[thirdparty/openssl.git] / providers / implementations / digests / sha3_prov.c

/*
 * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <string.h>
#include <openssl/core_names.h>
#include <openssl/crypto.h>
#include <openssl/evp.h>
#include <openssl/params.h>
#include <openssl/err.h>
#include <openssl/proverr.h>
#include "internal/sha3.h"
#include "prov/digestcommon.h"
#include "prov/implementations.h"

#define SHA3_FLAGS PROV_DIGEST_FLAG_ALGID_ABSENT
#define SHAKE_FLAGS PROV_DIGEST_FLAG_XOF
#define KMAC_FLAGS PROV_DIGEST_FLAG_XOF

/*
 * Forward declaration of any unique methods implemented here. This is not strictly
 * necessary for the compiler, but provides an assurance that the signatures
 * of the functions in the dispatch table are correct.
 */
static OSSL_FUNC_digest_init_fn keccak_init;
static OSSL_FUNC_digest_init_fn keccak_init_params;
static OSSL_FUNC_digest_update_fn keccak_update;
static OSSL_FUNC_digest_final_fn keccak_final;
static OSSL_FUNC_digest_freectx_fn keccak_freectx;
static OSSL_FUNC_digest_dupctx_fn keccak_dupctx;
static OSSL_FUNC_digest_set_ctx_params_fn shake_set_ctx_params;
static OSSL_FUNC_digest_settable_ctx_params_fn shake_settable_ctx_params;
static sha3_absorb_fn generic_sha3_absorb;
static sha3_final_fn generic_sha3_final;

#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__) && defined(KECCAK1600_ASM)
/*
 * IBM S390X support
 */
# include "s390x_arch.h"
# define S390_SHA3 1
# define S390_SHA3_CAPABLE(name) \
    ((OPENSSL_s390xcap_P.kimd[0] & S390X_CAPBIT(S390X_##name)) && \
     (OPENSSL_s390xcap_P.klmd[0] & S390X_CAPBIT(S390X_##name)))

#endif

static int keccak_init(void *vctx, ossl_unused const OSSL_PARAM params[])
{
    if (!ossl_prov_is_running())
        return 0;
    /* The newctx() handles most of the ctx fixed setup. */
    ossl_sha3_reset((KECCAK1600_CTX *)vctx);
    return 1;
}

static int keccak_init_params(void *vctx, const OSSL_PARAM params[])
{
    return keccak_init(vctx, NULL)
            && shake_set_ctx_params(vctx, params);
}

static int keccak_update(void *vctx, const unsigned char *inp, size_t len)
{
    KECCAK1600_CTX *ctx = vctx;
    const size_t bsz = ctx->block_size;
    size_t num, rem;

    if (len == 0)
        return 1;

    /* Is there anything in the buffer already ? */
    if ((num = ctx->bufsz) != 0) {
        /* Calculate how much space is left in the buffer */
        rem = bsz - num;
        /* If the new input does not fill the buffer then just add it */
        if (len < rem) {
            memcpy(ctx->buf + num, inp, len);
            ctx->bufsz += len;
            return 1;
        }
        /* otherwise fill up the buffer and absorb the buffer */
        memcpy(ctx->buf + num, inp, rem);
        /* Update the input pointer */
        inp += rem;
        len -= rem;
        ctx->meth.absorb(ctx, ctx->buf, bsz);
        ctx->bufsz = 0;
    }
    /* Absorb the input - rem = leftover part of the input < blocksize) */
    rem = ctx->meth.absorb(ctx, inp, len);
    /* Copy the leftover bit of the input into the buffer */
    if (rem) {
        memcpy(ctx->buf, inp + len - rem, rem);
        ctx->bufsz = rem;
    }
    return 1;
}

static int keccak_final(void *vctx, unsigned char *out, size_t *outl,
                        size_t outsz)
{
    int ret = 1;
    KECCAK1600_CTX *ctx = vctx;

    if (!ossl_prov_is_running())
        return 0;
    if (outsz > 0)
        ret = ctx->meth.final(out, ctx);

    *outl = ctx->md_size;
    return ret;
}

/*-
 * Generic software version of the absorb() and final().
 */
static size_t generic_sha3_absorb(void *vctx, const void *inp, size_t len)
{
    KECCAK1600_CTX *ctx = vctx;

    return SHA3_absorb(ctx->A, inp, len, ctx->block_size);
}

static int generic_sha3_final(unsigned char *md, void *vctx)
{
    return ossl_sha3_final(md, (KECCAK1600_CTX *)vctx);
}

static PROV_SHA3_METHOD sha3_generic_md =
{
    generic_sha3_absorb,
    generic_sha3_final
};

#if defined(S390_SHA3)

static sha3_absorb_fn s390x_sha3_absorb;
static sha3_final_fn s390x_sha3_final;
static sha3_final_fn s390x_shake_final;

/*-
 * The platform specific parts of the absorb() and final() for S390X.
 */
static size_t s390x_sha3_absorb(void *vctx, const void *inp, size_t len)
{
    KECCAK1600_CTX *ctx = vctx;
    size_t rem = len % ctx->block_size;

    s390x_kimd(inp, len - rem, ctx->pad, ctx->A);
    return rem;
}

static int s390x_sha3_final(unsigned char *md, void *vctx)
{
    KECCAK1600_CTX *ctx = vctx;

    if (!ossl_prov_is_running())
        return 0;
    s390x_klmd(ctx->buf, ctx->bufsz, NULL, 0, ctx->pad, ctx->A);
    memcpy(md, ctx->A, ctx->md_size);
    return 1;
}

static int s390x_shake_final(unsigned char *md, void *vctx)
{
    KECCAK1600_CTX *ctx = vctx;

    if (!ossl_prov_is_running())
        return 0;
    s390x_klmd(ctx->buf, ctx->bufsz, md, ctx->md_size, ctx->pad, ctx->A);
    return 1;
}

static PROV_SHA3_METHOD sha3_s390x_md =
{
    s390x_sha3_absorb,
    s390x_sha3_final
};

static PROV_SHA3_METHOD keccak_s390x_md =
{
    s390x_sha3_absorb,
    s390x_sha3_final
};

static PROV_SHA3_METHOD shake_s390x_md =
{
    s390x_sha3_absorb,
    s390x_shake_final
};

# define SHA3_SET_MD(uname, typ)                                               \
    if (S390_SHA3_CAPABLE(uname)) {                                            \
        ctx->pad = S390X_##uname;                                              \
        ctx->meth = typ##_s390x_md;                                            \
    } else {                                                                   \
        ctx->meth = sha3_generic_md;                                           \
    }
#else
# define SHA3_SET_MD(uname, typ) ctx->meth = sha3_generic_md;
#endif /* S390_SHA3 */

#define SHA3_newctx(typ, uname, name, bitlen, pad)                             \
static OSSL_FUNC_digest_newctx_fn name##_newctx;                               \
static void *name##_newctx(void *provctx)                                      \
{                                                                              \
    KECCAK1600_CTX *ctx = ossl_prov_is_running() ? OPENSSL_zalloc(sizeof(*ctx)) \
                                                : NULL;                        \
                                                                               \
    if (ctx == NULL)                                                           \
        return NULL;                                                           \
    ossl_sha3_init(ctx, pad, bitlen);                                          \
    SHA3_SET_MD(uname, typ)                                                    \
    return ctx;                                                                \
}

#define KMAC_newctx(uname, bitlen, pad)                                        \
static OSSL_FUNC_digest_newctx_fn uname##_newctx;                              \
static void *uname##_newctx(void *provctx)                                     \
{                                                                              \
    KECCAK1600_CTX *ctx = ossl_prov_is_running() ? OPENSSL_zalloc(sizeof(*ctx)) \
                                                : NULL;                        \
                                                                               \
    if (ctx == NULL)                                                           \
        return NULL;                                                           \
    ossl_keccak_kmac_init(ctx, pad, bitlen);                                   \
    ctx->meth = sha3_generic_md;                                               \
    return ctx;                                                                \
}

#define PROV_FUNC_SHA3_DIGEST_COMMON(name, bitlen, blksize, dgstsize, flags)   \
PROV_FUNC_DIGEST_GET_PARAM(name, blksize, dgstsize, flags)                     \
const OSSL_DISPATCH ossl_##name##_functions[] = {                              \
    { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))name##_newctx },                \
    { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))keccak_update },                \
    { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))keccak_final },                  \
    { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))keccak_freectx },              \
    { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))keccak_dupctx },                \
    PROV_DISPATCH_FUNC_DIGEST_GET_PARAMS(name)

#define PROV_FUNC_SHA3_DIGEST(name, bitlen, blksize, dgstsize, flags)          \
    PROV_FUNC_SHA3_DIGEST_COMMON(name, bitlen, blksize, dgstsize, flags),      \
    { OSSL_FUNC_DIGEST_INIT, (void (*)(void))keccak_init },                    \
    PROV_DISPATCH_FUNC_DIGEST_CONSTRUCT_END

#define PROV_FUNC_SHAKE_DIGEST(name, bitlen, blksize, dgstsize, flags)         \
    PROV_FUNC_SHA3_DIGEST_COMMON(name, bitlen, blksize, dgstsize, flags),      \
    { OSSL_FUNC_DIGEST_INIT, (void (*)(void))keccak_init_params },             \
    { OSSL_FUNC_DIGEST_SET_CTX_PARAMS, (void (*)(void))shake_set_ctx_params }, \
    { OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS,                                    \
     (void (*)(void))shake_settable_ctx_params },                              \
    PROV_DISPATCH_FUNC_DIGEST_CONSTRUCT_END

static void keccak_freectx(void *vctx)
{
    KECCAK1600_CTX *ctx = (KECCAK1600_CTX *)vctx;

    OPENSSL_clear_free(ctx,  sizeof(*ctx));
}

static void *keccak_dupctx(void *ctx)
{
    KECCAK1600_CTX *in = (KECCAK1600_CTX *)ctx;
    KECCAK1600_CTX *ret = ossl_prov_is_running() ? OPENSSL_malloc(sizeof(*ret))
                                                 : NULL;

    if (ret != NULL)
        *ret = *in;
    return ret;
}

static const OSSL_PARAM known_shake_settable_ctx_params[] = {
    {OSSL_DIGEST_PARAM_XOFLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL, 0, 0},
    OSSL_PARAM_END
};
static const OSSL_PARAM *shake_settable_ctx_params(ossl_unused void *ctx,
                                                   ossl_unused void *provctx)
{
    return known_shake_settable_ctx_params;
}

static int shake_set_ctx_params(void *vctx, const OSSL_PARAM params[])
{
    const OSSL_PARAM *p;
    KECCAK1600_CTX *ctx = (KECCAK1600_CTX *)vctx;

    if (ctx == NULL)
        return 0;
    if (params == NULL)
        return 1;

    p = OSSL_PARAM_locate_const(params, OSSL_DIGEST_PARAM_XOFLEN);
    if (p != NULL && !OSSL_PARAM_get_size_t(p, &ctx->md_size)) {
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
        return 0;
    }
    return 1;
}

#define IMPLEMENT_SHA3_functions(bitlen)                                       \
    SHA3_newctx(sha3, SHA3_##bitlen, sha3_##bitlen, bitlen, '\x06')            \
    PROV_FUNC_SHA3_DIGEST(sha3_##bitlen, bitlen,                               \
                          SHA3_BLOCKSIZE(bitlen), SHA3_MDSIZE(bitlen),         \
                          SHA3_FLAGS)

#define IMPLEMENT_KECCAK_functions(bitlen)                                     \
    SHA3_newctx(keccak, KECCAK_##bitlen, keccak_##bitlen, bitlen, '\x01')      \
    PROV_FUNC_SHA3_DIGEST(keccak_##bitlen, bitlen,                             \
                          SHA3_BLOCKSIZE(bitlen), SHA3_MDSIZE(bitlen),         \
                          SHA3_FLAGS)

#define IMPLEMENT_SHAKE_functions(bitlen)                                      \
    SHA3_newctx(shake, SHAKE_##bitlen, shake_##bitlen, bitlen, '\x1f')         \
    PROV_FUNC_SHAKE_DIGEST(shake_##bitlen, bitlen,                             \
                          SHA3_BLOCKSIZE(bitlen), SHA3_MDSIZE(bitlen),         \
                          SHAKE_FLAGS)
#define IMPLEMENT_KMAC_functions(bitlen)                                       \
    KMAC_newctx(keccak_kmac_##bitlen, bitlen, '\x04')                          \
    PROV_FUNC_SHAKE_DIGEST(keccak_kmac_##bitlen, bitlen,                       \
                           SHA3_BLOCKSIZE(bitlen), KMAC_MDSIZE(bitlen),        \
                           KMAC_FLAGS)

/* ossl_sha3_224_functions */
IMPLEMENT_SHA3_functions(224)
/* ossl_sha3_256_functions */
IMPLEMENT_SHA3_functions(256)
/* ossl_sha3_384_functions */
IMPLEMENT_SHA3_functions(384)
/* ossl_sha3_512_functions */
IMPLEMENT_SHA3_functions(512)
/* ossl_keccak_224_functions */
IMPLEMENT_KECCAK_functions(224)
/* ossl_keccak_256_functions */
IMPLEMENT_KECCAK_functions(256)
/* ossl_keccak_384_functions */
IMPLEMENT_KECCAK_functions(384)
/* ossl_keccak_512_functions */
IMPLEMENT_KECCAK_functions(512)
/* ossl_shake_128_functions */
IMPLEMENT_SHAKE_functions(128)
/* ossl_shake_256_functions */
IMPLEMENT_SHAKE_functions(256)
/* ossl_keccak_kmac_128_functions */
IMPLEMENT_KMAC_functions(128)
/* ossl_keccak_kmac_256_functions */
IMPLEMENT_KMAC_functions(256)
Commit	Line	Data
d5e5e2ff	1	/*
fecb3aae	2	* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
d5e5e2ff SL	3	*
	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
d5e5e2ff	10	#include <string.h>
c85d5e02	11	#include <openssl/core_names.h>
d5e5e2ff SL	12	#include <openssl/crypto.h>
	13	#include <openssl/evp.h>
	14	#include <openssl/params.h>
c85d5e02	15	#include <openssl/err.h>
2741128e	16	#include <openssl/proverr.h>
d5e5e2ff	17	#include "internal/sha3.h"
7c214f10	18	#include "prov/digestcommon.h"
af3e7e1b	19	#include "prov/implementations.h"
d5e5e2ff	20
af53092c SL	21	#define SHA3_FLAGS PROV_DIGEST_FLAG_ALGID_ABSENT
	22	#define SHAKE_FLAGS PROV_DIGEST_FLAG_XOF
	23	#define KMAC_FLAGS PROV_DIGEST_FLAG_XOF
	24
d5e5e2ff SL	25	/*
	26	* Forward declaration of any unique methods implemented here. This is not strictly
	27	* necessary for the compiler, but provides an assurance that the signatures
	28	* of the functions in the dispatch table are correct.
	29	*/
363b1e5d	30	static OSSL_FUNC_digest_init_fn keccak_init;
d7ec1dda	31	static OSSL_FUNC_digest_init_fn keccak_init_params;
363b1e5d DMSP	32	static OSSL_FUNC_digest_update_fn keccak_update;
	33	static OSSL_FUNC_digest_final_fn keccak_final;
	34	static OSSL_FUNC_digest_freectx_fn keccak_freectx;
	35	static OSSL_FUNC_digest_dupctx_fn keccak_dupctx;
	36	static OSSL_FUNC_digest_set_ctx_params_fn shake_set_ctx_params;
	37	static OSSL_FUNC_digest_settable_ctx_params_fn shake_settable_ctx_params;
d5e5e2ff SL	38	static sha3_absorb_fn generic_sha3_absorb;
	39	static sha3_final_fn generic_sha3_final;
	40
	41	#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__) && defined(KECCAK1600_ASM)
	42	/*
	43	* IBM S390X support
	44	*/
	45	# include "s390x_arch.h"
	46	# define S390_SHA3 1
	47	# define S390_SHA3_CAPABLE(name) \
	48	((OPENSSL_s390xcap_P.kimd[0] & S390X_CAPBIT(S390X_##name)) && \
	49	(OPENSSL_s390xcap_P.klmd[0] & S390X_CAPBIT(S390X_##name)))
	50
	51	#endif
	52
d7ec1dda	53	static int keccak_init(void *vctx, ossl_unused const OSSL_PARAM params[])
d5e5e2ff	54	{
1c1daab9 P	55	if (!ossl_prov_is_running())
1c1daab9 P	56	return 0;
d5e5e2ff	57	/* The newctx() handles most of the ctx fixed setup. */
b68a947f	58	ossl_sha3_reset((KECCAK1600_CTX *)vctx);
d5e5e2ff SL	59	return 1;
	60	}
	61
d7ec1dda P	62	static int keccak_init_params(void *vctx, const OSSL_PARAM params[])
	63	{
	64	return keccak_init(vctx, NULL)
	65	&& shake_set_ctx_params(vctx, params);
	66	}
	67
d5e5e2ff SL	68	static int keccak_update(void vctx, const unsigned char inp, size_t len)
	69	{
	70	KECCAK1600_CTX *ctx = vctx;
	71	const size_t bsz = ctx->block_size;
	72	size_t num, rem;
	73
	74	if (len == 0)
	75	return 1;
	76
	77	/* Is there anything in the buffer already ? */
	78	if ((num = ctx->bufsz) != 0) {
	79	/* Calculate how much space is left in the buffer */
	80	rem = bsz - num;
	81	/* If the new input does not fill the buffer then just add it */
	82	if (len < rem) {
	83	memcpy(ctx->buf + num, inp, len);
	84	ctx->bufsz += len;
	85	return 1;
	86	}
	87	/* otherwise fill up the buffer and absorb the buffer */
	88	memcpy(ctx->buf + num, inp, rem);
	89	/* Update the input pointer */
	90	inp += rem;
	91	len -= rem;
	92	ctx->meth.absorb(ctx, ctx->buf, bsz);
	93	ctx->bufsz = 0;
	94	}
	95	/* Absorb the input - rem = leftover part of the input < blocksize) */
	96	rem = ctx->meth.absorb(ctx, inp, len);
	97	/* Copy the leftover bit of the input into the buffer */
	98	if (rem) {
	99	memcpy(ctx->buf, inp + len - rem, rem);
	100	ctx->bufsz = rem;
	101	}
	102	return 1;
	103	}
	104
	105	static int keccak_final(void vctx, unsigned char out, size_t *outl,
	106	size_t outsz)
	107	{
a890ef83	108	int ret = 1;
d5e5e2ff SL	109	KECCAK1600_CTX *ctx = vctx;
d5e5e2ff SL	110
1c1daab9 P	111	if (!ossl_prov_is_running())
1c1daab9 P	112	return 0;
a890ef83 PS	113	if (outsz > 0)
	114	ret = ctx->meth.final(out, ctx);
	115
d5e5e2ff SL	116	*outl = ctx->md_size;
	117	return ret;
	118	}
	119
	120	/*-
	121	* Generic software version of the absorb() and final().
	122	*/
	123	static size_t generic_sha3_absorb(void vctx, const void inp, size_t len)
	124	{
	125	KECCAK1600_CTX *ctx = vctx;
	126
	127	return SHA3_absorb(ctx->A, inp, len, ctx->block_size);
	128	}
	129
	130	static int generic_sha3_final(unsigned char md, void vctx)
	131	{
b68a947f	132	return ossl_sha3_final(md, (KECCAK1600_CTX *)vctx);
d5e5e2ff SL	133	}
	134
	135	static PROV_SHA3_METHOD sha3_generic_md =
	136	{
	137	generic_sha3_absorb,
	138	generic_sha3_final
	139	};
	140
	141	#if defined(S390_SHA3)
	142
	143	static sha3_absorb_fn s390x_sha3_absorb;
	144	static sha3_final_fn s390x_sha3_final;
	145	static sha3_final_fn s390x_shake_final;
	146
	147	/*-
	148	* The platform specific parts of the absorb() and final() for S390X.
	149	*/
	150	static size_t s390x_sha3_absorb(void vctx, const void inp, size_t len)
	151	{
	152	KECCAK1600_CTX *ctx = vctx;
	153	size_t rem = len % ctx->block_size;
	154
	155	s390x_kimd(inp, len - rem, ctx->pad, ctx->A);
	156	return rem;
	157	}
	158
	159	static int s390x_sha3_final(unsigned char md, void vctx)
	160	{
	161	KECCAK1600_CTX *ctx = vctx;
	162
1c1daab9 P	163	if (!ossl_prov_is_running())
1c1daab9 P	164	return 0;
d5e5e2ff SL	165	s390x_klmd(ctx->buf, ctx->bufsz, NULL, 0, ctx->pad, ctx->A);
d5e5e2ff SL	166	memcpy(md, ctx->A, ctx->md_size);
be1dc984	167	return 1;
d5e5e2ff SL	168	}
	169
	170	static int s390x_shake_final(unsigned char md, void vctx)
	171	{
	172	KECCAK1600_CTX *ctx = vctx;
	173
1c1daab9 P	174	if (!ossl_prov_is_running())
1c1daab9 P	175	return 0;
d5e5e2ff SL	176	s390x_klmd(ctx->buf, ctx->bufsz, md, ctx->md_size, ctx->pad, ctx->A);
	177	return 1;
	178	}
	179
	180	static PROV_SHA3_METHOD sha3_s390x_md =
	181	{
	182	s390x_sha3_absorb,
	183	s390x_sha3_final
	184	};
	185
524f1261 UM	186	static PROV_SHA3_METHOD keccak_s390x_md =
	187	{
	188	s390x_sha3_absorb,
	189	s390x_sha3_final
	190	};
	191
d5e5e2ff SL	192	static PROV_SHA3_METHOD shake_s390x_md =
	193	{
	194	s390x_sha3_absorb,
	195	s390x_shake_final
	196	};
	197
c85d5e02 SL	198	# define SHA3_SET_MD(uname, typ) \
	199	if (S390_SHA3_CAPABLE(uname)) { \
	200	ctx->pad = S390X_##uname; \
	201	ctx->meth = typ##_s390x_md; \
	202	} else { \
	203	ctx->meth = sha3_generic_md; \
d5e5e2ff SL	204	}
	205	#else
	206	# define SHA3_SET_MD(uname, typ) ctx->meth = sha3_generic_md;
	207	#endif /* S390_SHA3 */
	208
c85d5e02	209	#define SHA3_newctx(typ, uname, name, bitlen, pad) \
363b1e5d	210	static OSSL_FUNC_digest_newctx_fn name##_newctx; \
c85d5e02 SL	211	static void name##_newctx(void provctx) \
c85d5e02 SL	212	{ \
1c1daab9 P	213	KECCAK1600_CTX ctx = ossl_prov_is_running() ? OPENSSL_zalloc(sizeof(ctx)) \
1c1daab9 P	214	: NULL; \
c85d5e02 SL	215	\
	216	if (ctx == NULL) \
	217	return NULL; \
b68a947f	218	ossl_sha3_init(ctx, pad, bitlen); \
c85d5e02 SL	219	SHA3_SET_MD(uname, typ) \
c85d5e02 SL	220	return ctx; \
d5e5e2ff SL	221	}
d5e5e2ff SL	222
c85d5e02	223	#define KMAC_newctx(uname, bitlen, pad) \
363b1e5d	224	static OSSL_FUNC_digest_newctx_fn uname##_newctx; \
c85d5e02 SL	225	static void uname##_newctx(void provctx) \
c85d5e02 SL	226	{ \
1c1daab9 P	227	KECCAK1600_CTX ctx = ossl_prov_is_running() ? OPENSSL_zalloc(sizeof(ctx)) \
1c1daab9 P	228	: NULL; \
c85d5e02 SL	229	\
	230	if (ctx == NULL) \
	231	return NULL; \
b68a947f	232	ossl_keccak_kmac_init(ctx, pad, bitlen); \
c85d5e02 SL	233	ctx->meth = sha3_generic_md; \
c85d5e02 SL	234	return ctx; \
d5e5e2ff SL	235	}
d5e5e2ff SL	236
c85d5e02 SL	237	#define PROV_FUNC_SHA3_DIGEST_COMMON(name, bitlen, blksize, dgstsize, flags) \
c85d5e02 SL	238	PROV_FUNC_DIGEST_GET_PARAM(name, blksize, dgstsize, flags) \
1be63951	239	const OSSL_DISPATCH ossl_##name##_functions[] = { \
c85d5e02	240	{ OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))name##_newctx }, \
c85d5e02 SL	241	{ OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))keccak_update }, \
	242	{ OSSL_FUNC_DIGEST_FINAL, (void (*)(void))keccak_final }, \
	243	{ OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))keccak_freectx }, \
	244	{ OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))keccak_dupctx }, \
	245	PROV_DISPATCH_FUNC_DIGEST_GET_PARAMS(name)
	246
	247	#define PROV_FUNC_SHA3_DIGEST(name, bitlen, blksize, dgstsize, flags) \
	248	PROV_FUNC_SHA3_DIGEST_COMMON(name, bitlen, blksize, dgstsize, flags), \
d7ec1dda	249	{ OSSL_FUNC_DIGEST_INIT, (void (*)(void))keccak_init }, \
c85d5e02 SL	250	PROV_DISPATCH_FUNC_DIGEST_CONSTRUCT_END
	251
	252	#define PROV_FUNC_SHAKE_DIGEST(name, bitlen, blksize, dgstsize, flags) \
	253	PROV_FUNC_SHA3_DIGEST_COMMON(name, bitlen, blksize, dgstsize, flags), \
d7ec1dda	254	{ OSSL_FUNC_DIGEST_INIT, (void (*)(void))keccak_init_params }, \
c85d5e02 SL	255	{ OSSL_FUNC_DIGEST_SET_CTX_PARAMS, (void (*)(void))shake_set_ctx_params }, \
	256	{ OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS, \
	257	(void (*)(void))shake_settable_ctx_params }, \
	258	PROV_DISPATCH_FUNC_DIGEST_CONSTRUCT_END
d5e5e2ff SL	259
	260	static void keccak_freectx(void *vctx)
	261	{
	262	KECCAK1600_CTX ctx = (KECCAK1600_CTX )vctx;
	263
	264	OPENSSL_clear_free(ctx, sizeof(*ctx));
	265	}
	266
	267	static void keccak_dupctx(void ctx)
	268	{
	269	KECCAK1600_CTX in = (KECCAK1600_CTX )ctx;
1c1daab9	270	KECCAK1600_CTX ret = ossl_prov_is_running() ? OPENSSL_malloc(sizeof(ret))
2c9da416	271	: NULL;
d5e5e2ff	272
a89befba P	273	if (ret != NULL)
a89befba P	274	ret = in;
d5e5e2ff SL	275	return ret;
	276	}
	277
ec02412b	278	static const OSSL_PARAM known_shake_settable_ctx_params[] = {
1e55cbc8	279	{OSSL_DIGEST_PARAM_XOFLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL, 0, 0},
ec02412b RL	280	OSSL_PARAM_END
ec02412b RL	281	};
e772f25c P	282	static const OSSL_PARAM shake_settable_ctx_params(ossl_unused void ctx,
e772f25c P	283	ossl_unused void *provctx)
ec02412b RL	284	{
	285	return known_shake_settable_ctx_params;
	286	}
	287
92d9d0ae	288	static int shake_set_ctx_params(void *vctx, const OSSL_PARAM params[])
d5e5e2ff SL	289	{
	290	const OSSL_PARAM *p;
	291	KECCAK1600_CTX ctx = (KECCAK1600_CTX )vctx;
	292
5506cd0b P	293	if (ctx == NULL)
	294	return 0;
	295	if (params == NULL)
d5e5e2ff	296	return 1;
5506cd0b P	297
	298	p = OSSL_PARAM_locate_const(params, OSSL_DIGEST_PARAM_XOFLEN);
	299	if (p != NULL && !OSSL_PARAM_get_size_t(p, &ctx->md_size)) {
	300	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
	301	return 0;
d5e5e2ff	302	}
5506cd0b	303	return 1;
d5e5e2ff SL	304	}
d5e5e2ff SL	305
c85d5e02 SL	306	#define IMPLEMENT_SHA3_functions(bitlen) \
	307	SHA3_newctx(sha3, SHA3_##bitlen, sha3_##bitlen, bitlen, '\x06') \
	308	PROV_FUNC_SHA3_DIGEST(sha3_##bitlen, bitlen, \
	309	SHA3_BLOCKSIZE(bitlen), SHA3_MDSIZE(bitlen), \
af53092c	310	SHA3_FLAGS)
c85d5e02	311
524f1261 UM	312	#define IMPLEMENT_KECCAK_functions(bitlen) \
	313	SHA3_newctx(keccak, KECCAK_##bitlen, keccak_##bitlen, bitlen, '\x01') \
	314	PROV_FUNC_SHA3_DIGEST(keccak_##bitlen, bitlen, \
	315	SHA3_BLOCKSIZE(bitlen), SHA3_MDSIZE(bitlen), \
	316	SHA3_FLAGS)
	317
c85d5e02 SL	318	#define IMPLEMENT_SHAKE_functions(bitlen) \
	319	SHA3_newctx(shake, SHAKE_##bitlen, shake_##bitlen, bitlen, '\x1f') \
	320	PROV_FUNC_SHAKE_DIGEST(shake_##bitlen, bitlen, \
	321	SHA3_BLOCKSIZE(bitlen), SHA3_MDSIZE(bitlen), \
af53092c	322	SHAKE_FLAGS)
c85d5e02 SL	323	#define IMPLEMENT_KMAC_functions(bitlen) \
	324	KMAC_newctx(keccak_kmac_##bitlen, bitlen, '\x04') \
	325	PROV_FUNC_SHAKE_DIGEST(keccak_kmac_##bitlen, bitlen, \
	326	SHA3_BLOCKSIZE(bitlen), KMAC_MDSIZE(bitlen), \
af53092c	327	KMAC_FLAGS)
c85d5e02	328
1be63951	329	/* ossl_sha3_224_functions */
c85d5e02	330	IMPLEMENT_SHA3_functions(224)
1be63951	331	/* ossl_sha3_256_functions */
c85d5e02	332	IMPLEMENT_SHA3_functions(256)
1be63951	333	/* ossl_sha3_384_functions */
c85d5e02	334	IMPLEMENT_SHA3_functions(384)
1be63951	335	/* ossl_sha3_512_functions */
c85d5e02	336	IMPLEMENT_SHA3_functions(512)
524f1261 UM	337	/* ossl_keccak_224_functions */
	338	IMPLEMENT_KECCAK_functions(224)
	339	/* ossl_keccak_256_functions */
	340	IMPLEMENT_KECCAK_functions(256)
	341	/* ossl_keccak_384_functions */
	342	IMPLEMENT_KECCAK_functions(384)
	343	/* ossl_keccak_512_functions */
	344	IMPLEMENT_KECCAK_functions(512)
1be63951	345	/* ossl_shake_128_functions */
c85d5e02	346	IMPLEMENT_SHAKE_functions(128)
1be63951	347	/* ossl_shake_256_functions */
c85d5e02	348	IMPLEMENT_SHAKE_functions(256)
1be63951	349	/* ossl_keccak_kmac_128_functions */
c85d5e02	350	IMPLEMENT_KMAC_functions(128)
1be63951	351	/* ossl_keccak_kmac_256_functions */
c85d5e02	352	IMPLEMENT_KMAC_functions(256)