sha3-ruby 0.0.1

data/ext/sha3/KeccakReferenceAndOptimized/Sources/Keccak-avr8.h

@@ -0,0 +1,25 @@
+/*
+The Keccak sponge function, designed by Guido Bertoni, Joan Daemen,
+Michaël Peeters and Gilles Van Assche. For more information, feedback or
+questions, please refer to our website: http://keccak.noekeon.org/
+
+Implementation by Ronny Van Keer, hereby denoted as "the implementer".
+
+To the extent possible under law, the implementer has waived all copyright
+and related or neighboring rights to the source code in this file.
+http://creativecommons.org/publicdomain/zero/1.0/
+*/
+
+#ifndef _Keccak_AVR_h_
+#define _Keccak_AVR_h_
+
+#include "Keccak-avr8-settings.h"
+
+#ifndef cKeccakB
+/*	Only Keccak-F1600 is supported	*/
+#define	cKeccakB	1600
+#endif
+
+int crypto_hash( unsigned char *out, const unsigned char *in, unsigned long long inlen );
+
+#endif

data/ext/sha3/KeccakReferenceAndOptimized/Sources/Keccak-compact-settings.h

@@ -0,0 +1,3 @@
+#define cKeccakB    800
+#define cKeccakR    512
+//#define cKeccakFixedOutputLengthInBytes 64

data/ext/sha3/KeccakReferenceAndOptimized/Sources/Keccak-compact-test.c

@@ -0,0 +1,317 @@
+/*
+The Keccak sponge function, designed by Guido Bertoni, Joan Daemen,
+Michaël Peeters and Gilles Van Assche. For more information, feedback or
+questions, please refer to our website: http://keccak.noekeon.org/
+
+Implementation by Ronny Van Keer,
+hereby denoted as "the implementer".
+
+To the extent possible under law, the implementer has waived all copyright
+and related or neighboring rights to the source code in this file.
+http://creativecommons.org/publicdomain/zero/1.0/
+*/
+
+#include "Keccak-compact.h"
+
+#define cKeccakR_SizeInBytes    (cKeccakR / 8)
+#include <string.h>
+#include <stdio.h>
+#include <ctype.h>
+
+#if        (cKeccakB    == 1600) && (cKeccakR == 1024)
+    const char *    testVectorFile = "ShortMsgKAT_0.txt";
+#elif    (cKeccakB    == 1600) && (cKeccakR == 1152) && (cKeccakFixedOutputLengthInBytes == 28)
+    const char *    testVectorFile = "ShortMsgKAT_224.txt";
+#elif    (cKeccakB    == 1600) && (cKeccakR == 1088) && (cKeccakFixedOutputLengthInBytes == 32)
+    const char *    testVectorFile = "ShortMsgKAT_256.txt";
+#elif    (cKeccakB    == 1600) && (cKeccakR == 832) && (cKeccakFixedOutputLengthInBytes == 48)
+    const char *    testVectorFile = "ShortMsgKAT_384.txt";
+#elif    (cKeccakB    == 1600) && (cKeccakR == 576) && (cKeccakFixedOutputLengthInBytes == 64)
+    const char *    testVectorFile = "ShortMsgKAT_512.txt";
+#elif    (cKeccakB    == 1600) && (cKeccakR == 1344)
+    const char *    testVectorFile = "ShortMsgKAT_r1344c256.txt";
+#elif    (cKeccakB    == 800) && (cKeccakR == 544)
+    const char *    testVectorFile = "ShortMsgKAT_r544c256.txt";
+#elif    (cKeccakB    == 800) && (cKeccakR == 512)
+    const char *    testVectorFile = "ShortMsgKAT_r512c288.txt";
+#elif    (cKeccakB    == 800) && (cKeccakR == 256)
+    const char *    testVectorFile = "ShortMsgKAT_r256c544.txt";
+#elif    (cKeccakB    == 400) && (cKeccakR == 144)
+    const char *    testVectorFile = "ShortMsgKAT_r144c256.txt";
+#elif    (cKeccakB    == 400) && (cKeccakR == 128)
+    const char *    testVectorFile = "ShortMsgKAT_r128c272.txt";
+#elif    (cKeccakB    == 200) && (cKeccakR == 40)
+    const char *    testVectorFile = "ShortMsgKAT_r40c160.txt";
+#else
+#error "Please set the vector file name here."
+#endif
+
+#define    cKeccakMaxMessageSizeInBits		2047
+#define    cKeccakMaxMessageSizeInBytes		(cKeccakMaxMessageSizeInBits/8)
+
+#ifdef cKeccakFixedOutputLengthInBytes
+	#define    cKeccakHashRefSizeInBytes		cKeccakFixedOutputLengthInBytes
+#elif	(cKeccakB == 1600)
+	#define    cKeccakHashRefSizeInBytes		512
+#else
+	#define    cKeccakHashRefSizeInBytes		cKeccakR_SizeInBytes
+#endif
+
+
+ALIGN unsigned char input[cKeccakMaxMessageSizeInBytes];
+ALIGN unsigned char output[cKeccakHashRefSizeInBytes];
+ALIGN unsigned char ref[cKeccakHashRefSizeInBytes];
+
+//
+// ALLOW TO READ HEXADECIMAL ENTRY (KEYS, DATA, TEXT, etc.)
+//
+#define MAX_MARKER_LEN      50
+
+int FindMarker(FILE *infile, const char *marker);
+int FindMarker(FILE *infile, const char *marker)
+{
+    char    line[MAX_MARKER_LEN];
+    int     i, len;
+
+    len = (int)strlen(marker);
+    if ( len > MAX_MARKER_LEN-1 )
+        len = MAX_MARKER_LEN-1;
+
+    for ( i=0; i<len; i++ )
+        if ( (line[i] = fgetc(infile)) == EOF )
+            return 0;
+    line[len] = '\0';
+
+    while ( 1 ) {
+        if ( !strncmp(line, marker, len) )
+            return 1;
+
+        for ( i=0; i<len-1; i++ )
+            line[i] = line[i+1];
+        if ( (line[len-1] = fgetc(infile)) == EOF )
+            return 0;
+        line[len] = '\0';
+    }
+
+    // shouldn't get here
+    return 0;
+}
+
+//
+// ALLOW TO READ HEXADECIMAL ENTRY (KEYS, DATA, TEXT, etc.)
+//
+int ReadHex(FILE *infile, BitSequence *A, int Length, char *str);
+int ReadHex(FILE *infile, BitSequence *A, int Length, char *str)
+{
+    int         i, ch, started;
+    BitSequence ich;
+
+    if ( Length == 0 ) {
+        A[0] = 0x00;
+        return 1;
+    }
+    memset(A, 0x00, Length);
+    started = 0;
+    i = 0;
+    if ( FindMarker(infile, str) )
+        while ( (ch = fgetc(infile)) != EOF ) 
+        {
+            if ( !isxdigit(ch) ) {
+                if ( !started ) {
+                    if ( ch == '\n' )
+                        break;
+                    else
+                        continue;
+                }
+                else
+                    break;
+            }
+            started = 1;
+            if ( (ch >= '0') && (ch <= '9') )
+                ich = ch - '0';
+            else if ( (ch >= 'A') && (ch <= 'F') )
+                ich = ch - 'A' + 10;
+            else if ( (ch >= 'a') && (ch <= 'f') )
+                ich = ch - 'a' + 10;
+
+            A[i / 2] = (A[i / 2] << 4) | ich;
+            if ( (++i / 2) == Length )
+                break;
+        }
+    else
+        return 0;
+
+    return 1;
+}
+
+int main( void )
+{
+    unsigned long long    inlen;
+    unsigned long long    offset;
+    unsigned long long    size;
+    int                    result = 0;
+    FILE                *fp_in;
+    char                marker[20];
+    int                    refLen;
+    hashState			state;
+
+#ifdef cKeccakFixedOutputLengthInBytes
+    refLen = cKeccakFixedOutputLengthInBytes;
+#else
+    refLen = cKeccakR_SizeInBytes;
+#endif
+
+    printf( "Testing Keccak[r=%u, c=%u] using crypto_hash() against %s over %d squeezed bytes\n", cKeccakR, cKeccakB - cKeccakR, testVectorFile, refLen );
+    if ( (fp_in = fopen(testVectorFile, "r")) == NULL ) 
+    {
+        printf("Couldn't open <%s> for read\n", testVectorFile);
+        return 1;
+    }
+
+    for ( inlen = 0; inlen <= cKeccakMaxMessageSizeInBytes; ++inlen )
+    {
+        sprintf( marker, "Len = %u", inlen * 8 );
+        if ( !FindMarker(fp_in, marker) )
+        {
+            printf("ERROR: no test vector found (%u bytes)\n", inlen );
+            result = 1;
+            break;
+        }
+        if ( !ReadHex(fp_in, input, (int)inlen, "Msg = ") ) 
+        {
+            printf("ERROR: unable to read 'Msg' (%u bytes)\n", inlen );
+            result = 1;
+            break;
+        }
+
+        result = crypto_hash( output, input, inlen );
+        if ( result != 0 )
+        {
+            printf("ERROR: crypto_hash() (%u bytes)\n", inlen);
+            result = 1;
+            break;
+        }
+
+        #ifdef cKeccakFixedOutputLengthInBytes
+        if ( !ReadHex(fp_in, input, refLen, "MD = ") )
+        #else
+        if ( !ReadHex(fp_in, input, refLen, "Squeezed = ") )
+        #endif
+        {
+            printf("ERROR: unable to read 'Squeezed/MD' (%u bytes)\n", inlen );
+            result = 1;
+            break;
+        }
+        if ( memcmp( output, input, refLen ) != 0) 
+        {
+            printf("ERROR: hash verification (%u bytes)\n", inlen );
+            for(result=0; result<refLen; result++)
+                printf("%02X ", output[result]);
+            printf("\n");
+            result = 1;
+            break;
+        }
+    }
+    if ( !result )
+        printf( "\nSuccess!\n");
+	result = 0;
+
+    refLen = cKeccakHashRefSizeInBytes;
+    printf( "\nTesting Keccak[r=%u, c=%u] using Init/Update/Final() against %s over %d squeezed bytes\n", cKeccakR, cKeccakB - cKeccakR, testVectorFile, refLen );
+    fseek( fp_in, 0, SEEK_SET );
+    for ( inlen = 0; inlen <= cKeccakMaxMessageSizeInBits; ++inlen )
+    {
+        sprintf( marker, "Len = %u", inlen );
+        if ( !FindMarker(fp_in, marker) )
+        {
+            printf("ERROR: no test vector found (%u bits)\n", inlen );
+            result = 1;
+            break;
+        }
+        if ( !ReadHex(fp_in, input, (int)inlen, "Msg = ") ) 
+        {
+            printf("ERROR: unable to read 'Msg' (%u bits)\n", inlen );
+            result = 1;
+            break;
+        }
+
+		result = Init( &state );
+        if ( result != 0 )
+        {
+            printf("ERROR: Init() (%u bits)\n", inlen);
+            result = 1;
+            break;
+        }
+
+		for ( offset = 0; offset < inlen; offset += size )
+		{
+			//	vary sizes for Update()
+			if ( (inlen %8) < 2 )
+			{
+				//	byte per byte
+				size = 8;
+			}
+			else if ( (inlen %8) < 4 )
+			{
+				//	incremental
+				size = offset + 8;
+			}
+			else
+			{
+				//	random
+				size = ((rand() % ((inlen + 8) / 8)) + 1) * 8;
+			}
+
+			if ( size > (inlen - offset) ) 
+			{
+				size = inlen - offset;
+			}
+			//printf("Update() inlen %u, size %u, offset %u\n", (unsigned int)inlen, (unsigned int)size, (unsigned int)offset );
+			result = Update( &state, input + offset / 8, size );
+	        if ( result != 0 )
+	        {
+	            printf("ERROR: Update() (%u bits)\n", inlen);
+	            result = 1;
+	            break;
+	        }
+		}
+		result = Final( &state, output, refLen );
+        if ( result != 0 )
+        {
+            printf("ERROR: Final() (%u bits)\n", inlen);
+            result = 1;
+            break;
+        }
+
+        #ifdef cKeccakFixedOutputLengthInBytes
+        if ( !ReadHex(fp_in, input, refLen, "MD = ") )
+        #else
+        if ( !ReadHex(fp_in, input, refLen, "Squeezed = ") )
+        #endif
+        {
+            printf("ERROR: unable to read 'Squeezed/MD' (%u bits)\n", inlen );
+            result = 1;
+            break;
+        }
+        if ( memcmp( output, input, refLen ) != 0) 
+        {
+            printf("ERROR: hash verification (%u bits)\n", inlen );
+            for(result=0; result<refLen; result++)
+                printf("%02X ", output[result]);
+            printf("\n");
+            result = 1;
+            break;
+        }
+    }
+
+    fclose( fp_in );
+    if ( !result )
+        printf( "\nSuccess!\n");
+
+    //printf( "\nPress a key ...");
+    //getchar();
+    //printf( "\n");
+    return ( result );
+}
+
+

data/ext/sha3/KeccakReferenceAndOptimized/Sources/Keccak-compact.c

@@ -0,0 +1,341 @@
+/*
+The Keccak sponge function, designed by Guido Bertoni, Joan Daemen,
+Michaël Peeters and Gilles Van Assche. For more information, feedback or
+questions, please refer to our website: http://keccak.noekeon.org/
+
+Implementation by Ronny Van Keer,
+hereby denoted as "the implementer".
+
+To the extent possible under law, the implementer has waived all copyright
+and related or neighboring rights to the source code in this file.
+http://creativecommons.org/publicdomain/zero/1.0/
+*/
+
+
+#include    <string.h>
+#include "Keccak-compact-settings.h"
+#include "Keccak-compact.h"
+#define cKeccakR_SizeInBytes    (cKeccakR / 8)
+#include "crypto_hash.h"
+#ifndef crypto_hash_BYTES
+    #ifdef cKeccakFixedOutputLengthInBytes
+        #define crypto_hash_BYTES cKeccakFixedOutputLengthInBytes
+    #else
+        #define crypto_hash_BYTES cKeccakR_SizeInBytes
+    #endif
+#endif
+#if (crypto_hash_BYTES > cKeccakR_SizeInBytes)
+    #error "Full squeezing not yet implemented"
+#endif
+
+#define IS_BIG_ENDIAN      4321 /* byte 0 is most significant (mc68k) */
+#define IS_LITTLE_ENDIAN   1234 /* byte 0 is least significant (i386) */
+#define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN /* WARNING: This implementation works on little-endian platform. Support for big-endinanness is implemented, but not tested. */
+
+#if     (cKeccakB   == 1600)
+    typedef unsigned long long  UINT64;
+    typedef UINT64 tKeccakLane;
+    #define cKeccakNumberOfRounds   24
+#elif   (cKeccakB   == 800)
+    typedef unsigned int        UINT32;
+    // WARNING: on 8-bit and 16-bit platforms, this should be replaced by:
+    //typedef unsigned long       UINT32;
+    typedef UINT32 tKeccakLane;
+    #define cKeccakNumberOfRounds   22
+#elif   (cKeccakB   == 400)
+    typedef unsigned short      UINT16;
+    typedef UINT16 tKeccakLane;
+    #define cKeccakNumberOfRounds   20
+#elif   (cKeccakB   == 200)
+    typedef unsigned char       UINT8;
+    typedef UINT8 tKeccakLane;
+    #define cKeccakNumberOfRounds   18
+#else
+    #error  "Unsupported Keccak-f width"
+#endif
+
+typedef unsigned int tSmallUInt; /*INFO It could be more optimized to use "unsigned char" on an 8-bit CPU	*/
+
+
+#define cKeccakLaneSizeInBits   (sizeof(tKeccakLane) * 8)
+
+#define ROL(a, offset) (tKeccakLane)((((tKeccakLane)a) << ((offset) % cKeccakLaneSizeInBits)) ^ (((tKeccakLane)a) >> (cKeccakLaneSizeInBits-((offset) % cKeccakLaneSizeInBits))))
+
+void KeccakF( tKeccakLane * state, const tKeccakLane *in, int laneCount );
+
+
+int crypto_hash( unsigned char *out, const unsigned char *in, unsigned long long inlen )
+{
+    tKeccakLane		state[5 * 5];
+	#if (crypto_hash_BYTES >= cKeccakR_SizeInBytes)
+    #define temp out
+	#else
+    unsigned char 	temp[cKeccakR_SizeInBytes];
+	#endif
+
+    memset( state, 0, sizeof(state) );
+
+    for ( /* empty */; inlen >= cKeccakR_SizeInBytes; inlen -= cKeccakR_SizeInBytes, in += cKeccakR_SizeInBytes )
+    {
+        KeccakF( state, (const tKeccakLane*)in, cKeccakR_SizeInBytes / sizeof(tKeccakLane) );
+    }
+
+    /*    Last data and padding	*/
+    memcpy( temp, in, (size_t)inlen );
+    temp[inlen++] = 1;
+    memset( temp+inlen, 0, cKeccakR_SizeInBytes - (size_t)inlen );
+    temp[cKeccakR_SizeInBytes-1] |= 0x80;
+    KeccakF( state, (const tKeccakLane*)temp, cKeccakR_SizeInBytes / sizeof(tKeccakLane) );
+
+    #if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN) || (cKeccakB == 200)
+
+    memcpy( out, state, crypto_hash_BYTES );
+
+	#else
+
+    for ( i = 0; i < (crypto_hash_BYTES / sizeof(tKeccakLane)); ++i )
+	{
+		tSmallUInt		j;
+	    tKeccakLane		t;
+
+		t = state[i];
+		for ( j = 0; j < sizeof(tKeccakLane); ++j )
+		{
+			*(out++) = (unsigned char)t;
+			t >>= 8;
+		}
+	}
+
+	#endif
+	#if (crypto_hash_BYTES >= cKeccakR_SizeInBytes)
+    #undef temp
+	#endif
+
+    return ( 0 );
+}
+
+
+const tKeccakLane KeccakF_RoundConstants[cKeccakNumberOfRounds] = 
+{
+    (tKeccakLane)0x0000000000000001ULL,
+    (tKeccakLane)0x0000000000008082ULL,
+    (tKeccakLane)0x800000000000808aULL,
+    (tKeccakLane)0x8000000080008000ULL,
+    (tKeccakLane)0x000000000000808bULL,
+    (tKeccakLane)0x0000000080000001ULL,
+    (tKeccakLane)0x8000000080008081ULL,
+    (tKeccakLane)0x8000000000008009ULL,
+    (tKeccakLane)0x000000000000008aULL,
+    (tKeccakLane)0x0000000000000088ULL,
+    (tKeccakLane)0x0000000080008009ULL,
+    (tKeccakLane)0x000000008000000aULL,
+    (tKeccakLane)0x000000008000808bULL,
+    (tKeccakLane)0x800000000000008bULL,
+    (tKeccakLane)0x8000000000008089ULL,
+    (tKeccakLane)0x8000000000008003ULL,
+    (tKeccakLane)0x8000000000008002ULL,
+    (tKeccakLane)0x8000000000000080ULL
+	#if		(cKeccakB	>= 400)
+  , (tKeccakLane)0x000000000000800aULL,
+    (tKeccakLane)0x800000008000000aULL
+	#if		(cKeccakB	>= 800)
+  , (tKeccakLane)0x8000000080008081ULL,
+    (tKeccakLane)0x8000000000008080ULL
+	#if		(cKeccakB	== 1600)
+  , (tKeccakLane)0x0000000080000001ULL,
+    (tKeccakLane)0x8000000080008008ULL
+	#endif
+	#endif
+	#endif
+};
+
+const tSmallUInt KeccakF_RotationConstants[25] = 
+{
+	 1,  3,  6, 10, 15, 21, 28, 36, 45, 55,  2, 14, 27, 41, 56,  8, 25, 43, 62, 18, 39, 61, 20, 44
+};
+
+const tSmallUInt KeccakF_PiLane[25] = 
+{
+    10,  7, 11, 17, 18,  3,  5, 16,  8, 21, 24,  4, 15, 23, 19, 13, 12,  2, 20, 14, 22,  9,  6,  1 
+};
+
+const tSmallUInt KeccakF_Mod5[10] = 
+{
+    0, 1, 2, 3, 4, 0, 1, 2, 3, 4
+};
+
+
+void KeccakF( tKeccakLane * state, const tKeccakLane *in, int laneCount )
+{
+	tSmallUInt x, y;
+    tKeccakLane temp;
+    tKeccakLane BC[5];
+
+	#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN) || (cKeccakB == 200)
+    while ( --laneCount >= 0 )
+	{
+        state[laneCount] ^= in[laneCount];
+	}
+	#else
+	temp = 0; /* please compiler */
+    while ( --laneCount >= 0 )
+	{
+		for ( x = 0; x < sizeof(tKeccakLane); ++x )
+		{
+			temp <<= 8;
+			temp |= ((char*)&in[laneCount])[x];
+		}
+        state[laneCount] = temp;
+	}
+	#endif
+
+	#define	round	laneCount
+    for( round = 0; round < cKeccakNumberOfRounds; ++round )
+    {
+		// Theta
+		for ( x = 0; x < 5; ++x )
+		{
+			BC[x] = state[x] ^ state[5 + x] ^ state[10 + x] ^ state[15 + x] ^ state[20 + x];
+		}
+		for ( x = 0; x < 5; ++x )
+		{
+			temp = BC[KeccakF_Mod5[x+4]] ^ ROL(BC[KeccakF_Mod5[x+1]], 1);
+			for ( y = 0; y < 25; y += 5 )
+			{
+				state[y + x] ^= temp;
+			}
+		}
+
+        // Rho Pi
+		temp = state[1];
+		for ( x = 0; x < 24; ++x )
+		{
+			BC[0] = state[KeccakF_PiLane[x]];
+			state[KeccakF_PiLane[x]] = ROL( temp, KeccakF_RotationConstants[x] );
+			temp = BC[0];
+		}
+
+		//	Chi
+		for ( y = 0; y < 25; y += 5 )
+		{
+			BC[0] = state[y + 0];
+			BC[1] = state[y + 1];
+			BC[2] = state[y + 2];
+			BC[3] = state[y + 3];
+			BC[4] = state[y + 4];
+			for ( x = 0; x < 5; ++x )
+			{
+				state[y + x] = BC[x] ^((~BC[KeccakF_Mod5[x+1]]) & BC[KeccakF_Mod5[x+2]]);
+			}
+		}
+
+		//	Iota
+		state[0] ^= KeccakF_RoundConstants[round];
+    }
+	#undef	round
+
+}
+
+
+HashReturn Init(hashState *state)
+{
+
+	state->bitsInQueue = 0;
+	memset( state->state, 0, sizeof(state->state) );
+
+	return ( SUCCESS );
+}
+
+HashReturn Update(hashState *state, const BitSequence *data, DataLength databitlen)
+{
+	
+	if ( (state->bitsInQueue < 0) || ((state->bitsInQueue % 8) != 0) )
+	{
+		/*	 Final() already called or bits already in queue not modulo 8.	*/
+		return ( FAIL );
+	}
+
+	/*	If already data in queue, continue queuing first */
+	for ( /* empty */; (databitlen >= 8) && (state->bitsInQueue != 0); databitlen -= 8 )
+	{
+		state->state[state->bitsInQueue / 8] ^= *(data++);
+		if ( (state->bitsInQueue += 8) == cKeccakR )
+		{
+			KeccakF( (tKeccakLane *)state->state, 0, 0 );
+			state->bitsInQueue = 0;
+		}
+	}
+
+	/*	Absorb complete blocks */
+	for ( /* */; databitlen >= cKeccakR; databitlen -= cKeccakR, data += cKeccakR_SizeInBytes )
+	{
+		KeccakF( (tKeccakLane *)state->state, (const tKeccakLane *)data, cKeccakR_SizeInBytes / sizeof(tKeccakLane) );
+	}
+
+	/*	Queue remaining data bytes */
+	for ( /* empty */; databitlen >=8; databitlen -= 8, state->bitsInQueue += 8 )
+	{
+		state->state[state->bitsInQueue / 8] ^= *(data++);
+	}
+	/*	Queue eventual remaining data bits plus add first padding bit */
+	if ( databitlen != 0 )
+	{
+		state->state[state->bitsInQueue / 8] ^= (*data >> (8 - databitlen));
+		state->bitsInQueue += (int)databitlen;
+	}
+	return ( SUCCESS );
+}
+
+HashReturn Final(hashState *state, BitSequence *hashval, int hashbytelen)
+{
+	tSmallUInt	i;
+
+	if ( state->bitsInQueue < 0 )
+	{
+		/*	 Final() already called.	*/
+		return ( FAIL );
+	}
+
+    // Padding
+    if (state->bitsInQueue + 1 == cKeccakR_SizeInBytes*8) {
+        state->state[cKeccakR_SizeInBytes-1] ^= 0x80;
+		KeccakF( (tKeccakLane *)state->state, 0, 0 );
+    }
+    else {
+        state->state[state->bitsInQueue/8] ^= 1 << (state->bitsInQueue % 8);
+    }
+    state->state[cKeccakR_SizeInBytes-1] ^= 0x80;
+    KeccakF( (tKeccakLane *)state->state, 0, 0 );
+
+    // Output
+	for ( /* empty */; hashbytelen != 0; hashval += i, hashbytelen -= i )
+	{
+		i = (hashbytelen < cKeccakR_SizeInBytes) ? hashbytelen : cKeccakR_SizeInBytes;
+
+		#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN) || (cKeccakB == 200)
+
+	    memcpy( hashval, state->state, i );
+
+		#else
+
+	    for ( offset = 0; offset < i; offset += sizeof(tKeccakLane) )
+		{
+			tSmallUInt		j;
+
+			for ( j = 0; j < sizeof(tKeccakLane); ++j )
+			{
+				hashval[offset + j] = state->state[offset + (sizeof(tKeccakLane) - 1) - j];
+			}
+		}
+
+		#endif
+
+		if ( i != hashbytelen )
+		{
+			KeccakF( (tKeccakLane *)state->state, 0, 0 );
+		}
+	}
+
+	state->bitsInQueue = -1;	/* flag final state */
+	return ( SUCCESS );
+}