Merge topic 'add-SHA-3'

f636d1e7 Help: Add notes for topic 'add-SHA-3'
cb5dba8e Tests: Add SHA-3 algorithm coverage to CPack checksum test
a9fa6099 ExternalProject: Add support for SHA-3 algorithms
b4ffd26f ExternalData: Add support for SHA-3 algorithms
60939702 file: Add support for SHA-3 algorithms
92f95aed string: Add support for SHA-3 algorithms
c326209f cmCryptoHash: Add support for SHA-3 algorithms
979e8ba6 Help: De-duplicate and spell out supported hash algorithms
7a79f7e3 librhash: Activate SHA-3 implementation
87584b5e Merge branch 'upstream-librhash' into add-SHA-3
7fcbd47e librhash 2016-11-06 (de79828d)
c50c32a3 librhash: Update import script to add SHA-3 implementation

Help/command/file.rst

@@ -83,10 +83,12 @@ from the input file.
 
 ::
 
-  file(<MD5|SHA1|SHA224|SHA256|SHA384|SHA512> <filename> <variable>)
+  file(<HASH> <filename> <variable>)
 
 Compute a cryptographic hash of the content of ``<filename>`` and
-store it in a ``<variable>``.
+store it in a ``<variable>``.  The supported ``<HASH>`` algorithm names
+are those listed by the :ref:`string(\<HASH\>) <Supported Hash Algorithms>`
+command.
 
 ------------------------------------------------------------------------------
 
@@ -234,8 +236,8 @@ Additional options to ``DOWNLOAD`` are:
 ``EXPECTED_HASH ALGO=<value>``
 
   Verify that the downloaded content hash matches the expected value, where
-  ``ALGO`` is one of ``MD5``, ``SHA1``, ``SHA224``, ``SHA256``, ``SHA384``, or
-  ``SHA512``.  If it does not match, the operation fails with an error.
+  ``ALGO`` is one of the algorithms supported by ``file(<HASH>)``.
+  If it does not match, the operation fails with an error.
 
 ``EXPECTED_MD5 <value>``
   Historical short-hand for ``EXPECTED_HASH MD5=<value>``.

Help/command/string.rst

@@ -206,15 +206,38 @@ Comparison
 
 Compare the strings and store true or false in the output variable.
 
+.. _`Supported Hash Algorithms`:
+
 Hashing
 ^^^^^^^
 
 ::
 
-  string(<MD5|SHA1|SHA224|SHA256|SHA384|SHA512>
-         <output variable> <input>)
+  string(<HASH> <output variable> <input>)
 
 Compute a cryptographic hash of the input string.
+The supported ``<HASH>`` algorithm names are:
+
+``MD5``
+  Message-Digest Algorithm 5, RFC 1321.
+``SHA1``
+  US Secure Hash Algorithm 1, RFC 3174.
+``SHA224``
+  US Secure Hash Algorithms, RFC 4634.
+``SHA256``
+  US Secure Hash Algorithms, RFC 4634.
+``SHA384``
+  US Secure Hash Algorithms, RFC 4634.
+``SHA512``
+  US Secure Hash Algorithms, RFC 4634.
+``SHA3_224``
+  Keccak SHA-3.
+``SHA3_256``
+  Keccak SHA-3.
+``SHA3_384``
+  Keccak SHA-3.
+``SHA3_512``
+  Keccak SHA-3.
 
 Generation
 ^^^^^^^^^^

Help/release/dev/add-SHA-3.rst

@@ -0,0 +1,4 @@
+add-SHA-3
+---------
+
+* CMake functionality using cryptographic hashes now supports SHA-3 algorithms.

Modules/CPack.cmake

@@ -126,7 +126,9 @@
 #
 #     ${CPACK_PACKAGE_FILE_NAME}.${CPACK_PACKAGE_CHECKSUM}
 #
-#  Current supported alogorithms: MD5|SHA1|SHA224|SHA256|SHA384|SHA512.
+#  Supported algorithms are those listed by the
+#  :ref:`string(\<HASH\>) <Supported Hash Algorithms>`
+#  command.
 #
 # .. variable:: CPACK_PROJECT_CONFIG_FILE
 #

Modules/ExternalData.cmake

@@ -279,6 +279,10 @@ The following hash algorithms are supported::
  SHA256      .sha256   US Secure Hash Algorithms, RFC 4634
  SHA384      .sha384   US Secure Hash Algorithms, RFC 4634
  SHA512      .sha512   US Secure Hash Algorithms, RFC 4634
+ SHA3_224    .sha3-224 Keccak SHA-3
+ SHA3_256    .sha3-256 Keccak SHA-3
+ SHA3_384    .sha3-384 Keccak SHA-3
+ SHA3_512    .sha3-512 Keccak SHA-3
 
 Note that the hashes are used only for unique data identification and
 download verification.
@@ -508,8 +512,8 @@ endfunction()
 #-----------------------------------------------------------------------------
 # Private helper interface
 
-set(_ExternalData_REGEX_ALGO "MD5|SHA1|SHA224|SHA256|SHA384|SHA512")
-set(_ExternalData_REGEX_EXT "md5|sha1|sha224|sha256|sha384|sha512")
+set(_ExternalData_REGEX_ALGO "MD5|SHA1|SHA224|SHA256|SHA384|SHA512|SHA3_224|SHA3_256|SHA3_384|SHA3_512")
+set(_ExternalData_REGEX_EXT "md5|sha1|sha224|sha256|sha384|sha512|sha3-224|sha3-256|sha3-384|sha3-512")
 set(_ExternalData_SELF "${CMAKE_CURRENT_LIST_FILE}")
 get_filename_component(_ExternalData_SELF_DIR "${_ExternalData_SELF}" PATH)
 
@@ -1082,6 +1086,7 @@ if("${ExternalData_ACTION}" STREQUAL "fetch")
 
     if("${ext}" MATCHES "^\\.(${_ExternalData_REGEX_EXT})$")
       string(TOUPPER "${CMAKE_MATCH_1}" algo)
+      string(REPLACE "-" "_" algo "${algo}")
     else()
       message(FATAL_ERROR "Unknown hash algorithm extension \"${ext}\"")
     endif()

Modules/ExternalProject.cmake

@@ -427,7 +427,7 @@ if(_ep_func)
 endif()
 
 # Save regex matching supported hash algorithm names.
-set(_ep_hash_algos "MD5|SHA1|SHA224|SHA256|SHA384|SHA512")
+set(_ep_hash_algos "MD5|SHA1|SHA224|SHA256|SHA384|SHA512|SHA3_224|SHA3_256|SHA3_384|SHA3_512")
 set(_ep_hash_regex "^(${_ep_hash_algos})=([0-9A-Fa-f]+)$")
 
 set(_ExternalProject_SELF "${CMAKE_CURRENT_LIST_FILE}")

Source/cmCryptoHash.cxx

@@ -9,12 +9,16 @@
 
 static unsigned int const cmCryptoHashAlgoToId[] = {
   /* clang-format needs this comment to break after the opening brace */
-  RHASH_MD5,    //
-  RHASH_SHA1,   //
-  RHASH_SHA224, //
-  RHASH_SHA256, //
-  RHASH_SHA384, //
-  RHASH_SHA512
+  RHASH_MD5,      //
+  RHASH_SHA1,     //
+  RHASH_SHA224,   //
+  RHASH_SHA256,   //
+  RHASH_SHA384,   //
+  RHASH_SHA512,   //
+  RHASH_SHA3_224, //
+  RHASH_SHA3_256, //
+  RHASH_SHA3_384, //
+  RHASH_SHA3_512
 };
 
 static int cmCryptoHash_rhash_library_initialized;
@@ -59,6 +63,18 @@ CM_AUTO_PTR<cmCryptoHash> cmCryptoHash::New(const char* algo)
   if (strcmp(algo, "SHA512") == 0) {
     return CM_AUTO_PTR<cmCryptoHash>(new cmCryptoHash(AlgoSHA512));
   }
+  if (strcmp(algo, "SHA3_224") == 0) {
+    return CM_AUTO_PTR<cmCryptoHash>(new cmCryptoHash(AlgoSHA3_224));
+  }
+  if (strcmp(algo, "SHA3_256") == 0) {
+    return CM_AUTO_PTR<cmCryptoHash>(new cmCryptoHash(AlgoSHA3_256));
+  }
+  if (strcmp(algo, "SHA3_384") == 0) {
+    return CM_AUTO_PTR<cmCryptoHash>(new cmCryptoHash(AlgoSHA3_384));
+  }
+  if (strcmp(algo, "SHA3_512") == 0) {
+    return CM_AUTO_PTR<cmCryptoHash>(new cmCryptoHash(AlgoSHA3_512));
+  }
   return CM_AUTO_PTR<cmCryptoHash>(CM_NULLPTR);
 }
 

Source/cmCryptoHash.h

@@ -22,7 +22,11 @@ public:
     AlgoSHA224,
     AlgoSHA256,
     AlgoSHA384,
-    AlgoSHA512
+    AlgoSHA512,
+    AlgoSHA3_224,
+    AlgoSHA3_256,
+    AlgoSHA3_384,
+    AlgoSHA3_512
   };
 
   cmCryptoHash(Algo algo);
@@ -30,7 +34,8 @@ public:
 
   /// @brief Returns a new hash generator of the requested type
   /// @arg algo Hash type name. Supported hash types are
-  ///      MD5, SHA1, SHA224, SHA256, SHA384, SHA512
+  ///      MD5, SHA1, SHA224, SHA256, SHA384, SHA512,
+  ///      SHA3_224, SHA3_256, SHA3_384, SHA3_512
   /// @return A valid auto pointer if algo is supported or
   ///         an invalid/NULL pointer otherwise
   static CM_AUTO_PTR<cmCryptoHash> New(const char* algo);

Source/cmFileCommand.cxx

@@ -111,7 +111,9 @@ bool cmFileCommand::InitialPass(std::vector<std::string> const& args,
   }
   if (subCommand == "MD5" || subCommand == "SHA1" || subCommand == "SHA224" ||
       subCommand == "SHA256" || subCommand == "SHA384" ||
-      subCommand == "SHA512") {
+      subCommand == "SHA512" || subCommand == "SHA3_224" ||
+      subCommand == "SHA3_256" || subCommand == "SHA3_384" ||
+      subCommand == "SHA3_512") {
     return this->HandleHashCommand(args);
   }
   if (subCommand == "STRINGS") {

Source/cmStringCommand.cxx

@@ -36,7 +36,9 @@ bool cmStringCommand::InitialPass(std::vector<std::string> const& args,
   }
   if (subCommand == "MD5" || subCommand == "SHA1" || subCommand == "SHA224" ||
       subCommand == "SHA256" || subCommand == "SHA384" ||
-      subCommand == "SHA512") {
+      subCommand == "SHA512" || subCommand == "SHA3_224" ||
+      subCommand == "SHA3_256" || subCommand == "SHA3_384" ||
+      subCommand == "SHA3_512") {
     return this->HandleHashCommand(args);
   }
   if (subCommand == "TOLOWER") {

Tests/CMakeTests/File-SHA3_224-Works.cmake

@@ -0,0 +1,2 @@
+file(SHA3_224 ${CMAKE_CURRENT_LIST_DIR}/File-HASH-Input.txt sha3_224)
+message("${sha3_224}")

Tests/CMakeTests/File-SHA3_256-Works.cmake

@@ -0,0 +1,2 @@
+file(SHA3_256 ${CMAKE_CURRENT_LIST_DIR}/File-HASH-Input.txt sha3_256)
+message("${sha3_256}")

Tests/CMakeTests/File-SHA3_384-Works.cmake

@@ -0,0 +1,2 @@
+file(SHA3_384 ${CMAKE_CURRENT_LIST_DIR}/File-HASH-Input.txt sha3_384)
+message("${sha3_384}")

Tests/CMakeTests/File-SHA3_512-Works.cmake

@@ -0,0 +1,2 @@
+file(SHA3_512 ${CMAKE_CURRENT_LIST_DIR}/File-HASH-Input.txt sha3_512)
+message("${sha3_512}")

Tests/CMakeTests/FileTest.cmake.in

@@ -36,6 +36,14 @@ set(SHA384-Works-RESULT 0)
 set(SHA384-Works-STDERR "1de9560b4e030e02051ea408200ffc55d70c97ac64ebf822461a5c786f495c36df43259b14483bc8d364f0106f4971ee")
 set(SHA512-Works-RESULT 0)
 set(SHA512-Works-STDERR "3982a1b4e651768bec70ab1fb97045cb7a659f4ba7203d501c52ab2e803071f9d5fd272022df15f27727fc67f8cd022e710e29010b2a9c0b467c111e2f6abf51")
+set(SHA3_224-Works-RESULT 0)
+set(SHA3_224-Works-STDERR "4272868085f4f25080681a7712509fd12e16dcda79bd356836dd2100")
+set(SHA3_256-Works-RESULT 0)
+set(SHA3_256-Works-STDERR "be0df472b6bd474417a166d12f2774f2ef5095e86f0a88ef4c78c703800cfc8a")
+set(SHA3_384-Works-RESULT 0)
+set(SHA3_384-Works-STDERR "935a17cc708443c1369549483656a4521af03a52e4f3b314566272017ccae03a2c5db838f6d4c156b1dc5c366182481b")
+set(SHA3_512-Works-RESULT 0)
+set(SHA3_512-Works-STDERR "471a85ed537e8f77f31412a089f22d836054ffa179599f87a5d7568927d8fa236b6793ded8a387d1de92398c967177bcc6361672a722bf736cb0f63a0956d5cf")
 set(TIMESTAMP-NoFile-RESULT 0)
 set(TIMESTAMP-NoFile-STDERR "~~")
 set(TIMESTAMP-BadArg1-RESULT 1)
@@ -66,6 +74,10 @@ check_cmake_test(File
   SHA256-Works
   SHA384-Works
   SHA512-Works
+  SHA3_224-Works
+  SHA3_256-Works
+  SHA3_384-Works
+  SHA3_512-Works
   TIMESTAMP-NoFile
   TIMESTAMP-BadArg1
   TIMESTAMP-NotBogus

Tests/CMakeTests/String-SHA3_224-Works.cmake

@@ -0,0 +1,2 @@
+string(SHA3_224 sha3_224 "sample input string\n")
+message("${sha3_224}")

Tests/CMakeTests/String-SHA3_256-Works.cmake

@@ -0,0 +1,2 @@
+string(SHA3_256 sha3_256 "sample input string\n")
+message("${sha3_256}")

Tests/CMakeTests/String-SHA3_384-Works.cmake

@@ -0,0 +1,2 @@
+string(SHA3_384 sha3_384 "sample input string\n")
+message("${sha3_384}")

Tests/CMakeTests/String-SHA3_512-Works.cmake

@@ -0,0 +1,2 @@
+string(SHA3_512 sha3_512 "sample input string\n")
+message("${sha3_512}")

Tests/CMakeTests/StringTest.cmake.in

@@ -16,6 +16,14 @@ set(SHA384-Works-RESULT 0)
 set(SHA384-Works-STDERR "1de9560b4e030e02051ea408200ffc55d70c97ac64ebf822461a5c786f495c36df43259b14483bc8d364f0106f4971ee")
 set(SHA512-Works-RESULT 0)
 set(SHA512-Works-STDERR "3982a1b4e651768bec70ab1fb97045cb7a659f4ba7203d501c52ab2e803071f9d5fd272022df15f27727fc67f8cd022e710e29010b2a9c0b467c111e2f6abf51")
+set(SHA3_224-Works-RESULT 0)
+set(SHA3_224-Works-STDERR "4272868085f4f25080681a7712509fd12e16dcda79bd356836dd2100")
+set(SHA3_256-Works-RESULT 0)
+set(SHA3_256-Works-STDERR "be0df472b6bd474417a166d12f2774f2ef5095e86f0a88ef4c78c703800cfc8a")
+set(SHA3_384-Works-RESULT 0)
+set(SHA3_384-Works-STDERR "935a17cc708443c1369549483656a4521af03a52e4f3b314566272017ccae03a2c5db838f6d4c156b1dc5c366182481b")
+set(SHA3_512-Works-RESULT 0)
+set(SHA3_512-Works-STDERR "471a85ed537e8f77f31412a089f22d836054ffa179599f87a5d7568927d8fa236b6793ded8a387d1de92398c967177bcc6361672a722bf736cb0f63a0956d5cf")
 set(TIMESTAMP-BadArg1-RESULT 1)
 set(TIMESTAMP-BadArg1-STDERR "string sub-command TIMESTAMP requires at least one argument")
 set(TIMESTAMP-BadArg2-RESULT 1)
@@ -52,6 +60,10 @@ check_cmake_test(String
   SHA256-Works
   SHA384-Works
   SHA512-Works
+  SHA3_224-Works
+  SHA3_256-Works
+  SHA3_384-Works
+  SHA3_512-Works
   TIMESTAMP-BadArg1
   TIMESTAMP-BadArg2
   TIMESTAMP-BadArg3

Tests/Module/ExternalData/SHA3_256/.gitattributes

@@ -0,0 +1 @@
+*               -crlf

Tests/Module/ExternalData/SHA3_256/c01b0bfd51ece4295c7b45493750a3612ecc483095eb1366f9f46b179550e231

@@ -0,0 +1 @@
+SeriesMixed.5

Tests/Module/ExternalData/SeriesMixed.5.dat.sha3-256

@@ -0,0 +1 @@
+c01b0bfd51ece4295c7b45493750a3612ecc483095eb1366f9f46b179550e231

Tests/RunCMake/CPack/RunCMakeTest.cmake

@@ -22,4 +22,4 @@ run_cpack_test(DEB_GENERATE_SHLIBS_LDCONFIG "DEB" true)
 run_cpack_test(DEBUGINFO "RPM" true)
 run_cpack_test_subtests(SINGLE_DEBUGINFO "no_main_component;one_component;one_component_main;no_debuginfo;one_component_no_debuginfo;no_components;valid" "RPM" true)
 run_cpack_test(LONG_FILENAMES "DEB" false)
-run_cpack_test_subtests(PACKAGE_CHECKSUM "invalid;MD5;SHA1;SHA224;SHA256;SHA384;SHA512" "TGZ" false)
+run_cpack_test_subtests(PACKAGE_CHECKSUM "invalid;MD5;SHA1;SHA224;SHA256;SHA384;SHA512;SHA3_224;SHA3_256;SHA3_384;SHA3_512" "TGZ" false)

Utilities/Scripts/update-librhash.bash

@@ -27,6 +27,8 @@ readonly paths="
   librhash/sha1.h
   librhash/sha256.c
   librhash/sha256.h
+  librhash/sha3.c
+  librhash/sha3.h
   librhash/sha512.c
   librhash/sha512.h
   librhash/ustd.h

Utilities/cmlibrhash/CMakeLists.txt

@@ -23,6 +23,8 @@ set(librhash_sources
   librhash/sha1.h
   librhash/sha256.c
   librhash/sha256.h
+  librhash/sha3.c
+  librhash/sha3.h
   librhash/sha512.c
   librhash/sha512.h
   librhash/ustd.h

Utilities/cmlibrhash/librhash/algorithms.c

@@ -39,8 +39,8 @@
 #include "sha1.h"
 #include "sha256.h"
 #include "sha512.h"
-#if 0
 #include "sha3.h"
+#if 0
 #include "tiger.h"
 #include "tth.h"
 #include "whirlpool.h"
@@ -104,11 +104,11 @@ rhash_info info_sha512 = { RHASH_SHA512,     F_BE64, 64, "SHA-512", "sha512" };
 #if 0
 rhash_info info_edr256 = { RHASH_EDONR256,   F_LE32, 32, "EDON-R256", "edon-r256" };
 rhash_info info_edr512 = { RHASH_EDONR512,   F_LE64, 64, "EDON-R512", "edon-r512" };
+#endif
 rhash_info info_sha3_224 = { RHASH_SHA3_224, F_LE64, 28, "SHA3-224", "sha3-224" };
 rhash_info info_sha3_256 = { RHASH_SHA3_256, F_LE64, 32, "SHA3-256", "sha3-256" };
 rhash_info info_sha3_384 = { RHASH_SHA3_384, F_LE64, 48, "SHA3-384", "sha3-384" };
 rhash_info info_sha3_512 = { RHASH_SHA3_512, F_LE64, 64, "SHA3-512", "sha3-512" };
-#endif
 
 /* some helper macros */
 #define dgshft(name) (((char*)&((name##_ctx*)0)->hash) - (char*)0)
@@ -148,11 +148,11 @@ rhash_hash_info rhash_hash_info_default[RHASH_HASH_COUNT] =
 #if 0
 	{ &info_edr256, sizeof(edonr_ctx), dgshft2(edonr, u.data256.hash) + 32, iuf(rhash_edonr256), 0 },  /* 256 bit */
 	{ &info_edr512, sizeof(edonr_ctx), dgshft2(edonr, u.data512.hash) + 64, iuf(rhash_edonr512), 0 },  /* 512 bit */
+#endif
 	{ &info_sha3_224, sizeof(sha3_ctx), dgshft(sha3), ini(rhash_sha3_224), upd(rhash_sha3), fin(rhash_sha3), 0 }, /* 224 bit */
 	{ &info_sha3_256, sizeof(sha3_ctx), dgshft(sha3), ini(rhash_sha3_256), upd(rhash_sha3), fin(rhash_sha3), 0 }, /* 256 bit */
 	{ &info_sha3_384, sizeof(sha3_ctx), dgshft(sha3), ini(rhash_sha3_384), upd(rhash_sha3), fin(rhash_sha3), 0 }, /* 384 bit */
 	{ &info_sha3_512, sizeof(sha3_ctx), dgshft(sha3), ini(rhash_sha3_512), upd(rhash_sha3), fin(rhash_sha3), 0 }, /* 512 bit */
-#endif
 };
 
 /**

Utilities/cmlibrhash/librhash/rhash.h

@@ -66,14 +66,22 @@ enum rhash_ids
 	RHASH_SHA256     = 0x08,
 	RHASH_SHA384     = 0x10,
 	RHASH_SHA512     = 0x20,
+	RHASH_SHA3_224   = 0x40,
+	RHASH_SHA3_256   = 0x80,
+	RHASH_SHA3_384   = 0x100,
+	RHASH_SHA3_512   = 0x200,
 	RHASH_ALL_HASHES =
 		RHASH_MD5 |
 		RHASH_SHA1 |
 		RHASH_SHA224 |
 		RHASH_SHA256 |
 		RHASH_SHA384 |
-		RHASH_SHA512,
-	RHASH_HASH_COUNT = 6
+		RHASH_SHA512 |
+		RHASH_SHA3_224 |
+		RHASH_SHA3_256 |
+		RHASH_SHA3_384 |
+		RHASH_SHA3_512,
+	RHASH_HASH_COUNT = 10
 #endif
 };
 
@@ -145,7 +153,7 @@ typedef struct rhash_info
 /* information functions */
 RHASH_API int  rhash_count(void); /* number of supported hashes */
 RHASH_API int  rhash_get_digest_size(unsigned hash_id); /* size of binary message digest */
-RHASH_API int  rhash_get_hash_length(unsigned hash_id); /* length of formated hash string */
+RHASH_API int  rhash_get_hash_length(unsigned hash_id); /* length of formatted hash string */
 RHASH_API int  rhash_is_base32(unsigned hash_id); /* default digest output format */
 RHASH_API const char* rhash_get_name(unsigned hash_id); /* get hash function name */
 RHASH_API const char* rhash_get_magnet_name(unsigned hash_id); /* get name part of magnet urn */

Utilities/cmlibrhash/librhash/sha3.c

@@ -0,0 +1,356 @@
+/* sha3.c - an implementation of Secure Hash Algorithm 3 (Keccak).
+ * based on the
+ * The Keccak SHA-3 submission. Submission to NIST (Round 3), 2011
+ * by Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche
+ *
+ * Copyright: 2013 Aleksey Kravchenko <rhash.admin@gmail.com>
+ *
+ * Permission is hereby granted,  free of charge,  to any person  obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction,  including without limitation
+ * the rights to  use, copy, modify,  merge, publish, distribute, sublicense,
+ * and/or sell copies  of  the Software,  and to permit  persons  to whom the
+ * Software is furnished to do so.
+ *
+ * This program  is  distributed  in  the  hope  that it will be useful,  but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  Use this program  at  your own risk!
+ */
+
+#include <assert.h>
+#include <string.h>
+#include "byte_order.h"
+#include "sha3.h"
+
+/* constants */
+#define NumberOfRounds 24
+
+/* SHA3 (Keccak) constants for 24 rounds */
+static uint64_t keccak_round_constants[NumberOfRounds] = {
+	I64(0x0000000000000001), I64(0x0000000000008082), I64(0x800000000000808A), I64(0x8000000080008000),
+	I64(0x000000000000808B), I64(0x0000000080000001), I64(0x8000000080008081), I64(0x8000000000008009),
+	I64(0x000000000000008A), I64(0x0000000000000088), I64(0x0000000080008009), I64(0x000000008000000A),
+	I64(0x000000008000808B), I64(0x800000000000008B), I64(0x8000000000008089), I64(0x8000000000008003),
+	I64(0x8000000000008002), I64(0x8000000000000080), I64(0x000000000000800A), I64(0x800000008000000A),
+	I64(0x8000000080008081), I64(0x8000000000008080), I64(0x0000000080000001), I64(0x8000000080008008)
+};
+
+/* Initializing a sha3 context for given number of output bits */
+static void rhash_keccak_init(sha3_ctx *ctx, unsigned bits)
+{
+	/* NB: The Keccak capacity parameter = bits * 2 */
+	unsigned rate = 1600 - bits * 2;
+
+	memset(ctx, 0, sizeof(sha3_ctx));
+	ctx->block_size = rate / 8;
+	assert(rate <= 1600 && (rate % 64) == 0);
+}
+
+/**
+ * Initialize context before calculating hash.
+ *
+ * @param ctx context to initialize
+ */
+void rhash_sha3_224_init(sha3_ctx *ctx)
+{
+	rhash_keccak_init(ctx, 224);
+}
+
+/**
+ * Initialize context before calculating hash.
+ *
+ * @param ctx context to initialize
+ */
+void rhash_sha3_256_init(sha3_ctx *ctx)
+{
+	rhash_keccak_init(ctx, 256);
+}
+
+/**
+ * Initialize context before calculating hash.
+ *
+ * @param ctx context to initialize
+ */
+void rhash_sha3_384_init(sha3_ctx *ctx)
+{
+	rhash_keccak_init(ctx, 384);
+}
+
+/**
+ * Initialize context before calculating hash.
+ *
+ * @param ctx context to initialize
+ */
+void rhash_sha3_512_init(sha3_ctx *ctx)
+{
+	rhash_keccak_init(ctx, 512);
+}
+
+/* Keccak theta() transformation */
+static void keccak_theta(uint64_t *A)
+{
+	unsigned int x;
+	uint64_t C[5], D[5];
+
+	for (x = 0; x < 5; x++) {
+		C[x] = A[x] ^ A[x + 5] ^ A[x + 10] ^ A[x + 15] ^ A[x + 20];
+	}
+	D[0] = ROTL64(C[1], 1) ^ C[4];
+	D[1] = ROTL64(C[2], 1) ^ C[0];
+	D[2] = ROTL64(C[3], 1) ^ C[1];
+	D[3] = ROTL64(C[4], 1) ^ C[2];
+	D[4] = ROTL64(C[0], 1) ^ C[3];
+
+	for (x = 0; x < 5; x++) {
+		A[x]      ^= D[x];
+		A[x + 5]  ^= D[x];
+		A[x + 10] ^= D[x];
+		A[x + 15] ^= D[x];
+		A[x + 20] ^= D[x];
+	}
+}
+
+/* Keccak pi() transformation */
+static void keccak_pi(uint64_t *A)
+{
+	uint64_t A1;
+	A1 = A[1];
+	A[ 1] = A[ 6];
+	A[ 6] = A[ 9];
+	A[ 9] = A[22];
+	A[22] = A[14];
+	A[14] = A[20];
+	A[20] = A[ 2];
+	A[ 2] = A[12];
+	A[12] = A[13];
+	A[13] = A[19];
+	A[19] = A[23];
+	A[23] = A[15];
+	A[15] = A[ 4];
+	A[ 4] = A[24];
+	A[24] = A[21];
+	A[21] = A[ 8];
+	A[ 8] = A[16];
+	A[16] = A[ 5];
+	A[ 5] = A[ 3];
+	A[ 3] = A[18];
+	A[18] = A[17];
+	A[17] = A[11];
+	A[11] = A[ 7];
+	A[ 7] = A[10];
+	A[10] = A1;
+	/* note: A[ 0] is left as is */
+}
+
+/* Keccak chi() transformation */
+static void keccak_chi(uint64_t *A)
+{
+	int i;
+	for (i = 0; i < 25; i += 5) {
+		uint64_t A0 = A[0 + i], A1 = A[1 + i];
+		A[0 + i] ^= ~A1 & A[2 + i];
+		A[1 + i] ^= ~A[2 + i] & A[3 + i];
+		A[2 + i] ^= ~A[3 + i] & A[4 + i];
+		A[3 + i] ^= ~A[4 + i] & A0;
+		A[4 + i] ^= ~A0 & A1;
+	}
+}
+
+static void rhash_sha3_permutation(uint64_t *state)
+{
+	int round;
+	for (round = 0; round < NumberOfRounds; round++)
+	{
+		keccak_theta(state);
+
+		/* apply Keccak rho() transformation */
+		state[ 1] = ROTL64(state[ 1],  1);
+		state[ 2] = ROTL64(state[ 2], 62);
+		state[ 3] = ROTL64(state[ 3], 28);
+		state[ 4] = ROTL64(state[ 4], 27);
+		state[ 5] = ROTL64(state[ 5], 36);
+		state[ 6] = ROTL64(state[ 6], 44);
+		state[ 7] = ROTL64(state[ 7],  6);
+		state[ 8] = ROTL64(state[ 8], 55);
+		state[ 9] = ROTL64(state[ 9], 20);
+		state[10] = ROTL64(state[10],  3);
+		state[11] = ROTL64(state[11], 10);
+		state[12] = ROTL64(state[12], 43);
+		state[13] = ROTL64(state[13], 25);
+		state[14] = ROTL64(state[14], 39);
+		state[15] = ROTL64(state[15], 41);
+		state[16] = ROTL64(state[16], 45);
+		state[17] = ROTL64(state[17], 15);
+		state[18] = ROTL64(state[18], 21);
+		state[19] = ROTL64(state[19],  8);
+		state[20] = ROTL64(state[20], 18);
+		state[21] = ROTL64(state[21],  2);
+		state[22] = ROTL64(state[22], 61);
+		state[23] = ROTL64(state[23], 56);
+		state[24] = ROTL64(state[24], 14);
+
+		keccak_pi(state);
+		keccak_chi(state);
+
+		/* apply iota(state, round) */
+		*state ^= keccak_round_constants[round];
+	}
+}
+
+/**
+ * The core transformation. Process the specified block of data.
+ *
+ * @param hash the algorithm state
+ * @param block the message block to process
+ * @param block_size the size of the processed block in bytes
+ */
+static void rhash_sha3_process_block(uint64_t hash[25], const uint64_t *block, size_t block_size)
+{
+	/* expanded loop */
+	hash[ 0] ^= le2me_64(block[ 0]);
+	hash[ 1] ^= le2me_64(block[ 1]);
+	hash[ 2] ^= le2me_64(block[ 2]);
+	hash[ 3] ^= le2me_64(block[ 3]);
+	hash[ 4] ^= le2me_64(block[ 4]);
+	hash[ 5] ^= le2me_64(block[ 5]);
+	hash[ 6] ^= le2me_64(block[ 6]);
+	hash[ 7] ^= le2me_64(block[ 7]);
+	hash[ 8] ^= le2me_64(block[ 8]);
+	/* if not sha3-512 */
+	if (block_size > 72) {
+		hash[ 9] ^= le2me_64(block[ 9]);
+		hash[10] ^= le2me_64(block[10]);
+		hash[11] ^= le2me_64(block[11]);
+		hash[12] ^= le2me_64(block[12]);
+		/* if not sha3-384 */
+		if (block_size > 104) {
+			hash[13] ^= le2me_64(block[13]);
+			hash[14] ^= le2me_64(block[14]);
+			hash[15] ^= le2me_64(block[15]);
+			hash[16] ^= le2me_64(block[16]);
+			/* if not sha3-256 */
+			if (block_size > 136) {
+				hash[17] ^= le2me_64(block[17]);
+#ifdef FULL_SHA3_FAMILY_SUPPORT
+				/* if not sha3-224 */
+				if (block_size > 144) {
+					hash[18] ^= le2me_64(block[18]);
+					hash[19] ^= le2me_64(block[19]);
+					hash[20] ^= le2me_64(block[20]);
+					hash[21] ^= le2me_64(block[21]);
+					hash[22] ^= le2me_64(block[22]);
+					hash[23] ^= le2me_64(block[23]);
+					hash[24] ^= le2me_64(block[24]);
+				}
+#endif
+			}
+		}
+	}
+	/* make a permutation of the hash */
+	rhash_sha3_permutation(hash);
+}
+
+#define SHA3_FINALIZED 0x80000000
+
+/**
+ * Calculate message hash.
+ * Can be called repeatedly with chunks of the message to be hashed.
+ *
+ * @param ctx the algorithm context containing current hashing state
+ * @param msg message chunk
+ * @param size length of the message chunk
+ */
+void rhash_sha3_update(sha3_ctx *ctx, const unsigned char *msg, size_t size)
+{
+	size_t index = (size_t)ctx->rest;
+	size_t block_size = (size_t)ctx->block_size;
+
+	if (ctx->rest & SHA3_FINALIZED) return; /* too late for additional input */
+	ctx->rest = (unsigned)((ctx->rest + size) % block_size);
+
+	/* fill partial block */
+	if (index) {
+		size_t left = block_size - index;
+		memcpy((char*)ctx->message + index, msg, (size < left ? size : left));
+		if (size < left) return;
+
+		/* process partial block */
+		rhash_sha3_process_block(ctx->hash, ctx->message, block_size);
+		msg  += left;
+		size -= left;
+	}
+	while (size >= block_size) {
+		uint64_t* aligned_message_block;
+		if (IS_ALIGNED_64(msg)) {
+			/* the most common case is processing of an already aligned message
+			without copying it */
+			aligned_message_block = (uint64_t*)msg;
+		} else {
+			memcpy(ctx->message, msg, block_size);
+			aligned_message_block = ctx->message;
+		}
+
+		rhash_sha3_process_block(ctx->hash, aligned_message_block, block_size);
+		msg  += block_size;
+		size -= block_size;
+	}
+	if (size) {
+		memcpy(ctx->message, msg, size); /* save leftovers */
+	}
+}
+
+/**
+ * Store calculated hash into the given array.
+ *
+ * @param ctx the algorithm context containing current hashing state
+ * @param result calculated hash in binary form
+ */
+void rhash_sha3_final(sha3_ctx *ctx, unsigned char* result)
+{
+	size_t digest_length = 100 - ctx->block_size / 2;
+	const size_t block_size = ctx->block_size;
+
+	if (!(ctx->rest & SHA3_FINALIZED))
+	{
+		/* clear the rest of the data queue */
+		memset((char*)ctx->message + ctx->rest, 0, block_size - ctx->rest);
+		((char*)ctx->message)[ctx->rest] |= 0x06;
+		((char*)ctx->message)[block_size - 1] |= 0x80;
+
+		/* process final block */
+		rhash_sha3_process_block(ctx->hash, ctx->message, block_size);
+		ctx->rest = SHA3_FINALIZED; /* mark context as finalized */
+	}
+
+	assert(block_size > digest_length);
+	if (result) me64_to_le_str(result, ctx->hash, digest_length);
+}
+
+#ifdef USE_KECCAK
+/**
+* Store calculated hash into the given array.
+*
+* @param ctx the algorithm context containing current hashing state
+* @param result calculated hash in binary form
+*/
+void rhash_keccak_final(sha3_ctx *ctx, unsigned char* result)
+{
+	size_t digest_length = 100 - ctx->block_size / 2;
+	const size_t block_size = ctx->block_size;
+
+	if (!(ctx->rest & SHA3_FINALIZED))
+	{
+		/* clear the rest of the data queue */
+		memset((char*)ctx->message + ctx->rest, 0, block_size - ctx->rest);
+		((char*)ctx->message)[ctx->rest] |= 0x01;
+		((char*)ctx->message)[block_size - 1] |= 0x80;
+
+		/* process final block */
+		rhash_sha3_process_block(ctx->hash, ctx->message, block_size);
+		ctx->rest = SHA3_FINALIZED; /* mark context as finalized */
+	}
+
+	assert(block_size > digest_length);
+	if (result) me64_to_le_str(result, ctx->hash, digest_length);
+}
+#endif /* USE_KECCAK */

Utilities/cmlibrhash/librhash/sha3.h

@@ -0,0 +1,54 @@
+/* sha3.h */
+#ifndef RHASH_SHA3_H
+#define RHASH_SHA3_H
+#include "ustd.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define sha3_224_hash_size  28
+#define sha3_256_hash_size  32
+#define sha3_384_hash_size  48
+#define sha3_512_hash_size  64
+#define sha3_max_permutation_size 25
+#define sha3_max_rate_in_qwords 24
+
+/**
+ * SHA3 Algorithm context.
+ */
+typedef struct sha3_ctx
+{
+	/* 1600 bits algorithm hashing state */
+	uint64_t hash[sha3_max_permutation_size];
+	/* 1536-bit buffer for leftovers */
+	uint64_t message[sha3_max_rate_in_qwords];
+	/* count of bytes in the message[] buffer */
+	unsigned rest;
+	/* size of a message block processed at once */
+	unsigned block_size;
+} sha3_ctx;
+
+/* methods for calculating the hash function */
+
+void rhash_sha3_224_init(sha3_ctx *ctx);
+void rhash_sha3_256_init(sha3_ctx *ctx);
+void rhash_sha3_384_init(sha3_ctx *ctx);
+void rhash_sha3_512_init(sha3_ctx *ctx);
+void rhash_sha3_update(sha3_ctx *ctx, const unsigned char* msg, size_t size);
+void rhash_sha3_final(sha3_ctx *ctx, unsigned char* result);
+
+#ifdef USE_KECCAK
+#define rhash_keccak_224_init rhash_sha3_224_init
+#define rhash_keccak_256_init rhash_sha3_256_init
+#define rhash_keccak_384_init rhash_sha3_384_init
+#define rhash_keccak_512_init rhash_sha3_512_init
+#define rhash_keccak_update rhash_sha3_update
+void rhash_keccak_final(sha3_ctx *ctx, unsigned char* result);
+#endif
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif /* __cplusplus */
+
+#endif /* RHASH_SHA3_H */