sleeping_kangaroo12 0.0.1

data/ext/xkcp/lib/high/Keccak/FIPS202/KeccakHash.h

@@ -0,0 +1,125 @@
+/*
+The eXtended Keccak Code Package (XKCP)
+https://github.com/XKCP/XKCP
+
+Keccak, designed by Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche.
+
+Implementation by the designers, hereby denoted as "the implementer".
+
+For more information, feedback or questions, please refer to the Keccak Team website:
+https://keccak.team/
+
+To the extent possible under law, the implementer has waived all copyright
+and related or neighboring rights to the source code in this file.
+http://creativecommons.org/publicdomain/zero/1.0/
+*/
+
+#ifndef _KeccakHashInterface_h_
+#define _KeccakHashInterface_h_
+
+#include "config.h"
+#ifdef XKCP_has_KeccakP1600
+
+#include <stdint.h>
+#include <string.h>
+#include "KeccakSponge.h"
+
+#ifndef _Keccak_BitTypes_
+#define _Keccak_BitTypes_
+typedef uint8_t BitSequence;
+
+typedef size_t BitLength;
+#endif
+
+typedef enum { KECCAK_SUCCESS = 0, KECCAK_FAIL = 1, KECCAK_BAD_HASHLEN = 2 } HashReturn;
+
+typedef struct {
+    KeccakWidth1600_SpongeInstance sponge;
+    unsigned int fixedOutputLength;
+    unsigned char delimitedSuffix;
+} Keccak_HashInstance;
+
+/**
+  * Function to initialize the Keccak[r, c] sponge function instance used in sequential hashing mode.
+  * @param  hashInstance    Pointer to the hash instance to be initialized.
+  * @param  rate        The value of the rate r.
+  * @param  capacity    The value of the capacity c.
+  * @param  hashbitlen  The desired number of output bits,
+  *                     or 0 for an arbitrarily-long output.
+  * @param  delimitedSuffix Bits that will be automatically appended to the end
+  *                         of the input message, as in domain separation.
+  *                         This is a byte containing from 0 to 7 bits
+  *                         formatted like the @a delimitedData parameter of
+  *                         the Keccak_SpongeAbsorbLastFewBits() function.
+  * @pre    One must have r+c=1600 and the rate a multiple of 8 bits in this implementation.
+  * @return KECCAK_SUCCESS if successful, KECCAK_FAIL otherwise.
+  */
+HashReturn Keccak_HashInitialize(Keccak_HashInstance *hashInstance, unsigned int rate, unsigned int capacity, unsigned int hashbitlen, unsigned char delimitedSuffix);
+
+/** Macro to initialize a SHAKE128 instance as specified in the FIPS 202 standard.
+  */
+#define Keccak_HashInitialize_SHAKE128(hashInstance)        Keccak_HashInitialize(hashInstance, 1344,  256,   0, 0x1F)
+
+/** Macro to initialize a SHAKE256 instance as specified in the FIPS 202 standard.
+  */
+#define Keccak_HashInitialize_SHAKE256(hashInstance)        Keccak_HashInitialize(hashInstance, 1088,  512,   0, 0x1F)
+
+/** Macro to initialize a SHA3-224 instance as specified in the FIPS 202 standard.
+  */
+#define Keccak_HashInitialize_SHA3_224(hashInstance)        Keccak_HashInitialize(hashInstance, 1152,  448, 224, 0x06)
+
+/** Macro to initialize a SHA3-256 instance as specified in the FIPS 202 standard.
+  */
+#define Keccak_HashInitialize_SHA3_256(hashInstance)        Keccak_HashInitialize(hashInstance, 1088,  512, 256, 0x06)
+
+/** Macro to initialize a SHA3-384 instance as specified in the FIPS 202 standard.
+  */
+#define Keccak_HashInitialize_SHA3_384(hashInstance)        Keccak_HashInitialize(hashInstance,  832,  768, 384, 0x06)
+
+/** Macro to initialize a SHA3-512 instance as specified in the FIPS 202 standard.
+  */
+#define Keccak_HashInitialize_SHA3_512(hashInstance)        Keccak_HashInitialize(hashInstance,  576, 1024, 512, 0x06)
+
+/**
+  * Function to give input data to be absorbed.
+  * @param  hashInstance    Pointer to the hash instance initialized by Keccak_HashInitialize().
+  * @param  data        Pointer to the input data.
+  *                     When @a databitLen is not a multiple of 8, the last bits of data must be
+  *                     in the least significant bits of the last byte (little-endian convention).
+  *                     In this case, the (8 - @a databitLen mod 8) most significant bits
+  *                     of the last byte are ignored.
+  * @param  databitLen  The number of input bits provided in the input data.
+  * @pre    In the previous call to Keccak_HashUpdate(), databitlen was a multiple of 8.
+  * @return KECCAK_SUCCESS if successful, KECCAK_FAIL otherwise.
+  */
+HashReturn Keccak_HashUpdate(Keccak_HashInstance *hashInstance, const BitSequence *data, BitLength databitlen);
+
+/**
+  * Function to call after all input blocks have been input and to get
+  * output bits if the length was specified when calling Keccak_HashInitialize().
+  * @param  hashInstance    Pointer to the hash instance initialized by Keccak_HashInitialize().
+  * If @a hashbitlen was not 0 in the call to Keccak_HashInitialize(), the number of
+  *     output bits is equal to @a hashbitlen.
+  * If @a hashbitlen was 0 in the call to Keccak_HashInitialize(), the output bits
+  *     must be extracted using the Keccak_HashSqueeze() function.
+  * @param  hashval     Pointer to the buffer where to store the output data.
+  * @return KECCAK_SUCCESS if successful, KECCAK_FAIL otherwise.
+  */
+HashReturn Keccak_HashFinal(Keccak_HashInstance *hashInstance, BitSequence *hashval);
+
+ /**
+  * Function to squeeze output data.
+  * @param  hashInstance    Pointer to the hash instance initialized by Keccak_HashInitialize().
+  * @param  data        Pointer to the buffer where to store the output data.
+  * @param  databitlen  The number of output bits desired (must be a multiple of 8).
+  * @pre    Keccak_HashFinal() must have been already called.
+  * @pre    @a databitlen is a multiple of 8.
+  * @return KECCAK_SUCCESS if successful, KECCAK_FAIL otherwise.
+  */
+HashReturn Keccak_HashSqueeze(Keccak_HashInstance *hashInstance, BitSequence *data, BitLength databitlen);
+
+#else
+#error This requires an implementation of Keccak-p[1600]
+#endif
+
+#endif

data/ext/xkcp/lib/high/Keccak/FIPS202/SimpleFIPS202.c

@@ -0,0 +1,48 @@
+/*
+The eXtended Keccak Code Package (XKCP)
+https://github.com/XKCP/XKCP
+
+Keccak, designed by Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche.
+
+Implementation by Gilles Van Assche, hereby denoted as "the implementer".
+
+For more information, feedback or questions, please refer to the Keccak Team website:
+https://keccak.team/
+
+To the extent possible under law, the implementer has waived all copyright
+and related or neighboring rights to the source code in this file.
+http://creativecommons.org/publicdomain/zero/1.0/
+*/
+
+#include "KeccakSponge.h"
+#include "SimpleFIPS202.h"
+
+int SHAKE128(unsigned char *output, size_t outputByteLen, const unsigned char *input, size_t inputByteLen)
+{
+    return KeccakWidth1600_Sponge(1344, 256, input, inputByteLen, 0x1F, output, outputByteLen);
+}
+
+int SHAKE256(unsigned char *output, size_t outputByteLen, const unsigned char *input, size_t inputByteLen)
+{
+    return KeccakWidth1600_Sponge(1088, 512, input, inputByteLen, 0x1F, output, outputByteLen);
+}
+
+int SHA3_224(unsigned char *output, const unsigned char *input, size_t inputByteLen)
+{
+    return KeccakWidth1600_Sponge(1152, 448, input, inputByteLen, 0x06, output, 224/8);
+}
+
+int SHA3_256(unsigned char *output, const unsigned char *input, size_t inputByteLen)
+{
+    return KeccakWidth1600_Sponge(1088, 512, input, inputByteLen, 0x06, output, 256/8);
+}
+
+int SHA3_384(unsigned char *output, const unsigned char *input, size_t inputByteLen)
+{
+    return KeccakWidth1600_Sponge( 832, 768, input, inputByteLen, 0x06, output, 384/8);
+}
+
+int SHA3_512(unsigned char *output, const unsigned char *input, size_t inputByteLen)
+{
+    return KeccakWidth1600_Sponge(576, 1024, input, inputByteLen, 0x06, output, 512/8);
+}

data/ext/xkcp/lib/high/Keccak/FIPS202/SimpleFIPS202.h

@@ -0,0 +1,79 @@
+/*
+The eXtended Keccak Code Package (XKCP)
+https://github.com/XKCP/XKCP
+
+Keccak, designed by Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche.
+
+Implementation by Gilles Van Assche, hereby denoted as "the implementer".
+
+For more information, feedback or questions, please refer to the Keccak Team website:
+https://keccak.team/
+
+To the extent possible under law, the implementer has waived all copyright
+and related or neighboring rights to the source code in this file.
+http://creativecommons.org/publicdomain/zero/1.0/
+*/
+
+#ifndef _SimpleFIPS202_h_
+#define _SimpleFIPS202_h_
+
+#include "config.h"
+#ifdef XKCP_has_KeccakP1600
+
+#include <string.h>
+
+/** Implementation of the SHAKE128 extendable output function (XOF) [FIPS 202].
+  * @param  output          Pointer to the output buffer.
+  * @param  outputByteLen   The desired number of output bytes.
+  * @param  input           Pointer to the input message.
+  * @param  inputByteLen    The length of the input message in bytes.
+  * @return 0 if successful, 1 otherwise.
+  */
+int SHAKE128(unsigned char *output, size_t outputByteLen, const unsigned char *input, size_t inputByteLen);
+
+/** Implementation of the SHAKE256 extendable output function (XOF) [FIPS 202].
+  * @param  output          Pointer to the output buffer.
+  * @param  outputByteLen   The desired number of output bytes.
+  * @param  input           Pointer to the input message.
+  * @param  inputByteLen    The length of the input message in bytes.
+  * @return 0 if successful, 1 otherwise.
+  */
+int SHAKE256(unsigned char *output, size_t outputByteLen, const unsigned char *input, size_t inputByteLen);
+
+/** Implementation of SHA3-224 [FIPS 202].
+  * @param  output          Pointer to the output buffer (28 bytes).
+  * @param  input           Pointer to the input message.
+  * @param  inputByteLen    The length of the input message in bytes.
+  * @return 0 if successful, 1 otherwise.
+  */
+int SHA3_224(unsigned char *output, const unsigned char *input, size_t inputByteLen);
+
+/** Implementation of SHA3-256 [FIPS 202].
+  * @param  output          Pointer to the output buffer (32 bytes).
+  * @param  input           Pointer to the input message.
+  * @param  inputByteLen    The length of the input message in bytes.
+  * @return 0 if successful, 1 otherwise.
+  */
+int SHA3_256(unsigned char *output, const unsigned char *input, size_t inputByteLen);
+
+/** Implementation of SHA3-384 [FIPS 202].
+  * @param  output          Pointer to the output buffer (48 bytes).
+  * @param  input           Pointer to the input message.
+  * @param  inputByteLen    The length of the input message in bytes.
+  * @return 0 if successful, 1 otherwise.
+  */
+int SHA3_384(unsigned char *output, const unsigned char *input, size_t inputByteLen);
+
+/** Implementation of SHA3-512 [FIPS 202].
+  * @param  output          Pointer to the output buffer (64 bytes).
+  * @param  input           Pointer to the input message.
+  * @param  inputByteLen    The length of the input message in bytes.
+  * @return 0 if successful, 1 otherwise.
+  */
+int SHA3_512(unsigned char *output, const unsigned char *input, size_t inputByteLen);
+
+#else
+#error This requires an implementation of Keccak-p[1600]
+#endif
+
+#endif

data/ext/xkcp/lib/high/Keccak/KeccakDuplex.c

@@ -0,0 +1,81 @@
+/*
+The eXtended Keccak Code Package (XKCP)
+https://github.com/XKCP/XKCP
+
+Keccak, designed by Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche.
+
+Implementation by the designers, hereby denoted as "the implementer".
+
+For more information, feedback or questions, please refer to the Keccak Team website:
+https://keccak.team/
+
+To the extent possible under law, the implementer has waived all copyright
+and related or neighboring rights to the source code in this file.
+http://creativecommons.org/publicdomain/zero/1.0/
+*/
+
+#include "KeccakDuplex.h"
+
+#ifdef KeccakReference
+    #include "displayIntermediateValues.h"
+#endif
+
+#ifdef XKCP_has_KeccakP200
+    #include "KeccakP-200-SnP.h"
+
+    #define prefix KeccakWidth200
+    #define SnP KeccakP200
+    #define SnP_width 200
+    #define SnP_Permute KeccakP200_Permute_18rounds
+        #include "KeccakDuplex.inc"
+    #undef prefix
+    #undef SnP
+    #undef SnP_width
+    #undef SnP_Permute
+    #undef SnP_FastLoop_Absorb
+#endif
+
+#ifdef XKCP_has_KeccakP400
+    #include "KeccakP-400-SnP.h"
+
+    #define prefix KeccakWidth400
+    #define SnP KeccakP400
+    #define SnP_width 400
+    #define SnP_Permute KeccakP400_Permute_20rounds
+        #include "KeccakDuplex.inc"
+    #undef prefix
+    #undef SnP
+    #undef SnP_width
+    #undef SnP_Permute
+    #undef SnP_FastLoop_Absorb
+#endif
+
+#ifdef XKCP_has_KeccakP800
+    #include "KeccakP-800-SnP.h"
+
+    #define prefix KeccakWidth800
+    #define SnP KeccakP800
+    #define SnP_width 800
+    #define SnP_Permute KeccakP800_Permute_22rounds
+        #include "KeccakDuplex.inc"
+    #undef prefix
+    #undef SnP
+    #undef SnP_width
+    #undef SnP_Permute
+    #undef SnP_FastLoop_Absorb
+#endif
+
+#ifdef XKCP_has_KeccakP1600
+    #include "KeccakP-1600-SnP.h"
+
+    #define prefix KeccakWidth1600
+    #define SnP KeccakP1600
+    #define SnP_width 1600
+    #define SnP_Permute KeccakP1600_Permute_24rounds
+        #include "KeccakDuplex.inc"
+    #undef prefix
+    #undef SnP
+    #undef SnP_width
+    #undef SnP_Permute
+    #undef SnP_FastLoop_Absorb
+#endif

data/ext/xkcp/lib/high/Keccak/KeccakDuplex.h

@@ -0,0 +1,73 @@
+/*
+The eXtended Keccak Code Package (XKCP)
+https://github.com/XKCP/XKCP
+
+Keccak, designed by Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche.
+
+Implementation by the designers, hereby denoted as "the implementer".
+
+For more information, feedback or questions, please refer to the Keccak Team website:
+https://keccak.team/
+
+To the extent possible under law, the implementer has waived all copyright
+and related or neighboring rights to the source code in this file.
+http://creativecommons.org/publicdomain/zero/1.0/
+*/
+
+#ifndef _KeccakDuplex_h_
+#define _KeccakDuplex_h_
+
+/* For the documentation, please follow the link: */
+/* #include "KeccakDuplex-documentation.h" */
+
+#include <string.h>
+#include "align.h"
+#include "config.h"
+
+#define XKCP_DeclareDuplexStructure(prefix, size, alignment) \
+    ALIGN(alignment) typedef struct prefix##_DuplexInstanceStruct { \
+        unsigned char state[size]; \
+        unsigned int rate; \
+        unsigned int byteInputIndex; \
+        unsigned int byteOutputIndex; \
+    } prefix##_DuplexInstance;
+
+#define XKCP_DeclareDuplexFunctions(prefix) \
+    int prefix##_DuplexInitialize(prefix##_DuplexInstance *duplexInstance, unsigned int rate, unsigned int capacity); \
+    int prefix##_Duplexing(prefix##_DuplexInstance *duplexInstance, const unsigned char *sigmaBegin, unsigned int sigmaBeginByteLen, unsigned char *Z, unsigned int ZByteLen, unsigned char delimitedSigmaEnd); \
+    int prefix##_DuplexingFeedPartialInput(prefix##_DuplexInstance *duplexInstance, const unsigned char *input, unsigned int inputByteLen); \
+    int prefix##_DuplexingFeedZeroes(prefix##_DuplexInstance *duplexInstance, unsigned int inputByteLen); \
+    int prefix##_DuplexingOverwritePartialInput(prefix##_DuplexInstance *duplexInstance, const unsigned char *input, unsigned int inputByteLen); \
+    int prefix##_DuplexingOverwriteWithZeroes(prefix##_DuplexInstance *duplexInstance, unsigned int inputByteLen); \
+    int prefix##_DuplexingGetFurtherOutput(prefix##_DuplexInstance *duplexInstance, unsigned char *out, unsigned int outByteLen); \
+    int prefix##_DuplexingGetFurtherOutputAndAdd(prefix##_DuplexInstance *duplexInstance, const unsigned char *input, unsigned char *output, unsigned int outputByteLen);
+
+#ifdef XKCP_has_KeccakP200
+    #include "KeccakP-200-SnP.h"
+    XKCP_DeclareDuplexStructure(KeccakWidth200, KeccakP200_stateSizeInBytes, KeccakP200_stateAlignment)
+    XKCP_DeclareDuplexFunctions(KeccakWidth200)
+    #define XKCP_has_Duplex_Keccak_width200
+#endif
+
+#ifdef XKCP_has_KeccakP400
+    #include "KeccakP-400-SnP.h"
+    XKCP_DeclareDuplexStructure(KeccakWidth400, KeccakP400_stateSizeInBytes, KeccakP400_stateAlignment)
+    XKCP_DeclareDuplexFunctions(KeccakWidth400)
+    #define XKCP_has_Duplex_Keccak_width400
+#endif
+
+#ifdef XKCP_has_KeccakP800
+    #include "KeccakP-800-SnP.h"
+    XKCP_DeclareDuplexStructure(KeccakWidth800, KeccakP800_stateSizeInBytes, KeccakP800_stateAlignment)
+    XKCP_DeclareDuplexFunctions(KeccakWidth800)
+    #define XKCP_has_Duplex_Keccak_width800
+#endif
+
+#ifdef XKCP_has_KeccakP1600
+    #include "KeccakP-1600-SnP.h"
+    XKCP_DeclareDuplexStructure(KeccakWidth1600, KeccakP1600_stateSizeInBytes, KeccakP1600_stateAlignment)
+    XKCP_DeclareDuplexFunctions(KeccakWidth1600)
+    #define XKCP_has_Duplex_Keccak_width1600
+#endif
+
+#endif

data/ext/xkcp/lib/high/Keccak/KeccakDuplex.inc

@@ -0,0 +1,195 @@
+/*
+The eXtended Keccak Code Package (XKCP)
+https://github.com/XKCP/XKCP
+
+Keccak, designed by Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche.
+
+Implementation by the designers, hereby denoted as "the implementer".
+
+For more information, feedback or questions, please refer to the Keccak Team website:
+https://keccak.team/
+
+To the extent possible under law, the implementer has waived all copyright
+and related or neighboring rights to the source code in this file.
+http://creativecommons.org/publicdomain/zero/1.0/
+*/
+
+#define JOIN0(a, b)                     a ## b
+#define JOIN(a, b)                      JOIN0(a, b)
+
+#define DuplexInstance                  JOIN(prefix, _DuplexInstance)
+#define DuplexInitialize                JOIN(prefix, _DuplexInitialize)
+#define Duplexing                       JOIN(prefix, _Duplexing)
+#define DuplexingFeedPartialInput       JOIN(prefix, _DuplexingFeedPartialInput)
+#define DuplexingFeedZeroes             JOIN(prefix, _DuplexingFeedZeroes)
+#define DuplexingOverwritePartialInput  JOIN(prefix, _DuplexingOverwritePartialInput)
+#define DuplexingOverwriteWithZeroes    JOIN(prefix, _DuplexingOverwriteWithZeroes)
+#define DuplexingGetFurtherOutput       JOIN(prefix, _DuplexingGetFurtherOutput)
+#define DuplexingGetFurtherOutputAndAdd JOIN(prefix, _DuplexingGetFurtherOutputAndAdd)
+
+#define SnP_stateSizeInBytes            JOIN(SnP, _stateSizeInBytes)
+#define SnP_stateAlignment              JOIN(SnP, _stateAlignment)
+#define SnP_StaticInitialize            JOIN(SnP, _StaticInitialize)
+#define SnP_Initialize                  JOIN(SnP, _Initialize)
+#define SnP_AddByte                     JOIN(SnP, _AddByte)
+#define SnP_AddBytes                    JOIN(SnP, _AddBytes)
+#define SnP_OverwriteBytes              JOIN(SnP, _OverwriteBytes)
+#define SnP_OverwriteWithZeroes         JOIN(SnP, _OverwriteWithZeroes)
+#define SnP_ExtractBytes                JOIN(SnP, _ExtractBytes)
+#define SnP_ExtractAndAddBytes          JOIN(SnP, _ExtractAndAddBytes)
+
+int DuplexInitialize(DuplexInstance *instance, unsigned int rate, unsigned int capacity)
+{
+    if (rate+capacity != SnP_width)
+        return 1;
+    if ((rate <= 2) || (rate > SnP_width))
+        return 1;
+    SnP_StaticInitialize();
+    instance->rate = rate;
+    SnP_Initialize(instance->state);
+    instance->byteInputIndex = 0;
+    instance->byteOutputIndex = (instance->rate+7)/8;
+    return 0;
+}
+
+int Duplexing(DuplexInstance *instance, const unsigned char *sigmaBegin, unsigned int sigmaBeginByteLen, unsigned char *Z, unsigned int ZByteLen, unsigned char delimitedSigmaEnd)
+{
+    const unsigned int rho_max = instance->rate - 2;
+
+    if (delimitedSigmaEnd == 0)
+        return 1;
+    if ((instance->byteInputIndex+sigmaBeginByteLen)*8 > rho_max)
+        return 1;
+    if (rho_max - sigmaBeginByteLen*8 < 7) {
+        unsigned int maxBitsInDelimitedSigmaEnd = rho_max - sigmaBeginByteLen*8;
+        if (delimitedSigmaEnd >= (1 << (maxBitsInDelimitedSigmaEnd+1)))
+            return 1;
+    }
+    if (ZByteLen > (instance->rate+7)/8)
+        return 1; /* The output length must not be greater than the rate (rounded up to a byte) */
+
+    SnP_AddBytes(instance->state, sigmaBegin, instance->byteInputIndex, sigmaBeginByteLen);
+    #ifdef KeccakReference
+    {
+        unsigned char block[SnP_width/8];
+        memcpy(block, sigmaBegin, sigmaBeginByteLen);
+        block[sigmaBeginByteLen] = delimitedSigmaEnd;
+        memset(block+sigmaBeginByteLen+1, 0, sizeof(block)-sigmaBeginByteLen-1);
+        block[(instance->rate-1)/8] |= 1 << ((instance->rate-1) % 8);
+        displayBytes(1, "Block to be absorbed (after padding)", block, (instance->rate+7)/8);
+    }
+    #endif
+
+    /* Last few bits, whose delimiter coincides with first bit of padding */
+    SnP_AddByte(instance->state, delimitedSigmaEnd, instance->byteInputIndex+sigmaBeginByteLen);
+    /* Second bit of padding */
+    SnP_AddByte(instance->state, (unsigned char)1 << ((instance->rate - 1)%8), (instance->rate - 1)/8);
+    SnP_Permute(instance->state);
+    SnP_ExtractBytes(instance->state, Z, 0, ZByteLen);
+
+    if (ZByteLen*8 > instance->rate) {
+        unsigned char mask = (unsigned char)(1 << (instance->rate % 8)) - 1;
+        Z[ZByteLen-1] &= mask;
+    }
+
+    instance->byteInputIndex = 0;
+    instance->byteOutputIndex = ZByteLen;
+
+    return 0;
+}
+
+int DuplexingFeedPartialInput(DuplexInstance *instance, const unsigned char *input, unsigned int inputByteLen)
+{
+    const unsigned int rho_max = instance->rate - 2;
+
+    if ((instance->byteInputIndex+inputByteLen)*8 > rho_max)
+        return 1;
+
+    SnP_AddBytes(instance->state, input, instance->byteInputIndex, inputByteLen);
+    instance->byteInputIndex += inputByteLen;
+    return 0;
+}
+
+int DuplexingFeedZeroes(DuplexInstance *instance, unsigned int inputByteLen)
+{
+    const unsigned int rho_max = instance->rate - 2;
+
+    if ((instance->byteInputIndex+inputByteLen)*8 > rho_max)
+        return 1;
+
+    instance->byteInputIndex += inputByteLen;
+    return 0;
+}
+
+int DuplexingOverwritePartialInput(DuplexInstance *instance, const unsigned char *input, unsigned int inputByteLen)
+{
+    const unsigned int rho_max = instance->rate - 2;
+
+    if ((instance->byteInputIndex+inputByteLen)*8 > rho_max)
+        return 1;
+
+    SnP_OverwriteBytes(instance->state, input, instance->byteInputIndex, inputByteLen);
+    instance->byteInputIndex += inputByteLen;
+    return 0;
+}
+
+int DuplexingOverwriteWithZeroes(DuplexInstance *instance, unsigned int inputByteLen)
+{
+    const unsigned int rho_max = instance->rate - 2;
+
+    if ((instance->byteInputIndex != 0) || (inputByteLen*8 > rho_max))
+        return 1;
+
+    SnP_OverwriteWithZeroes(instance->state, inputByteLen);
+    instance->byteInputIndex = inputByteLen;
+
+    return 0;
+}
+
+int DuplexingGetFurtherOutput(DuplexInstance *instance, unsigned char *output, unsigned int outputByteLen)
+{
+    if ((outputByteLen+instance->byteOutputIndex) > (instance->rate+7)/8)
+        return 1; /* The output length must not be greater than the rate (rounded up to a byte) */
+
+    SnP_ExtractBytes(instance->state, output, instance->byteOutputIndex, outputByteLen);
+    instance->byteOutputIndex += outputByteLen;
+    if (instance->byteOutputIndex*8 > instance->rate) {
+        unsigned char mask = (1 << (instance->rate % 8)) - 1;
+        output[outputByteLen-1] &= mask;
+    }
+    return 0;
+}
+
+int DuplexingGetFurtherOutputAndAdd(DuplexInstance *instance, const unsigned char *input, unsigned char *output, unsigned int outputByteLen)
+{
+    if ((outputByteLen+instance->byteOutputIndex) > (instance->rate+7)/8)
+        return 1; /* The output length must not be greater than the rate (rounded up to a byte) */
+
+    SnP_ExtractAndAddBytes(instance->state, input, output, instance->byteOutputIndex, outputByteLen);
+    instance->byteOutputIndex += outputByteLen;
+    if (instance->byteOutputIndex*8 > instance->rate) {
+        unsigned char mask = (1 << (instance->rate % 8)) - 1;
+        output[outputByteLen-1] &= mask;
+    }
+    return 0;
+}
+
+#undef DuplexInstance
+#undef DuplexInitialize
+#undef Duplexing
+#undef DuplexingFeedPartialInput
+#undef DuplexingFeedZeroes
+#undef DuplexingOverwritePartialInput
+#undef DuplexingOverwriteWithZeroes
+#undef DuplexingGetFurtherOutput
+#undef DuplexingGetFurtherOutputAndAdd
+#undef SnP_stateSizeInBytes
+#undef SnP_stateAlignment
+#undef SnP_StaticInitialize
+#undef SnP_Initialize
+#undef SnP_AddByte
+#undef SnP_AddBytes
+#undef SnP_OverwriteBytes
+#undef SnP_OverwriteWithZeroes
+#undef SnP_ExtractBytes
+#undef SnP_ExtractAndAddBytes