diff --git a/doc/crypto.dox b/doc/crypto.dox
index f3cb600d..ab416a45 100644
--- a/doc/crypto.dox
+++ b/doc/crypto.dox
@@ -29,7 +29,7 @@
\li Block ciphers: AES128, AES192, AES256
\li Block cipher modes: CTR, CFB, CBC, OFB
\li Stream ciphers: ChaCha
-\li Hash algorithms: SHA1, SHA256, SHA512, BLAKE2s, BLAKE2b
+\li Hash algorithms: SHA1, SHA256, SHA512, SHA3_256, SHA3_512, BLAKE2s, BLAKE2b
\li Public key algorithms: Curve25519
\li Random number generation: \link RNGClass RNG\endlink, TransistorNoiseSource
@@ -66,6 +66,8 @@ Ardunino Mega 2560 running at 16 MHz are similar:
| SHA1 | 21.90us | | | 94 |
| SHA256 | 43.85us | | | 106 |
| SHA512 | 123.25us | | | 210 |
+| SHA3_256 | 121.69us | | | 403 |
+| SHA3_512 | 229.12us | | | 403 |
| BLAKE2s | 18.54us | | | 170 |
| BLAKE2b | 50.59us | | | 338 |
diff --git a/doc/mainpage.dox b/doc/mainpage.dox
index 53f153fd..da34f98e 100644
--- a/doc/mainpage.dox
+++ b/doc/mainpage.dox
@@ -93,7 +93,7 @@ realtime clock and the LCD library to implement an alarm clock.
\li Block ciphers: AES128, AES192, AES256
\li Block cipher modes: CTR, CFB, CBC, OFB
\li Stream ciphers: ChaCha
-\li Hash algorithms: SHA1, SHA256, SHA512, BLAKE2s, BLAKE2b
+\li Hash algorithms: SHA1, SHA256, SHA512, SHA3_256, SHA3_512, BLAKE2s, BLAKE2b
\li Public key algorithms: Curve25519
\li Random number generation: \link RNGClass RNG\endlink, TransistorNoiseSource
diff --git a/libraries/Crypto/KeccakCore.cpp b/libraries/Crypto/KeccakCore.cpp
new file mode 100644
index 00000000..9c18f870
--- /dev/null
+++ b/libraries/Crypto/KeccakCore.cpp
@@ -0,0 +1,328 @@
+/*
+ * Copyright (C) 2015 Southern Storm Software, Pty Ltd.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included
+ * in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ */
+
+#include "KeccakCore.h"
+#include "Crypto.h"
+#include "utility/EndianUtil.h"
+#include "utility/RotateUtil.h"
+#include "utility/ProgMemUtil.h"
+#include
+
+/**
+ * \class KeccakCore KeccakCore.h
+ * \brief Keccak core sponge function.
+ *
+ * KeccakCore provides the core sponge function for different capacities.
+ * It is used to implement Hash algorithms such as SHA3.
+ *
+ * References: http://en.wikipedia.org/wiki/SHA-3
+ *
+ * \sa SHA3
+ */
+
+/**
+ * \brief Constructs a new Keccak sponge function.
+ *
+ * The capacity() will initially be set to 1536, which normally won't be
+ * of much use to the caller. The constructor should be followed by a
+ * call to setCapacity() to select the capacity of interest.
+ */
+KeccakCore::KeccakCore()
+ : _blockSize(8)
+{
+ memset(state.A, 0, sizeof(state.A));
+ state.inputSize = 0;
+ state.outputSize = 0;
+}
+
+/**
+ * \brief Destroys this Keccak sponge function after clearing all
+ * sensitive information.
+ */
+KeccakCore::~KeccakCore()
+{
+ clean(state);
+}
+
+/**
+ * \brief Returns the capacity of the sponge function in bits.
+ *
+ * \sa setCapacity(), blockSize()
+ */
+size_t KeccakCore::capacity() const
+{
+ return 1600 - ((size_t)_blockSize) * 8;
+}
+
+/**
+ * \brief Sets the capacity of the Keccak sponge function in bits.
+ *
+ * \param capacity The capacity of the Keccak sponge function in bits which
+ * should be a multiple of 64 and between 64 and 1536.
+ *
+ * \note It is possible to create a sponge function with this constructor that
+ * doesn't strictly conform with the capacity and hash size constraints
+ * defined in the relevant standards. It is the responsibility of callers
+ * to only use standard parameter combinations.
+ *
+ * \sa capacity(), blockSize()
+ */
+void KeccakCore::setCapacity(size_t capacity)
+{
+ _blockSize = (1600 - capacity) / 8;
+ reset();
+}
+
+/**
+ * \fn size_t KeccakCore::blockSize() const
+ * \brief Returns the input block size for the sponge function in bytes.
+ *
+ * The block size is (1600 - capacity()) / 8.
+ *
+ * \sa capacity()
+ */
+
+/**
+ * \brief Resets the Keccak sponge function ready for a new session.
+ *
+ * \sa update(), extract()
+ */
+void KeccakCore::reset()
+{
+ memset(state.A, 0, sizeof(state.A));
+ state.inputSize = 0;
+ state.outputSize = 0;
+}
+
+/**
+ * \brief Updates the Keccak sponge function with more input data.
+ *
+ * \param data The extra input data to incorporate.
+ * \param size The size of the new data to incorporate.
+ *
+ * This function will invoke the sponge function whenever a full blockSize()
+ * bytes of input data have been accumulated. Call pad() after the last
+ * block to finalize the input before calling extract().
+ *
+ * \sa pad(), extract(), reset()
+ */
+void KeccakCore::update(const void *data, size_t size)
+{
+ // Stop generating output while we incorporate the new data.
+ state.outputSize = 0;
+
+ // Break the input up into chunks and process each in turn.
+ const uint8_t *d = (const uint8_t *)data;
+#if !defined(CRYPTO_LITTLE_ENDIAN)
+ uint64_t *Awords = &(state.A[0][0]);
+ uint8_t index, index2;
+#endif
+ while (size > 0) {
+ uint8_t len = _blockSize - state.inputSize;
+ if (len > size)
+ len = size;
+#if defined(CRYPTO_LITTLE_ENDIAN)
+ uint8_t *Abytes = ((uint8_t *)state.A) + state.inputSize;
+ for (uint8_t posn = 0; posn < len; ++posn)
+ Abytes[posn] ^= d[posn];
+#else
+ index2 = state.inputSize;
+ for (index = 0; index < len; ++index) {
+ Awords[index2 / 8] ^= (((uint64_t)d[index]) << ((index2 % 8) * 8));
+ ++index2;
+ }
+#endif
+ state.inputSize += len;
+ size -= len;
+ d += len;
+ if (state.inputSize == _blockSize) {
+ keccakp();
+ state.inputSize = 0;
+ }
+ }
+}
+
+/**
+ * \brief Pads the last block of input data to blockSize().
+ *
+ * \param tag The tag byte to add to the padding to identify SHA3 (0x06),
+ * SHAKE (0x1F), or the plain pre-standardized version of Keccak (0x01).
+ *
+ * The sponge function will be invoked to process the completed padding block.
+ *
+ * \sa update(), extract()
+ */
+void KeccakCore::pad(uint8_t tag)
+{
+ // Padding for SHA3-NNN variants according to FIPS 202 appends "01",
+ // then another "1", then many zero bits, followed by a final "1".
+ // SHAKE appends "1111" first instead of "01". Note that SHA-3 numbers
+ // bits from the least significant, so appending "01" is equivalent
+ // to 0x02 for byte-aligned data, not 0x40.
+ uint8_t size = state.inputSize;
+ uint64_t *Awords = &(state.A[0][0]);
+ Awords[size / 8] ^= (((uint64_t)tag) << ((size % 8) * 8));
+ Awords[(_blockSize - 1) / 8] ^= 0x8000000000000000ULL;
+ keccakp();
+ state.inputSize = 0;
+ state.outputSize = 0;
+}
+
+/**
+ * \brief Extracts data from the Keccak sponge function.
+ *
+ * \param data The data buffer to fill with extracted data.
+ * \param size The number number of bytes of extracted data that are required.
+ *
+ * If more than blockSize() bytes are required, the sponge function will
+ * be invoked to generate additional data.
+ *
+ * \sa update(), reset(), extractHash()
+ */
+void KeccakCore::extract(void *data, size_t size)
+{
+#if !defined(CRYPTO_LITTLE_ENDIAN)
+ uint8_t index, index2;
+ const uint64_t *Awords = &(state.A[0][0]);
+#endif
+
+ // Stop accepting input while we are generating output.
+ state.inputSize = 0;
+
+ // Copy the output data into the caller's return buffer.
+ uint8_t *d = (uint8_t *)data;
+ uint8_t tempSize;
+ while (size > 0) {
+ // Generate another output block if the current one has been exhausted.
+ if (state.outputSize >= _blockSize) {
+ keccakp();
+ state.outputSize = 0;
+ }
+
+ // How many bytes can we copy this time around?
+ tempSize = _blockSize - state.outputSize;
+ if (tempSize > size)
+ tempSize = size;
+
+ // Copy the partial output data into the caller's return buffer.
+#if defined(CRYPTO_LITTLE_ENDIAN)
+ memcpy(d, ((uint8_t *)(state.A)) + state.outputSize, tempSize);
+#else
+ index2 = state.outputSize;
+ for (index = 0; index < tempSize; ++index) {
+ d[index] = (uint8_t)(Awords[index2 / 8] >> ((index2 % 8) * 8));
+ ++index2;
+ }
+#endif
+ state.outputSize += tempSize;
+ size -= tempSize;
+ d += tempSize;
+ }
+}
+
+/**
+ * \brief Clears all sensitive data from this object.
+ */
+void KeccakCore::clear()
+{
+ clean(state);
+}
+
+/**
+ * \brief Transform the state with the KECCAK-p sponge function with b = 1600.
+ */
+void KeccakCore::keccakp()
+{
+ static const uint8_t addMod5Table[9] PROGMEM = {
+ 0, 1, 2, 3, 4, 0, 1, 2, 3
+ };
+ #define addMod5(x, y) (pgm_read_byte(&(addMod5Table[(x) + (y)])))
+ uint64_t D;
+ uint8_t index, index2;
+ for (uint8_t round = 0; round < 24; ++round) {
+ // Step mapping theta. The specification mentions two temporary
+ // arrays of size 5 called C and D. To save a bit of memory,
+ // we use the first row of B to store C and compute D on the fly.
+ for (index = 0; index < 5; ++index) {
+ state.B[0][index] = state.A[0][index] ^ state.A[1][index] ^
+ state.A[2][index] ^ state.A[3][index] ^
+ state.A[4][index];
+ }
+ for (index = 0; index < 5; ++index) {
+ D = state.B[0][addMod5(index, 4)] ^
+ leftRotate1_64(state.B[0][addMod5(index, 1)]);
+ for (index2 = 0; index2 < 5; ++index2)
+ state.A[index2][index] ^= D;
+ }
+
+ // Step mapping rho and pi combined into a single step.
+ // Rotate all lanes by a specific offset and rearrange.
+ state.B[0][0] = state.A[0][0];
+ state.B[1][0] = leftRotate28_64(state.A[0][3]);
+ state.B[2][0] = leftRotate1_64 (state.A[0][1]);
+ state.B[3][0] = leftRotate27_64(state.A[0][4]);
+ state.B[4][0] = leftRotate62_64(state.A[0][2]);
+ state.B[0][1] = leftRotate44_64(state.A[1][1]);
+ state.B[1][1] = leftRotate20_64(state.A[1][4]);
+ state.B[2][1] = leftRotate6_64 (state.A[1][2]);
+ state.B[3][1] = leftRotate36_64(state.A[1][0]);
+ state.B[4][1] = leftRotate55_64(state.A[1][3]);
+ state.B[0][2] = leftRotate43_64(state.A[2][2]);
+ state.B[1][2] = leftRotate3_64 (state.A[2][0]);
+ state.B[2][2] = leftRotate25_64(state.A[2][3]);
+ state.B[3][2] = leftRotate10_64(state.A[2][1]);
+ state.B[4][2] = leftRotate39_64(state.A[2][4]);
+ state.B[0][3] = leftRotate21_64(state.A[3][3]);
+ state.B[1][3] = leftRotate45_64(state.A[3][1]);
+ state.B[2][3] = leftRotate8_64 (state.A[3][4]);
+ state.B[3][3] = leftRotate15_64(state.A[3][2]);
+ state.B[4][3] = leftRotate41_64(state.A[3][0]);
+ state.B[0][4] = leftRotate14_64(state.A[4][4]);
+ state.B[1][4] = leftRotate61_64(state.A[4][2]);
+ state.B[2][4] = leftRotate18_64(state.A[4][0]);
+ state.B[3][4] = leftRotate56_64(state.A[4][3]);
+ state.B[4][4] = leftRotate2_64 (state.A[4][1]);
+
+ // Step mapping chi. Combine each lane with two other lanes in its row.
+ for (index = 0; index < 5; ++index) {
+ for (index2 = 0; index2 < 5; ++index2) {
+ state.A[index2][index] =
+ state.B[index2][index] ^
+ ((~state.B[index2][addMod5(index, 1)]) &
+ state.B[index2][addMod5(index, 2)]);
+ }
+ }
+
+ // Step mapping iota. XOR A[0][0] with the round constant.
+ static uint64_t const RC[24] PROGMEM = {
+ 0x0000000000000001ULL, 0x0000000000008082ULL, 0x800000000000808AULL,
+ 0x8000000080008000ULL, 0x000000000000808BULL, 0x0000000080000001ULL,
+ 0x8000000080008081ULL, 0x8000000000008009ULL, 0x000000000000008AULL,
+ 0x0000000000000088ULL, 0x0000000080008009ULL, 0x000000008000000AULL,
+ 0x000000008000808BULL, 0x800000000000008BULL, 0x8000000000008089ULL,
+ 0x8000000000008003ULL, 0x8000000000008002ULL, 0x8000000000000080ULL,
+ 0x000000000000800AULL, 0x800000008000000AULL, 0x8000000080008081ULL,
+ 0x8000000000008080ULL, 0x0000000080000001ULL, 0x8000000080008008ULL
+ };
+ state.A[0][0] ^= pgm_read_qword(RC + round);
+ }
+}
diff --git a/libraries/Crypto/KeccakCore.h b/libraries/Crypto/KeccakCore.h
new file mode 100644
index 00000000..607447d1
--- /dev/null
+++ b/libraries/Crypto/KeccakCore.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2015 Southern Storm Software, Pty Ltd.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included
+ * in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ */
+
+#ifndef CRYPTO_KECCAKCORE_H
+#define CRYPTO_KECCAKCORE_H
+
+#include
+#include
+
+class KeccakCore
+{
+public:
+ KeccakCore();
+ ~KeccakCore();
+
+ size_t capacity() const;
+ void setCapacity(size_t capacity);
+
+ size_t blockSize() const { return _blockSize; }
+
+ void reset();
+
+ void update(const void *data, size_t size);
+ void pad(uint8_t tag);
+
+ void extract(void *data, size_t size);
+
+ void clear();
+
+private:
+ struct {
+ uint64_t A[5][5];
+ uint64_t B[5][5];
+ uint8_t inputSize;
+ uint8_t outputSize;
+ } state;
+ uint8_t _blockSize;
+
+ void keccakp();
+};
+
+#endif
diff --git a/libraries/Crypto/SHA3.cpp b/libraries/Crypto/SHA3.cpp
new file mode 100644
index 00000000..684d267f
--- /dev/null
+++ b/libraries/Crypto/SHA3.cpp
@@ -0,0 +1,137 @@
+/*
+ * Copyright (C) 2015 Southern Storm Software, Pty Ltd.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included
+ * in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ */
+
+#include "SHA3.h"
+
+/**
+ * \class SHA3_256 SHA3.h
+ * \brief SHA3-256 hash algorithm.
+ *
+ * Reference: http://en.wikipedia.org/wiki/SHA-3
+ *
+ * \sa SHA3_512
+ */
+
+/**
+ * \brief Constructs a new SHA3-256 hash object.
+ */
+SHA3_256::SHA3_256()
+{
+ core.setCapacity(512);
+}
+
+/**
+ * \brief Destroys this hash object after clearing sensitive information.
+ */
+SHA3_256::~SHA3_256()
+{
+ // The destructor for the KeccakCore object will do most of the work.
+}
+
+size_t SHA3_256::hashSize() const
+{
+ return 32;
+}
+
+size_t SHA3_256::blockSize() const
+{
+ return core.blockSize();
+}
+
+void SHA3_256::reset()
+{
+ core.reset();
+}
+
+void SHA3_256::update(const void *data, size_t len)
+{
+ core.update(data, len);
+}
+
+void SHA3_256::finalize(void *hash, size_t len)
+{
+ // Pad the final block and then extract the hash value.
+ core.pad(0x06);
+ core.extract(hash, len);
+}
+
+void SHA3_256::clear()
+{
+ core.clear();
+}
+
+/**
+ * \class SHA3_512 SHA3.h
+ * \brief SHA3-512 hash algorithm.
+ *
+ * Reference: http://en.wikipedia.org/wiki/SHA-3
+ *
+ * \sa SHA3_256
+ */
+
+/**
+ * \brief Constructs a new SHA3-512 hash object.
+ */
+SHA3_512::SHA3_512()
+{
+ core.setCapacity(1024);
+}
+
+/**
+ * \brief Destroys this hash object after clearing sensitive information.
+ */
+SHA3_512::~SHA3_512()
+{
+ // The destructor for the KeccakCore object will do most of the work.
+}
+
+size_t SHA3_512::hashSize() const
+{
+ return 64;
+}
+
+size_t SHA3_512::blockSize() const
+{
+ return core.blockSize();
+}
+
+void SHA3_512::reset()
+{
+ core.reset();
+}
+
+void SHA3_512::update(const void *data, size_t len)
+{
+ core.update(data, len);
+}
+
+void SHA3_512::finalize(void *hash, size_t len)
+{
+ // Pad the final block and then extract the hash value.
+ core.pad(0x06);
+ core.extract(hash, len);
+}
+
+void SHA3_512::clear()
+{
+ core.clear();
+}
diff --git a/libraries/Crypto/SHA3.h b/libraries/Crypto/SHA3.h
new file mode 100644
index 00000000..bb19643f
--- /dev/null
+++ b/libraries/Crypto/SHA3.h
@@ -0,0 +1,67 @@
+/*
+ * Copyright (C) 2015 Southern Storm Software, Pty Ltd.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included
+ * in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ */
+
+#ifndef CRYPTO_SHA3_h
+#define CRYPTO_SHA3_h
+
+#include "KeccakCore.h"
+#include "Hash.h"
+
+class SHA3_256 : public Hash
+{
+public:
+ SHA3_256();
+ virtual ~SHA3_256();
+
+ size_t hashSize() const;
+ size_t blockSize() const;
+
+ void reset();
+ void update(const void *data, size_t len);
+ void finalize(void *hash, size_t len);
+
+ void clear();
+
+private:
+ KeccakCore core;
+};
+
+class SHA3_512 : public Hash
+{
+public:
+ SHA3_512();
+ virtual ~SHA3_512();
+
+ size_t hashSize() const;
+ size_t blockSize() const;
+
+ void reset();
+ void update(const void *data, size_t len);
+ void finalize(void *hash, size_t len);
+
+ void clear();
+
+private:
+ KeccakCore core;
+};
+
+#endif
diff --git a/libraries/Crypto/examples/TestSHA3_256/TestSHA3_256.ino b/libraries/Crypto/examples/TestSHA3_256/TestSHA3_256.ino
new file mode 100644
index 00000000..0619c9b6
--- /dev/null
+++ b/libraries/Crypto/examples/TestSHA3_256/TestSHA3_256.ino
@@ -0,0 +1,219 @@
+/*
+ * Copyright (C) 2015 Southern Storm Software, Pty Ltd.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included
+ * in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ */
+
+/*
+This example runs tests on the SHA3_256 implementation to verify
+correct behaviour.
+*/
+
+#include
+#include
+#include
+
+#define DATA_SIZE 136
+#define HASH_SIZE 32
+
+struct TestHashVector
+{
+ const char *name;
+ uint8_t data[DATA_SIZE];
+ uint8_t dataSize;
+ uint8_t hash[HASH_SIZE];
+};
+
+// Some test vectors from https://github.com/gvanas/KeccakCodePackage
+static TestHashVector const testVectorSHA3_256_1 = {
+ "SHA3-256 #1",
+ {0},
+ 0,
+ {0xA7, 0xFF, 0xC6, 0xF8, 0xBF, 0x1E, 0xD7, 0x66,
+ 0x51, 0xC1, 0x47, 0x56, 0xA0, 0x61, 0xD6, 0x62,
+ 0xF5, 0x80, 0xFF, 0x4D, 0xE4, 0x3B, 0x49, 0xFA,
+ 0x82, 0xD8, 0x0A, 0x4B, 0x80, 0xF8, 0x43, 0x4A}
+};
+static TestHashVector const testVectorSHA3_256_2 = {
+ "SHA3-256 #2",
+ {0x1F, 0x87, 0x7C},
+ 3,
+ {0xBC, 0x22, 0x34, 0x5E, 0x4B, 0xD3, 0xF7, 0x92,
+ 0xA3, 0x41, 0xCF, 0x18, 0xAC, 0x07, 0x89, 0xF1,
+ 0xC9, 0xC9, 0x66, 0x71, 0x2A, 0x50, 0x1B, 0x19,
+ 0xD1, 0xB6, 0x63, 0x2C, 0xCD, 0x40, 0x8E, 0xC5}
+};
+static TestHashVector const testVectorSHA3_256_3 = {
+ "SHA3-256 #3",
+ {0xE2, 0x61, 0x93, 0x98, 0x9D, 0x06, 0x56, 0x8F,
+ 0xE6, 0x88, 0xE7, 0x55, 0x40, 0xAE, 0xA0, 0x67,
+ 0x47, 0xD9, 0xF8, 0x51},
+ 20,
+ {0x2C, 0x1E, 0x61, 0xE5, 0xD4, 0x52, 0x03, 0xF2,
+ 0x7B, 0x86, 0xF1, 0x29, 0x3A, 0x80, 0xBA, 0xB3,
+ 0x41, 0x92, 0xDA, 0xF4, 0x2B, 0x86, 0x23, 0xB1,
+ 0x20, 0x05, 0xB2, 0xFB, 0x1C, 0x18, 0xAC, 0xB1}
+};
+static TestHashVector const testVectorSHA3_256_4 = {
+ "SHA3-256 #4",
+ {0xB7, 0x71, 0xD5, 0xCE, 0xF5, 0xD1, 0xA4, 0x1A,
+ 0x93, 0xD1, 0x56, 0x43, 0xD7, 0x18, 0x1D, 0x2A,
+ 0x2E, 0xF0, 0xA8, 0xE8, 0x4D, 0x91, 0x81, 0x2F,
+ 0x20, 0xED, 0x21, 0xF1, 0x47, 0xBE, 0xF7, 0x32,
+ 0xBF, 0x3A, 0x60, 0xEF, 0x40, 0x67, 0xC3, 0x73,
+ 0x4B, 0x85, 0xBC, 0x8C, 0xD4, 0x71, 0x78, 0x0F,
+ 0x10, 0xDC, 0x9E, 0x82, 0x91, 0xB5, 0x83, 0x39,
+ 0xA6, 0x77, 0xB9, 0x60, 0x21, 0x8F, 0x71, 0xE7,
+ 0x93, 0xF2, 0x79, 0x7A, 0xEA, 0x34, 0x94, 0x06,
+ 0x51, 0x28, 0x29, 0x06, 0x5D, 0x37, 0xBB, 0x55,
+ 0xEA, 0x79, 0x6F, 0xA4, 0xF5, 0x6F, 0xD8, 0x89,
+ 0x6B, 0x49, 0xB2, 0xCD, 0x19, 0xB4, 0x32, 0x15,
+ 0xAD, 0x96, 0x7C, 0x71, 0x2B, 0x24, 0xE5, 0x03,
+ 0x2D, 0x06, 0x52, 0x32, 0xE0, 0x2C, 0x12, 0x74,
+ 0x09, 0xD2, 0xED, 0x41, 0x46, 0xB9, 0xD7, 0x5D,
+ 0x76, 0x3D, 0x52, 0xDB, 0x98, 0xD9, 0x49, 0xD3,
+ 0xB0, 0xFE, 0xD6, 0xA8, 0x05, 0x2F, 0xBB},
+ 135,
+ {0xA1, 0x9E, 0xEE, 0x92, 0xBB, 0x20, 0x97, 0xB6,
+ 0x4E, 0x82, 0x3D, 0x59, 0x77, 0x98, 0xAA, 0x18,
+ 0xBE, 0x9B, 0x7C, 0x73, 0x6B, 0x80, 0x59, 0xAB,
+ 0xFD, 0x67, 0x79, 0xAC, 0x35, 0xAC, 0x81, 0xB5}
+};
+static TestHashVector const testVectorSHA3_256_5 = {
+ "SHA3-256 #5",
+ {0xB3, 0x2D, 0x95, 0xB0, 0xB9, 0xAA, 0xD2, 0xA8,
+ 0x81, 0x6D, 0xE6, 0xD0, 0x6D, 0x1F, 0x86, 0x00,
+ 0x85, 0x05, 0xBD, 0x8C, 0x14, 0x12, 0x4F, 0x6E,
+ 0x9A, 0x16, 0x3B, 0x5A, 0x2A, 0xDE, 0x55, 0xF8,
+ 0x35, 0xD0, 0xEC, 0x38, 0x80, 0xEF, 0x50, 0x70,
+ 0x0D, 0x3B, 0x25, 0xE4, 0x2C, 0xC0, 0xAF, 0x05,
+ 0x0C, 0xCD, 0x1B, 0xE5, 0xE5, 0x55, 0xB2, 0x30,
+ 0x87, 0xE0, 0x4D, 0x7B, 0xF9, 0x81, 0x36, 0x22,
+ 0x78, 0x0C, 0x73, 0x13, 0xA1, 0x95, 0x4F, 0x87,
+ 0x40, 0xB6, 0xEE, 0x2D, 0x3F, 0x71, 0xF7, 0x68,
+ 0xDD, 0x41, 0x7F, 0x52, 0x04, 0x82, 0xBD, 0x3A,
+ 0x08, 0xD4, 0xF2, 0x22, 0xB4, 0xEE, 0x9D, 0xBD,
+ 0x01, 0x54, 0x47, 0xB3, 0x35, 0x07, 0xDD, 0x50,
+ 0xF3, 0xAB, 0x42, 0x47, 0xC5, 0xDE, 0x9A, 0x8A,
+ 0xBD, 0x62, 0xA8, 0xDE, 0xCE, 0xA0, 0x1E, 0x3B,
+ 0x87, 0xC8, 0xB9, 0x27, 0xF5, 0xB0, 0x8B, 0xEB,
+ 0x37, 0x67, 0x4C, 0x6F, 0x8E, 0x38, 0x0C, 0x04},
+ 136,
+ {0xDF, 0x67, 0x3F, 0x41, 0x05, 0x37, 0x9F, 0xF6,
+ 0xB7, 0x55, 0xEE, 0xAB, 0x20, 0xCE, 0xB0, 0xDC,
+ 0x77, 0xB5, 0x28, 0x63, 0x64, 0xFE, 0x16, 0xC5,
+ 0x9C, 0xC8, 0xA9, 0x07, 0xAF, 0xF0, 0x77, 0x32}
+};
+
+SHA3_256 sha3_256;
+
+byte buffer[128];
+
+bool testHash_N(Hash *hash, const struct TestHashVector *test, size_t inc)
+{
+ size_t size = test->dataSize;
+ size_t posn, len;
+ uint8_t value[HASH_SIZE];
+
+ hash->reset();
+ for (posn = 0; posn < size; posn += inc) {
+ len = size - posn;
+ if (len > inc)
+ len = inc;
+ hash->update(test->data + posn, len);
+ }
+ hash->finalize(value, sizeof(value));
+ if (memcmp(value, test->hash, sizeof(value)) != 0)
+ return false;
+
+ return true;
+}
+
+void testHash(Hash *hash, const struct TestHashVector *test)
+{
+ bool ok;
+ const char *str;
+ uint8_t ch;
+
+ Serial.print(test->name);
+ Serial.print(" ... ");
+
+ ok = testHash_N(hash, test, test->dataSize);
+ ok &= testHash_N(hash, test, 1);
+ ok &= testHash_N(hash, test, 2);
+ ok &= testHash_N(hash, test, 5);
+ ok &= testHash_N(hash, test, 8);
+ ok &= testHash_N(hash, test, 13);
+ ok &= testHash_N(hash, test, 16);
+ ok &= testHash_N(hash, test, 24);
+ ok &= testHash_N(hash, test, 63);
+ ok &= testHash_N(hash, test, 64);
+
+ if (ok)
+ Serial.println("Passed");
+ else
+ Serial.println("Failed");
+}
+
+void perfHash(Hash *hash)
+{
+ unsigned long start;
+ unsigned long elapsed;
+ int count;
+
+ Serial.print("Hashing ... ");
+
+ for (size_t posn = 0; posn < sizeof(buffer); ++posn)
+ buffer[posn] = (uint8_t)posn;
+
+ hash->reset();
+ start = micros();
+ for (count = 0; count < 500; ++count) {
+ hash->update(buffer, sizeof(buffer));
+ }
+ elapsed = micros() - start;
+
+ Serial.print(elapsed / (sizeof(buffer) * 500.0));
+ Serial.print("us per byte, ");
+ Serial.print((sizeof(buffer) * 500.0 * 1000000.0) / elapsed);
+ Serial.println(" bytes per second");
+}
+
+void setup()
+{
+ Serial.begin(9600);
+
+ Serial.println();
+
+ Serial.println("Test Vectors:");
+ testHash(&sha3_256, &testVectorSHA3_256_1);
+ testHash(&sha3_256, &testVectorSHA3_256_2);
+ testHash(&sha3_256, &testVectorSHA3_256_3);
+ testHash(&sha3_256, &testVectorSHA3_256_4);
+ testHash(&sha3_256, &testVectorSHA3_256_5);
+
+ Serial.println();
+
+ Serial.println("Performance Tests:");
+ perfHash(&sha3_256);
+}
+
+void loop()
+{
+}
diff --git a/libraries/Crypto/examples/TestSHA3_512/TestSHA3_512.ino b/libraries/Crypto/examples/TestSHA3_512/TestSHA3_512.ino
new file mode 100644
index 00000000..4e18a0f3
--- /dev/null
+++ b/libraries/Crypto/examples/TestSHA3_512/TestSHA3_512.ino
@@ -0,0 +1,223 @@
+/*
+ * Copyright (C) 2015 Southern Storm Software, Pty Ltd.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included
+ * in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ */
+
+/*
+This example runs tests on the SHA3_512 implementation to verify
+correct behaviour.
+*/
+
+#include
+#include
+#include
+
+#define DATA_SIZE 72
+#define HASH_SIZE 64
+
+struct TestHashVector
+{
+ const char *name;
+ uint8_t data[DATA_SIZE];
+ uint8_t dataSize;
+ uint8_t hash[HASH_SIZE];
+};
+
+// Some test vectors from https://github.com/gvanas/KeccakCodePackage
+static TestHashVector const testVectorSHA3_512_1 = {
+ "SHA3-512 #1",
+ {0},
+ 0,
+ {0xA6, 0x9F, 0x73, 0xCC, 0xA2, 0x3A, 0x9A, 0xC5,
+ 0xC8, 0xB5, 0x67, 0xDC, 0x18, 0x5A, 0x75, 0x6E,
+ 0x97, 0xC9, 0x82, 0x16, 0x4F, 0xE2, 0x58, 0x59,
+ 0xE0, 0xD1, 0xDC, 0xC1, 0x47, 0x5C, 0x80, 0xA6,
+ 0x15, 0xB2, 0x12, 0x3A, 0xF1, 0xF5, 0xF9, 0x4C,
+ 0x11, 0xE3, 0xE9, 0x40, 0x2C, 0x3A, 0xC5, 0x58,
+ 0xF5, 0x00, 0x19, 0x9D, 0x95, 0xB6, 0xD3, 0xE3,
+ 0x01, 0x75, 0x85, 0x86, 0x28, 0x1D, 0xCD, 0x26}
+};
+static TestHashVector const testVectorSHA3_512_2 = {
+ "SHA3-512 #2",
+ {0x1F, 0x87, 0x7C},
+ 3,
+ {0xCB, 0x20, 0xDC, 0xF5, 0x49, 0x55, 0xF8, 0x09,
+ 0x11, 0x11, 0x68, 0x8B, 0xEC, 0xCE, 0xF4, 0x8C,
+ 0x1A, 0x2F, 0x0D, 0x06, 0x08, 0xC3, 0xA5, 0x75,
+ 0x16, 0x37, 0x51, 0xF0, 0x02, 0xDB, 0x30, 0xF4,
+ 0x0F, 0x2F, 0x67, 0x18, 0x34, 0xB2, 0x2D, 0x20,
+ 0x85, 0x91, 0xCF, 0xAF, 0x1F, 0x5E, 0xCF, 0xE4,
+ 0x3C, 0x49, 0x86, 0x3A, 0x53, 0xB3, 0x22, 0x5B,
+ 0xDF, 0xD7, 0xC6, 0x59, 0x1B, 0xA7, 0x65, 0x8B}
+};
+static TestHashVector const testVectorSHA3_512_3 = {
+ "SHA3-512 #3",
+ {0xE2, 0x61, 0x93, 0x98, 0x9D, 0x06, 0x56, 0x8F,
+ 0xE6, 0x88, 0xE7, 0x55, 0x40, 0xAE, 0xA0, 0x67,
+ 0x47, 0xD9, 0xF8, 0x51},
+ 20,
+ {0x19, 0x1C, 0xEF, 0x1C, 0x6A, 0xA0, 0x09, 0xB1,
+ 0xAB, 0xA6, 0x74, 0xBE, 0x2B, 0x3F, 0x0D, 0xA4,
+ 0x18, 0xFD, 0xF9, 0xE6, 0xA7, 0xEC, 0xF2, 0xBE,
+ 0x42, 0xAC, 0x14, 0xF7, 0xD6, 0xE0, 0x73, 0x31,
+ 0x42, 0x51, 0x33, 0xA8, 0x3B, 0x4E, 0x01, 0x61,
+ 0xCC, 0x7D, 0xEB, 0xF9, 0xDC, 0xD7, 0xFE, 0x37,
+ 0x87, 0xDC, 0xB6, 0x62, 0x2A, 0x38, 0x47, 0x51,
+ 0x89, 0xED, 0xFE, 0x1D, 0xE6, 0xB0, 0x53, 0xD6}
+};
+static TestHashVector const testVectorSHA3_512_4 = {
+ "SHA3-512 #4",
+ {0x13, 0xBD, 0x28, 0x11, 0xF6, 0xED, 0x2B, 0x6F,
+ 0x04, 0xFF, 0x38, 0x95, 0xAC, 0xEE, 0xD7, 0xBE,
+ 0xF8, 0xDC, 0xD4, 0x5E, 0xB1, 0x21, 0x79, 0x1B,
+ 0xC1, 0x94, 0xA0, 0xF8, 0x06, 0x20, 0x6B, 0xFF,
+ 0xC3, 0xB9, 0x28, 0x1C, 0x2B, 0x30, 0x8B, 0x1A,
+ 0x72, 0x9C, 0xE0, 0x08, 0x11, 0x9D, 0xD3, 0x06,
+ 0x6E, 0x93, 0x78, 0xAC, 0xDC, 0xC5, 0x0A, 0x98,
+ 0xA8, 0x2E, 0x20, 0x73, 0x88, 0x00, 0xB6, 0xCD,
+ 0xDB, 0xE5, 0xFE, 0x96, 0x94, 0xAD, 0x6D},
+ 71,
+ {0xDE, 0xF4, 0xAB, 0x6C, 0xDA, 0x88, 0x39, 0x72,
+ 0x9A, 0x03, 0xE0, 0x00, 0x84, 0x66, 0x04, 0xB1,
+ 0x7F, 0x03, 0xC5, 0xD5, 0xD7, 0xEC, 0x23, 0xC4,
+ 0x83, 0x67, 0x0A, 0x13, 0xE1, 0x15, 0x73, 0xC1,
+ 0xE9, 0x34, 0x7A, 0x63, 0xEC, 0x69, 0xA5, 0xAB,
+ 0xB2, 0x13, 0x05, 0xF9, 0x38, 0x2E, 0xCD, 0xAA,
+ 0xAB, 0xC6, 0x85, 0x0F, 0x92, 0x84, 0x0E, 0x86,
+ 0xF8, 0x8F, 0x4D, 0xAB, 0xFC, 0xD9, 0x3C, 0xC0}
+};
+static TestHashVector const testVectorSHA3_512_5 = {
+ "SHA3-512 #5",
+ {0x1E, 0xED, 0x9C, 0xBA, 0x17, 0x9A, 0x00, 0x9E,
+ 0xC2, 0xEC, 0x55, 0x08, 0x77, 0x3D, 0xD3, 0x05,
+ 0x47, 0x7C, 0xA1, 0x17, 0xE6, 0xD5, 0x69, 0xE6,
+ 0x6B, 0x5F, 0x64, 0xC6, 0xBC, 0x64, 0x80, 0x1C,
+ 0xE2, 0x5A, 0x84, 0x24, 0xCE, 0x4A, 0x26, 0xD5,
+ 0x75, 0xB8, 0xA6, 0xFB, 0x10, 0xEA, 0xD3, 0xFD,
+ 0x19, 0x92, 0xED, 0xDD, 0xEE, 0xC2, 0xEB, 0xE7,
+ 0x15, 0x0D, 0xC9, 0x8F, 0x63, 0xAD, 0xC3, 0x23,
+ 0x7E, 0xF5, 0x7B, 0x91, 0x39, 0x7A, 0xA8, 0xA7},
+ 72,
+ {0xA3, 0xE1, 0x68, 0xB0, 0xD6, 0xC1, 0x43, 0xEE,
+ 0x9E, 0x17, 0xEA, 0xE9, 0x29, 0x30, 0xB9, 0x7E,
+ 0x66, 0x00, 0x35, 0x6B, 0x73, 0xAE, 0xBB, 0x5D,
+ 0x68, 0x00, 0x5D, 0xD1, 0xD0, 0x74, 0x94, 0x45,
+ 0x1A, 0x37, 0x05, 0x2F, 0x7B, 0x39, 0xFF, 0x03,
+ 0x0C, 0x1A, 0xE1, 0xD7, 0xEF, 0xC4, 0xE0, 0xC3,
+ 0x66, 0x7E, 0xB7, 0xA7, 0x6C, 0x62, 0x7E, 0xC1,
+ 0x43, 0x54, 0xC4, 0xF6, 0xA7, 0x96, 0xE2, 0xC6}
+};
+
+SHA3_512 sha3_512;
+
+byte buffer[128];
+
+bool testHash_N(Hash *hash, const struct TestHashVector *test, size_t inc)
+{
+ size_t size = test->dataSize;
+ size_t posn, len;
+ uint8_t value[HASH_SIZE];
+
+ hash->reset();
+ for (posn = 0; posn < size; posn += inc) {
+ len = size - posn;
+ if (len > inc)
+ len = inc;
+ hash->update(test->data + posn, len);
+ }
+ hash->finalize(value, sizeof(value));
+ if (memcmp(value, test->hash, sizeof(value)) != 0)
+ return false;
+
+ return true;
+}
+
+void testHash(Hash *hash, const struct TestHashVector *test)
+{
+ bool ok;
+ const char *str;
+ uint8_t ch;
+
+ Serial.print(test->name);
+ Serial.print(" ... ");
+
+ ok = testHash_N(hash, test, test->dataSize);
+ ok &= testHash_N(hash, test, 1);
+ ok &= testHash_N(hash, test, 2);
+ ok &= testHash_N(hash, test, 5);
+ ok &= testHash_N(hash, test, 8);
+ ok &= testHash_N(hash, test, 13);
+ ok &= testHash_N(hash, test, 16);
+ ok &= testHash_N(hash, test, 24);
+ ok &= testHash_N(hash, test, 63);
+ ok &= testHash_N(hash, test, 64);
+
+ if (ok)
+ Serial.println("Passed");
+ else
+ Serial.println("Failed");
+}
+
+void perfHash(Hash *hash)
+{
+ unsigned long start;
+ unsigned long elapsed;
+ int count;
+
+ Serial.print("Hashing ... ");
+
+ for (size_t posn = 0; posn < sizeof(buffer); ++posn)
+ buffer[posn] = (uint8_t)posn;
+
+ hash->reset();
+ start = micros();
+ for (count = 0; count < 500; ++count) {
+ hash->update(buffer, sizeof(buffer));
+ }
+ elapsed = micros() - start;
+
+ Serial.print(elapsed / (sizeof(buffer) * 500.0));
+ Serial.print("us per byte, ");
+ Serial.print((sizeof(buffer) * 500.0 * 1000000.0) / elapsed);
+ Serial.println(" bytes per second");
+}
+
+void setup()
+{
+ Serial.begin(9600);
+
+ Serial.println();
+
+ Serial.println("Test Vectors:");
+ testHash(&sha3_512, &testVectorSHA3_512_1);
+ testHash(&sha3_512, &testVectorSHA3_512_2);
+ testHash(&sha3_512, &testVectorSHA3_512_3);
+ testHash(&sha3_512, &testVectorSHA3_512_4);
+ testHash(&sha3_512, &testVectorSHA3_512_5);
+
+ Serial.println();
+
+ Serial.println("Performance Tests:");
+ perfHash(&sha3_512);
+}
+
+void loop()
+{
+}
diff --git a/libraries/Crypto/keywords.txt b/libraries/Crypto/keywords.txt
index d2941764..f61b941b 100644
--- a/libraries/Crypto/keywords.txt
+++ b/libraries/Crypto/keywords.txt
@@ -8,6 +8,7 @@ BLAKE2s KEYWORD1
SHA1 KEYWORD1
SHA256 KEYWORD1
SHA512 KEYWORD1
+KeccakCore KEYWORD1
Curve25519 KEYWORD1