1 // keccakc.cpp - Keccak core functions shared between SHA3 and Keccak.
2 // written and placed in the public domain by JW.
3
4 /*
5 The Keccak sponge function, designed by Guido Bertoni, Joan Daemen,
6 Michael Peeters and Gilles Van Assche. For more information, feedback or
7 questions, please refer to our website: http://keccak.noekeon.org/
8
9 Implementation by Ronny Van Keer, hereby denoted as "the implementer".
10
11 To the extent possible under law, the implementer has waived all copyright
12 and related or neighboring rights to the source code in this file.
13 http://creativecommons.org/publicdomain/zero/1.0/
14 */
15
16 #include "pch.h"
17 #include "keccak.h"
18
19 NAMESPACE_BEGIN(CryptoPP)
20
21 // The Keccak core function
22 extern void KeccakF1600(word64 *state);
23 // The F1600 round constants
24 extern const word64 KeccakF1600Constants[24];
25
26 NAMESPACE_END
27
28 NAMESPACE_BEGIN(CryptoPP)
29
30 CRYPTOPP_ALIGN_DATA(8)
31 const word64 KeccakF1600Constants[24] =
32 {
33 W64LIT(0x0000000000000001), W64LIT(0x0000000000008082),
34 W64LIT(0x800000000000808a), W64LIT(0x8000000080008000),
35 W64LIT(0x000000000000808b), W64LIT(0x0000000080000001),
36 W64LIT(0x8000000080008081), W64LIT(0x8000000000008009),
37 W64LIT(0x000000000000008a), W64LIT(0x0000000000000088),
38 W64LIT(0x0000000080008009), W64LIT(0x000000008000000a),
39 W64LIT(0x000000008000808b), W64LIT(0x800000000000008b),
40 W64LIT(0x8000000000008089), W64LIT(0x8000000000008003),
41 W64LIT(0x8000000000008002), W64LIT(0x8000000000000080),
42 W64LIT(0x000000000000800a), W64LIT(0x800000008000000a),
43 W64LIT(0x8000000080008081), W64LIT(0x8000000000008080),
44 W64LIT(0x0000000080000001), W64LIT(0x8000000080008008)
45 };
46
KeccakF1600(word64 * state)47 void KeccakF1600(word64 *state)
48 {
49 word64 Aba, Abe, Abi, Abo, Abu;
50 word64 Aga, Age, Agi, Ago, Agu;
51 word64 Aka, Ake, Aki, Ako, Aku;
52 word64 Ama, Ame, Ami, Amo, Amu;
53 word64 Asa, Ase, Asi, Aso, Asu;
54 word64 BCa, BCe, BCi, BCo, BCu;
55 word64 Da, De, Di, Do, Du;
56 word64 Eba, Ebe, Ebi, Ebo, Ebu;
57 word64 Ega, Ege, Egi, Ego, Egu;
58 word64 Eka, Eke, Eki, Eko, Eku;
59 word64 Ema, Eme, Emi, Emo, Emu;
60 word64 Esa, Ese, Esi, Eso, Esu;
61
62 typedef BlockGetAndPut<word64, LittleEndian, true, true> Block;
63 Block::Get(state)(Aba)(Abe)(Abi)(Abo)(Abu)(Aga)(Age)(Agi)(Ago)(Agu)(Aka)(Ake)(Aki)(Ako)(Aku)(Ama)(Ame)(Ami)(Amo)(Amu)(Asa)(Ase)(Asi)(Aso)(Asu);
64
65 for( unsigned int round = 0; round < 24; round += 2 )
66 {
67 // prepareTheta
68 BCa = Aba^Aga^Aka^Ama^Asa;
69 BCe = Abe^Age^Ake^Ame^Ase;
70 BCi = Abi^Agi^Aki^Ami^Asi;
71 BCo = Abo^Ago^Ako^Amo^Aso;
72 BCu = Abu^Agu^Aku^Amu^Asu;
73
74 //thetaRhoPiChiIotaPrepareTheta(round , A, E)
75 Da = BCu^rotlConstant<1>(BCe);
76 De = BCa^rotlConstant<1>(BCi);
77 Di = BCe^rotlConstant<1>(BCo);
78 Do = BCi^rotlConstant<1>(BCu);
79 Du = BCo^rotlConstant<1>(BCa);
80
81 Aba ^= Da;
82 BCa = Aba;
83 Age ^= De;
84 BCe = rotlConstant<44>(Age);
85 Aki ^= Di;
86 BCi = rotlConstant<43>(Aki);
87 Amo ^= Do;
88 BCo = rotlConstant<21>(Amo);
89 Asu ^= Du;
90 BCu = rotlConstant<14>(Asu);
91 Eba = BCa ^((~BCe)& BCi );
92 Eba ^= KeccakF1600Constants[round];
93 Ebe = BCe ^((~BCi)& BCo );
94 Ebi = BCi ^((~BCo)& BCu );
95 Ebo = BCo ^((~BCu)& BCa );
96 Ebu = BCu ^((~BCa)& BCe );
97
98 Abo ^= Do;
99 BCa = rotlConstant<28>(Abo);
100 Agu ^= Du;
101 BCe = rotlConstant<20>(Agu);
102 Aka ^= Da;
103 BCi = rotlConstant<3>(Aka);
104 Ame ^= De;
105 BCo = rotlConstant<45>(Ame);
106 Asi ^= Di;
107 BCu = rotlConstant<61>(Asi);
108 Ega = BCa ^((~BCe)& BCi );
109 Ege = BCe ^((~BCi)& BCo );
110 Egi = BCi ^((~BCo)& BCu );
111 Ego = BCo ^((~BCu)& BCa );
112 Egu = BCu ^((~BCa)& BCe );
113
114 Abe ^= De;
115 BCa = rotlConstant<1>(Abe);
116 Agi ^= Di;
117 BCe = rotlConstant<6>(Agi);
118 Ako ^= Do;
119 BCi = rotlConstant<25>(Ako);
120 Amu ^= Du;
121 BCo = rotlConstant<8>(Amu);
122 Asa ^= Da;
123 BCu = rotlConstant<18>(Asa);
124 Eka = BCa ^((~BCe)& BCi );
125 Eke = BCe ^((~BCi)& BCo );
126 Eki = BCi ^((~BCo)& BCu );
127 Eko = BCo ^((~BCu)& BCa );
128 Eku = BCu ^((~BCa)& BCe );
129
130 Abu ^= Du;
131 BCa = rotlConstant<27>(Abu);
132 Aga ^= Da;
133 BCe = rotlConstant<36>(Aga);
134 Ake ^= De;
135 BCi = rotlConstant<10>(Ake);
136 Ami ^= Di;
137 BCo = rotlConstant<15>(Ami);
138 Aso ^= Do;
139 BCu = rotlConstant<56>(Aso);
140 Ema = BCa ^((~BCe)& BCi );
141 Eme = BCe ^((~BCi)& BCo );
142 Emi = BCi ^((~BCo)& BCu );
143 Emo = BCo ^((~BCu)& BCa );
144 Emu = BCu ^((~BCa)& BCe );
145
146 Abi ^= Di;
147 BCa = rotlConstant<62>(Abi);
148 Ago ^= Do;
149 BCe = rotlConstant<55>(Ago);
150 Aku ^= Du;
151 BCi = rotlConstant<39>(Aku);
152 Ama ^= Da;
153 BCo = rotlConstant<41>(Ama);
154 Ase ^= De;
155 BCu = rotlConstant<2>(Ase);
156 Esa = BCa ^((~BCe)& BCi );
157 Ese = BCe ^((~BCi)& BCo );
158 Esi = BCi ^((~BCo)& BCu );
159 Eso = BCo ^((~BCu)& BCa );
160 Esu = BCu ^((~BCa)& BCe );
161
162 // prepareTheta
163 BCa = Eba^Ega^Eka^Ema^Esa;
164 BCe = Ebe^Ege^Eke^Eme^Ese;
165 BCi = Ebi^Egi^Eki^Emi^Esi;
166 BCo = Ebo^Ego^Eko^Emo^Eso;
167 BCu = Ebu^Egu^Eku^Emu^Esu;
168
169 //thetaRhoPiChiIotaPrepareTheta(round+1, E, A)
170 Da = BCu^rotlConstant<1>(BCe);
171 De = BCa^rotlConstant<1>(BCi);
172 Di = BCe^rotlConstant<1>(BCo);
173 Do = BCi^rotlConstant<1>(BCu);
174 Du = BCo^rotlConstant<1>(BCa);
175
176 Eba ^= Da;
177 BCa = Eba;
178 Ege ^= De;
179 BCe = rotlConstant<44>(Ege);
180 Eki ^= Di;
181 BCi = rotlConstant<43>(Eki);
182 Emo ^= Do;
183 BCo = rotlConstant<21>(Emo);
184 Esu ^= Du;
185 BCu = rotlConstant<14>(Esu);
186 Aba = BCa ^((~BCe)& BCi );
187 Aba ^= KeccakF1600Constants[round+1];
188 Abe = BCe ^((~BCi)& BCo );
189 Abi = BCi ^((~BCo)& BCu );
190 Abo = BCo ^((~BCu)& BCa );
191 Abu = BCu ^((~BCa)& BCe );
192
193 Ebo ^= Do;
194 BCa = rotlConstant<28>(Ebo);
195 Egu ^= Du;
196 BCe = rotlConstant<20>(Egu);
197 Eka ^= Da;
198 BCi = rotlConstant<3>(Eka);
199 Eme ^= De;
200 BCo = rotlConstant<45>(Eme);
201 Esi ^= Di;
202 BCu = rotlConstant<61>(Esi);
203 Aga = BCa ^((~BCe)& BCi );
204 Age = BCe ^((~BCi)& BCo );
205 Agi = BCi ^((~BCo)& BCu );
206 Ago = BCo ^((~BCu)& BCa );
207 Agu = BCu ^((~BCa)& BCe );
208
209 Ebe ^= De;
210 BCa = rotlConstant<1>(Ebe);
211 Egi ^= Di;
212 BCe = rotlConstant<6>(Egi);
213 Eko ^= Do;
214 BCi = rotlConstant<25>(Eko);
215 Emu ^= Du;
216 BCo = rotlConstant<8>(Emu);
217 Esa ^= Da;
218 BCu = rotlConstant<18>(Esa);
219 Aka = BCa ^((~BCe)& BCi );
220 Ake = BCe ^((~BCi)& BCo );
221 Aki = BCi ^((~BCo)& BCu );
222 Ako = BCo ^((~BCu)& BCa );
223 Aku = BCu ^((~BCa)& BCe );
224
225 Ebu ^= Du;
226 BCa = rotlConstant<27>(Ebu);
227 Ega ^= Da;
228 BCe = rotlConstant<36>(Ega);
229 Eke ^= De;
230 BCi = rotlConstant<10>(Eke);
231 Emi ^= Di;
232 BCo = rotlConstant<15>(Emi);
233 Eso ^= Do;
234 BCu = rotlConstant<56>(Eso);
235 Ama = BCa ^((~BCe)& BCi );
236 Ame = BCe ^((~BCi)& BCo );
237 Ami = BCi ^((~BCo)& BCu );
238 Amo = BCo ^((~BCu)& BCa );
239 Amu = BCu ^((~BCa)& BCe );
240
241 Ebi ^= Di;
242 BCa = rotlConstant<62>(Ebi);
243 Ego ^= Do;
244 BCe = rotlConstant<55>(Ego);
245 Eku ^= Du;
246 BCi = rotlConstant<39>(Eku);
247 Ema ^= Da;
248 BCo = rotlConstant<41>(Ema);
249 Ese ^= De;
250 BCu = rotlConstant<2>(Ese);
251 Asa = BCa ^((~BCe)& BCi );
252 Ase = BCe ^((~BCi)& BCo );
253 Asi = BCi ^((~BCo)& BCu );
254 Aso = BCo ^((~BCu)& BCa );
255 Asu = BCu ^((~BCa)& BCe );
256 }
257
258 Block::Put(NULLPTR, state)(Aba)(Abe)(Abi)(Abo)(Abu)(Aga)(Age)(Agi)(Ago)(Agu)(Aka)(Ake)(Aki)(Ako)(Aku)(Ama)(Ame)(Ami)(Amo)(Amu)(Asa)(Ase)(Asi)(Aso)(Asu);
259 }
260
261 NAMESPACE_END
262