/* keccak_permute_32.h - Keccak permute function (simple 32bit bit-interleaved) * Copyright (C) 2015 Jussi Kivilinna * * This file is part of Libgcrypt. * * Libgcrypt is free software; you can redistribute it and/or modify * it under the terms of the GNU Lesser general Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * Libgcrypt is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this program; if not, see . */ /* The code is based on public-domain/CC0 "keccakc1024/simple32bi/ * Keccak-simple32BI.c" implementation by Ronny Van Keer from SUPERCOP toolkit * package. */ /* Function that computes the Keccak-f[1600] permutation on the given state. */ static unsigned int KECCAK_F1600_PERMUTE_FUNC_NAME(KECCAK_STATE *hd) { const u32 *round_consts = round_consts_32bit; const u32 *round_consts_end = round_consts_32bit + 2 * 24; u32 Aba0, Abe0, Abi0, Abo0, Abu0; u32 Aba1, Abe1, Abi1, Abo1, Abu1; u32 Aga0, Age0, Agi0, Ago0, Agu0; u32 Aga1, Age1, Agi1, Ago1, Agu1; u32 Aka0, Ake0, Aki0, Ako0, Aku0; u32 Aka1, Ake1, Aki1, Ako1, Aku1; u32 Ama0, Ame0, Ami0, Amo0, Amu0; u32 Ama1, Ame1, Ami1, Amo1, Amu1; u32 Asa0, Ase0, Asi0, Aso0, Asu0; u32 Asa1, Ase1, Asi1, Aso1, Asu1; u32 BCa0, BCe0, BCi0, BCo0, BCu0; u32 BCa1, BCe1, BCi1, BCo1, BCu1; u32 Da0, De0, Di0, Do0, Du0; u32 Da1, De1, Di1, Do1, Du1; u32 Eba0, Ebe0, Ebi0, Ebo0, Ebu0; u32 Eba1, Ebe1, Ebi1, Ebo1, Ebu1; u32 Ega0, Ege0, Egi0, Ego0, Egu0; u32 Ega1, Ege1, Egi1, Ego1, Egu1; u32 Eka0, Eke0, Eki0, Eko0, Eku0; u32 Eka1, Eke1, Eki1, Eko1, Eku1; u32 Ema0, Eme0, Emi0, Emo0, Emu0; u32 Ema1, Eme1, Emi1, Emo1, Emu1; u32 Esa0, Ese0, Esi0, Eso0, Esu0; u32 Esa1, Ese1, Esi1, Eso1, Esu1; u32 *state = hd->u.state32bi; Aba0 = state[0]; Aba1 = state[1]; Abe0 = state[2]; Abe1 = state[3]; Abi0 = state[4]; Abi1 = state[5]; Abo0 = state[6]; Abo1 = state[7]; Abu0 = state[8]; Abu1 = state[9]; Aga0 = state[10]; Aga1 = state[11]; Age0 = state[12]; Age1 = state[13]; Agi0 = state[14]; Agi1 = state[15]; Ago0 = state[16]; Ago1 = state[17]; Agu0 = state[18]; Agu1 = state[19]; Aka0 = state[20]; Aka1 = state[21]; Ake0 = state[22]; Ake1 = state[23]; Aki0 = state[24]; Aki1 = state[25]; Ako0 = state[26]; Ako1 = state[27]; Aku0 = state[28]; Aku1 = state[29]; Ama0 = state[30]; Ama1 = state[31]; Ame0 = state[32]; Ame1 = state[33]; Ami0 = state[34]; Ami1 = state[35]; Amo0 = state[36]; Amo1 = state[37]; Amu0 = state[38]; Amu1 = state[39]; Asa0 = state[40]; Asa1 = state[41]; Ase0 = state[42]; Ase1 = state[43]; Asi0 = state[44]; Asi1 = state[45]; Aso0 = state[46]; Aso1 = state[47]; Asu0 = state[48]; Asu1 = state[49]; do { /* prepareTheta */ BCa0 = Aba0 ^ Aga0 ^ Aka0 ^ Ama0 ^ Asa0; BCa1 = Aba1 ^ Aga1 ^ Aka1 ^ Ama1 ^ Asa1; BCe0 = Abe0 ^ Age0 ^ Ake0 ^ Ame0 ^ Ase0; BCe1 = Abe1 ^ Age1 ^ Ake1 ^ Ame1 ^ Ase1; BCi0 = Abi0 ^ Agi0 ^ Aki0 ^ Ami0 ^ Asi0; BCi1 = Abi1 ^ Agi1 ^ Aki1 ^ Ami1 ^ Asi1; BCo0 = Abo0 ^ Ago0 ^ Ako0 ^ Amo0 ^ Aso0; BCo1 = Abo1 ^ Ago1 ^ Ako1 ^ Amo1 ^ Aso1; BCu0 = Abu0 ^ Agu0 ^ Aku0 ^ Amu0 ^ Asu0; BCu1 = Abu1 ^ Agu1 ^ Aku1 ^ Amu1 ^ Asu1; /* thetaRhoPiChiIota(round , A, E) */ Da0 = BCu0 ^ ROL32(BCe1, 1); Da1 = BCu1 ^ BCe0; De0 = BCa0 ^ ROL32(BCi1, 1); De1 = BCa1 ^ BCi0; Di0 = BCe0 ^ ROL32(BCo1, 1); Di1 = BCe1 ^ BCo0; Do0 = BCi0 ^ ROL32(BCu1, 1); Do1 = BCi1 ^ BCu0; Du0 = BCo0 ^ ROL32(BCa1, 1); Du1 = BCo1 ^ BCa0; Aba0 ^= Da0; BCa0 = Aba0; Age0 ^= De0; BCe0 = ROL32(Age0, 22); Aki1 ^= Di1; BCi0 = ROL32(Aki1, 22); Amo1 ^= Do1; BCo0 = ROL32(Amo1, 11); Asu0 ^= Du0; BCu0 = ROL32(Asu0, 7); Eba0 = BCa0 ^ ANDN32(BCe0, BCi0); Eba0 ^= *(round_consts++); Ebe0 = BCe0 ^ ANDN32(BCi0, BCo0); Ebi0 = BCi0 ^ ANDN32(BCo0, BCu0); Ebo0 = BCo0 ^ ANDN32(BCu0, BCa0); Ebu0 = BCu0 ^ ANDN32(BCa0, BCe0); Aba1 ^= Da1; BCa1 = Aba1; Age1 ^= De1; BCe1 = ROL32(Age1, 22); Aki0 ^= Di0; BCi1 = ROL32(Aki0, 21); Amo0 ^= Do0; BCo1 = ROL32(Amo0, 10); Asu1 ^= Du1; BCu1 = ROL32(Asu1, 7); Eba1 = BCa1 ^ ANDN32(BCe1, BCi1); Eba1 ^= *(round_consts++); Ebe1 = BCe1 ^ ANDN32(BCi1, BCo1); Ebi1 = BCi1 ^ ANDN32(BCo1, BCu1); Ebo1 = BCo1 ^ ANDN32(BCu1, BCa1); Ebu1 = BCu1 ^ ANDN32(BCa1, BCe1); Abo0 ^= Do0; BCa0 = ROL32(Abo0, 14); Agu0 ^= Du0; BCe0 = ROL32(Agu0, 10); Aka1 ^= Da1; BCi0 = ROL32(Aka1, 2); Ame1 ^= De1; BCo0 = ROL32(Ame1, 23); Asi1 ^= Di1; BCu0 = ROL32(Asi1, 31); Ega0 = BCa0 ^ ANDN32(BCe0, BCi0); Ege0 = BCe0 ^ ANDN32(BCi0, BCo0); Egi0 = BCi0 ^ ANDN32(BCo0, BCu0); Ego0 = BCo0 ^ ANDN32(BCu0, BCa0); Egu0 = BCu0 ^ ANDN32(BCa0, BCe0); Abo1 ^= Do1; BCa1 = ROL32(Abo1, 14); Agu1 ^= Du1; BCe1 = ROL32(Agu1, 10); Aka0 ^= Da0; BCi1 = ROL32(Aka0, 1); Ame0 ^= De0; BCo1 = ROL32(Ame0, 22); Asi0 ^= Di0; BCu1 = ROL32(Asi0, 30); Ega1 = BCa1 ^ ANDN32(BCe1, BCi1); Ege1 = BCe1 ^ ANDN32(BCi1, BCo1); Egi1 = BCi1 ^ ANDN32(BCo1, BCu1); Ego1 = BCo1 ^ ANDN32(BCu1, BCa1); Egu1 = BCu1 ^ ANDN32(BCa1, BCe1); Abe1 ^= De1; BCa0 = ROL32(Abe1, 1); Agi0 ^= Di0; BCe0 = ROL32(Agi0, 3); Ako1 ^= Do1; BCi0 = ROL32(Ako1, 13); Amu0 ^= Du0; BCo0 = ROL32(Amu0, 4); Asa0 ^= Da0; BCu0 = ROL32(Asa0, 9); Eka0 = BCa0 ^ ANDN32(BCe0, BCi0); Eke0 = BCe0 ^ ANDN32(BCi0, BCo0); Eki0 = BCi0 ^ ANDN32(BCo0, BCu0); Eko0 = BCo0 ^ ANDN32(BCu0, BCa0); Eku0 = BCu0 ^ ANDN32(BCa0, BCe0); Abe0 ^= De0; BCa1 = Abe0; Agi1 ^= Di1; BCe1 = ROL32(Agi1, 3); Ako0 ^= Do0; BCi1 = ROL32(Ako0, 12); Amu1 ^= Du1; BCo1 = ROL32(Amu1, 4); Asa1 ^= Da1; BCu1 = ROL32(Asa1, 9); Eka1 = BCa1 ^ ANDN32(BCe1, BCi1); Eke1 = BCe1 ^ ANDN32(BCi1, BCo1); Eki1 = BCi1 ^ ANDN32(BCo1, BCu1); Eko1 = BCo1 ^ ANDN32(BCu1, BCa1); Eku1 = BCu1 ^ ANDN32(BCa1, BCe1); Abu1 ^= Du1; BCa0 = ROL32(Abu1, 14); Aga0 ^= Da0; BCe0 = ROL32(Aga0, 18); Ake0 ^= De0; BCi0 = ROL32(Ake0, 5); Ami1 ^= Di1; BCo0 = ROL32(Ami1, 8); Aso0 ^= Do0; BCu0 = ROL32(Aso0, 28); Ema0 = BCa0 ^ ANDN32(BCe0, BCi0); Eme0 = BCe0 ^ ANDN32(BCi0, BCo0); Emi0 = BCi0 ^ ANDN32(BCo0, BCu0); Emo0 = BCo0 ^ ANDN32(BCu0, BCa0); Emu0 = BCu0 ^ ANDN32(BCa0, BCe0); Abu0 ^= Du0; BCa1 = ROL32(Abu0, 13); Aga1 ^= Da1; BCe1 = ROL32(Aga1, 18); Ake1 ^= De1; BCi1 = ROL32(Ake1, 5); Ami0 ^= Di0; BCo1 = ROL32(Ami0, 7); Aso1 ^= Do1; BCu1 = ROL32(Aso1, 28); Ema1 = BCa1 ^ ANDN32(BCe1, BCi1); Eme1 = BCe1 ^ ANDN32(BCi1, BCo1); Emi1 = BCi1 ^ ANDN32(BCo1, BCu1); Emo1 = BCo1 ^ ANDN32(BCu1, BCa1); Emu1 = BCu1 ^ ANDN32(BCa1, BCe1); Abi0 ^= Di0; BCa0 = ROL32(Abi0, 31); Ago1 ^= Do1; BCe0 = ROL32(Ago1, 28); Aku1 ^= Du1; BCi0 = ROL32(Aku1, 20); Ama1 ^= Da1; BCo0 = ROL32(Ama1, 21); Ase0 ^= De0; BCu0 = ROL32(Ase0, 1); Esa0 = BCa0 ^ ANDN32(BCe0, BCi0); Ese0 = BCe0 ^ ANDN32(BCi0, BCo0); Esi0 = BCi0 ^ ANDN32(BCo0, BCu0); Eso0 = BCo0 ^ ANDN32(BCu0, BCa0); Esu0 = BCu0 ^ ANDN32(BCa0, BCe0); Abi1 ^= Di1; BCa1 = ROL32(Abi1, 31); Ago0 ^= Do0; BCe1 = ROL32(Ago0, 27); Aku0 ^= Du0; BCi1 = ROL32(Aku0, 19); Ama0 ^= Da0; BCo1 = ROL32(Ama0, 20); Ase1 ^= De1; BCu1 = ROL32(Ase1, 1); Esa1 = BCa1 ^ ANDN32(BCe1, BCi1); Ese1 = BCe1 ^ ANDN32(BCi1, BCo1); Esi1 = BCi1 ^ ANDN32(BCo1, BCu1); Eso1 = BCo1 ^ ANDN32(BCu1, BCa1); Esu1 = BCu1 ^ ANDN32(BCa1, BCe1); /* prepareTheta */ BCa0 = Eba0 ^ Ega0 ^ Eka0 ^ Ema0 ^ Esa0; BCa1 = Eba1 ^ Ega1 ^ Eka1 ^ Ema1 ^ Esa1; BCe0 = Ebe0 ^ Ege0 ^ Eke0 ^ Eme0 ^ Ese0; BCe1 = Ebe1 ^ Ege1 ^ Eke1 ^ Eme1 ^ Ese1; BCi0 = Ebi0 ^ Egi0 ^ Eki0 ^ Emi0 ^ Esi0; BCi1 = Ebi1 ^ Egi1 ^ Eki1 ^ Emi1 ^ Esi1; BCo0 = Ebo0 ^ Ego0 ^ Eko0 ^ Emo0 ^ Eso0; BCo1 = Ebo1 ^ Ego1 ^ Eko1 ^ Emo1 ^ Eso1; BCu0 = Ebu0 ^ Egu0 ^ Eku0 ^ Emu0 ^ Esu0; BCu1 = Ebu1 ^ Egu1 ^ Eku1 ^ Emu1 ^ Esu1; /* thetaRhoPiChiIota(round+1, E, A) */ Da0 = BCu0 ^ ROL32(BCe1, 1); Da1 = BCu1 ^ BCe0; De0 = BCa0 ^ ROL32(BCi1, 1); De1 = BCa1 ^ BCi0; Di0 = BCe0 ^ ROL32(BCo1, 1); Di1 = BCe1 ^ BCo0; Do0 = BCi0 ^ ROL32(BCu1, 1); Do1 = BCi1 ^ BCu0; Du0 = BCo0 ^ ROL32(BCa1, 1); Du1 = BCo1 ^ BCa0; Eba0 ^= Da0; BCa0 = Eba0; Ege0 ^= De0; BCe0 = ROL32(Ege0, 22); Eki1 ^= Di1; BCi0 = ROL32(Eki1, 22); Emo1 ^= Do1; BCo0 = ROL32(Emo1, 11); Esu0 ^= Du0; BCu0 = ROL32(Esu0, 7); Aba0 = BCa0 ^ ANDN32(BCe0, BCi0); Aba0 ^= *(round_consts++); Abe0 = BCe0 ^ ANDN32(BCi0, BCo0); Abi0 = BCi0 ^ ANDN32(BCo0, BCu0); Abo0 = BCo0 ^ ANDN32(BCu0, BCa0); Abu0 = BCu0 ^ ANDN32(BCa0, BCe0); Eba1 ^= Da1; BCa1 = Eba1; Ege1 ^= De1; BCe1 = ROL32(Ege1, 22); Eki0 ^= Di0; BCi1 = ROL32(Eki0, 21); Emo0 ^= Do0; BCo1 = ROL32(Emo0, 10); Esu1 ^= Du1; BCu1 = ROL32(Esu1, 7); Aba1 = BCa1 ^ ANDN32(BCe1, BCi1); Aba1 ^= *(round_consts++); Abe1 = BCe1 ^ ANDN32(BCi1, BCo1); Abi1 = BCi1 ^ ANDN32(BCo1, BCu1); Abo1 = BCo1 ^ ANDN32(BCu1, BCa1); Abu1 = BCu1 ^ ANDN32(BCa1, BCe1); Ebo0 ^= Do0; BCa0 = ROL32(Ebo0, 14); Egu0 ^= Du0; BCe0 = ROL32(Egu0, 10); Eka1 ^= Da1; BCi0 = ROL32(Eka1, 2); Eme1 ^= De1; BCo0 = ROL32(Eme1, 23); Esi1 ^= Di1; BCu0 = ROL32(Esi1, 31); Aga0 = BCa0 ^ ANDN32(BCe0, BCi0); Age0 = BCe0 ^ ANDN32(BCi0, BCo0); Agi0 = BCi0 ^ ANDN32(BCo0, BCu0); Ago0 = BCo0 ^ ANDN32(BCu0, BCa0); Agu0 = BCu0 ^ ANDN32(BCa0, BCe0); Ebo1 ^= Do1; BCa1 = ROL32(Ebo1, 14); Egu1 ^= Du1; BCe1 = ROL32(Egu1, 10); Eka0 ^= Da0; BCi1 = ROL32(Eka0, 1); Eme0 ^= De0; BCo1 = ROL32(Eme0, 22); Esi0 ^= Di0; BCu1 = ROL32(Esi0, 30); Aga1 = BCa1 ^ ANDN32(BCe1, BCi1); Age1 = BCe1 ^ ANDN32(BCi1, BCo1); Agi1 = BCi1 ^ ANDN32(BCo1, BCu1); Ago1 = BCo1 ^ ANDN32(BCu1, BCa1); Agu1 = BCu1 ^ ANDN32(BCa1, BCe1); Ebe1 ^= De1; BCa0 = ROL32(Ebe1, 1); Egi0 ^= Di0; BCe0 = ROL32(Egi0, 3); Eko1 ^= Do1; BCi0 = ROL32(Eko1, 13); Emu0 ^= Du0; BCo0 = ROL32(Emu0, 4); Esa0 ^= Da0; BCu0 = ROL32(Esa0, 9); Aka0 = BCa0 ^ ANDN32(BCe0, BCi0); Ake0 = BCe0 ^ ANDN32(BCi0, BCo0); Aki0 = BCi0 ^ ANDN32(BCo0, BCu0); Ako0 = BCo0 ^ ANDN32(BCu0, BCa0); Aku0 = BCu0 ^ ANDN32(BCa0, BCe0); Ebe0 ^= De0; BCa1 = Ebe0; Egi1 ^= Di1; BCe1 = ROL32(Egi1, 3); Eko0 ^= Do0; BCi1 = ROL32(Eko0, 12); Emu1 ^= Du1; BCo1 = ROL32(Emu1, 4); Esa1 ^= Da1; BCu1 = ROL32(Esa1, 9); Aka1 = BCa1 ^ ANDN32(BCe1, BCi1); Ake1 = BCe1 ^ ANDN32(BCi1, BCo1); Aki1 = BCi1 ^ ANDN32(BCo1, BCu1); Ako1 = BCo1 ^ ANDN32(BCu1, BCa1); Aku1 = BCu1 ^ ANDN32(BCa1, BCe1); Ebu1 ^= Du1; BCa0 = ROL32(Ebu1, 14); Ega0 ^= Da0; BCe0 = ROL32(Ega0, 18); Eke0 ^= De0; BCi0 = ROL32(Eke0, 5); Emi1 ^= Di1; BCo0 = ROL32(Emi1, 8); Eso0 ^= Do0; BCu0 = ROL32(Eso0, 28); Ama0 = BCa0 ^ ANDN32(BCe0, BCi0); Ame0 = BCe0 ^ ANDN32(BCi0, BCo0); Ami0 = BCi0 ^ ANDN32(BCo0, BCu0); Amo0 = BCo0 ^ ANDN32(BCu0, BCa0); Amu0 = BCu0 ^ ANDN32(BCa0, BCe0); Ebu0 ^= Du0; BCa1 = ROL32(Ebu0, 13); Ega1 ^= Da1; BCe1 = ROL32(Ega1, 18); Eke1 ^= De1; BCi1 = ROL32(Eke1, 5); Emi0 ^= Di0; BCo1 = ROL32(Emi0, 7); Eso1 ^= Do1; BCu1 = ROL32(Eso1, 28); Ama1 = BCa1 ^ ANDN32(BCe1, BCi1); Ame1 = BCe1 ^ ANDN32(BCi1, BCo1); Ami1 = BCi1 ^ ANDN32(BCo1, BCu1); Amo1 = BCo1 ^ ANDN32(BCu1, BCa1); Amu1 = BCu1 ^ ANDN32(BCa1, BCe1); Ebi0 ^= Di0; BCa0 = ROL32(Ebi0, 31); Ego1 ^= Do1; BCe0 = ROL32(Ego1, 28); Eku1 ^= Du1; BCi0 = ROL32(Eku1, 20); Ema1 ^= Da1; BCo0 = ROL32(Ema1, 21); Ese0 ^= De0; BCu0 = ROL32(Ese0, 1); Asa0 = BCa0 ^ ANDN32(BCe0, BCi0); Ase0 = BCe0 ^ ANDN32(BCi0, BCo0); Asi0 = BCi0 ^ ANDN32(BCo0, BCu0); Aso0 = BCo0 ^ ANDN32(BCu0, BCa0); Asu0 = BCu0 ^ ANDN32(BCa0, BCe0); Ebi1 ^= Di1; BCa1 = ROL32(Ebi1, 31); Ego0 ^= Do0; BCe1 = ROL32(Ego0, 27); Eku0 ^= Du0; BCi1 = ROL32(Eku0, 19); Ema0 ^= Da0; BCo1 = ROL32(Ema0, 20); Ese1 ^= De1; BCu1 = ROL32(Ese1, 1); Asa1 = BCa1 ^ ANDN32(BCe1, BCi1); Ase1 = BCe1 ^ ANDN32(BCi1, BCo1); Asi1 = BCi1 ^ ANDN32(BCo1, BCu1); Aso1 = BCo1 ^ ANDN32(BCu1, BCa1); Asu1 = BCu1 ^ ANDN32(BCa1, BCe1); } while (round_consts < round_consts_end); state[0] = Aba0; state[1] = Aba1; state[2] = Abe0; state[3] = Abe1; state[4] = Abi0; state[5] = Abi1; state[6] = Abo0; state[7] = Abo1; state[8] = Abu0; state[9] = Abu1; state[10] = Aga0; state[11] = Aga1; state[12] = Age0; state[13] = Age1; state[14] = Agi0; state[15] = Agi1; state[16] = Ago0; state[17] = Ago1; state[18] = Agu0; state[19] = Agu1; state[20] = Aka0; state[21] = Aka1; state[22] = Ake0; state[23] = Ake1; state[24] = Aki0; state[25] = Aki1; state[26] = Ako0; state[27] = Ako1; state[28] = Aku0; state[29] = Aku1; state[30] = Ama0; state[31] = Ama1; state[32] = Ame0; state[33] = Ame1; state[34] = Ami0; state[35] = Ami1; state[36] = Amo0; state[37] = Amo1; state[38] = Amu0; state[39] = Amu1; state[40] = Asa0; state[41] = Asa1; state[42] = Ase0; state[43] = Ase1; state[44] = Asi0; state[45] = Asi1; state[46] = Aso0; state[47] = Aso1; state[48] = Asu0; state[49] = Asu1; return sizeof(void *) * 4 + sizeof(u32) * 12 * 5 * 2; }