/* The eXtended Keccak Code Package (XKCP) https://github.com/XKCP/XKCP The Keccak-p permutations, designed by Guido Bertoni, Joan Daemen, Michaƫl Peeters and Gilles Van Assche. Implementation by the designers, hereby denoted as "the implementer". For more information, feedback or questions, please refer to the Keccak Team website: https://keccak.team/ To the extent possible under law, the implementer has waived all copyright and related or neighboring rights to the source code in this file. http://creativecommons.org/publicdomain/zero/1.0/ --- This file implements Keccak-p[400] in a SnP-compatible way. Please refer to SnP-documentation.h for more details. This implementation comes with KeccakP-400-SnP.h in the same folder. Please refer to LowLevel.build for the exact list of other files it must be combined with. */ #if DEBUG #include #endif #include #include #include #include #include "brg_endian.h" #ifdef KeccakReference #include "displayIntermediateValues.h" #endif typedef uint16_t tKeccakLane; #define maxNrRounds 20 #define nrLanes 25 #define index(x, y) (((x)%5)+5*((y)%5)) #ifdef KeccakReference static tKeccakLane KeccakRoundConstants[maxNrRounds]; static unsigned int KeccakRhoOffsets[nrLanes]; /* ---------------------------------------------------------------- */ void KeccakP400_InitializeRoundConstants(void); void KeccakP400_InitializeRhoOffsets(void); static int LFSR86540(uint8_t *LFSR); void KeccakP400_StaticInitialize(void) { if (sizeof(tKeccakLane) != 2) { printf("tKeccakLane should be 16-bit wide\n"); abort(); } KeccakP400_InitializeRoundConstants(); KeccakP400_InitializeRhoOffsets(); } void KeccakP400_InitializeRoundConstants(void) { uint8_t LFSRstate = 0x01; unsigned int i, j, bitPosition; for(i=0; i> (8*j)) & 0xFF; } void KeccakP400OnWords(tKeccakLane *state, unsigned int nrRounds) { unsigned int i; #ifdef KeccakReference displayStateAsLanes(3, "Same, with lanes as 16-bit words", state, 400); #endif for(i=(maxNrRounds-nrRounds); i> (sizeof(tKeccakLane)*8-offset))) : a) static void theta(tKeccakLane *A) { unsigned int x, y; tKeccakLane C[5], D[5]; for(x=0; x<5; x++) { C[x] = 0; for(y=0; y<5; y++) C[x] ^= A[index(x, y)]; } for(x=0; x<5; x++) D[x] = ROL16(C[(x+1)%5], 1) ^ C[(x+4)%5]; for(x=0; x<5; x++) for(y=0; y<5; y++) A[index(x, y)] ^= D[x]; } static void rho(tKeccakLane *A) { unsigned int x, y; for(x=0; x<5; x++) for(y=0; y<5; y++) A[index(x, y)] = ROL16(A[index(x, y)], KeccakRhoOffsets[index(x, y)]); } static void pi(tKeccakLane *A) { unsigned int x, y; tKeccakLane tempA[25]; for(x=0; x<5; x++) for(y=0; y<5; y++) tempA[index(x, y)] = A[index(x, y)]; for(x=0; x<5; x++) for(y=0; y<5; y++) A[index(0*x+1*y, 2*x+3*y)] = tempA[index(x, y)]; } static void chi(tKeccakLane *A) { unsigned int x, y; tKeccakLane C[5]; for(y=0; y<5; y++) { for(x=0; x<5; x++) C[x] = A[index(x, y)] ^ ((~A[index(x+1, y)]) & A[index(x+2, y)]); for(x=0; x<5; x++) A[index(x, y)] = C[x]; } } static void iota(tKeccakLane *A, unsigned int indexRound) { A[index(0, 0)] ^= KeccakRoundConstants[indexRound]; } /* ---------------------------------------------------------------- */ void KeccakP400_ExtractBytes(const void *state, unsigned char *data, unsigned int offset, unsigned int length) { #if DEBUG assert(offset < 50); assert(offset+length <= 50); #endif memcpy(data, (unsigned char*)state+offset, length); } /* ---------------------------------------------------------------- */ void KeccakP400_ExtractAndAddBytes(const void *state, const unsigned char *input, unsigned char *output, unsigned int offset, unsigned int length) { unsigned int i; #if DEBUG assert(offset < 50); assert(offset+length <= 50); #endif for(i=0; i