From 976ec83f90442bc4c8aaa04c55daedcc56b04473 Mon Sep 17 00:00:00 2001
From: Paul Duncan <pabs@pablotron.org>
Date: Thu, 9 May 2024 01:19:01 -0400
Subject: sha3.[hc]: add sha3_xof12_t, refactor xor12 and turboshake functions
 to use it

---
 sha3.h | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

(limited to 'sha3.h')

diff --git a/sha3.h b/sha3.h
index 66956e0..05589ad 100644
--- a/sha3.h
+++ b/sha3.h
@@ -1987,6 +1987,22 @@ void parallelhash256_xof_once(const parallelhash_params_t params, const uint8_t
  *   "KangarooTwelve and TurboSHAKE"
  */
 
+/**
+ * @brief Iterative [XOF][] context (all members are private) for XOFs
+ * with 12 round permutations.
+ * @ingroup turboshake
+ *
+ * @note Used internally by TurboSHAKE and KangarooTwelve.
+ *
+ * [xof]: https://en.wikipedia.org/wiki/Extendable-output_function
+ *   "Extendable-Output Function (XOF)"
+ */
+typedef struct {
+  size_t num_bytes; /**< number of bytes absorbed */
+  sha3_state_t a; /**< internal state */
+  _Bool squeezing; /**< mode (absorbing or squeezing) */
+} sha3_xof12_t;
+
 /**
  * @brief Absorb bytes into TurboSHAKE128 [XOF][], then squeeze bytes out.
  * @ingroup turboshake
@@ -2091,7 +2107,7 @@ void turboshake256_custom(const uint8_t pad, const uint8_t *src, const size_t sr
  *   "Extendable-Output Function (XOF)"
  */
 typedef struct {
-  sha3_xof_t xof; /**< XOF context (private) */
+  sha3_xof12_t xof; /**< XOF context (private) */
   uint8_t pad; /**< Padding byte (private) */
 } turboshake_t;
 
-- 
cgit v1.2.3