/*
 * SPDX-License-Identifier: CC0-1.0
 *
 * Copyright (C) 2025 W. Kosior <koszko@koszko.org>
 */

#include "pqcrypto_bitcnt_bytes.h"
#include "pqcrypto_commitment_shake256.h"

#include <gcrypt.h>

void commitment_shake256(void * res, void const * data, size_t data_bytes,
			 void const * randomness, ulong n) {
	ulong randomness_bytes = BITCNT_BYTES(n);
	ulong commitment_bytes = randomness_bytes;
	gcry_md_hd_t hd;

	if (!n)
		abort();

	if (gcry_md_open(&hd, GCRY_MD_SHAKE256, GCRY_MD_FLAG_SECURE) !=
	    GPG_ERR_NO_ERROR)
		abort();

	gcry_md_write(hd, data, data_bytes);
	gcry_md_write(hd, randomness, randomness_bytes);

	gcry_md_extract(hd, 0, res, commitment_bytes);

	gcry_md_close(hd);

	if (n % 8) {
		((unsigned char *) res)[commitment_bytes - 1] &=
		  (1 << (n % 8)) - 1;
	}
}