sha3 1.0.4 → 2.0.0

data/ext/sha3/digest.h

@@ -1,45 +1,81 @@
-/* Copyright (c) 2012 - 2013 Johanns Gregorian <io+sha3@jsani.com> */
+// Copyright (c) 2012 - 2025 Johanns Gregorian <io+sha3@jsg.io>
 
 #ifndef _DIGEST_H_
 #define _DIGEST_H_
 
+#include <ruby.h>
+#include <ruby/encoding.h>
+#include <string.h>
+
+#include "KeccakHash.h"
+
 #ifdef __cplusplus
-extern "C"
-{
+extern "C" {
 #endif
 
-// From ruby/ext/openssl/ossl_digest.c
-#define GETMDX(obj, mdx)                                                \
-    do                                                                  \
-    {                                                                   \
-        Data_Get_Struct((obj), MDX, (mdx));                             \
-        if (!(mdx))                                                     \
-        {                                                               \
-            rb_raise(rb_eRuntimeError, "Digest data not initialized!"); \
-        }                                                               \
-    } while (0)
-
-#define SAFEGETMDX(obj, mdx)                                              \
-    do                                                                    \
-    {                                                                     \
-        if (!rb_obj_is_kind_of(obj, cSHA3Digest))                         \
-        {                                                                 \
-            rb_raise(rb_eTypeError, "wrong argument (%s)! (expected %s)", \
-                     rb_obj_classname(obj), rb_class2name(cSHA3Digest));  \
-        }                                                                 \
-        GETMDX(obj, mdx);                                                 \
-    } while (0)
-
-    extern VALUE cSHA3Digest;
-    extern VALUE eSHA3DigestError;
-
-    typedef struct
-    {
-        Keccak_HashInstance *state;
-        int hashbitlen;
-    } MDX;
-
-    void Init_sha3_n_digest(void);
+typedef enum { SHA3_224 = 0, SHA3_256, SHA3_384, SHA3_512, SHAKE_128, SHAKE_256 } algorithm_type;
+
+typedef HashReturn (*keccak_init_func)(Keccak_HashInstance*);
+
+typedef struct {
+    Keccak_HashInstance* state;
+    int hashbitlen;
+    algorithm_type algorithm;
+} MDX;
+
+VALUE sha3_module;
+VALUE digest_class;
+VALUE digest_error_class;
+
+/* Static IDs for faster symbol lookup */
+static ID sha3_224_id;
+static ID sha3_256_id;
+static ID sha3_384_id;
+static ID sha3_512_id;
+static ID shake_128_id;
+static ID shake_256_id;
+
+// TypedData functions
+extern const rb_data_type_t mdx_type;
+
+// Static inline functions replacing macros
+static inline void get_mdx(VALUE obj, MDX** mdx) {
+    TypedData_Get_Struct((obj), MDX, &mdx_type, (*mdx));
+    if (!(*mdx)) {
+        rb_raise(rb_eRuntimeError, "Digest data not initialized!");
+    }
+}
+
+static inline void safe_get_mdx(VALUE obj, MDX** mdx) {
+    if (!rb_obj_is_kind_of(obj, digest_class)) {
+        rb_raise(rb_eTypeError, "wrong argument (%s)! (expected %s)", rb_obj_classname(obj),
+                 rb_class2name(digest_class));
+    }
+    get_mdx(obj, mdx);
+}
+
+/* Allocation and initialization */
+static VALUE rb_digest_alloc(VALUE);
+static VALUE rb_digest_init(int, VALUE*, VALUE);
+
+/* Core digest operations */
+static VALUE rb_digest_copy(VALUE, VALUE);
+static VALUE rb_digest_finish(int, VALUE*, VALUE);
+static VALUE rb_digest_reset(VALUE);
+static VALUE rb_digest_update(VALUE, VALUE);
+
+/* Digest properties */
+static VALUE rb_digest_block_length(VALUE);
+static VALUE rb_digest_length(VALUE);
+static VALUE rb_digest_name(VALUE);
+
+/* Output methods */
+static VALUE rb_digest_digest(int, VALUE*, VALUE);
+static VALUE rb_digest_hexdigest(int, VALUE*, VALUE);
+static VALUE rb_digest_hex_squeeze(VALUE, VALUE);
+static VALUE rb_digest_squeeze(VALUE, VALUE);
+static VALUE rb_digest_self_digest(VALUE, VALUE, VALUE);
+static VALUE rb_digest_self_hexdigest(VALUE, VALUE, VALUE);
 
 #ifdef __cplusplus
 }

data/ext/sha3/extconf.rb

@@ -1,20 +1,54 @@
+# frozen_string_literal: true
+
 require 'mkmf'
 require 'rbconfig'
 
-target_cpu = RbConfig::CONFIG['target_cpu']
+b64 = 8.size == 8
+extension_name = 'sha3_digest'
+ref_dir = b64 ? 'ref-64bits' : 'ref-32bits'
+
+dir_config(extension_name)
+
+# Set compiler flags
+$CFLAGS << ' -fomit-frame-pointer -O3 -g0 -fms-extensions'
+
+# Add architecture-specific optimizations if enabled
+$CFLAGS << ' -march=native' if enable_config('march-tune-native', false)
+
+# Add security hardening flags
+$CFLAGS << ' -D_FORTIFY_SOURCE=2 -fstack-protector-strong'
+
+# Add warning flags to catch potential issues
+$CFLAGS << ' -Wall -Wextra -Wformat -Wformat-security'
+
+# Add vectorization flags for better performance on supported platforms
+$CFLAGS << ' -ftree-vectorize' if RUBY_PLATFORM =~ /x86_64|amd64|arm64/
+
+# Find all relevant subdirectories and filter appropriately
+vpath_dirs = Dir.glob("#{$srcdir}/lib/**/*")
+                .select { |path| File.directory?(path) }
+                .select { |dir| !dir.include?('KeccakP-1600/ref-') || dir.include?(ref_dir) }
+
+# Process directory paths for both VPATH and INCFLAGS
+vpath_dirs_processed = vpath_dirs.map { |dir| dir.sub($srcdir, '') }
+
+# Add source directories to VPATH
+$VPATH << vpath_dirs_processed
+          .map { |dir| "$(srcdir)#{dir}" }
+          .join(File::PATH_SEPARATOR)
 
-if 1.size == 8 and target_cpu =~ /i686|x86_64/
-  Logging.message "=== Using optimized (64-bit) ===\n"
-  FileUtils.cp Dir["#{$srcdir}/Optimized64/*"].collect { |f| File.expand_path(f) }, "#{$srcdir}/"
-else
-  Logging.message "=== Using reference ===\n"
-  FileUtils.cp Dir["#{$srcdir}/Reference/*"].collect { |f| File.expand_path(f) }, "#{$srcdir}/"
-end
+# Add include flags
+$INCFLAGS << vpath_dirs_processed
+             .map { |dir| " -I$(srcdir)#{dir}" }
+             .join('')
 
-find_header('sha3.h')
-find_header('digest.h')
+# Base source files
+$srcs = ['digest.c']
 
-$CFLAGS += ' -fomit-frame-pointer -O3 -g0 -fms-extensions '
-$CFLAGS += ' -march=native ' if enable_config('march-tune-native', false)
+# Find and add all .c files from the filtered directories
+$srcs += vpath_dirs
+         .flat_map { |dir| Dir.glob("#{dir}/*.c") }
+         .map { |file| File.basename(file) }
+         .uniq
 
-create_makefile 'sha3_n'
+create_makefile(extension_name)

data/ext/sha3/lib/common/align.h

@@ -0,0 +1,33 @@
+/*
+The eXtended Keccak Code Package (XKCP)
+https://github.com/XKCP/XKCP
+
+Implementation by Gilles Van Assche and Ronny Van Keer, hereby denoted as "the implementer".
+
+For more information, feedback or questions, please refer to the Keccak Team website:
+https://keccak.team/
+
+To the extent possible under law, the implementer has waived all copyright
+and related or neighboring rights to the source code in this file.
+http://creativecommons.org/publicdomain/zero/1.0/
+*/
+
+#ifndef _align_h_
+#define _align_h_
+
+/* on Mac OS-X and possibly others, ALIGN(x) is defined in param.h, and -Werror chokes on the redef. */
+#ifdef ALIGN
+#undef ALIGN
+#endif
+
+#if defined(__GNUC__)
+#define ALIGN(x) __attribute__ ((aligned(x)))
+#elif defined(_MSC_VER)
+#define ALIGN(x) __declspec(align(x))
+#elif defined(__ARMCC_VERSION)
+#define ALIGN(x) __align(x)
+#else
+#define ALIGN(x)
+#endif
+
+#endif

data/ext/sha3/{brg_endian.h → lib/common/brg_endian.h}

@@ -114,13 +114,14 @@
       defined( __VMS )     || defined( _M_X64 )
 #  define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
 
-#elif defined( AMIGA )   || defined( applec )    || defined( __AS400__ )  || \
-      defined( _CRAY )   || defined( __hppa )    || defined( __hp9000 )   || \
-      defined( ibm370 )  || defined( mc68000 )   || defined( m68k )       || \
-      defined( __MRC__ ) || defined( __MVS__ )   || defined( __MWERKS__ ) || \
-      defined( sparc )   || defined( __sparc)    || defined( SYMANTEC_C ) || \
-      defined( __VOS__ ) || defined( __TIGCC__ ) || defined( __TANDEM )   || \
-      defined( THINK_C ) || defined( __VMCMS__ ) || defined( _AIX )
+#elif defined( AMIGA )    || defined( applec )    || defined( __AS400__ )  || \
+      defined( _CRAY )    || defined( __hppa )    || defined( __hp9000 )   || \
+      defined( ibm370 )   || defined( mc68000 )   || defined( m68k )       || \
+      defined( __MRC__ )  || defined( __MVS__ )   || defined( __MWERKS__ ) || \
+      defined( sparc )    || defined( __sparc)    || defined( SYMANTEC_C ) || \
+      defined( __VOS__ )  || defined( __TIGCC__ ) || defined( __TANDEM )   || \
+      defined( THINK_C )  || defined( __VMCMS__ ) || defined( _AIX )       || \
+      defined( __s390__ ) || defined( __s390x__ ) || defined( __zarch__ )
 #  define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
 
 #elif defined(__arm__)

data/ext/sha3/{KeccakHash.c → lib/high/Keccak/FIPS202/KeccakHash.c}

@@ -1,12 +1,13 @@
 /*
-Implementation by the Keccak, Keyak and Ketje Teams, namely, Guido Bertoni,
-Joan Daemen, Michaël Peeters, Gilles Van Assche and Ronny Van Keer, hereby
-denoted as "the implementer".
+The eXtended Keccak Code Package (XKCP)
+https://github.com/XKCP/XKCP
 
-For more information, feedback or questions, please refer to our websites:
-http://keccak.noekeon.org/
-http://keyak.noekeon.org/
-http://ketje.noekeon.org/
+Keccak, designed by Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche.
+
+Implementation by the designers, hereby denoted as "the implementer".
+
+For more information, feedback or questions, please refer to the Keccak Team website:
+https://keccak.team/
 
 To the extent possible under law, the implementer has waived all copyright
 and related or neighboring rights to the source code in this file.
@@ -23,35 +24,35 @@ HashReturn Keccak_HashInitialize(Keccak_HashInstance *instance, unsigned int rat
     HashReturn result;
 
     if (delimitedSuffix == 0)
-        return FAIL;
-    result = (HashReturn)Keccak_SpongeInitialize(&instance->sponge, rate, capacity);
-    if (result != SUCCESS)
+        return KECCAK_FAIL;
+    result = (HashReturn)KeccakWidth1600_SpongeInitialize(&instance->sponge, rate, capacity);
+    if (result != KECCAK_SUCCESS)
         return result;
     instance->fixedOutputLength = hashbitlen;
     instance->delimitedSuffix = delimitedSuffix;
-    return SUCCESS;
+    return KECCAK_SUCCESS;
 }
 
 /* ---------------------------------------------------------------- */
 
-HashReturn Keccak_HashUpdate(Keccak_HashInstance *instance, const BitSequence *data, DataLength databitlen)
+HashReturn Keccak_HashUpdate(Keccak_HashInstance *instance, const BitSequence *data, BitLength databitlen)
 {
     if ((databitlen % 8) == 0)
-        return (HashReturn)Keccak_SpongeAbsorb(&instance->sponge, data, databitlen/8);
+        return (HashReturn)KeccakWidth1600_SpongeAbsorb(&instance->sponge, data, databitlen/8);
     else {
-        HashReturn ret = (HashReturn)Keccak_SpongeAbsorb(&instance->sponge, data, databitlen/8);
-        if (ret == SUCCESS) {
-            // The last partial byte is assumed to be aligned on the least significant bits
+        HashReturn ret = (HashReturn)KeccakWidth1600_SpongeAbsorb(&instance->sponge, data, databitlen/8);
+        if (ret == KECCAK_SUCCESS) {
+            /* The last partial byte is assumed to be aligned on the least significant bits */
             unsigned char lastByte = data[databitlen/8];
-            // Concatenate the last few bits provided here with those of the suffix
-            unsigned short delimitedLastBytes = (unsigned short)lastByte | ((unsigned short)instance->delimitedSuffix << (databitlen % 8));
+            /* Concatenate the last few bits provided here with those of the suffix */
+            unsigned short delimitedLastBytes = (unsigned short)((unsigned short)(lastByte & ((1 << (databitlen % 8)) - 1)) | ((unsigned short)instance->delimitedSuffix << (databitlen % 8)));
             if ((delimitedLastBytes & 0xFF00) == 0x0000) {
                 instance->delimitedSuffix = delimitedLastBytes & 0xFF;
             }
             else {
                 unsigned char oneByte[1];
                 oneByte[0] = delimitedLastBytes & 0xFF;
-                ret = (HashReturn)Keccak_SpongeAbsorb(&instance->sponge, oneByte, 1);
+                ret = (HashReturn)KeccakWidth1600_SpongeAbsorb(&instance->sponge, oneByte, 1);
                 instance->delimitedSuffix = (delimitedLastBytes >> 8) & 0xFF;
             }
         }
@@ -63,18 +64,18 @@ HashReturn Keccak_HashUpdate(Keccak_HashInstance *instance, const BitSequence *d
 
 HashReturn Keccak_HashFinal(Keccak_HashInstance *instance, BitSequence *hashval)
 {
-    HashReturn ret = (HashReturn)Keccak_SpongeAbsorbLastFewBits(&instance->sponge, instance->delimitedSuffix);
-    if (ret == SUCCESS)
-        return (HashReturn)Keccak_SpongeSqueeze(&instance->sponge, hashval, instance->fixedOutputLength/8);
+    HashReturn ret = (HashReturn)KeccakWidth1600_SpongeAbsorbLastFewBits(&instance->sponge, instance->delimitedSuffix);
+    if (ret == KECCAK_SUCCESS)
+        return (HashReturn)KeccakWidth1600_SpongeSqueeze(&instance->sponge, hashval, instance->fixedOutputLength/8);
     else
         return ret;
 }
 
 /* ---------------------------------------------------------------- */
 
-HashReturn Keccak_HashSqueeze(Keccak_HashInstance *instance, BitSequence *data, DataLength databitlen)
+HashReturn Keccak_HashSqueeze(Keccak_HashInstance *instance, BitSequence *data, BitLength databitlen)
 {
     if ((databitlen % 8) != 0)
-        return FAIL;
-    return (HashReturn)Keccak_SpongeSqueeze(&instance->sponge, data, databitlen/8);
+        return KECCAK_FAIL;
+    return (HashReturn)KeccakWidth1600_SpongeSqueeze(&instance->sponge, data, databitlen/8);
 }

data/ext/sha3/{KeccakHash.h → lib/high/Keccak/FIPS202/KeccakHash.h}

@@ -1,12 +1,13 @@
 /*
-Implementation by the Keccak, Keyak and Ketje Teams, namely, Guido Bertoni,
-Joan Daemen, Michaël Peeters, Gilles Van Assche and Ronny Van Keer, hereby
-denoted as "the implementer".
+The eXtended Keccak Code Package (XKCP)
+https://github.com/XKCP/XKCP
 
-For more information, feedback or questions, please refer to our websites:
-http://keccak.noekeon.org/
-http://keyak.noekeon.org/
-http://ketje.noekeon.org/
+Keccak, designed by Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche.
+
+Implementation by the designers, hereby denoted as "the implementer".
+
+For more information, feedback or questions, please refer to the Keccak Team website:
+https://keccak.team/
 
 To the extent possible under law, the implementer has waived all copyright
 and related or neighboring rights to the source code in this file.
@@ -16,15 +17,24 @@ http://creativecommons.org/publicdomain/zero/1.0/
 #ifndef _KeccakHashInterface_h_
 #define _KeccakHashInterface_h_
 
-#include "KeccakSponge.h"
+#include "config.h"
+#ifdef XKCP_has_KeccakP1600
+
+#include <stdint.h>
 #include <string.h>
+#include "KeccakSponge.h"
 
-typedef unsigned char BitSequence;
-typedef size_t DataLength;
-typedef enum { SUCCESS = 0, FAIL = 1, BAD_HASHLEN = 2 } HashReturn;
+#ifndef _Keccak_BitTypes_
+#define _Keccak_BitTypes_
+typedef uint8_t BitSequence;
+
+typedef size_t BitLength;
+#endif
+
+typedef enum { KECCAK_SUCCESS = 0, KECCAK_FAIL = 1, KECCAK_BAD_HASHLEN = 2 } HashReturn;
 
 typedef struct {
-    Keccak_SpongeInstance sponge;
+    KeccakWidth1600_SpongeInstance sponge;
     unsigned int fixedOutputLength;
     unsigned char delimitedSuffix;
 } Keccak_HashInstance;
@@ -42,7 +52,7 @@ typedef struct {
   *                         formatted like the @a delimitedData parameter of
   *                         the Keccak_SpongeAbsorbLastFewBits() function.
   * @pre    One must have r+c=1600 and the rate a multiple of 8 bits in this implementation.
-  * @return SUCCESS if successful, FAIL otherwise.
+  * @return KECCAK_SUCCESS if successful, KECCAK_FAIL otherwise.
   */
 HashReturn Keccak_HashInitialize(Keccak_HashInstance *hashInstance, unsigned int rate, unsigned int capacity, unsigned int hashbitlen, unsigned char delimitedSuffix);
 
@@ -76,11 +86,13 @@ HashReturn Keccak_HashInitialize(Keccak_HashInstance *hashInstance, unsigned int
   * @param  data        Pointer to the input data.
   *                     When @a databitLen is not a multiple of 8, the last bits of data must be
   *                     in the least significant bits of the last byte (little-endian convention).
+  *                     In this case, the (8 - @a databitLen mod 8) most significant bits
+  *                     of the last byte are ignored.
   * @param  databitLen  The number of input bits provided in the input data.
   * @pre    In the previous call to Keccak_HashUpdate(), databitlen was a multiple of 8.
-  * @return SUCCESS if successful, FAIL otherwise.
+  * @return KECCAK_SUCCESS if successful, KECCAK_FAIL otherwise.
   */
-HashReturn Keccak_HashUpdate(Keccak_HashInstance *hashInstance, const BitSequence *data, DataLength databitlen);
+HashReturn Keccak_HashUpdate(Keccak_HashInstance *hashInstance, const BitSequence *data, BitLength databitlen);
 
 /**
   * Function to call after all input blocks have been input and to get
@@ -90,9 +102,8 @@ HashReturn Keccak_HashUpdate(Keccak_HashInstance *hashInstance, const BitSequenc
   *     output bits is equal to @a hashbitlen.
   * If @a hashbitlen was 0 in the call to Keccak_HashInitialize(), the output bits
   *     must be extracted using the Keccak_HashSqueeze() function.
-  * @param  state       Pointer to the state of the sponge function initialized by Init().
   * @param  hashval     Pointer to the buffer where to store the output data.
-  * @return SUCCESS if successful, FAIL otherwise.
+  * @return KECCAK_SUCCESS if successful, KECCAK_FAIL otherwise.
   */
 HashReturn Keccak_HashFinal(Keccak_HashInstance *hashInstance, BitSequence *hashval);
 
@@ -103,8 +114,12 @@ HashReturn Keccak_HashFinal(Keccak_HashInstance *hashInstance, BitSequence *hash
   * @param  databitlen  The number of output bits desired (must be a multiple of 8).
   * @pre    Keccak_HashFinal() must have been already called.
   * @pre    @a databitlen is a multiple of 8.
-  * @return SUCCESS if successful, FAIL otherwise.
+  * @return KECCAK_SUCCESS if successful, KECCAK_FAIL otherwise.
   */
-HashReturn Keccak_HashSqueeze(Keccak_HashInstance *hashInstance, BitSequence *data, DataLength databitlen);
+HashReturn Keccak_HashSqueeze(Keccak_HashInstance *hashInstance, BitSequence *data, BitLength databitlen);
+
+#else
+#error This requires an implementation of Keccak-p[1600]
+#endif
 
 #endif

data/ext/sha3/lib/high/Keccak/KeccakDuplex.c

@@ -0,0 +1,81 @@
+/*
+The eXtended Keccak Code Package (XKCP)
+https://github.com/XKCP/XKCP
+
+Keccak, designed by Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche.
+
+Implementation by the designers, hereby denoted as "the implementer".
+
+For more information, feedback or questions, please refer to the Keccak Team website:
+https://keccak.team/
+
+To the extent possible under law, the implementer has waived all copyright
+and related or neighboring rights to the source code in this file.
+http://creativecommons.org/publicdomain/zero/1.0/
+*/
+
+#include "KeccakDuplex.h"
+
+#ifdef KeccakReference
+    #include "displayIntermediateValues.h"
+#endif
+
+#ifdef XKCP_has_KeccakP200
+    #include "KeccakP-200-SnP.h"
+
+    #define prefix KeccakWidth200
+    #define SnP KeccakP200
+    #define SnP_width 200
+    #define SnP_Permute KeccakP200_Permute_18rounds
+        #include "KeccakDuplex.inc"
+    #undef prefix
+    #undef SnP
+    #undef SnP_width
+    #undef SnP_Permute
+    #undef SnP_FastLoop_Absorb
+#endif
+
+#ifdef XKCP_has_KeccakP400
+    #include "KeccakP-400-SnP.h"
+
+    #define prefix KeccakWidth400
+    #define SnP KeccakP400
+    #define SnP_width 400
+    #define SnP_Permute KeccakP400_Permute_20rounds
+        #include "KeccakDuplex.inc"
+    #undef prefix
+    #undef SnP
+    #undef SnP_width
+    #undef SnP_Permute
+    #undef SnP_FastLoop_Absorb
+#endif
+
+#ifdef XKCP_has_KeccakP800
+    #include "KeccakP-800-SnP.h"
+
+    #define prefix KeccakWidth800
+    #define SnP KeccakP800
+    #define SnP_width 800
+    #define SnP_Permute KeccakP800_Permute_22rounds
+        #include "KeccakDuplex.inc"
+    #undef prefix
+    #undef SnP
+    #undef SnP_width
+    #undef SnP_Permute
+    #undef SnP_FastLoop_Absorb
+#endif
+
+#ifdef XKCP_has_KeccakP1600
+    #include "KeccakP-1600-SnP.h"
+
+    #define prefix KeccakWidth1600
+    #define SnP KeccakP1600
+    #define SnP_width 1600
+    #define SnP_Permute KeccakP1600_Permute_24rounds
+        #include "KeccakDuplex.inc"
+    #undef prefix
+    #undef SnP
+    #undef SnP_width
+    #undef SnP_Permute
+    #undef SnP_FastLoop_Absorb
+#endif

data/ext/sha3/lib/high/Keccak/KeccakDuplex.h

@@ -0,0 +1,73 @@
+/*
+The eXtended Keccak Code Package (XKCP)
+https://github.com/XKCP/XKCP
+
+Keccak, designed by Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche.
+
+Implementation by the designers, hereby denoted as "the implementer".
+
+For more information, feedback or questions, please refer to the Keccak Team website:
+https://keccak.team/
+
+To the extent possible under law, the implementer has waived all copyright
+and related or neighboring rights to the source code in this file.
+http://creativecommons.org/publicdomain/zero/1.0/
+*/
+
+#ifndef _KeccakDuplex_h_
+#define _KeccakDuplex_h_
+
+/* For the documentation, please follow the link: */
+/* #include "KeccakDuplex-documentation.h" */
+
+#include <string.h>
+#include "align.h"
+#include "config.h"
+
+#define XKCP_DeclareDuplexStructure(prefix, state_t) \
+    typedef struct prefix##_DuplexInstanceStruct { \
+        state_t state; \
+        unsigned int rate; \
+        unsigned int byteInputIndex; \
+        unsigned int byteOutputIndex; \
+    } prefix##_DuplexInstance;
+
+#define XKCP_DeclareDuplexFunctions(prefix) \
+    int prefix##_DuplexInitialize(prefix##_DuplexInstance *duplexInstance, unsigned int rate, unsigned int capacity); \
+    int prefix##_Duplexing(prefix##_DuplexInstance *duplexInstance, const unsigned char *sigmaBegin, unsigned int sigmaBeginByteLen, unsigned char *Z, unsigned int ZByteLen, unsigned char delimitedSigmaEnd); \
+    int prefix##_DuplexingFeedPartialInput(prefix##_DuplexInstance *duplexInstance, const unsigned char *input, unsigned int inputByteLen); \
+    int prefix##_DuplexingFeedZeroes(prefix##_DuplexInstance *duplexInstance, unsigned int inputByteLen); \
+    int prefix##_DuplexingOverwritePartialInput(prefix##_DuplexInstance *duplexInstance, const unsigned char *input, unsigned int inputByteLen); \
+    int prefix##_DuplexingOverwriteWithZeroes(prefix##_DuplexInstance *duplexInstance, unsigned int inputByteLen); \
+    int prefix##_DuplexingGetFurtherOutput(prefix##_DuplexInstance *duplexInstance, unsigned char *out, unsigned int outByteLen); \
+    int prefix##_DuplexingGetFurtherOutputAndAdd(prefix##_DuplexInstance *duplexInstance, const unsigned char *input, unsigned char *output, unsigned int outputByteLen);
+
+#ifdef XKCP_has_KeccakP200
+    #include "KeccakP-200-SnP.h"
+    XKCP_DeclareDuplexStructure(KeccakWidth200, KeccakP200_stateSizeInBytes, KeccakP200_stateAlignment)
+    XKCP_DeclareDuplexFunctions(KeccakWidth200)
+    #define XKCP_has_Duplex_Keccak_width200
+#endif
+
+#ifdef XKCP_has_KeccakP400
+    #include "KeccakP-400-SnP.h"
+    XKCP_DeclareDuplexStructure(KeccakWidth400, KeccakP400_stateSizeInBytes, KeccakP400_stateAlignment)
+    XKCP_DeclareDuplexFunctions(KeccakWidth400)
+    #define XKCP_has_Duplex_Keccak_width400
+#endif
+
+#ifdef XKCP_has_KeccakP800
+    #include "KeccakP-800-SnP.h"
+    XKCP_DeclareDuplexStructure(KeccakWidth800, KeccakP800_stateSizeInBytes, KeccakP800_stateAlignment)
+    XKCP_DeclareDuplexFunctions(KeccakWidth800)
+    #define XKCP_has_Duplex_Keccak_width800
+#endif
+
+#ifdef XKCP_has_KeccakP1600
+    #include "KeccakP-1600-SnP.h"
+    XKCP_DeclareDuplexStructure(KeccakWidth1600, KeccakP1600_state)
+    XKCP_DeclareDuplexFunctions(KeccakWidth1600)
+    #define XKCP_has_Duplex_Keccak_width1600
+#endif
+
+#endif