Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(35302)

Delta Between Two Patch Sets: Modules/_sha3/kcp/KeccakP-1600-inplace32BI.c

Issue 16113: Add SHA-3 (Keccak) support
Left Patch Set: Created 6 years, 11 months ago
Right Patch Set: Created 3 years, 1 month ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
Right: Side by side diff | Download
« no previous file with change/comment | « Modules/_sha3/kcp/KeccakP-1600-64.macros ('k') | Modules/_sha3/kcp/KeccakP-1600-opt64.c » ('j') | no next file with change/comment »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
LEFTRIGHT
(no file at all)
1 /*
2 Implementation by the Keccak, Keyak and Ketje Teams, namely, Guido Bertoni,
3 Joan Daemen, Michaƫl Peeters, Gilles Van Assche and Ronny Van Keer, hereby
4 denoted as "the implementer".
5
6 For more information, feedback or questions, please refer to our websites:
7 http://keccak.noekeon.org/
8 http://keyak.noekeon.org/
9 http://ketje.noekeon.org/
10
11 To the extent possible under law, the implementer has waived all copyright
12 and related or neighboring rights to the source code in this file.
13 http://creativecommons.org/publicdomain/zero/1.0/
14 */
15
16 #include <string.h>
17 /* #include "brg_endian.h" */
18 #include "KeccakP-1600-SnP.h"
19 #include "SnP-Relaned.h"
20
21 typedef unsigned char UINT8;
22 typedef unsigned int UINT32;
23 /* WARNING: on 8-bit and 16-bit platforms, this should be replaced by: */
24
25 /*typedef unsigned long UINT32; */
26
27
28 #define ROL32(a, offset) ((((UINT32)a) << (offset)) ^ (((UINT32)a) >> (32-(offse t))))
29
30 /* Credit to Henry S. Warren, Hacker's Delight, Addison-Wesley, 2002 */
31
32 #define prepareToBitInterleaving(low, high, temp, temp0, temp1) \
33 temp0 = (low); \
34 temp = (temp0 ^ (temp0 >> 1)) & 0x22222222UL; temp0 = temp0 ^ temp ^ ( temp << 1); \
35 temp = (temp0 ^ (temp0 >> 2)) & 0x0C0C0C0CUL; temp0 = temp0 ^ temp ^ ( temp << 2); \
36 temp = (temp0 ^ (temp0 >> 4)) & 0x00F000F0UL; temp0 = temp0 ^ temp ^ ( temp << 4); \
37 temp = (temp0 ^ (temp0 >> 8)) & 0x0000FF00UL; temp0 = temp0 ^ temp ^ ( temp << 8); \
38 temp1 = (high); \
39 temp = (temp1 ^ (temp1 >> 1)) & 0x22222222UL; temp1 = temp1 ^ temp ^ ( temp << 1); \
40 temp = (temp1 ^ (temp1 >> 2)) & 0x0C0C0C0CUL; temp1 = temp1 ^ temp ^ ( temp << 2); \
41 temp = (temp1 ^ (temp1 >> 4)) & 0x00F000F0UL; temp1 = temp1 ^ temp ^ ( temp << 4); \
42 temp = (temp1 ^ (temp1 >> 8)) & 0x0000FF00UL; temp1 = temp1 ^ temp ^ ( temp << 8);
43
44 #define toBitInterleavingAndXOR(low, high, even, odd, temp, temp0, temp1) \
45 prepareToBitInterleaving(low, high, temp, temp0, temp1) \
46 even ^= (temp0 & 0x0000FFFF) | (temp1 << 16); \
47 odd ^= (temp0 >> 16) | (temp1 & 0xFFFF0000);
48
49 #define toBitInterleavingAndAND(low, high, even, odd, temp, temp0, temp1) \
50 prepareToBitInterleaving(low, high, temp, temp0, temp1) \
51 even &= (temp0 & 0x0000FFFF) | (temp1 << 16); \
52 odd &= (temp0 >> 16) | (temp1 & 0xFFFF0000);
53
54 #define toBitInterleavingAndSet(low, high, even, odd, temp, temp0, temp1) \
55 prepareToBitInterleaving(low, high, temp, temp0, temp1) \
56 even = (temp0 & 0x0000FFFF) | (temp1 << 16); \
57 odd = (temp0 >> 16) | (temp1 & 0xFFFF0000);
58
59 /* Credit to Henry S. Warren, Hacker's Delight, Addison-Wesley, 2002 */
60
61 #define prepareFromBitInterleaving(even, odd, temp, temp0, temp1) \
62 temp0 = (even); \
63 temp1 = (odd); \
64 temp = (temp0 & 0x0000FFFF) | (temp1 << 16); \
65 temp1 = (temp0 >> 16) | (temp1 & 0xFFFF0000); \
66 temp0 = temp; \
67 temp = (temp0 ^ (temp0 >> 8)) & 0x0000FF00UL; temp0 = temp0 ^ temp ^ ( temp << 8); \
68 temp = (temp0 ^ (temp0 >> 4)) & 0x00F000F0UL; temp0 = temp0 ^ temp ^ ( temp << 4); \
69 temp = (temp0 ^ (temp0 >> 2)) & 0x0C0C0C0CUL; temp0 = temp0 ^ temp ^ ( temp << 2); \
70 temp = (temp0 ^ (temp0 >> 1)) & 0x22222222UL; temp0 = temp0 ^ temp ^ ( temp << 1); \
71 temp = (temp1 ^ (temp1 >> 8)) & 0x0000FF00UL; temp1 = temp1 ^ temp ^ ( temp << 8); \
72 temp = (temp1 ^ (temp1 >> 4)) & 0x00F000F0UL; temp1 = temp1 ^ temp ^ ( temp << 4); \
73 temp = (temp1 ^ (temp1 >> 2)) & 0x0C0C0C0CUL; temp1 = temp1 ^ temp ^ ( temp << 2); \
74 temp = (temp1 ^ (temp1 >> 1)) & 0x22222222UL; temp1 = temp1 ^ temp ^ ( temp << 1);
75
76 #define fromBitInterleaving(even, odd, low, high, temp, temp0, temp1) \
77 prepareFromBitInterleaving(even, odd, temp, temp0, temp1) \
78 low = temp0; \
79 high = temp1;
80
81 #define fromBitInterleavingAndXOR(even, odd, lowIn, highIn, lowOut, highOut, tem p, temp0, temp1) \
82 prepareFromBitInterleaving(even, odd, temp, temp0, temp1) \
83 lowOut = lowIn ^ temp0; \
84 highOut = highIn ^ temp1;
85
86 void KeccakP1600_SetBytesInLaneToZero(void *state, unsigned int lanePosition, un signed int offset, unsigned int length)
87 {
88 UINT8 laneAsBytes[8];
89 UINT32 low, high;
90 UINT32 temp, temp0, temp1;
91 UINT32 *stateAsHalfLanes = (UINT32*)state;
92
93 memset(laneAsBytes, 0xFF, offset);
94 memset(laneAsBytes+offset, 0x00, length);
95 memset(laneAsBytes+offset+length, 0xFF, 8-offset-length);
96 #if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN)
97 low = *((UINT32*)(laneAsBytes+0));
98 high = *((UINT32*)(laneAsBytes+4));
99 #else
100 low = laneAsBytes[0]
101 | ((UINT32)(laneAsBytes[1]) << 8)
102 | ((UINT32)(laneAsBytes[2]) << 16)
103 | ((UINT32)(laneAsBytes[3]) << 24);
104 high = laneAsBytes[4]
105 | ((UINT32)(laneAsBytes[5]) << 8)
106 | ((UINT32)(laneAsBytes[6]) << 16)
107 | ((UINT32)(laneAsBytes[7]) << 24);
108 #endif
109 toBitInterleavingAndAND(low, high, stateAsHalfLanes[lanePosition*2+0], state AsHalfLanes[lanePosition*2+1], temp, temp0, temp1);
110 }
111
112 /* ---------------------------------------------------------------- */
113
114 void KeccakP1600_Initialize(void *state)
115 {
116 memset(state, 0, 200);
117 }
118
119 /* ---------------------------------------------------------------- */
120
121 void KeccakP1600_AddByte(void *state, unsigned char byte, unsigned int offset)
122 {
123 unsigned int lanePosition = offset/8;
124 unsigned int offsetInLane = offset%8;
125 UINT32 low, high;
126 UINT32 temp, temp0, temp1;
127 UINT32 *stateAsHalfLanes = (UINT32*)state;
128
129 if (offsetInLane < 4) {
130 low = (UINT32)byte << (offsetInLane*8);
131 high = 0;
132 }
133 else {
134 low = 0;
135 high = (UINT32)byte << ((offsetInLane-4)*8);
136 }
137 toBitInterleavingAndXOR(low, high, stateAsHalfLanes[lanePosition*2+0], state AsHalfLanes[lanePosition*2+1], temp, temp0, temp1);
138 }
139
140 /* ---------------------------------------------------------------- */
141
142 void KeccakP1600_AddBytesInLane(void *state, unsigned int lanePosition, const un signed char *data, unsigned int offset, unsigned int length)
143 {
144 UINT8 laneAsBytes[8];
145 UINT32 low, high;
146 UINT32 temp, temp0, temp1;
147 UINT32 *stateAsHalfLanes = (UINT32*)state;
148
149 memset(laneAsBytes, 0, 8);
150 memcpy(laneAsBytes+offset, data, length);
151 #if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN)
152 low = *((UINT32*)(laneAsBytes+0));
153 high = *((UINT32*)(laneAsBytes+4));
154 #else
155 low = laneAsBytes[0]
156 | ((UINT32)(laneAsBytes[1]) << 8)
157 | ((UINT32)(laneAsBytes[2]) << 16)
158 | ((UINT32)(laneAsBytes[3]) << 24);
159 high = laneAsBytes[4]
160 | ((UINT32)(laneAsBytes[5]) << 8)
161 | ((UINT32)(laneAsBytes[6]) << 16)
162 | ((UINT32)(laneAsBytes[7]) << 24);
163 #endif
164 toBitInterleavingAndXOR(low, high, stateAsHalfLanes[lanePosition*2+0], state AsHalfLanes[lanePosition*2+1], temp, temp0, temp1);
165 }
166
167 /* ---------------------------------------------------------------- */
168
169 void KeccakP1600_AddLanes(void *state, const unsigned char *data, unsigned int l aneCount)
170 {
171 #if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN)
172 const UINT32 * pI = (const UINT32 *)data;
173 UINT32 * pS = (UINT32*)state;
174 UINT32 t, x0, x1;
175 int i;
176 for (i = laneCount-1; i >= 0; --i) {
177 #ifdef NO_MISALIGNED_ACCESSES
178 UINT32 low;
179 UINT32 high;
180 memcpy(&low, pI++, 4);
181 memcpy(&high, pI++, 4);
182 toBitInterleavingAndXOR(low, high, *(pS++), *(pS++), t, x0, x1);
183 #else
184 toBitInterleavingAndXOR(*(pI++), *(pI++), *(pS++), *(pS++), t, x0, x1)
185 #endif
186 }
187 #else
188 unsigned int lanePosition;
189 for(lanePosition=0; lanePosition<laneCount; lanePosition++) {
190 UINT8 laneAsBytes[8];
191 memcpy(laneAsBytes, data+lanePosition*8, 8);
192 UINT32 low = laneAsBytes[0]
193 | ((UINT32)(laneAsBytes[1]) << 8)
194 | ((UINT32)(laneAsBytes[2]) << 16)
195 | ((UINT32)(laneAsBytes[3]) << 24);
196 UINT32 high = laneAsBytes[4]
197 | ((UINT32)(laneAsBytes[5]) << 8)
198 | ((UINT32)(laneAsBytes[6]) << 16)
199 | ((UINT32)(laneAsBytes[7]) << 24);
200 UINT32 even, odd, temp, temp0, temp1;
201 UINT32 *stateAsHalfLanes = (UINT32*)state;
202 toBitInterleavingAndXOR(low, high, stateAsHalfLanes[lanePosition*2+0], s tateAsHalfLanes[lanePosition*2+1], temp, temp0, temp1);
203 }
204 #endif
205 }
206
207 /* ---------------------------------------------------------------- */
208
209 void KeccakP1600_AddBytes(void *state, const unsigned char *data, unsigned int o ffset, unsigned int length)
210 {
211 SnP_AddBytes(state, data, offset, length, KeccakP1600_AddLanes, KeccakP1600_ AddBytesInLane, 8);
212 }
213
214 /* ---------------------------------------------------------------- */
215
216 void KeccakP1600_OverwriteBytesInLane(void *state, unsigned int lanePosition, co nst unsigned char *data, unsigned int offset, unsigned int length)
217 {
218 KeccakP1600_SetBytesInLaneToZero(state, lanePosition, offset, length);
219 KeccakP1600_AddBytesInLane(state, lanePosition, data, offset, length);
220 }
221
222 /* ---------------------------------------------------------------- */
223
224 void KeccakP1600_OverwriteLanes(void *state, const unsigned char *data, unsigned int laneCount)
225 {
226 #if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN)
227 const UINT32 * pI = (const UINT32 *)data;
228 UINT32 * pS = (UINT32 *)state;
229 UINT32 t, x0, x1;
230 int i;
231 for (i = laneCount-1; i >= 0; --i) {
232 #ifdef NO_MISALIGNED_ACCESSES
233 UINT32 low;
234 UINT32 high;
235 memcpy(&low, pI++, 4);
236 memcpy(&high, pI++, 4);
237 toBitInterleavingAndSet(low, high, *(pS++), *(pS++), t, x0, x1);
238 #else
239 toBitInterleavingAndSet(*(pI++), *(pI++), *(pS++), *(pS++), t, x0, x1)
240 #endif
241 }
242 #else
243 unsigned int lanePosition;
244 for(lanePosition=0; lanePosition<laneCount; lanePosition++) {
245 UINT8 laneAsBytes[8];
246 memcpy(laneAsBytes, data+lanePosition*8, 8);
247 UINT32 low = laneAsBytes[0]
248 | ((UINT32)(laneAsBytes[1]) << 8)
249 | ((UINT32)(laneAsBytes[2]) << 16)
250 | ((UINT32)(laneAsBytes[3]) << 24);
251 UINT32 high = laneAsBytes[4]
252 | ((UINT32)(laneAsBytes[5]) << 8)
253 | ((UINT32)(laneAsBytes[6]) << 16)
254 | ((UINT32)(laneAsBytes[7]) << 24);
255 UINT32 even, odd, temp, temp0, temp1;
256 UINT32 *stateAsHalfLanes = (UINT32*)state;
257 toBitInterleavingAndSet(low, high, stateAsHalfLanes[lanePosition*2+0], s tateAsHalfLanes[lanePosition*2+1], temp, temp0, temp1);
258 }
259 #endif
260 }
261
262 /* ---------------------------------------------------------------- */
263
264 void KeccakP1600_OverwriteBytes(void *state, const unsigned char *data, unsigned int offset, unsigned int length)
265 {
266 SnP_OverwriteBytes(state, data, offset, length, KeccakP1600_OverwriteLanes, KeccakP1600_OverwriteBytesInLane, 8);
267 }
268
269 /* ---------------------------------------------------------------- */
270
271 void KeccakP1600_OverwriteWithZeroes(void *state, unsigned int byteCount)
272 {
273 UINT32 *stateAsHalfLanes = (UINT32*)state;
274 unsigned int i;
275
276 for(i=0; i<byteCount/8; i++) {
277 stateAsHalfLanes[i*2+0] = 0;
278 stateAsHalfLanes[i*2+1] = 0;
279 }
280 if (byteCount%8 != 0)
281 KeccakP1600_SetBytesInLaneToZero(state, byteCount/8, 0, byteCount%8);
282 }
283
284 /* ---------------------------------------------------------------- */
285
286 void KeccakP1600_ExtractBytesInLane(const void *state, unsigned int lanePosition , unsigned char *data, unsigned int offset, unsigned int length)
287 {
288 UINT32 *stateAsHalfLanes = (UINT32*)state;
289 UINT32 low, high, temp, temp0, temp1;
290 UINT8 laneAsBytes[8];
291
292 fromBitInterleaving(stateAsHalfLanes[lanePosition*2], stateAsHalfLanes[laneP osition*2+1], low, high, temp, temp0, temp1);
293 #if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN)
294 *((UINT32*)(laneAsBytes+0)) = low;
295 *((UINT32*)(laneAsBytes+4)) = high;
296 #else
297 laneAsBytes[0] = low & 0xFF;
298 laneAsBytes[1] = (low >> 8) & 0xFF;
299 laneAsBytes[2] = (low >> 16) & 0xFF;
300 laneAsBytes[3] = (low >> 24) & 0xFF;
301 laneAsBytes[4] = high & 0xFF;
302 laneAsBytes[5] = (high >> 8) & 0xFF;
303 laneAsBytes[6] = (high >> 16) & 0xFF;
304 laneAsBytes[7] = (high >> 24) & 0xFF;
305 #endif
306 memcpy(data, laneAsBytes+offset, length);
307 }
308
309 /* ---------------------------------------------------------------- */
310
311 void KeccakP1600_ExtractLanes(const void *state, unsigned char *data, unsigned i nt laneCount)
312 {
313 #if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN)
314 UINT32 * pI = (UINT32 *)data;
315 const UINT32 * pS = ( const UINT32 *)state;
316 UINT32 t, x0, x1;
317 int i;
318 for (i = laneCount-1; i >= 0; --i) {
319 #ifdef NO_MISALIGNED_ACCESSES
320 UINT32 low;
321 UINT32 high;
322 fromBitInterleaving(*(pS++), *(pS++), low, high, t, x0, x1);
323 memcpy(pI++, &low, 4);
324 memcpy(pI++, &high, 4);
325 #else
326 fromBitInterleaving(*(pS++), *(pS++), *(pI++), *(pI++), t, x0, x1)
327 #endif
328 }
329 #else
330 unsigned int lanePosition;
331 for(lanePosition=0; lanePosition<laneCount; lanePosition++) {
332 UINT32 *stateAsHalfLanes = (UINT32*)state;
333 UINT32 low, high, temp, temp0, temp1;
334 fromBitInterleaving(stateAsHalfLanes[lanePosition*2], stateAsHalfLanes[l anePosition*2+1], low, high, temp, temp0, temp1);
335 UINT8 laneAsBytes[8];
336 laneAsBytes[0] = low & 0xFF;
337 laneAsBytes[1] = (low >> 8) & 0xFF;
338 laneAsBytes[2] = (low >> 16) & 0xFF;
339 laneAsBytes[3] = (low >> 24) & 0xFF;
340 laneAsBytes[4] = high & 0xFF;
341 laneAsBytes[5] = (high >> 8) & 0xFF;
342 laneAsBytes[6] = (high >> 16) & 0xFF;
343 laneAsBytes[7] = (high >> 24) & 0xFF;
344 memcpy(data+lanePosition*8, laneAsBytes, 8);
345 }
346 #endif
347 }
348
349 /* ---------------------------------------------------------------- */
350
351 void KeccakP1600_ExtractBytes(const void *state, unsigned char *data, unsigned i nt offset, unsigned int length)
352 {
353 SnP_ExtractBytes(state, data, offset, length, KeccakP1600_ExtractLanes, Kecc akP1600_ExtractBytesInLane, 8);
354 }
355
356 /* ---------------------------------------------------------------- */
357
358 void KeccakP1600_ExtractAndAddBytesInLane(const void *state, unsigned int lanePo sition, const unsigned char *input, unsigned char *output, unsigned int offset, unsigned int length)
359 {
360 UINT32 *stateAsHalfLanes = (UINT32*)state;
361 UINT32 low, high, temp, temp0, temp1;
362 UINT8 laneAsBytes[8];
363 unsigned int i;
364
365 fromBitInterleaving(stateAsHalfLanes[lanePosition*2], stateAsHalfLanes[laneP osition*2+1], low, high, temp, temp0, temp1);
366 #if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN)
367 *((UINT32*)(laneAsBytes+0)) = low;
368 *((UINT32*)(laneAsBytes+4)) = high;
369 #else
370 laneAsBytes[0] = low & 0xFF;
371 laneAsBytes[1] = (low >> 8) & 0xFF;
372 laneAsBytes[2] = (low >> 16) & 0xFF;
373 laneAsBytes[3] = (low >> 24) & 0xFF;
374 laneAsBytes[4] = high & 0xFF;
375 laneAsBytes[5] = (high >> 8) & 0xFF;
376 laneAsBytes[6] = (high >> 16) & 0xFF;
377 laneAsBytes[7] = (high >> 24) & 0xFF;
378 #endif
379 for(i=0; i<length; i++)
380 output[i] = input[i] ^ laneAsBytes[offset+i];
381 }
382
383 /* ---------------------------------------------------------------- */
384
385 void KeccakP1600_ExtractAndAddLanes(const void *state, const unsigned char *inpu t, unsigned char *output, unsigned int laneCount)
386 {
387 #if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN)
388 const UINT32 * pI = (const UINT32 *)input;
389 UINT32 * pO = (UINT32 *)output;
390 const UINT32 * pS = (const UINT32 *)state;
391 UINT32 t, x0, x1;
392 int i;
393 for (i = laneCount-1; i >= 0; --i) {
394 #ifdef NO_MISALIGNED_ACCESSES
395 UINT32 low;
396 UINT32 high;
397 fromBitInterleaving(*(pS++), *(pS++), low, high, t, x0, x1);
398 *(pO++) = *(pI++) ^ low;
399 *(pO++) = *(pI++) ^ high;
400 #else
401 fromBitInterleavingAndXOR(*(pS++), *(pS++), *(pI++), *(pI++), *(pO++), * (pO++), t, x0, x1)
402 #endif
403 }
404 #else
405 unsigned int lanePosition;
406 for(lanePosition=0; lanePosition<laneCount; lanePosition++) {
407 UINT32 *stateAsHalfLanes = (UINT32*)state;
408 UINT32 low, high, temp, temp0, temp1;
409 fromBitInterleaving(stateAsHalfLanes[lanePosition*2], stateAsHalfLanes[l anePosition*2+1], low, high, temp, temp0, temp1);
410 UINT8 laneAsBytes[8];
411 laneAsBytes[0] = low & 0xFF;
412 laneAsBytes[1] = (low >> 8) & 0xFF;
413 laneAsBytes[2] = (low >> 16) & 0xFF;
414 laneAsBytes[3] = (low >> 24) & 0xFF;
415 laneAsBytes[4] = high & 0xFF;
416 laneAsBytes[5] = (high >> 8) & 0xFF;
417 laneAsBytes[6] = (high >> 16) & 0xFF;
418 laneAsBytes[7] = (high >> 24) & 0xFF;
419 ((UINT32*)(output+lanePosition*8))[0] = ((UINT32*)(input+lanePosition*8) )[0] ^ (*(const UINT32*)(laneAsBytes+0));
420 ((UINT32*)(output+lanePosition*8))[1] = ((UINT32*)(input+lanePosition*8) )[0] ^ (*(const UINT32*)(laneAsBytes+4));
421 }
422 #endif
423 }
424 /* ---------------------------------------------------------------- */
425
426 void KeccakP1600_ExtractAndAddBytes(const void *state, const unsigned char *inpu t, unsigned char *output, unsigned int offset, unsigned int length)
427 {
428 SnP_ExtractAndAddBytes(state, input, output, offset, length, KeccakP1600_Ext ractAndAddLanes, KeccakP1600_ExtractAndAddBytesInLane, 8);
429 }
430
431 /* ---------------------------------------------------------------- */
432
433 static const UINT32 KeccakF1600RoundConstants_int2[2*24+1] =
434 {
435 0x00000001UL, 0x00000000UL,
436 0x00000000UL, 0x00000089UL,
437 0x00000000UL, 0x8000008bUL,
438 0x00000000UL, 0x80008080UL,
439 0x00000001UL, 0x0000008bUL,
440 0x00000001UL, 0x00008000UL,
441 0x00000001UL, 0x80008088UL,
442 0x00000001UL, 0x80000082UL,
443 0x00000000UL, 0x0000000bUL,
444 0x00000000UL, 0x0000000aUL,
445 0x00000001UL, 0x00008082UL,
446 0x00000000UL, 0x00008003UL,
447 0x00000001UL, 0x0000808bUL,
448 0x00000001UL, 0x8000000bUL,
449 0x00000001UL, 0x8000008aUL,
450 0x00000001UL, 0x80000081UL,
451 0x00000000UL, 0x80000081UL,
452 0x00000000UL, 0x80000008UL,
453 0x00000000UL, 0x00000083UL,
454 0x00000000UL, 0x80008003UL,
455 0x00000001UL, 0x80008088UL,
456 0x00000000UL, 0x80000088UL,
457 0x00000001UL, 0x00008000UL,
458 0x00000000UL, 0x80008082UL,
459 0x000000FFUL
460 };
461
462 #define KeccakAtoD_round0() \
463 Cx = Abu0^Agu0^Aku0^Amu0^Asu0; \
464 Du1 = Abe1^Age1^Ake1^Ame1^Ase1; \
465 Da0 = Cx^ROL32(Du1, 1); \
466 Cz = Abu1^Agu1^Aku1^Amu1^Asu1; \
467 Du0 = Abe0^Age0^Ake0^Ame0^Ase0; \
468 Da1 = Cz^Du0; \
469 \
470 Cw = Abi0^Agi0^Aki0^Ami0^Asi0; \
471 Do0 = Cw^ROL32(Cz, 1); \
472 Cy = Abi1^Agi1^Aki1^Ami1^Asi1; \
473 Do1 = Cy^Cx; \
474 \
475 Cx = Aba0^Aga0^Aka0^Ama0^Asa0; \
476 De0 = Cx^ROL32(Cy, 1); \
477 Cz = Aba1^Aga1^Aka1^Ama1^Asa1; \
478 De1 = Cz^Cw; \
479 \
480 Cy = Abo1^Ago1^Ako1^Amo1^Aso1; \
481 Di0 = Du0^ROL32(Cy, 1); \
482 Cw = Abo0^Ago0^Ako0^Amo0^Aso0; \
483 Di1 = Du1^Cw; \
484 \
485 Du0 = Cw^ROL32(Cz, 1); \
486 Du1 = Cy^Cx; \
487
488 #define KeccakAtoD_round1() \
489 Cx = Asu0^Agu0^Amu0^Abu1^Aku1; \
490 Du1 = Age1^Ame0^Abe0^Ake1^Ase1; \
491 Da0 = Cx^ROL32(Du1, 1); \
492 Cz = Asu1^Agu1^Amu1^Abu0^Aku0; \
493 Du0 = Age0^Ame1^Abe1^Ake0^Ase0; \
494 Da1 = Cz^Du0; \
495 \
496 Cw = Aki1^Asi1^Agi0^Ami1^Abi0; \
497 Do0 = Cw^ROL32(Cz, 1); \
498 Cy = Aki0^Asi0^Agi1^Ami0^Abi1; \
499 Do1 = Cy^Cx; \
500 \
501 Cx = Aba0^Aka1^Asa0^Aga0^Ama1; \
502 De0 = Cx^ROL32(Cy, 1); \
503 Cz = Aba1^Aka0^Asa1^Aga1^Ama0; \
504 De1 = Cz^Cw; \
505 \
506 Cy = Amo0^Abo1^Ako0^Aso1^Ago0; \
507 Di0 = Du0^ROL32(Cy, 1); \
508 Cw = Amo1^Abo0^Ako1^Aso0^Ago1; \
509 Di1 = Du1^Cw; \
510 \
511 Du0 = Cw^ROL32(Cz, 1); \
512 Du1 = Cy^Cx; \
513
514 #define KeccakAtoD_round2() \
515 Cx = Aku1^Agu0^Abu1^Asu1^Amu1; \
516 Du1 = Ame0^Ake0^Age0^Abe0^Ase1; \
517 Da0 = Cx^ROL32(Du1, 1); \
518 Cz = Aku0^Agu1^Abu0^Asu0^Amu0; \
519 Du0 = Ame1^Ake1^Age1^Abe1^Ase0; \
520 Da1 = Cz^Du0; \
521 \
522 Cw = Agi1^Abi1^Asi1^Ami0^Aki1; \
523 Do0 = Cw^ROL32(Cz, 1); \
524 Cy = Agi0^Abi0^Asi0^Ami1^Aki0; \
525 Do1 = Cy^Cx; \
526 \
527 Cx = Aba0^Asa1^Ama1^Aka1^Aga1; \
528 De0 = Cx^ROL32(Cy, 1); \
529 Cz = Aba1^Asa0^Ama0^Aka0^Aga0; \
530 De1 = Cz^Cw; \
531 \
532 Cy = Aso0^Amo0^Ako1^Ago0^Abo0; \
533 Di0 = Du0^ROL32(Cy, 1); \
534 Cw = Aso1^Amo1^Ako0^Ago1^Abo1; \
535 Di1 = Du1^Cw; \
536 \
537 Du0 = Cw^ROL32(Cz, 1); \
538 Du1 = Cy^Cx; \
539
540 #define KeccakAtoD_round3() \
541 Cx = Amu1^Agu0^Asu1^Aku0^Abu0; \
542 Du1 = Ake0^Abe1^Ame1^Age0^Ase1; \
543 Da0 = Cx^ROL32(Du1, 1); \
544 Cz = Amu0^Agu1^Asu0^Aku1^Abu1; \
545 Du0 = Ake1^Abe0^Ame0^Age1^Ase0; \
546 Da1 = Cz^Du0; \
547 \
548 Cw = Asi0^Aki0^Abi1^Ami1^Agi1; \
549 Do0 = Cw^ROL32(Cz, 1); \
550 Cy = Asi1^Aki1^Abi0^Ami0^Agi0; \
551 Do1 = Cy^Cx; \
552 \
553 Cx = Aba0^Ama0^Aga1^Asa1^Aka0; \
554 De0 = Cx^ROL32(Cy, 1); \
555 Cz = Aba1^Ama1^Aga0^Asa0^Aka1; \
556 De1 = Cz^Cw; \
557 \
558 Cy = Ago1^Aso0^Ako0^Abo0^Amo1; \
559 Di0 = Du0^ROL32(Cy, 1); \
560 Cw = Ago0^Aso1^Ako1^Abo1^Amo0; \
561 Di1 = Du1^Cw; \
562 \
563 Du0 = Cw^ROL32(Cz, 1); \
564 Du1 = Cy^Cx; \
565
566 void KeccakP1600_Permute_Nrounds(void *state, unsigned int nRounds)
567 {
568 {
569 UINT32 Da0, De0, Di0, Do0, Du0;
570 UINT32 Da1, De1, Di1, Do1, Du1;
571 UINT32 Ca0, Ce0, Ci0, Co0, Cu0;
572 UINT32 Cx, Cy, Cz, Cw;
573 #define Ba Ca0
574 #define Be Ce0
575 #define Bi Ci0
576 #define Bo Co0
577 #define Bu Cu0
578 const UINT32 *pRoundConstants = KeccakF1600RoundConstants_int2+(24-nRoun ds)*2;
579 UINT32 *stateAsHalfLanes = (UINT32*)state;
580 #define Aba0 stateAsHalfLanes[ 0]
581 #define Aba1 stateAsHalfLanes[ 1]
582 #define Abe0 stateAsHalfLanes[ 2]
583 #define Abe1 stateAsHalfLanes[ 3]
584 #define Abi0 stateAsHalfLanes[ 4]
585 #define Abi1 stateAsHalfLanes[ 5]
586 #define Abo0 stateAsHalfLanes[ 6]
587 #define Abo1 stateAsHalfLanes[ 7]
588 #define Abu0 stateAsHalfLanes[ 8]
589 #define Abu1 stateAsHalfLanes[ 9]
590 #define Aga0 stateAsHalfLanes[10]
591 #define Aga1 stateAsHalfLanes[11]
592 #define Age0 stateAsHalfLanes[12]
593 #define Age1 stateAsHalfLanes[13]
594 #define Agi0 stateAsHalfLanes[14]
595 #define Agi1 stateAsHalfLanes[15]
596 #define Ago0 stateAsHalfLanes[16]
597 #define Ago1 stateAsHalfLanes[17]
598 #define Agu0 stateAsHalfLanes[18]
599 #define Agu1 stateAsHalfLanes[19]
600 #define Aka0 stateAsHalfLanes[20]
601 #define Aka1 stateAsHalfLanes[21]
602 #define Ake0 stateAsHalfLanes[22]
603 #define Ake1 stateAsHalfLanes[23]
604 #define Aki0 stateAsHalfLanes[24]
605 #define Aki1 stateAsHalfLanes[25]
606 #define Ako0 stateAsHalfLanes[26]
607 #define Ako1 stateAsHalfLanes[27]
608 #define Aku0 stateAsHalfLanes[28]
609 #define Aku1 stateAsHalfLanes[29]
610 #define Ama0 stateAsHalfLanes[30]
611 #define Ama1 stateAsHalfLanes[31]
612 #define Ame0 stateAsHalfLanes[32]
613 #define Ame1 stateAsHalfLanes[33]
614 #define Ami0 stateAsHalfLanes[34]
615 #define Ami1 stateAsHalfLanes[35]
616 #define Amo0 stateAsHalfLanes[36]
617 #define Amo1 stateAsHalfLanes[37]
618 #define Amu0 stateAsHalfLanes[38]
619 #define Amu1 stateAsHalfLanes[39]
620 #define Asa0 stateAsHalfLanes[40]
621 #define Asa1 stateAsHalfLanes[41]
622 #define Ase0 stateAsHalfLanes[42]
623 #define Ase1 stateAsHalfLanes[43]
624 #define Asi0 stateAsHalfLanes[44]
625 #define Asi1 stateAsHalfLanes[45]
626 #define Aso0 stateAsHalfLanes[46]
627 #define Aso1 stateAsHalfLanes[47]
628 #define Asu0 stateAsHalfLanes[48]
629 #define Asu1 stateAsHalfLanes[49]
630
631 do
632 {
633 /* --- Code for 4 rounds */
634
635 /* --- using factor 2 interleaving, 64-bit lanes mapped to 32-bit wo rds */
636
637 KeccakAtoD_round0();
638
639 Ba = (Aba0^Da0);
640 Be = ROL32((Age0^De0), 22);
641 Bi = ROL32((Aki1^Di1), 22);
642 Bo = ROL32((Amo1^Do1), 11);
643 Bu = ROL32((Asu0^Du0), 7);
644 Aba0 = Ba ^((~Be)& Bi );
645 Aba0 ^= *(pRoundConstants++);
646 Age0 = Be ^((~Bi)& Bo );
647 Aki1 = Bi ^((~Bo)& Bu );
648 Amo1 = Bo ^((~Bu)& Ba );
649 Asu0 = Bu ^((~Ba)& Be );
650
651 Ba = (Aba1^Da1);
652 Be = ROL32((Age1^De1), 22);
653 Bi = ROL32((Aki0^Di0), 21);
654 Bo = ROL32((Amo0^Do0), 10);
655 Bu = ROL32((Asu1^Du1), 7);
656 Aba1 = Ba ^((~Be)& Bi );
657 Aba1 ^= *(pRoundConstants++);
658 Age1 = Be ^((~Bi)& Bo );
659 Aki0 = Bi ^((~Bo)& Bu );
660 Amo0 = Bo ^((~Bu)& Ba );
661 Asu1 = Bu ^((~Ba)& Be );
662
663 Bi = ROL32((Aka1^Da1), 2);
664 Bo = ROL32((Ame1^De1), 23);
665 Bu = ROL32((Asi1^Di1), 31);
666 Ba = ROL32((Abo0^Do0), 14);
667 Be = ROL32((Agu0^Du0), 10);
668 Aka1 = Ba ^((~Be)& Bi );
669 Ame1 = Be ^((~Bi)& Bo );
670 Asi1 = Bi ^((~Bo)& Bu );
671 Abo0 = Bo ^((~Bu)& Ba );
672 Agu0 = Bu ^((~Ba)& Be );
673
674 Bi = ROL32((Aka0^Da0), 1);
675 Bo = ROL32((Ame0^De0), 22);
676 Bu = ROL32((Asi0^Di0), 30);
677 Ba = ROL32((Abo1^Do1), 14);
678 Be = ROL32((Agu1^Du1), 10);
679 Aka0 = Ba ^((~Be)& Bi );
680 Ame0 = Be ^((~Bi)& Bo );
681 Asi0 = Bi ^((~Bo)& Bu );
682 Abo1 = Bo ^((~Bu)& Ba );
683 Agu1 = Bu ^((~Ba)& Be );
684
685 Bu = ROL32((Asa0^Da0), 9);
686 Ba = ROL32((Abe1^De1), 1);
687 Be = ROL32((Agi0^Di0), 3);
688 Bi = ROL32((Ako1^Do1), 13);
689 Bo = ROL32((Amu0^Du0), 4);
690 Asa0 = Ba ^((~Be)& Bi );
691 Abe1 = Be ^((~Bi)& Bo );
692 Agi0 = Bi ^((~Bo)& Bu );
693 Ako1 = Bo ^((~Bu)& Ba );
694 Amu0 = Bu ^((~Ba)& Be );
695
696 Bu = ROL32((Asa1^Da1), 9);
697 Ba = (Abe0^De0);
698 Be = ROL32((Agi1^Di1), 3);
699 Bi = ROL32((Ako0^Do0), 12);
700 Bo = ROL32((Amu1^Du1), 4);
701 Asa1 = Ba ^((~Be)& Bi );
702 Abe0 = Be ^((~Bi)& Bo );
703 Agi1 = Bi ^((~Bo)& Bu );
704 Ako0 = Bo ^((~Bu)& Ba );
705 Amu1 = Bu ^((~Ba)& Be );
706
707 Be = ROL32((Aga0^Da0), 18);
708 Bi = ROL32((Ake0^De0), 5);
709 Bo = ROL32((Ami1^Di1), 8);
710 Bu = ROL32((Aso0^Do0), 28);
711 Ba = ROL32((Abu1^Du1), 14);
712 Aga0 = Ba ^((~Be)& Bi );
713 Ake0 = Be ^((~Bi)& Bo );
714 Ami1 = Bi ^((~Bo)& Bu );
715 Aso0 = Bo ^((~Bu)& Ba );
716 Abu1 = Bu ^((~Ba)& Be );
717
718 Be = ROL32((Aga1^Da1), 18);
719 Bi = ROL32((Ake1^De1), 5);
720 Bo = ROL32((Ami0^Di0), 7);
721 Bu = ROL32((Aso1^Do1), 28);
722 Ba = ROL32((Abu0^Du0), 13);
723 Aga1 = Ba ^((~Be)& Bi );
724 Ake1 = Be ^((~Bi)& Bo );
725 Ami0 = Bi ^((~Bo)& Bu );
726 Aso1 = Bo ^((~Bu)& Ba );
727 Abu0 = Bu ^((~Ba)& Be );
728
729 Bo = ROL32((Ama1^Da1), 21);
730 Bu = ROL32((Ase0^De0), 1);
731 Ba = ROL32((Abi0^Di0), 31);
732 Be = ROL32((Ago1^Do1), 28);
733 Bi = ROL32((Aku1^Du1), 20);
734 Ama1 = Ba ^((~Be)& Bi );
735 Ase0 = Be ^((~Bi)& Bo );
736 Abi0 = Bi ^((~Bo)& Bu );
737 Ago1 = Bo ^((~Bu)& Ba );
738 Aku1 = Bu ^((~Ba)& Be );
739
740 Bo = ROL32((Ama0^Da0), 20);
741 Bu = ROL32((Ase1^De1), 1);
742 Ba = ROL32((Abi1^Di1), 31);
743 Be = ROL32((Ago0^Do0), 27);
744 Bi = ROL32((Aku0^Du0), 19);
745 Ama0 = Ba ^((~Be)& Bi );
746 Ase1 = Be ^((~Bi)& Bo );
747 Abi1 = Bi ^((~Bo)& Bu );
748 Ago0 = Bo ^((~Bu)& Ba );
749 Aku0 = Bu ^((~Ba)& Be );
750
751 KeccakAtoD_round1();
752
753 Ba = (Aba0^Da0);
754 Be = ROL32((Ame1^De0), 22);
755 Bi = ROL32((Agi1^Di1), 22);
756 Bo = ROL32((Aso1^Do1), 11);
757 Bu = ROL32((Aku1^Du0), 7);
758 Aba0 = Ba ^((~Be)& Bi );
759 Aba0 ^= *(pRoundConstants++);
760 Ame1 = Be ^((~Bi)& Bo );
761 Agi1 = Bi ^((~Bo)& Bu );
762 Aso1 = Bo ^((~Bu)& Ba );
763 Aku1 = Bu ^((~Ba)& Be );
764
765 Ba = (Aba1^Da1);
766 Be = ROL32((Ame0^De1), 22);
767 Bi = ROL32((Agi0^Di0), 21);
768 Bo = ROL32((Aso0^Do0), 10);
769 Bu = ROL32((Aku0^Du1), 7);
770 Aba1 = Ba ^((~Be)& Bi );
771 Aba1 ^= *(pRoundConstants++);
772 Ame0 = Be ^((~Bi)& Bo );
773 Agi0 = Bi ^((~Bo)& Bu );
774 Aso0 = Bo ^((~Bu)& Ba );
775 Aku0 = Bu ^((~Ba)& Be );
776
777 Bi = ROL32((Asa1^Da1), 2);
778 Bo = ROL32((Ake1^De1), 23);
779 Bu = ROL32((Abi1^Di1), 31);
780 Ba = ROL32((Amo1^Do0), 14);
781 Be = ROL32((Agu0^Du0), 10);
782 Asa1 = Ba ^((~Be)& Bi );
783 Ake1 = Be ^((~Bi)& Bo );
784 Abi1 = Bi ^((~Bo)& Bu );
785 Amo1 = Bo ^((~Bu)& Ba );
786 Agu0 = Bu ^((~Ba)& Be );
787
788 Bi = ROL32((Asa0^Da0), 1);
789 Bo = ROL32((Ake0^De0), 22);
790 Bu = ROL32((Abi0^Di0), 30);
791 Ba = ROL32((Amo0^Do1), 14);
792 Be = ROL32((Agu1^Du1), 10);
793 Asa0 = Ba ^((~Be)& Bi );
794 Ake0 = Be ^((~Bi)& Bo );
795 Abi0 = Bi ^((~Bo)& Bu );
796 Amo0 = Bo ^((~Bu)& Ba );
797 Agu1 = Bu ^((~Ba)& Be );
798
799 Bu = ROL32((Ama1^Da0), 9);
800 Ba = ROL32((Age1^De1), 1);
801 Be = ROL32((Asi1^Di0), 3);
802 Bi = ROL32((Ako0^Do1), 13);
803 Bo = ROL32((Abu1^Du0), 4);
804 Ama1 = Ba ^((~Be)& Bi );
805 Age1 = Be ^((~Bi)& Bo );
806 Asi1 = Bi ^((~Bo)& Bu );
807 Ako0 = Bo ^((~Bu)& Ba );
808 Abu1 = Bu ^((~Ba)& Be );
809
810 Bu = ROL32((Ama0^Da1), 9);
811 Ba = (Age0^De0);
812 Be = ROL32((Asi0^Di1), 3);
813 Bi = ROL32((Ako1^Do0), 12);
814 Bo = ROL32((Abu0^Du1), 4);
815 Ama0 = Ba ^((~Be)& Bi );
816 Age0 = Be ^((~Bi)& Bo );
817 Asi0 = Bi ^((~Bo)& Bu );
818 Ako1 = Bo ^((~Bu)& Ba );
819 Abu0 = Bu ^((~Ba)& Be );
820
821 Be = ROL32((Aka1^Da0), 18);
822 Bi = ROL32((Abe1^De0), 5);
823 Bo = ROL32((Ami0^Di1), 8);
824 Bu = ROL32((Ago1^Do0), 28);
825 Ba = ROL32((Asu1^Du1), 14);
826 Aka1 = Ba ^((~Be)& Bi );
827 Abe1 = Be ^((~Bi)& Bo );
828 Ami0 = Bi ^((~Bo)& Bu );
829 Ago1 = Bo ^((~Bu)& Ba );
830 Asu1 = Bu ^((~Ba)& Be );
831
832 Be = ROL32((Aka0^Da1), 18);
833 Bi = ROL32((Abe0^De1), 5);
834 Bo = ROL32((Ami1^Di0), 7);
835 Bu = ROL32((Ago0^Do1), 28);
836 Ba = ROL32((Asu0^Du0), 13);
837 Aka0 = Ba ^((~Be)& Bi );
838 Abe0 = Be ^((~Bi)& Bo );
839 Ami1 = Bi ^((~Bo)& Bu );
840 Ago0 = Bo ^((~Bu)& Ba );
841 Asu0 = Bu ^((~Ba)& Be );
842
843 Bo = ROL32((Aga1^Da1), 21);
844 Bu = ROL32((Ase0^De0), 1);
845 Ba = ROL32((Aki1^Di0), 31);
846 Be = ROL32((Abo1^Do1), 28);
847 Bi = ROL32((Amu1^Du1), 20);
848 Aga1 = Ba ^((~Be)& Bi );
849 Ase0 = Be ^((~Bi)& Bo );
850 Aki1 = Bi ^((~Bo)& Bu );
851 Abo1 = Bo ^((~Bu)& Ba );
852 Amu1 = Bu ^((~Ba)& Be );
853
854 Bo = ROL32((Aga0^Da0), 20);
855 Bu = ROL32((Ase1^De1), 1);
856 Ba = ROL32((Aki0^Di1), 31);
857 Be = ROL32((Abo0^Do0), 27);
858 Bi = ROL32((Amu0^Du0), 19);
859 Aga0 = Ba ^((~Be)& Bi );
860 Ase1 = Be ^((~Bi)& Bo );
861 Aki0 = Bi ^((~Bo)& Bu );
862 Abo0 = Bo ^((~Bu)& Ba );
863 Amu0 = Bu ^((~Ba)& Be );
864
865 KeccakAtoD_round2();
866
867 Ba = (Aba0^Da0);
868 Be = ROL32((Ake1^De0), 22);
869 Bi = ROL32((Asi0^Di1), 22);
870 Bo = ROL32((Ago0^Do1), 11);
871 Bu = ROL32((Amu1^Du0), 7);
872 Aba0 = Ba ^((~Be)& Bi );
873 Aba0 ^= *(pRoundConstants++);
874 Ake1 = Be ^((~Bi)& Bo );
875 Asi0 = Bi ^((~Bo)& Bu );
876 Ago0 = Bo ^((~Bu)& Ba );
877 Amu1 = Bu ^((~Ba)& Be );
878
879 Ba = (Aba1^Da1);
880 Be = ROL32((Ake0^De1), 22);
881 Bi = ROL32((Asi1^Di0), 21);
882 Bo = ROL32((Ago1^Do0), 10);
883 Bu = ROL32((Amu0^Du1), 7);
884 Aba1 = Ba ^((~Be)& Bi );
885 Aba1 ^= *(pRoundConstants++);
886 Ake0 = Be ^((~Bi)& Bo );
887 Asi1 = Bi ^((~Bo)& Bu );
888 Ago1 = Bo ^((~Bu)& Ba );
889 Amu0 = Bu ^((~Ba)& Be );
890
891 Bi = ROL32((Ama0^Da1), 2);
892 Bo = ROL32((Abe0^De1), 23);
893 Bu = ROL32((Aki0^Di1), 31);
894 Ba = ROL32((Aso1^Do0), 14);
895 Be = ROL32((Agu0^Du0), 10);
896 Ama0 = Ba ^((~Be)& Bi );
897 Abe0 = Be ^((~Bi)& Bo );
898 Aki0 = Bi ^((~Bo)& Bu );
899 Aso1 = Bo ^((~Bu)& Ba );
900 Agu0 = Bu ^((~Ba)& Be );
901
902 Bi = ROL32((Ama1^Da0), 1);
903 Bo = ROL32((Abe1^De0), 22);
904 Bu = ROL32((Aki1^Di0), 30);
905 Ba = ROL32((Aso0^Do1), 14);
906 Be = ROL32((Agu1^Du1), 10);
907 Ama1 = Ba ^((~Be)& Bi );
908 Abe1 = Be ^((~Bi)& Bo );
909 Aki1 = Bi ^((~Bo)& Bu );
910 Aso0 = Bo ^((~Bu)& Ba );
911 Agu1 = Bu ^((~Ba)& Be );
912
913 Bu = ROL32((Aga1^Da0), 9);
914 Ba = ROL32((Ame0^De1), 1);
915 Be = ROL32((Abi1^Di0), 3);
916 Bi = ROL32((Ako1^Do1), 13);
917 Bo = ROL32((Asu1^Du0), 4);
918 Aga1 = Ba ^((~Be)& Bi );
919 Ame0 = Be ^((~Bi)& Bo );
920 Abi1 = Bi ^((~Bo)& Bu );
921 Ako1 = Bo ^((~Bu)& Ba );
922 Asu1 = Bu ^((~Ba)& Be );
923
924 Bu = ROL32((Aga0^Da1), 9);
925 Ba = (Ame1^De0);
926 Be = ROL32((Abi0^Di1), 3);
927 Bi = ROL32((Ako0^Do0), 12);
928 Bo = ROL32((Asu0^Du1), 4);
929 Aga0 = Ba ^((~Be)& Bi );
930 Ame1 = Be ^((~Bi)& Bo );
931 Abi0 = Bi ^((~Bo)& Bu );
932 Ako0 = Bo ^((~Bu)& Ba );
933 Asu0 = Bu ^((~Ba)& Be );
934
935 Be = ROL32((Asa1^Da0), 18);
936 Bi = ROL32((Age1^De0), 5);
937 Bo = ROL32((Ami1^Di1), 8);
938 Bu = ROL32((Abo1^Do0), 28);
939 Ba = ROL32((Aku0^Du1), 14);
940 Asa1 = Ba ^((~Be)& Bi );
941 Age1 = Be ^((~Bi)& Bo );
942 Ami1 = Bi ^((~Bo)& Bu );
943 Abo1 = Bo ^((~Bu)& Ba );
944 Aku0 = Bu ^((~Ba)& Be );
945
946 Be = ROL32((Asa0^Da1), 18);
947 Bi = ROL32((Age0^De1), 5);
948 Bo = ROL32((Ami0^Di0), 7);
949 Bu = ROL32((Abo0^Do1), 28);
950 Ba = ROL32((Aku1^Du0), 13);
951 Asa0 = Ba ^((~Be)& Bi );
952 Age0 = Be ^((~Bi)& Bo );
953 Ami0 = Bi ^((~Bo)& Bu );
954 Abo0 = Bo ^((~Bu)& Ba );
955 Aku1 = Bu ^((~Ba)& Be );
956
957 Bo = ROL32((Aka0^Da1), 21);
958 Bu = ROL32((Ase0^De0), 1);
959 Ba = ROL32((Agi1^Di0), 31);
960 Be = ROL32((Amo0^Do1), 28);
961 Bi = ROL32((Abu0^Du1), 20);
962 Aka0 = Ba ^((~Be)& Bi );
963 Ase0 = Be ^((~Bi)& Bo );
964 Agi1 = Bi ^((~Bo)& Bu );
965 Amo0 = Bo ^((~Bu)& Ba );
966 Abu0 = Bu ^((~Ba)& Be );
967
968 Bo = ROL32((Aka1^Da0), 20);
969 Bu = ROL32((Ase1^De1), 1);
970 Ba = ROL32((Agi0^Di1), 31);
971 Be = ROL32((Amo1^Do0), 27);
972 Bi = ROL32((Abu1^Du0), 19);
973 Aka1 = Ba ^((~Be)& Bi );
974 Ase1 = Be ^((~Bi)& Bo );
975 Agi0 = Bi ^((~Bo)& Bu );
976 Amo1 = Bo ^((~Bu)& Ba );
977 Abu1 = Bu ^((~Ba)& Be );
978
979 KeccakAtoD_round3();
980
981 Ba = (Aba0^Da0);
982 Be = ROL32((Abe0^De0), 22);
983 Bi = ROL32((Abi0^Di1), 22);
984 Bo = ROL32((Abo0^Do1), 11);
985 Bu = ROL32((Abu0^Du0), 7);
986 Aba0 = Ba ^((~Be)& Bi );
987 Aba0 ^= *(pRoundConstants++);
988 Abe0 = Be ^((~Bi)& Bo );
989 Abi0 = Bi ^((~Bo)& Bu );
990 Abo0 = Bo ^((~Bu)& Ba );
991 Abu0 = Bu ^((~Ba)& Be );
992
993 Ba = (Aba1^Da1);
994 Be = ROL32((Abe1^De1), 22);
995 Bi = ROL32((Abi1^Di0), 21);
996 Bo = ROL32((Abo1^Do0), 10);
997 Bu = ROL32((Abu1^Du1), 7);
998 Aba1 = Ba ^((~Be)& Bi );
999 Aba1 ^= *(pRoundConstants++);
1000 Abe1 = Be ^((~Bi)& Bo );
1001 Abi1 = Bi ^((~Bo)& Bu );
1002 Abo1 = Bo ^((~Bu)& Ba );
1003 Abu1 = Bu ^((~Ba)& Be );
1004
1005 Bi = ROL32((Aga0^Da1), 2);
1006 Bo = ROL32((Age0^De1), 23);
1007 Bu = ROL32((Agi0^Di1), 31);
1008 Ba = ROL32((Ago0^Do0), 14);
1009 Be = ROL32((Agu0^Du0), 10);
1010 Aga0 = Ba ^((~Be)& Bi );
1011 Age0 = Be ^((~Bi)& Bo );
1012 Agi0 = Bi ^((~Bo)& Bu );
1013 Ago0 = Bo ^((~Bu)& Ba );
1014 Agu0 = Bu ^((~Ba)& Be );
1015
1016 Bi = ROL32((Aga1^Da0), 1);
1017 Bo = ROL32((Age1^De0), 22);
1018 Bu = ROL32((Agi1^Di0), 30);
1019 Ba = ROL32((Ago1^Do1), 14);
1020 Be = ROL32((Agu1^Du1), 10);
1021 Aga1 = Ba ^((~Be)& Bi );
1022 Age1 = Be ^((~Bi)& Bo );
1023 Agi1 = Bi ^((~Bo)& Bu );
1024 Ago1 = Bo ^((~Bu)& Ba );
1025 Agu1 = Bu ^((~Ba)& Be );
1026
1027 Bu = ROL32((Aka0^Da0), 9);
1028 Ba = ROL32((Ake0^De1), 1);
1029 Be = ROL32((Aki0^Di0), 3);
1030 Bi = ROL32((Ako0^Do1), 13);
1031 Bo = ROL32((Aku0^Du0), 4);
1032 Aka0 = Ba ^((~Be)& Bi );
1033 Ake0 = Be ^((~Bi)& Bo );
1034 Aki0 = Bi ^((~Bo)& Bu );
1035 Ako0 = Bo ^((~Bu)& Ba );
1036 Aku0 = Bu ^((~Ba)& Be );
1037
1038 Bu = ROL32((Aka1^Da1), 9);
1039 Ba = (Ake1^De0);
1040 Be = ROL32((Aki1^Di1), 3);
1041 Bi = ROL32((Ako1^Do0), 12);
1042 Bo = ROL32((Aku1^Du1), 4);
1043 Aka1 = Ba ^((~Be)& Bi );
1044 Ake1 = Be ^((~Bi)& Bo );
1045 Aki1 = Bi ^((~Bo)& Bu );
1046 Ako1 = Bo ^((~Bu)& Ba );
1047 Aku1 = Bu ^((~Ba)& Be );
1048
1049 Be = ROL32((Ama0^Da0), 18);
1050 Bi = ROL32((Ame0^De0), 5);
1051 Bo = ROL32((Ami0^Di1), 8);
1052 Bu = ROL32((Amo0^Do0), 28);
1053 Ba = ROL32((Amu0^Du1), 14);
1054 Ama0 = Ba ^((~Be)& Bi );
1055 Ame0 = Be ^((~Bi)& Bo );
1056 Ami0 = Bi ^((~Bo)& Bu );
1057 Amo0 = Bo ^((~Bu)& Ba );
1058 Amu0 = Bu ^((~Ba)& Be );
1059
1060 Be = ROL32((Ama1^Da1), 18);
1061 Bi = ROL32((Ame1^De1), 5);
1062 Bo = ROL32((Ami1^Di0), 7);
1063 Bu = ROL32((Amo1^Do1), 28);
1064 Ba = ROL32((Amu1^Du0), 13);
1065 Ama1 = Ba ^((~Be)& Bi );
1066 Ame1 = Be ^((~Bi)& Bo );
1067 Ami1 = Bi ^((~Bo)& Bu );
1068 Amo1 = Bo ^((~Bu)& Ba );
1069 Amu1 = Bu ^((~Ba)& Be );
1070
1071 Bo = ROL32((Asa0^Da1), 21);
1072 Bu = ROL32((Ase0^De0), 1);
1073 Ba = ROL32((Asi0^Di0), 31);
1074 Be = ROL32((Aso0^Do1), 28);
1075 Bi = ROL32((Asu0^Du1), 20);
1076 Asa0 = Ba ^((~Be)& Bi );
1077 Ase0 = Be ^((~Bi)& Bo );
1078 Asi0 = Bi ^((~Bo)& Bu );
1079 Aso0 = Bo ^((~Bu)& Ba );
1080 Asu0 = Bu ^((~Ba)& Be );
1081
1082 Bo = ROL32((Asa1^Da0), 20);
1083 Bu = ROL32((Ase1^De1), 1);
1084 Ba = ROL32((Asi1^Di1), 31);
1085 Be = ROL32((Aso1^Do0), 27);
1086 Bi = ROL32((Asu1^Du0), 19);
1087 Asa1 = Ba ^((~Be)& Bi );
1088 Ase1 = Be ^((~Bi)& Bo );
1089 Asi1 = Bi ^((~Bo)& Bu );
1090 Aso1 = Bo ^((~Bu)& Ba );
1091 Asu1 = Bu ^((~Ba)& Be );
1092 }
1093 while ( *pRoundConstants != 0xFF );
1094
1095 #undef Aba0
1096 #undef Aba1
1097 #undef Abe0
1098 #undef Abe1
1099 #undef Abi0
1100 #undef Abi1
1101 #undef Abo0
1102 #undef Abo1
1103 #undef Abu0
1104 #undef Abu1
1105 #undef Aga0
1106 #undef Aga1
1107 #undef Age0
1108 #undef Age1
1109 #undef Agi0
1110 #undef Agi1
1111 #undef Ago0
1112 #undef Ago1
1113 #undef Agu0
1114 #undef Agu1
1115 #undef Aka0
1116 #undef Aka1
1117 #undef Ake0
1118 #undef Ake1
1119 #undef Aki0
1120 #undef Aki1
1121 #undef Ako0
1122 #undef Ako1
1123 #undef Aku0
1124 #undef Aku1
1125 #undef Ama0
1126 #undef Ama1
1127 #undef Ame0
1128 #undef Ame1
1129 #undef Ami0
1130 #undef Ami1
1131 #undef Amo0
1132 #undef Amo1
1133 #undef Amu0
1134 #undef Amu1
1135 #undef Asa0
1136 #undef Asa1
1137 #undef Ase0
1138 #undef Ase1
1139 #undef Asi0
1140 #undef Asi1
1141 #undef Aso0
1142 #undef Aso1
1143 #undef Asu0
1144 #undef Asu1
1145 }
1146 }
1147
1148 /* ---------------------------------------------------------------- */
1149
1150 void KeccakP1600_Permute_12rounds(void *state)
1151 {
1152 KeccakP1600_Permute_Nrounds(state, 12);
1153 }
1154
1155 /* ---------------------------------------------------------------- */
1156
1157 void KeccakP1600_Permute_24rounds(void *state)
1158 {
1159 KeccakP1600_Permute_Nrounds(state, 24);
1160 }
LEFTRIGHT

RSS Feeds Recent Issues | This issue
This is Rietveld 894c83f36cb7+