[thirdparty/openssl.git] / providers / common / digests / sha3_prov.c

/*
 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <openssl/core_names.h>
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/evp.h>
#include <openssl/params.h>
#include "internal/sha3.h"
#include "internal/core_mkdigest.h"
#include "internal/provider_algs.h"

/*
 * Forward declaration of any unique methods implemented here. This is not strictly
 * necessary for the compiler, but provides an assurance that the signatures
 * of the functions in the dispatch table are correct.
 */
static OSSL_OP_digest_init_fn keccak_init;
static OSSL_OP_digest_update_fn keccak_update;
static OSSL_OP_digest_final_fn keccak_final;
static OSSL_OP_digest_freectx_fn keccak_freectx;
static OSSL_OP_digest_dupctx_fn keccak_dupctx;
static OSSL_OP_digest_ctx_set_params_fn shake_ctx_set_params;
static OSSL_OP_digest_settable_ctx_params_fn shake_settable_ctx_params;
static sha3_absorb_fn generic_sha3_absorb;
static sha3_final_fn generic_sha3_final;

#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__) && defined(KECCAK1600_ASM)
/*
 * IBM S390X support
 */
# include "s390x_arch.h"
# define S390_SHA3 1
# define S390_SHA3_CAPABLE(name) \
    ((OPENSSL_s390xcap_P.kimd[0] & S390X_CAPBIT(S390X_##name)) && \
     (OPENSSL_s390xcap_P.klmd[0] & S390X_CAPBIT(S390X_##name)))

#endif

static int keccak_init(void *vctx)
{
    /* The newctx() handles most of the ctx fixed setup. */
    sha3_reset((KECCAK1600_CTX *)vctx);
    return 1;
}

static int keccak_update(void *vctx, const unsigned char *inp, size_t len)
{
    KECCAK1600_CTX *ctx = vctx;
    const size_t bsz = ctx->block_size;
    size_t num, rem;

    if (len == 0)
        return 1;

    /* Is there anything in the buffer already ? */
    if ((num = ctx->bufsz) != 0) {
        /* Calculate how much space is left in the buffer */
        rem = bsz - num;
        /* If the new input does not fill the buffer then just add it */
        if (len < rem) {
            memcpy(ctx->buf + num, inp, len);
            ctx->bufsz += len;
            return 1;
        }
        /* otherwise fill up the buffer and absorb the buffer */
        memcpy(ctx->buf + num, inp, rem);
        /* Update the input pointer */
        inp += rem;
        len -= rem;
        ctx->meth.absorb(ctx, ctx->buf, bsz);
        ctx->bufsz = 0;
    }
    /* Absorb the input - rem = leftover part of the input < blocksize) */
    rem = ctx->meth.absorb(ctx, inp, len);
    /* Copy the leftover bit of the input into the buffer */
    if (rem) {
        memcpy(ctx->buf, inp + len - rem, rem);
        ctx->bufsz = rem;
    }
    return 1;
}

static int keccak_final(void *vctx, unsigned char *out, size_t *outl,
                        size_t outsz)
{
    int ret;
    KECCAK1600_CTX *ctx = vctx;

    ret = ctx->meth.final(out, ctx);
    *outl = ctx->md_size;
    return ret;
}

/*-
 * Generic software version of the absorb() and final().
 */
static size_t generic_sha3_absorb(void *vctx, const void *inp, size_t len)
{
    KECCAK1600_CTX *ctx = vctx;

    return SHA3_absorb(ctx->A, inp, len, ctx->block_size);
}

static int generic_sha3_final(unsigned char *md, void *vctx)
{
    return sha3_final(md, (KECCAK1600_CTX *)vctx);
}

static PROV_SHA3_METHOD sha3_generic_md =
{
    generic_sha3_absorb,
    generic_sha3_final
};

#if defined(S390_SHA3)

static sha3_absorb_fn s390x_sha3_absorb;
static sha3_final_fn s390x_sha3_final;
static sha3_final_fn s390x_shake_final;

/*-
 * The platform specific parts of the absorb() and final() for S390X.
 */
static size_t s390x_sha3_absorb(void *vctx, const void *inp, size_t len)
{
    KECCAK1600_CTX *ctx = vctx;
    size_t rem = len % ctx->block_size;

    s390x_kimd(inp, len - rem, ctx->pad, ctx->A);
    return rem;
}

static int s390x_sha3_final(unsigned char *md, void *vctx)
{
    KECCAK1600_CTX *ctx = vctx;

    s390x_klmd(ctx->buf, ctx->bufsz, NULL, 0, ctx->pad, ctx->A);
    memcpy(md, ctx->A, ctx->md_size);
    return 1;
}

static int s390x_shake_final(unsigned char *md, void *vctx)
{
    KECCAK1600_CTX *ctx = vctx;

    s390x_klmd(ctx->buf, ctx->bufsz, md, ctx->md_size, ctx->pad, ctx->A);
    return 1;
}

static PROV_SHA3_METHOD sha3_s390x_md =
{
    s390x_sha3_absorb,
    s390x_sha3_final
};

static PROV_SHA3_METHOD shake_s390x_md =
{
    s390x_sha3_absorb,
    s390x_shake_final
};

# define SHA3_SET_MD(uname, typ) \
    if (S390_SHA3_CAPABLE(uname)) { \
        ctx->pad = S390X_##uname; \
        ctx->meth = typ##_s390x_md; \
    } else { \
        ctx->meth = sha3_generic_md; \
    }
#else
# define SHA3_SET_MD(uname, typ) ctx->meth = sha3_generic_md;
#endif /* S390_SHA3 */

#define SHA3_newctx(typ, uname, name, bitlen, pad) \
static OSSL_OP_digest_newctx_fn name##_newctx; \
static void *name##_newctx(void *provctx) \
{ \
    KECCAK1600_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); \
 \
    if (ctx == NULL) \
        return NULL; \
    sha3_init(ctx, pad, bitlen); \
    SHA3_SET_MD(uname, typ) \
    return ctx; \
}

#define KMAC_newctx(uname, bitlen, pad) \
static OSSL_OP_digest_newctx_fn uname##_newctx; \
static void *uname##_newctx(void *provctx) \
{ \
    KECCAK1600_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); \
 \
    if (ctx == NULL) \
        return NULL; \
    keccak_kmac_init(ctx, pad, bitlen); \
    ctx->meth = sha3_generic_md; \
    return ctx; \
}

#define OSSL_FUNC_SHA3_DIGEST(name, bitlen, blksize, dgstsize, flags,   \
                              stparamtypes, stparams)                   \
static OSSL_OP_digest_get_params_fn name##_get_params;                  \
static OSSL_OP_digest_gettable_params_fn name##_gettable_params;        \
static const OSSL_PARAM known_##name##_gettable_params[] = {            \
    {OSSL_DIGEST_PARAM_BLOCK_SIZE, OSSL_PARAM_INTEGER,                  \
     NULL, sizeof(int), 0},                                             \
    {OSSL_DIGEST_PARAM_SIZE, OSSL_PARAM_INTEGER, NULL, sizeof(int), 0}, \
    {OSSL_DIGEST_PARAM_FLAGS, OSSL_PARAM_INTEGER,                       \
     NULL, sizeof(unsigned long), 0},                                   \
    OSSL_PARAM_END                                                      \
};                                                                      \
static const OSSL_PARAM *name##_gettable_params(void)                   \
{                                                                       \
    return known_##name##_gettable_params;                              \
}                                                                       \
static int name##_get_params(OSSL_PARAM params[])                       \
{                                                                       \
    OSSL_PARAM *p = NULL;                                               \
                                                                        \
    p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_BLOCK_SIZE);        \
    if (p != NULL && !OSSL_PARAM_set_int(p, (blksize)))                 \
        return 0;                                                       \
    p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_SIZE);              \
    if (p != NULL && !OSSL_PARAM_set_int(p, (dgstsize)))                \
        return 0;                                                       \
    p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_FLAGS);             \
    if (p != NULL && !OSSL_PARAM_set_ulong(p, (flags)))                 \
        return 0;                                                       \
    return 1;                                                           \
}                                                                       \
const OSSL_DISPATCH name##_functions[] = {                              \
    { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))name##_newctx },         \
    { OSSL_FUNC_DIGEST_INIT, (void (*)(void))keccak_init },             \
    { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))keccak_update },         \
    { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))keccak_final },           \
    { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))keccak_freectx },       \
    { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))keccak_dupctx },         \
    { OSSL_FUNC_DIGEST_GET_PARAMS, (void (*)(void))name##_get_params }, \
    { OSSL_FUNC_DIGEST_GETTABLE_PARAMS,                                 \
      (void (*)(void))name##_gettable_params },                         \
    { OSSL_FUNC_DIGEST_CTX_SET_PARAMS, (void (*)(void))stparams },      \
    { OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS,                             \
      (void (*)(void))stparamtypes },                                   \
OSSL_FUNC_DIGEST_CONSTRUCT_END

static void keccak_freectx(void *vctx)
{
    KECCAK1600_CTX *ctx = (KECCAK1600_CTX *)vctx;

    OPENSSL_clear_free(ctx,  sizeof(*ctx));
}

static void *keccak_dupctx(void *ctx)
{
    KECCAK1600_CTX *in = (KECCAK1600_CTX *)ctx;
    KECCAK1600_CTX *ret = OPENSSL_malloc(sizeof(*ret));

    *ret = *in;
    return ret;
}

static const OSSL_PARAM known_shake_settable_ctx_params[] = {
    {OSSL_DIGEST_PARAM_SSL3_MS, OSSL_PARAM_OCTET_STRING, NULL, 0, 0},
    OSSL_PARAM_END
};

static const OSSL_PARAM *shake_settable_ctx_params(void)
{
    return known_shake_settable_ctx_params;
}

static int shake_ctx_set_params(void *vctx, const OSSL_PARAM params[])
{
    const OSSL_PARAM *p;
    KECCAK1600_CTX *ctx = (KECCAK1600_CTX *)vctx;

    if (ctx != NULL && params != NULL) {
        p = OSSL_PARAM_locate_const(params, OSSL_DIGEST_PARAM_XOFLEN);
        if (p != NULL && !OSSL_PARAM_get_size_t(p, &ctx->md_size))
            return 0;
        return 1;
    }
    return 0; /* Null Parameter */
}

#define SHA3(bitlen) \
    SHA3_newctx(sha3, SHA3_##bitlen, sha3_##bitlen, bitlen, '\x06') \
    OSSL_FUNC_SHA3_DIGEST(sha3_##bitlen, bitlen, \
                          SHA3_BLOCKSIZE(bitlen), SHA3_MDSIZE(bitlen), \
                          EVP_MD_FLAG_DIGALGID_ABSENT, NULL, NULL)

#define SHAKE(bitlen) \
    SHA3_newctx(shake, SHAKE_##bitlen, shake_##bitlen, bitlen, '\x1f') \
    OSSL_FUNC_SHA3_DIGEST(shake_##bitlen, bitlen, \
                          SHA3_BLOCKSIZE(bitlen), SHA3_MDSIZE(bitlen), \
                          EVP_MD_FLAG_XOF, \
                          shake_settable_ctx_params, shake_ctx_set_params)
#define KMAC(bitlen) \
    KMAC_newctx(keccak_kmac_##bitlen, bitlen, '\x04') \
    OSSL_FUNC_SHA3_DIGEST(keccak_kmac_##bitlen, bitlen, \
                          SHA3_BLOCKSIZE(bitlen), KMAC_MDSIZE(bitlen), \
                          EVP_MD_FLAG_XOF, \
                          shake_settable_ctx_params, shake_ctx_set_params)

SHA3(224)
SHA3(256)
SHA3(384)
SHA3(512)
SHAKE(128)
SHAKE(256)
KMAC(128)
KMAC(256)
Commit	Line	Data
d5e5e2ff SL	1	/*
	2	* Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
	3	*
	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
	10	#include <openssl/core_names.h>
	11	#include <string.h>
	12	#include <openssl/crypto.h>
	13	#include <openssl/evp.h>
	14	#include <openssl/params.h>
	15	#include "internal/sha3.h"
	16	#include "internal/core_mkdigest.h"
	17	#include "internal/provider_algs.h"
	18
	19	/*
	20	* Forward declaration of any unique methods implemented here. This is not strictly
	21	* necessary for the compiler, but provides an assurance that the signatures
	22	* of the functions in the dispatch table are correct.
	23	*/
	24	static OSSL_OP_digest_init_fn keccak_init;
	25	static OSSL_OP_digest_update_fn keccak_update;
	26	static OSSL_OP_digest_final_fn keccak_final;
	27	static OSSL_OP_digest_freectx_fn keccak_freectx;
	28	static OSSL_OP_digest_dupctx_fn keccak_dupctx;
ec02412b RL	29	static OSSL_OP_digest_ctx_set_params_fn shake_ctx_set_params;
ec02412b RL	30	static OSSL_OP_digest_settable_ctx_params_fn shake_settable_ctx_params;
d5e5e2ff SL	31	static sha3_absorb_fn generic_sha3_absorb;
	32	static sha3_final_fn generic_sha3_final;
	33
	34	#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__) && defined(KECCAK1600_ASM)
	35	/*
	36	* IBM S390X support
	37	*/
	38	# include "s390x_arch.h"
	39	# define S390_SHA3 1
	40	# define S390_SHA3_CAPABLE(name) \
	41	((OPENSSL_s390xcap_P.kimd[0] & S390X_CAPBIT(S390X_##name)) && \
	42	(OPENSSL_s390xcap_P.klmd[0] & S390X_CAPBIT(S390X_##name)))
	43
	44	#endif
	45
	46	static int keccak_init(void *vctx)
	47	{
	48	/* The newctx() handles most of the ctx fixed setup. */
	49	sha3_reset((KECCAK1600_CTX *)vctx);
	50	return 1;
	51	}
	52
	53	static int keccak_update(void vctx, const unsigned char inp, size_t len)
	54	{
	55	KECCAK1600_CTX *ctx = vctx;
	56	const size_t bsz = ctx->block_size;
	57	size_t num, rem;
	58
	59	if (len == 0)
	60	return 1;
	61
	62	/* Is there anything in the buffer already ? */
	63	if ((num = ctx->bufsz) != 0) {
	64	/* Calculate how much space is left in the buffer */
	65	rem = bsz - num;
	66	/* If the new input does not fill the buffer then just add it */
	67	if (len < rem) {
	68	memcpy(ctx->buf + num, inp, len);
	69	ctx->bufsz += len;
	70	return 1;
	71	}
	72	/* otherwise fill up the buffer and absorb the buffer */
	73	memcpy(ctx->buf + num, inp, rem);
	74	/* Update the input pointer */
	75	inp += rem;
	76	len -= rem;
	77	ctx->meth.absorb(ctx, ctx->buf, bsz);
	78	ctx->bufsz = 0;
	79	}
	80	/* Absorb the input - rem = leftover part of the input < blocksize) */
	81	rem = ctx->meth.absorb(ctx, inp, len);
	82	/* Copy the leftover bit of the input into the buffer */
	83	if (rem) {
	84	memcpy(ctx->buf, inp + len - rem, rem);
	85	ctx->bufsz = rem;
	86	}
	87	return 1;
	88	}
	89
	90	static int keccak_final(void vctx, unsigned char out, size_t *outl,
	91	size_t outsz)
	92	{
	93	int ret;
	94	KECCAK1600_CTX *ctx = vctx;
95
96	ret = ctx->meth.final(out, ctx);
97	*outl = ctx->md_size;
98	return ret;
99	}
100
101	/*-
102	* Generic software version of the absorb() and final().
103	*/
104	static size_t generic_sha3_absorb(void vctx, const void inp, size_t len)
105	{
106	KECCAK1600_CTX *ctx = vctx;
107
108	return SHA3_absorb(ctx->A, inp, len, ctx->block_size);
109	}
110
111	static int generic_sha3_final(unsigned char md, void vctx)
112	{
113	return sha3_final(md, (KECCAK1600_CTX *)vctx);
114	}
115
116	static PROV_SHA3_METHOD sha3_generic_md =
117	{
118	generic_sha3_absorb,
119	generic_sha3_final
120	};
121
122	#if defined(S390_SHA3)
123
124	static sha3_absorb_fn s390x_sha3_absorb;
125	static sha3_final_fn s390x_sha3_final;
126	static sha3_final_fn s390x_shake_final;
127
128	/*-
129	* The platform specific parts of the absorb() and final() for S390X.
130	*/
131	static size_t s390x_sha3_absorb(void vctx, const void inp, size_t len)
132	{
133	KECCAK1600_CTX *ctx = vctx;
134	size_t rem = len % ctx->block_size;
135
136	s390x_kimd(inp, len - rem, ctx->pad, ctx->A);
137	return rem;
138	}
139
140	static int s390x_sha3_final(unsigned char md, void vctx)
141	{
142	KECCAK1600_CTX *ctx = vctx;
143
144	s390x_klmd(ctx->buf, ctx->bufsz, NULL, 0, ctx->pad, ctx->A);
145	memcpy(md, ctx->A, ctx->md_size);
be1dc984	146	return 1;
d5e5e2ff SL	147	}
	148
	149	static int s390x_shake_final(unsigned char md, void vctx)
	150	{
	151	KECCAK1600_CTX *ctx = vctx;
	152
	153	s390x_klmd(ctx->buf, ctx->bufsz, md, ctx->md_size, ctx->pad, ctx->A);
	154	return 1;
	155	}
	156
	157	static PROV_SHA3_METHOD sha3_s390x_md =
	158	{
	159	s390x_sha3_absorb,
	160	s390x_sha3_final
	161	};
	162
	163	static PROV_SHA3_METHOD shake_s390x_md =
	164	{
	165	s390x_sha3_absorb,
	166	s390x_shake_final
	167	};
	168
	169	# define SHA3_SET_MD(uname, typ) \
	170	if (S390_SHA3_CAPABLE(uname)) { \
	171	ctx->pad = S390X_##uname; \
	172	ctx->meth = typ##_s390x_md; \
	173	} else { \
	174	ctx->meth = sha3_generic_md; \
	175	}
	176	#else
	177	# define SHA3_SET_MD(uname, typ) ctx->meth = sha3_generic_md;
	178	#endif /* S390_SHA3 */
	179
	180	#define SHA3_newctx(typ, uname, name, bitlen, pad) \
	181	static OSSL_OP_digest_newctx_fn name##_newctx; \
	182	static void name##_newctx(void provctx) \
	183	{ \
	184	KECCAK1600_CTX ctx = OPENSSL_zalloc(sizeof(ctx)); \
	185	\
	186	if (ctx == NULL) \
	187	return NULL; \
	188	sha3_init(ctx, pad, bitlen); \
be1dc984	189	SHA3_SET_MD(uname, typ) \
d5e5e2ff SL	190	return ctx; \
	191	}
	192
	193	#define KMAC_newctx(uname, bitlen, pad) \
	194	static OSSL_OP_digest_newctx_fn uname##_newctx; \
	195	static void uname##_newctx(void provctx) \
	196	{ \
	197	KECCAK1600_CTX ctx = OPENSSL_zalloc(sizeof(ctx)); \
	198	\
	199	if (ctx == NULL) \
	200	return NULL; \
	201	keccak_kmac_init(ctx, pad, bitlen); \
	202	ctx->meth = sha3_generic_md; \
	203	return ctx; \
	204	}
	205
f1d3df3e	206	#define OSSL_FUNC_SHA3_DIGEST(name, bitlen, blksize, dgstsize, flags, \
ec02412b	207	stparamtypes, stparams) \
f1d3df3e	208	static OSSL_OP_digest_get_params_fn name##_get_params; \
ec02412b RL	209	static OSSL_OP_digest_gettable_params_fn name##_gettable_params; \
	210	static const OSSL_PARAM known_##name##_gettable_params[] = { \
	211	{OSSL_DIGEST_PARAM_BLOCK_SIZE, OSSL_PARAM_INTEGER, \
	212	NULL, sizeof(int), 0}, \
	213	{OSSL_DIGEST_PARAM_SIZE, OSSL_PARAM_INTEGER, NULL, sizeof(int), 0}, \
	214	{OSSL_DIGEST_PARAM_FLAGS, OSSL_PARAM_INTEGER, \
	215	NULL, sizeof(unsigned long), 0}, \
	216	OSSL_PARAM_END \
	217	}; \
	218	static const OSSL_PARAM *name##_gettable_params(void) \
	219	{ \
	220	return known_##name##_gettable_params; \
	221	} \
f1d3df3e RL	222	static int name##_get_params(OSSL_PARAM params[]) \
	223	{ \
	224	OSSL_PARAM *p = NULL; \
	225	\
	226	p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_BLOCK_SIZE); \
	227	if (p != NULL && !OSSL_PARAM_set_int(p, (blksize))) \
	228	return 0; \
	229	p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_SIZE); \
	230	if (p != NULL && !OSSL_PARAM_set_int(p, (dgstsize))) \
	231	return 0; \
	232	p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_FLAGS); \
	233	if (p != NULL && !OSSL_PARAM_set_ulong(p, (flags))) \
	234	return 0; \
	235	return 1; \
	236	} \
	237	const OSSL_DISPATCH name##_functions[] = { \
	238	{ OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))name##_newctx }, \
	239	{ OSSL_FUNC_DIGEST_INIT, (void (*)(void))keccak_init }, \
	240	{ OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))keccak_update }, \
	241	{ OSSL_FUNC_DIGEST_FINAL, (void (*)(void))keccak_final }, \
	242	{ OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))keccak_freectx }, \
	243	{ OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))keccak_dupctx }, \
	244	{ OSSL_FUNC_DIGEST_GET_PARAMS, (void (*)(void))name##_get_params }, \
ec02412b RL	245	{ OSSL_FUNC_DIGEST_GETTABLE_PARAMS, \
ec02412b RL	246	(void (*)(void))name##_gettable_params }, \
f1d3df3e	247	{ OSSL_FUNC_DIGEST_CTX_SET_PARAMS, (void (*)(void))stparams }, \
ec02412b RL	248	{ OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS, \
ec02412b RL	249	(void (*)(void))stparamtypes }, \
d5e5e2ff SL	250	OSSL_FUNC_DIGEST_CONSTRUCT_END
	251
	252	static void keccak_freectx(void *vctx)
	253	{
	254	KECCAK1600_CTX ctx = (KECCAK1600_CTX )vctx;
	255
	256	OPENSSL_clear_free(ctx, sizeof(*ctx));
	257	}
	258
	259	static void keccak_dupctx(void ctx)
	260	{
	261	KECCAK1600_CTX in = (KECCAK1600_CTX )ctx;
	262	KECCAK1600_CTX ret = OPENSSL_malloc(sizeof(ret));
	263
	264	ret = in;
	265	return ret;
	266	}
	267
ec02412b RL	268	static const OSSL_PARAM known_shake_settable_ctx_params[] = {
	269	{OSSL_DIGEST_PARAM_SSL3_MS, OSSL_PARAM_OCTET_STRING, NULL, 0, 0},
	270	OSSL_PARAM_END
	271	};
	272
	273	static const OSSL_PARAM *shake_settable_ctx_params(void)
	274	{
	275	return known_shake_settable_ctx_params;
	276	}
	277
	278	static int shake_ctx_set_params(void *vctx, const OSSL_PARAM params[])
d5e5e2ff SL	279	{
	280	const OSSL_PARAM *p;
	281	KECCAK1600_CTX ctx = (KECCAK1600_CTX )vctx;
	282
	283	if (ctx != NULL && params != NULL) {
4e7991b4	284	p = OSSL_PARAM_locate_const(params, OSSL_DIGEST_PARAM_XOFLEN);
d5e5e2ff SL	285	if (p != NULL && !OSSL_PARAM_get_size_t(p, &ctx->md_size))
	286	return 0;
	287	return 1;
	288	}
	289	return 0; /* Null Parameter */
	290	}
	291
	292	#define SHA3(bitlen) \
	293	SHA3_newctx(sha3, SHA3_##bitlen, sha3_##bitlen, bitlen, '\x06') \
f1d3df3e RL	294	OSSL_FUNC_SHA3_DIGEST(sha3_##bitlen, bitlen, \
f1d3df3e RL	295	SHA3_BLOCKSIZE(bitlen), SHA3_MDSIZE(bitlen), \
ec02412b	296	EVP_MD_FLAG_DIGALGID_ABSENT, NULL, NULL)
d5e5e2ff SL	297
	298	#define SHAKE(bitlen) \
	299	SHA3_newctx(shake, SHAKE_##bitlen, shake_##bitlen, bitlen, '\x1f') \
f1d3df3e RL	300	OSSL_FUNC_SHA3_DIGEST(shake_##bitlen, bitlen, \
f1d3df3e RL	301	SHA3_BLOCKSIZE(bitlen), SHA3_MDSIZE(bitlen), \
ec02412b RL	302	EVP_MD_FLAG_XOF, \
ec02412b RL	303	shake_settable_ctx_params, shake_ctx_set_params)
d5e5e2ff SL	304	#define KMAC(bitlen) \
d5e5e2ff SL	305	KMAC_newctx(keccak_kmac_##bitlen, bitlen, '\x04') \
f1d3df3e RL	306	OSSL_FUNC_SHA3_DIGEST(keccak_kmac_##bitlen, bitlen, \
f1d3df3e RL	307	SHA3_BLOCKSIZE(bitlen), KMAC_MDSIZE(bitlen), \
ec02412b RL	308	EVP_MD_FLAG_XOF, \
ec02412b RL	309	shake_settable_ctx_params, shake_ctx_set_params)
d5e5e2ff SL	310
	311	SHA3(224)
	312	SHA3(256)
	313	SHA3(384)
	314	SHA3(512)
	315	SHAKE(128)
	316	SHAKE(256)
	317	KMAC(128)
	318	KMAC(256)