214 lines
5.1 KiB
C
214 lines
5.1 KiB
C
/*
|
|
The Keccak sponge function, designed by Guido Bertoni, Joan Daemen,
|
|
Michaël Peeters and Gilles Van Assche. For more information, feedback or
|
|
questions, please refer to our website: http://keccak.noekeon.org/
|
|
|
|
Implementation by the designers,
|
|
hereby denoted as "the implementer".
|
|
|
|
To the extent possible under law, the implementer has waived all copyright
|
|
and related or neighboring rights to the source code in this file.
|
|
http://creativecommons.org/publicdomain/zero/1.0/
|
|
*/
|
|
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
#include "brg_endian.h"
|
|
#include "KeccakF-1600-interface.h"
|
|
|
|
typedef unsigned char UINT8;
|
|
typedef unsigned long long int UINT64;
|
|
|
|
#define nrRounds 24
|
|
static UINT64 KeccakRoundConstants[nrRounds];
|
|
#define nrLanes 25
|
|
static unsigned int KeccakRhoOffsets[nrLanes];
|
|
|
|
/*
|
|
void KeccakPermutationOnWords(UINT64 *state);
|
|
void theta(UINT64 *A);
|
|
void rho(UINT64 *A);
|
|
void pi(UINT64 *A);
|
|
void chi(UINT64 *A);
|
|
void iota(UINT64 *A, unsigned int indexRound);
|
|
*/
|
|
|
|
#if (PLATFORM_BYTE_ORDER != IS_LITTLE_ENDIAN)
|
|
static void fromBytesToWords(UINT64 *stateAsWords, const unsigned char *state)
|
|
{
|
|
unsigned int i, j;
|
|
|
|
for(i=0; i<(KeccakPermutationSize/64); i++) {
|
|
stateAsWords[i] = 0;
|
|
for(j=0; j<(64/8); j++)
|
|
stateAsWords[i] |= (UINT64)(state[i*(64/8)+j]) << (8*j);
|
|
}
|
|
}
|
|
|
|
static void fromWordsToBytes(unsigned char *state, const UINT64 *stateAsWords)
|
|
{
|
|
unsigned int i, j;
|
|
|
|
for(i=0; i<(KeccakPermutationSize/64); i++)
|
|
for(j=0; j<(64/8); j++)
|
|
state[i*(64/8)+j] = (stateAsWords[i] >> (8*j)) & 0xFF;
|
|
}
|
|
#endif
|
|
|
|
void KeccakPermutationAfterXor(unsigned char *state, const unsigned char *data, unsigned int dataLengthInBytes)
|
|
{
|
|
unsigned int i;
|
|
|
|
for(i=0; i<dataLengthInBytes; i++)
|
|
state[i] ^= data[i];
|
|
KeccakPermutation(state);
|
|
}
|
|
|
|
#define index(x, y) (((x)%5)+5*((y)%5))
|
|
#define ROL64(a, offset) ((offset != 0) ? ((((UINT64)a) << offset) ^ (((UINT64)a) >> (64-offset))) : a)
|
|
|
|
static void theta(UINT64 *A)
|
|
{
|
|
unsigned int x, y;
|
|
UINT64 C[5], D[5];
|
|
|
|
for(x=0; x<5; x++) {
|
|
C[x] = 0;
|
|
for(y=0; y<5; y++)
|
|
C[x] ^= A[index(x, y)];
|
|
}
|
|
for(x=0; x<5; x++)
|
|
D[x] = ROL64(C[(x+1)%5], 1) ^ C[(x+4)%5];
|
|
for(x=0; x<5; x++)
|
|
for(y=0; y<5; y++)
|
|
A[index(x, y)] ^= D[x];
|
|
}
|
|
|
|
static void rho(UINT64 *A)
|
|
{
|
|
unsigned int x, y;
|
|
|
|
for(x=0; x<5; x++) for(y=0; y<5; y++)
|
|
A[index(x, y)] = ROL64(A[index(x, y)], KeccakRhoOffsets[index(x, y)]);
|
|
}
|
|
|
|
static void pi(UINT64 *A)
|
|
{
|
|
unsigned int x, y;
|
|
UINT64 tempA[25];
|
|
|
|
for(x=0; x<5; x++) for(y=0; y<5; y++)
|
|
tempA[index(x, y)] = A[index(x, y)];
|
|
for(x=0; x<5; x++) for(y=0; y<5; y++)
|
|
A[index(0*x+1*y, 2*x+3*y)] = tempA[index(x, y)];
|
|
}
|
|
|
|
static void chi(UINT64 *A)
|
|
{
|
|
unsigned int x, y;
|
|
UINT64 C[5];
|
|
|
|
for(y=0; y<5; y++) {
|
|
for(x=0; x<5; x++)
|
|
C[x] = A[index(x, y)] ^ ((~A[index(x+1, y)]) & A[index(x+2, y)]);
|
|
for(x=0; x<5; x++)
|
|
A[index(x, y)] = C[x];
|
|
}
|
|
}
|
|
|
|
static void iota(UINT64 *A, unsigned int indexRound)
|
|
{
|
|
A[index(0, 0)] ^= KeccakRoundConstants[indexRound];
|
|
}
|
|
|
|
static int LFSR86540(UINT8 *LFSR)
|
|
{
|
|
int result = ((*LFSR) & 0x01) != 0;
|
|
if (((*LFSR) & 0x80) != 0)
|
|
// Primitive polynomial over GF(2): x^8+x^6+x^5+x^4+1
|
|
(*LFSR) = ((*LFSR) << 1) ^ 0x71;
|
|
else
|
|
(*LFSR) <<= 1;
|
|
return result;
|
|
}
|
|
|
|
void KeccakPermutationOnWords(UINT64 *state)
|
|
{
|
|
unsigned int i;
|
|
|
|
for(i=0; i<nrRounds; i++) {
|
|
theta(state);
|
|
rho(state);
|
|
pi(state);
|
|
chi(state);
|
|
iota(state, i);
|
|
}
|
|
}
|
|
|
|
void KeccakPermutation(unsigned char *state)
|
|
{
|
|
#if (PLATFORM_BYTE_ORDER != IS_LITTLE_ENDIAN)
|
|
UINT64 stateAsWords[KeccakPermutationSize/64];
|
|
#endif
|
|
|
|
#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN)
|
|
KeccakPermutationOnWords((UINT64*)state);
|
|
#else
|
|
fromBytesToWords(stateAsWords, state);
|
|
KeccakPermutationOnWords(stateAsWords);
|
|
fromWordsToBytes(state, stateAsWords);
|
|
#endif
|
|
}
|
|
|
|
static void KeccakInitializeRoundConstants()
|
|
{
|
|
UINT8 LFSRstate = 0x01;
|
|
unsigned int i, j, bitPosition;
|
|
|
|
for(i=0; i<nrRounds; i++) {
|
|
KeccakRoundConstants[i] = 0;
|
|
for(j=0; j<7; j++) {
|
|
bitPosition = (1<<j)-1; //2^j-1
|
|
if (LFSR86540(&LFSRstate))
|
|
KeccakRoundConstants[i] ^= (UINT64)1<<bitPosition;
|
|
}
|
|
}
|
|
}
|
|
|
|
static void KeccakInitializeRhoOffsets()
|
|
{
|
|
unsigned int x, y, t, newX, newY;
|
|
|
|
KeccakRhoOffsets[index(0, 0)] = 0;
|
|
x = 1;
|
|
y = 0;
|
|
for(t=0; t<24; t++) {
|
|
KeccakRhoOffsets[index(x, y)] = ((t+1)*(t+2)/2) % 64;
|
|
newX = (0*x+1*y) % 5;
|
|
newY = (2*x+3*y) % 5;
|
|
x = newX;
|
|
y = newY;
|
|
}
|
|
}
|
|
|
|
void KeccakInitialize(void)
|
|
{
|
|
KeccakInitializeRoundConstants();
|
|
KeccakInitializeRhoOffsets();
|
|
}
|
|
|
|
void KeccakInitializeState(unsigned char *state)
|
|
{
|
|
memset(state, 0, KeccakPermutationSizeInBytes);
|
|
}
|
|
|
|
void KeccakAbsorb(unsigned char *state, const unsigned char *data, unsigned int laneCount)
|
|
{
|
|
KeccakPermutationAfterXor(state, data, laneCount*8);
|
|
}
|
|
|
|
void KeccakExtract(const unsigned char *state, unsigned char *data, unsigned int laneCount)
|
|
{
|
|
memcpy(data, state, laneCount*8);
|
|
}
|