/* The eXtended Keccak Code Package (XKCP) https://github.com/XKCP/XKCP The Keccak-p permutations, designed by Guido Bertoni, Joan Daemen, Michaƫl Peeters and Gilles Van Assche. Implementation by the designers, hereby denoted as "the implementer". For more information, feedback or questions, please refer to the Keccak Team website: https://keccak.team/ To the extent possible under law, the implementer has waived all copyright and related or neighboring rights to the source code in this file. http://creativecommons.org/publicdomain/zero/1.0/ --- This file implements Keccak-p[200] in a SnP-compatible way. Please refer to SnP-documentation.h for more details. This implementation comes with KeccakP-200-SnP.h in the same folder. Please refer to LowLevel.build for the exact list of other files it must be combined with. */ #if DEBUG #include #endif #include #include #include #include #include "brg_endian.h" #ifdef KeccakReference #include "displayIntermediateValues.h" #endif typedef uint8_t tKeccakLane; #define maxNrRounds 18 #define nrLanes 25 #define index(x, y) (((x)%5)+5*((y)%5)) #ifdef KeccakReference static tKeccakLane KeccakRoundConstants[maxNrRounds]; static unsigned int KeccakRhoOffsets[nrLanes]; /* ---------------------------------------------------------------- */ void KeccakP200_InitializeRoundConstants(void); void KeccakP200_InitializeRhoOffsets(void); static int LFSR86540(uint8_t *LFSR); void KeccakP200_StaticInitialize(void) { if (sizeof(tKeccakLane) != 1) { printf("tKeccakLane should be 8-bit wide\n"); abort(); } KeccakP200_InitializeRoundConstants(); KeccakP200_InitializeRhoOffsets(); } void KeccakP200_InitializeRoundConstants(void) { uint8_t LFSRstate = 0x01; unsigned int i, j, bitPosition; for(i=0; i> (8*j)) & 0xFF; } void KeccakP200OnWords(tKeccakLane *state, unsigned int nrRounds) { unsigned int i; #ifdef KeccakReference displayStateAsLanes(3, "Same, with lanes as 8-bit words", state, 200); #endif for(i=(maxNrRounds-nrRounds); i> (sizeof(tKeccakLane)*8-offset))) : a) static void theta(tKeccakLane *A) { unsigned int x, y; tKeccakLane C[5], D[5]; for(x=0; x<5; x++) { C[x] = 0; for(y=0; y<5; y++) C[x] ^= A[index(x, y)]; } for(x=0; x<5; x++) D[x] = ROL8(C[(x+1)%5], 1) ^ C[(x+4)%5]; for(x=0; x<5; x++) for(y=0; y<5; y++) A[index(x, y)] ^= D[x]; } static void rho(tKeccakLane *A) { unsigned int x, y; for(x=0; x<5; x++) for(y=0; y<5; y++) A[index(x, y)] = ROL8(A[index(x, y)], KeccakRhoOffsets[index(x, y)]); } static void pi(tKeccakLane *A) { unsigned int x, y; tKeccakLane tempA[25]; for(x=0; x<5; x++) for(y=0; y<5; y++) tempA[index(x, y)] = A[index(x, y)]; for(x=0; x<5; x++) for(y=0; y<5; y++) A[index(0*x+1*y, 2*x+3*y)] = tempA[index(x, y)]; } static void chi(tKeccakLane *A) { unsigned int x, y; tKeccakLane C[5]; for(y=0; y<5; y++) { for(x=0; x<5; x++) C[x] = A[index(x, y)] ^ ((~A[index(x+1, y)]) & A[index(x+2, y)]); for(x=0; x<5; x++) A[index(x, y)] = C[x]; } } static void iota(tKeccakLane *A, unsigned int indexRound) { A[index(0, 0)] ^= KeccakRoundConstants[indexRound]; } /* ---------------------------------------------------------------- */ void KeccakP200_ExtractBytes(const void *state, unsigned char *data, unsigned int offset, unsigned int length) { #if DEBUG assert(offset < 25); assert(offset+length <= 25); #endif memcpy(data, (unsigned char*)state+offset, length); } /* ---------------------------------------------------------------- */ void KeccakP200_ExtractAndAddBytes(const void *state, const unsigned char *input, unsigned char *output, unsigned int offset, unsigned int length) { unsigned int i; #if DEBUG assert(offset < 25); assert(offset+length <= 25); #endif for(i=0; i