\n * ---------------------------------------------------------------------- */\n\n#include \n#include \n#include \n\n#include \"sha3.h\"\n\n#define SHA3_ASSERT( x )\n#define SHA3_TRACE( format, ...)\n#define SHA3_TRACE_BUF(format, buf, l)\n\n/* \n * This flag is used to configure \"pure\" Keccak, as opposed to NIST SHA3.\n */\n#define SHA3_USE_KECCAK_FLAG 0x80000000\n#define SHA3_CW(x) ((x) & (~SHA3_USE_KECCAK_FLAG))\n\n\n#if defined(_MSC_VER)\n#define SHA3_CONST(x) x\n#else\n#define SHA3_CONST(x) x##L\n#endif\n\n#ifndef SHA3_ROTL64\n#define SHA3_ROTL64(x, y) \\\n\t(((x) << (y)) | ((x) >> ((sizeof(uint64_t)*8) - (y))))\n#endif\n\nstatic const uint64_t keccakf_rndc[24] = {\n SHA3_CONST(0x0000000000000001UL), SHA3_CONST(0x0000000000008082UL),\n SHA3_CONST(0x800000000000808aUL), SHA3_CONST(0x8000000080008000UL),\n SHA3_CONST(0x000000000000808bUL), SHA3_CONST(0x0000000080000001UL),\n SHA3_CONST(0x8000000080008081UL), SHA3_CONST(0x8000000000008009UL),\n SHA3_CONST(0x000000000000008aUL), SHA3_CONST(0x0000000000000088UL),\n SHA3_CONST(0x0000000080008009UL), SHA3_CONST(0x000000008000000aUL),\n SHA3_CONST(0x000000008000808bUL), SHA3_CONST(0x800000000000008bUL),\n SHA3_CONST(0x8000000000008089UL), SHA3_CONST(0x8000000000008003UL),\n SHA3_CONST(0x8000000000008002UL), SHA3_CONST(0x8000000000000080UL),\n SHA3_CONST(0x000000000000800aUL), SHA3_CONST(0x800000008000000aUL),\n SHA3_CONST(0x8000000080008081UL), SHA3_CONST(0x8000000000008080UL),\n SHA3_CONST(0x0000000080000001UL), SHA3_CONST(0x8000000080008008UL)\n};\n\nstatic const unsigned keccakf_rotc[24] = {\n 1, 3, 6, 10, 15, 21, 28, 36, 45, 55, 2, 14, 27, 41, 56, 8, 25, 43, 62,\n 18, 39, 61, 20, 44\n};\n\nstatic const unsigned keccakf_piln[24] = {\n 10, 7, 11, 17, 18, 3, 5, 16, 8, 21, 24, 4, 15, 23, 19, 13, 12, 2, 20,\n 14, 22, 9, 6, 1\n};\n\n/* generally called after SHA3_KECCAK_SPONGE_WORDS-ctx->capacityWords words \n * are XORed into the state s \n */\nstatic void\nkeccakf(uint64_t s[25])\n{\n int i, j, round;\n uint64_t t, bc[5];\n#define KECCAK_ROUNDS 24\n\n for(round = 0; round < KECCAK_ROUNDS; round++) {\n\n /* Theta */\n for(i = 0; i < 5; i++)\n bc[i] = s[i] ^ s[i + 5] ^ s[i + 10] ^ s[i + 15] ^ s[i + 20];\n\n for(i = 0; i < 5; i++) {\n t = bc[(i + 4) % 5] ^ SHA3_ROTL64(bc[(i + 1) % 5], 1);\n for(j = 0; j < 25; j += 5)\n s[j + i] ^= t;\n }\n\n /* Rho Pi */\n t = s[1];\n for(i = 0; i < 24; i++) {\n j = keccakf_piln[i];\n bc[0] = s[j];\n s[j] = SHA3_ROTL64(t, keccakf_rotc[i]);\n t = bc[0];\n }\n\n /* Chi */\n for(j = 0; j < 25; j += 5) {\n for(i = 0; i < 5; i++)\n bc[i] = s[j + i];\n for(i = 0; i < 5; i++)\n s[j + i] ^= (~bc[(i + 1) % 5]) & bc[(i + 2) % 5];\n }\n\n /* Iota */\n s[0] ^= keccakf_rndc[round];\n }\n}\n\n/* *************************** Public Inteface ************************ */\n\n/* For Init or Reset call these: */\nsha3_return_t\nsha3_Init(void *priv, unsigned bitSize) {\n sha3_context *ctx = (sha3_context *) priv;\n if( bitSize != 256 && bitSize != 384 && bitSize != 512 )\n return SHA3_RETURN_BAD_PARAMS;\n memset(ctx, 0, sizeof(*ctx));\n ctx->capacityWords = 2 * bitSize / (8 * sizeof(uint64_t));\n return SHA3_RETURN_OK;\n}\n\nvoid\nsha3_Init256(void *priv)\n{\n sha3_Init(priv, 256);\n}\n\nvoid\nsha3_Init384(void *priv)\n{\n sha3_Init(priv, 384);\n}\n\nvoid\nsha3_Init512(void *priv)\n{\n sha3_Init(priv, 512);\n}\n\nenum SHA3_FLAGS\nsha3_SetFlags(void *priv, enum SHA3_FLAGS flags)\n{\n sha3_context *ctx = (sha3_context *) priv;\n flags &= SHA3_FLAGS_KECCAK;\n ctx->capacityWords |= (flags == SHA3_FLAGS_KECCAK ? SHA3_USE_KECCAK_FLAG : 0);\n return flags;\n}\n\n\nvoid\nsha3_Update(void *priv, void const *bufIn, size_t len)\n{\n sha3_context *ctx = (sha3_context *) priv;\n\n /* 0...7 -- how much is needed to have a word */\n unsigned old_tail = (8 - ctx->byteIndex) & 7;\n\n size_t words;\n unsigned tail;\n size_t i;\n\n const uint8_t *buf = bufIn;\n\n SHA3_TRACE_BUF(\"called to update with:\", buf, len);\n\n SHA3_ASSERT(ctx->byteIndex < 8);\n SHA3_ASSERT(ctx->wordIndex < sizeof(ctx->u.s) / sizeof(ctx->u.s[0]));\n\n if(len < old_tail) { /* have no complete word or haven't started \n * the word yet */\n SHA3_TRACE(\"because %d<%d, store it and return\", (unsigned)len,\n (unsigned)old_tail);\n /* endian-independent code follows: */\n while (len--)\n ctx->saved |= (uint64_t) (*(buf++)) << ((ctx->byteIndex++) * 8);\n SHA3_ASSERT(ctx->byteIndex < 8);\n return;\n }\n\n if(old_tail) { /* will have one word to process */\n SHA3_TRACE(\"completing one word with %d bytes\", (unsigned)old_tail);\n /* endian-independent code follows: */\n len -= old_tail;\n while (old_tail--)\n ctx->saved |= (uint64_t) (*(buf++)) << ((ctx->byteIndex++) * 8);\n\n /* now ready to add saved to the sponge */\n ctx->u.s[ctx->wordIndex] ^= ctx->saved;\n SHA3_ASSERT(ctx->byteIndex == 8);\n ctx->byteIndex = 0;\n ctx->saved = 0;\n if(++ctx->wordIndex ==\n (SHA3_KECCAK_SPONGE_WORDS - SHA3_CW(ctx->capacityWords))) {\n keccakf(ctx->u.s);\n ctx->wordIndex = 0;\n }\n }\n\n /* now work in full words directly from input */\n\n SHA3_ASSERT(ctx->byteIndex == 0);\n\n words = len / sizeof(uint64_t);\n tail = len - words * sizeof(uint64_t);\n\n SHA3_TRACE(\"have %d full words to process\", (unsigned)words);\n\n for(i = 0; i < words; i++, buf += sizeof(uint64_t)) {\n const uint64_t t = (uint64_t) (buf[0]) |\n ((uint64_t) (buf[1]) << 8 * 1) |\n ((uint64_t) (buf[2]) << 8 * 2) |\n ((uint64_t) (buf[3]) << 8 * 3) |\n ((uint64_t) (buf[4]) << 8 * 4) |\n ((uint64_t) (buf[5]) << 8 * 5) |\n ((uint64_t) (buf[6]) << 8 * 6) |\n ((uint64_t) (buf[7]) << 8 * 7);\n#if defined(__x86_64__ ) || defined(__i386__)\n SHA3_ASSERT(memcmp(&t, buf, 8) == 0);\n#endif\n ctx->u.s[ctx->wordIndex] ^= t;\n if(++ctx->wordIndex ==\n (SHA3_KECCAK_SPONGE_WORDS - SHA3_CW(ctx->capacityWords))) {\n keccakf(ctx->u.s);\n ctx->wordIndex = 0;\n }\n }\n\n SHA3_TRACE(\"have %d bytes left to process, save them\", (unsigned)tail);\n\n /* finally, save the partial word */\n SHA3_ASSERT(ctx->byteIndex == 0 && tail < 8);\n while (tail--) {\n SHA3_TRACE(\"Store byte %02x '%c'\", *buf, *buf);\n ctx->saved |= (uint64_t) (*(buf++)) << ((ctx->byteIndex++) * 8);\n }\n SHA3_ASSERT(ctx->byteIndex < 8);\n SHA3_TRACE(\"Have saved=0x%016\" PRIx64 \" at the end\", ctx->saved);\n}\n\n/* This is simply the 'update' with the padding block.\n * The padding block is 0x01 || 0x00* || 0x80. First 0x01 and last 0x80 \n * bytes are always present, but they can be the same byte.\n */\nvoid const *\nsha3_Finalize(void *priv)\n{\n sha3_context *ctx = (sha3_context *) priv;\n\n SHA3_TRACE(\"called with %d bytes in the buffer\", ctx->byteIndex);\n\n /* Append 2-bit suffix 01, per SHA-3 spec. Instead of 1 for padding we\n * use 1<<2 below. The 0x02 below corresponds to the suffix 01.\n * Overall, we feed 0, then 1, and finally 1 to start padding. Without\n * M || 01, we would simply use 1 to start padding. */\n\n uint64_t t;\n\n if( ctx->capacityWords & SHA3_USE_KECCAK_FLAG ) {\n /* Keccak version */\n t = (uint64_t)(((uint64_t) 1) << (ctx->byteIndex * 8));\n }\n else {\n /* SHA3 version */\n t = (uint64_t)(((uint64_t)(0x02 | (1 << 2))) << ((ctx->byteIndex) * 8));\n }\n\n ctx->u.s[ctx->wordIndex] ^= ctx->saved ^ t;\n\n ctx->u.s[SHA3_KECCAK_SPONGE_WORDS - SHA3_CW(ctx->capacityWords) - 1] ^=\n SHA3_CONST(0x8000000000000000UL);\n keccakf(ctx->u.s);\n\n /* Return first bytes of the ctx->s. This conversion is not needed for\n * little-endian platforms e.g. wrap with #if !defined(__BYTE_ORDER__)\n * || !defined(__ORDER_LITTLE_ENDIAN__) || __BYTE_ORDER__!=__ORDER_LITTLE_ENDIAN__ \n * ... the conversion below ...\n * #endif */\n {\n unsigned i;\n for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) {\n const unsigned t1 = (uint32_t) ctx->u.s[i];\n const unsigned t2 = (uint32_t) ((ctx->u.s[i] >> 16) >> 16);\n ctx->u.sb[i * 8 + 0] = (uint8_t) (t1);\n ctx->u.sb[i * 8 + 1] = (uint8_t) (t1 >> 8);\n ctx->u.sb[i * 8 + 2] = (uint8_t) (t1 >> 16);\n ctx->u.sb[i * 8 + 3] = (uint8_t) (t1 >> 24);\n ctx->u.sb[i * 8 + 4] = (uint8_t) (t2);\n ctx->u.sb[i * 8 + 5] = (uint8_t) (t2 >> 8);\n ctx->u.sb[i * 8 + 6] = (uint8_t) (t2 >> 16);\n ctx->u.sb[i * 8 + 7] = (uint8_t) (t2 >> 24);\n }\n }\n\n SHA3_TRACE_BUF(\"Hash: (first 32 bytes)\", ctx->u.sb, 256 / 8);\n\n return (ctx->u.sb);\n}\n\nsha3_return_t sha3_HashBuffer( unsigned bitSize, enum SHA3_FLAGS flags, const void *in, unsigned inBytes, void *out, unsigned outBytes ) {\n sha3_return_t err;\n sha3_context c;\n\n err = sha3_Init(&c, bitSize);\n if( err != SHA3_RETURN_OK )\n return err;\n if( sha3_SetFlags(&c, flags) != flags ) {\n return SHA3_RETURN_BAD_PARAMS;\n }\n sha3_Update(&c, in, inBytes);\n const void *h = sha3_Finalize(&c);\n\n if(outBytes > bitSize/8)\n outBytes = bitSize/8;\n memcpy(out, h, outBytes);\n return SHA3_RETURN_OK;\n}\n" }, { "path": "sha3.h", "content": "#ifndef SHA3_H\n#define SHA3_H\n\n#include \n\n/* -------------------------------------------------------------------------\n * Works when compiled for either 32-bit or 64-bit targets, optimized for \n * 64 bit.\n *\n * Canonical implementation of Init/Update/Finalize for SHA-3 byte input. \n *\n * SHA3-256, SHA3-384, SHA-512 are implemented. SHA-224 can easily be added.\n *\n * Based on code from http://keccak.noekeon.org/ .\n *\n * I place the code that I wrote into public domain, free to use. \n *\n * I would appreciate if you give credits to this work if you used it to \n * write or test * your code.\n *\n * Aug 2015. Andrey Jivsov. crypto@brainhub.org\n * ---------------------------------------------------------------------- */\n\n/* 'Words' here refers to uint64_t */\n#define SHA3_KECCAK_SPONGE_WORDS \\\n\t(((1600)/8/*bits to byte*/)/sizeof(uint64_t))\ntypedef struct sha3_context_ {\n uint64_t saved; /* the portion of the input message that we\n * didn't consume yet */\n union { /* Keccak's state */\n uint64_t s[SHA3_KECCAK_SPONGE_WORDS];\n uint8_t sb[SHA3_KECCAK_SPONGE_WORDS * 8];\n } u;\n unsigned byteIndex; /* 0..7--the next byte after the set one\n * (starts from 0; 0--none are buffered) */\n unsigned wordIndex; /* 0..24--the next word to integrate input\n * (starts from 0) */\n unsigned capacityWords; /* the double size of the hash output in\n * words (e.g. 16 for Keccak 512) */\n} sha3_context;\n\nenum SHA3_FLAGS {\n SHA3_FLAGS_NONE=0,\n SHA3_FLAGS_KECCAK=1\n};\n\nenum SHA3_RETURN {\n SHA3_RETURN_OK=0,\n SHA3_RETURN_BAD_PARAMS=1\n};\ntypedef enum SHA3_RETURN sha3_return_t;\n\n/* For Init or Reset call these: */\nsha3_return_t sha3_Init(void *priv, unsigned bitSize);\n\nvoid sha3_Init256(void *priv);\nvoid sha3_Init384(void *priv);\nvoid sha3_Init512(void *priv);\n\nenum SHA3_FLAGS sha3_SetFlags(void *priv, enum SHA3_FLAGS);\n\nvoid sha3_Update(void *priv, void const *bufIn, size_t len);\n\nvoid const *sha3_Finalize(void *priv);\n\n/* Single-call hashing */\nsha3_return_t sha3_HashBuffer( \n unsigned bitSize, /* 256, 384, 512 */\n enum SHA3_FLAGS flags, /* SHA3_FLAGS_NONE or SHA3_FLAGS_KECCAK */\n const void *in, unsigned inBytes, \n void *out, unsigned outBytes ); /* up to bitSize/8; truncation OK */\n\n#endif\n" }, { "path": "sha3sum.c", "content": "/* -------------------------------------------------------------------------\n * Run SHA-3 (NIST FIPS 202) on the given file. \n *\n * Call as\n *\n * sha3sum 256|384|512 file_path\n *\n * See sha3.c for additional details. \n *\n * Jun 2018. Andrey Jivsov. crypto@brainhub.org\n * ---------------------------------------------------------------------- */\n\n#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n\n#include \"sha3.h\"\n\nstatic void help(const char *argv0) {\n printf(\"To call: %s 256|384|512 [-k] file_path.\\n\", argv0);\n}\n\nstatic void byte_to_hex(uint8_t b, char s[23]) {\n unsigned i=1;\n s[0] = s[1] = '0';\n s[2] = '\\0';\n while(b) {\n unsigned t = b & 0x0f;\n if( t < 10 ) {\n s[i] = '0' + t;\n } else {\n s[i] = 'a' + t - 10;\n }\n i--;\n b >>= 4;\n }\n}\n\nint main(int argc, char *argv[])\n{\n sha3_context c;\n const uint8_t *hash;\n unsigned image_size;\n const char *file_path;\n int fd;\n struct stat st;\n void *p;\n unsigned i;\n unsigned use_keccak = 0;\n\n if( argc != 3 && argc != 4 ) {\n\t help(argv[0]);\n\t return 1;\n }\n\n image_size = atoi(argv[1]);\n switch( image_size ) {\n\tcase 256:\n\tcase 384:\n\tcase 512:\n\t\tbreak;\n\tdefault:\n\t\thelp(argv[0]);\n\t\treturn 1;\n }\n\n file_path = argv[2];\n\n if( argc == 4 && file_path[0] == '-' && file_path[1] == 'k' ) {\n use_keccak = 1;\n file_path = argv[3];\n }\n\n if( access(file_path, R_OK)!=0 ) {\n\t printf(\"Cannot read file '%s'\", file_path);\n\t return 2;\n }\n\n fd = open(file_path, O_RDONLY);\n if( fd == -1 ) {\n\t printf(\"Cannot open file '%s' for reading\", file_path);\n\t return 2;\n }\n i = fstat(fd, &st);\n if( i ) {\n\t close(fd);\n\t printf(\"Cannot determine the size of file '%s'\", file_path);\n\t return 2;\n }\n\n p = mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0);\n close(fd);\n if( p==NULL ) {\n\t printf(\"Cannot memory-map file '%s'\", file_path);\n\t return 2;\n }\n\n switch(image_size) {\n\tcase 256:\n \t\tsha3_Init256(&c);\n\t\tbreak;\n\tcase 384:\n \t\tsha3_Init384(&c);\n\t\tbreak;\n\tcase 512:\n \t\tsha3_Init512(&c);\n\t\tbreak;\n }\n\n if( use_keccak ) {\n enum SHA3_FLAGS flags2 = sha3_SetFlags(&c, SHA3_FLAGS_KECCAK);\n if( flags2 != SHA3_FLAGS_KECCAK ) {\n\t printf(\"Failed to set Keccak mode\");\n return 2;\n }\n }\n sha3_Update(&c, p, st.st_size);\n hash = sha3_Finalize(&c);\n\n munmap(p, st.st_size);\n\n for(i=0; i\n#include \n#include \n\n#include \"sha3.h\"\n\nint\nmain()\n{\n uint8_t buf[200];\n sha3_context c;\n const void *hash;\n unsigned i;\n const uint8_t c1 = 0xa3;\n\n /* [FIPS 202] KAT follow */\n static const uint8_t sha3_256_empty[256 / 8] = {\n 0xa7, 0xff, 0xc6, 0xf8, 0xbf, 0x1e, 0xd7, 0x66,\n\t0x51, 0xc1, 0x47, 0x56, 0xa0, 0x61, 0xd6, 0x62,\n\t0xf5, 0x80, 0xff, 0x4d, 0xe4, 0x3b, 0x49, 0xfa, \n\t0x82, 0xd8, 0x0a, 0x4b, 0x80, 0xf8, 0x43, 0x4a\n };\n static const uint8_t sha3_256_0xa3_200_times[256 / 8] = {\n 0x79, 0xf3, 0x8a, 0xde, 0xc5, 0xc2, 0x03, 0x07,\n 0xa9, 0x8e, 0xf7, 0x6e, 0x83, 0x24, 0xaf, 0xbf,\n 0xd4, 0x6c, 0xfd, 0x81, 0xb2, 0x2e, 0x39, 0x73,\n 0xc6, 0x5f, 0xa1, 0xbd, 0x9d, 0xe3, 0x17, 0x87\n };\n static const uint8_t sha3_384_0xa3_200_times[384 / 8] = {\n 0x18, 0x81, 0xde, 0x2c, 0xa7, 0xe4, 0x1e, 0xf9,\n 0x5d, 0xc4, 0x73, 0x2b, 0x8f, 0x5f, 0x00, 0x2b,\n 0x18, 0x9c, 0xc1, 0xe4, 0x2b, 0x74, 0x16, 0x8e,\n 0xd1, 0x73, 0x26, 0x49, 0xce, 0x1d, 0xbc, 0xdd,\n 0x76, 0x19, 0x7a, 0x31, 0xfd, 0x55, 0xee, 0x98,\n 0x9f, 0x2d, 0x70, 0x50, 0xdd, 0x47, 0x3e, 0x8f\n };\n static const uint8_t sha3_512_0xa3_200_times[512 / 8] = {\n 0xe7, 0x6d, 0xfa, 0xd2, 0x20, 0x84, 0xa8, 0xb1,\n 0x46, 0x7f, 0xcf, 0x2f, 0xfa, 0x58, 0x36, 0x1b,\n 0xec, 0x76, 0x28, 0xed, 0xf5, 0xf3, 0xfd, 0xc0,\n 0xe4, 0x80, 0x5d, 0xc4, 0x8c, 0xae, 0xec, 0xa8,\n 0x1b, 0x7c, 0x13, 0xc3, 0x0a, 0xdf, 0x52, 0xa3,\n 0x65, 0x95, 0x84, 0x73, 0x9a, 0x2d, 0xf4, 0x6b,\n 0xe5, 0x89, 0xc5, 0x1c, 0xa1, 0xa4, 0xa8, 0x41,\n 0x6d, 0xf6, 0x54, 0x5a, 0x1c, 0xe8, 0xba, 0x00\n };\n\n /* ---- \"pure\" Keccak algorithm begins; from [Keccak] ----- */\n\n sha3_HashBuffer(256, SHA3_FLAGS_KECCAK, \"abc\", 3, buf, sizeof(buf));\n if(memcmp(buf, \"\\x4e\\x03\\x65\\x7a\\xea\\x45\\xa9\\x4f\"\n \"\\xc7\\xd4\\x7b\\xa8\\x26\\xc8\\xd6\\x67\"\n \"\\xc0\\xd1\\xe6\\xe3\\x3a\\x64\\xa0\\x36\"\n \"\\xec\\x44\\xf5\\x8f\\xa1\\x2d\\x6c\\x45\", 256 / 8) != 0) {\n printf(\"SHA3-256(abc) \"\n \"doesn't match known answer (single buffer)\\n\");\n return 10;\n }\n\n\n sha3_Init256(&c);\n sha3_SetFlags(&c, SHA3_FLAGS_KECCAK);\n sha3_Update(&c, \"\\xcc\", 1);\n hash = sha3_Finalize(&c);\n if(memcmp(hash, \"\\xee\\xad\\x6d\\xbf\\xc7\\x34\\x0a\\x56\"\n \"\\xca\\xed\\xc0\\x44\\x69\\x6a\\x16\\x88\"\n \"\\x70\\x54\\x9a\\x6a\\x7f\\x6f\\x56\\x96\"\n \"\\x1e\\x84\\xa5\\x4b\\xd9\\x97\\x0b\\x8a\", 256 / 8) != 0) {\n printf(\"SHA3-256(cc) \"\n \"doesn't match known answer (single buffer)\\n\");\n return 11;\n }\n\n sha3_Init256(&c);\n sha3_SetFlags(&c, SHA3_FLAGS_KECCAK);\n sha3_Update(&c, \"\\x41\\xfb\", 2);\n hash = sha3_Finalize(&c);\n if(memcmp(hash, \"\\xa8\\xea\\xce\\xda\\x4d\\x47\\xb3\\x28\"\n \"\\x1a\\x79\\x5a\\xd9\\xe1\\xea\\x21\\x22\"\n \"\\xb4\\x07\\xba\\xf9\\xaa\\xbc\\xb9\\xe1\"\n \"\\x8b\\x57\\x17\\xb7\\x87\\x35\\x37\\xd2\", 256 / 8) != 0) {\n printf(\"SHA3-256(41fb) \"\n \"doesn't match known answer (single buffer)\\n\");\n return 12;\n }\n\n sha3_Init256(&c);\n sha3_SetFlags(&c, SHA3_FLAGS_KECCAK);\n sha3_Update(&c,\n \"\\x52\\xa6\\x08\\xab\\x21\\xcc\\xdd\\x8a\"\n \"\\x44\\x57\\xa5\\x7e\\xde\\x78\\x21\\x76\", 128 / 8);\n hash = sha3_Finalize(&c);\n if(memcmp(hash, \"\\x0e\\x32\\xde\\xfa\\x20\\x71\\xf0\\xb5\"\n \"\\xac\\x0e\\x6a\\x10\\x8b\\x84\\x2e\\xd0\"\n \"\\xf1\\xd3\\x24\\x97\\x12\\xf5\\x8e\\xe0\"\n \"\\xdd\\xf9\\x56\\xfe\\x33\\x2a\\x5f\\x95\", 256 / 8) != 0) {\n printf(\"SHA3-256(52a6...76) \"\n \"doesn't match known answer (single buffer)\\n\");\n return 13;\n }\n\n sha3_Init256(&c);\n sha3_SetFlags(&c, SHA3_FLAGS_KECCAK);\n sha3_Update(&c,\n \"\\x43\\x3c\\x53\\x03\\x13\\x16\\x24\\xc0\"\n \"\\x02\\x1d\\x86\\x8a\\x30\\x82\\x54\\x75\"\n \"\\xe8\\xd0\\xbd\\x30\\x52\\xa0\\x22\\x18\"\n \"\\x03\\x98\\xf4\\xca\\x44\\x23\\xb9\\x82\"\n \"\\x14\\xb6\\xbe\\xaa\\xc2\\x1c\\x88\\x07\"\n \"\\xa2\\xc3\\x3f\\x8c\\x93\\xbd\\x42\\xb0\"\n \"\\x92\\xcc\\x1b\\x06\\xce\\xdf\\x32\\x24\"\n \"\\xd5\\xed\\x1e\\xc2\\x97\\x84\\x44\\x4f\"\n \"\\x22\\xe0\\x8a\\x55\\xaa\\x58\\x54\\x2b\"\n \"\\x52\\x4b\\x02\\xcd\\x3d\\x5d\\x5f\\x69\"\n \"\\x07\\xaf\\xe7\\x1c\\x5d\\x74\\x62\\x22\"\n \"\\x4a\\x3f\\x9d\\x9e\\x53\\xe7\\xe0\\x84\" \"\\x6d\\xcb\\xb4\\xce\", 800 / 8);\n hash = sha3_Finalize(&c);\n if(memcmp(hash, \"\\xce\\x87\\xa5\\x17\\x3b\\xff\\xd9\\x23\"\n \"\\x99\\x22\\x16\\x58\\xf8\\x01\\xd4\\x5c\"\n \"\\x29\\x4d\\x90\\x06\\xee\\x9f\\x3f\\x9d\"\n \"\\x41\\x9c\\x8d\\x42\\x77\\x48\\xdc\\x41\", 256 / 8) != 0) {\n printf(\"SHA3-256(433C...CE) \"\n \"doesn't match known answer (single buffer)\\n\");\n return 14;\n }\n\n /* SHA3-256 byte-by-byte: 16777216 steps. ExtremelyLongMsgKAT_256\n * [Keccak] */\n i = 16777216;\n sha3_Init256(&c);\n sha3_SetFlags(&c, SHA3_FLAGS_KECCAK);\n while (i--) {\n sha3_Update(&c,\n \"abcdefghbcdefghicdefghijdefghijk\"\n \"efghijklfghijklmghijklmnhijklmno\", 64);\n }\n hash = sha3_Finalize(&c);\n if(memcmp(hash, \"\\x5f\\x31\\x3c\\x39\\x96\\x3d\\xcf\\x79\"\n \"\\x2b\\x54\\x70\\xd4\\xad\\xe9\\xf3\\xa3\"\n \"\\x56\\xa3\\xe4\\x02\\x17\\x48\\x69\\x0a\"\n \"\\x95\\x83\\x72\\xe2\\xb0\\x6f\\x82\\xa4\", 256 / 8) != 0) {\n printf(\"SHA3-256( abcdefgh...[16777216 times] ) \"\n \"doesn't match known answer\\n\");\n return 15;\n }\n\n printf(\"Keccak-256 tests passed OK\\n\");\n\n /* ----- SHA3 testing begins ----- */\n\n /* SHA-256 on an empty buffer */\n sha3_Init256(&c);\n hash = sha3_Finalize(&c);\n if(memcmp(sha3_256_empty, hash, sizeof(sha3_256_empty)) != 0) {\n printf(\"SHA3-256() doesn't match known answer\\n\");\n return 1;\n }\n\n sha3_HashBuffer(256, SHA3_FLAGS_NONE, \"abc\", 3, buf, sizeof(buf));\n if(memcmp(buf, \n \"\\x3a\\x98\\x5d\\xa7\\x4f\\xe2\\x25\\xb2\"\n \"\\x04\\x5c\\x17\\x2d\\x6b\\xd3\\x90\\xbd\"\n \"\\x85\\x5f\\x08\\x6e\\x3e\\x9d\\x52\\x5b\"\n \"\\x46\\xbf\\xe2\\x45\\x11\\x43\\x15\\x32\", 256 / 8) != 0) {\n printf(\"SHA3-256(abc) \"\n \"doesn't match known answer (single buffer)\\n\");\n return 10;\n }\n\n memset(buf, c1, sizeof(buf)); /* set to value c1 */\n\n /* SHA3-256 as a single buffer. [FIPS 202] */\n sha3_Init256(&c);\n sha3_Update(&c, buf, sizeof(buf));\n hash = sha3_Finalize(&c);\n if(memcmp(sha3_256_0xa3_200_times, hash,\n sizeof(sha3_256_0xa3_200_times)) != 0) {\n printf(\"SHA3-256( 0xa3 ... [200 times] ) \"\n \"doesn't match known answer (1 buffer)\\n\");\n return 1;\n }\n\n /* SHA3-256 in two steps. [FIPS 202] */\n sha3_Init256(&c);\n sha3_Update(&c, buf, sizeof(buf) / 2);\n sha3_Update(&c, buf + sizeof(buf) / 2, sizeof(buf) / 2);\n hash = sha3_Finalize(&c);\n if(memcmp(sha3_256_0xa3_200_times, hash,\n sizeof(sha3_256_0xa3_200_times)) != 0) {\n printf(\"SHA3-256( 0xa3 ... [200 times] ) \"\n \"doesn't match known answer (2 steps)\\n\");\n return 2;\n }\n\n /* SHA3-256 byte-by-byte: 200 steps. [FIPS 202] */\n i = 200;\n sha3_Init256(&c);\n while (i--) {\n sha3_Update(&c, &c1, 1);\n }\n hash = sha3_Finalize(&c);\n if(memcmp(sha3_256_0xa3_200_times, hash,\n sizeof(sha3_256_0xa3_200_times)) != 0) {\n printf(\"SHA3-256( 0xa3 ... [200 times] ) \"\n \"doesn't match known answer (200 steps)\\n\");\n return 3;\n }\n\n /* SHA3-256 byte-by-byte: 135 bytes. Input from [Keccak]. Output\n * matched with sha3sum. */\n sha3_Init256(&c);\n sha3_Update(&c,\n \"\\xb7\\x71\\xd5\\xce\\xf5\\xd1\\xa4\\x1a\"\n \"\\x93\\xd1\\x56\\x43\\xd7\\x18\\x1d\\x2a\"\n \"\\x2e\\xf0\\xa8\\xe8\\x4d\\x91\\x81\\x2f\"\n \"\\x20\\xed\\x21\\xf1\\x47\\xbe\\xf7\\x32\"\n \"\\xbf\\x3a\\x60\\xef\\x40\\x67\\xc3\\x73\"\n \"\\x4b\\x85\\xbc\\x8c\\xd4\\x71\\x78\\x0f\"\n \"\\x10\\xdc\\x9e\\x82\\x91\\xb5\\x83\\x39\"\n \"\\xa6\\x77\\xb9\\x60\\x21\\x8f\\x71\\xe7\"\n \"\\x93\\xf2\\x79\\x7a\\xea\\x34\\x94\\x06\"\n \"\\x51\\x28\\x29\\x06\\x5d\\x37\\xbb\\x55\"\n \"\\xea\\x79\\x6f\\xa4\\xf5\\x6f\\xd8\\x89\"\n \"\\x6b\\x49\\xb2\\xcd\\x19\\xb4\\x32\\x15\"\n \"\\xad\\x96\\x7c\\x71\\x2b\\x24\\xe5\\x03\"\n \"\\x2d\\x06\\x52\\x32\\xe0\\x2c\\x12\\x74\"\n \"\\x09\\xd2\\xed\\x41\\x46\\xb9\\xd7\\x5d\"\n \"\\x76\\x3d\\x52\\xdb\\x98\\xd9\\x49\\xd3\"\n \"\\xb0\\xfe\\xd6\\xa8\\x05\\x2f\\xbb\", 1080 / 8);\n hash = sha3_Finalize(&c);\n if(memcmp(hash, \"\\xa1\\x9e\\xee\\x92\\xbb\\x20\\x97\\xb6\"\n \"\\x4e\\x82\\x3d\\x59\\x77\\x98\\xaa\\x18\"\n \"\\xbe\\x9b\\x7c\\x73\\x6b\\x80\\x59\\xab\"\n \"\\xfd\\x67\\x79\\xac\\x35\\xac\\x81\\xb5\", 256 / 8) != 0) {\n printf(\"SHA3-256( b771 ... ) doesn't match the known answer\\n\");\n return 4;\n }\n\n /* SHA3-384 as a single buffer. [FIPS 202] */\n sha3_Init384(&c);\n sha3_Update(&c, buf, sizeof(buf));\n hash = sha3_Finalize(&c);\n if(memcmp(sha3_384_0xa3_200_times, hash,\n sizeof(sha3_384_0xa3_200_times)) != 0) {\n printf(\"SHA3-384( 0xa3 ... [200 times] ) \"\n \"doesn't match known answer (1 buffer)\\n\");\n return 5;\n }\n\n /* SHA3-384 in two steps. [FIPS 202] */\n sha3_Init384(&c);\n sha3_Update(&c, buf, sizeof(buf) / 2);\n sha3_Update(&c, buf + sizeof(buf) / 2, sizeof(buf) / 2);\n hash = sha3_Finalize(&c);\n if(memcmp(sha3_384_0xa3_200_times, hash,\n sizeof(sha3_384_0xa3_200_times)) != 0) {\n printf(\"SHA3-384( 0xa3 ... [200 times] ) \"\n \"doesn't match known answer (2 steps)\\n\");\n return 6;\n }\n\n /* SHA3-384 byte-by-byte: 200 steps. [FIPS 202] */\n i = 200;\n sha3_Init384(&c);\n while (i--) {\n sha3_Update(&c, &c1, 1);\n }\n hash = sha3_Finalize(&c);\n if(memcmp(sha3_384_0xa3_200_times, hash,\n sizeof(sha3_384_0xa3_200_times)) != 0) {\n printf(\"SHA3-384( 0xa3 ... [200 times] ) \"\n \"doesn't match known answer (200 steps)\\n\");\n return 7;\n }\n\n /* SHA3-512 as a single buffer. [FIPS 202] */\n sha3_Init512(&c);\n sha3_Update(&c, buf, sizeof(buf));\n hash = sha3_Finalize(&c);\n if(memcmp(sha3_512_0xa3_200_times, hash,\n sizeof(sha3_512_0xa3_200_times)) != 0) {\n printf(\"SHA3-512( 0xa3 ... [200 times] ) \"\n \"doesn't match known answer (1 buffer)\\n\");\n return 8;\n }\n\n /* SHA3-512 in two steps. [FIPS 202] */\n sha3_Init512(&c);\n sha3_Update(&c, buf, sizeof(buf) / 2);\n sha3_Update(&c, buf + sizeof(buf) / 2, sizeof(buf) / 2);\n hash = sha3_Finalize(&c);\n if(memcmp(sha3_512_0xa3_200_times, hash,\n sizeof(sha3_512_0xa3_200_times)) != 0) {\n printf(\"SHA3-512( 0xa3 ... [200 times] ) \"\n \"doesn't match known answer (2 steps)\\n\");\n return 9;\n }\n\n /* SHA3-512 byte-by-byte: 200 steps. [FIPS 202] */\n i = 200;\n sha3_Init512(&c);\n while (i--) {\n sha3_Update(&c, &c1, 1);\n }\n hash = sha3_Finalize(&c);\n if(memcmp(sha3_512_0xa3_200_times, hash,\n sizeof(sha3_512_0xa3_200_times)) != 0) {\n printf(\"SHA3-512( 0xa3 ... [200 times] ) \"\n \"doesn't match known answer (200 steps)\\n\");\n return 10;\n }\n\n printf(\"SHA3-256, SHA3-384, SHA3-512 tests passed OK\\n\");\n\n return 0;\n}\n" } ]