Line data Source code
1 : /* keccak_permute_64.h - Keccak permute function (simple 64bit)
2 : * Copyright (C) 2015 Jussi Kivilinna <jussi.kivilinna@iki.fi>
3 : *
4 : * This file is part of Libgcrypt.
5 : *
6 : * Libgcrypt is free software; you can redistribute it and/or modify
7 : * it under the terms of the GNU Lesser general Public License as
8 : * published by the Free Software Foundation; either version 2.1 of
9 : * the License, or (at your option) any later version.
10 : *
11 : * Libgcrypt is distributed in the hope that it will be useful,
12 : * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 : * GNU Lesser General Public License for more details.
15 : *
16 : * You should have received a copy of the GNU Lesser General Public
17 : * License along with this program; if not, see <http://www.gnu.org/licenses/>.
18 : */
19 :
20 : /* The code is based on public-domain/CC0 "keccakc1024/simple/Keccak-simple.c"
21 : * implementation by Ronny Van Keer from SUPERCOP toolkit package.
22 : */
23 :
24 : /* Function that computes the Keccak-f[1600] permutation on the given state. */
25 : static unsigned int
26 899788 : KECCAK_F1600_PERMUTE_FUNC_NAME(KECCAK_STATE *hd)
27 : {
28 899788 : const u64 *round_consts = _gcry_keccak_round_consts_64bit;
29 899788 : const u64 *round_consts_end = _gcry_keccak_round_consts_64bit + 24;
30 : u64 Aba, Abe, Abi, Abo, Abu;
31 : u64 Aga, Age, Agi, Ago, Agu;
32 : u64 Aka, Ake, Aki, Ako, Aku;
33 : u64 Ama, Ame, Ami, Amo, Amu;
34 : u64 Asa, Ase, Asi, Aso, Asu;
35 : u64 BCa, BCe, BCi, BCo, BCu;
36 : u64 Da, De, Di, Do, Du;
37 : u64 Eba, Ebe, Ebi, Ebo, Ebu;
38 : u64 Ega, Ege, Egi, Ego, Egu;
39 : u64 Eka, Eke, Eki, Eko, Eku;
40 : u64 Ema, Eme, Emi, Emo, Emu;
41 : u64 Esa, Ese, Esi, Eso, Esu;
42 899788 : u64 *state = hd->u.state64;
43 :
44 899788 : Aba = state[0];
45 899788 : Abe = state[1];
46 899788 : Abi = state[2];
47 899788 : Abo = state[3];
48 899788 : Abu = state[4];
49 899788 : Aga = state[5];
50 899788 : Age = state[6];
51 899788 : Agi = state[7];
52 899788 : Ago = state[8];
53 899788 : Agu = state[9];
54 899788 : Aka = state[10];
55 899788 : Ake = state[11];
56 899788 : Aki = state[12];
57 899788 : Ako = state[13];
58 899788 : Aku = state[14];
59 899788 : Ama = state[15];
60 899788 : Ame = state[16];
61 899788 : Ami = state[17];
62 899788 : Amo = state[18];
63 899788 : Amu = state[19];
64 899788 : Asa = state[20];
65 899788 : Ase = state[21];
66 899788 : Asi = state[22];
67 899788 : Aso = state[23];
68 899788 : Asu = state[24];
69 :
70 : do
71 : {
72 : /* prepareTheta */
73 10797456 : BCa = Aba ^ Aga ^ Aka ^ Ama ^ Asa;
74 10797456 : BCe = Abe ^ Age ^ Ake ^ Ame ^ Ase;
75 10797456 : BCi = Abi ^ Agi ^ Aki ^ Ami ^ Asi;
76 10797456 : BCo = Abo ^ Ago ^ Ako ^ Amo ^ Aso;
77 10797456 : BCu = Abu ^ Agu ^ Aku ^ Amu ^ Asu;
78 :
79 : /* thetaRhoPiChiIotaPrepareTheta(round , A, E) */
80 10797456 : Da = BCu ^ ROL64(BCe, 1);
81 10797456 : De = BCa ^ ROL64(BCi, 1);
82 10797456 : Di = BCe ^ ROL64(BCo, 1);
83 10797456 : Do = BCi ^ ROL64(BCu, 1);
84 10797456 : Du = BCo ^ ROL64(BCa, 1);
85 :
86 10797456 : Aba ^= Da;
87 10797456 : BCa = Aba;
88 10797456 : Age ^= De;
89 10797456 : BCe = ROL64(Age, 44);
90 10797456 : Aki ^= Di;
91 10797456 : BCi = ROL64(Aki, 43);
92 10797456 : Amo ^= Do;
93 10797456 : BCo = ROL64(Amo, 21);
94 10797456 : Asu ^= Du;
95 10797456 : BCu = ROL64(Asu, 14);
96 10797456 : Eba = BCa ^ ANDN64(BCe, BCi);
97 10797456 : Eba ^= *(round_consts++);
98 10797456 : Ebe = BCe ^ ANDN64(BCi, BCo);
99 10797456 : Ebi = BCi ^ ANDN64(BCo, BCu);
100 10797456 : Ebo = BCo ^ ANDN64(BCu, BCa);
101 10797456 : Ebu = BCu ^ ANDN64(BCa, BCe);
102 :
103 10797456 : Abo ^= Do;
104 10797456 : BCa = ROL64(Abo, 28);
105 10797456 : Agu ^= Du;
106 10797456 : BCe = ROL64(Agu, 20);
107 10797456 : Aka ^= Da;
108 10797456 : BCi = ROL64(Aka, 3);
109 10797456 : Ame ^= De;
110 10797456 : BCo = ROL64(Ame, 45);
111 10797456 : Asi ^= Di;
112 10797456 : BCu = ROL64(Asi, 61);
113 10797456 : Ega = BCa ^ ANDN64(BCe, BCi);
114 10797456 : Ege = BCe ^ ANDN64(BCi, BCo);
115 10797456 : Egi = BCi ^ ANDN64(BCo, BCu);
116 10797456 : Ego = BCo ^ ANDN64(BCu, BCa);
117 10797456 : Egu = BCu ^ ANDN64(BCa, BCe);
118 :
119 10797456 : Abe ^= De;
120 10797456 : BCa = ROL64(Abe, 1);
121 10797456 : Agi ^= Di;
122 10797456 : BCe = ROL64(Agi, 6);
123 10797456 : Ako ^= Do;
124 10797456 : BCi = ROL64(Ako, 25);
125 10797456 : Amu ^= Du;
126 10797456 : BCo = ROL64(Amu, 8);
127 10797456 : Asa ^= Da;
128 10797456 : BCu = ROL64(Asa, 18);
129 10797456 : Eka = BCa ^ ANDN64(BCe, BCi);
130 10797456 : Eke = BCe ^ ANDN64(BCi, BCo);
131 10797456 : Eki = BCi ^ ANDN64(BCo, BCu);
132 10797456 : Eko = BCo ^ ANDN64(BCu, BCa);
133 10797456 : Eku = BCu ^ ANDN64(BCa, BCe);
134 :
135 10797456 : Abu ^= Du;
136 10797456 : BCa = ROL64(Abu, 27);
137 10797456 : Aga ^= Da;
138 10797456 : BCe = ROL64(Aga, 36);
139 10797456 : Ake ^= De;
140 10797456 : BCi = ROL64(Ake, 10);
141 10797456 : Ami ^= Di;
142 10797456 : BCo = ROL64(Ami, 15);
143 10797456 : Aso ^= Do;
144 10797456 : BCu = ROL64(Aso, 56);
145 10797456 : Ema = BCa ^ ANDN64(BCe, BCi);
146 10797456 : Eme = BCe ^ ANDN64(BCi, BCo);
147 10797456 : Emi = BCi ^ ANDN64(BCo, BCu);
148 10797456 : Emo = BCo ^ ANDN64(BCu, BCa);
149 10797456 : Emu = BCu ^ ANDN64(BCa, BCe);
150 :
151 10797456 : Abi ^= Di;
152 10797456 : BCa = ROL64(Abi, 62);
153 10797456 : Ago ^= Do;
154 10797456 : BCe = ROL64(Ago, 55);
155 10797456 : Aku ^= Du;
156 10797456 : BCi = ROL64(Aku, 39);
157 10797456 : Ama ^= Da;
158 10797456 : BCo = ROL64(Ama, 41);
159 10797456 : Ase ^= De;
160 10797456 : BCu = ROL64(Ase, 2);
161 10797456 : Esa = BCa ^ ANDN64(BCe, BCi);
162 10797456 : Ese = BCe ^ ANDN64(BCi, BCo);
163 10797456 : Esi = BCi ^ ANDN64(BCo, BCu);
164 10797456 : Eso = BCo ^ ANDN64(BCu, BCa);
165 10797456 : Esu = BCu ^ ANDN64(BCa, BCe);
166 :
167 : /* prepareTheta */
168 10797456 : BCa = Eba ^ Ega ^ Eka ^ Ema ^ Esa;
169 10797456 : BCe = Ebe ^ Ege ^ Eke ^ Eme ^ Ese;
170 10797456 : BCi = Ebi ^ Egi ^ Eki ^ Emi ^ Esi;
171 10797456 : BCo = Ebo ^ Ego ^ Eko ^ Emo ^ Eso;
172 10797456 : BCu = Ebu ^ Egu ^ Eku ^ Emu ^ Esu;
173 :
174 : /* thetaRhoPiChiIotaPrepareTheta(round+1, E, A) */
175 10797456 : Da = BCu ^ ROL64(BCe, 1);
176 10797456 : De = BCa ^ ROL64(BCi, 1);
177 10797456 : Di = BCe ^ ROL64(BCo, 1);
178 10797456 : Do = BCi ^ ROL64(BCu, 1);
179 10797456 : Du = BCo ^ ROL64(BCa, 1);
180 :
181 10797456 : Eba ^= Da;
182 10797456 : BCa = Eba;
183 10797456 : Ege ^= De;
184 10797456 : BCe = ROL64(Ege, 44);
185 10797456 : Eki ^= Di;
186 10797456 : BCi = ROL64(Eki, 43);
187 10797456 : Emo ^= Do;
188 10797456 : BCo = ROL64(Emo, 21);
189 10797456 : Esu ^= Du;
190 10797456 : BCu = ROL64(Esu, 14);
191 10797456 : Aba = BCa ^ ANDN64(BCe, BCi);
192 10797456 : Aba ^= *(round_consts++);
193 10797456 : Abe = BCe ^ ANDN64(BCi, BCo);
194 10797456 : Abi = BCi ^ ANDN64(BCo, BCu);
195 10797456 : Abo = BCo ^ ANDN64(BCu, BCa);
196 10797456 : Abu = BCu ^ ANDN64(BCa, BCe);
197 :
198 10797456 : Ebo ^= Do;
199 10797456 : BCa = ROL64(Ebo, 28);
200 10797456 : Egu ^= Du;
201 10797456 : BCe = ROL64(Egu, 20);
202 10797456 : Eka ^= Da;
203 10797456 : BCi = ROL64(Eka, 3);
204 10797456 : Eme ^= De;
205 10797456 : BCo = ROL64(Eme, 45);
206 10797456 : Esi ^= Di;
207 10797456 : BCu = ROL64(Esi, 61);
208 10797456 : Aga = BCa ^ ANDN64(BCe, BCi);
209 10797456 : Age = BCe ^ ANDN64(BCi, BCo);
210 10797456 : Agi = BCi ^ ANDN64(BCo, BCu);
211 10797456 : Ago = BCo ^ ANDN64(BCu, BCa);
212 10797456 : Agu = BCu ^ ANDN64(BCa, BCe);
213 :
214 10797456 : Ebe ^= De;
215 10797456 : BCa = ROL64(Ebe, 1);
216 10797456 : Egi ^= Di;
217 10797456 : BCe = ROL64(Egi, 6);
218 10797456 : Eko ^= Do;
219 10797456 : BCi = ROL64(Eko, 25);
220 10797456 : Emu ^= Du;
221 10797456 : BCo = ROL64(Emu, 8);
222 10797456 : Esa ^= Da;
223 10797456 : BCu = ROL64(Esa, 18);
224 10797456 : Aka = BCa ^ ANDN64(BCe, BCi);
225 10797456 : Ake = BCe ^ ANDN64(BCi, BCo);
226 10797456 : Aki = BCi ^ ANDN64(BCo, BCu);
227 10797456 : Ako = BCo ^ ANDN64(BCu, BCa);
228 10797456 : Aku = BCu ^ ANDN64(BCa, BCe);
229 :
230 10797456 : Ebu ^= Du;
231 10797456 : BCa = ROL64(Ebu, 27);
232 10797456 : Ega ^= Da;
233 10797456 : BCe = ROL64(Ega, 36);
234 10797456 : Eke ^= De;
235 10797456 : BCi = ROL64(Eke, 10);
236 10797456 : Emi ^= Di;
237 10797456 : BCo = ROL64(Emi, 15);
238 10797456 : Eso ^= Do;
239 10797456 : BCu = ROL64(Eso, 56);
240 10797456 : Ama = BCa ^ ANDN64(BCe, BCi);
241 10797456 : Ame = BCe ^ ANDN64(BCi, BCo);
242 10797456 : Ami = BCi ^ ANDN64(BCo, BCu);
243 10797456 : Amo = BCo ^ ANDN64(BCu, BCa);
244 10797456 : Amu = BCu ^ ANDN64(BCa, BCe);
245 :
246 10797456 : Ebi ^= Di;
247 10797456 : BCa = ROL64(Ebi, 62);
248 10797456 : Ego ^= Do;
249 10797456 : BCe = ROL64(Ego, 55);
250 10797456 : Eku ^= Du;
251 10797456 : BCi = ROL64(Eku, 39);
252 10797456 : Ema ^= Da;
253 10797456 : BCo = ROL64(Ema, 41);
254 10797456 : Ese ^= De;
255 10797456 : BCu = ROL64(Ese, 2);
256 10797456 : Asa = BCa ^ ANDN64(BCe, BCi);
257 10797456 : Ase = BCe ^ ANDN64(BCi, BCo);
258 10797456 : Asi = BCi ^ ANDN64(BCo, BCu);
259 10797456 : Aso = BCo ^ ANDN64(BCu, BCa);
260 10797456 : Asu = BCu ^ ANDN64(BCa, BCe);
261 : }
262 10797456 : while (round_consts < round_consts_end);
263 :
264 899788 : state[0] = Aba;
265 899788 : state[1] = Abe;
266 899788 : state[2] = Abi;
267 899788 : state[3] = Abo;
268 899788 : state[4] = Abu;
269 899788 : state[5] = Aga;
270 899788 : state[6] = Age;
271 899788 : state[7] = Agi;
272 899788 : state[8] = Ago;
273 899788 : state[9] = Agu;
274 899788 : state[10] = Aka;
275 899788 : state[11] = Ake;
276 899788 : state[12] = Aki;
277 899788 : state[13] = Ako;
278 899788 : state[14] = Aku;
279 899788 : state[15] = Ama;
280 899788 : state[16] = Ame;
281 899788 : state[17] = Ami;
282 899788 : state[18] = Amo;
283 899788 : state[19] = Amu;
284 899788 : state[20] = Asa;
285 899788 : state[21] = Ase;
286 899788 : state[22] = Asi;
287 899788 : state[23] = Aso;
288 899788 : state[24] = Asu;
289 :
290 899788 : return sizeof(void *) * 4 + sizeof(u64) * 12 * 5;
291 : }
292 :
293 : static unsigned int
294 7473993 : KECCAK_F1600_ABSORB_FUNC_NAME(KECCAK_STATE *hd, int pos, const byte *lanes,
295 : unsigned int nlanes, int blocklanes)
296 : {
297 7473993 : unsigned int burn = 0;
298 :
299 22565804 : while (nlanes)
300 : {
301 7617818 : switch (blocklanes)
302 : {
303 : case 21:
304 : /* SHAKE128 */
305 361111 : while (pos == 0 && nlanes >= 21)
306 : {
307 32373 : nlanes -= 21;
308 32373 : absorb_lanes64_8(&hd->u.state64[0], lanes); lanes += 8 * 8;
309 32373 : absorb_lanes64_8(&hd->u.state64[8], lanes); lanes += 8 * 8;
310 32373 : absorb_lanes64_4(&hd->u.state64[16], lanes); lanes += 8 * 4;
311 32373 : absorb_lanes64_1(&hd->u.state64[20], lanes); lanes += 8 * 1;
312 :
313 32373 : burn = KECCAK_F1600_PERMUTE_FUNC_NAME(hd);
314 : }
315 164369 : break;
316 :
317 : case 18:
318 : /* SHA3-224 */
319 792460 : while (pos == 0 && nlanes >= 18)
320 : {
321 78054 : nlanes -= 18;
322 78054 : absorb_lanes64_8(&hd->u.state64[0], lanes); lanes += 8 * 8;
323 78054 : absorb_lanes64_8(&hd->u.state64[8], lanes); lanes += 8 * 8;
324 78054 : absorb_lanes64_2(&hd->u.state64[16], lanes); lanes += 8 * 2;
325 :
326 78054 : burn = KECCAK_F1600_PERMUTE_FUNC_NAME(hd);
327 : }
328 357203 : break;
329 :
330 : case 17:
331 : /* SHA3-256 & SHAKE256 */
332 1169815 : while (pos == 0 && nlanes >= 17)
333 : {
334 123089 : nlanes -= 17;
335 123089 : absorb_lanes64_8(&hd->u.state64[0], lanes); lanes += 8 * 8;
336 123089 : absorb_lanes64_8(&hd->u.state64[8], lanes); lanes += 8 * 8;
337 123089 : absorb_lanes64_1(&hd->u.state64[16], lanes); lanes += 8 * 1;
338 :
339 123089 : burn = KECCAK_F1600_PERMUTE_FUNC_NAME(hd);
340 : }
341 523363 : break;
342 :
343 : case 13:
344 : /* SHA3-384 */
345 834888 : while (pos == 0 && nlanes >= 13)
346 : {
347 111430 : nlanes -= 13;
348 111430 : absorb_lanes64_8(&hd->u.state64[0], lanes); lanes += 8 * 8;
349 111430 : absorb_lanes64_4(&hd->u.state64[8], lanes); lanes += 8 * 4;
350 111430 : absorb_lanes64_1(&hd->u.state64[12], lanes); lanes += 8 * 1;
351 :
352 111430 : burn = KECCAK_F1600_PERMUTE_FUNC_NAME(hd);
353 : }
354 361729 : break;
355 :
356 : case 9:
357 : /* SHA3-512 */
358 901974 : while (pos == 0 && nlanes >= 9)
359 : {
360 176760 : nlanes -= 9;
361 176760 : absorb_lanes64_8(&hd->u.state64[0], lanes); lanes += 8 * 8;
362 176760 : absorb_lanes64_1(&hd->u.state64[8], lanes); lanes += 8 * 1;
363 :
364 176760 : burn = KECCAK_F1600_PERMUTE_FUNC_NAME(hd);
365 : }
366 362607 : break;
367 : }
368 :
369 24843558 : while (nlanes)
370 : {
371 9853366 : hd->u.state64[pos] ^= buf_get_le64(lanes);
372 9853366 : lanes += 8;
373 9853366 : nlanes--;
374 :
375 9853366 : if (++pos == blocklanes)
376 : {
377 245444 : burn = KECCAK_F1600_PERMUTE_FUNC_NAME(hd);
378 245444 : pos = 0;
379 245444 : break;
380 : }
381 : }
382 : }
383 :
384 7473993 : return burn;
385 : }
|
