import (
	"hash"
)

// New224 creates a new SHA3-224 hash.
// Its generic security strength is 224 bits against preimage attacks,
// and 112 bits against collision attacks.
func New224() hash.Hash {
	return new224()
}

// New256 creates a new SHA3-256 hash.
// Its generic security strength is 256 bits against preimage attacks,
// and 128 bits against collision attacks.
func New256() hash.Hash {
	return new256()
}

// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

//go:build !gc || purego || !s390x

package sha3

func new224() *state {
	return new224Generic()
}

func new256() *state {
	return new256Generic()
}

func new384() *state {
	return new384Generic()
}

func new512() *state {
	return new512Generic()

// license that can be found in the LICENSE file.

//go:build go1.4

package sha3

import (
	"crypto"
)

func init() {
	crypto.RegisterHash(crypto.SHA3_224, New224)
	crypto.RegisterHash(crypto.SHA3_256, New256)
	crypto.RegisterHash(crypto.SHA3_384, New384)
	crypto.RegisterHash(crypto.SHA3_512, New512)

func (s *asmState) Clone() ShakeHash {
	return s.clone()
}

// new224 returns an assembly implementation of SHA3-224 if available,
// otherwise it returns a generic implementation.
func new224() hash.Hash {
	if cpu.S390X.HasSHA3 {
		return newAsmState(sha3_224)
	}
	return new224Generic()
}

// new256 returns an assembly implementation of SHA3-256 if available,

	dkB := dk.dk[:0]

	for i := range s {
		dkB = polyByteEncode(dkB, s[i])
	}

	for i := range t {
		dkB = polyByteEncode(dkB, t[i])
	}
	dkB = append(dkB, ρ...)

	H := sha3.New256()
	H.Write(dkB[decryptionKeySize:])
	dkB = H.Sum(dkB)

	dkB = append(dkB, z[:]...)

	if len(dkB) != len(dk.dk) {
		panic("mlkem768: internal error: invalid decapsulation key size")
	}

	return dk

	_ "golang.org/x/crypto/sha3" // There is no SHA-3 FIPS-140 2 compliant implementation
)

// Specific instances for EC256 and company
var (
	SigningMethodES3256 *jwt.SigningMethodECDSA
	SigningMethodES3384 *jwt.SigningMethodECDSA
	SigningMethodES3512 *jwt.SigningMethodECDSA
)

func init() {
	// ES256
	SigningMethodES3256 = &jwt.SigningMethodECDSA{Name: "ES3256", Hash: crypto.SHA3_256, KeySize: 32, CurveBits: 256}

// This creates a gap sufficiently large to prevent trampoline reuse
#define NOP64 DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0;
#define NOP256 NOP64 NOP64 NOP64 NOP64
#define NOP2S10 NOP256 NOP256 NOP256 NOP256
#define NOP2S12 NOP2S10 NOP2S10 NOP2S10 NOP2S10
#define NOP2S14 NOP2S12 NOP2S12 NOP2S12 NOP2S12
#define NOP2S16 NOP2S14 NOP2S14 NOP2S14 NOP2S14
#define NOP2S18 NOP2S16 NOP2S16 NOP2S16 NOP2S16

			{
				DefaultEncryptionAction: EncryptionAction{
					Algorithm: AES256,
				},
			},
		},
	}

	actualAES256Config := &BucketSSEConfig{
		XMLNS: xmlNS,
		XMLName: xml.Name{
			Local: "ServerSideEncryptionConfiguration",
		},
		Rules: []Rule{
			{
				DefaultEncryptionAction: EncryptionAction{
					Algorithm: AES256,
				},
			},
		},
	}

	actualKMSConfig := &BucketSSEConfig{

		avxEscape | vex256 | vex66 | vex0F | vexW0, 0x4A,
	}},
	{as: AKADDD, ytab: _ykaddb, prefix: Pavx, op: opBytes{
		avxEscape | vex256 | vex66 | vex0F | vexW1, 0x4A,
	}},
	{as: AKADDQ, ytab: _ykaddb, prefix: Pavx, op: opBytes{
		avxEscape | vex256 | vex0F | vexW1, 0x4A,
	}},
	{as: AKADDW, ytab: _ykaddb, prefix: Pavx, op: opBytes{
		avxEscape | vex256 | vex0F | vexW0, 0x4A,
	}},

		},
		Expected: true,
	}, // 4
	{
		Header: http.Header{
			"X-Amz-Server-Side-Encryption":                []string{"AES256"},
			"X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id": []string{""},
		},
		Expected: true,
	}, // 5
	{Header: http.Header{"X-Amz-Server-Side-Encryption": []string{"AES256"}}, Expected: false}, // 6
}

func TestKMSIsRequested(t *testing.T) {
	for i, test := range kmsIsRequestedTests {