/* The eXtended Keccak Code Package (XKCP) https://github.com/XKCP/XKCP The Keccak-p permutations, designed by Guido Bertoni, Joan Daemen, Michaƫl Peeters and Gilles Van Assche. Implementation by the designers, hereby denoted as "the implementer". For more information, feedback or questions, please refer to the Keccak Team website: https://keccak.team/ To the extent possible under law, the implementer has waived all copyright and related or neighboring rights to the source code in this file. http://creativecommons.org/publicdomain/zero/1.0/ --- This file implements Keccak-p[1600] in a SnP-compatible way. Please refer to SnP-documentation.h for more details. This implementation comes with KeccakP-1600-SnP.h in the same folder. Please refer to LowLevel.build for the exact list of other files it must be combined with. */ #if DEBUG #include #endif #include #include #include #include #include "brg_endian.h" #ifdef KeccakReference #include "displayIntermediateValues.h" #endif typedef uint64_t tKeccakLane; #define maxNrRounds 24 #define nrLanes 25 #define index(x, y) (((x)%5)+5*((y)%5)) #ifdef KeccakReference static tKeccakLane KeccakRoundConstants[maxNrRounds]; static unsigned int KeccakRhoOffsets[nrLanes]; /* ---------------------------------------------------------------- */ void KeccakP1600_InitializeRoundConstants(void); void KeccakP1600_InitializeRhoOffsets(void); static int LFSR86540(uint8_t *LFSR); void KeccakP1600_StaticInitialize(void) { if (sizeof(tKeccakLane) != 8) { printf("tKeccakLane should be 64-bit wide\n"); abort(); } KeccakP1600_InitializeRoundConstants(); KeccakP1600_InitializeRhoOffsets(); } void KeccakP1600_InitializeRoundConstants(void) { uint8_t LFSRstate = 0x01; unsigned int i, j, bitPosition; for(i=0; i> (8*j)) & 0xFF); } #endif void KeccakP1600OnWords(tKeccakLane *state, unsigned int nrRounds) { unsigned int i; #ifdef KeccakReference displayStateAsLanes(3, "Same, with lanes as 64-bit words", state, 1600); #endif for(i=(maxNrRounds-nrRounds); i> (64-offset))) : a) static void theta(tKeccakLane *A) { unsigned int x, y; tKeccakLane C[5], D[5]; for(x=0; x<5; x++) { C[x] = 0; for(y=0; y<5; y++) C[x] ^= A[index(x, y)]; } for(x=0; x<5; x++) D[x] = ROL64(C[(x+1)%5], 1) ^ C[(x+4)%5]; for(x=0; x<5; x++) for(y=0; y<5; y++) A[index(x, y)] ^= D[x]; } static void rho(tKeccakLane *A) { unsigned int x, y; for(x=0; x<5; x++) for(y=0; y<5; y++) A[index(x, y)] = ROL64(A[index(x, y)], KeccakRhoOffsets[index(x, y)]); } static void pi(tKeccakLane *A) { unsigned int x, y; tKeccakLane tempA[25]; for(x=0; x<5; x++) for(y=0; y<5; y++) tempA[index(x, y)] = A[index(x, y)]; for(x=0; x<5; x++) for(y=0; y<5; y++) A[index(0*x+1*y, 2*x+3*y)] = tempA[index(x, y)]; } static void chi(tKeccakLane *A) { unsigned int x, y; tKeccakLane C[5]; for(y=0; y<5; y++) { for(x=0; x<5; x++) C[x] = A[index(x, y)] ^ ((~A[index(x+1, y)]) & A[index(x+2, y)]); for(x=0; x<5; x++) A[index(x, y)] = C[x]; } } static void iota(tKeccakLane *A, unsigned int indexRound) { A[index(0, 0)] ^= KeccakRoundConstants[indexRound]; } /* ---------------------------------------------------------------- */ void KeccakP1600_ExtractBytes(const void *state, unsigned char *data, unsigned int offset, unsigned int length) { #if DEBUG assert(offset < 200); assert(offset+length <= 200); #endif memcpy(data, (unsigned char*)state+offset, length); } /* ---------------------------------------------------------------- */ void KeccakP1600_ExtractAndAddBytes(const void *state, const unsigned char *input, unsigned char *output, unsigned int offset, unsigned int length) { unsigned int i; #if DEBUG assert(offset < 200); assert(offset+length <= 200); #endif for(i=0; i> 32)); fprintf(f, "%08X", (unsigned int)(KeccakRoundConstants[i] & 0xFFFFFFFFULL)); fprintf(f, "\n"); } fprintf(f, "\n"); } void KeccakP1600_DisplayRhoOffsets(FILE *f) { unsigned int x, y; for(y=0; y<5; y++) for(x=0; x<5; x++) { fprintf(f, "RhoOffset[%i][%i] = ", x, y); fprintf(f, "%2i", KeccakRhoOffsets[index(x, y)]); fprintf(f, "\n"); } fprintf(f, "\n"); }