[mobile-com.git] / DH-Keccak / assets / KremKeccak / KeccakF-1600-reference.c

/*
The Keccak sponge function, designed by Guido Bertoni, Joan Daemen,
Michaël Peeters and Gilles Van Assche. For more information, feedback or
questions, please refer to our website: http://keccak.noekeon.org/

Implementation by the designers,
hereby denoted as "the implementer".

To the extent possible under law, the implementer has waived all copyright
and related or neighboring rights to the source code in this file.
http://creativecommons.org/publicdomain/zero/1.0/
*/

#include <stdio.h>
#include <string.h>
#include "brg_endian.h"
#include "displayIntermediateValues.h"
#include "KeccakNISTInterface.h"
#include "KeccakF-1600-interface.h"

typedef unsigned char UINT8;
typedef unsigned long long int UINT64;

#define nrRounds 24
UINT64 KeccakRoundConstants[nrRounds];
#define nrLanes 25
unsigned int KeccakRhoOffsets[nrLanes];

void KeccakPermutationOnWords(UINT64 *state);
void theta(UINT64 *A);
void rho(UINT64 *A);
void pi(UINT64 *A);
void chi(UINT64 *A);
void iota(UINT64 *A, unsigned int indexRound);

void fromBytesToWords(UINT64 *stateAsWords, const unsigned char *state)
{
    unsigned int i, j;

    for(i=0; i<(KeccakPermutationSize/64); i++) {
        stateAsWords[i] = 0;
        for(j=0; j<(64/8); j++)
            stateAsWords[i] |= (UINT64)(state[i*(64/8)+j]) << (8*j);
    }
}

void fromWordsToBytes(unsigned char *state, const UINT64 *stateAsWords)
{
    unsigned int i, j;

    for(i=0; i<(KeccakPermutationSize/64); i++)
        for(j=0; j<(64/8); j++)
            state[i*(64/8)+j] = (stateAsWords[i] >> (8*j)) & 0xFF;
}

void KeccakPermutation(unsigned char *state)
{
#if (PLATFORM_BYTE_ORDER != IS_LITTLE_ENDIAN)
    UINT64 stateAsWords[KeccakPermutationSize/64];
#endif

    displayStateAsBytes(1, "Input of permutation", state);
#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN)
    KeccakPermutationOnWords((UINT64*)state);
#else
    fromBytesToWords(stateAsWords, state);
    KeccakPermutationOnWords(stateAsWords);
    fromWordsToBytes(state, stateAsWords);
#endif
    displayStateAsBytes(1, "State after permutation", state);
}

void KeccakPermutationAfterXor(unsigned char *state, const unsigned char *data, unsigned int dataLengthInBytes)
{
    unsigned int i;

    for(i=0; i<dataLengthInBytes; i++)
        state[i] ^= data[i];
    KeccakPermutation(state);
}

void KeccakPermutationOnWords(UINT64 *state)
{
    unsigned int i;

    displayStateAs64bitWords(3, "Same, with lanes as 64-bit words", state);

    for(i=0; i<nrRounds; i++) {
        displayRoundNumber(3, i);

        theta(state);
        displayStateAs64bitWords(3, "After theta", state);

        rho(state);
        displayStateAs64bitWords(3, "After rho", state);

        pi(state);
        displayStateAs64bitWords(3, "After pi", state);

        chi(state);
        displayStateAs64bitWords(3, "After chi", state);

        iota(state, i);
        displayStateAs64bitWords(3, "After iota", state);
    }
}

#define index(x, y) (((x)%5)+5*((y)%5))
#define ROL64(a, offset) ((offset != 0) ? ((((UINT64)a) << offset) ^ (((UINT64)a) >> (64-offset))) : a)

void theta(UINT64 *A)
{
    unsigned int x, y;
    UINT64 C[5], D[5];

    for(x=0; x<5; x++) {
        C[x] = 0; 
        for(y=0; y<5; y++) 
            C[x] ^= A[index(x, y)];
    }
    for(x=0; x<5; x++)
        D[x] = ROL64(C[(x+1)%5], 1) ^ C[(x+4)%5];
    for(x=0; x<5; x++)
        for(y=0; y<5; y++)
            A[index(x, y)] ^= D[x];
}

void rho(UINT64 *A)
{
    unsigned int x, y;

    for(x=0; x<5; x++) for(y=0; y<5; y++)
        A[index(x, y)] = ROL64(A[index(x, y)], KeccakRhoOffsets[index(x, y)]);
}

void pi(UINT64 *A)
{
    unsigned int x, y;
    UINT64 tempA[25];

    for(x=0; x<5; x++) for(y=0; y<5; y++)
        tempA[index(x, y)] = A[index(x, y)];
    for(x=0; x<5; x++) for(y=0; y<5; y++)
        A[index(0*x+1*y, 2*x+3*y)] = tempA[index(x, y)];
}

void chi(UINT64 *A)
{
    unsigned int x, y;
    UINT64 C[5];

    for(y=0; y<5; y++) { 
        for(x=0; x<5; x++)
            C[x] = A[index(x, y)] ^ ((~A[index(x+1, y)]) & A[index(x+2, y)]);
        for(x=0; x<5; x++)
            A[index(x, y)] = C[x];
    }
}

void iota(UINT64 *A, unsigned int indexRound)
{
    A[index(0, 0)] ^= KeccakRoundConstants[indexRound];
}

int LFSR86540(UINT8 *LFSR)
{
    int result = ((*LFSR) & 0x01) != 0;
    if (((*LFSR) & 0x80) != 0)
        // Primitive polynomial over GF(2): x^8+x^6+x^5+x^4+1
        (*LFSR) = ((*LFSR) << 1) ^ 0x71;
    else
        (*LFSR) <<= 1;
    return result;
}

void KeccakInitializeRoundConstants()
{
    UINT8 LFSRstate = 0x01;
    unsigned int i, j, bitPosition;

    for(i=0; i<nrRounds; i++) {
        KeccakRoundConstants[i] = 0;
        for(j=0; j<7; j++) {
            bitPosition = (1<<j)-1; //2^j-1
            if (LFSR86540(&LFSRstate))
                KeccakRoundConstants[i] ^= (UINT64)1<<bitPosition;
        }
    }
}

void KeccakInitializeRhoOffsets()
{
    unsigned int x, y, t, newX, newY;

    KeccakRhoOffsets[index(0, 0)] = 0;
    x = 1;
    y = 0;
    for(t=0; t<24; t++) {
        KeccakRhoOffsets[index(x, y)] = ((t+1)*(t+2)/2) % 64;
        newX = (0*x+1*y) % 5;
        newY = (2*x+3*y) % 5;
        x = newX;
        y = newY;
    }
}

void KeccakInitialize()
{
    KeccakInitializeRoundConstants();
    KeccakInitializeRhoOffsets();
}

void displayRoundConstants(FILE *f)
{
    unsigned int i;

    for(i=0; i<nrRounds; i++) {
        fprintf(f, "RC[%02i][0][0] = ", i);
        fprintf(f, "%08X", (unsigned int)(KeccakRoundConstants[i] >> 32));
        fprintf(f, "%08X", (unsigned int)(KeccakRoundConstants[i] & 0xFFFFFFFFULL));
        fprintf(f, "\n");
    }
    fprintf(f, "\n");
}

void displayRhoOffsets(FILE *f)
{
    unsigned int x, y;

    for(y=0; y<5; y++) for(x=0; x<5; x++) {
        fprintf(f, "RhoOffset[%i][%i] = ", x, y);
        fprintf(f, "%2i", KeccakRhoOffsets[index(x, y)]);
        fprintf(f, "\n");
    }
    fprintf(f, "\n");
}

void KeccakInitializeState(unsigned char *state)
{
    memset(state, 0, KeccakPermutationSizeInBytes);
}

#ifdef ProvideFast576
void KeccakAbsorb576bits(unsigned char *state, const unsigned char *data)
{
    KeccakPermutationAfterXor(state, data, 72);
}
#endif

#ifdef ProvideFast832
void KeccakAbsorb832bits(unsigned char *state, const unsigned char *data)
{
    KeccakPermutationAfterXor(state, data, 104);
}
#endif

#ifdef ProvideFast1024
void KeccakAbsorb1024bits(unsigned char *state, const unsigned char *data)
{
    KeccakPermutationAfterXor(state, data, 128);
}
#endif

#ifdef ProvideFast1088
void KeccakAbsorb1088bits(unsigned char *state, const unsigned char *data)
{
    KeccakPermutationAfterXor(state, data, 136);
}
#endif

#ifdef ProvideFast1152
void KeccakAbsorb1152bits(unsigned char *state, const unsigned char *data)
{
    KeccakPermutationAfterXor(state, data, 144);
}
#endif

#ifdef ProvideFast1344
void KeccakAbsorb1344bits(unsigned char *state, const unsigned char *data)
{
    KeccakPermutationAfterXor(state, data, 168);
}
#endif

void KeccakAbsorb(unsigned char *state, const unsigned char *data, unsigned int laneCount)
{
    KeccakPermutationAfterXor(state, data, laneCount*8);
}

#ifdef ProvideFast1024
void KeccakExtract1024bits(const unsigned char *state, unsigned char *data)
{
    memcpy(data, state, 128);
}
#endif

void KeccakExtract(const unsigned char *state, unsigned char *data, unsigned int laneCount)
{
    memcpy(data, state, laneCount*8);
}
Commit	Line	Data
cc395669	1	/*
	2	The Keccak sponge function, designed by Guido Bertoni, Joan Daemen,
	3	Michaël Peeters and Gilles Van Assche. For more information, feedback or
	4	questions, please refer to our website: http://keccak.noekeon.org/
	5
	6	Implementation by the designers,
	7	hereby denoted as "the implementer".
	8
	9	To the extent possible under law, the implementer has waived all copyright
	10	and related or neighboring rights to the source code in this file.
	11	http://creativecommons.org/publicdomain/zero/1.0/
	12	*/
	13
	14	#include <stdio.h>
	15	#include <string.h>
	16	#include "brg_endian.h"
	17	#include "displayIntermediateValues.h"
	18	#include "KeccakNISTInterface.h"
	19	#include "KeccakF-1600-interface.h"
	20
	21	typedef unsigned char UINT8;
	22	typedef unsigned long long int UINT64;
	23
	24	#define nrRounds 24
	25	UINT64 KeccakRoundConstants[nrRounds];
	26	#define nrLanes 25
	27	unsigned int KeccakRhoOffsets[nrLanes];
	28
	29	void KeccakPermutationOnWords(UINT64 *state);
	30	void theta(UINT64 *A);
	31	void rho(UINT64 *A);
	32	void pi(UINT64 *A);
	33	void chi(UINT64 *A);
	34	void iota(UINT64 *A, unsigned int indexRound);
	35
	36	void fromBytesToWords(UINT64 stateAsWords, const unsigned char state)
	37	{
	38	unsigned int i, j;
	39
	40	for(i=0; i<(KeccakPermutationSize/64); i++) {
	41	stateAsWords[i] = 0;
	42	for(j=0; j<(64/8); j++)
	43	stateAsWords[i] \|= (UINT64)(state[i(64/8)+j]) << (8j);
	44	}
	45	}
	46
	47	void fromWordsToBytes(unsigned char state, const UINT64 stateAsWords)
	48	{
	49	unsigned int i, j;
	50
	51	for(i=0; i<(KeccakPermutationSize/64); i++)
	52	for(j=0; j<(64/8); j++)
	53	state[i(64/8)+j] = (stateAsWords[i] >> (8j)) & 0xFF;
	54	}
	55
	56	void KeccakPermutation(unsigned char *state)
	57	{
	58	#if (PLATFORM_BYTE_ORDER != IS_LITTLE_ENDIAN)
	59	UINT64 stateAsWords[KeccakPermutationSize/64];
	60	#endif
	61
	62	displayStateAsBytes(1, "Input of permutation", state);
	63	#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN)
	64	KeccakPermutationOnWords((UINT64*)state);
65	#else
66	fromBytesToWords(stateAsWords, state);
67	KeccakPermutationOnWords(stateAsWords);
68	fromWordsToBytes(state, stateAsWords);
69	#endif
70	displayStateAsBytes(1, "State after permutation", state);
71	}
72
73	void KeccakPermutationAfterXor(unsigned char state, const unsigned char data, unsigned int dataLengthInBytes)
74	{
75	unsigned int i;
76
77	for(i=0; i<dataLengthInBytes; i++)
78	state[i] ^= data[i];
79	KeccakPermutation(state);
80	}
81
82	void KeccakPermutationOnWords(UINT64 *state)
83	{
84	unsigned int i;
85
86	displayStateAs64bitWords(3, "Same, with lanes as 64-bit words", state);
87
88	for(i=0; i<nrRounds; i++) {
89	displayRoundNumber(3, i);
90
91	theta(state);
92	displayStateAs64bitWords(3, "After theta", state);
93
94	rho(state);
95	displayStateAs64bitWords(3, "After rho", state);
96
97	pi(state);
98	displayStateAs64bitWords(3, "After pi", state);
99
100	chi(state);
101	displayStateAs64bitWords(3, "After chi", state);
102
103	iota(state, i);
104	displayStateAs64bitWords(3, "After iota", state);
105	}
106	}
107
108	#define index(x, y) (((x)%5)+5*((y)%5))
109	#define ROL64(a, offset) ((offset != 0) ? ((((UINT64)a) << offset) ^ (((UINT64)a) >> (64-offset))) : a)
110
111	void theta(UINT64 *A)
112	{
113	unsigned int x, y;
114	UINT64 C[5], D[5];
115
116	for(x=0; x<5; x++) {
117	C[x] = 0;
118	for(y=0; y<5; y++)
119	C[x] ^= A[index(x, y)];
120	}
121	for(x=0; x<5; x++)
122	D[x] = ROL64(C[(x+1)%5], 1) ^ C[(x+4)%5];
123	for(x=0; x<5; x++)
124	for(y=0; y<5; y++)
125	A[index(x, y)] ^= D[x];
126	}
127
128	void rho(UINT64 *A)
129	{
130	unsigned int x, y;
131
132	for(x=0; x<5; x++) for(y=0; y<5; y++)
133	A[index(x, y)] = ROL64(A[index(x, y)], KeccakRhoOffsets[index(x, y)]);
134	}
135
136	void pi(UINT64 *A)
137	{
138	unsigned int x, y;
139	UINT64 tempA[25];
140
141	for(x=0; x<5; x++) for(y=0; y<5; y++)
142	tempA[index(x, y)] = A[index(x, y)];
143	for(x=0; x<5; x++) for(y=0; y<5; y++)
144	A[index(0x+1y, 2x+3y)] = tempA[index(x, y)];
145	}
146
147	void chi(UINT64 *A)
148	{
149	unsigned int x, y;
150	UINT64 C[5];
151
152	for(y=0; y<5; y++) {
153	for(x=0; x<5; x++)
154	C[x] = A[index(x, y)] ^ ((~A[index(x+1, y)]) & A[index(x+2, y)]);
155	for(x=0; x<5; x++)
156	A[index(x, y)] = C[x];
157	}
158	}
159
160	void iota(UINT64 *A, unsigned int indexRound)
161	{
162	A[index(0, 0)] ^= KeccakRoundConstants[indexRound];
163	}
164
165	int LFSR86540(UINT8 *LFSR)
166	{
167	int result = ((*LFSR) & 0x01) != 0;
168	if (((*LFSR) & 0x80) != 0)
169	// Primitive polynomial over GF(2): x^8+x^6+x^5+x^4+1
170	(LFSR) = ((LFSR) << 1) ^ 0x71;
171	else
172	(*LFSR) <<= 1;
173	return result;
174	}
175
176	void KeccakInitializeRoundConstants()
177	{
178	UINT8 LFSRstate = 0x01;
179	unsigned int i, j, bitPosition;
180
181	for(i=0; i<nrRounds; i++) {
182	KeccakRoundConstants[i] = 0;
183	for(j=0; j<7; j++) {
184	bitPosition = (1<<j)-1; //2^j-1
185	if (LFSR86540(&LFSRstate))
186	KeccakRoundConstants[i] ^= (UINT64)1<<bitPosition;
187	}
188	}
189	}
190
191	void KeccakInitializeRhoOffsets()
192	{
193	unsigned int x, y, t, newX, newY;
194
195	KeccakRhoOffsets[index(0, 0)] = 0;
196	x = 1;
197	y = 0;
198	for(t=0; t<24; t++) {
199	KeccakRhoOffsets[index(x, y)] = ((t+1)*(t+2)/2) % 64;
200	newX = (0x+1y) % 5;
201	newY = (2x+3y) % 5;
202	x = newX;
203	y = newY;
204	}
205	}
206
207	void KeccakInitialize()
208	{
209	KeccakInitializeRoundConstants();
210	KeccakInitializeRhoOffsets();
211	}
212
213	void displayRoundConstants(FILE *f)
214	{
215	unsigned int i;
216
217	for(i=0; i<nrRounds; i++) {
218	fprintf(f, "RC[%02i][0][0] = ", i);
219	fprintf(f, "%08X", (unsigned int)(KeccakRoundConstants[i] >> 32));
220	fprintf(f, "%08X", (unsigned int)(KeccakRoundConstants[i] & 0xFFFFFFFFULL));
221	fprintf(f, "\n");
222	}
223	fprintf(f, "\n");
224	}
225
226	void displayRhoOffsets(FILE *f)
227	{
228	unsigned int x, y;
229
230	for(y=0; y<5; y++) for(x=0; x<5; x++) {
231	fprintf(f, "RhoOffset[%i][%i] = ", x, y);
232	fprintf(f, "%2i", KeccakRhoOffsets[index(x, y)]);
233	fprintf(f, "\n");
234	}
235	fprintf(f, "\n");
236	}
237
238	void KeccakInitializeState(unsigned char *state)
239	{
240	memset(state, 0, KeccakPermutationSizeInBytes);
241	}
242
243	#ifdef ProvideFast576
244	void KeccakAbsorb576bits(unsigned char state, const unsigned char data)
245	{
246	KeccakPermutationAfterXor(state, data, 72);
247	}
248	#endif
249
250	#ifdef ProvideFast832
251	void KeccakAbsorb832bits(unsigned char state, const unsigned char data)
252	{
253	KeccakPermutationAfterXor(state, data, 104);
254	}
255	#endif
256
257	#ifdef ProvideFast1024
258	void KeccakAbsorb1024bits(unsigned char state, const unsigned char data)
259	{
260	KeccakPermutationAfterXor(state, data, 128);
261	}
262	#endif
263
264	#ifdef ProvideFast1088
265	void KeccakAbsorb1088bits(unsigned char state, const unsigned char data)
266	{
267	KeccakPermutationAfterXor(state, data, 136);
268	}
269	#endif
270
271	#ifdef ProvideFast1152
272	void KeccakAbsorb1152bits(unsigned char state, const unsigned char data)
273	{
274	KeccakPermutationAfterXor(state, data, 144);
275	}
276	#endif
277
278	#ifdef ProvideFast1344
279	void KeccakAbsorb1344bits(unsigned char state, const unsigned char data)
280	{
281	KeccakPermutationAfterXor(state, data, 168);
282	}
283	#endif
284
285	void KeccakAbsorb(unsigned char state, const unsigned char data, unsigned int laneCount)
286	{
287	KeccakPermutationAfterXor(state, data, laneCount*8);
288	}
289
290	#ifdef ProvideFast1024
291	void KeccakExtract1024bits(const unsigned char state, unsigned char data)
292	{
293	memcpy(data, state, 128);
294	}
295	#endif
296
297	void KeccakExtract(const unsigned char state, unsigned char data, unsigned int laneCount)
298	{
299	memcpy(data, state, laneCount*8);
300	}