sha3 1.0.5 → 2.0.0

data/ext/sha3/lib/high/Keccak/KeccakSponge.inc

@@ -24,8 +24,6 @@ http://creativecommons.org/publicdomain/zero/1.0/
 #define SpongeAbsorbLastFewBits         JOIN(prefix, _SpongeAbsorbLastFewBits)
 #define SpongeSqueeze                   JOIN(prefix, _SpongeSqueeze)
 
-#define SnP_stateSizeInBytes            JOIN(SnP, _stateSizeInBytes)
-#define SnP_stateAlignment              JOIN(SnP, _stateAlignment)
 #define SnP_StaticInitialize            JOIN(SnP, _StaticInitialize)
 #define SnP_Initialize                  JOIN(SnP, _Initialize)
 #define SnP_AddByte                     JOIN(SnP, _AddByte)
@@ -34,7 +32,7 @@ http://creativecommons.org/publicdomain/zero/1.0/
 
 int Sponge(unsigned int rate, unsigned int capacity, const unsigned char *input, size_t inputByteLen, unsigned char suffix, unsigned char *output, size_t outputByteLen)
 {
-    ALIGN(SnP_stateAlignment) unsigned char state[SnP_stateSizeInBytes];
+    SnP_state state;
     unsigned int partialBlock;
     const unsigned char *curInput = input;
     unsigned char *curOutput = output;
@@ -49,14 +47,14 @@ int Sponge(unsigned int rate, unsigned int capacity, const unsigned char *input,
 
     /* Initialize the state */
     SnP_StaticInitialize();
-    SnP_Initialize(state);
+    SnP_Initialize(&state);
 
     /* First, absorb whole blocks */
 #ifdef SnP_FastLoop_Absorb
     if (((rateInBytes % (SnP_width/200)) == 0) && (inputByteLen >= rateInBytes)) {
         /* fast lane: whole lane rate */
         size_t j;
-        j = SnP_FastLoop_Absorb(state, rateInBytes/(SnP_width/200), curInput, inputByteLen);
+        j = SnP_FastLoop_Absorb(&state, rateInBytes/(SnP_width/200), curInput, inputByteLen);
         curInput += j;
         inputByteLen -= j;
     }
@@ -65,8 +63,8 @@ int Sponge(unsigned int rate, unsigned int capacity, const unsigned char *input,
         #ifdef KeccakReference
         displayBytes(1, "Block to be absorbed", curInput, rateInBytes);
         #endif
-        SnP_AddBytes(state, curInput, 0, rateInBytes);
-        SnP_Permute(state);
+        SnP_AddBytes(&state, curInput, 0, rateInBytes);
+        SnP_Permute(&state);
         curInput += rateInBytes;
         inputByteLen -= rateInBytes;
     }
@@ -76,7 +74,7 @@ int Sponge(unsigned int rate, unsigned int capacity, const unsigned char *input,
     #ifdef KeccakReference
     displayBytes(1, "Block to be absorbed (part)", curInput, partialBlock);
     #endif
-    SnP_AddBytes(state, curInput, 0, partialBlock);
+    SnP_AddBytes(&state, curInput, 0, partialBlock);
 
     /* Finally, absorb the suffix */
     #ifdef KeccakReference
@@ -87,12 +85,12 @@ int Sponge(unsigned int rate, unsigned int capacity, const unsigned char *input,
     }
     #endif
     /* Last few bits, whose delimiter coincides with first bit of padding */
-    SnP_AddByte(state, suffix, partialBlock);
+    SnP_AddByte(&state, suffix, partialBlock);
     /* If the first bit of padding is at position rate-1, we need a whole new block for the second bit of padding */
     if ((suffix >= 0x80) && (partialBlock == (rateInBytes-1)))
-        SnP_Permute(state);
+        SnP_Permute(&state);
     /* Second bit of padding */
-    SnP_AddByte(state, 0x80, rateInBytes-1);
+    SnP_AddByte(&state, 0x80, rateInBytes-1);
     #ifdef KeccakReference
     {
         unsigned char block[SnP_width/8];
@@ -101,15 +99,15 @@ int Sponge(unsigned int rate, unsigned int capacity, const unsigned char *input,
         displayBytes(1, "Second bit of padding", block, rateInBytes);
     }
     #endif
-    SnP_Permute(state);
+    SnP_Permute(&state);
     #ifdef KeccakReference
     displayText(1, "--- Switching to squeezing phase ---");
     #endif
 
     /* First, output whole blocks */
     while(outputByteLen > (size_t)rateInBytes) {
-        SnP_ExtractBytes(state, curOutput, 0, rateInBytes);
-        SnP_Permute(state);
+        SnP_ExtractBytes(&state, curOutput, 0, rateInBytes);
+        SnP_Permute(&state);
         #ifdef KeccakReference
         displayBytes(1, "Squeezed block", curOutput, rateInBytes);
         #endif
@@ -119,7 +117,7 @@ int Sponge(unsigned int rate, unsigned int capacity, const unsigned char *input,
 
     /* Finally, output what remains */
     partialBlock = (unsigned int)outputByteLen;
-    SnP_ExtractBytes(state, curOutput, 0, partialBlock);
+    SnP_ExtractBytes(&state, curOutput, 0, partialBlock);
     #ifdef KeccakReference
     displayBytes(1, "Squeezed block (part)", curOutput, partialBlock);
     #endif
@@ -138,7 +136,7 @@ int SpongeInitialize(SpongeInstance *instance, unsigned int rate, unsigned int c
     if ((rate <= 0) || (rate > SnP_width) || ((rate % 8) != 0))
         return 1;
     SnP_StaticInitialize();
-    SnP_Initialize(instance->state);
+    SnP_Initialize(&instance->state);
     instance->rate = rate;
     instance->byteIOIndex = 0;
     instance->squeezing = 0;
@@ -166,7 +164,7 @@ int SpongeAbsorb(SpongeInstance *instance, const unsigned char *data, size_t dat
             /* processing full blocks first */
             if ((rateInBytes % (SnP_width/200)) == 0) {
                 /* fast lane: whole lane rate */
-                j = SnP_FastLoop_Absorb(instance->state, rateInBytes/(SnP_width/200), curData, dataByteLen - i);
+                j = SnP_FastLoop_Absorb(&instance->state, rateInBytes/(SnP_width/200), curData, dataByteLen - i);
                 i += j;
                 curData += j;
             }
@@ -176,8 +174,8 @@ int SpongeAbsorb(SpongeInstance *instance, const unsigned char *data, size_t dat
                     #ifdef KeccakReference
                     displayBytes(1, "Block to be absorbed", curData, rateInBytes);
                     #endif
-                    SnP_AddBytes(instance->state, curData, 0, rateInBytes);
-                    SnP_Permute(instance->state);
+                    SnP_AddBytes(&instance->state, curData, 0, rateInBytes);
+                    SnP_Permute(&instance->state);
                     curData+=rateInBytes;
                 }
                 i = dataByteLen - j;
@@ -196,11 +194,11 @@ int SpongeAbsorb(SpongeInstance *instance, const unsigned char *data, size_t dat
             #endif
             i += partialBlock;
 
-            SnP_AddBytes(instance->state, curData, instance->byteIOIndex, partialBlock);
+            SnP_AddBytes(&instance->state, curData, instance->byteIOIndex, partialBlock);
             curData += partialBlock;
             instance->byteIOIndex += partialBlock;
             if (instance->byteIOIndex == rateInBytes) {
-                SnP_Permute(instance->state);
+                SnP_Permute(&instance->state);
                 instance->byteIOIndex = 0;
             }
         }
@@ -227,12 +225,12 @@ int SpongeAbsorbLastFewBits(SpongeInstance *instance, unsigned char delimitedDat
     }
     #endif
     /* Last few bits, whose delimiter coincides with first bit of padding */
-    SnP_AddByte(instance->state, delimitedData, instance->byteIOIndex);
+    SnP_AddByte(&instance->state, delimitedData, instance->byteIOIndex);
     /* If the first bit of padding is at position rate-1, we need a whole new block for the second bit of padding */
     if ((delimitedData >= 0x80) && (instance->byteIOIndex == (rateInBytes-1)))
-        SnP_Permute(instance->state);
+        SnP_Permute(&instance->state);
     /* Second bit of padding */
-    SnP_AddByte(instance->state, 0x80, rateInBytes-1);
+    SnP_AddByte(&instance->state, 0x80, rateInBytes-1);
     #ifdef KeccakReference
     {
         unsigned char block[SnP_width/8];
@@ -241,7 +239,7 @@ int SpongeAbsorbLastFewBits(SpongeInstance *instance, unsigned char delimitedDat
         displayBytes(1, "Second bit of padding", block, rateInBytes);
     }
     #endif
-    SnP_Permute(instance->state);
+    SnP_Permute(&instance->state);
     instance->byteIOIndex = 0;
     instance->squeezing = 1;
     #ifdef KeccakReference
@@ -267,8 +265,8 @@ int SpongeSqueeze(SpongeInstance *instance, unsigned char *data, size_t dataByte
     while(i < dataByteLen) {
         if ((instance->byteIOIndex == rateInBytes) && (dataByteLen-i >= rateInBytes)) {
             for(j=dataByteLen-i; j>=rateInBytes; j-=rateInBytes) {
-                SnP_Permute(instance->state);
-                SnP_ExtractBytes(instance->state, curData, 0, rateInBytes);
+                SnP_Permute(&instance->state);
+                SnP_ExtractBytes(&instance->state, curData, 0, rateInBytes);
                 #ifdef KeccakReference
                 displayBytes(1, "Squeezed block", curData, rateInBytes);
                 #endif
@@ -279,7 +277,7 @@ int SpongeSqueeze(SpongeInstance *instance, unsigned char *data, size_t dataByte
         else {
             /* normal lane: using the message queue */
             if (instance->byteIOIndex == rateInBytes) {
-                SnP_Permute(instance->state);
+                SnP_Permute(&instance->state);
                 instance->byteIOIndex = 0;
             }
             if (dataByteLen-i > rateInBytes-instance->byteIOIndex)
@@ -288,7 +286,7 @@ int SpongeSqueeze(SpongeInstance *instance, unsigned char *data, size_t dataByte
                 partialBlock = (unsigned int)(dataByteLen - i);
             i += partialBlock;
 
-            SnP_ExtractBytes(instance->state, curData, instance->byteIOIndex, partialBlock);
+            SnP_ExtractBytes(&instance->state, curData, instance->byteIOIndex, partialBlock);
             #ifdef KeccakReference
             displayBytes(1, "Squeezed block (part)", curData, partialBlock);
             #endif
@@ -307,8 +305,6 @@ int SpongeSqueeze(SpongeInstance *instance, unsigned char *data, size_t dataByte
 #undef SpongeAbsorb
 #undef SpongeAbsorbLastFewBits
 #undef SpongeSqueeze
-#undef SnP_stateSizeInBytes
-#undef SnP_stateAlignment
 #undef SnP_StaticInitialize
 #undef SnP_Initialize
 #undef SnP_AddByte

data/ext/sha3/lib/high/Keccak/PRG/KeccakPRG.c

@@ -0,0 +1,61 @@
+/*
+The eXtended Keccak Code Package (XKCP)
+https://github.com/XKCP/XKCP
+
+Keccak, designed by Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche.
+
+Implementation by Gilles Van Assche, hereby denoted as "the implementer".
+
+For more information, feedback or questions, please refer to the Keccak Team website:
+https://keccak.team/
+
+To the extent possible under law, the implementer has waived all copyright
+and related or neighboring rights to the source code in this file.
+http://creativecommons.org/publicdomain/zero/1.0/
+*/
+
+#include "KeccakPRG.h"
+
+#ifdef KeccakReference
+    #include "displayIntermediateValues.h"
+#endif
+
+#ifdef XKCP_has_KeccakP200
+    #include "KeccakP-200-SnP.h"
+
+    #define prefix KeccakWidth200
+    #define SnP_width 200
+        #include "KeccakPRG.inc"
+    #undef prefix
+    #undef SnP_width
+#endif
+
+#ifdef XKCP_has_KeccakP400
+    #include "KeccakP-400-SnP.h"
+
+    #define prefix KeccakWidth400
+    #define SnP_width 400
+        #include "KeccakPRG.inc"
+    #undef prefix
+    #undef SnP_width
+#endif
+
+#ifdef XKCP_has_KeccakP800
+    #include "KeccakP-800-SnP.h"
+
+    #define prefix KeccakWidth800
+    #define SnP_width 800
+        #include "KeccakPRG.inc"
+    #undef prefix
+    #undef SnP_width
+#endif
+
+#ifdef XKCP_has_KeccakP1600
+    #include "KeccakP-1600-SnP.h"
+
+    #define prefix KeccakWidth1600
+    #define SnP_width 1600
+        #include "KeccakPRG.inc"
+    #undef prefix
+    #undef SnP_width
+#endif

data/ext/sha3/lib/high/Keccak/PRG/KeccakPRG.h

@@ -0,0 +1,67 @@
+/*
+The eXtended Keccak Code Package (XKCP)
+https://github.com/XKCP/XKCP
+
+Keccak, designed by Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche.
+
+Implementation by Gilles Van Assche, hereby denoted as "the implementer".
+
+For more information, feedback or questions, please refer to the Keccak Team website:
+https://keccak.team/
+
+To the extent possible under law, the implementer has waived all copyright
+and related or neighboring rights to the source code in this file.
+http://creativecommons.org/publicdomain/zero/1.0/
+*/
+
+#ifndef _KeccakPRG_h_
+#define _KeccakPRG_h_
+
+/* For the documentation, please follow the link: */
+/* #include "KeccakPRG-documentation.h" */
+
+#include <string.h>
+#include "align.h"
+#include "config.h"
+#include "KeccakDuplex.h"
+
+#define XKCP_DeclareSpongePRG_Structure(prefix) \
+    typedef struct prefix##_SpongePRG_InstanceStruct { \
+        prefix##_DuplexInstance duplex; \
+    } prefix##_SpongePRG_Instance;
+
+#define XKCP_DeclareSpongePRG_Functions(prefix) \
+    int prefix##_SpongePRG_Initialize(prefix##_SpongePRG_Instance *instance, unsigned int capacity); \
+    int prefix##_SpongePRG_Feed(prefix##_SpongePRG_Instance *instance, const unsigned char *input, unsigned int inputByteLen); \
+    int prefix##_SpongePRG_Fetch(prefix##_SpongePRG_Instance *Instance, unsigned char *out, unsigned int outByteLen); \
+    int prefix##_SpongePRG_Forget(prefix##_SpongePRG_Instance *instance);
+
+#ifdef XKCP_has_KeccakP200
+    #include "KeccakP-200-SnP.h"
+    XKCP_DeclareSpongePRG_Structure(KeccakWidth200, KeccakP200_stateSizeInBytes, KeccakP200_stateAlignment)
+    XKCP_DeclareSpongePRG_Functions(KeccakWidth200)
+    #define XKCP_has_PRG_Keccak_width200
+#endif
+
+#ifdef XKCP_has_KeccakP400
+    #include "KeccakP-400-SnP.h"
+    XKCP_DeclareSpongePRG_Structure(KeccakWidth400, KeccakP400_stateSizeInBytes, KeccakP400_stateAlignment)
+    XKCP_DeclareSpongePRG_Functions(KeccakWidth400)
+    #define XKCP_has_PRG_Keccak_width400
+#endif
+
+#ifdef XKCP_has_KeccakP800
+    #include "KeccakP-800-SnP.h"
+    XKCP_DeclareSpongePRG_Structure(KeccakWidth800, KeccakP800_stateSizeInBytes, KeccakP800_stateAlignment)
+    XKCP_DeclareSpongePRG_Functions(KeccakWidth800)
+    #define XKCP_has_PRG_Keccak_width800
+#endif
+
+#ifdef XKCP_has_KeccakP1600
+    #include "KeccakP-1600-SnP.h"
+    XKCP_DeclareSpongePRG_Structure(KeccakWidth1600)
+    XKCP_DeclareSpongePRG_Functions(KeccakWidth1600)
+    #define XKCP_has_PRG_Keccak_width1600
+#endif
+
+#endif

data/ext/sha3/lib/high/Keccak/PRG/KeccakPRG.inc

@@ -0,0 +1,128 @@
+/*
+The eXtended Keccak Code Package (XKCP)
+https://github.com/XKCP/XKCP
+
+Keccak, designed by Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche.
+
+Implementation by Gilles Van Assche, hereby denoted as "the implementer".
+
+For more information, feedback or questions, please refer to the Keccak Team website:
+https://keccak.team/
+
+To the extent possible under law, the implementer has waived all copyright
+and related or neighboring rights to the source code in this file.
+http://creativecommons.org/publicdomain/zero/1.0/
+*/
+
+#define JOIN0(a, b)                     a ## b
+#define JOIN(a, b)                      JOIN0(a, b)
+
+#define SpongePRG_Instance              JOIN(prefix, _SpongePRG_Instance)
+#define SpongePRG_Initialize            JOIN(prefix, _SpongePRG_Initialize)
+#define SpongePRG_Feed                  JOIN(prefix, _SpongePRG_Feed)
+#define SpongePRG_Fetch                 JOIN(prefix, _SpongePRG_Fetch)
+#define SpongePRG_Forget                JOIN(prefix, _SpongePRG_Forget)
+
+#define DuplexInstance                  JOIN(prefix, _DuplexInstance)
+#define DuplexInitialize                JOIN(prefix, _DuplexInitialize)
+#define Duplexing                       JOIN(prefix, _Duplexing)
+#define DuplexingFeedPartialInput       JOIN(prefix, _DuplexingFeedPartialInput)
+#define DuplexingOverwriteWithZeroes    JOIN(prefix, _DuplexingOverwriteWithZeroes)
+#define DuplexingGetFurtherOutput       JOIN(prefix, _DuplexingGetFurtherOutput)
+#define DuplexGetInputIndex(duplex)     (duplex)->byteInputIndex
+#define DuplexGetOutputIndex(duplex)    (duplex)->byteOutputIndex
+#define DuplexSetOutputIndex(duplex, i) (duplex)->byteOutputIndex = (i)
+
+int SpongePRG_Initialize(SpongePRG_Instance *instance, unsigned int capacity)
+{
+    unsigned int rate;
+    unsigned int rhoInBytes;
+
+    if (capacity > (SnP_width-10))
+        return 1;
+
+    rate = SnP_width - capacity;
+    rhoInBytes = (rate-2)/8;
+
+    if ( (rhoInBytes == 0) || (rhoInBytes >= SnP_width/8) )
+        return 1;
+    return DuplexInitialize(&instance->duplex, rate, capacity);
+}
+
+int SpongePRG_Feed(SpongePRG_Instance *instance, const unsigned char *input, unsigned int inputByteLen)
+{
+    unsigned int rhoInBytes = (instance->duplex.rate-2)/8;
+    int error = 0;
+
+    while( !error && (inputByteLen >= rhoInBytes - DuplexGetInputIndex(&instance->duplex))) {
+        unsigned int localSize = rhoInBytes - DuplexGetInputIndex(&instance->duplex);
+        error |= DuplexingFeedPartialInput(&instance->duplex, input, localSize);
+        error |= Duplexing(&instance->duplex, 0, 0, 0, 0, 0x01);
+        input += localSize;
+        inputByteLen -= localSize;
+    }
+    if (!error)
+        error = DuplexingFeedPartialInput(&instance->duplex, input, inputByteLen);
+    DuplexSetOutputIndex(&instance->duplex, rhoInBytes);
+    return error;
+}
+
+int SpongePRG_Fetch(SpongePRG_Instance *instance, unsigned char *output, unsigned int outputByteLen)
+{
+    unsigned int rhoInBytes = (instance->duplex.rate-2)/8;
+    int error = 0;
+
+    if (DuplexGetOutputIndex(&instance->duplex) < rhoInBytes) {
+        unsigned int localSize = rhoInBytes - DuplexGetOutputIndex(&instance->duplex);
+        localSize = (localSize <= outputByteLen) ? localSize : outputByteLen;
+        error = DuplexingGetFurtherOutput(&instance->duplex, output, localSize);
+        output += localSize;
+        outputByteLen -= localSize;
+    }
+
+    while( !error && (outputByteLen > 0) ) {
+        error = Duplexing(&instance->duplex, 0, 0, 0, 0, 0x01);
+        if (!error) {
+            unsigned int localSize = (rhoInBytes <= outputByteLen) ? rhoInBytes : outputByteLen;
+            error = DuplexingGetFurtherOutput(&instance->duplex, output, localSize);
+            output += localSize;
+            outputByteLen -= localSize;
+        }
+    }
+    return error;
+}
+
+int SpongePRG_Forget(SpongePRG_Instance *instance)
+{
+    unsigned int rhoInBytes = (instance->duplex.rate-2)/8;
+    unsigned int capacity = SnP_width - instance->duplex.rate;
+    int error;
+
+    if ((rhoInBytes*8) < capacity)
+        return 1;
+
+    error = Duplexing(&instance->duplex, 0, 0, 0, 0, 0x01);
+    if ( !error ) {
+        error = DuplexingOverwriteWithZeroes(&instance->duplex, rhoInBytes);
+        if ( !error )
+            error = Duplexing(&instance->duplex, 0, 0, 0, 0, 0x01);
+    }
+    DuplexSetOutputIndex(&instance->duplex, rhoInBytes);
+    return error;
+}
+
+#undef SpongePRG_Instance
+#undef SpongePRG_Initialize
+#undef SpongePRG_Feed
+#undef SpongePRG_Fetch
+#undef SpongePRG_Forget
+
+#undef DuplexInstance
+#undef DuplexInitialize
+#undef Duplexing
+#undef DuplexingFeedPartialInput
+#undef DuplexingOverwriteWithZeroes
+#undef DuplexingGetFurtherOutput
+#undef DuplexGetInputIndex
+#undef DuplexGetOutputIndex
+#undef DuplexSetOutputIndex

data/ext/sha3/lib/high/Keccak/SP800-185/SP800-185.c

@@ -0,0 +1,93 @@
+/*
+The eXtended Keccak Code Package (XKCP)
+https://github.com/XKCP/XKCP
+
+Keccak, designed by Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche.
+
+Implementation by Ronny Van Keer, hereby denoted as "the implementer".
+
+For more information, feedback or questions, please refer to the Keccak Team website:
+https://keccak.team/
+
+To the extent possible under law, the implementer has waived all copyright
+and related or neighboring rights to the source code in this file.
+http://creativecommons.org/publicdomain/zero/1.0/
+*/
+
+#include <string.h>
+#include "SP800-185.h"
+
+#ifdef XKCP_has_KeccakP1600times2
+    #include "KeccakP-1600-times2-SnP.h"
+#endif
+
+#ifdef XKCP_has_KeccakP1600times4
+    #include "KeccakP-1600-times4-SnP.h"
+#endif
+
+#ifdef XKCP_has_KeccakP1600times8
+    #include "KeccakP-1600-times8-SnP.h"
+#endif
+
+/* #define DEBUG_DUMP */
+
+#if defined(DEBUG_DUMP)
+
+#include <stdio.h>
+
+static void DUMP( const unsigned char * pText, const unsigned char * pData, unsigned int size )
+{
+    unsigned int i;
+    printf("%s (%u bytes):", pText, size);
+    for(i=0; i<size; i++)
+        printf(" %02x", (int)pData[i]);
+    printf("\n");
+}
+#else
+#define DUMP(pText, pData, size )
+#endif
+
+static unsigned int left_encode( unsigned char * encbuf, size_t value )
+{
+    unsigned int n, i;
+    size_t v;
+
+    for ( v = value, n = 0; v && (n < sizeof(size_t)); ++n, v >>= 8 )
+        ; /* empty */
+    if (n == 0)
+        n = 1;
+    for ( i = 1; i <= n; ++i )
+    {
+        encbuf[i] = (unsigned char)(value >> (8 * (n-i)));
+    }
+    encbuf[0] = (unsigned char)n;
+    return n + 1;
+}
+
+static unsigned int right_encode( unsigned char * encbuf, size_t value )
+{
+    unsigned int n, i;
+    size_t v;
+
+    for ( v = value, n = 0; v && (n < sizeof(size_t)); ++n, v >>= 8 )
+        ; /* empty */
+    if (n == 0)
+        n = 1;
+    for ( i = 1; i <= n; ++i )
+    {
+        encbuf[i-1] = (unsigned char)(value >> (8 * (n-i)));
+    }
+    encbuf[n] = (unsigned char)n;
+    return n + 1;
+}
+
+#define laneSize        8
+#define suffix          0x1F
+
+#define security        128
+#include "SP800-185.inc"
+#undef  security
+
+#define security        256
+#include "SP800-185.inc"
+#undef  security