sha3 1.0.4 → 1.0.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ae66a849bd5438b3b6d3fa4f5d33505a75e6f64556bfacc21d0efcf03a7d41d8
-  data.tar.gz: dea6beac49eeaeb12829af4e87b36dfc19ac1b66bb7872a7c6884441a70cf814
+  metadata.gz: 16edba407e859ee7afacc8a405666ec66cab0052cd7788e79089bd3f0d295844
+  data.tar.gz: 5552886038bbec790d086599cbbe6ad09a0c3561b58a9a2dfff2b9c9834b7154
 SHA512:
-  metadata.gz: d374e5f716056d6d888d862f97bc07d433c74f4d721d2342cc09f7865571e47eec50f7b1ecd9b284aedb1c908393b0da249e0c474f5792e215097263928d9195
-  data.tar.gz: 6ea6442adf3c90ca8849576f8539835630d968a032b385447a9c95e2f4be97861910f510ba528dbe398990c2eb71fac6b3966816807571855b855afa8c6af15b
+  metadata.gz: a8e36ae984df177684d4b1a70689a80824e9d9ee70fd07812eaa50c8f0cd90a90f292dca435764842b737fb268084d09fa5f47450bdc9cf93316253c70484945
+  data.tar.gz: a643ded4e2f9828d732f428eba1757c6cc383797f32b52ba7427dae8234ac9bc0e158712ccf64d7be77f2538b80904efaf26a0e455ce9515f9a76679929054c0

data/README.md

@@ -2,13 +2,14 @@
 
 [![Gem Version](https://badge.fury.io/rb/sha3.svg)](https://badge.fury.io/rb/sha3) [![Ruby](https://github.com/johanns/sha3/actions/workflows/main.yml/badge.svg)](https://github.com/johanns/sha3/actions/workflows/main.yml)
 
-**SHA3 for Ruby** is a native (C) binding to SHA3 (Keccak FIPS 202) cryptographic hashing algorithm.
+**SHA3 for Ruby** is a XKCP based native (C) binding to SHA3 (FIPS 202) cryptographic hashing algorithm.
 
 - [Home](https://github.com/johanns/sha3#readme)
 - [Issues](https://github.com/johanns/sha3/issues)
 - [Documentation](http://rubydoc.info/gems/sha3/frames)
+- [XKCP - eXtended Keccak Code Package](https://github.com/XKCP/XKCP)
 
-## Warnings
+## Warning
 
 - Please do NOT use SHA3 to hash passwords -- use a slow hashing function instead (e.g.: `pbkdf2`, `argon2`, `bcrypt` or `scrypt`)
 - Version 1.0 introduces new API and is incompatible with previous versions (0.x).
@@ -92,9 +93,9 @@ s = SHA3::Digest.file("tests.sh")
 # => #<SHA3::Digest: a9801db49389339...>
 ```
 
-## Development
+### Development Dependencies
 
-* Native build tools (e.g., GCC, Minigw, etc.)
+* Native build tools (e.g., Clang/LLVM, GCC, Minigw, etc.)
 * Gems: rubygems-tasks, rake, rspec, yard
 
 ### Testing
@@ -109,9 +110,11 @@ Only a small subset of test vectors are included in the source repository; howev
 
 Supported Ruby versions:
 
-  - MRI Ruby 2.4 - 3.1
+  - MRI Ruby 2.6 - 3.1
 
+## Credits
 
+XKCP by Keccak team: [https://keccak.team/index.html]()
 
 ## Copyright
 

data/certs/johanns.pem

@@ -1,24 +1,25 @@
 -----BEGIN CERTIFICATE-----
-MIIEFDCCAnygAwIBAgIBATANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDDA9pby9E
-Qz1qc2cvREM9aW8wHhcNMjIwMzA5MDcyODEwWhcNMjMwMzA5MDcyODEwWjAaMRgw
-FgYDVQQDDA9pby9EQz1qc2cvREM9aW8wggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAw
-ggGKAoIBgQCuPwkDs4uoBV6pQhKp3uA58LkDPRR7VoI4QryuH7PbIwuO3xbuyR6T
-xEqwcb9GgVnMxiFyXeVkWiriuGXqZ26Pp5zH/xxQNgPGCIyXuXeJMpASkWjJ9J6h
-+jOdaG5jdL6zRcw/5XaJSQTLGO32BNOIezUZCF9JtMoEBQYHRWFjoD5BryjYnU3f
-SstXg9nD8KOyk5Vzqk/wvJs5X+b2jcZL0KmSP1UgaCakfTCKf8LA9I5zAbvv2M9n
-F0JQfKw4AUlmykzmOMEsITVxtM8lIVxm99KAS+lFn19xEjOs7nr3GktyLJxav8qI
-3yXW/q5wUbOFrj/e1tk6r/W3bM6TQzGFBsBJgXEoFFZ+OQdEW8PXU0H5CIg59SxB
-lXwSC1rKlxSeGNcKDXeIN1AU3pqv/PJj2SKg2+uQ9Staya0Mtek/caPDVfIy8AgH
-ulTeTVN7m5SdVjVBl3rIehH/j0R/JF7ygsMkJEQAxrwPxqmazXkPAGLNNIqppaxi
-VyHhxSnGefUCAwEAAaNlMGMwCQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0O
-BBYEFBZFuuJYra4ctzMvtfzlTq3pW4idMBQGA1UdEQQNMAuBCWlvQGpzZy5pbzAU
-BgNVHRIEDTALgQlpb0Bqc2cuaW8wDQYJKoZIhvcNAQELBQADggGBAF2jXh+4LzPg
-Mj8gTCVTxj4/OhQ303cS5gasgh+R9Zxcf1cfTXOxEeIXdrqJiMhILWVWgCYZxagL
-B5pU6MOyIOi4XAm5RMO3mIyTrY05Q/JbQ5j2ccuIOlL+XvhjAYKZmt9BkJLKfLEp
-hagXHZe40Hd3qwkgJ3ug3T28gkBWaTq8FSbTOfCVX9uNjQrukAP/VrfnKZiNnpJ7
-FOtEKDk3l9JWCyX8LQwfljPmQhvFHYnMRyt0l2b0I5li6MWUE4JmrbtK8/Fyo0I0
-PChRryVpy0HnKvqoKQyqeMspLbbKCsO1PRS5VFZ/ybrPy63paFPdikeKMZIH3oJQ
-wePRJFEp3gdQZcSjfkzC38QFh9JuKFJFMC4Y3e5uVeeydEGGUekH1s/B5/EuBCRi
-vaoldWA6C6e/X/XQsMNdC04+d7IdgNRf8NkN/atZdJLcFVcaXGS9MncPZnwBC2GD
-GBMFs3s6mx0HRpclYTMXK71jLsfqtM2SriIbx1VqiuUMUtddNrGcOw==
+MIIETDCCArSgAwIBAgIBATANBgkqhkiG9w0BAQsFADA2MQswCQYDVQQDDAJpbzET
+MBEGCgmSJomT8ixkARkWA2pzZzESMBAGCgmSJomT8ixkARkWAmlvMB4XDTIyMTAy
+NDA2MzcxMVoXDTIzMTAyNDA2MzcxMVowNjELMAkGA1UEAwwCaW8xEzARBgoJkiaJ
+k/IsZAEZFgNqc2cxEjAQBgoJkiaJk/IsZAEZFgJpbzCCAaIwDQYJKoZIhvcNAQEB
+BQADggGPADCCAYoCggGBALQTl5BGmtYGvljWwOTxe2Uul7RoBcSOwFUh03qUvHJf
+1LmWr6y1j97ogl/VffBXpbtTU4adZa+qTxfMs7GpfKDjikSIieZ7SrMNB68zCH0e
+undHx+bMutN7919rviHfGyaXlQK4SsuWUl4AOlgT69VPQp6dOBYY9T78jbr/ZcG6
++mDlRpNfPVg5i67euvpR5dO9SpO1HNoHmzx5L4wYNr9QykIft1oA+Ne+SAF66ykn
+agugF/R0Q7s+5Bpt3gr6SF2CvKsNJ2IS5TJO9unhLZ+h8FO7dcQw1EuJ31uHQKiD
+rWUv2tnKCvLkHg0S69VeQtQv58dklJ3iFJcSen4VRtC7r5JMEd1VrdpXU4JQ54gY
+tWrqWmazF9SOErbgvDlJgmlkMMkX6aoZ21/f1s6Z2myzP3KkRBjCf51BrgHTXTJD
+28ANp21H0o0HhrpVFJVDjToXRLczsw0O9lnL+khzkeZoc+YTZuvJDLKokavXhb4a
+vESgRttXjyN5jBKY7yFhKQIDAQABo2UwYzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIE
+sDAdBgNVHQ4EFgQUKmyX3Q2uwTPM9S5+K/5kg7qe3ugwFAYDVR0RBA0wC4EJaW9A
+anNnLmlvMBQGA1UdEgQNMAuBCWlvQGpzZy5pbzANBgkqhkiG9w0BAQsFAAOCAYEA
+TexWHx3uLVObT+ylm3OE8Iue3cHdrDVE3zSjo8VlU3u1WBznH9MdoiPB7wux61Zx
+jXUzBUaT7y7JnDaVGnECkpHXhfvPOYHBgkqEws6i79lAk/Va2U7EVPj0moM9d4Hv
+12V8YVM1Z9QnfwBVo7YGb5o7W8lr01jj1gT+Qcw+kln7M3Y9RB+jQ4DwySHVIEMc
+Ow7//MF7bhCz6T5uAOXlGe88wTHKW+fO1AmW5MIQZUojR5Ioxm80v2YdW/JnQZ1l
+3VFpCutilnhDuzSw3DhgxReX7AK42aXFFclIzi11twW4KUPdt1KIvaoL/DgbZivl
+PVG86dx4gfax2Mc2PiM+d1DiSllh+chh4dqRkIyhj0S4V7McQHkwW1ZBJ3kDf5rt
+1O/udKquzj7egb6uceqzBB40W/1/CsNkGNpNZ8Bk8lrTmKw+3bJpj+nKWxovmF2p
+VhzZDQf2jkcjBXKNA9Z5ku7g0TCR1/Y1V3ODgkTLqhw+kQZmlbQEVzcwxGk9eL8z
 -----END CERTIFICATE-----

data/ext/sha3/config.h

@@ -0,0 +1,26 @@
+/* File generated by ToTargetConfigFile.xsl */
+
+#define XKCP_has_Sponge_Keccak
+#define XKCP_has_FIPS202
+#define XKCP_has_KeccakP1600
+
+// #define XKCP_has_SP800_185
+// #define XKCP_has_Duplex_Keccak
+// #define XKCP_has_PRG_Keccak
+// #define XKCP_has_Ketje
+// #define XKCP_has_Keyak
+// #define XKCP_has_KangarooTwelve
+// #define XKCP_has_Kravatte
+// #define XKCP_has_Xoofff
+// #define XKCP_has_Xoodyak
+// #define XKCP_has_KeccakP200
+// #define XKCP_has_KeccakP400
+// #define XKCP_has_KeccakP800
+// #define XKCP_has_KeccakP1600
+// #define XKCP_has_KeccakP1600times2
+// #define XKCP_has_KeccakP1600times4
+// #define XKCP_has_KeccakP1600times8
+// #define XKCP_has_Xoodoo
+// #define XKCP_has_Xoodootimes4
+// #define XKCP_has_Xoodootimes8
+// #define XKCP_has_Xoodootimes16

data/ext/sha3/digest.c

@@ -64,7 +64,7 @@ static VALUE c_digest_update(VALUE, VALUE);
 
 HashReturn c_keccak_hash_initialize(MDX *mdx)
 {
-    HashReturn r = FAIL;
+    HashReturn r = KECCAK_FAIL;
 
     switch (mdx->hashbitlen)
     {
@@ -103,7 +103,7 @@ static VALUE c_digest_init(int argc, VALUE *argv, VALUE self)
         mdx->hashbitlen = 256;
     }
 
-    if (c_keccak_hash_initialize(mdx) != SUCCESS)
+    if (c_keccak_hash_initialize(mdx) != KECCAK_SUCCESS)
     {
         rb_raise(eSHA3DigestError, "failed to initialize algorithm state");
     }
@@ -120,14 +120,14 @@ static VALUE c_digest_init(int argc, VALUE *argv, VALUE self)
 static VALUE c_digest_update(VALUE self, VALUE data)
 {
     MDX *mdx;
-    DataLength dlen;
+    BitLength dlen;
 
     StringValue(data);
     GETMDX(self, mdx);
 
     dlen = (RSTRING_LEN(data) * 8);
 
-    if (Keccak_HashUpdate(mdx->state, (BitSequence *)RSTRING_PTR(data), dlen) != SUCCESS)
+    if (Keccak_HashUpdate(mdx->state, (BitSequence *)RSTRING_PTR(data), dlen) != KECCAK_SUCCESS)
     {
         rb_raise(eSHA3DigestError, "failed to update hash data");
     }
@@ -144,7 +144,7 @@ static VALUE c_digest_reset(VALUE self)
 
     memset(mdx->state, 0, sizeof(Keccak_HashInstance));
 
-    if (c_keccak_hash_initialize(mdx) != SUCCESS)
+    if (c_keccak_hash_initialize(mdx) != KECCAK_SUCCESS)
     {
         rb_raise(eSHA3DigestError, "failed to reset internal state");
     }
@@ -236,7 +236,7 @@ static VALUE c_digest_finish(int argc, VALUE *argv, VALUE self)
         rb_str_resize(str, mdx->hashbitlen / 8);
     }
 
-    if (Keccak_HashFinal(mdx->state, (BitSequence *)RSTRING_PTR(str)) != SUCCESS)
+    if (Keccak_HashFinal(mdx->state, (BitSequence *)RSTRING_PTR(str)) != KECCAK_SUCCESS)
     {
         rb_raise(eSHA3DigestError, "failed to finalize digest");
     }

data/ext/sha3/extconf.rb

@@ -1,20 +1,50 @@
+# frozen_string_literal: true
+
 require 'mkmf'
 require 'rbconfig'
 
-target_cpu = RbConfig::CONFIG['target_cpu']
+# Maintaining XKCP lib directory structure to hopefully simplify 
+# future upgrades.
+
+keccak_base_files = [
+  'lib/high/Keccak/KeccakSponge.c',
+  'lib/high/Keccak/FIPS202/KeccakHash.c'
+]
+
+if 1.size == 8
+  Logging.message "=== Using 64-bit reference ===\n"
 
-if 1.size == 8 and target_cpu =~ /i686|x86_64/
-  Logging.message "=== Using optimized (64-bit) ===\n"
-  FileUtils.cp Dir["#{$srcdir}/Optimized64/*"].collect { |f| File.expand_path(f) }, "#{$srcdir}/"
+  keccak_base_files << 'lib/low/KeccakP-1600/ref-64bits/KeccakP-1600-reference.c'
 else
-  Logging.message "=== Using reference ===\n"
-  FileUtils.cp Dir["#{$srcdir}/Reference/*"].collect { |f| File.expand_path(f) }, "#{$srcdir}/"
+  Logging.message "=== Using 32-bit reference ===\n"
+
+  keccak_base_files << 'lib/low/KeccakP-1600/ref-32bits/KeccakP-1600-reference32BI.c'
 end
 
+FileUtils.cp keccak_base_files.map { |f| "#{$srcdir}/#{f}" }, $srcdir
+
+extension_name = 'sha3_n'
+dir_config(extension_name)
+
+$INCFLAGS << [
+  ' -I$(src) ',
+  ' -I$(srcdir)lib/ ',
+  ' -I$(srcdir)/lib/common ',
+  ' -I$(srcdir)/lib/high/Keccak ',
+  ' -I$(srcdir)/lib/high/Keccak/FIPS202 ',
+  ' -I$(srcdir)/lib/low/KeccakP-1600/common ',
+  ' -I$(srcdir)/lib/low/KeccakP-1600/ref-32bits ',
+  ' -I$(srcdir)/lib/low/KeccakP-1600/ref-64bits '
+].join
+
+$CFLAGS << ' -fomit-frame-pointer -O3 -g0 -fms-extensions '
+$CFLAGS << ' -march=native ' if enable_config('march-tune-native', false)
+
 find_header('sha3.h')
 find_header('digest.h')
+find_header('align.h')
+find_header('brg_endian.h')
+find_header('KeccakSponge.h')
+find_header('KeccakHash.h')
 
-$CFLAGS += ' -fomit-frame-pointer -O3 -g0 -fms-extensions '
-$CFLAGS += ' -march=native ' if enable_config('march-tune-native', false)
-
-create_makefile 'sha3_n'
+create_makefile extension_name

data/ext/sha3/lib/common/align.h

@@ -0,0 +1,33 @@
+/*
+The eXtended Keccak Code Package (XKCP)
+https://github.com/XKCP/XKCP
+
+Implementation by Gilles Van Assche and Ronny Van Keer, hereby denoted as "the implementer".
+
+For more information, feedback or questions, please refer to the Keccak Team website:
+https://keccak.team/
+
+To the extent possible under law, the implementer has waived all copyright
+and related or neighboring rights to the source code in this file.
+http://creativecommons.org/publicdomain/zero/1.0/
+*/
+
+#ifndef _align_h_
+#define _align_h_
+
+/* on Mac OS-X and possibly others, ALIGN(x) is defined in param.h, and -Werror chokes on the redef. */
+#ifdef ALIGN
+#undef ALIGN
+#endif
+
+#if defined(__GNUC__)
+#define ALIGN(x) __attribute__ ((aligned(x)))
+#elif defined(_MSC_VER)
+#define ALIGN(x) __declspec(align(x))
+#elif defined(__ARMCC_VERSION)
+#define ALIGN(x) __align(x)
+#else
+#define ALIGN(x)
+#endif
+
+#endif

data/ext/sha3/{brg_endian.h → lib/common/brg_endian.h}

@@ -114,13 +114,14 @@
       defined( __VMS )     || defined( _M_X64 )
 #  define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
 
-#elif defined( AMIGA )   || defined( applec )    || defined( __AS400__ )  || \
-      defined( _CRAY )   || defined( __hppa )    || defined( __hp9000 )   || \
-      defined( ibm370 )  || defined( mc68000 )   || defined( m68k )       || \
-      defined( __MRC__ ) || defined( __MVS__ )   || defined( __MWERKS__ ) || \
-      defined( sparc )   || defined( __sparc)    || defined( SYMANTEC_C ) || \
-      defined( __VOS__ ) || defined( __TIGCC__ ) || defined( __TANDEM )   || \
-      defined( THINK_C ) || defined( __VMCMS__ ) || defined( _AIX )
+#elif defined( AMIGA )    || defined( applec )    || defined( __AS400__ )  || \
+      defined( _CRAY )    || defined( __hppa )    || defined( __hp9000 )   || \
+      defined( ibm370 )   || defined( mc68000 )   || defined( m68k )       || \
+      defined( __MRC__ )  || defined( __MVS__ )   || defined( __MWERKS__ ) || \
+      defined( sparc )    || defined( __sparc)    || defined( SYMANTEC_C ) || \
+      defined( __VOS__ )  || defined( __TIGCC__ ) || defined( __TANDEM )   || \
+      defined( THINK_C )  || defined( __VMCMS__ ) || defined( _AIX )       || \
+      defined( __s390__ ) || defined( __s390x__ ) || defined( __zarch__ )
 #  define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
 
 #elif defined(__arm__)

data/ext/sha3/{KeccakHash.c → lib/high/Keccak/FIPS202/KeccakHash.c}

@@ -1,12 +1,13 @@
 /*
-Implementation by the Keccak, Keyak and Ketje Teams, namely, Guido Bertoni,
-Joan Daemen, Michaël Peeters, Gilles Van Assche and Ronny Van Keer, hereby
-denoted as "the implementer".
+The eXtended Keccak Code Package (XKCP)
+https://github.com/XKCP/XKCP
 
-For more information, feedback or questions, please refer to our websites:
-http://keccak.noekeon.org/
-http://keyak.noekeon.org/
-http://ketje.noekeon.org/
+Keccak, designed by Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche.
+
+Implementation by the designers, hereby denoted as "the implementer".
+
+For more information, feedback or questions, please refer to the Keccak Team website:
+https://keccak.team/
 
 To the extent possible under law, the implementer has waived all copyright
 and related or neighboring rights to the source code in this file.
@@ -23,35 +24,35 @@ HashReturn Keccak_HashInitialize(Keccak_HashInstance *instance, unsigned int rat
     HashReturn result;
 
     if (delimitedSuffix == 0)
-        return FAIL;
-    result = (HashReturn)Keccak_SpongeInitialize(&instance->sponge, rate, capacity);
-    if (result != SUCCESS)
+        return KECCAK_FAIL;
+    result = (HashReturn)KeccakWidth1600_SpongeInitialize(&instance->sponge, rate, capacity);
+    if (result != KECCAK_SUCCESS)
         return result;
     instance->fixedOutputLength = hashbitlen;
     instance->delimitedSuffix = delimitedSuffix;
-    return SUCCESS;
+    return KECCAK_SUCCESS;
 }
 
 /* ---------------------------------------------------------------- */
 
-HashReturn Keccak_HashUpdate(Keccak_HashInstance *instance, const BitSequence *data, DataLength databitlen)
+HashReturn Keccak_HashUpdate(Keccak_HashInstance *instance, const BitSequence *data, BitLength databitlen)
 {
     if ((databitlen % 8) == 0)
-        return (HashReturn)Keccak_SpongeAbsorb(&instance->sponge, data, databitlen/8);
+        return (HashReturn)KeccakWidth1600_SpongeAbsorb(&instance->sponge, data, databitlen/8);
     else {
-        HashReturn ret = (HashReturn)Keccak_SpongeAbsorb(&instance->sponge, data, databitlen/8);
-        if (ret == SUCCESS) {
-            // The last partial byte is assumed to be aligned on the least significant bits
+        HashReturn ret = (HashReturn)KeccakWidth1600_SpongeAbsorb(&instance->sponge, data, databitlen/8);
+        if (ret == KECCAK_SUCCESS) {
+            /* The last partial byte is assumed to be aligned on the least significant bits */
             unsigned char lastByte = data[databitlen/8];
-            // Concatenate the last few bits provided here with those of the suffix
-            unsigned short delimitedLastBytes = (unsigned short)lastByte | ((unsigned short)instance->delimitedSuffix << (databitlen % 8));
+            /* Concatenate the last few bits provided here with those of the suffix */
+            unsigned short delimitedLastBytes = (unsigned short)((unsigned short)(lastByte & ((1 << (databitlen % 8)) - 1)) | ((unsigned short)instance->delimitedSuffix << (databitlen % 8)));
             if ((delimitedLastBytes & 0xFF00) == 0x0000) {
                 instance->delimitedSuffix = delimitedLastBytes & 0xFF;
             }
             else {
                 unsigned char oneByte[1];
                 oneByte[0] = delimitedLastBytes & 0xFF;
-                ret = (HashReturn)Keccak_SpongeAbsorb(&instance->sponge, oneByte, 1);
+                ret = (HashReturn)KeccakWidth1600_SpongeAbsorb(&instance->sponge, oneByte, 1);
                 instance->delimitedSuffix = (delimitedLastBytes >> 8) & 0xFF;
             }
         }
@@ -63,18 +64,18 @@ HashReturn Keccak_HashUpdate(Keccak_HashInstance *instance, const BitSequence *d
 
 HashReturn Keccak_HashFinal(Keccak_HashInstance *instance, BitSequence *hashval)
 {
-    HashReturn ret = (HashReturn)Keccak_SpongeAbsorbLastFewBits(&instance->sponge, instance->delimitedSuffix);
-    if (ret == SUCCESS)
-        return (HashReturn)Keccak_SpongeSqueeze(&instance->sponge, hashval, instance->fixedOutputLength/8);
+    HashReturn ret = (HashReturn)KeccakWidth1600_SpongeAbsorbLastFewBits(&instance->sponge, instance->delimitedSuffix);
+    if (ret == KECCAK_SUCCESS)
+        return (HashReturn)KeccakWidth1600_SpongeSqueeze(&instance->sponge, hashval, instance->fixedOutputLength/8);
     else
         return ret;
 }
 
 /* ---------------------------------------------------------------- */
 
-HashReturn Keccak_HashSqueeze(Keccak_HashInstance *instance, BitSequence *data, DataLength databitlen)
+HashReturn Keccak_HashSqueeze(Keccak_HashInstance *instance, BitSequence *data, BitLength databitlen)
 {
     if ((databitlen % 8) != 0)
-        return FAIL;
-    return (HashReturn)Keccak_SpongeSqueeze(&instance->sponge, data, databitlen/8);
+        return KECCAK_FAIL;
+    return (HashReturn)KeccakWidth1600_SpongeSqueeze(&instance->sponge, data, databitlen/8);
 }

data/ext/sha3/{KeccakHash.h → lib/high/Keccak/FIPS202/KeccakHash.h}

@@ -1,12 +1,13 @@
 /*
-Implementation by the Keccak, Keyak and Ketje Teams, namely, Guido Bertoni,
-Joan Daemen, Michaël Peeters, Gilles Van Assche and Ronny Van Keer, hereby
-denoted as "the implementer".
+The eXtended Keccak Code Package (XKCP)
+https://github.com/XKCP/XKCP
 
-For more information, feedback or questions, please refer to our websites:
-http://keccak.noekeon.org/
-http://keyak.noekeon.org/
-http://ketje.noekeon.org/
+Keccak, designed by Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche.
+
+Implementation by the designers, hereby denoted as "the implementer".
+
+For more information, feedback or questions, please refer to the Keccak Team website:
+https://keccak.team/
 
 To the extent possible under law, the implementer has waived all copyright
 and related or neighboring rights to the source code in this file.
@@ -16,15 +17,24 @@ http://creativecommons.org/publicdomain/zero/1.0/
 #ifndef _KeccakHashInterface_h_
 #define _KeccakHashInterface_h_
 
-#include "KeccakSponge.h"
+#include "config.h"
+#ifdef XKCP_has_KeccakP1600
+
+#include <stdint.h>
 #include <string.h>
+#include "KeccakSponge.h"
 
-typedef unsigned char BitSequence;
-typedef size_t DataLength;
-typedef enum { SUCCESS = 0, FAIL = 1, BAD_HASHLEN = 2 } HashReturn;
+#ifndef _Keccak_BitTypes_
+#define _Keccak_BitTypes_
+typedef uint8_t BitSequence;
+
+typedef size_t BitLength;
+#endif
+
+typedef enum { KECCAK_SUCCESS = 0, KECCAK_FAIL = 1, KECCAK_BAD_HASHLEN = 2 } HashReturn;
 
 typedef struct {
-    Keccak_SpongeInstance sponge;
+    KeccakWidth1600_SpongeInstance sponge;
     unsigned int fixedOutputLength;
     unsigned char delimitedSuffix;
 } Keccak_HashInstance;
@@ -42,7 +52,7 @@ typedef struct {
   *                         formatted like the @a delimitedData parameter of
   *                         the Keccak_SpongeAbsorbLastFewBits() function.
   * @pre    One must have r+c=1600 and the rate a multiple of 8 bits in this implementation.
-  * @return SUCCESS if successful, FAIL otherwise.
+  * @return KECCAK_SUCCESS if successful, KECCAK_FAIL otherwise.
   */
 HashReturn Keccak_HashInitialize(Keccak_HashInstance *hashInstance, unsigned int rate, unsigned int capacity, unsigned int hashbitlen, unsigned char delimitedSuffix);
 
@@ -76,11 +86,13 @@ HashReturn Keccak_HashInitialize(Keccak_HashInstance *hashInstance, unsigned int
   * @param  data        Pointer to the input data.
   *                     When @a databitLen is not a multiple of 8, the last bits of data must be
   *                     in the least significant bits of the last byte (little-endian convention).
+  *                     In this case, the (8 - @a databitLen mod 8) most significant bits
+  *                     of the last byte are ignored.
   * @param  databitLen  The number of input bits provided in the input data.
   * @pre    In the previous call to Keccak_HashUpdate(), databitlen was a multiple of 8.
-  * @return SUCCESS if successful, FAIL otherwise.
+  * @return KECCAK_SUCCESS if successful, KECCAK_FAIL otherwise.
   */
-HashReturn Keccak_HashUpdate(Keccak_HashInstance *hashInstance, const BitSequence *data, DataLength databitlen);
+HashReturn Keccak_HashUpdate(Keccak_HashInstance *hashInstance, const BitSequence *data, BitLength databitlen);
 
 /**
   * Function to call after all input blocks have been input and to get
@@ -90,9 +102,8 @@ HashReturn Keccak_HashUpdate(Keccak_HashInstance *hashInstance, const BitSequenc
   *     output bits is equal to @a hashbitlen.
   * If @a hashbitlen was 0 in the call to Keccak_HashInitialize(), the output bits
   *     must be extracted using the Keccak_HashSqueeze() function.
-  * @param  state       Pointer to the state of the sponge function initialized by Init().
   * @param  hashval     Pointer to the buffer where to store the output data.
-  * @return SUCCESS if successful, FAIL otherwise.
+  * @return KECCAK_SUCCESS if successful, KECCAK_FAIL otherwise.
   */
 HashReturn Keccak_HashFinal(Keccak_HashInstance *hashInstance, BitSequence *hashval);
 
@@ -103,8 +114,12 @@ HashReturn Keccak_HashFinal(Keccak_HashInstance *hashInstance, BitSequence *hash
   * @param  databitlen  The number of output bits desired (must be a multiple of 8).
   * @pre    Keccak_HashFinal() must have been already called.
   * @pre    @a databitlen is a multiple of 8.
-  * @return SUCCESS if successful, FAIL otherwise.
+  * @return KECCAK_SUCCESS if successful, KECCAK_FAIL otherwise.
   */
-HashReturn Keccak_HashSqueeze(Keccak_HashInstance *hashInstance, BitSequence *data, DataLength databitlen);
+HashReturn Keccak_HashSqueeze(Keccak_HashInstance *hashInstance, BitSequence *data, BitLength databitlen);
+
+#else
+#error This requires an implementation of Keccak-p[1600]
+#endif
 
 #endif

data/ext/sha3/lib/high/Keccak/KeccakSponge.c

@@ -0,0 +1,111 @@
+/*
+The eXtended Keccak Code Package (XKCP)
+https://github.com/XKCP/XKCP
+
+Keccak, designed by Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche.
+
+Implementation by the designers, hereby denoted as "the implementer".
+
+For more information, feedback or questions, please refer to the Keccak Team website:
+https://keccak.team/
+
+To the extent possible under law, the implementer has waived all copyright
+and related or neighboring rights to the source code in this file.
+http://creativecommons.org/publicdomain/zero/1.0/
+*/
+
+#include "KeccakSponge.h"
+
+#ifdef KeccakReference
+    #include "displayIntermediateValues.h"
+#endif
+
+#ifdef XKCP_has_KeccakP200
+    #include "KeccakP-200-SnP.h"
+
+    #define prefix KeccakWidth200
+    #define SnP KeccakP200
+    #define SnP_width 200
+    #define SnP_Permute KeccakP200_Permute_18rounds
+    #if defined(KeccakF200_FastLoop_supported)
+        #define SnP_FastLoop_Absorb KeccakF200_FastLoop_Absorb
+    #endif
+        #include "KeccakSponge.inc"
+    #undef prefix
+    #undef SnP
+    #undef SnP_width
+    #undef SnP_Permute
+    #undef SnP_FastLoop_Absorb
+#endif
+
+#ifdef XKCP_has_KeccakP400
+    #include "KeccakP-400-SnP.h"
+
+    #define prefix KeccakWidth400
+    #define SnP KeccakP400
+    #define SnP_width 400
+    #define SnP_Permute KeccakP400_Permute_20rounds
+    #if defined(KeccakF400_FastLoop_supported)
+        #define SnP_FastLoop_Absorb KeccakF400_FastLoop_Absorb
+    #endif
+        #include "KeccakSponge.inc"
+    #undef prefix
+    #undef SnP
+    #undef SnP_width
+    #undef SnP_Permute
+    #undef SnP_FastLoop_Absorb
+#endif
+
+#ifdef XKCP_has_KeccakP800
+    #include "KeccakP-800-SnP.h"
+
+    #define prefix KeccakWidth800
+    #define SnP KeccakP800
+    #define SnP_width 800
+    #define SnP_Permute KeccakP800_Permute_22rounds
+    #if defined(KeccakF800_FastLoop_supported)
+        #define SnP_FastLoop_Absorb KeccakF800_FastLoop_Absorb
+    #endif
+        #include "KeccakSponge.inc"
+    #undef prefix
+    #undef SnP
+    #undef SnP_width
+    #undef SnP_Permute
+    #undef SnP_FastLoop_Absorb
+#endif
+
+#ifdef XKCP_has_KeccakP1600
+    #include "KeccakP-1600-SnP.h"
+
+    #define prefix KeccakWidth1600
+    #define SnP KeccakP1600
+    #define SnP_width 1600
+    #define SnP_Permute KeccakP1600_Permute_24rounds
+    #if defined(KeccakF1600_FastLoop_supported)
+        #define SnP_FastLoop_Absorb KeccakF1600_FastLoop_Absorb
+    #endif
+        #include "KeccakSponge.inc"
+    #undef prefix
+    #undef SnP
+    #undef SnP_width
+    #undef SnP_Permute
+    #undef SnP_FastLoop_Absorb
+#endif
+
+#ifdef XKCP_has_KeccakP1600
+    #include "KeccakP-1600-SnP.h"
+
+    #define prefix KeccakWidth1600_12rounds
+    #define SnP KeccakP1600
+    #define SnP_width 1600
+    #define SnP_Permute KeccakP1600_Permute_12rounds
+    #if defined(KeccakP1600_12rounds_FastLoop_supported)
+        #define SnP_FastLoop_Absorb KeccakP1600_12rounds_FastLoop_Absorb
+    #endif
+        #include "KeccakSponge.inc"
+    #undef prefix
+    #undef SnP
+    #undef SnP_width
+    #undef SnP_Permute
+    #undef SnP_FastLoop_Absorb
+#endif