sha3 1.0.3 → 1.0.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2abc34b466bf79618721bac7202c2e4c2617175a74843ae4e059e698da1bb813
-  data.tar.gz: c805b46df9491e191022164606330d1b4d8bb709470399558da0d8272041e210
+  metadata.gz: 16edba407e859ee7afacc8a405666ec66cab0052cd7788e79089bd3f0d295844
+  data.tar.gz: 5552886038bbec790d086599cbbe6ad09a0c3561b58a9a2dfff2b9c9834b7154
 SHA512:
-  metadata.gz: 61f430b210275ae079d8ce0baf13841b02fe817ff4ee80215eb99578920d1bff3131b453ec7bf80426b11607302404705cc55a017a0e19bded58485755f9d492
-  data.tar.gz: 475662e0c8a0d74b9222152a9b98bfed02bcb385551f212cac5cdc23e5e9a2eccc99ffb1c7bb101b1ca50fb55c3614d4e17d63b267a1ef4864339998df90f2c7
+  metadata.gz: a8e36ae984df177684d4b1a70689a80824e9d9ee70fd07812eaa50c8f0cd90a90f292dca435764842b737fb268084d09fa5f47450bdc9cf93316253c70484945
+  data.tar.gz: a643ded4e2f9828d732f428eba1757c6cc383797f32b52ba7427dae8234ac9bc0e158712ccf64d7be77f2538b80904efaf26a0e455ce9515f9a76679929054c0

data/.rspec

@@ -1 +1,3 @@
---colour --format documentation
+--format documentation
+--color
+--require ./spec/spec_helper

data/.rubocop.yml

@@ -0,0 +1,6 @@
+AllCops:
+  NewCops: enable
+  TargetRubyVersion: 2.6
+
+Layout/LineLength:
+  Max: 120

data/Gemfile

@@ -1,3 +1,5 @@
-source 'http://rubygems.org'
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
 
 gemspec

data/README.md

@@ -1,14 +1,15 @@
 # sha3  
 
-[![Gem Version](https://badge.fury.io/rb/sha3.svg)](https://badge.fury.io/rb/sha3) [![CI](https://secure.travis-ci.org/johanns/sha3.png)](https://secure.travis-ci.org/johanns/sha3) [![CodeClimate](https://codeclimate.com/github/johanns/sha3.png)](https://codeclimate.com/github/johanns/sha3)
+[![Gem Version](https://badge.fury.io/rb/sha3.svg)](https://badge.fury.io/rb/sha3) [![Ruby](https://github.com/johanns/sha3/actions/workflows/main.yml/badge.svg)](https://github.com/johanns/sha3/actions/workflows/main.yml)
 
-**SHA3 for Ruby** is a native (C) binding to SHA3 (Keccak FIPS 202) cryptographic hashing algorithm.
+**SHA3 for Ruby** is a XKCP based native (C) binding to SHA3 (FIPS 202) cryptographic hashing algorithm.
 
 - [Home](https://github.com/johanns/sha3#readme)
 - [Issues](https://github.com/johanns/sha3/issues)
 - [Documentation](http://rubydoc.info/gems/sha3/frames)
+- [XKCP - eXtended Keccak Code Package](https://github.com/XKCP/XKCP)
 
-## Warnings
+## Warning
 
 - Please do NOT use SHA3 to hash passwords -- use a slow hashing function instead (e.g.: `pbkdf2`, `argon2`, `bcrypt` or `scrypt`)
 - Version 1.0 introduces new API and is incompatible with previous versions (0.x).
@@ -92,9 +93,9 @@ s = SHA3::Digest.file("tests.sh")
 # => #<SHA3::Digest: a9801db49389339...>
 ```
 
-## Development
+### Development Dependencies
 
-* Native build tools (e.g., GCC, Minigw, etc.)
+* Native build tools (e.g., Clang/LLVM, GCC, Minigw, etc.)
 * Gems: rubygems-tasks, rake, rspec, yard
 
 ### Testing
@@ -109,12 +110,14 @@ Only a small subset of test vectors are included in the source repository; howev
 
 Supported Ruby versions:
 
-  - MRI Ruby 2.4 - 3.0
+  - MRI Ruby 2.6 - 3.1
 
+## Credits
 
+XKCP by Keccak team: [https://keccak.team/index.html]()
 
 ## Copyright
 
-Copyright (c) 2012 - 2020 Johanns Gregorian (https://github.com/johanns)
+Copyright (c) 2012 - 2022 Johanns Gregorian (https://github.com/johanns)
 
 **See LICENSE.txt for details.**

data/Rakefile

@@ -1,47 +1,18 @@
-require 'rubygems'
-require 'rake'
+# frozen_string_literal: true
 
-begin
-  gem 'rubygems-tasks'
-  require 'rubygems/tasks'
-
-  Gem::Tasks.new
-rescue LoadError => e
-  warn e.message
-  warn 'Run `gem install rubygems-tasks` to install Gem::Tasks.'
-end
-
-begin
-  gem 'rspec'
-  require 'rspec/core/rake_task'
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
 
-  RSpec::Core::RakeTask.new
-rescue LoadError
-  task :spec do
-    abort 'Please run `gem install rspec` to install RSpec.'
-  end
-end
+RSpec::Core::RakeTask.new(:spec)
 
-task test: :spec
-task default: %i[compile spec]
+require 'rubocop/rake_task'
 
-begin
-  gem 'yard'
-  require 'yard'
+RuboCop::RakeTask.new
 
-  YARD::Rake::YardocTask.new
-rescue LoadError
-  task :yard do
-    abort 'Please run `gem install yard` to install YARD.'
-  end
-end
-task doc: :yard
+require 'rake/extensiontask'
 
 begin
-  gem 'rake-compiler'
-  require 'rake/extensiontask'
-
-  Rake::ExtensionTask.new do |ext|
+  Rake::ExtensionTask.new :compile do |ext|
     ext.name = 'sha3_n'
     ext.ext_dir = 'ext/sha3'
     ext.tmp_dir = 'tmp'
@@ -52,3 +23,5 @@ rescue LoadError
     abort 'Please run `gem install rake-compiler` to install Rake-Compiler.'
   end
 end
+
+task default: %i[compile spec]

data/certs/johanns.pem

@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIETDCCArSgAwIBAgIBATANBgkqhkiG9w0BAQsFADA2MQswCQYDVQQDDAJpbzET
+MBEGCgmSJomT8ixkARkWA2pzZzESMBAGCgmSJomT8ixkARkWAmlvMB4XDTIyMTAy
+NDA2MzcxMVoXDTIzMTAyNDA2MzcxMVowNjELMAkGA1UEAwwCaW8xEzARBgoJkiaJ
+k/IsZAEZFgNqc2cxEjAQBgoJkiaJk/IsZAEZFgJpbzCCAaIwDQYJKoZIhvcNAQEB
+BQADggGPADCCAYoCggGBALQTl5BGmtYGvljWwOTxe2Uul7RoBcSOwFUh03qUvHJf
+1LmWr6y1j97ogl/VffBXpbtTU4adZa+qTxfMs7GpfKDjikSIieZ7SrMNB68zCH0e
+undHx+bMutN7919rviHfGyaXlQK4SsuWUl4AOlgT69VPQp6dOBYY9T78jbr/ZcG6
++mDlRpNfPVg5i67euvpR5dO9SpO1HNoHmzx5L4wYNr9QykIft1oA+Ne+SAF66ykn
+agugF/R0Q7s+5Bpt3gr6SF2CvKsNJ2IS5TJO9unhLZ+h8FO7dcQw1EuJ31uHQKiD
+rWUv2tnKCvLkHg0S69VeQtQv58dklJ3iFJcSen4VRtC7r5JMEd1VrdpXU4JQ54gY
+tWrqWmazF9SOErbgvDlJgmlkMMkX6aoZ21/f1s6Z2myzP3KkRBjCf51BrgHTXTJD
+28ANp21H0o0HhrpVFJVDjToXRLczsw0O9lnL+khzkeZoc+YTZuvJDLKokavXhb4a
+vESgRttXjyN5jBKY7yFhKQIDAQABo2UwYzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIE
+sDAdBgNVHQ4EFgQUKmyX3Q2uwTPM9S5+K/5kg7qe3ugwFAYDVR0RBA0wC4EJaW9A
+anNnLmlvMBQGA1UdEgQNMAuBCWlvQGpzZy5pbzANBgkqhkiG9w0BAQsFAAOCAYEA
+TexWHx3uLVObT+ylm3OE8Iue3cHdrDVE3zSjo8VlU3u1WBznH9MdoiPB7wux61Zx
+jXUzBUaT7y7JnDaVGnECkpHXhfvPOYHBgkqEws6i79lAk/Va2U7EVPj0moM9d4Hv
+12V8YVM1Z9QnfwBVo7YGb5o7W8lr01jj1gT+Qcw+kln7M3Y9RB+jQ4DwySHVIEMc
+Ow7//MF7bhCz6T5uAOXlGe88wTHKW+fO1AmW5MIQZUojR5Ioxm80v2YdW/JnQZ1l
+3VFpCutilnhDuzSw3DhgxReX7AK42aXFFclIzi11twW4KUPdt1KIvaoL/DgbZivl
+PVG86dx4gfax2Mc2PiM+d1DiSllh+chh4dqRkIyhj0S4V7McQHkwW1ZBJ3kDf5rt
+1O/udKquzj7egb6uceqzBB40W/1/CsNkGNpNZ8Bk8lrTmKw+3bJpj+nKWxovmF2p
+VhzZDQf2jkcjBXKNA9Z5ku7g0TCR1/Y1V3ODgkTLqhw+kQZmlbQEVzcwxGk9eL8z
+-----END CERTIFICATE-----

data/ext/sha3/config.h

@@ -0,0 +1,26 @@
+/* File generated by ToTargetConfigFile.xsl */
+
+#define XKCP_has_Sponge_Keccak
+#define XKCP_has_FIPS202
+#define XKCP_has_KeccakP1600
+
+// #define XKCP_has_SP800_185
+// #define XKCP_has_Duplex_Keccak
+// #define XKCP_has_PRG_Keccak
+// #define XKCP_has_Ketje
+// #define XKCP_has_Keyak
+// #define XKCP_has_KangarooTwelve
+// #define XKCP_has_Kravatte
+// #define XKCP_has_Xoofff
+// #define XKCP_has_Xoodyak
+// #define XKCP_has_KeccakP200
+// #define XKCP_has_KeccakP400
+// #define XKCP_has_KeccakP800
+// #define XKCP_has_KeccakP1600
+// #define XKCP_has_KeccakP1600times2
+// #define XKCP_has_KeccakP1600times4
+// #define XKCP_has_KeccakP1600times8
+// #define XKCP_has_Xoodoo
+// #define XKCP_has_Xoodootimes4
+// #define XKCP_has_Xoodootimes8
+// #define XKCP_has_Xoodootimes16

data/ext/sha3/digest.c

@@ -64,7 +64,7 @@ static VALUE c_digest_update(VALUE, VALUE);
 
 HashReturn c_keccak_hash_initialize(MDX *mdx)
 {
-    HashReturn r = FAIL;
+    HashReturn r = KECCAK_FAIL;
 
     switch (mdx->hashbitlen)
     {
@@ -103,7 +103,7 @@ static VALUE c_digest_init(int argc, VALUE *argv, VALUE self)
         mdx->hashbitlen = 256;
     }
 
-    if (c_keccak_hash_initialize(mdx) != SUCCESS)
+    if (c_keccak_hash_initialize(mdx) != KECCAK_SUCCESS)
     {
         rb_raise(eSHA3DigestError, "failed to initialize algorithm state");
     }
@@ -120,14 +120,14 @@ static VALUE c_digest_init(int argc, VALUE *argv, VALUE self)
 static VALUE c_digest_update(VALUE self, VALUE data)
 {
     MDX *mdx;
-    DataLength dlen;
+    BitLength dlen;
 
     StringValue(data);
     GETMDX(self, mdx);
 
     dlen = (RSTRING_LEN(data) * 8);
 
-    if (Keccak_HashUpdate(mdx->state, (BitSequence *)RSTRING_PTR(data), dlen) != SUCCESS)
+    if (Keccak_HashUpdate(mdx->state, (BitSequence *)RSTRING_PTR(data), dlen) != KECCAK_SUCCESS)
     {
         rb_raise(eSHA3DigestError, "failed to update hash data");
     }
@@ -144,7 +144,7 @@ static VALUE c_digest_reset(VALUE self)
 
     memset(mdx->state, 0, sizeof(Keccak_HashInstance));
 
-    if (c_keccak_hash_initialize(mdx) != SUCCESS)
+    if (c_keccak_hash_initialize(mdx) != KECCAK_SUCCESS)
     {
         rb_raise(eSHA3DigestError, "failed to reset internal state");
     }
@@ -236,7 +236,7 @@ static VALUE c_digest_finish(int argc, VALUE *argv, VALUE self)
         rb_str_resize(str, mdx->hashbitlen / 8);
     }
 
-    if (Keccak_HashFinal(mdx->state, (BitSequence *)RSTRING_PTR(str)) != SUCCESS)
+    if (Keccak_HashFinal(mdx->state, (BitSequence *)RSTRING_PTR(str)) != KECCAK_SUCCESS)
     {
         rb_raise(eSHA3DigestError, "failed to finalize digest");
     }

data/ext/sha3/extconf.rb

@@ -1,26 +1,50 @@
+# frozen_string_literal: true
+
 require 'mkmf'
 require 'rbconfig'
 
-target_cpu = RbConfig::CONFIG['target_cpu']
+# Maintaining XKCP lib directory structure to hopefully simplify 
+# future upgrades.
+
+keccak_base_files = [
+  'lib/high/Keccak/KeccakSponge.c',
+  'lib/high/Keccak/FIPS202/KeccakHash.c'
+]
 
-if 1.size == 4 and target_cpu =~ /i386|x86_32/   # x86 32bit optimized code
-  Logging::message "=== Using reference  ===\n"
-  FileUtils.cp Dir["#{$srcdir}/Reference/*"].collect { |f| File.expand_path(f) }, "#{$srcdir}/"
-elsif 1.size == 8 and target_cpu =~ /i686|x86_64/
-  Logging::message "=== Using optimized (64-bit) ===\n"
-  FileUtils.cp Dir["#{$srcdir}/Optimized64/*"].collect { |f| File.expand_path(f) }, "#{$srcdir}/"
+if 1.size == 8
+  Logging.message "=== Using 64-bit reference ===\n"
+
+  keccak_base_files << 'lib/low/KeccakP-1600/ref-64bits/KeccakP-1600-reference.c'
 else
-  Logging::message "=== Using reference ===\n"
-  FileUtils.cp Dir["#{$srcdir}/Reference/*"].collect { |f| File.expand_path(f) }, "#{$srcdir}/"
+  Logging.message "=== Using 32-bit reference ===\n"
+
+  keccak_base_files << 'lib/low/KeccakP-1600/ref-32bits/KeccakP-1600-reference32BI.c'
 end
 
-find_header("sha3.h")
-find_header("digest.h")
+FileUtils.cp keccak_base_files.map { |f| "#{$srcdir}/#{f}" }, $srcdir
 
-$CFLAGS = ' -fomit-frame-pointer -O3 -g0'
+extension_name = 'sha3_n'
+dir_config(extension_name)
 
-if enable_config('march-tune-native', false)
-  $CFLAGS += ' -march=native'
-end
+$INCFLAGS << [
+  ' -I$(src) ',
+  ' -I$(srcdir)lib/ ',
+  ' -I$(srcdir)/lib/common ',
+  ' -I$(srcdir)/lib/high/Keccak ',
+  ' -I$(srcdir)/lib/high/Keccak/FIPS202 ',
+  ' -I$(srcdir)/lib/low/KeccakP-1600/common ',
+  ' -I$(srcdir)/lib/low/KeccakP-1600/ref-32bits ',
+  ' -I$(srcdir)/lib/low/KeccakP-1600/ref-64bits '
+].join
+
+$CFLAGS << ' -fomit-frame-pointer -O3 -g0 -fms-extensions '
+$CFLAGS << ' -march=native ' if enable_config('march-tune-native', false)
+
+find_header('sha3.h')
+find_header('digest.h')
+find_header('align.h')
+find_header('brg_endian.h')
+find_header('KeccakSponge.h')
+find_header('KeccakHash.h')
 
-create_makefile 'sha3_n'
+create_makefile extension_name

data/ext/sha3/lib/common/align.h

@@ -0,0 +1,33 @@
+/*
+The eXtended Keccak Code Package (XKCP)
+https://github.com/XKCP/XKCP
+
+Implementation by Gilles Van Assche and Ronny Van Keer, hereby denoted as "the implementer".
+
+For more information, feedback or questions, please refer to the Keccak Team website:
+https://keccak.team/
+
+To the extent possible under law, the implementer has waived all copyright
+and related or neighboring rights to the source code in this file.
+http://creativecommons.org/publicdomain/zero/1.0/
+*/
+
+#ifndef _align_h_
+#define _align_h_
+
+/* on Mac OS-X and possibly others, ALIGN(x) is defined in param.h, and -Werror chokes on the redef. */
+#ifdef ALIGN
+#undef ALIGN
+#endif
+
+#if defined(__GNUC__)
+#define ALIGN(x) __attribute__ ((aligned(x)))
+#elif defined(_MSC_VER)
+#define ALIGN(x) __declspec(align(x))
+#elif defined(__ARMCC_VERSION)
+#define ALIGN(x) __align(x)
+#else
+#define ALIGN(x)
+#endif
+
+#endif

data/ext/sha3/{brg_endian.h → lib/common/brg_endian.h}

@@ -114,13 +114,14 @@
       defined( __VMS )     || defined( _M_X64 )
 #  define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
 
-#elif defined( AMIGA )   || defined( applec )    || defined( __AS400__ )  || \
-      defined( _CRAY )   || defined( __hppa )    || defined( __hp9000 )   || \
-      defined( ibm370 )  || defined( mc68000 )   || defined( m68k )       || \
-      defined( __MRC__ ) || defined( __MVS__ )   || defined( __MWERKS__ ) || \
-      defined( sparc )   || defined( __sparc)    || defined( SYMANTEC_C ) || \
-      defined( __VOS__ ) || defined( __TIGCC__ ) || defined( __TANDEM )   || \
-      defined( THINK_C ) || defined( __VMCMS__ ) || defined( _AIX )
+#elif defined( AMIGA )    || defined( applec )    || defined( __AS400__ )  || \
+      defined( _CRAY )    || defined( __hppa )    || defined( __hp9000 )   || \
+      defined( ibm370 )   || defined( mc68000 )   || defined( m68k )       || \
+      defined( __MRC__ )  || defined( __MVS__ )   || defined( __MWERKS__ ) || \
+      defined( sparc )    || defined( __sparc)    || defined( SYMANTEC_C ) || \
+      defined( __VOS__ )  || defined( __TIGCC__ ) || defined( __TANDEM )   || \
+      defined( THINK_C )  || defined( __VMCMS__ ) || defined( _AIX )       || \
+      defined( __s390__ ) || defined( __s390x__ ) || defined( __zarch__ )
 #  define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
 
 #elif defined(__arm__)

data/ext/sha3/{KeccakHash.c → lib/high/Keccak/FIPS202/KeccakHash.c}

@@ -1,12 +1,13 @@
 /*
-Implementation by the Keccak, Keyak and Ketje Teams, namely, Guido Bertoni,
-Joan Daemen, Michaël Peeters, Gilles Van Assche and Ronny Van Keer, hereby
-denoted as "the implementer".
+The eXtended Keccak Code Package (XKCP)
+https://github.com/XKCP/XKCP
 
-For more information, feedback or questions, please refer to our websites:
-http://keccak.noekeon.org/
-http://keyak.noekeon.org/
-http://ketje.noekeon.org/
+Keccak, designed by Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche.
+
+Implementation by the designers, hereby denoted as "the implementer".
+
+For more information, feedback or questions, please refer to the Keccak Team website:
+https://keccak.team/
 
 To the extent possible under law, the implementer has waived all copyright
 and related or neighboring rights to the source code in this file.
@@ -23,35 +24,35 @@ HashReturn Keccak_HashInitialize(Keccak_HashInstance *instance, unsigned int rat
     HashReturn result;
 
     if (delimitedSuffix == 0)
-        return FAIL;
-    result = (HashReturn)Keccak_SpongeInitialize(&instance->sponge, rate, capacity);
-    if (result != SUCCESS)
+        return KECCAK_FAIL;
+    result = (HashReturn)KeccakWidth1600_SpongeInitialize(&instance->sponge, rate, capacity);
+    if (result != KECCAK_SUCCESS)
         return result;
     instance->fixedOutputLength = hashbitlen;
     instance->delimitedSuffix = delimitedSuffix;
-    return SUCCESS;
+    return KECCAK_SUCCESS;
 }
 
 /* ---------------------------------------------------------------- */
 
-HashReturn Keccak_HashUpdate(Keccak_HashInstance *instance, const BitSequence *data, DataLength databitlen)
+HashReturn Keccak_HashUpdate(Keccak_HashInstance *instance, const BitSequence *data, BitLength databitlen)
 {
     if ((databitlen % 8) == 0)
-        return (HashReturn)Keccak_SpongeAbsorb(&instance->sponge, data, databitlen/8);
+        return (HashReturn)KeccakWidth1600_SpongeAbsorb(&instance->sponge, data, databitlen/8);
     else {
-        HashReturn ret = (HashReturn)Keccak_SpongeAbsorb(&instance->sponge, data, databitlen/8);
-        if (ret == SUCCESS) {
-            // The last partial byte is assumed to be aligned on the least significant bits
+        HashReturn ret = (HashReturn)KeccakWidth1600_SpongeAbsorb(&instance->sponge, data, databitlen/8);
+        if (ret == KECCAK_SUCCESS) {
+            /* The last partial byte is assumed to be aligned on the least significant bits */
             unsigned char lastByte = data[databitlen/8];
-            // Concatenate the last few bits provided here with those of the suffix
-            unsigned short delimitedLastBytes = (unsigned short)lastByte | ((unsigned short)instance->delimitedSuffix << (databitlen % 8));
+            /* Concatenate the last few bits provided here with those of the suffix */
+            unsigned short delimitedLastBytes = (unsigned short)((unsigned short)(lastByte & ((1 << (databitlen % 8)) - 1)) | ((unsigned short)instance->delimitedSuffix << (databitlen % 8)));
             if ((delimitedLastBytes & 0xFF00) == 0x0000) {
                 instance->delimitedSuffix = delimitedLastBytes & 0xFF;
             }
             else {
                 unsigned char oneByte[1];
                 oneByte[0] = delimitedLastBytes & 0xFF;
-                ret = (HashReturn)Keccak_SpongeAbsorb(&instance->sponge, oneByte, 1);
+                ret = (HashReturn)KeccakWidth1600_SpongeAbsorb(&instance->sponge, oneByte, 1);
                 instance->delimitedSuffix = (delimitedLastBytes >> 8) & 0xFF;
             }
         }
@@ -63,18 +64,18 @@ HashReturn Keccak_HashUpdate(Keccak_HashInstance *instance, const BitSequence *d
 
 HashReturn Keccak_HashFinal(Keccak_HashInstance *instance, BitSequence *hashval)
 {
-    HashReturn ret = (HashReturn)Keccak_SpongeAbsorbLastFewBits(&instance->sponge, instance->delimitedSuffix);
-    if (ret == SUCCESS)
-        return (HashReturn)Keccak_SpongeSqueeze(&instance->sponge, hashval, instance->fixedOutputLength/8);
+    HashReturn ret = (HashReturn)KeccakWidth1600_SpongeAbsorbLastFewBits(&instance->sponge, instance->delimitedSuffix);
+    if (ret == KECCAK_SUCCESS)
+        return (HashReturn)KeccakWidth1600_SpongeSqueeze(&instance->sponge, hashval, instance->fixedOutputLength/8);
     else
         return ret;
 }
 
 /* ---------------------------------------------------------------- */
 
-HashReturn Keccak_HashSqueeze(Keccak_HashInstance *instance, BitSequence *data, DataLength databitlen)
+HashReturn Keccak_HashSqueeze(Keccak_HashInstance *instance, BitSequence *data, BitLength databitlen)
 {
     if ((databitlen % 8) != 0)
-        return FAIL;
-    return (HashReturn)Keccak_SpongeSqueeze(&instance->sponge, data, databitlen/8);
+        return KECCAK_FAIL;
+    return (HashReturn)KeccakWidth1600_SpongeSqueeze(&instance->sponge, data, databitlen/8);
 }

data/ext/sha3/{KeccakHash.h → lib/high/Keccak/FIPS202/KeccakHash.h}

@@ -1,12 +1,13 @@
 /*
-Implementation by the Keccak, Keyak and Ketje Teams, namely, Guido Bertoni,
-Joan Daemen, Michaël Peeters, Gilles Van Assche and Ronny Van Keer, hereby
-denoted as "the implementer".
+The eXtended Keccak Code Package (XKCP)
+https://github.com/XKCP/XKCP
 
-For more information, feedback or questions, please refer to our websites:
-http://keccak.noekeon.org/
-http://keyak.noekeon.org/
-http://ketje.noekeon.org/
+Keccak, designed by Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche.
+
+Implementation by the designers, hereby denoted as "the implementer".
+
+For more information, feedback or questions, please refer to the Keccak Team website:
+https://keccak.team/
 
 To the extent possible under law, the implementer has waived all copyright
 and related or neighboring rights to the source code in this file.
@@ -16,15 +17,24 @@ http://creativecommons.org/publicdomain/zero/1.0/
 #ifndef _KeccakHashInterface_h_
 #define _KeccakHashInterface_h_
 
-#include "KeccakSponge.h"
+#include "config.h"
+#ifdef XKCP_has_KeccakP1600
+
+#include <stdint.h>
 #include <string.h>
+#include "KeccakSponge.h"
 
-typedef unsigned char BitSequence;
-typedef size_t DataLength;
-typedef enum { SUCCESS = 0, FAIL = 1, BAD_HASHLEN = 2 } HashReturn;
+#ifndef _Keccak_BitTypes_
+#define _Keccak_BitTypes_
+typedef uint8_t BitSequence;
+
+typedef size_t BitLength;
+#endif
+
+typedef enum { KECCAK_SUCCESS = 0, KECCAK_FAIL = 1, KECCAK_BAD_HASHLEN = 2 } HashReturn;
 
 typedef struct {
-    Keccak_SpongeInstance sponge;
+    KeccakWidth1600_SpongeInstance sponge;
     unsigned int fixedOutputLength;
     unsigned char delimitedSuffix;
 } Keccak_HashInstance;
@@ -42,7 +52,7 @@ typedef struct {
   *                         formatted like the @a delimitedData parameter of
   *                         the Keccak_SpongeAbsorbLastFewBits() function.
   * @pre    One must have r+c=1600 and the rate a multiple of 8 bits in this implementation.
-  * @return SUCCESS if successful, FAIL otherwise.
+  * @return KECCAK_SUCCESS if successful, KECCAK_FAIL otherwise.
   */
 HashReturn Keccak_HashInitialize(Keccak_HashInstance *hashInstance, unsigned int rate, unsigned int capacity, unsigned int hashbitlen, unsigned char delimitedSuffix);
 
@@ -76,11 +86,13 @@ HashReturn Keccak_HashInitialize(Keccak_HashInstance *hashInstance, unsigned int
   * @param  data        Pointer to the input data.
   *                     When @a databitLen is not a multiple of 8, the last bits of data must be
   *                     in the least significant bits of the last byte (little-endian convention).
+  *                     In this case, the (8 - @a databitLen mod 8) most significant bits
+  *                     of the last byte are ignored.
   * @param  databitLen  The number of input bits provided in the input data.
   * @pre    In the previous call to Keccak_HashUpdate(), databitlen was a multiple of 8.
-  * @return SUCCESS if successful, FAIL otherwise.
+  * @return KECCAK_SUCCESS if successful, KECCAK_FAIL otherwise.
   */
-HashReturn Keccak_HashUpdate(Keccak_HashInstance *hashInstance, const BitSequence *data, DataLength databitlen);
+HashReturn Keccak_HashUpdate(Keccak_HashInstance *hashInstance, const BitSequence *data, BitLength databitlen);
 
 /**
   * Function to call after all input blocks have been input and to get
@@ -90,9 +102,8 @@ HashReturn Keccak_HashUpdate(Keccak_HashInstance *hashInstance, const BitSequenc
   *     output bits is equal to @a hashbitlen.
   * If @a hashbitlen was 0 in the call to Keccak_HashInitialize(), the output bits
   *     must be extracted using the Keccak_HashSqueeze() function.
-  * @param  state       Pointer to the state of the sponge function initialized by Init().
   * @param  hashval     Pointer to the buffer where to store the output data.
-  * @return SUCCESS if successful, FAIL otherwise.
+  * @return KECCAK_SUCCESS if successful, KECCAK_FAIL otherwise.
   */
 HashReturn Keccak_HashFinal(Keccak_HashInstance *hashInstance, BitSequence *hashval);
 
@@ -103,8 +114,12 @@ HashReturn Keccak_HashFinal(Keccak_HashInstance *hashInstance, BitSequence *hash
   * @param  databitlen  The number of output bits desired (must be a multiple of 8).
   * @pre    Keccak_HashFinal() must have been already called.
   * @pre    @a databitlen is a multiple of 8.
-  * @return SUCCESS if successful, FAIL otherwise.
+  * @return KECCAK_SUCCESS if successful, KECCAK_FAIL otherwise.
   */
-HashReturn Keccak_HashSqueeze(Keccak_HashInstance *hashInstance, BitSequence *data, DataLength databitlen);
+HashReturn Keccak_HashSqueeze(Keccak_HashInstance *hashInstance, BitSequence *data, BitLength databitlen);
+
+#else
+#error This requires an implementation of Keccak-p[1600]
+#endif
 
 #endif