»Core Development>Code coverage>Modules/_sha3/kcp/KeccakP-1600-inplace32BI.c

Python code coverage for Modules/_sha3/kcp/KeccakP-1600-inplace32BI.c

#countcontent
1n/a/*
2n/aImplementation by the Keccak, Keyak and Ketje Teams, namely, Guido Bertoni,
3n/aJoan Daemen, Michaël Peeters, Gilles Van Assche and Ronny Van Keer, hereby
4n/adenoted as "the implementer".
5n/a
6n/aFor more information, feedback or questions, please refer to our websites:
7n/ahttp://keccak.noekeon.org/
8n/ahttp://keyak.noekeon.org/
9n/ahttp://ketje.noekeon.org/
10n/a
11n/aTo the extent possible under law, the implementer has waived all copyright
12n/aand related or neighboring rights to the source code in this file.
13n/ahttp://creativecommons.org/publicdomain/zero/1.0/
14n/a*/
15n/a
16n/a#include <string.h>
17n/a/* #include "brg_endian.h" */
18n/a#include "KeccakP-1600-SnP.h"
19n/a#include "SnP-Relaned.h"
20n/a
21n/atypedef unsigned char UINT8;
22n/atypedef unsigned int UINT32;
23n/a/* WARNING: on 8-bit and 16-bit platforms, this should be replaced by: */
24n/a
25n/a/*typedef unsigned long UINT32; */
26n/a
27n/a
28n/a#define ROL32(a, offset) ((((UINT32)a) << (offset)) ^ (((UINT32)a) >> (32-(offset))))
29n/a
30n/a/* Credit to Henry S. Warren, Hacker's Delight, Addison-Wesley, 2002 */
31n/a
32n/a#define prepareToBitInterleaving(low, high, temp, temp0, temp1) \
33n/a temp0 = (low); \
34n/a temp = (temp0 ^ (temp0 >> 1)) & 0x22222222UL; temp0 = temp0 ^ temp ^ (temp << 1); \
35n/a temp = (temp0 ^ (temp0 >> 2)) & 0x0C0C0C0CUL; temp0 = temp0 ^ temp ^ (temp << 2); \
36n/a temp = (temp0 ^ (temp0 >> 4)) & 0x00F000F0UL; temp0 = temp0 ^ temp ^ (temp << 4); \
37n/a temp = (temp0 ^ (temp0 >> 8)) & 0x0000FF00UL; temp0 = temp0 ^ temp ^ (temp << 8); \
38n/a temp1 = (high); \
39n/a temp = (temp1 ^ (temp1 >> 1)) & 0x22222222UL; temp1 = temp1 ^ temp ^ (temp << 1); \
40n/a temp = (temp1 ^ (temp1 >> 2)) & 0x0C0C0C0CUL; temp1 = temp1 ^ temp ^ (temp << 2); \
41n/a temp = (temp1 ^ (temp1 >> 4)) & 0x00F000F0UL; temp1 = temp1 ^ temp ^ (temp << 4); \
42n/a temp = (temp1 ^ (temp1 >> 8)) & 0x0000FF00UL; temp1 = temp1 ^ temp ^ (temp << 8);
43n/a
44n/a#define toBitInterleavingAndXOR(low, high, even, odd, temp, temp0, temp1) \
45n/a prepareToBitInterleaving(low, high, temp, temp0, temp1) \
46n/a even ^= (temp0 & 0x0000FFFF) | (temp1 << 16); \
47n/a odd ^= (temp0 >> 16) | (temp1 & 0xFFFF0000);
48n/a
49n/a#define toBitInterleavingAndAND(low, high, even, odd, temp, temp0, temp1) \
50n/a prepareToBitInterleaving(low, high, temp, temp0, temp1) \
51n/a even &= (temp0 & 0x0000FFFF) | (temp1 << 16); \
52n/a odd &= (temp0 >> 16) | (temp1 & 0xFFFF0000);
53n/a
54n/a#define toBitInterleavingAndSet(low, high, even, odd, temp, temp0, temp1) \
55n/a prepareToBitInterleaving(low, high, temp, temp0, temp1) \
56n/a even = (temp0 & 0x0000FFFF) | (temp1 << 16); \
57n/a odd = (temp0 >> 16) | (temp1 & 0xFFFF0000);
58n/a
59n/a/* Credit to Henry S. Warren, Hacker's Delight, Addison-Wesley, 2002 */
60n/a
61n/a#define prepareFromBitInterleaving(even, odd, temp, temp0, temp1) \
62n/a temp0 = (even); \
63n/a temp1 = (odd); \
64n/a temp = (temp0 & 0x0000FFFF) | (temp1 << 16); \
65n/a temp1 = (temp0 >> 16) | (temp1 & 0xFFFF0000); \
66n/a temp0 = temp; \
67n/a temp = (temp0 ^ (temp0 >> 8)) & 0x0000FF00UL; temp0 = temp0 ^ temp ^ (temp << 8); \
68n/a temp = (temp0 ^ (temp0 >> 4)) & 0x00F000F0UL; temp0 = temp0 ^ temp ^ (temp << 4); \
69n/a temp = (temp0 ^ (temp0 >> 2)) & 0x0C0C0C0CUL; temp0 = temp0 ^ temp ^ (temp << 2); \
70n/a temp = (temp0 ^ (temp0 >> 1)) & 0x22222222UL; temp0 = temp0 ^ temp ^ (temp << 1); \
71n/a temp = (temp1 ^ (temp1 >> 8)) & 0x0000FF00UL; temp1 = temp1 ^ temp ^ (temp << 8); \
72n/a temp = (temp1 ^ (temp1 >> 4)) & 0x00F000F0UL; temp1 = temp1 ^ temp ^ (temp << 4); \
73n/a temp = (temp1 ^ (temp1 >> 2)) & 0x0C0C0C0CUL; temp1 = temp1 ^ temp ^ (temp << 2); \
74n/a temp = (temp1 ^ (temp1 >> 1)) & 0x22222222UL; temp1 = temp1 ^ temp ^ (temp << 1);
75n/a
76n/a#define fromBitInterleaving(even, odd, low, high, temp, temp0, temp1) \
77n/a prepareFromBitInterleaving(even, odd, temp, temp0, temp1) \
78n/a low = temp0; \
79n/a high = temp1;
80n/a
81n/a#define fromBitInterleavingAndXOR(even, odd, lowIn, highIn, lowOut, highOut, temp, temp0, temp1) \
82n/a prepareFromBitInterleaving(even, odd, temp, temp0, temp1) \
83n/a lowOut = lowIn ^ temp0; \
84n/a highOut = highIn ^ temp1;
85n/a
86n/avoid KeccakP1600_SetBytesInLaneToZero(void *state, unsigned int lanePosition, unsigned int offset, unsigned int length)
87n/a{
88n/a UINT8 laneAsBytes[8];
89n/a UINT32 low, high;
90n/a UINT32 temp, temp0, temp1;
91n/a UINT32 *stateAsHalfLanes = (UINT32*)state;
92n/a
93n/a memset(laneAsBytes, 0xFF, offset);
94n/a memset(laneAsBytes+offset, 0x00, length);
95n/a memset(laneAsBytes+offset+length, 0xFF, 8-offset-length);
96n/a#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN)
97n/a low = *((UINT32*)(laneAsBytes+0));
98n/a high = *((UINT32*)(laneAsBytes+4));
99n/a#else
100n/a low = laneAsBytes[0]
101n/a | ((UINT32)(laneAsBytes[1]) << 8)
102n/a | ((UINT32)(laneAsBytes[2]) << 16)
103n/a | ((UINT32)(laneAsBytes[3]) << 24);
104n/a high = laneAsBytes[4]
105n/a | ((UINT32)(laneAsBytes[5]) << 8)
106n/a | ((UINT32)(laneAsBytes[6]) << 16)
107n/a | ((UINT32)(laneAsBytes[7]) << 24);
108n/a#endif
109n/a toBitInterleavingAndAND(low, high, stateAsHalfLanes[lanePosition*2+0], stateAsHalfLanes[lanePosition*2+1], temp, temp0, temp1);
110n/a}
111n/a
112n/a/* ---------------------------------------------------------------- */
113n/a
114n/avoid KeccakP1600_Initialize(void *state)
115n/a{
116n/a memset(state, 0, 200);
117n/a}
118n/a
119n/a/* ---------------------------------------------------------------- */
120n/a
121n/avoid KeccakP1600_AddByte(void *state, unsigned char byte, unsigned int offset)
122n/a{
123n/a unsigned int lanePosition = offset/8;
124n/a unsigned int offsetInLane = offset%8;
125n/a UINT32 low, high;
126n/a UINT32 temp, temp0, temp1;
127n/a UINT32 *stateAsHalfLanes = (UINT32*)state;
128n/a
129n/a if (offsetInLane < 4) {
130n/a low = (UINT32)byte << (offsetInLane*8);
131n/a high = 0;
132n/a }
133n/a else {
134n/a low = 0;
135n/a high = (UINT32)byte << ((offsetInLane-4)*8);
136n/a }
137n/a toBitInterleavingAndXOR(low, high, stateAsHalfLanes[lanePosition*2+0], stateAsHalfLanes[lanePosition*2+1], temp, temp0, temp1);
138n/a}
139n/a
140n/a/* ---------------------------------------------------------------- */
141n/a
142n/avoid KeccakP1600_AddBytesInLane(void *state, unsigned int lanePosition, const unsigned char *data, unsigned int offset, unsigned int length)
143n/a{
144n/a UINT8 laneAsBytes[8];
145n/a UINT32 low, high;
146n/a UINT32 temp, temp0, temp1;
147n/a UINT32 *stateAsHalfLanes = (UINT32*)state;
148n/a
149n/a memset(laneAsBytes, 0, 8);
150n/a memcpy(laneAsBytes+offset, data, length);
151n/a#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN)
152n/a low = *((UINT32*)(laneAsBytes+0));
153n/a high = *((UINT32*)(laneAsBytes+4));
154n/a#else
155n/a low = laneAsBytes[0]
156n/a | ((UINT32)(laneAsBytes[1]) << 8)
157n/a | ((UINT32)(laneAsBytes[2]) << 16)
158n/a | ((UINT32)(laneAsBytes[3]) << 24);
159n/a high = laneAsBytes[4]
160n/a | ((UINT32)(laneAsBytes[5]) << 8)
161n/a | ((UINT32)(laneAsBytes[6]) << 16)
162n/a | ((UINT32)(laneAsBytes[7]) << 24);
163n/a#endif
164n/a toBitInterleavingAndXOR(low, high, stateAsHalfLanes[lanePosition*2+0], stateAsHalfLanes[lanePosition*2+1], temp, temp0, temp1);
165n/a}
166n/a
167n/a/* ---------------------------------------------------------------- */
168n/a
169n/avoid KeccakP1600_AddLanes(void *state, const unsigned char *data, unsigned int laneCount)
170n/a{
171n/a#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN)
172n/a const UINT32 * pI = (const UINT32 *)data;
173n/a UINT32 * pS = (UINT32*)state;
174n/a UINT32 t, x0, x1;
175n/a int i;
176n/a for (i = laneCount-1; i >= 0; --i) {
177n/a#ifdef NO_MISALIGNED_ACCESSES
178n/a UINT32 low;
179n/a UINT32 high;
180n/a memcpy(&low, pI++, 4);
181n/a memcpy(&high, pI++, 4);
182n/a toBitInterleavingAndXOR(low, high, *(pS++), *(pS++), t, x0, x1);
183n/a#else
184n/a toBitInterleavingAndXOR(*(pI++), *(pI++), *(pS++), *(pS++), t, x0, x1)
185n/a#endif
186n/a }
187n/a#else
188n/a unsigned int lanePosition;
189n/a for(lanePosition=0; lanePosition<laneCount; lanePosition++) {
190n/a UINT8 laneAsBytes[8];
191n/a UINT32 low, high, temp, temp0, temp1;
192n/a UINT32 *stateAsHalfLanes;
193n/a memcpy(laneAsBytes, data+lanePosition*8, 8);
194n/a low = laneAsBytes[0]
195n/a | ((UINT32)(laneAsBytes[1]) << 8)
196n/a | ((UINT32)(laneAsBytes[2]) << 16)
197n/a | ((UINT32)(laneAsBytes[3]) << 24);
198n/a high = laneAsBytes[4]
199n/a | ((UINT32)(laneAsBytes[5]) << 8)
200n/a | ((UINT32)(laneAsBytes[6]) << 16)
201n/a | ((UINT32)(laneAsBytes[7]) << 24);
202n/a stateAsHalfLanes = (UINT32*)state;
203n/a toBitInterleavingAndXOR(low, high, stateAsHalfLanes[lanePosition*2+0], stateAsHalfLanes[lanePosition*2+1], temp, temp0, temp1);
204n/a }
205n/a#endif
206n/a}
207n/a
208n/a/* ---------------------------------------------------------------- */
209n/a
210n/avoid KeccakP1600_AddBytes(void *state, const unsigned char *data, unsigned int offset, unsigned int length)
211n/a{
212n/a SnP_AddBytes(state, data, offset, length, KeccakP1600_AddLanes, KeccakP1600_AddBytesInLane, 8);
213n/a}
214n/a
215n/a/* ---------------------------------------------------------------- */
216n/a
217n/avoid KeccakP1600_OverwriteBytesInLane(void *state, unsigned int lanePosition, const unsigned char *data, unsigned int offset, unsigned int length)
218n/a{
219n/a KeccakP1600_SetBytesInLaneToZero(state, lanePosition, offset, length);
220n/a KeccakP1600_AddBytesInLane(state, lanePosition, data, offset, length);
221n/a}
222n/a
223n/a/* ---------------------------------------------------------------- */
224n/a
225n/avoid KeccakP1600_OverwriteLanes(void *state, const unsigned char *data, unsigned int laneCount)
226n/a{
227n/a#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN)
228n/a const UINT32 * pI = (const UINT32 *)data;
229n/a UINT32 * pS = (UINT32 *)state;
230n/a UINT32 t, x0, x1;
231n/a int i;
232n/a for (i = laneCount-1; i >= 0; --i) {
233n/a#ifdef NO_MISALIGNED_ACCESSES
234n/a UINT32 low;
235n/a UINT32 high;
236n/a memcpy(&low, pI++, 4);
237n/a memcpy(&high, pI++, 4);
238n/a toBitInterleavingAndSet(low, high, *(pS++), *(pS++), t, x0, x1);
239n/a#else
240n/a toBitInterleavingAndSet(*(pI++), *(pI++), *(pS++), *(pS++), t, x0, x1)
241n/a#endif
242n/a }
243n/a#else
244n/a unsigned int lanePosition;
245n/a for(lanePosition=0; lanePosition<laneCount; lanePosition++) {
246n/a UINT8 laneAsBytes[8];
247n/a UINT32 low, high, temp, temp0, temp1;
248n/a UINT32 *stateAsHalfLanes;
249n/a memcpy(laneAsBytes, data+lanePosition*8, 8);
250n/a low = laneAsBytes[0]
251n/a | ((UINT32)(laneAsBytes[1]) << 8)
252n/a | ((UINT32)(laneAsBytes[2]) << 16)
253n/a | ((UINT32)(laneAsBytes[3]) << 24);
254n/a high = laneAsBytes[4]
255n/a | ((UINT32)(laneAsBytes[5]) << 8)
256n/a | ((UINT32)(laneAsBytes[6]) << 16)
257n/a | ((UINT32)(laneAsBytes[7]) << 24);
258n/a stateAsHalfLanes = (UINT32*)state;
259n/a toBitInterleavingAndSet(low, high, stateAsHalfLanes[lanePosition*2+0], stateAsHalfLanes[lanePosition*2+1], temp, temp0, temp1);
260n/a }
261n/a#endif
262n/a}
263n/a
264n/a/* ---------------------------------------------------------------- */
265n/a
266n/avoid KeccakP1600_OverwriteBytes(void *state, const unsigned char *data, unsigned int offset, unsigned int length)
267n/a{
268n/a SnP_OverwriteBytes(state, data, offset, length, KeccakP1600_OverwriteLanes, KeccakP1600_OverwriteBytesInLane, 8);
269n/a}
270n/a
271n/a/* ---------------------------------------------------------------- */
272n/a
273n/avoid KeccakP1600_OverwriteWithZeroes(void *state, unsigned int byteCount)
274n/a{
275n/a UINT32 *stateAsHalfLanes = (UINT32*)state;
276n/a unsigned int i;
277n/a
278n/a for(i=0; i<byteCount/8; i++) {
279n/a stateAsHalfLanes[i*2+0] = 0;
280n/a stateAsHalfLanes[i*2+1] = 0;
281n/a }
282n/a if (byteCount%8 != 0)
283n/a KeccakP1600_SetBytesInLaneToZero(state, byteCount/8, 0, byteCount%8);
284n/a}
285n/a
286n/a/* ---------------------------------------------------------------- */
287n/a
288n/avoid KeccakP1600_ExtractBytesInLane(const void *state, unsigned int lanePosition, unsigned char *data, unsigned int offset, unsigned int length)
289n/a{
290n/a UINT32 *stateAsHalfLanes = (UINT32*)state;
291n/a UINT32 low, high, temp, temp0, temp1;
292n/a UINT8 laneAsBytes[8];
293n/a
294n/a fromBitInterleaving(stateAsHalfLanes[lanePosition*2], stateAsHalfLanes[lanePosition*2+1], low, high, temp, temp0, temp1);
295n/a#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN)
296n/a *((UINT32*)(laneAsBytes+0)) = low;
297n/a *((UINT32*)(laneAsBytes+4)) = high;
298n/a#else
299n/a laneAsBytes[0] = low & 0xFF;
300n/a laneAsBytes[1] = (low >> 8) & 0xFF;
301n/a laneAsBytes[2] = (low >> 16) & 0xFF;
302n/a laneAsBytes[3] = (low >> 24) & 0xFF;
303n/a laneAsBytes[4] = high & 0xFF;
304n/a laneAsBytes[5] = (high >> 8) & 0xFF;
305n/a laneAsBytes[6] = (high >> 16) & 0xFF;
306n/a laneAsBytes[7] = (high >> 24) & 0xFF;
307n/a#endif
308n/a memcpy(data, laneAsBytes+offset, length);
309n/a}
310n/a
311n/a/* ---------------------------------------------------------------- */
312n/a
313n/avoid KeccakP1600_ExtractLanes(const void *state, unsigned char *data, unsigned int laneCount)
314n/a{
315n/a#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN)
316n/a UINT32 * pI = (UINT32 *)data;
317n/a const UINT32 * pS = ( const UINT32 *)state;
318n/a UINT32 t, x0, x1;
319n/a int i;
320n/a for (i = laneCount-1; i >= 0; --i) {
321n/a#ifdef NO_MISALIGNED_ACCESSES
322n/a UINT32 low;
323n/a UINT32 high;
324n/a fromBitInterleaving(*(pS++), *(pS++), low, high, t, x0, x1);
325n/a memcpy(pI++, &low, 4);
326n/a memcpy(pI++, &high, 4);
327n/a#else
328n/a fromBitInterleaving(*(pS++), *(pS++), *(pI++), *(pI++), t, x0, x1)
329n/a#endif
330n/a }
331n/a#else
332n/a unsigned int lanePosition;
333n/a for(lanePosition=0; lanePosition<laneCount; lanePosition++) {
334n/a UINT32 *stateAsHalfLanes = (UINT32*)state;
335n/a UINT32 low, high, temp, temp0, temp1;
336n/a UINT8 laneAsBytes[8];
337n/a fromBitInterleaving(stateAsHalfLanes[lanePosition*2], stateAsHalfLanes[lanePosition*2+1], low, high, temp, temp0, temp1);
338n/a laneAsBytes[0] = low & 0xFF;
339n/a laneAsBytes[1] = (low >> 8) & 0xFF;
340n/a laneAsBytes[2] = (low >> 16) & 0xFF;
341n/a laneAsBytes[3] = (low >> 24) & 0xFF;
342n/a laneAsBytes[4] = high & 0xFF;
343n/a laneAsBytes[5] = (high >> 8) & 0xFF;
344n/a laneAsBytes[6] = (high >> 16) & 0xFF;
345n/a laneAsBytes[7] = (high >> 24) & 0xFF;
346n/a memcpy(data+lanePosition*8, laneAsBytes, 8);
347n/a }
348n/a#endif
349n/a}
350n/a
351n/a/* ---------------------------------------------------------------- */
352n/a
353n/avoid KeccakP1600_ExtractBytes(const void *state, unsigned char *data, unsigned int offset, unsigned int length)
354n/a{
355n/a SnP_ExtractBytes(state, data, offset, length, KeccakP1600_ExtractLanes, KeccakP1600_ExtractBytesInLane, 8);
356n/a}
357n/a
358n/a/* ---------------------------------------------------------------- */
359n/a
360n/avoid KeccakP1600_ExtractAndAddBytesInLane(const void *state, unsigned int lanePosition, const unsigned char *input, unsigned char *output, unsigned int offset, unsigned int length)
361n/a{
362n/a UINT32 *stateAsHalfLanes = (UINT32*)state;
363n/a UINT32 low, high, temp, temp0, temp1;
364n/a UINT8 laneAsBytes[8];
365n/a unsigned int i;
366n/a
367n/a fromBitInterleaving(stateAsHalfLanes[lanePosition*2], stateAsHalfLanes[lanePosition*2+1], low, high, temp, temp0, temp1);
368n/a#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN)
369n/a *((UINT32*)(laneAsBytes+0)) = low;
370n/a *((UINT32*)(laneAsBytes+4)) = high;
371n/a#else
372n/a laneAsBytes[0] = low & 0xFF;
373n/a laneAsBytes[1] = (low >> 8) & 0xFF;
374n/a laneAsBytes[2] = (low >> 16) & 0xFF;
375n/a laneAsBytes[3] = (low >> 24) & 0xFF;
376n/a laneAsBytes[4] = high & 0xFF;
377n/a laneAsBytes[5] = (high >> 8) & 0xFF;
378n/a laneAsBytes[6] = (high >> 16) & 0xFF;
379n/a laneAsBytes[7] = (high >> 24) & 0xFF;
380n/a#endif
381n/a for(i=0; i<length; i++)
382n/a output[i] = input[i] ^ laneAsBytes[offset+i];
383n/a}
384n/a
385n/a/* ---------------------------------------------------------------- */
386n/a
387n/avoid KeccakP1600_ExtractAndAddLanes(const void *state, const unsigned char *input, unsigned char *output, unsigned int laneCount)
388n/a{
389n/a#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN)
390n/a const UINT32 * pI = (const UINT32 *)input;
391n/a UINT32 * pO = (UINT32 *)output;
392n/a const UINT32 * pS = (const UINT32 *)state;
393n/a UINT32 t, x0, x1;
394n/a int i;
395n/a for (i = laneCount-1; i >= 0; --i) {
396n/a#ifdef NO_MISALIGNED_ACCESSES
397n/a UINT32 low;
398n/a UINT32 high;
399n/a fromBitInterleaving(*(pS++), *(pS++), low, high, t, x0, x1);
400n/a *(pO++) = *(pI++) ^ low;
401n/a *(pO++) = *(pI++) ^ high;
402n/a#else
403n/a fromBitInterleavingAndXOR(*(pS++), *(pS++), *(pI++), *(pI++), *(pO++), *(pO++), t, x0, x1)
404n/a#endif
405n/a }
406n/a#else
407n/a unsigned int lanePosition;
408n/a for(lanePosition=0; lanePosition<laneCount; lanePosition++) {
409n/a UINT32 *stateAsHalfLanes = (UINT32*)state;
410n/a UINT32 low, high, temp, temp0, temp1;
411n/a UINT8 laneAsBytes[8];
412n/a fromBitInterleaving(stateAsHalfLanes[lanePosition*2], stateAsHalfLanes[lanePosition*2+1], low, high, temp, temp0, temp1);
413n/a laneAsBytes[0] = low & 0xFF;
414n/a laneAsBytes[1] = (low >> 8) & 0xFF;
415n/a laneAsBytes[2] = (low >> 16) & 0xFF;
416n/a laneAsBytes[3] = (low >> 24) & 0xFF;
417n/a laneAsBytes[4] = high & 0xFF;
418n/a laneAsBytes[5] = (high >> 8) & 0xFF;
419n/a laneAsBytes[6] = (high >> 16) & 0xFF;
420n/a laneAsBytes[7] = (high >> 24) & 0xFF;
421n/a ((UINT32*)(output+lanePosition*8))[0] = ((UINT32*)(input+lanePosition*8))[0] ^ (*(const UINT32*)(laneAsBytes+0));
422n/a ((UINT32*)(output+lanePosition*8))[1] = ((UINT32*)(input+lanePosition*8))[0] ^ (*(const UINT32*)(laneAsBytes+4));
423n/a }
424n/a#endif
425n/a}
426n/a/* ---------------------------------------------------------------- */
427n/a
428n/avoid KeccakP1600_ExtractAndAddBytes(const void *state, const unsigned char *input, unsigned char *output, unsigned int offset, unsigned int length)
429n/a{
430n/a SnP_ExtractAndAddBytes(state, input, output, offset, length, KeccakP1600_ExtractAndAddLanes, KeccakP1600_ExtractAndAddBytesInLane, 8);
431n/a}
432n/a
433n/a/* ---------------------------------------------------------------- */
434n/a
435n/astatic const UINT32 KeccakF1600RoundConstants_int2[2*24+1] =
436n/a{
437n/a 0x00000001UL, 0x00000000UL,
438n/a 0x00000000UL, 0x00000089UL,
439n/a 0x00000000UL, 0x8000008bUL,
440n/a 0x00000000UL, 0x80008080UL,
441n/a 0x00000001UL, 0x0000008bUL,
442n/a 0x00000001UL, 0x00008000UL,
443n/a 0x00000001UL, 0x80008088UL,
444n/a 0x00000001UL, 0x80000082UL,
445n/a 0x00000000UL, 0x0000000bUL,
446n/a 0x00000000UL, 0x0000000aUL,
447n/a 0x00000001UL, 0x00008082UL,
448n/a 0x00000000UL, 0x00008003UL,
449n/a 0x00000001UL, 0x0000808bUL,
450n/a 0x00000001UL, 0x8000000bUL,
451n/a 0x00000001UL, 0x8000008aUL,
452n/a 0x00000001UL, 0x80000081UL,
453n/a 0x00000000UL, 0x80000081UL,
454n/a 0x00000000UL, 0x80000008UL,
455n/a 0x00000000UL, 0x00000083UL,
456n/a 0x00000000UL, 0x80008003UL,
457n/a 0x00000001UL, 0x80008088UL,
458n/a 0x00000000UL, 0x80000088UL,
459n/a 0x00000001UL, 0x00008000UL,
460n/a 0x00000000UL, 0x80008082UL,
461n/a 0x000000FFUL
462n/a};
463n/a
464n/a#define KeccakAtoD_round0() \
465n/a Cx = Abu0^Agu0^Aku0^Amu0^Asu0; \
466n/a Du1 = Abe1^Age1^Ake1^Ame1^Ase1; \
467n/a Da0 = Cx^ROL32(Du1, 1); \
468n/a Cz = Abu1^Agu1^Aku1^Amu1^Asu1; \
469n/a Du0 = Abe0^Age0^Ake0^Ame0^Ase0; \
470n/a Da1 = Cz^Du0; \
471n/a\
472n/a Cw = Abi0^Agi0^Aki0^Ami0^Asi0; \
473n/a Do0 = Cw^ROL32(Cz, 1); \
474n/a Cy = Abi1^Agi1^Aki1^Ami1^Asi1; \
475n/a Do1 = Cy^Cx; \
476n/a\
477n/a Cx = Aba0^Aga0^Aka0^Ama0^Asa0; \
478n/a De0 = Cx^ROL32(Cy, 1); \
479n/a Cz = Aba1^Aga1^Aka1^Ama1^Asa1; \
480n/a De1 = Cz^Cw; \
481n/a\
482n/a Cy = Abo1^Ago1^Ako1^Amo1^Aso1; \
483n/a Di0 = Du0^ROL32(Cy, 1); \
484n/a Cw = Abo0^Ago0^Ako0^Amo0^Aso0; \
485n/a Di1 = Du1^Cw; \
486n/a\
487n/a Du0 = Cw^ROL32(Cz, 1); \
488n/a Du1 = Cy^Cx; \
489n/a
490n/a#define KeccakAtoD_round1() \
491n/a Cx = Asu0^Agu0^Amu0^Abu1^Aku1; \
492n/a Du1 = Age1^Ame0^Abe0^Ake1^Ase1; \
493n/a Da0 = Cx^ROL32(Du1, 1); \
494n/a Cz = Asu1^Agu1^Amu1^Abu0^Aku0; \
495n/a Du0 = Age0^Ame1^Abe1^Ake0^Ase0; \
496n/a Da1 = Cz^Du0; \
497n/a\
498n/a Cw = Aki1^Asi1^Agi0^Ami1^Abi0; \
499n/a Do0 = Cw^ROL32(Cz, 1); \
500n/a Cy = Aki0^Asi0^Agi1^Ami0^Abi1; \
501n/a Do1 = Cy^Cx; \
502n/a\
503n/a Cx = Aba0^Aka1^Asa0^Aga0^Ama1; \
504n/a De0 = Cx^ROL32(Cy, 1); \
505n/a Cz = Aba1^Aka0^Asa1^Aga1^Ama0; \
506n/a De1 = Cz^Cw; \
507n/a\
508n/a Cy = Amo0^Abo1^Ako0^Aso1^Ago0; \
509n/a Di0 = Du0^ROL32(Cy, 1); \
510n/a Cw = Amo1^Abo0^Ako1^Aso0^Ago1; \
511n/a Di1 = Du1^Cw; \
512n/a\
513n/a Du0 = Cw^ROL32(Cz, 1); \
514n/a Du1 = Cy^Cx; \
515n/a
516n/a#define KeccakAtoD_round2() \
517n/a Cx = Aku1^Agu0^Abu1^Asu1^Amu1; \
518n/a Du1 = Ame0^Ake0^Age0^Abe0^Ase1; \
519n/a Da0 = Cx^ROL32(Du1, 1); \
520n/a Cz = Aku0^Agu1^Abu0^Asu0^Amu0; \
521n/a Du0 = Ame1^Ake1^Age1^Abe1^Ase0; \
522n/a Da1 = Cz^Du0; \
523n/a\
524n/a Cw = Agi1^Abi1^Asi1^Ami0^Aki1; \
525n/a Do0 = Cw^ROL32(Cz, 1); \
526n/a Cy = Agi0^Abi0^Asi0^Ami1^Aki0; \
527n/a Do1 = Cy^Cx; \
528n/a\
529n/a Cx = Aba0^Asa1^Ama1^Aka1^Aga1; \
530n/a De0 = Cx^ROL32(Cy, 1); \
531n/a Cz = Aba1^Asa0^Ama0^Aka0^Aga0; \
532n/a De1 = Cz^Cw; \
533n/a\
534n/a Cy = Aso0^Amo0^Ako1^Ago0^Abo0; \
535n/a Di0 = Du0^ROL32(Cy, 1); \
536n/a Cw = Aso1^Amo1^Ako0^Ago1^Abo1; \
537n/a Di1 = Du1^Cw; \
538n/a\
539n/a Du0 = Cw^ROL32(Cz, 1); \
540n/a Du1 = Cy^Cx; \
541n/a
542n/a#define KeccakAtoD_round3() \
543n/a Cx = Amu1^Agu0^Asu1^Aku0^Abu0; \
544n/a Du1 = Ake0^Abe1^Ame1^Age0^Ase1; \
545n/a Da0 = Cx^ROL32(Du1, 1); \
546n/a Cz = Amu0^Agu1^Asu0^Aku1^Abu1; \
547n/a Du0 = Ake1^Abe0^Ame0^Age1^Ase0; \
548n/a Da1 = Cz^Du0; \
549n/a\
550n/a Cw = Asi0^Aki0^Abi1^Ami1^Agi1; \
551n/a Do0 = Cw^ROL32(Cz, 1); \
552n/a Cy = Asi1^Aki1^Abi0^Ami0^Agi0; \
553n/a Do1 = Cy^Cx; \
554n/a\
555n/a Cx = Aba0^Ama0^Aga1^Asa1^Aka0; \
556n/a De0 = Cx^ROL32(Cy, 1); \
557n/a Cz = Aba1^Ama1^Aga0^Asa0^Aka1; \
558n/a De1 = Cz^Cw; \
559n/a\
560n/a Cy = Ago1^Aso0^Ako0^Abo0^Amo1; \
561n/a Di0 = Du0^ROL32(Cy, 1); \
562n/a Cw = Ago0^Aso1^Ako1^Abo1^Amo0; \
563n/a Di1 = Du1^Cw; \
564n/a\
565n/a Du0 = Cw^ROL32(Cz, 1); \
566n/a Du1 = Cy^Cx; \
567n/a
568n/avoid KeccakP1600_Permute_Nrounds(void *state, unsigned int nRounds)
569n/a{
570n/a {
571n/a UINT32 Da0, De0, Di0, Do0, Du0;
572n/a UINT32 Da1, De1, Di1, Do1, Du1;
573n/a UINT32 Ca0, Ce0, Ci0, Co0, Cu0;
574n/a UINT32 Cx, Cy, Cz, Cw;
575n/a #define Ba Ca0
576n/a #define Be Ce0
577n/a #define Bi Ci0
578n/a #define Bo Co0
579n/a #define Bu Cu0
580n/a const UINT32 *pRoundConstants = KeccakF1600RoundConstants_int2+(24-nRounds)*2;
581n/a UINT32 *stateAsHalfLanes = (UINT32*)state;
582n/a #define Aba0 stateAsHalfLanes[ 0]
583n/a #define Aba1 stateAsHalfLanes[ 1]
584n/a #define Abe0 stateAsHalfLanes[ 2]
585n/a #define Abe1 stateAsHalfLanes[ 3]
586n/a #define Abi0 stateAsHalfLanes[ 4]
587n/a #define Abi1 stateAsHalfLanes[ 5]
588n/a #define Abo0 stateAsHalfLanes[ 6]
589n/a #define Abo1 stateAsHalfLanes[ 7]
590n/a #define Abu0 stateAsHalfLanes[ 8]
591n/a #define Abu1 stateAsHalfLanes[ 9]
592n/a #define Aga0 stateAsHalfLanes[10]
593n/a #define Aga1 stateAsHalfLanes[11]
594n/a #define Age0 stateAsHalfLanes[12]
595n/a #define Age1 stateAsHalfLanes[13]
596n/a #define Agi0 stateAsHalfLanes[14]
597n/a #define Agi1 stateAsHalfLanes[15]
598n/a #define Ago0 stateAsHalfLanes[16]
599n/a #define Ago1 stateAsHalfLanes[17]
600n/a #define Agu0 stateAsHalfLanes[18]
601n/a #define Agu1 stateAsHalfLanes[19]
602n/a #define Aka0 stateAsHalfLanes[20]
603n/a #define Aka1 stateAsHalfLanes[21]
604n/a #define Ake0 stateAsHalfLanes[22]
605n/a #define Ake1 stateAsHalfLanes[23]
606n/a #define Aki0 stateAsHalfLanes[24]
607n/a #define Aki1 stateAsHalfLanes[25]
608n/a #define Ako0 stateAsHalfLanes[26]
609n/a #define Ako1 stateAsHalfLanes[27]
610n/a #define Aku0 stateAsHalfLanes[28]
611n/a #define Aku1 stateAsHalfLanes[29]
612n/a #define Ama0 stateAsHalfLanes[30]
613n/a #define Ama1 stateAsHalfLanes[31]
614n/a #define Ame0 stateAsHalfLanes[32]
615n/a #define Ame1 stateAsHalfLanes[33]
616n/a #define Ami0 stateAsHalfLanes[34]
617n/a #define Ami1 stateAsHalfLanes[35]
618n/a #define Amo0 stateAsHalfLanes[36]
619n/a #define Amo1 stateAsHalfLanes[37]
620n/a #define Amu0 stateAsHalfLanes[38]
621n/a #define Amu1 stateAsHalfLanes[39]
622n/a #define Asa0 stateAsHalfLanes[40]
623n/a #define Asa1 stateAsHalfLanes[41]
624n/a #define Ase0 stateAsHalfLanes[42]
625n/a #define Ase1 stateAsHalfLanes[43]
626n/a #define Asi0 stateAsHalfLanes[44]
627n/a #define Asi1 stateAsHalfLanes[45]
628n/a #define Aso0 stateAsHalfLanes[46]
629n/a #define Aso1 stateAsHalfLanes[47]
630n/a #define Asu0 stateAsHalfLanes[48]
631n/a #define Asu1 stateAsHalfLanes[49]
632n/a
633n/a do
634n/a {
635n/a /* --- Code for 4 rounds */
636n/a
637n/a /* --- using factor 2 interleaving, 64-bit lanes mapped to 32-bit words */
638n/a
639n/a KeccakAtoD_round0();
640n/a
641n/a Ba = (Aba0^Da0);
642n/a Be = ROL32((Age0^De0), 22);
643n/a Bi = ROL32((Aki1^Di1), 22);
644n/a Bo = ROL32((Amo1^Do1), 11);
645n/a Bu = ROL32((Asu0^Du0), 7);
646n/a Aba0 = Ba ^((~Be)& Bi );
647n/a Aba0 ^= *(pRoundConstants++);
648n/a Age0 = Be ^((~Bi)& Bo );
649n/a Aki1 = Bi ^((~Bo)& Bu );
650n/a Amo1 = Bo ^((~Bu)& Ba );
651n/a Asu0 = Bu ^((~Ba)& Be );
652n/a
653n/a Ba = (Aba1^Da1);
654n/a Be = ROL32((Age1^De1), 22);
655n/a Bi = ROL32((Aki0^Di0), 21);
656n/a Bo = ROL32((Amo0^Do0), 10);
657n/a Bu = ROL32((Asu1^Du1), 7);
658n/a Aba1 = Ba ^((~Be)& Bi );
659n/a Aba1 ^= *(pRoundConstants++);
660n/a Age1 = Be ^((~Bi)& Bo );
661n/a Aki0 = Bi ^((~Bo)& Bu );
662n/a Amo0 = Bo ^((~Bu)& Ba );
663n/a Asu1 = Bu ^((~Ba)& Be );
664n/a
665n/a Bi = ROL32((Aka1^Da1), 2);
666n/a Bo = ROL32((Ame1^De1), 23);
667n/a Bu = ROL32((Asi1^Di1), 31);
668n/a Ba = ROL32((Abo0^Do0), 14);
669n/a Be = ROL32((Agu0^Du0), 10);
670n/a Aka1 = Ba ^((~Be)& Bi );
671n/a Ame1 = Be ^((~Bi)& Bo );
672n/a Asi1 = Bi ^((~Bo)& Bu );
673n/a Abo0 = Bo ^((~Bu)& Ba );
674n/a Agu0 = Bu ^((~Ba)& Be );
675n/a
676n/a Bi = ROL32((Aka0^Da0), 1);
677n/a Bo = ROL32((Ame0^De0), 22);
678n/a Bu = ROL32((Asi0^Di0), 30);
679n/a Ba = ROL32((Abo1^Do1), 14);
680n/a Be = ROL32((Agu1^Du1), 10);
681n/a Aka0 = Ba ^((~Be)& Bi );
682n/a Ame0 = Be ^((~Bi)& Bo );
683n/a Asi0 = Bi ^((~Bo)& Bu );
684n/a Abo1 = Bo ^((~Bu)& Ba );
685n/a Agu1 = Bu ^((~Ba)& Be );
686n/a
687n/a Bu = ROL32((Asa0^Da0), 9);
688n/a Ba = ROL32((Abe1^De1), 1);
689n/a Be = ROL32((Agi0^Di0), 3);
690n/a Bi = ROL32((Ako1^Do1), 13);
691n/a Bo = ROL32((Amu0^Du0), 4);
692n/a Asa0 = Ba ^((~Be)& Bi );
693n/a Abe1 = Be ^((~Bi)& Bo );
694n/a Agi0 = Bi ^((~Bo)& Bu );
695n/a Ako1 = Bo ^((~Bu)& Ba );
696n/a Amu0 = Bu ^((~Ba)& Be );
697n/a
698n/a Bu = ROL32((Asa1^Da1), 9);
699n/a Ba = (Abe0^De0);
700n/a Be = ROL32((Agi1^Di1), 3);
701n/a Bi = ROL32((Ako0^Do0), 12);
702n/a Bo = ROL32((Amu1^Du1), 4);
703n/a Asa1 = Ba ^((~Be)& Bi );
704n/a Abe0 = Be ^((~Bi)& Bo );
705n/a Agi1 = Bi ^((~Bo)& Bu );
706n/a Ako0 = Bo ^((~Bu)& Ba );
707n/a Amu1 = Bu ^((~Ba)& Be );
708n/a
709n/a Be = ROL32((Aga0^Da0), 18);
710n/a Bi = ROL32((Ake0^De0), 5);
711n/a Bo = ROL32((Ami1^Di1), 8);
712n/a Bu = ROL32((Aso0^Do0), 28);
713n/a Ba = ROL32((Abu1^Du1), 14);
714n/a Aga0 = Ba ^((~Be)& Bi );
715n/a Ake0 = Be ^((~Bi)& Bo );
716n/a Ami1 = Bi ^((~Bo)& Bu );
717n/a Aso0 = Bo ^((~Bu)& Ba );
718n/a Abu1 = Bu ^((~Ba)& Be );
719n/a
720n/a Be = ROL32((Aga1^Da1), 18);
721n/a Bi = ROL32((Ake1^De1), 5);
722n/a Bo = ROL32((Ami0^Di0), 7);
723n/a Bu = ROL32((Aso1^Do1), 28);
724n/a Ba = ROL32((Abu0^Du0), 13);
725n/a Aga1 = Ba ^((~Be)& Bi );
726n/a Ake1 = Be ^((~Bi)& Bo );
727n/a Ami0 = Bi ^((~Bo)& Bu );
728n/a Aso1 = Bo ^((~Bu)& Ba );
729n/a Abu0 = Bu ^((~Ba)& Be );
730n/a
731n/a Bo = ROL32((Ama1^Da1), 21);
732n/a Bu = ROL32((Ase0^De0), 1);
733n/a Ba = ROL32((Abi0^Di0), 31);
734n/a Be = ROL32((Ago1^Do1), 28);
735n/a Bi = ROL32((Aku1^Du1), 20);
736n/a Ama1 = Ba ^((~Be)& Bi );
737n/a Ase0 = Be ^((~Bi)& Bo );
738n/a Abi0 = Bi ^((~Bo)& Bu );
739n/a Ago1 = Bo ^((~Bu)& Ba );
740n/a Aku1 = Bu ^((~Ba)& Be );
741n/a
742n/a Bo = ROL32((Ama0^Da0), 20);
743n/a Bu = ROL32((Ase1^De1), 1);
744n/a Ba = ROL32((Abi1^Di1), 31);
745n/a Be = ROL32((Ago0^Do0), 27);
746n/a Bi = ROL32((Aku0^Du0), 19);
747n/a Ama0 = Ba ^((~Be)& Bi );
748n/a Ase1 = Be ^((~Bi)& Bo );
749n/a Abi1 = Bi ^((~Bo)& Bu );
750n/a Ago0 = Bo ^((~Bu)& Ba );
751n/a Aku0 = Bu ^((~Ba)& Be );
752n/a
753n/a KeccakAtoD_round1();
754n/a
755n/a Ba = (Aba0^Da0);
756n/a Be = ROL32((Ame1^De0), 22);
757n/a Bi = ROL32((Agi1^Di1), 22);
758n/a Bo = ROL32((Aso1^Do1), 11);
759n/a Bu = ROL32((Aku1^Du0), 7);
760n/a Aba0 = Ba ^((~Be)& Bi );
761n/a Aba0 ^= *(pRoundConstants++);
762n/a Ame1 = Be ^((~Bi)& Bo );
763n/a Agi1 = Bi ^((~Bo)& Bu );
764n/a Aso1 = Bo ^((~Bu)& Ba );
765n/a Aku1 = Bu ^((~Ba)& Be );
766n/a
767n/a Ba = (Aba1^Da1);
768n/a Be = ROL32((Ame0^De1), 22);
769n/a Bi = ROL32((Agi0^Di0), 21);
770n/a Bo = ROL32((Aso0^Do0), 10);
771n/a Bu = ROL32((Aku0^Du1), 7);
772n/a Aba1 = Ba ^((~Be)& Bi );
773n/a Aba1 ^= *(pRoundConstants++);
774n/a Ame0 = Be ^((~Bi)& Bo );
775n/a Agi0 = Bi ^((~Bo)& Bu );
776n/a Aso0 = Bo ^((~Bu)& Ba );
777n/a Aku0 = Bu ^((~Ba)& Be );
778n/a
779n/a Bi = ROL32((Asa1^Da1), 2);
780n/a Bo = ROL32((Ake1^De1), 23);
781n/a Bu = ROL32((Abi1^Di1), 31);
782n/a Ba = ROL32((Amo1^Do0), 14);
783n/a Be = ROL32((Agu0^Du0), 10);
784n/a Asa1 = Ba ^((~Be)& Bi );
785n/a Ake1 = Be ^((~Bi)& Bo );
786n/a Abi1 = Bi ^((~Bo)& Bu );
787n/a Amo1 = Bo ^((~Bu)& Ba );
788n/a Agu0 = Bu ^((~Ba)& Be );
789n/a
790n/a Bi = ROL32((Asa0^Da0), 1);
791n/a Bo = ROL32((Ake0^De0), 22);
792n/a Bu = ROL32((Abi0^Di0), 30);
793n/a Ba = ROL32((Amo0^Do1), 14);
794n/a Be = ROL32((Agu1^Du1), 10);
795n/a Asa0 = Ba ^((~Be)& Bi );
796n/a Ake0 = Be ^((~Bi)& Bo );
797n/a Abi0 = Bi ^((~Bo)& Bu );
798n/a Amo0 = Bo ^((~Bu)& Ba );
799n/a Agu1 = Bu ^((~Ba)& Be );
800n/a
801n/a Bu = ROL32((Ama1^Da0), 9);
802n/a Ba = ROL32((Age1^De1), 1);
803n/a Be = ROL32((Asi1^Di0), 3);
804n/a Bi = ROL32((Ako0^Do1), 13);
805n/a Bo = ROL32((Abu1^Du0), 4);
806n/a Ama1 = Ba ^((~Be)& Bi );
807n/a Age1 = Be ^((~Bi)& Bo );
808n/a Asi1 = Bi ^((~Bo)& Bu );
809n/a Ako0 = Bo ^((~Bu)& Ba );
810n/a Abu1 = Bu ^((~Ba)& Be );
811n/a
812n/a Bu = ROL32((Ama0^Da1), 9);
813n/a Ba = (Age0^De0);
814n/a Be = ROL32((Asi0^Di1), 3);
815n/a Bi = ROL32((Ako1^Do0), 12);
816n/a Bo = ROL32((Abu0^Du1), 4);
817n/a Ama0 = Ba ^((~Be)& Bi );
818n/a Age0 = Be ^((~Bi)& Bo );
819n/a Asi0 = Bi ^((~Bo)& Bu );
820n/a Ako1 = Bo ^((~Bu)& Ba );
821n/a Abu0 = Bu ^((~Ba)& Be );
822n/a
823n/a Be = ROL32((Aka1^Da0), 18);
824n/a Bi = ROL32((Abe1^De0), 5);
825n/a Bo = ROL32((Ami0^Di1), 8);
826n/a Bu = ROL32((Ago1^Do0), 28);
827n/a Ba = ROL32((Asu1^Du1), 14);
828n/a Aka1 = Ba ^((~Be)& Bi );
829n/a Abe1 = Be ^((~Bi)& Bo );
830n/a Ami0 = Bi ^((~Bo)& Bu );
831n/a Ago1 = Bo ^((~Bu)& Ba );
832n/a Asu1 = Bu ^((~Ba)& Be );
833n/a
834n/a Be = ROL32((Aka0^Da1), 18);
835n/a Bi = ROL32((Abe0^De1), 5);
836n/a Bo = ROL32((Ami1^Di0), 7);
837n/a Bu = ROL32((Ago0^Do1), 28);
838n/a Ba = ROL32((Asu0^Du0), 13);
839n/a Aka0 = Ba ^((~Be)& Bi );
840n/a Abe0 = Be ^((~Bi)& Bo );
841n/a Ami1 = Bi ^((~Bo)& Bu );
842n/a Ago0 = Bo ^((~Bu)& Ba );
843n/a Asu0 = Bu ^((~Ba)& Be );
844n/a
845n/a Bo = ROL32((Aga1^Da1), 21);
846n/a Bu = ROL32((Ase0^De0), 1);
847n/a Ba = ROL32((Aki1^Di0), 31);
848n/a Be = ROL32((Abo1^Do1), 28);
849n/a Bi = ROL32((Amu1^Du1), 20);
850n/a Aga1 = Ba ^((~Be)& Bi );
851n/a Ase0 = Be ^((~Bi)& Bo );
852n/a Aki1 = Bi ^((~Bo)& Bu );
853n/a Abo1 = Bo ^((~Bu)& Ba );
854n/a Amu1 = Bu ^((~Ba)& Be );
855n/a
856n/a Bo = ROL32((Aga0^Da0), 20);
857n/a Bu = ROL32((Ase1^De1), 1);
858n/a Ba = ROL32((Aki0^Di1), 31);
859n/a Be = ROL32((Abo0^Do0), 27);
860n/a Bi = ROL32((Amu0^Du0), 19);
861n/a Aga0 = Ba ^((~Be)& Bi );
862n/a Ase1 = Be ^((~Bi)& Bo );
863n/a Aki0 = Bi ^((~Bo)& Bu );
864n/a Abo0 = Bo ^((~Bu)& Ba );
865n/a Amu0 = Bu ^((~Ba)& Be );
866n/a
867n/a KeccakAtoD_round2();
868n/a
869n/a Ba = (Aba0^Da0);
870n/a Be = ROL32((Ake1^De0), 22);
871n/a Bi = ROL32((Asi0^Di1), 22);
872n/a Bo = ROL32((Ago0^Do1), 11);
873n/a Bu = ROL32((Amu1^Du0), 7);
874n/a Aba0 = Ba ^((~Be)& Bi );
875n/a Aba0 ^= *(pRoundConstants++);
876n/a Ake1 = Be ^((~Bi)& Bo );
877n/a Asi0 = Bi ^((~Bo)& Bu );
878n/a Ago0 = Bo ^((~Bu)& Ba );
879n/a Amu1 = Bu ^((~Ba)& Be );
880n/a
881n/a Ba = (Aba1^Da1);
882n/a Be = ROL32((Ake0^De1), 22);
883n/a Bi = ROL32((Asi1^Di0), 21);
884n/a Bo = ROL32((Ago1^Do0), 10);
885n/a Bu = ROL32((Amu0^Du1), 7);
886n/a Aba1 = Ba ^((~Be)& Bi );
887n/a Aba1 ^= *(pRoundConstants++);
888n/a Ake0 = Be ^((~Bi)& Bo );
889n/a Asi1 = Bi ^((~Bo)& Bu );
890n/a Ago1 = Bo ^((~Bu)& Ba );
891n/a Amu0 = Bu ^((~Ba)& Be );
892n/a
893n/a Bi = ROL32((Ama0^Da1), 2);
894n/a Bo = ROL32((Abe0^De1), 23);
895n/a Bu = ROL32((Aki0^Di1), 31);
896n/a Ba = ROL32((Aso1^Do0), 14);
897n/a Be = ROL32((Agu0^Du0), 10);
898n/a Ama0 = Ba ^((~Be)& Bi );
899n/a Abe0 = Be ^((~Bi)& Bo );
900n/a Aki0 = Bi ^((~Bo)& Bu );
901n/a Aso1 = Bo ^((~Bu)& Ba );
902n/a Agu0 = Bu ^((~Ba)& Be );
903n/a
904n/a Bi = ROL32((Ama1^Da0), 1);
905n/a Bo = ROL32((Abe1^De0), 22);
906n/a Bu = ROL32((Aki1^Di0), 30);
907n/a Ba = ROL32((Aso0^Do1), 14);
908n/a Be = ROL32((Agu1^Du1), 10);
909n/a Ama1 = Ba ^((~Be)& Bi );
910n/a Abe1 = Be ^((~Bi)& Bo );
911n/a Aki1 = Bi ^((~Bo)& Bu );
912n/a Aso0 = Bo ^((~Bu)& Ba );
913n/a Agu1 = Bu ^((~Ba)& Be );
914n/a
915n/a Bu = ROL32((Aga1^Da0), 9);
916n/a Ba = ROL32((Ame0^De1), 1);
917n/a Be = ROL32((Abi1^Di0), 3);
918n/a Bi = ROL32((Ako1^Do1), 13);
919n/a Bo = ROL32((Asu1^Du0), 4);
920n/a Aga1 = Ba ^((~Be)& Bi );
921n/a Ame0 = Be ^((~Bi)& Bo );
922n/a Abi1 = Bi ^((~Bo)& Bu );
923n/a Ako1 = Bo ^((~Bu)& Ba );
924n/a Asu1 = Bu ^((~Ba)& Be );
925n/a
926n/a Bu = ROL32((Aga0^Da1), 9);
927n/a Ba = (Ame1^De0);
928n/a Be = ROL32((Abi0^Di1), 3);
929n/a Bi = ROL32((Ako0^Do0), 12);
930n/a Bo = ROL32((Asu0^Du1), 4);
931n/a Aga0 = Ba ^((~Be)& Bi );
932n/a Ame1 = Be ^((~Bi)& Bo );
933n/a Abi0 = Bi ^((~Bo)& Bu );
934n/a Ako0 = Bo ^((~Bu)& Ba );
935n/a Asu0 = Bu ^((~Ba)& Be );
936n/a
937n/a Be = ROL32((Asa1^Da0), 18);
938n/a Bi = ROL32((Age1^De0), 5);
939n/a Bo = ROL32((Ami1^Di1), 8);
940n/a Bu = ROL32((Abo1^Do0), 28);
941n/a Ba = ROL32((Aku0^Du1), 14);
942n/a Asa1 = Ba ^((~Be)& Bi );
943n/a Age1 = Be ^((~Bi)& Bo );
944n/a Ami1 = Bi ^((~Bo)& Bu );
945n/a Abo1 = Bo ^((~Bu)& Ba );
946n/a Aku0 = Bu ^((~Ba)& Be );
947n/a
948n/a Be = ROL32((Asa0^Da1), 18);
949n/a Bi = ROL32((Age0^De1), 5);
950n/a Bo = ROL32((Ami0^Di0), 7);
951n/a Bu = ROL32((Abo0^Do1), 28);
952n/a Ba = ROL32((Aku1^Du0), 13);
953n/a Asa0 = Ba ^((~Be)& Bi );
954n/a Age0 = Be ^((~Bi)& Bo );
955n/a Ami0 = Bi ^((~Bo)& Bu );
956n/a Abo0 = Bo ^((~Bu)& Ba );
957n/a Aku1 = Bu ^((~Ba)& Be );
958n/a
959n/a Bo = ROL32((Aka0^Da1), 21);
960n/a Bu = ROL32((Ase0^De0), 1);
961n/a Ba = ROL32((Agi1^Di0), 31);
962n/a Be = ROL32((Amo0^Do1), 28);
963n/a Bi = ROL32((Abu0^Du1), 20);
964n/a Aka0 = Ba ^((~Be)& Bi );
965n/a Ase0 = Be ^((~Bi)& Bo );
966n/a Agi1 = Bi ^((~Bo)& Bu );
967n/a Amo0 = Bo ^((~Bu)& Ba );
968n/a Abu0 = Bu ^((~Ba)& Be );
969n/a
970n/a Bo = ROL32((Aka1^Da0), 20);
971n/a Bu = ROL32((Ase1^De1), 1);
972n/a Ba = ROL32((Agi0^Di1), 31);
973n/a Be = ROL32((Amo1^Do0), 27);
974n/a Bi = ROL32((Abu1^Du0), 19);
975n/a Aka1 = Ba ^((~Be)& Bi );
976n/a Ase1 = Be ^((~Bi)& Bo );
977n/a Agi0 = Bi ^((~Bo)& Bu );
978n/a Amo1 = Bo ^((~Bu)& Ba );
979n/a Abu1 = Bu ^((~Ba)& Be );
980n/a
981n/a KeccakAtoD_round3();
982n/a
983n/a Ba = (Aba0^Da0);
984n/a Be = ROL32((Abe0^De0), 22);
985n/a Bi = ROL32((Abi0^Di1), 22);
986n/a Bo = ROL32((Abo0^Do1), 11);
987n/a Bu = ROL32((Abu0^Du0), 7);
988n/a Aba0 = Ba ^((~Be)& Bi );
989n/a Aba0 ^= *(pRoundConstants++);
990n/a Abe0 = Be ^((~Bi)& Bo );
991n/a Abi0 = Bi ^((~Bo)& Bu );
992n/a Abo0 = Bo ^((~Bu)& Ba );
993n/a Abu0 = Bu ^((~Ba)& Be );
994n/a
995n/a Ba = (Aba1^Da1);
996n/a Be = ROL32((Abe1^De1), 22);
997n/a Bi = ROL32((Abi1^Di0), 21);
998n/a Bo = ROL32((Abo1^Do0), 10);
999n/a Bu = ROL32((Abu1^Du1), 7);
1000n/a Aba1 = Ba ^((~Be)& Bi );
1001n/a Aba1 ^= *(pRoundConstants++);
1002n/a Abe1 = Be ^((~Bi)& Bo );
1003n/a Abi1 = Bi ^((~Bo)& Bu );
1004n/a Abo1 = Bo ^((~Bu)& Ba );
1005n/a Abu1 = Bu ^((~Ba)& Be );
1006n/a
1007n/a Bi = ROL32((Aga0^Da1), 2);
1008n/a Bo = ROL32((Age0^De1), 23);
1009n/a Bu = ROL32((Agi0^Di1), 31);
1010n/a Ba = ROL32((Ago0^Do0), 14);
1011n/a Be = ROL32((Agu0^Du0), 10);
1012n/a Aga0 = Ba ^((~Be)& Bi );
1013n/a Age0 = Be ^((~Bi)& Bo );
1014n/a Agi0 = Bi ^((~Bo)& Bu );
1015n/a Ago0 = Bo ^((~Bu)& Ba );
1016n/a Agu0 = Bu ^((~Ba)& Be );
1017n/a
1018n/a Bi = ROL32((Aga1^Da0), 1);
1019n/a Bo = ROL32((Age1^De0), 22);
1020n/a Bu = ROL32((Agi1^Di0), 30);
1021n/a Ba = ROL32((Ago1^Do1), 14);
1022n/a Be = ROL32((Agu1^Du1), 10);
1023n/a Aga1 = Ba ^((~Be)& Bi );
1024n/a Age1 = Be ^((~Bi)& Bo );
1025n/a Agi1 = Bi ^((~Bo)& Bu );
1026n/a Ago1 = Bo ^((~Bu)& Ba );
1027n/a Agu1 = Bu ^((~Ba)& Be );
1028n/a
1029n/a Bu = ROL32((Aka0^Da0), 9);
1030n/a Ba = ROL32((Ake0^De1), 1);
1031n/a Be = ROL32((Aki0^Di0), 3);
1032n/a Bi = ROL32((Ako0^Do1), 13);
1033n/a Bo = ROL32((Aku0^Du0), 4);
1034n/a Aka0 = Ba ^((~Be)& Bi );
1035n/a Ake0 = Be ^((~Bi)& Bo );
1036n/a Aki0 = Bi ^((~Bo)& Bu );
1037n/a Ako0 = Bo ^((~Bu)& Ba );
1038n/a Aku0 = Bu ^((~Ba)& Be );
1039n/a
1040n/a Bu = ROL32((Aka1^Da1), 9);
1041n/a Ba = (Ake1^De0);
1042n/a Be = ROL32((Aki1^Di1), 3);
1043n/a Bi = ROL32((Ako1^Do0), 12);
1044n/a Bo = ROL32((Aku1^Du1), 4);
1045n/a Aka1 = Ba ^((~Be)& Bi );
1046n/a Ake1 = Be ^((~Bi)& Bo );
1047n/a Aki1 = Bi ^((~Bo)& Bu );
1048n/a Ako1 = Bo ^((~Bu)& Ba );
1049n/a Aku1 = Bu ^((~Ba)& Be );
1050n/a
1051n/a Be = ROL32((Ama0^Da0), 18);
1052n/a Bi = ROL32((Ame0^De0), 5);
1053n/a Bo = ROL32((Ami0^Di1), 8);
1054n/a Bu = ROL32((Amo0^Do0), 28);
1055n/a Ba = ROL32((Amu0^Du1), 14);
1056n/a Ama0 = Ba ^((~Be)& Bi );
1057n/a Ame0 = Be ^((~Bi)& Bo );
1058n/a Ami0 = Bi ^((~Bo)& Bu );
1059n/a Amo0 = Bo ^((~Bu)& Ba );
1060n/a Amu0 = Bu ^((~Ba)& Be );
1061n/a
1062n/a Be = ROL32((Ama1^Da1), 18);
1063n/a Bi = ROL32((Ame1^De1), 5);
1064n/a Bo = ROL32((Ami1^Di0), 7);
1065n/a Bu = ROL32((Amo1^Do1), 28);
1066n/a Ba = ROL32((Amu1^Du0), 13);
1067n/a Ama1 = Ba ^((~Be)& Bi );
1068n/a Ame1 = Be ^((~Bi)& Bo );
1069n/a Ami1 = Bi ^((~Bo)& Bu );
1070n/a Amo1 = Bo ^((~Bu)& Ba );
1071n/a Amu1 = Bu ^((~Ba)& Be );
1072n/a
1073n/a Bo = ROL32((Asa0^Da1), 21);
1074n/a Bu = ROL32((Ase0^De0), 1);
1075n/a Ba = ROL32((Asi0^Di0), 31);
1076n/a Be = ROL32((Aso0^Do1), 28);
1077n/a Bi = ROL32((Asu0^Du1), 20);
1078n/a Asa0 = Ba ^((~Be)& Bi );
1079n/a Ase0 = Be ^((~Bi)& Bo );
1080n/a Asi0 = Bi ^((~Bo)& Bu );
1081n/a Aso0 = Bo ^((~Bu)& Ba );
1082n/a Asu0 = Bu ^((~Ba)& Be );
1083n/a
1084n/a Bo = ROL32((Asa1^Da0), 20);
1085n/a Bu = ROL32((Ase1^De1), 1);
1086n/a Ba = ROL32((Asi1^Di1), 31);
1087n/a Be = ROL32((Aso1^Do0), 27);
1088n/a Bi = ROL32((Asu1^Du0), 19);
1089n/a Asa1 = Ba ^((~Be)& Bi );
1090n/a Ase1 = Be ^((~Bi)& Bo );
1091n/a Asi1 = Bi ^((~Bo)& Bu );
1092n/a Aso1 = Bo ^((~Bu)& Ba );
1093n/a Asu1 = Bu ^((~Ba)& Be );
1094n/a }
1095n/a while ( *pRoundConstants != 0xFF );
1096n/a
1097n/a #undef Aba0
1098n/a #undef Aba1
1099n/a #undef Abe0
1100n/a #undef Abe1
1101n/a #undef Abi0
1102n/a #undef Abi1
1103n/a #undef Abo0
1104n/a #undef Abo1
1105n/a #undef Abu0
1106n/a #undef Abu1
1107n/a #undef Aga0
1108n/a #undef Aga1
1109n/a #undef Age0
1110n/a #undef Age1
1111n/a #undef Agi0
1112n/a #undef Agi1
1113n/a #undef Ago0
1114n/a #undef Ago1
1115n/a #undef Agu0
1116n/a #undef Agu1
1117n/a #undef Aka0
1118n/a #undef Aka1
1119n/a #undef Ake0
1120n/a #undef Ake1
1121n/a #undef Aki0
1122n/a #undef Aki1
1123n/a #undef Ako0
1124n/a #undef Ako1
1125n/a #undef Aku0
1126n/a #undef Aku1
1127n/a #undef Ama0
1128n/a #undef Ama1
1129n/a #undef Ame0
1130n/a #undef Ame1
1131n/a #undef Ami0
1132n/a #undef Ami1
1133n/a #undef Amo0
1134n/a #undef Amo1
1135n/a #undef Amu0
1136n/a #undef Amu1
1137n/a #undef Asa0
1138n/a #undef Asa1
1139n/a #undef Ase0
1140n/a #undef Ase1
1141n/a #undef Asi0
1142n/a #undef Asi1
1143n/a #undef Aso0
1144n/a #undef Aso1
1145n/a #undef Asu0
1146n/a #undef Asu1
1147n/a }
1148n/a}
1149n/a
1150n/a/* ---------------------------------------------------------------- */
1151n/a
1152n/avoid KeccakP1600_Permute_12rounds(void *state)
1153n/a{
1154n/a KeccakP1600_Permute_Nrounds(state, 12);
1155n/a}
1156n/a
1157n/a/* ---------------------------------------------------------------- */
1158n/a
1159n/avoid KeccakP1600_Permute_24rounds(void *state)
1160n/a{
1161n/a KeccakP1600_Permute_Nrounds(state, 24);
1162n/a}