digest-kangarootwelve 0.4.5 → 0.4.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5c8b25102cf3f6a925000487653a245a6f153de17a12319ebfd1c6c25549daf6
-  data.tar.gz: 12d05f0e8b6927105aebc1feffb5bb68482f9235fa6afcee2265b4eeba54cdb2
+  metadata.gz: 88387c3d71dddd53f518435cda9fe7ef93873c78aee3524fa379316ede192b67
+  data.tar.gz: 51dbf805b8f5f358626f461e5bd0fbc4a32e5608e467d2686a36805ad2c035fc
 SHA512:
-  metadata.gz: f3e2047eb8379800ba6fe5bd2b4af801ea3a64e1d62581dd9f0267e2d0ee87c5e963e1e2874d5b57f99c4e5f007fb07fe8749ce3ea452482ea076964e213af6f
-  data.tar.gz: 9af6b30aef3113ad635cb870628adce507728d684de587d54fb0c14a96d9e0ee1aa984a4cdf32fd18fa50ed1bd1df2711e166c65c656ebc1391963d36b44685f
+  metadata.gz: 43d2fefcbc944133c1a16d658591f5e5ab631fa869e51351aa16aac750e2365880f2f8f7db0e5a0ccc18dcd355f22ec233bd8b4021632f98d7cdc5f26bc3b76e
+  data.tar.gz: 2034731d336c5fb34270abc4becd1be7e8182a2f87c4508cfbca5633ff25ed2b3db1f66245833d7aef3ccd6225b8328af30d43bda4559cc64fadd65c1bfc086c

data/LICENSE.XKCP

@@ -1,9 +1,169 @@
-# Under which license is the XKCP distributed?
+The redistribution and use of this software (with or without changes) is allowed without the payment of fees or royalties provided that the terms of the licenses of the different source files used is respected. Most of the source and header files in the XKCP are released to the public domain and associated to the CC0 (http://creativecommons.org/publicdomain/zero/1.0/) deed, but there are exceptions.
 
-Most of the source and header files in the XKCP are released to the **public domain** and associated to the [CC0](http://creativecommons.org/publicdomain/zero/1.0/) deed. The exceptions are the following:
+In general, the redistribution of this software should include a copy of this file. However, if only a part of the software is redistributed or used, the portions that are no longer relevant may be removed. Hints are given below whether a file is used in libXKCP, UnitTests, Benchmarks or KeccakSum.
 
-* [`lib/common/brg_endian.h`](lib/common/brg_endian.h) is copyrighted by Brian Gladman and comes with a BSD 3-clause license;
-* [`tests/UnitTests/genKAT.c`](tests/UnitTests/genKAT.c) is based on [SHA-3 contest's code by Larry Bassham, NIST](http://csrc.nist.gov/groups/ST/hash/sha-3/documents/KAT1.zip), which he licensed under a BSD 3-clause license;
-* [`tests/UnitTests/timing.h`](tests/UnitTests/timing.h) is adapted from Google Benchmark and is licensed under the Apache License, Version 2.0;
-* [`KeccakP-1600-AVX2.s`](lib/low/KeccakP-1600/AVX2/KeccakP-1600-AVX2.s) is licensed under the [CRYPTOGAMS license](http://www.openssl.org/~appro/cryptogams/) (BSD-like);
-* [`support/Kernel-PMU/enable_arm_pmu.c`](support/Kernel-PMU/enable_arm_pmu.c) is licensed under the GNU General Public License by Bruno Pairault.
+
+For XKCP/lib/common/brg_endian.h (used in libXKCP, UnitTests, Benchmarks and KeccakSum):
+
+    ---------------------------------------------------------------------------
+    Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved.
+
+    LICENSE TERMS
+
+    The redistribution and use of this software (with or without changes)
+    is allowed without the payment of fees or royalties provided that:
+
+    1. source code distributions include the above copyright notice, this
+        list of conditions and the following disclaimer;
+
+    2. binary distributions include the above copyright notice, this list
+        of conditions and the following disclaimer in their documentation;
+
+    3. the name of the copyright holder is not used to endorse products
+        built using this software without specific written permission.
+
+    DISCLAIMER
+
+    This software is provided 'as is' with no explicit or implied warranties
+    in respect of its properties, including, but not limited to, correctness
+    and/or fitness for purpose.
+    ---------------------------------------------------------------------------
+
+
+For XKCP/lib/low/KeccakP-1600/AVX2/KeccakP-1600-AVX2.s and XKCP/lib/low/KeccakP-1600/AVX512/KeccakP-1600-AVX512.s (potentially used in libXKCP, UnitTests, Benchmarks and KeccakSum, depending on the target platform):
+
+    Copyright (c) 2006-2017, CRYPTOGAMS by <appro@openssl.org>
+    All rights reserved.
+
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions
+    are met:
+
+        *	Redistributions of source code must retain copyright notices,
+        this list of conditions and the following disclaimer.
+
+        *	Redistributions in binary form must reproduce the above
+        copyright notice, this list of conditions and the following
+        disclaimer in the documentation and/or other materials
+        provided with the distribution.
+
+        *	Neither the name of the CRYPTOGAMS nor the names of its
+        copyright holder and contributors may be used to endorse or
+        promote products derived from this software without specific
+        prior written permission.
+
+    ALTERNATIVELY, provided that this notice is retained in full, this
+    product may be distributed under the terms of the GNU General Public
+    License (GPL), in which case the provisions of the GPL apply INSTEAD OF
+    those given above.
+
+    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER AND CONTRIBUTORS
+    "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+    LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+    A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+    OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+    SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+    LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+    DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+    THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+    (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+    OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+For XKCP/Standalone/CompactFIPS202/C/genKAT.c, XKCP/tests/UnitTests/genKAT.c and XKCP/tests/UnitTests/genKAT.h (used only in UnitTests):
+
+    Copyright (c) 2008, Lawrence E. Bassham, National Institute of Standards and Technology (NIST),
+    for the original version (available at http://csrc.nist.gov/groups/ST/hash/sha-3/documents/KAT1.zip)
+
+    All rights reserved.
+
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are met:
+        * Redistributions of source code must retain the above copyright
+        notice, this list of conditions and the following disclaimer.
+        * Redistributions in binary form must reproduce the above copyright
+        notice, this list of conditions and the following disclaimer in the
+        documentation and/or other materials provided with the distribution.
+        * Neither the name of the NIST nor the
+        names of its contributors may be used to endorse or promote products
+        derived from this software without specific prior written permission.
+
+    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+    ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+    WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+    DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE FOR ANY
+    DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+    (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+    LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+    ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+    (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+    SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+For XKCP/support/Kernel-PMU/enable_arm_pmu.c (*not* used in libXKCP, UnitTests, Benchmarks nor KeccakSum):
+
+    Kernel-PMU
+    Enabling user-mode access to the performance monitor unit (PMU) on ARMv8 Aarch64 and ARMv7
+    Copyright (C) 2019 Bruno Pairault
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+
+For XKCP/tests/Benchmarks/timing.h (used only in Benchmarks):
+
+    Copyright 2020 Google Inc.
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+
+
+For XKCP/tests/NIST_LWC/genkat_aead_c89.c, XKCP/tests/NIST_LWC/genkat_aead.c, XKCP/tests/NIST_LWC/genkat_hash_c89.c and XKCP/tests/NIST_LWC/genkat_hash.c (*not* used in libXKCP, UnitTests, Benchmarks nor KeccakSum):
+
+    NIST-developed software is provided by NIST as a public service.
+    You may use, copy and distribute copies of the software in any medium,
+    provided that you keep intact this entire notice. You may improve,
+    modify and create derivative works of the software or any portion of
+    the software, and you may copy and distribute such modifications or
+    works. Modified works should carry a notice stating that you changed
+    the software and should note the date and nature of any such change.
+    Please explicitly acknowledge the National Institute of Standards and
+    Technology as the source of the software.
+
+    NIST-developed software is expressly provided "AS IS." NIST MAKES NO
+    WARRANTY OF ANY KIND, EXPRESS, IMPLIED, IN FACT OR ARISING BY OPERATION
+    OF LAW, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTY OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT AND DATA ACCURACY. NIST
+    NEITHER REPRESENTS NOR WARRANTS THAT THE OPERATION OF THE SOFTWARE WILL BE
+    UNINTERRUPTED OR ERROR-FREE, OR THAT ANY DEFECTS WILL BE CORRECTED. NIST
+    DOES NOT WARRANT OR MAKE ANY REPRESENTATIONS REGARDING THE USE OF THE SOFTWARE
+    OR THE RESULTS THEREOF, INCLUDING BUT NOT LIMITED TO THE CORRECTNESS, ACCURACY,
+    RELIABILITY, OR USEFULNESS OF THE SOFTWARE.
+
+    You are solely responsible for determining the appropriateness of using and
+    distributing the software and you assume all risks associated with its use,
+    including but not limited to the risks and costs of program errors, compliance
+    with applicable laws, damage to or loss of data, programs or equipment, and
+    the unavailability or interruption of operation. This software is not intended
+    to be used in any situation where a failure could cause risk of injury or
+    damage to property. The software developed by NIST employees is not subject to
+    copyright protection within the United States.

data/README.md

@@ -55,18 +55,35 @@ using a not so commonly used target.  Here's one way to test it:
     bundle
     rake test
 
-To know the right value of GEM_DIR, try running `gem info digest-kangarootwelve`.
+To know the right value of GEM_DIR, try running
+`gem info digest-kangarootwelve`.
 
 ## Installing in Gentoo
 
-The library can also be globally installed in Gentoo using `layman`:
+The library can also be globally installed in Gentoo using `layman` or
+`eselect-repository`:
 
     # Fetch remote list of overlays, and add 'konsolebox' overlay.
     layman -f && layman -a konsolebox
 
+    # Or enable repo through eselect-repository.
+    eselect repository enable konsolebox
+    emaint sync --repo konsolebox
+
     # Unmask unstable keyword.
     echo 'dev-ruby/digest-kangarootwelve' > /etc/portage/package.accept_keywords/dev-ruby.digest-kangarootwelve
 
+    # Optionally specify a different build target that works better in the
+    # machine.  This may need additional CFLAGS options like -march=native set
+    # in the environment.  The default build target `compact` should also be
+    # disabled.
+    echo 'dev-ruby/digest-kangarootwelve target_avx512 -target_compact' > /etc/portage/package.use/dev-ruby.digest-kangarootwelve
+
+    # To enable testing, FEATURES=test should be set in the environment, and
+    # test use flag should also be enabled.
+    printf '%s\n' 'FEATURES="${FEATURES-} test"' 'USE="${USE-} test"' > /etc/portage/env/test
+    echo 'dev-ruby/digest-kangarootwelve test' > /etc/portage/package.env/dev-ruby.digest-kangarootwelve
+
     # Merge package.
     emerge dev-ruby/digest-kangarootwelve
 
@@ -81,7 +98,7 @@ The gem can also be tested from source using the following commands:
     cd digest-kangarootwelve-ruby
 
     # Optionally checkout a tagged version.
-    git checkout v0.4.0
+    git checkout v0.4.7
 
     # Run bundle
     bundle
@@ -97,7 +114,8 @@ The gem can also be tested from source using the following commands:
 Targets like AVX2 may fail to build unless an explicit `CFLAGS` with proper
 architecture-related options is specified.
 
-Specifying a `CFLAGS` can be done by using the `--with-cflags` option.  For example:
+Specifying a `CFLAGS` can be done by using the `--with-cflags` option.  For
+example:
 
     rake -- --with-target=avx2 --with-cflags="-march=native"
 
@@ -113,6 +131,8 @@ so please test the resulting runtime thoroughly.
 
 ## Example Usage
 
+    require 'digest/kangarootwelve'
+
     Digest::KangarooTwelve[32].digest("abc")
     => "\xAB\x17O2\x8CU\xA5Q\v\v \x97\x91\xBF\x8B`\xE8\x01\xA7\xCF\xC2\xAAB\x04-\xCB\x8FT\x7F\xBE:}"
 

data/Rakefile

@@ -20,7 +20,7 @@ end
 
 desc "Initialize and update XKCP submodule"
 task :initialize_xkcp => ".git" do |t|
-  puts "Initializing and updating XKCP submodule"
+  puts "Initializing and updating XKCP submodule."
   system "git submodule init && git submodule update -f"
 end
 
@@ -30,16 +30,13 @@ file "XKCP/README.markdown" => :initialize_xkcp
 # import_xkcp_license
 
 task :import_xkcp_license do
-  Rake::Task["XKCP/README.markdown"].invoke
-  puts "Extracting XKCP license from \"XKCP/README.markdown\" and saving it to \"LICENSE.XKCP\"."
-  license = File.binread("XKCP/README.markdown")
-                .scan(/# Under which license is the XKCP.*?(?=^#)/m).first
-  raise "No license extracted" unless license
-  File.binwrite("LICENSE.XKCP", license.strip + "\n")
+  Rake::Task["XKCP/LICENSE"].invoke
+  puts "Importing XKCP/LICENSE as LICENSE.XKCP."
+  File.binwrite("LICENSE.XKCP", File.binread("XKCP/LICENSE"))
 end.instance_eval do
   def needed?
-    !File.exist?("LICENSE.XKCP") || File.exist?("XKCP/README.markdown") &&
-        File.mtime("LICENSE.XKCP") < File.mtime("XKCP/README.markdown")
+    !File.exist?("LICENSE.XKCP") || File.exist?("XKCP/LICENSE") &&
+        File.mtime("LICENSE.XKCP") < File.mtime("XKCP/LICENSE")
   end
 end
 

data/digest-kangarootwelve.gemspec

@@ -38,7 +38,7 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_development_dependency "rake"
-  spec.add_development_dependency "rake-compiler", "~> 1.0"
+  spec.add_development_dependency "rake-compiler", "~> 1.2", ">= 1.2.3"
   spec.add_development_dependency "minitest", "~> 5.8"
   spec.add_development_dependency "nori"
   spec.add_development_dependency "nokogiri"

data/ext/digest/kangarootwelve/XKCP/lib/high/KangarooTwelve/KangarooTwelve.c

@@ -4,7 +4,7 @@ https://github.com/XKCP/XKCP
 
 KangarooTwelve, designed by Guido Bertoni, Joan Daemen, Michaël Peeters, Gilles Van Assche, Ronny Van Keer and Benoît Viguier.
 
-Implementation by Ronny Van Keer, hereby denoted as "the implementer".
+Implementation by Gilles Van Assche and Ronny Van Keer, hereby denoted as "the implementer".
 
 For more information, feedback or questions, please refer to the Keccak Team website:
 https://keccak.team/
@@ -66,8 +66,8 @@ http://creativecommons.org/publicdomain/zero/1.0/
         inLen -= Parallellism * chunkSize; \
         ktInstance->blockNumber += Parallellism; \
         KeccakP1600times##Parallellism##_ExtractLanesAll(states, intermediate, capacityInLanes, capacityInLanes ); \
-        if (KeccakWidth1600_12rounds_SpongeAbsorb(&ktInstance->finalNode, intermediate, Parallellism * capacityInBytes) != 0) return 1; \
-    }
+        if (TurboSHAKE_Absorb(&ktInstance->finalNode, intermediate, Parallellism * capacityInBytes) != 0) return 1; \
+            }
 
 #define ParallelSpongeLoop( Parallellism ) \
     while ( inLen >= Parallellism * chunkSize ) { \
@@ -95,8 +95,8 @@ http://creativecommons.org/publicdomain/zero/1.0/
         inLen -= Parallellism * chunkSize; \
         ktInstance->blockNumber += Parallellism; \
         KeccakP1600times##Parallellism##_ExtractLanesAll(states, intermediate, capacityInLanes, capacityInLanes ); \
-        if (KeccakWidth1600_12rounds_SpongeAbsorb(&ktInstance->finalNode, intermediate, Parallellism * capacityInBytes) != 0) return 1; \
-    }
+        if (TurboSHAKE_Absorb(&ktInstance->finalNode, intermediate, Parallellism * capacityInBytes) != 0) return 1; \
+}
 
 #define ProcessLeaves( Parallellism ) \
     while ( inLen >= Parallellism * chunkSize ) { \
@@ -106,15 +106,15 @@ http://creativecommons.org/publicdomain/zero/1.0/
         input += Parallellism * chunkSize; \
         inLen -= Parallellism * chunkSize; \
         ktInstance->blockNumber += Parallellism; \
-        if (KeccakWidth1600_12rounds_SpongeAbsorb(&ktInstance->finalNode, intermediate, Parallellism * capacityInBytes) != 0) return 1; \
+        if (TurboSHAKE_Absorb(&ktInstance->finalNode, intermediate, Parallellism * capacityInBytes) != 0) return 1; \
     }
 
-static unsigned int right_encode( unsigned char * encbuf, size_t value )
+static unsigned int right_encode(unsigned char * encbuf, size_t value)
 {
     unsigned int n, i;
     size_t v;
 
-    for ( v = value, n = 0; v && (n < sizeof(size_t)); ++n, v >>= 8 )
+    for (v = value, n = 0; v && (n < sizeof(size_t)); ++n, v >>= 8)
         ; /* empty */
     for ( i = 1; i <= n; ++i )
         encbuf[i-1] = (unsigned char)(value >> (8 * (n-i)));
@@ -128,7 +128,7 @@ int KangarooTwelve_Initialize(KangarooTwelve_Instance *ktInstance, size_t output
     ktInstance->queueAbsorbedLen = 0;
     ktInstance->blockNumber = 0;
     ktInstance->phase = ABSORBING;
-    return KeccakWidth1600_12rounds_SpongeInitialize(&ktInstance->finalNode, rate, capacity);
+    return TurboSHAKE128_Initialize(&ktInstance->finalNode);
 }
 
 int KangarooTwelve_Update(KangarooTwelve_Instance *ktInstance, const unsigned char *input, size_t inLen)
@@ -136,10 +136,10 @@ int KangarooTwelve_Update(KangarooTwelve_Instance *ktInstance, const unsigned ch
     if (ktInstance->phase != ABSORBING)
         return 1;
 
-    if ( ktInstance->blockNumber == 0 ) {
+    if (ktInstance->blockNumber == 0) {
         /* First block, absorb in final node */
         unsigned int len = (inLen < (chunkSize - ktInstance->queueAbsorbedLen)) ? (unsigned int)inLen : (chunkSize - ktInstance->queueAbsorbedLen);
-        if (KeccakWidth1600_12rounds_SpongeAbsorb(&ktInstance->finalNode, input, len) != 0)
+        if (TurboSHAKE_Absorb(&ktInstance->finalNode, input, len) != 0)
             return 1;
         input += len;
         inLen -= len;
@@ -149,7 +149,7 @@ int KangarooTwelve_Update(KangarooTwelve_Instance *ktInstance, const unsigned ch
             const unsigned char padding = 0x03; /* '110^6': message hop, simple padding */
             ktInstance->queueAbsorbedLen = 0;
             ktInstance->blockNumber = 1;
-            if (KeccakWidth1600_12rounds_SpongeAbsorb(&ktInstance->finalNode, &padding, 1) != 0)
+            if (TurboSHAKE_Absorb(&ktInstance->finalNode, &padding, 1) != 0)
                 return 1;
             ktInstance->finalNode.byteIOIndex = (ktInstance->finalNode.byteIOIndex + 7) & ~7; /* Zero padding up to 64 bits */
         }
@@ -157,7 +157,7 @@ int KangarooTwelve_Update(KangarooTwelve_Instance *ktInstance, const unsigned ch
     else if ( ktInstance->queueAbsorbedLen != 0 ) {
         /* There is data in the queue, absorb further in queue until block complete */
         unsigned int len = (inLen < (chunkSize - ktInstance->queueAbsorbedLen)) ? (unsigned int)inLen : (chunkSize - ktInstance->queueAbsorbedLen);
-        if (KeccakWidth1600_12rounds_SpongeAbsorb(&ktInstance->queueNode, input, len) != 0)
+        if (TurboSHAKE_Absorb(&ktInstance->queueNode, input, len) != 0)
             return 1;
         input += len;
         inLen -= len;
@@ -166,11 +166,11 @@ int KangarooTwelve_Update(KangarooTwelve_Instance *ktInstance, const unsigned ch
             unsigned char intermediate[capacityInBytes];
             ktInstance->queueAbsorbedLen = 0;
             ++ktInstance->blockNumber;
-            if (KeccakWidth1600_12rounds_SpongeAbsorbLastFewBits(&ktInstance->queueNode, suffixLeaf) != 0)
+            if (TurboSHAKE_AbsorbDomainSeparationByte(&ktInstance->queueNode, suffixLeaf) != 0)
                 return 1;
-            if (KeccakWidth1600_12rounds_SpongeSqueeze(&ktInstance->queueNode, intermediate, capacityInBytes) != 0)
+            if (TurboSHAKE_Squeeze(&ktInstance->queueNode, intermediate, capacityInBytes) != 0)
                 return 1;
-            if (KeccakWidth1600_12rounds_SpongeAbsorb(&ktInstance->finalNode, intermediate, capacityInBytes) != 0)
+            if (TurboSHAKE_Absorb(&ktInstance->finalNode, intermediate, capacityInBytes) != 0)
                 return 1;
         }
     }
@@ -203,24 +203,24 @@ int KangarooTwelve_Update(KangarooTwelve_Instance *ktInstance, const unsigned ch
     #else
     ParallelSpongeLoop( 2 )
     #endif
-    #endif
+#endif
 
     while ( inLen > 0 ) {
         unsigned int len = (inLen < chunkSize) ? (unsigned int)inLen : chunkSize;
-        if (KeccakWidth1600_12rounds_SpongeInitialize(&ktInstance->queueNode, rate, capacity) != 0)
+        if (TurboSHAKE128_Initialize(&ktInstance->queueNode) != 0)
             return 1;
-        if (KeccakWidth1600_12rounds_SpongeAbsorb(&ktInstance->queueNode, input, len) != 0)
+        if (TurboSHAKE_Absorb(&ktInstance->queueNode, input, len) != 0)
             return 1;
         input += len;
         inLen -= len;
         if ( len == chunkSize ) {
             unsigned char intermediate[capacityInBytes];
             ++ktInstance->blockNumber;
-            if (KeccakWidth1600_12rounds_SpongeAbsorbLastFewBits(&ktInstance->queueNode, suffixLeaf) != 0)
+            if (TurboSHAKE_AbsorbDomainSeparationByte(&ktInstance->queueNode, suffixLeaf) != 0)
                 return 1;
-            if (KeccakWidth1600_12rounds_SpongeSqueeze(&ktInstance->queueNode, intermediate, capacityInBytes) != 0)
+            if (TurboSHAKE_Squeeze(&ktInstance->queueNode, intermediate, capacityInBytes) != 0)
                 return 1;
-            if (KeccakWidth1600_12rounds_SpongeAbsorb(&ktInstance->finalNode, intermediate, capacityInBytes) != 0)
+            if (TurboSHAKE_Absorb(&ktInstance->finalNode, intermediate, capacityInBytes) != 0)
                 return 1;
         }
         else
@@ -244,37 +244,37 @@ int KangarooTwelve_Final(KangarooTwelve_Instance *ktInstance, unsigned char * ou
     if (KangarooTwelve_Update(ktInstance, encbuf, right_encode(encbuf, customLen)) != 0)
         return 1;
 
-    if ( ktInstance->blockNumber == 0 ) {
+    if (ktInstance->blockNumber == 0) {
         /* Non complete first block in final node, pad it */
         padding = 0x07; /*  '11': message hop, final node */
     }
     else {
         unsigned int n;
 
-        if ( ktInstance->queueAbsorbedLen != 0 ) {
+        if (ktInstance->queueAbsorbedLen != 0) {
             /* There is data in the queue node */
             unsigned char intermediate[capacityInBytes];
             ++ktInstance->blockNumber;
-            if (KeccakWidth1600_12rounds_SpongeAbsorbLastFewBits(&ktInstance->queueNode, suffixLeaf) != 0)
+            if (TurboSHAKE_AbsorbDomainSeparationByte(&ktInstance->queueNode, suffixLeaf) != 0)
                 return 1;
-            if (KeccakWidth1600_12rounds_SpongeSqueeze(&ktInstance->queueNode, intermediate, capacityInBytes) != 0)
+            if (TurboSHAKE_Squeeze(&ktInstance->queueNode, intermediate, capacityInBytes) != 0)
                 return 1;
-            if (KeccakWidth1600_12rounds_SpongeAbsorb(&ktInstance->finalNode, intermediate, capacityInBytes) != 0)
+            if (TurboSHAKE_Absorb(&ktInstance->finalNode, intermediate, capacityInBytes) != 0)
                 return 1;
         }
         --ktInstance->blockNumber; /* Absorb right_encode(number of Chaining Values) || 0xFF || 0xFF */
         n = right_encode(encbuf, ktInstance->blockNumber);
         encbuf[n++] = 0xFF;
         encbuf[n++] = 0xFF;
-        if (KeccakWidth1600_12rounds_SpongeAbsorb(&ktInstance->finalNode, encbuf, n) != 0)
+        if (TurboSHAKE_Absorb(&ktInstance->finalNode, encbuf, n) != 0)
             return 1;
         padding = 0x06; /* '01': chaining hop, final node */
     }
-    if (KeccakWidth1600_12rounds_SpongeAbsorbLastFewBits(&ktInstance->finalNode, padding) != 0)
+    if (TurboSHAKE_AbsorbDomainSeparationByte(&ktInstance->finalNode, padding) != 0)
         return 1;
-    if ( ktInstance->fixedOutputLength != 0 ) {
+    if (ktInstance->fixedOutputLength != 0) {
         ktInstance->phase = FINAL;
-        return KeccakWidth1600_12rounds_SpongeSqueeze(&ktInstance->finalNode, output, ktInstance->fixedOutputLength);
+        return TurboSHAKE_Squeeze(&ktInstance->finalNode, output, ktInstance->fixedOutputLength);
     }
     ktInstance->phase = SQUEEZING;
     return 0;
@@ -284,7 +284,7 @@ int KangarooTwelve_Squeeze(KangarooTwelve_Instance *ktInstance, unsigned char *
 {
     if (ktInstance->phase != SQUEEZING)
         return 1;
-    return KeccakWidth1600_12rounds_SpongeSqueeze(&ktInstance->finalNode, output, outputLen);
+    return TurboSHAKE_Squeeze(&ktInstance->finalNode, output, outputLen);
 }
 
 int KangarooTwelve( const unsigned char * input, size_t inLen, unsigned char * output, size_t outLen, const unsigned char * customization, size_t customLen )

data/ext/digest/kangarootwelve/XKCP/lib/high/KangarooTwelve/KangarooTwelve.h

@@ -4,7 +4,7 @@ https://github.com/XKCP/XKCP
 
 KangarooTwelve, designed by Guido Bertoni, Joan Daemen, Michaël Peeters, Gilles Van Assche, Ronny Van Keer and Benoît Viguier.
 
-Implementation by Ronny Van Keer, hereby denoted as "the implementer".
+Implementation by Gilles Van Assche and Ronny Van Keer, hereby denoted as "the implementer".
 
 For more information, feedback or questions, please refer to the Keccak Team website:
 https://keccak.team/
@@ -22,14 +22,14 @@ http://creativecommons.org/publicdomain/zero/1.0/
 
 #include <stddef.h>
 #include "align.h"
-#include "KeccakSponge.h"
+#include "TurboSHAKE.h"
 #include "Phases.h"
 
 typedef KCP_Phases KangarooTwelve_Phases;
 
 typedef struct {
-    KeccakWidth1600_12rounds_SpongeInstance queueNode;
-    KeccakWidth1600_12rounds_SpongeInstance finalNode;
+    TurboSHAKE_Instance queueNode;
+    TurboSHAKE_Instance finalNode;
     size_t fixedOutputLength;
     size_t blockNumber;
     unsigned int queueAbsorbedLen;
@@ -45,7 +45,7 @@ typedef struct {
   * @param  customByteLen   The length of the customization string in bytes.
   * @return 0 if successful, 1 otherwise.
   */
-int KangarooTwelve(const unsigned char *input, size_t inputByteLen, unsigned char *output, size_t outputByteLen, const unsigned char *customization, size_t customByteLen );
+int KangarooTwelve(const unsigned char *input, size_t inputByteLen, unsigned char *output, size_t outputByteLen, const unsigned char *customization, size_t customByteLen);
 
 /**
   * Function to initialize a KangarooTwelve instance.

data/ext/digest/kangarootwelve/XKCP/lib/high/Keccak/KeccakSponge.c

@@ -91,21 +91,3 @@ http://creativecommons.org/publicdomain/zero/1.0/
     #undef SnP_Permute
     #undef SnP_FastLoop_Absorb
 #endif
-
-#ifdef XKCP_has_KeccakP1600
-    #include "KeccakP-1600-SnP.h"
-
-    #define prefix KeccakWidth1600_12rounds
-    #define SnP KeccakP1600
-    #define SnP_width 1600
-    #define SnP_Permute KeccakP1600_Permute_12rounds
-    #if defined(KeccakP1600_12rounds_FastLoop_supported)
-        #define SnP_FastLoop_Absorb KeccakP1600_12rounds_FastLoop_Absorb
-    #endif
-        #include "KeccakSponge.inc"
-    #undef prefix
-    #undef SnP
-    #undef SnP_width
-    #undef SnP_Permute
-    #undef SnP_FastLoop_Absorb
-#endif

data/ext/digest/kangarootwelve/XKCP/lib/high/Keccak/KeccakSponge.h

@@ -67,10 +67,4 @@ http://creativecommons.org/publicdomain/zero/1.0/
     #define XKCP_has_Sponge_Keccak_width1600
 #endif
 
-#ifdef XKCP_has_KeccakP1600
-    #include "KeccakP-1600-SnP.h"
-    XKCP_DeclareSpongeStructure(KeccakWidth1600_12rounds, KeccakP1600_stateSizeInBytes, KeccakP1600_stateAlignment)
-    XKCP_DeclareSpongeFunctions(KeccakWidth1600_12rounds)
-#endif
-
 #endif

data/ext/digest/kangarootwelve/XKCP/lib/high/Keccak/KeccakSponge.inc

@@ -161,7 +161,7 @@ int SpongeAbsorb(SpongeInstance *instance, const unsigned char *data, size_t dat
     i = 0;
     curData = data;
     while(i < dataByteLen) {
-        if ((instance->byteIOIndex == 0) && (dataByteLen >= (i + rateInBytes))) {
+        if ((instance->byteIOIndex == 0) && (dataByteLen-i >= rateInBytes)) {
 #ifdef SnP_FastLoop_Absorb
             /* processing full blocks first */
             if ((rateInBytes % (SnP_width/200)) == 0) {
@@ -187,9 +187,10 @@ int SpongeAbsorb(SpongeInstance *instance, const unsigned char *data, size_t dat
         }
         else {
             /* normal lane: using the message queue */
-            partialBlock = (unsigned int)(dataByteLen - i);
-            if (partialBlock+instance->byteIOIndex > rateInBytes)
+            if (dataByteLen-i > rateInBytes-instance->byteIOIndex)
                 partialBlock = rateInBytes-instance->byteIOIndex;
+            else
+                partialBlock = (unsigned int)(dataByteLen - i);
             #ifdef KeccakReference
             displayBytes(1, "Block to be absorbed (part)", curData, partialBlock);
             #endif
@@ -264,7 +265,7 @@ int SpongeSqueeze(SpongeInstance *instance, unsigned char *data, size_t dataByte
     i = 0;
     curData = data;
     while(i < dataByteLen) {
-        if ((instance->byteIOIndex == rateInBytes) && (dataByteLen >= (i + rateInBytes))) {
+        if ((instance->byteIOIndex == rateInBytes) && (dataByteLen-i >= rateInBytes)) {
             for(j=dataByteLen-i; j>=rateInBytes; j-=rateInBytes) {
                 SnP_Permute(instance->state);
                 SnP_ExtractBytes(instance->state, curData, 0, rateInBytes);
@@ -281,9 +282,10 @@ int SpongeSqueeze(SpongeInstance *instance, unsigned char *data, size_t dataByte
                 SnP_Permute(instance->state);
                 instance->byteIOIndex = 0;
             }
-            partialBlock = (unsigned int)(dataByteLen - i);
-            if (partialBlock+instance->byteIOIndex > rateInBytes)
+            if (dataByteLen-i > rateInBytes-instance->byteIOIndex)
                 partialBlock = rateInBytes-instance->byteIOIndex;
+            else
+                partialBlock = (unsigned int)(dataByteLen - i);
             i += partialBlock;
 
             SnP_ExtractBytes(instance->state, curData, instance->byteIOIndex, partialBlock);