package sha3

Import Path
	crypto/internal/fips140/sha3 (on go.dev)

Dependency Relation
	imports 8 packages, and imported by 6 packages

Involved Source Files

	    cast.go
	    hashes.go
	    keccakf.go
	  d sha3.go
		Package sha3 implements the SHA-3 fixed-output-length hash functions and
		the SHAKE variable-output-length functions defined by [FIPS 202], as well as
		the cSHAKE extendable-output-length functions defined by [SP 800-185].
		
		[FIPS 202]: https://doi.org/10.6028/NIST.FIPS.202
		[SP 800-185]: https://doi.org/10.6028/NIST.SP.800-185

	    sha3_amd64.go
	    shake.go
	    sha3_amd64.s
Package-Level Type Names (total 3, in which 2 are exported)

	/* sort exporteds by: alphabet | popularity */
	 type Digest (struct)

		Fields (total 6, none are exported)
			/* 6 unexporteds ... *//* 6 unexporteds: */
			a [200]byte
				// main state of the hash

			dsbyte byte
				dsbyte contains the "domain separation" bits and the first bit of
				the padding. Sections 6.1 and 6.2 of [1] separate the outputs of the
				SHA-3 and SHAKE functions by appending bitstrings to the message.
				Using a little-endian bit-ordering convention, these are "01" for SHA-3
				and "1111" for SHAKE, or 00000010b and 00001111b, respectively. Then the
				padding rule from section 5.1 is applied to pad the message to a multiple
				of the rate, which involves adding a "1" bit, zero or more "0" bits, and
				a final "1" bit. We merge the first "1" bit from the padding into dsbyte,
				giving 00000110b (0x06) and 00011111b (0x1f).
				[1] http://csrc.nist.gov/publications/drafts/fips-202/fips_202_draft.pdf
				    "Draft FIPS 202: SHA-3 Standard: Permutation-Based Hash and
				     Extendable-Output Functions (May 2014)"

			n int
				a[n:rate] is the buffer. If absorbing, it's the remaining space to XOR
				into before running the permutation. If squeezing, it's the remaining
				output to produce before running the permutation.

			outputLen int
				// the default output size in bytes

			rate int
				a[n:rate] is the buffer. If absorbing, it's the remaining space to XOR
				into before running the permutation. If squeezing, it's the remaining
				output to produce before running the permutation.

			state spongeDirection
				// whether the sponge is absorbing or squeezing

		Methods (total 17, in which 9 are exported)
			(*Digest) AppendBinary(b []byte) ([]byte, error)
			(*Digest) BlockSize() int
				BlockSize returns the rate of sponge underlying this hash function.

			(*Digest) Clone() *Digest
			(*Digest) MarshalBinary() ([]byte, error)
			(*Digest) Reset()
				Reset resets the Digest to its initial state.

			(*Digest) Size() int
				Size returns the output size of the hash function in bytes.

			(*Digest) Sum(b []byte) []byte
				Sum appends the current hash to b and returns the resulting slice.
				It does not change the underlying hash state.

			(*Digest) UnmarshalBinary(b []byte) error
			(*Digest) Write(p []byte) (n int, err error)
				Write absorbs more data into the hash's state.

			/* 8 unexporteds ... *//* 8 unexporteds: */
			(*Digest) padAndPermute()
				padAndPermute appends the domain separation bits in dsbyte, applies
				the multi-bitrate 10..1 padding rule, and permutes the state.

			(*Digest) permute()
				permute applies the KeccakF-1600 permutation.

			(*Digest) read(out []byte) (n int, err error)
			(*Digest) readGeneric(out []byte) (n int, err error)
				read squeezes an arbitrary number of bytes from the sponge.

			(*Digest) sum(b []byte) []byte
			(*Digest) sumGeneric(b []byte) []byte
			(*Digest) write(p []byte) (n int, err error)
			(*Digest) writeGeneric(p []byte) (n int, err error)
		Implements (at least 9, in which 7 are exported)
			*Digest : crypto/internal/fips140.Hash
			*Digest : encoding.BinaryAppender
			*Digest : encoding.BinaryMarshaler
			*Digest : encoding.BinaryUnmarshaler
			*Digest : hash.Hash
			*Digest : internal/bisect.Writer
			*Digest : io.Writer
			/* 2+ unexporteds ... *//* 2+ unexporteds: */
			*Digest : crypto/internal/fips140/hmac.marshalable
			*Digest : crypto/tls.transcriptHash
		As Outputs Of (at least 9, in which 7 are exported)
			func New224() *Digest
			func New256() *Digest
			func New384() *Digest
			func New512() *Digest
			func NewLegacyKeccak256() *Digest
			func NewLegacyKeccak512() *Digest
			func (*Digest).Clone() *Digest
			/* 2+ unexporteds ... *//* 2+ unexporteds: */
			func crypto/internal/fips140hash.sha3Unwrap(*sha3.SHA3) *Digest
			func crypto/sha3.fips140hash_sha3Unwrap(sha3 *sha3.SHA3) *Digest

	 type SHAKE (struct)

		Fields (total 2, neither is exported)
			/* 2 unexporteds ... *//* 2 unexporteds: */
			d Digest
				// SHA-3 state context and Read/Write operations

			initBlock []byte
				initBlock is the cSHAKE specific initialization set of bytes. It is initialized
				by newCShake function and stores concatenation of N followed by S, encoded
				by the method specified in 3.3 of [1].
				It is stored here in order for Reset() to be able to put context into
				initial state.

		Methods (total 10, all are exported)
			(*SHAKE) AppendBinary(b []byte) ([]byte, error)
			(*SHAKE) BlockSize() int
			(*SHAKE) Clone() *SHAKE
				Clone returns a copy of the SHAKE context in its current state.

			(*SHAKE) MarshalBinary() ([]byte, error)
			(*SHAKE) Read(out []byte) (n int, err error)
			(*SHAKE) Reset()
				Reset resets the hash to initial state.

			(*SHAKE) Size() int
			(*SHAKE) Sum(in []byte) []byte
				Sum appends a portion of output to b and returns the resulting slice. The
				output length is selected to provide full-strength generic security: 32 bytes
				for SHAKE128 and 64 bytes for SHAKE256. It does not change the underlying
				state. It panics if any output has already been read.

			(*SHAKE) UnmarshalBinary(b []byte) error
			(*SHAKE) Write(p []byte) (n int, err error)
				Write absorbs more data into the hash's state.
				It panics if any output has already been read.

		Implements (at least 11, in which 9 are exported)
			*SHAKE : crypto/internal/fips140.Hash
			*SHAKE : encoding.BinaryAppender
			*SHAKE : encoding.BinaryMarshaler
			*SHAKE : encoding.BinaryUnmarshaler
			*SHAKE : hash.Hash
			*SHAKE : internal/bisect.Writer
			*SHAKE : io.Reader
			*SHAKE : io.ReadWriter
			*SHAKE : io.Writer
			/* 2+ unexporteds ... *//* 2+ unexporteds: */
			*SHAKE : crypto/internal/fips140/hmac.marshalable
			*SHAKE : crypto/tls.transcriptHash
		As Outputs Of (at least 6, in which 5 are exported)
			func NewCShake128(N, S []byte) *SHAKE
			func NewCShake256(N, S []byte) *SHAKE
			func NewShake128() *SHAKE
			func NewShake256() *SHAKE
			func (*SHAKE).Clone() *SHAKE
			/* at least one unexported ... *//* at least one unexported: */
			func newCShake(N, S []byte, rate, outputLen int, dsbyte byte) *SHAKE

	/* one unexported ... *//* one unexported: */
	 type spongeDirection int (basic type)
		spongeDirection indicates the direction bytes are flowing through the sponge.

		As Types Of (total 2, neither is exported)
			/* 2 unexporteds ... *//* 2 unexporteds: */
			const spongeAbsorbing
			const spongeSqueezing


Package-Level Functions (total 16, in which 10 are exported)

	 func New224() *Digest
		New224 returns a new Digest computing the SHA3-224 hash.

	 func New256() *Digest
		New256 returns a new Digest computing the SHA3-256 hash.

	 func New384() *Digest
		New384 returns a new Digest computing the SHA3-384 hash.

	 func New512() *Digest
		New512 returns a new Digest computing the SHA3-512 hash.

	 func NewCShake128(N, S []byte) *SHAKE
		NewCShake128 creates a new cSHAKE128 XOF.
		
		N is used to define functions based on cSHAKE, it can be empty when plain
		cSHAKE is desired. S is a customization byte string used for domain
		separation. When N and S are both empty, this is equivalent to NewShake128.

	 func NewCShake256(N, S []byte) *SHAKE
		NewCShake256 creates a new cSHAKE256 XOF.
		
		N is used to define functions based on cSHAKE, it can be empty when plain
		cSHAKE is desired. S is a customization byte string used for domain
		separation. When N and S are both empty, this is equivalent to NewShake256.

	 func NewLegacyKeccak256() *Digest
		NewLegacyKeccak256 returns a new Digest computing the legacy, non-standard
		Keccak-256 hash.

	 func NewLegacyKeccak512() *Digest
		NewLegacyKeccak512 returns a new Digest computing the legacy, non-standard
		Keccak-512 hash.

	 func NewShake128() *SHAKE
		NewShake128 creates a new SHAKE128 XOF.

	 func NewShake256() *SHAKE
		NewShake256 creates a new SHAKE256 XOF.

	/* 6 unexporteds ... *//* 6 unexporteds: */
	 func bytepad(data []byte, rate int) []byte
	 func init()
	 func keccakF1600(a *[200]byte)
	 func keccakF1600Generic(da *[200]byte)
		keccakF1600Generic applies the Keccak permutation.

	 func leftEncode(x uint64) []byte
	 func newCShake(N, S []byte, rate, outputLen int, dsbyte byte) *SHAKE
Package-Level Variables (only one, which is unexported)

	/* one unexported ... *//* one unexported: */
	  var rc [24]uint64
		rc stores the round constants for use in the ι step.


Package-Level Constants (total 16, none are exported)

	/* 16 unexporteds ... *//* 16 unexporteds: */
	const dsbyteCShake = 4
	const dsbyteKeccak = 1
	const dsbyteSHA3 = 6
	const dsbyteShake = 31
	const magicCShake = "sha\n"
	const magicKeccak = "sha\v"
	const magicSHA3 = "sha\b"
	const magicShake = "sha\t"
	const marshaledSize int = 207
		magic || rate || main state || n || sponge direction

	const rateK1024 = 72
	const rateK256 = 168
		rateK[c] is the rate in bytes for Keccak[c] where c is the capacity in
		bits. Given the sponge size is 1600 bits, the rate is 1600 - c bits.

	const rateK448 = 144
	const rateK512 = 136
	const rateK768 = 104
	const spongeAbsorbing spongeDirection = 0
		spongeAbsorbing indicates that the sponge is absorbing input.

	const spongeSqueezing spongeDirection = 1
		spongeSqueezing indicates that the sponge is being squeezed.

The pages are generated with Golds v0.7.6. (GOOS=linux GOARCH=amd64)