Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • car/libdap-crypto
1 result
Show changes
Hide whitespace changes
Inline Side-by-side
Showing
with 3337 additions and 0 deletions
src/XKCP/doc/KeccakPRG-documentation.h 0 → 100755
View file @ 70bfa60b
/*
Implementation by Gilles Van Assche, hereby denoted as "the implementer".
For more information, feedback or questions, please refer to our website:
https://keccak.team/
To the extent possible under law, the implementer has waived all copyright
and related or neighboring rights to the source code in this file.
http://creativecommons.org/publicdomain/zero/1.0/
*/
/** General information
*
* The following functions implement a pseudo-random bit generator based on Keccak.
* More specifically, they instantiate the SpongePRG mode, published in our SAC 2011 paper,
* with Keccak. (https://keccak.team/files/SpongeDuplex.pdf)
*
* For the 128-bit security strength, we recommend SpongePRG on top of Keccak-f[1600]
* with a capacity of 254 bits. If a smaller footprint is required, we recommend
* SpongePRG on top of Keccak-f[800] again with a capacity of 254 bits.
*
* The following type and functions are not actually implemented. Their
* documentation is generic, with the prefix Prefix replaced by
* - KeccakWidth200 for a SpongePRG object based on Keccak-f[200]
* - KeccakWidth400 for a SpongePRG object based on Keccak-f[400]
* - KeccakWidth800 for a SpongePRG object based on Keccak-f[800]
* - KeccakWidth1600 for a SpongePRG object based on Keccak-f[1600]
*
* In all these functions, the rate and capacity must sum to the width of the
* chosen permutation. For instance, to use the SpongePRG object with
* Keccak[r=1346, c=254], one must use the KeccakWidth1600_SpongePRG* functions.
*
* The Prefix_SpongePRG_Instance contains the SpongePRG instance attributes for use
* with the Prefix_SpongePRG* functions.
* It gathers the state processed by the permutation as well as the rate,
* the position of input/output bytes in the state in case of partial
* input or output.
*/
#ifdef DontReallyInclude_DocumentationOnly
/**
* Structure that contains the SpongePRG instance for use with the
* Prefix_SpongePRG* functions.
* It gathers the state processed by the permutation as well as
* the rate.
*/
typedef struct Prefix_SpongePRG_InstanceStruct {
/** The underlying duplex construction. */
Prefix_DuplexInstance duplex;
} Prefix_SpongePRG_Instance;
/**
* Function to initialize a SpongePRG object SpongePRG[Keccak-f[r+c], pad10*1, r, ρ].
* The user specifies the security strength via the capacity c, while the block size ρ
* and the rate r are computed as follows:
* - The rate is set to r=b-r, with b the width of the chosen
* permutation selected via the Prefix.
* - The block size ρ is set to 8*floor((r-2)/8) bits.
* For instance, to initialize SpongePRG on top of Keccak-f[1600] with c=254 bits,
* one should call KeccakWidth1600_SpongePRG_Initialize(&instance, 254) and
* the block size is ρ=1344 bits or 168 bytes.
* Similarly, to initialize SpongePRG on top of Keccak-f[800] with c=254 bits,
* one should call KeccakWidth800_SpongePRG_Initialize(&instance, 254) and
* the block size is ρ=544 bits or 68 bytes.
* @param instance Pointer to the SpongePRG instance to be initialized.
* @param capacity Value of the capacity c (in bits).
* @pre 0 ≤ @a capacity ≤ b-10, and otherwise the value of the capacity is unrestricted.
* @return Zero if successful, 1 otherwise.
*/
int Prefix_SpongePRG_Initialize(Prefix_SpongePRG_Instance *instance, unsigned int capacity);
/**
* Function to feed the generator with an input seed, which will influence
* all further outputs.
* @param instance Pointer to the SpongePRG instance initialized
* by Prefix_SpongePRG_Initialize().
* @param input Pointer to the bytes to queue.
* @param inputByteLen The number of input bytes provided in @a input.
* @return Zero if successful, 1 otherwise.
*/
int Prefix_SpongePRG_Feed(Prefix_SpongePRG_Instance *instance, const unsigned char *input, unsigned int inputByteLen);
/**
* Function to fetch output pseudo-random bytes based on all previously fed seeds.
* Pseudo-random output should not be fetched before seeds with sufficient
* entropy has been fed.
* @param instance Pointer to the SpongePRG instance initialized
* by Prefix_SpongePRG_Initialize().
* @param output Pointer to the buffer where to store the output.
* @param outputByteLen The number of output bytes desired.
* @return Zero if successful, 1 otherwise.
*/
int Prefix_SpongePRG_Fetch(Prefix_SpongePRG_Instance *instance, unsigned char *out, unsigned int outByteLen);
/**
* Function to ensure irreversibility.
* This function requires that ρ≥c. If so, its purpose is to guarantee that even
* if the value of the state is leaked, an adversary cannot compute outputs
* prior to calling this function.
* @param instance Pointer to the SpongePRG instance initialized
* by Prefix_SpongePRG_Initialize().
* @pre The instance must satisfy ρ≥c, ortherwise the function returns an error.
* @return Zero if successful, 1 otherwise.
*/
int Prefix_SpongePRG_Forget(Prefix_SpongePRG_Instance *instance);
#endif
src/XKCP/doc/KeccakSponge-documentation.h 0 → 100755
View file @ 70bfa60b
/*
Implementation by the Keccak Team, namely, Guido Bertoni, Joan Daemen,
Michaël Peeters, Gilles Van Assche and Ronny Van Keer,
hereby denoted as "the implementer".
For more information, feedback or questions, please refer to our website:
https://keccak.team/
To the extent possible under law, the implementer has waived all copyright
and related or neighboring rights to the source code in this file.
http://creativecommons.org/publicdomain/zero/1.0/
*/
/** General information
*
* The following type and functions are not actually implemented. Their
* documentation is generic, with the prefix Prefix replaced by
* - KeccakWidth200 for a sponge function based on Keccak-f[200]
* - KeccakWidth400 for a sponge function based on Keccak-f[400]
* - KeccakWidth800 for a sponge function based on Keccak-f[800]
* - KeccakWidth1600 for a sponge function based on Keccak-f[1600]
*
* In all these functions, the rate and capacity must sum to the width of the
* chosen permutation. For instance, to use the sponge function
* Keccak[r=1344, c=256], one must use KeccakWidth1600_Sponge() or a combination
* of KeccakWidth1600_SpongeInitialize(), KeccakWidth1600_SpongeAbsorb(),
* KeccakWidth1600_SpongeAbsorbLastFewBits() and
* KeccakWidth1600_SpongeSqueeze().
*
* The Prefix_SpongeInstance contains the sponge instance attributes for use
* with the Prefix_Sponge* functions.
* It gathers the state processed by the permutation as well as the rate,
* the position of input/output bytes in the state and the phase
* (absorbing or squeezing).
*/
#ifdef DontReallyInclude_DocumentationOnly
/** Function to evaluate the sponge function Keccak[r, c] in a single call.
* @param rate The value of the rate r.
* @param capacity The value of the capacity c.
* @param input Pointer to the input message (before the suffix).
* @param inputByteLen The length of the input message in bytes.
* @param suffix Byte containing from 0 to 7 suffix bits
* that must be absorbed after @a input.
* These <i>n</i> bits must be in the least significant bit positions.
* These bits must be delimited with a bit 1 at position <i>n</i>
* (counting from 0=LSB to 7=MSB) and followed by bits 0
* from position <i>n</i>+1 to position 7.
* Some examples:
* - If no bits are to be absorbed, then @a suffix must be 0x01.
* - If the 2-bit sequence 0,0 is to be absorbed, @a suffix must be 0x04.
* - If the 5-bit sequence 0,1,0,0,1 is to be absorbed, @a suffix must be 0x32.
* - If the 7-bit sequence 1,1,0,1,0,0,0 is to be absorbed, @a suffix must be 0x8B.
* .
* @param output Pointer to the output buffer.
* @param outputByteLen The desired number of output bytes.
* @pre One must have r+c equal to the supported width of this implementation
* and the rate a multiple of 8 bits (one byte) in this implementation.
* @pre @a suffix ≠ 0x00
* @return Zero if successful, 1 otherwise.
*/
int Prefix_Sponge(unsigned int rate, unsigned int capacity, const unsigned char *input, size_t inputByteLen, unsigned char suffix, unsigned char *output, size_t outputByteLen);
/**
* Function to initialize the state of the Keccak[r, c] sponge function.
* The phase of the sponge function is set to absorbing.
* @param spongeInstance Pointer to the sponge instance to be initialized.
* @param rate The value of the rate r.
* @param capacity The value of the capacity c.
* @pre One must have r+c equal to the supported width of this implementation
* and the rate a multiple of 8 bits (one byte) in this implementation.
* @return Zero if successful, 1 otherwise.
*/
int Prefix_SpongeInitialize(Prefix_SpongeInstance *spongeInstance, unsigned int rate, unsigned int capacity);
/**
* Function to give input data bytes for the sponge function to absorb.
* @param spongeInstance Pointer to the sponge instance initialized by Prefix_SpongeInitialize().
* @param data Pointer to the input data.
* @param dataByteLen The number of input bytes provided in the input data.
* @pre The sponge function must be in the absorbing phase,
* i.e., Prefix_SpongeSqueeze() or Prefix_SpongeAbsorbLastFewBits()
* must not have been called before.
* @return Zero if successful, 1 otherwise.
*/
int Prefix_SpongeAbsorb(Prefix_SpongeInstance *spongeInstance, const unsigned char *data, size_t dataByteLen);
/**
* Function to give input data bits for the sponge function to absorb
* and then to switch to the squeezing phase.
* @param spongeInstance Pointer to the sponge instance initialized by Prefix_SpongeInitialize().
* @param delimitedData Byte containing from 0 to 7 trailing bits
* that must be absorbed.
* These <i>n</i> bits must be in the least significant bit positions.
* These bits must be delimited with a bit 1 at position <i>n</i>
* (counting from 0=LSB to 7=MSB) and followed by bits 0
* from position <i>n</i>+1 to position 7.
* Some examples:
* - If no bits are to be absorbed, then @a delimitedData must be 0x01.
* - If the 2-bit sequence 0,0 is to be absorbed, @a delimitedData must be 0x04.
* - If the 5-bit sequence 0,1,0,0,1 is to be absorbed, @a delimitedData must be 0x32.
* - If the 7-bit sequence 1,1,0,1,0,0,0 is to be absorbed, @a delimitedData must be 0x8B.
* .
* @pre The sponge function must be in the absorbing phase,
* i.e., Prefix_SpongeSqueeze() or Prefix_SpongeAbsorbLastFewBits()
* must not have been called before.
* @pre @a delimitedData ≠ 0x00
* @return Zero if successful, 1 otherwise.
*/
int Prefix_SpongeAbsorbLastFewBits(Prefix_SpongeInstance *spongeInstance, unsigned char delimitedData);
/**
* Function to squeeze output data from the sponge function.
* If the sponge function was in the absorbing phase, this function
* switches it to the squeezing phase
* as if Prefix_SpongeAbsorbLastFewBits(spongeInstance, 0x01) was called.
* @param spongeInstance Pointer to the sponge instance initialized by Prefix_SpongeInitialize().
* @param data Pointer to the buffer where to store the output data.
* @param dataByteLen The number of output bytes desired.
* @return Zero if successful, 1 otherwise.
*/
int Prefix_SpongeSqueeze(Prefix_SpongeInstance *spongeInstance, unsigned char *data, size_t dataByteLen);
#endif
src/XKCP/doc/Ketje-documentation.h 0 → 100755
View file @ 70bfa60b
/*
Implementation by Ronny Van Keer, hereby denoted as "the implementer".
For more information, feedback or questions, please refer to our website:
https://keccak.team/
To the extent possible under law, the implementer has waived all copyright
and related or neighboring rights to the source code in this file.
http://creativecommons.org/publicdomain/zero/1.0/
*/
/** General information
*
* The following type and functions are not actually implemented. Their
* documentation is generic, with the prefix Prefix replaced by
* - KetjeJr for Ketje Jr, using Keccak-p[200]
* - KetjeSr for Ketje Sr, using Keccak-p[400]
* - KetjeMn for Ketje Minor, using Keccak-p[800]
* - KetjeMj for Ketje Major, using Keccak-p[1600]
*
* The Prefix_Instance contains the Keyak instance attributes for use
* with the Prefix* functions.
*/
#ifdef DontReallyInclude_DocumentationOnly
/**
* Structure that contains the Ketje instance for use with the
* Prefix* functions.
*/
ALIGN typedef struct {
/** The state processed by the permutation. */
unsigned char state[KeccakF_stateSizeInBytes];
/** The phase. */
unsigned int phase;
/** The amount of associated or plaintext data that has been
* XORed into the state after the last call to step or stride */
unsigned int dataRemainderSize;
} Prefix_Instance;
/**
* Function that feeds the key and the nonce. Both are bit strings and consist of a sequence of bytes.
*
* @param instance Pointer to the Ketje instance structure.
* @param key Pointer to the key.
* @param keySizeInBits The size of the key in bits.
* @param nonce Pointer to the nonce.
* @param nonceSizeInBits The size of the nonce in bits.
*
* @pre phase == *
* @pre 8*((keySizeInBits+16)/8) + nonceSizeInBits + 2 <= 8*SnP_width
*
* @post phase == feedingAssociatedData
*
* @return 0 if successful, 1 otherwise.
*/
int Prefix_Initialize(Ketje_Instance *instance, const unsigned char *key, unsigned int keySizeInBits, const unsigned char *nonce, unsigned int nonceSizeInBits);
/**
* Function that feeds (partial) associated data that consists of a sequence
* of bytes. Associated data may be fed in multiple calls to this function.
* The end of it is indicated by a call to wrap or unwrap.
*
* @param instance Pointer to the Ketje instance structure.
* @param data Pointer to the (partial) associated data.
* @param dataSizeInBytes The size of the (partial) associated data in bytes.
*
* @pre phase == feedingAssociatedData
*
* @post phase == feedingAssociatedData
*
* @return 0 if successful, 1 otherwise.
*/
int Prefix_FeedAssociatedData(Ketje_Instance *instance, const unsigned char *data, unsigned int dataSizeInBytes);
/**
* Function that presents a (partial) plaintext body that consists of a
* sequence of bytes for wrapping. A plaintext body may be wrapped in
* multiple calls to wrap. The end of the plaintext body is indicated
* by a call to getTag.
*
* @param instance Pointer to the Ketje instance structure.
* @param plaintext The (partial) plaintext body.
* @param ciphertext The buffer where enciphered data will be stored, can be equal to plaintext buffer.
* @param dataSizeInBytes The size of the (partial) plaintext body.
*
* @pre ( phase == feedingAssociatedData ) or ( phase == wrapping )
*
* @post phase == wrapping
*
* @return 0 if successful, 1 otherwise.
*/
int Prefix_WrapPlaintext(Ketje_Instance *instance, const unsigned char *plaintext, unsigned char *ciphertext, unsigned int dataSizeInBytes);
/**
* Function that presents a (partial) ciphertext body that consists of a
* sequence of bytes for unwrapping. A ciphertext body may be wrapped in
* multiple calls to unwrap. The end of the ciphertext body is indicated
* by a call to getTag.
*
* @param instance Pointer to the Ketje instance structure.
* @param ciphertext The (partial) ciphertext body.
* @param plaintext The buffer where deciphered data will be stored, can be equal to ciphertext buffer.
* @param dataSizeInBytes The size of the (partial) ciphertext body.
*
* @pre ( phase == feedingAssociatedData ) or ( phase == unwrapping )
*
* @post phase == unwrapping
*
* @return 0 if successful, 1 otherwise.
*/
int Prefix_UnwrapCiphertext(Ketje_Instance *instance, const unsigned char *ciphertext, unsigned char *plaintext, unsigned int dataSizeInBytes);
/**
* Function that gets a tag of a requested size in bytes. The full tag must be retrieved
* with a single call to getTag.
*
* @param instance Pointer to the Ketje instance structure.
* @param tag The buffer where to store the tag.
* @param tagSizeInBytes The length in bytes of the tag requested.
*
* @pre ( phase == wrapping ) or ( phase == unwrapping )
*
* @post phase == feedingAssociatedData
*
* @return 0 if successful, 1 otherwise.
*/
int Prefix_GetTag(Ketje_Instance *instance, unsigned char *tag, unsigned int tagSizeInBytes);
#endif
src/XKCP/doc/Keyak-documentation.h 0 → 100755
View file @ 70bfa60b
/*
Implementation by Ronny Van Keer, hereby denoted as "the implementer".
For more information, feedback or questions, please refer to our website:
https://keccak.team/
To the extent possible under law, the implementer has waived all copyright
and related or neighboring rights to the source code in this file.
http://creativecommons.org/publicdomain/zero/1.0/
*/
/** General information
*
* The following type and functions are not actually implemented. Their
* documentation is generic, with the prefix Prefix replaced by
* - River for River Keyak, using a single Keccak-p[800,12]
* - Lake for Lake Keyak, using a single Keccak-p[1600,12]
* - Sea for Sea Keyak, using 2 parallel Keccak-p[1600,12]
* - Ocean for Ocean Keyak, using 4 parallel Keccak-p[1600,12]
* - Lunar for Lunar Keyak, using 8 parallel Keccak-p[1600,12]
*
* The PrefixKeyak_Instance contains the Keyak instance attributes for use
* with the PrefixKeyak* functions.
*/
#ifdef DontReallyInclude_DocumentationOnly
/**
* Structure that contains the Keyak instance for use with the
* PrefixKeyak functions.
*/
typedef struct {
/** The underlying motorist instance. */
PrefixMotorist_Motorist_Instance motorist;
} PrefixKeyak_Instance;
/**
* Function that initializes, feeds the key and the nonce. The key and nonce consists of sequences of bytes.
*
* @param instance Pointer to the Keyak instance structure.
* @param key Pointer to the key.
* @param keySizeInBytes The size of the key in bytes.
* @param nonce Pointer to the nonce.
* @param nonceSizeInBytes The size of the nonce in bytes.
* @param tagFlag Flag to generate/check a tag on initialization.
* @param tag Pointer to tag buffer.
* @param unwrapFlag Flag to generate (false) or check (true) the tag, this argument is ignored if tagFlag is false.
* @param forgetFlag Flag to apply the forget operation (true).
*
* @pre phase == *
* @pre keySizeInBytes ≤ (::PrefixKeyak_Lk - 2)
* @pre nonceSizeInBytes ≤ ::PrefixKeyak_MaxNoncelength
*
* @post (phase == motorist.riding) or (phase == motorist.failed)
*
* @return 1 if successful, 0 if tag mismatch, -1 other error.
*/
int PrefixKeyak_Initialize(PrefixKeyak_Instance *instance,
const unsigned char *key, unsigned int keySizeInBytes,
const unsigned char *nonce, unsigned int nonceSizeInBytes,
int tagFlag, unsigned char * tag,
int unwrapFlag, int forgetFlag);
/**
* Function that presents full input data that consists of a
* sequence of bytes for (un)wrapping and feeds full associated data
* that consists of a sequence of bytes.
*
* @param instance Pointer to the Keyak instance structure.
* @param input Pointer to full input data to wrap or unwrap.
* @param output Pointer to buffer where the full (un)wrapped data will be stored.
* This pointer can be equal to the input buffer to save memory,
* but otherwise the two buffers must not overlap.
* @param dataSizeInBytes The size of the input/output data.
* @param AD Pointer to the full associated data.
* @param ADlen The size of the associated data in bytes.
* @param tag The buffer where to store the tag when wrapping, or read the tag to check when unwrapping.
* @param unwrapFlag Wrap if false(zero), unwrap if true(non zero).
* @param forgetFlag Forget if true (non zero).
*
* @pre phase == motorist.riding
*
* @post (phase == motorist.riding) or (phase == motorist.failed)
*
* @return -1 if error, 0 if tag check failed, 1 success.
*/
int PrefixKeyak_Wrap(PrefixKeyak_Instance *instance, const unsigned char *input, unsigned char *output, size_t dataSizeInBytes,
const unsigned char * AD, size_t ADlen, unsigned char * tag, int unwrapFlag, int forgetFlag );
/**
* Function that presents partial input data that consists of a
* sequence of bytes for (un)wrapping and feeds partial associated data
* that consists of a sequence of bytes.
*
* @param instance Pointer to the Keyak instance structure.
* @param input Pointer to partial input data to wrap or unwrap.
* @param output Pointer to buffer where the partial (un)wrapped data will be stored.
* This pointer can be equal to the input buffer to save memory,
* but otherwise the two buffers must not overlap.
* @param dataSizeInBytes The size of the partial input/output data.
* @param AD Pointer to the partial associated data.
* @param ADlen The size of the partial associated data in bytes.
* @param tag The buffer where to store the tag when wrapping, or read the tag to check when unwrapping.
* @param unwrapFlag Wrap if false (zero), unwrap if true (non zero).
* @param forgetFlag Forget if true (non zero).
* @param lastFlags One of the following values:
* - 0: Not last partial data for either input or metadata.
* - Motorist_Wrap_LastCryptData: Last partial data for input.
* - Motorist_Wrap_LastMetaData: Last partial data for metadata
* - Motorist_Wrap_LastCryptAndMeta: Last partial data for both input and metadata
* During a session this argument value must not logically decrease.
* @param processedIlen Pointer to a variable where the number of processed input/output bytes will be stored.
* The returned value will be less or equal to argDataLen.
* @param processedADlen Pointer to a variable where the number of processed associated data bytes will be stored.
* The returned value will be less or equal to argADlen.
*
* @pre phase == motorist.riding
*
* @post (phase == motorist.riding) or (phase == motorist.failed)
*
* @return -1 if error, 0 if tag check failed, 1 success.
*/
int PrefixKeyak_WrapPartial( PrefixKeyak_Instance *instance, const unsigned char *input, unsigned char *output, size_t dataSizeInBytes,
const unsigned char * AD, size_t ADlen, unsigned char * tag, int unwrapFlag, int forgetFlag,
int lastFlags, size_t *processedIlen, size_t *processedAlen);
#endif
src/XKCP/doc/Motorist-documentation.h 0 → 100755
View file @ 70bfa60b
/*
Implementation by Ronny Van Keer, hereby denoted as "the implementer".
For more information, feedback or questions, please refer to our website:
https://keccak.team/
To the extent possible under law, the implementer has waived all copyright
and related or neighboring rights to the source code in this file.
http://creativecommons.org/publicdomain/zero/1.0/
*/
/** General information
*
* The following type and functions are not actually implemented. Their
* documentation is generic, with the prefix Prefix replaced by
* - KeyakWidth800_ for a Motorist mode based on a single Keccak-p[800,12]
* - KeyakWidth1600_ for a Motorist mode based on a single Keccak-p[1600,12]
* - KeyakWidth1600times2_ for a Motorist mode based on 2 parallel Keccak-p[1600,12]
* - KeyakWidth1600times4_ for a Motorist mode based on 4 parallel Keccak-p[1600,12]
* - KeyakWidth1600times8_ for a Motorist mode based on 8 parallel Keccak-p[1600,12]
*
* The Prefix_Motorist_Instance contains the Motorist instance attributes for use
* with the Prefix_Motorist* functions.
*/
#ifdef DontReallyInclude_DocumentationOnly
/* ------------------------------------------------------------------------ */
/**
* Structure that contains the Pistons instance (Collection of Piston).
*/
typedef struct {
/** The state processed by the permutation. */
ALIGN unsigned char state[State_SizeInBytes];
/* Current crypting piston index, only used by parallelized instances */
unsigned char indexCrypt;
/* Current injecting piston index, only used by parallelized instances */
unsigned char indexInject;
/* Current crypting piston offset */
unsigned char offsetCrypt;
/* Current injecting piston offset */
unsigned char offsetInject;
/** The crypt phase. */
unsigned char phaseCrypt;
/** The inject phase. */
unsigned char phaseInject;
#ifdef OUTPUT
ALIGN unsigned char stateShadow[State_SizeInBytes];
FILE * file;
#endif
} Prefix_Pistons_Instance;
/* ------------------------------------------------------------------------ */
/**
* Structure that contains the Engine instance for use with the
* Prefix_Engine functions.
*/
typedef struct {
/** The underlying piston collection instance array. */
Prefix_Pistons_Instance pistons;
/** The phase. */
unsigned char phase;
/** The tag end index. */
unsigned char tagEndIndex;
/** The tag end next index, only used by parallelized instances */
unsigned char tagEndIndexNext;
} Prefix_Engine_Instance;
/**
* Function that initializes the Engine.
*
* @param instance Pointer to the Engine instance structure.
*
* @pre phase == *
*
* @post phase == fresh
*
* @return 0 if successful, -1 otherwise.
*/
int Prefix_Engine_Initialize(Prefix_Engine_Instance *instance );
/**
* Function that presents an input stream that consists of a
* sequence of bytes for wrapping or unwrapping into an output stream.
*
* @param instance Pointer to the Engine instance structure.
* @param I Pointer to input data.
* @param Ilen Number of available bytes in I and O.
* @param O Pointer to buffer receiving output data (can be equal to pointer I).
* @param unwrapFlag False for wrap, True for unwrap.
* @param lastFlag If True, no new input data will be presented in a next call.
*
* @pre phase == fresh
*
* @post (phase == crypted) or (phase == endOfCrypt)
*
* @return >= 0 successful number of bytes processed, -1 otherwise.
*/
int Prefix_Engine_Crypt(Prefix_Engine_Instance *instance, const unsigned char *I, size_t Ilen, unsigned char *O, int unwrapFlag, int lastFlag );
/**
* Function that injects data that consists of a sequence
* of bytes. The data may be fed in multiple calls to this function.
*
* @param instance Pointer to the Engine instance structure.
* @param MD Pointer to metadata to inject.
* @param MDlen Length in bytes of metadata to inject.
* @param lastFlag If True, no new input metadata will be presented in a next call.
*
* @pre (phase == fresh) or (phase == crypted) or (phase == endOfCrypt)
*
* @post (phase == fresh) or (phase == endOfMessage)
*
* @return >= 0 successful number of bytes processed, -1 otherwise.
*/
int Engine_Inject(Prefix_Engine_Instance *instance, const unsigned char * MD, size_t MDlen, int lastFlag);
/**
* Function that injects data that consists of a sequence
* of bytes. The data will be injected to all Pistons.
*
* @param instance Pointer to the Engine instance structure.
* @param X Pointer to data to inject.
* @param Xlen Length in bytes of data to inject.
* @param diversifyFlag if non zero injected data must be diversified.
*
* @pre phase == fresh
*
* @post phase == endOfMessage
*
* @return 0 if successful, -1 otherwise.
*/
int Prefix_Engine_InjectCollective(Prefix_Engine_Instance *instance, const unsigned char *X, unsigned int Xlen, int diversifyFlag);
/**
* Function that gets a tag of a requested size in bytes. The full tag must be retrieved
* with a single call to getTags.
*
* @param instance Pointer to the Engine instance structure.
* @param tag Pointer to buffer receiving the tag.
* @param length Tag length requested from first Piston.
* @param lengthNext Tag length requested from next Piston(s).
*
* @pre phase == readyForTag
*
* @post phase == fresh
*
* @return 0 if successful, -1 otherwise.
*/
int Prefix_Engine_GetTags(Prefix_Engine_Instance *instance, unsigned char *tag, unsigned char length, unsigned char lengthNext);
/* ------------------------------------------------------------------------ */
/**
* Structure that contains the Motorist instance for use with the
* Prefix_Motorist functions.
*/
typedef struct {
/** The underlying engine instance. */
Prefix_Engine_Instance engine;
/** The phase. */
unsigned char phase;
/** Last flag. */
unsigned char lastFlag;
} Prefix_Motorist_Instance;
/**
* Function that initializes the Motorist.
*
* @param instance Pointer to the Motorist instance structure.
*
* @pre phase == *
*
* @post phase == ready
*
* @return 0 if successful, -1 otherwise.
*/
int Prefix_Motorist_Initialize(Prefix_Motorist_Instance *instance);
/**
* Function that starts the Engine.
*
* @param instance Pointer to the Motorist instance structure.
* @param SUV Pointer to buffer holding the Secret Unique Value.
* @param tagFlag Flag to generate a tag (wrapping) or check a tag (unwrapping) on the StartEngine.
* @param tag Pointer to tag buffer.
* @param unwrapFlag Flag to generate (false) or check (true) the tag, this argument is ignored if tagFlag is false.
* @param forgetFlag Flag to apply the forget operation (true).
*
* @pre phase == ready
*
* @post (phase == riding) or (phase == failed)
*
* @return 1 if successful, 0 if tag mismatch, -1 other error.
*/
int Prefix_Motorist_StartEngine(Prefix_Motorist_Instance *instance, const unsigned char * SUV, size_t SUVlen, int tagFlag, unsigned char * tag, int unwrapFlag, int forgetFlag );
/**
* Function that presents a input buffer for (un)wrapping, and a metadata buffer,
* both consist of a sequence of bytes. The data may be given in multiple calls.
*
* @param instance Pointer to the Motorist instance structure.
* @param input Pointer to the (partial) input buffer.
* @param inputLen The size in bytes of the (partial) input data.
* @param output Pointer to the buffer to store the output data.
* This pointer can be equal to the input buffer to save memory,
* but otherwise the two buffers must not overlap.
* @param A Pointer to the (partial) metadata buffer.
* @param ALen The size in bytes of the (partial) metadata.
* @param tag The buffer where to store the tag when wrapping, or read the tag to check when unwrapping.
* @param unwrapFlag Wrap if false(zero), unwrap if true(non zero).
* @param forgetFlag Forget if true (non zero).
* @param lastFlags One of the following values:
* - 0: Not last partial data for both input and metadata.
* - Motorist_Wrap_LastCryptData: Last partial data for input.
* - Motorist_Wrap_LastMetaData: Last partial data for metadata
* - Motorist_Wrap_LastCryptAndMeta: Last partial data for both input and metadata
* During a session this argument value can only be augmented.
* @param processedIlen Pointer to a variable where the number of processed input/output bytes will be stored.
* The returned value will be less or equal to inputLen.
* @param processedAlen Pointer to a variable where the number of processed metadata bytes will be stored.
* The returned value will be less or equal to MDLen.
*
*
* @pre phase == riding
*
* @post (phase == riding) or (phase == failed)
*
* @return 0 if successful, 1 otherwise.
*/
int Prefix_Motorist_Wrap(Prefix_Motorist_Instance *instance, const unsigned char * input, size_t inputLen, unsigned char *output,
const unsigned char * A, size_t Alen, unsigned char * tag, int unwrapFlag, int forgetFlag,
int lastFlags, size_t *processedIlen, size_t *processedAlen);
#endif
src/XKCP/doc/PlSnP-documentation.h 0 → 100755
View file @ 70bfa60b
/*
Implementation by the Keccak Team, namely, Guido Bertoni, Joan Daemen,
Michaël Peeters, Gilles Van Assche and Ronny Van Keer,
hereby denoted as "the implementer".
For more information, feedback or questions, please refer to our website:
https://keccak.team/
To the extent possible under law, the implementer has waived all copyright
and related or neighboring rights to the source code in this file.
http://creativecommons.org/publicdomain/zero/1.0/
*/
/** General information
*
* PlSnP stands for "parallel states and permutations". It is similar to SnP
* (see SnP-documentation.h), although it specifically provides functions
* to access an array of states that evolve in parallel.
*
* The following functions are not actually implemented. Their documentation
* is generic, with the prefix PlSnP replaced by
* - KeccakP1600times2 for Keccak-p[1600]×2 (i.e., two states of 1600 bits each)
* - KeccakP1600times4 for Keccak-p[1600]×4
* - KeccakP1600times8 for Keccak-p[1600]×8 (i.e., eight states of 1600 bits each)
* Functions can be replaced by macros, when appropriate.
*
* An implementation must provide each function (or macro) as listed below,
* instantiated with the suitable prefix. In addition, the implementation
* must come with a header "KeccakP-1600-times{2,4,8}-SnP.h"
* to define the following symbols (with PlSnP replaced by the appropriate prefix):
* - PlSnP_implementation: a synopsis of the implementation;
* - PlSnP_statesSizeInBytes: the number of bytes to store the states;
* - PlSnP_statesAlignment: the number of bytes of which the states' address
* must be a multiple of.
*
* An implementation may also instantiate the function PlSnP_FastLoop_Absorb(),
* in which case the header must define the symbol PlSnP_FastLoop_supported.
*
* For Keccak-p[1600]:
* - PlSnP_PermuteAll() is instantiated as
* - KeccakP1600_PermuteAll_12rounds() for Keccak-p[1600, 12] and
* - KeccakP1600_PermuteAll_24rounds() for Keccak-f[1600]=Keccak-p[1600, 24].
* - PlSnP_FastLoop_Absorb() can be instantiated as
* KeccakF1600times{2,4,8}_FastLoop_Absorb() for Keccak-f[1600].
*/
/** Function called at least once before any use of the other PlSnP_*
* functions, possibly to initialize global variables.
*/
void PlSnP_StaticInitialize( void );
/** Function to initialize the state to the logical value 0^width for all parallel state instances.
* @param states Pointer to the states to initialize.
*/
void PlSnP_InitializeAll(void *states);
/** Function to add (in GF(2), using bitwise exclusive-or) a given byte into one of the states.
* The bit positions that are affected by this function are
* from @a offset*8 to @a offset*8 + 8.
* (The bit positions, the x,y,z coordinates and their link are defined in the "Keccak reference".)
* @param states Pointer to the states.
* @param instanceIndex Index of the state instance from 0 to P-1
* if there are P parallel instances.
* @param data The input byte.
* @param offset Offset in bytes within the state.
* @pre 0 ≤ @a offset < (width in bytes)
*/
void PlSnP_AddByte(void *states, unsigned int instanceIndex, unsigned char data, unsigned int offset);
/** Function to add (in GF(2), using bitwise exclusive-or) data given as bytes into one of the states.
* The bit positions that are affected by this function are
* from @a offset*8 to @a offset*8 + @a length*8.
* (The bit positions, the x,y,z coordinates and their link are defined in the "Keccak reference".)
* @param states Pointer to the states.
* @param instanceIndex Index of the state instance from 0 to P-1
* if there are P parallel instances.
* @param data Pointer to the input data.
* @param offset Offset in bytes within the state.
* @param length Number of bytes.
* @pre 0 ≤ @a offset < (width in bytes)
* @pre 0 ≤ @a offset + @a length ≤ (width in bytes)
*/
void PlSnP_AddBytes(void *states, unsigned int instanceIndex, const unsigned char *data, unsigned int offset, unsigned int length);
/** Function to add (in GF(2), using bitwise exclusive-or) data given as bytes into all the parallel states in an interleaved fashion.
* The bits to modify are restricted to start from the bit position 0 and
* to span a whole number of lanes.
* First, @a laneCount lanes from @a data are processed in the first state instance
* and @a data advances by @a laneOffset lanes,
* then @a laneCount lanes from @a data are processed in the second state instance
* and @a data advances by @a laneOffset lanes,
* and so on.
* @param states Pointer to the states.
* @param data Pointer to the input data.
* @param laneCount The number of lanes per state, i.e., the length of the data
* divided by the lane size and by the number of parallel state instances.
* @param laneOffset The number of lanes that separate the blocks of data
* for each instance.
* @pre 0 ≤ @a laneCount ≤ SnP_laneCount
*/
void PlSnP_AddLanesAll(void *states, const unsigned char *data, unsigned int laneCount, unsigned int laneOffset);
/** Function to overwrite data given as bytes into one of the states.
* The bit positions that are affected by this function are
* from @a offset*8 to @a offset*8 + @a length*8.
* (The bit positions, the x,y,z coordinates and their link are defined in the "Keccak reference".)
* @param states Pointer to the states.
* @param instanceIndex Index of the state instance from 0 to P-1
* if there are P parallel instances.
* @param data Pointer to the input data.
* @param offset Offset in bytes within the state.
* @param length Number of bytes.
* @pre 0 ≤ @a offset < (width in bytes)
* @pre 0 ≤ @a offset + @a length ≤ (width in bytes)
*/
void PlSnP_OverwriteBytes(void *states, unsigned int instanceIndex, const unsigned char *data, unsigned int offset, unsigned int length);
/** Function to overwrite data given as bytes into all the parallel states in an interleaved fashion.
* The bits to modify are restricted to start from the bit position 0 and
* to span a whole number of lanes.
* First, @a laneCount lanes from @a data are processed in the first state instance
* and @a data advances by @a laneOffset lanes,
* then @a laneCount lanes from @a data are processed in the second state instance
* and @a data advances by @a laneOffset lanes,
* and so on.
* @param states Pointer to the states.
* @param data Pointer to the input data.
* @param laneCount The number of lanes per state, i.e., the length of the data
* divided by the lane size and by the number of parallel state instances.
* @param laneOffset The number of lanes that separate the blocks of data
* for each instance.
* @pre 0 ≤ @a laneCount ≤ SnP_laneCount
*/
void PlSnP_OverwriteLanesAll(void *states, const unsigned char *data, unsigned int laneCount, unsigned int laneOffset);
/** Function to overwrite bytes in the one of the states with zeroes.
* The bits to modify are restricted to start from the bit position 0 and
* to span a whole number of bytes.
* @param states Pointer to the states.
* @param instanceIndex Index of the state instance from 0 to P-1
* if there are P parallel instances.
* @param byteCount The number of bytes, i.e., the length of the data
* divided by 8 bits.
* @pre 0 ≤ @a byteCount ≤ (width in bytes)
*/
void PlSnP_OverwriteWithZeroes(void *states, unsigned int instanceIndex, unsigned int byteCount);
/** Function to apply the permutation on all the states in parallel.
* @param states Pointer to the states.
*/
void PlSnP_PermuteAll(void *states);
/** Function to retrieve data from one of the states into bytes.
* The bit positions that are affected by this function are
* from @a offset*8 to @a offset*8 + @a length*8.
* (The bit positions, the x,y,z coordinates and their link are defined in the "Keccak reference".)
* @param states Pointer to the states.
* @param instanceIndex Index of the state instance from 0 to P-1
* if there are P parallel instances.
* @param data Pointer to the area where to store output data.
* @param offset Offset in bytes within the state.
* @param length Number of bytes.
* @pre 0 ≤ @a offset < (width in bytes)
* @pre 0 ≤ @a offset + @a length ≤ (width in bytes)
*/
void PlSnP_ExtractBytes(const void *states, unsigned int instanceIndex, unsigned char *data, unsigned int offset, unsigned int length);
/** Function to retrieve data from all the parallel states in an interleaved fashion.
* The bits to output are restricted to start from the bit position 0 and
* to span a whole number of lanes.
* First, @a laneCount lanes from the first state instance are stored in @a data
* and @a data advances by @a laneOffset lanes,
* then, @a laneCount lanes from the second state instance are stored in @a data
* and @a data advances by @a laneOffset lanes,
* and so on.
* @param states Pointer to the states.
* @param data Pointer to the area where to store output data.
* @param laneCount The number of lanes, i.e., the length of the data
* divided by the lane size and by the number of parallel state instances.
* @param laneOffset The number of lanes that separate the blocks of data
* for each instance.
* @pre 0 ≤ @a laneCount ≤ SnP_laneCount
*/
void PlSnP_ExtractLanesAll(const void *states, unsigned char *data, unsigned int laneCount, unsigned int laneOffset);
/** Function to retrieve data from one of the states,
* to add (in GF(2), using bitwise exclusive-or) them to the input buffer,
* and to store the result in the output buffer.
* The bit positions that are affected by this function are
* from @a offset*8 to @a offset*8 + @a length*8.
* (The bit positions, the x,y,z coordinates and their link are defined in the "Keccak reference".)
* @param states Pointer to the states.
* @param instanceIndex Index of the state instance from 0 to P-1
* if there are P parallel instances.
* @param input Pointer to the input buffer.
* @param output Pointer to the output buffer.
* @param offset Offset in bytes within the state.
* @param length Number of bytes.
* @pre 0 ≤ @a offset < (width in bytes)
* @pre 0 ≤ @a offset + @a length ≤ (width in bytes)
*/
void PlSnP_ExtractAndAddBytes(const void *states, unsigned int instanceIndex, const unsigned char *input, unsigned char *output, unsigned int offset, unsigned int length);
/** Function to retrieve data from all the parallel states in an interleaved fashion
* to add (in GF(2), using bitwise exclusive-or) them to the input buffer,
* and to store the result in the output buffer.
* The bits to output are restricted to start from the bit position 0 and
* to span a whole number of lanes.
* First, @a laneCount lanes from the first state instance are added to @a input into @a output
* and @a input and @a output each advance by @a laneOffset lanes,
* then, @a laneCount lanes from the second state instance are added to @a input into @a output
* and @a input and @a output each advance by @a laneOffset lanes,
* and so on.
* @param states Pointer to the states.
* @param input Pointer to the input buffer.
* @param output Pointer to the output buffer.
* @param laneCount The number of lanes, i.e., the length of the data
* divided by the lane size and by the number of parallel state instances.
* @param laneOffset The number of lanes that separate the blocks of data
* for each instance.
* @pre 0 ≤ @a laneCount ≤ SnP_laneCount
*/
void PlSnP_ExtractAndAddLanesAll(const void *states, const unsigned char *input, unsigned char *output, unsigned int laneCount, unsigned int laneOffset);
/** Function that has the same behavior as repeatedly calling
* - PlSnP_AddLanesAll() with P blocks of @a laneCount lanes from @a data and with offset @a laneOffsetParallel;
* - PlSnP_PermuteAll() on the states @a states;
* - and advancing @a data by @a laneOffsetSerial lane sizes, until not enough data are available.
* The function returns the total offset of the @a data pointer or, equivalently,
* the number of iterations times @a laneOffsetSerial lane sizes in bytes.
* @param states Pointer to the states.
* @param laneCount The number of lanes processed each time (i.e., the block size in lanes).
* @param laneOffsetParallel The number of lanes that separate the blocks of data
* for each instance.
* @param laneOffsetSerial The number of lanes that separate the blocks of data
* between each iteration.
* @param data Pointer to the data to use as input.
* @param dataByteLen The length of the input data in bytes.
* @returns The total offset.
* @pre 0 < @a laneCount < SnP_laneCount
*/
size_t PlSnP_FastLoop_Absorb(void *states, unsigned int laneCount, unsigned int laneOffsetParallel, unsigned int laneOffsetSerial, unsigned char *data, size_t dataByteLen);
src/XKCP/doc/SnP-documentation.h 0 → 100755
View file @ 70bfa60b
/*
Implementation by the Keccak Team, namely, Guido Bertoni, Joan Daemen,
Michaël Peeters, Gilles Van Assche and Ronny Van Keer,
hereby denoted as "the implementer".
For more information, feedback or questions, please refer to our website:
https://keccak.team/
To the extent possible under law, the implementer has waived all copyright
and related or neighboring rights to the source code in this file.
http://creativecommons.org/publicdomain/zero/1.0/
*/
/** General information
*
* SnP stands for "state and permutation". It provides a set of function to
* access and process a state, and in particular to apply a given permutation
* (or family of permutations) on it.
*
* A state is an array of (width) bits, where the width is the number of input
* (or output) bits of the permutation. To allow optimizations, the state
* is represented in an opaque way, and the user must go through the various
* SnP functions to initialize it, to modify it and to extract data from it.
*
* The following functions are not actually implemented. Their documentation
* is generic, with the prefix SnP replaced by
* - KeccakP200 for Keccak-p[200]
* - KeccakP400 for Keccak-p[400]
* - KeccakP800 for Keccak-p[800]
* - KeccakP1600 for Keccak-p[1600]
* Functions can be replaced by macros, when appropriate.
*
* An implementation must provide each function (or macro) as listed below,
* instantiated with the suitable prefix. In addition, the implementation
* must come with a header "KeccakP-800-SnP.h", "KeccakP-1600-SnP.h" or similar
* to define the following symbols (with SnP replaced by the appropriate prefix):
* - SnP_implementation: a synopsis of the implementation;
* - SnP_stateSizeInBytes: the number of bytes to store the state;
* - SnP_stateAlignment: the number of bytes of which the state address
* must be a multiple of.
*
* An implementation may also instantiate the function SnP_FastLoop_Absorb(),
* in which case the header must define the symbol SnP_FastLoop_supported.
*
* For Keccak-p[200]:
* - SnP_Permute() is instantiated as KeccakP200_Permute_18rounds()
* for Keccak-f[200]=Keccak-p[200, 18].
* - SnP_Permute_Nrounds() is instantiated as KeccakP200_Permute_Nrounds().
* - SnP_FastLoop_Absorb() can be instantiated as KeccakF200_FastLoop_Absorb()
* for Keccak-f[200].
*
* For Keccak-p[400]:
* - SnP_Permute() is instantiated as KeccakP400_Permute_20rounds()
* for Keccak-f[400]=Keccak-p[400, 20].
* - SnP_Permute_Nrounds() is instantiated as KeccakP400_Permute_Nrounds().
* - SnP_FastLoop_Absorb() can be instantiated as KeccakF400_FastLoop_Absorb()
* for Keccak-f[400].
*
* For Keccak-p[800]:
* - SnP_Permute() is instantiated as
* - KeccakP800_Permute_12rounds() for Keccak-p[800, 12] and
* - KeccakP800_Permute_22rounds() for Keccak-f[800]=Keccak-p[800, 22].
* - SnP_Permute_Nrounds() is instantiated as KeccakP800_Permute_Nrounds().
* - SnP_FastLoop_Absorb() can be instantiated as KeccakF800_FastLoop_Absorb() for Keccak-f[800].
*
* For Keccak-p[1600]:
* - SnP_Permute() is instantiated as
* - KeccakP1600_Permute_12rounds() for Keccak-p[1600, 12] and
* - KeccakP1600_Permute_24rounds() for Keccak-f[1600]=Keccak-p[1600, 24].
* - SnP_Permute_Nrounds() is instantiated as KeccakP1600_Permute_Nrounds().
* - SnP_FastLoop_Absorb() can be instantiated as KeccakF1600_FastLoop_Absorb() for Keccak-f[1600].
*/
/** Function called at least once before any use of the other SnP_*
* functions, possibly to initialize global variables.
*/
void SnP_StaticInitialize( void );
/** Function to initialize the state to the logical value 0^width.
* @param state Pointer to the state to initialize.
*/
void SnP_Initialize(void *state);
/** Function to add (in GF(2), using bitwise exclusive-or) a given byte into the state.
* The bit positions that are affected by this function are
* from @a offset*8 to @a offset*8 + 8.
* (The bit positions, the x,y,z coordinates and their link are defined in the "Keccak reference".)
* @param state Pointer to the state.
* @param data The input byte.
* @param offset Offset in bytes within the state.
* @pre 0 ≤ @a offset < (width in bytes)
*/
void SnP_AddByte(void *state, unsigned char data, unsigned int offset);
/** Function to add (in GF(2), using bitwise exclusive-or) data given as bytes into the state.
* The bit positions that are affected by this function are
* from @a offset*8 to @a offset*8 + @a length*8.
* (The bit positions, the x,y,z coordinates and their link are defined in the "Keccak reference".)
* @param state Pointer to the state.
* @param data Pointer to the input data.
* @param offset Offset in bytes within the state.
* @param length Number of bytes.
* @pre 0 ≤ @a offset < (width in bytes)
* @pre 0 ≤ @a offset + @a length ≤ (width in bytes)
*/
void SnP_AddBytes(void *state, const unsigned char *data, unsigned int offset, unsigned int length);
/** Function to overwrite data given as bytes into the state.
* The bit positions that are affected by this function are
* from @a offset*8 to @a offset*8 + @a length*8.
* (The bit positions, the x,y,z coordinates and their link are defined in the "Keccak reference".)
* @param state Pointer to the state.
* @param data Pointer to the input data.
* @param offset Offset in bytes within the state.
* @param length Number of bytes.
* @pre 0 ≤ @a offset < (width in bytes)
* @pre 0 ≤ @a offset + @a length ≤ (width in bytes)
*/
void SnP_OverwriteBytes(void *state, const unsigned char *data, unsigned int offset, unsigned int length);
/** Function to overwrite bytes in the state with zeroes.
* The bits to modify are restricted to start from the bit position 0 and
* to span a whole number of bytes.
* @param state Pointer to the state.
* @param byteCount The number of bytes, i.e., the length of the data
* divided by 8 bits.
* @pre 0 ≤ @a byteCount ≤ (width in bytes)
*/
void SnP_OverwriteWithZeroes(void *state, unsigned int byteCount);
/** Function to apply the permutation on the state.
* @param state Pointer to the state.
*/
void SnP_Permute(void *state);
/** Function to apply on the state the permutation with the given number of rounds
* among the permutation family.
* @param state Pointer to the state.
*/
void SnP_Permute_Nrounds(void *state, unsigned int nrounds);
/** Function to retrieve data from the state.
* The bit positions that are retrieved by this function are
* from @a offset*8 to @a offset*8 + @a length*8.
* (The bit positions, the x,y,z coordinates and their link are defined in the "Keccak reference".)
* @param state Pointer to the state.
* @param data Pointer to the area where to store output data.
* @param offset Offset in bytes within the state.
* @param length Number of bytes.
* @pre 0 ≤ @a offset < (width in bytes)
* @pre 0 ≤ @a offset + @a length ≤ (width in bytes)
*/
void SnP_ExtractBytes(const void *state, unsigned char *data, unsigned int offset, unsigned int length);
/** Function to retrieve data from the state,
* to add (in GF(2), using bitwise exclusive-or) them to the input buffer,
* and to store the result in the output buffer.
* The bit positions that are retrieved by this function are
* from @a offset*8 to @a offset*8 + @a length*8.
* (The bit positions, the x,y,z coordinates and their link are defined in the "Keccak reference".)
* @param state Pointer to the state.
* @param input Pointer to the input buffer.
* @param output Pointer to the output buffer, which may be equal to @a input.
* @param offset Offset in bytes within the state.
* @param length Number of bytes.
* @pre 0 ≤ @a offset < (width in bytes)
* @pre 0 ≤ @a offset + @a length ≤ (width in bytes)
*/
void SnP_ExtractAndAddBytes(const void *state, const unsigned char *input, unsigned char *output, unsigned int offset, unsigned int length);
/** Function that has the same behavior as repeatedly calling
* - SnP_AddBytes() with a block of @a laneCount lanes from data;
* - SnP_Permute() on the state @a state;
* - and advancing @a data by @a laneCount lane sizes, until not enough data are available.
* The function returns the number of bytes processed from @a data.
* @param state Pointer to the state.
* @param laneCount The number of lanes processed each time (i.e., the block size in lanes).
* @param data Pointer to the data to use as input.
* @param dataByteLen The length of the input data in bytes.
* @returns The number of bytes processed.
* @pre 0 < @a laneCount < SnP_laneCount
*/
size_t SnP_FastLoop_Absorb(void *state, unsigned int laneCount, const unsigned char *data, size_t dataByteLen);
src/XKCP/doc/Xoodyak-documentation.h 0 → 100755
View file @ 70bfa60b
/*
Implementation by Ronny Van Keer, hereby denoted as "the implementer".
For more information, feedback or questions, please refer to our website:
https://keccak.team/
To the extent possible under law, the implementer has waived all copyright
and related or neighboring rights to the source code in this file.
http://creativecommons.org/publicdomain/zero/1.0/
*/
#ifdef DontReallyInclude_DocumentationOnly
/**
* Function that initializes a Xoodyak object.
*
* @param instance Pointer to the Xoodyak object structure to initialize.
* @param K Pointer to the key. Can be null if no key is given.
* @param KLen The size of the key in bytes. Must be zero if no key is given.
* @param ID Pointer to the id. Can be null if no id is given.
* @param IDLen The size of the id in bytes. Must be zero if no id is given.
* @param counter Pointer to the counter. Can be null if no counter is given.
* @param counterLen The size of the counter in bytes. Must be zero if no counter is given.
*/
void Xoodyak_Initialize(Xoodyak_Instance *instance, const uint8_t *K, size_t KLen, const uint8_t *ID, size_t IDLen, const uint8_t *counter, size_t counterLen);
/**
* Function to call Absorb() on the given Xoodyak object.
*
* @param instance Pointer to the Xoodyak object structure.
* @param X Pointer to the string to absorb.
* @param XLen The length in bytes of the string to absorb.
*/
void Xoodyak_Absorb(Xoodyak_Instance *instance, const uint8_t *X, size_t XLen);
/**
* Function to call Encrypt() on the given Xoodyak object.
*
* @param instance Pointer to the Xoodyak object structure.
* @param P Pointer to the plaintext string to encrypt.
* @param C Pointer to the buffer where the ciphertext has to be stored.
* The buffer must have at least @a PLen bytes.
* @param PLen The length in bytes of the plaintext string.
*/
void Xoodyak_Encrypt(Xoodyak_Instance *instance, const uint8_t *P, uint8_t *C, size_t PLen);
/**
* Function to call Decrypt() on the given Xoodyak object.
*
* @param instance Pointer to the Xoodyak object structure.
* @param C Pointer to the ciphertext string to decrypt.
* @param P Pointer to the buffer where the plaintext has to be stored.
* The buffer must have at least @a CLen bytes.
* @param CLen The length in bytes of the ciphertext string.
*/
void Xoodyak_Decrypt(Xoodyak_Instance *instance, const uint8_t *C, uint8_t *P, size_t CLen);
/**
* Function to call Squeeze() on the given Xoodyak object.
*
* @param instance Pointer to the Xoodyak object structure.
* @param Y Pointer to the buffer where the output has to be stored.
* The buffer must have at least @a YLen bytes.
* @param YLen The length in bytes of the requested output.
*/
void Xoodyak_Squeeze(Xoodyak_Instance *instance, uint8_t *Y, size_t YLen);
/**
* Function to call SqueezeKey() on the given Xoodyak object.
*
* @param instance Pointer to the Xoodyak object structure.
* @param K Pointer to the buffer where the output has to be stored.
* The buffer must have at least @a KLen bytes.
* @param KLen The length in bytes of the requested output.
*/
void Xoodyak_SqueezeKey(Xoodyak_Instance *instance, uint8_t *K, size_t KLen);
/**
* Function to call Ratchet() on the given Xoodyak object.
*
* @param instance Pointer to the Xoodyak object structure.
*/
void Xoodyak_Ratchet(Xoodyak_Instance *instance);
#endif
src/XKCP/doc/figures/Layers.png 0 → 100755
View file @ 70bfa60b
src/XKCP/doc/figures/Layers.png

58.5 KiB

src/XKCP/doc/figures/Layers.svg 0 → 100755
View file @ 70bfa60b
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
width="320"
height="90"
viewBox="20 30 320 90"
id="svg2"
version="1.1"
>
<defs
id="defs3">
<marker
orient="auto"
refY="0.0"
refX="0.0"
id="Arrow1Mend"
style="overflow:visible;">
<path
id="path10600"
d="M 0.0,0.0 L 5.0,-5.0 L -12.5,0.0 L 5.0,5.0 L 0.0,0.0 z "
style="fill-rule:evenodd;stroke:#000000;stroke-width:1.0pt;marker-start:none;"
transform="scale(0.4) rotate(180) translate(10,0)" />
</marker>
<style
type="text/css"
id="style5">
rect.box {
fill-rule:evenodd;
stroke:black;
stroke-width:0.5px;
stroke-linecap:round;
stroke-linejoin:round;
stroke-opacity:1;
fill: #e0e0e0;
}
.arrow {
fill:none;
stroke:#000000;
stroke-width:0.5px;
stroke-linecap:butt;
stroke-linejoin:miter;
stroke-opacity:1;
marker-end:url(#Arrow1Mend)
}
.dashed {
fill:none;
stroke:#000000;
stroke-width:0.5px;
stroke-linecap:round;
stroke-linejoin:round;
stroke-opacity:1;
stroke-dasharray: 2,3;
}
text {
font-style:normal;
font-variant:normal;
font-weight:normal;
font-stretch:normal;
text-align:start;
text-anchor:start;
fill:#000000;
fill-opacity:1;
stroke:none;
}
text.box {
font-size:7px;
font-family: Fontin Sans;
}
text.level {
font-size:10px;
font-family: Fontin Sans;
font-style: italic;
}
text.interface {
font-size:15px;
font-family: Fontin Sans;
font-weight: bold;
fill: white;
}
rect.interface {
fill:black;
stroke: none;
}
rect.upper {
fill: #ccffcc;
fill-opacity: 0.3;
stroke: #80c080;
stroke-width:1px;
stroke-linecap:round;
stroke-linejoin:round;
stroke-opacity:1;
}
rect.lower {
fill: #66ccff;
fill-opacity: 0.3;
stroke: #4080c0;
stroke-width:1px;
stroke-linecap:round;
stroke-linejoin:round;
stroke-opacity:1;
}
</style>
</defs>
<g
inkscape:label="Layer 1"
inkscape:groupmode="layer"
id="layer1"
transform="translate(150,0)">
<g transform="translate(-70,100)">
<rect x="-30" y="0" width="60" height="10" rx="2" ry="2" class="box"/>
<text class="box" xml:space="preserve" x="0" y="7.2" style="text-anchor: middle"><tspan style="font-variant: small-caps;">Keccak</tspan>-<tspan style="font-style: italic">f</tspan>[200]</text>
</g>
<g transform="translate(0,100)">
<rect x="-30" y="0" width="60" height="10" rx="2" ry="2" class="box"/>
<text class="box" xml:space="preserve" x="0" y="7.2" style="text-anchor: middle"><tspan style="font-variant: small-caps;">Keccak</tspan>-<tspan style="font-style: italic">f</tspan>[1600]</text>
</g>
<g transform="translate(70,100)">
<rect x="-30" y="0" width="60" height="10" rx="2" ry="2" class="box"/>
<text class="box" xml:space="preserve" x="0" y="7.2" style="text-anchor: middle"><tspan style="font-variant: small-caps;">Keccak</tspan>-<tspan style="font-style: italic">p</tspan>[800, 12]</text>
</g>
<path class="dashed" d="M -120,90 180,90"/>
<g transform="translate(120,100)">
<text class="level" xml:space="preserve" x="0" y="8.5" style="text-anchor: start">Primitive</text>
</g>
<path class="arrow" d="M -42,80 -75,98"/>
<path class="arrow" d="M -40,80 -5,98"/>
<path class="arrow" d="M -38,80 65,98"/>
<g transform="translate(-40,70)">
<rect x="-25" y="0" width="50" height="10" rx="2" ry="2" class="box"/>
<text class="box" xml:space="preserve" x="0" y="7.2" style="text-anchor: middle">Sponge</text>
</g>
<path class="arrow" d="M 38,80 -65,98"/>
<path class="arrow" d="M 40,80 5,98"/>
<path class="arrow" d="M 42,80 75,98"/>
<g transform="translate(40,70)">
<rect x="-25" y="0" width="50" height="10" rx="2" ry="2" class="box"/>
<text class="box" xml:space="preserve" x="0" y="7.2" style="text-anchor: middle">Duplex</text>
</g>
<g transform="translate(120,70)">
<text class="level" xml:space="preserve" x="0" y="8.5" style="text-anchor: start">Construction</text>
</g>
<path class="arrow" d="M -90,50 -45,68"/>
<g transform="translate(-90,40)">
<rect x="-20" y="0" width="40" height="10" rx="2" ry="2" class="box"/>
<text class="box" xml:space="preserve" x="0" y="7.2" style="text-anchor: middle">Hashing</text>
</g>
<path class="arrow" d="M -30,50 -35,68"/>
<g transform="translate(-30,40)">
<rect x="-20" y="0" width="40" height="10" rx="2" ry="2" class="box"/>
<text class="box" xml:space="preserve" x="0" y="7.2" style="text-anchor: middle">MAC</text>
</g>
<path class="arrow" d="M 30,50 35,68"/>
<g transform="translate(30,40)">
<rect x="-20" y="0" width="40" height="10" rx="2" ry="2" class="box"/>
<text class="box" xml:space="preserve" x="0" y="7.2" style="text-anchor: middle">PRNG</text>
</g>
<path class="arrow" d="M 90,50 85,98"/>
<g transform="translate(90,40)">
<rect x="-20" y="0" width="40" height="10" rx="2" ry="2" class="box"/>
<text class="box" xml:space="preserve" x="0" y="7.2" style="text-anchor: middle">Auth. Enc.</text>
</g>
<g transform="translate(120,40)">
<text class="level" xml:space="preserve" x="0" y="8.5" style="text-anchor: start">Mode</text>
</g>
<rect class="upper" x="-125" y="35" rx="10" ry="10" width="310" height="50"/>
<rect class="lower" x="-125" y="95" rx="10" ry="10" width="310" height="20"/>
<g transform="translate(110, 85)">
<rect class="interface" x="-20" y="-3" width="40" height="16"/>
<text class="interface" xml:space="preserve" x="0" y="10" style="text-anchor: middle">SnP</text>
</g>
</g>
</svg>
src/XKCP/doc/figures/ParallelLayers.png 0 → 100755
View file @ 70bfa60b
src/XKCP/doc/figures/ParallelLayers.png

55.2 KiB

src/XKCP/doc/figures/ParallelLayers.svg 0 → 100755
View file @ 70bfa60b
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
width="320"
height="90"
viewBox="20 30 320 90"
id="svg2"
version="1.1"
>
<defs
id="defs3">
<marker
orient="auto"
refY="0.0"
refX="0.0"
id="Arrow1Mend"
style="overflow:visible;">
<path
id="path10600"
d="M 0.0,0.0 L 5.0,-5.0 L -12.5,0.0 L 5.0,5.0 L 0.0,0.0 z "
style="fill-rule:evenodd;stroke:#000000;stroke-width:1.0pt;marker-start:none;"
transform="scale(0.4) rotate(180) translate(10,0)" />
</marker>
<style
type="text/css"
id="style5">
rect.box {
fill-rule:evenodd;
stroke:black;
stroke-width:0.5px;
stroke-linecap:round;
stroke-linejoin:round;
stroke-opacity:1;
fill: #e0e0e0;
}
.arrow {
fill:none;
stroke:#000000;
stroke-width:0.5px;
stroke-linecap:butt;
stroke-linejoin:miter;
stroke-opacity:1;
marker-end:url(#Arrow1Mend)
}
.dashed {
fill:none;
stroke:#000000;
stroke-width:0.5px;
stroke-linecap:round;
stroke-linejoin:round;
stroke-opacity:1;
stroke-dasharray: 2,3;
}
text {
font-style:normal;
font-variant:normal;
font-weight:normal;
font-stretch:normal;
text-align:start;
text-anchor:start;
fill:#000000;
fill-opacity:1;
stroke:none;
}
text.box {
font-size:7px;
font-family: Fontin Sans;
}
text.level {
font-size:10px;
font-family: Fontin Sans;
font-style: italic;
}
text.interface {
font-size:15px;
font-family: Fontin Sans;
font-weight: bold;
fill: white;
}
rect.interface {
fill:black;
stroke: none;
}
rect.upper {
fill: #ccffcc;
fill-opacity: 0.3;
stroke: #80c080;
stroke-width:1px;
stroke-linecap:round;
stroke-linejoin:round;
stroke-opacity:1;
}
rect.lower {
fill: #66ccff;
fill-opacity: 0.3;
stroke: #4080c0;
stroke-width:1px;
stroke-linecap:round;
stroke-linejoin:round;
stroke-opacity:1;
}
</style>
</defs>
<g
inkscape:label="Layer 1"
inkscape:groupmode="layer"
id="layer1"
transform="translate(150,0)">
<g transform="translate(-75,100)">
<rect x="-35" y="0" width="70" height="10" rx="2" ry="2" class="box"/>
<text class="box" xml:space="preserve" x="0" y="7.2" style="text-anchor: middle"><tspan style="font-weight: bold"></tspan> <tspan style="font-variant: small-caps;">Keccak</tspan>-<tspan style="font-style: italic">f</tspan>[1600]</text>
</g>
<g transform="translate(0,100)">
<rect x="-35" y="0" width="70" height="10" rx="2" ry="2" class="box"/>
<text class="box" xml:space="preserve" x="0" y="7.2" style="text-anchor: middle"><tspan style="font-weight: bold"></tspan> <tspan style="font-variant: small-caps;">Keccak</tspan>-<tspan style="font-style: italic">p</tspan>[1600, 12]</text>
</g>
<g transform="translate(75,100)">
<rect x="-35" y="0" width="70" height="10" rx="2" ry="2" class="box"/>
<text class="box" xml:space="preserve" x="0" y="7.2" style="text-anchor: middle"><tspan style="font-weight: bold"></tspan> <tspan style="font-variant: small-caps;">Keccak</tspan>-<tspan style="font-style: italic">f</tspan>[1600]</text>
</g>
<path class="dashed" d="M -120,90 180,90"/>
<g transform="translate(120,100)">
<text class="level" xml:space="preserve" x="0" y="8.5" style="text-anchor: start">Primitive</text>
</g>
<path class="arrow" d="M -42,80 -80,98"/>
<path class="arrow" d="M -40,80 -5,98"/>
<path class="arrow" d="M -38,80 70,98"/>
<g transform="translate(-40,70)">
<rect x="-30" y="0" width="60" height="10" rx="2" ry="2" class="box"/>
<text class="box" xml:space="preserve" x="0" y="7.2" style="text-anchor: middle"><tspan style="font-weight: bold">Parallel</tspan> Sponge</text>
</g>
<g transform="translate(120,70)">
<text class="level" xml:space="preserve" x="0" y="8.5" style="text-anchor: start">Construction</text>
</g>
<path class="arrow" d="M -60,50 -45,68"/>
<g transform="translate(-60,40)">
<rect x="-30" y="0" width="60" height="10" rx="2" ry="2" class="box"/>
<text class="box" xml:space="preserve" x="0" y="7.2" style="text-anchor: middle">Tree Hashing</text>
</g>
<path class="arrow" d="M 60,50 10,98"/>
<g transform="translate(60,40)">
<rect x="-50" y="0" width="100" height="10" rx="2" ry="2" class="box"/>
<text class="box" xml:space="preserve" x="0" y="7.2" style="text-anchor: middle">Authenticated Encryption</text>
</g>
<g transform="translate(120,40)">
<text class="level" xml:space="preserve" x="0" y="8.5" style="text-anchor: start">Mode</text>
</g>
<rect class="upper" x="-125" y="35" rx="10" ry="10" width="310" height="50"/>
<rect class="lower" x="-125" y="95" rx="10" ry="10" width="310" height="20"/>
<g transform="translate(110, 85)">
<rect class="interface" x="-25" y="-3" width="50" height="16"/>
<text class="interface" xml:space="preserve" x="0" y="10" style="text-anchor: middle">PlSnP</text>
</g>
</g>
</svg>
src/XKCP/lib/HighLevel.build 0 → 100755
View file @ 70bfa60b
<?xml version="1.0"?>
<!--
Implementation by the Keccak Team, namely, Guido Bertoni, Joan Daemen,
Michaël Peeters, Gilles Van Assche and Ronny Van Keer,
hereby denoted as "the implementer".
For more information, feedback or questions, please refer to our website:
https://keccak.team/
To the extent possible under law, the implementer has waived all copyright
and related or neighboring rights to the source code in this file.
http://creativecommons.org/publicdomain/zero/1.0/
-->
<group>
<!--
The fragments below allow to select the desired cryptographic functions (a.k.a. high-level services above the SnP or PlSnP interface).
* KeccakSpongeWidth{200, 400, 800, 1600}: the Keccak[r, c] sponge function, where r+c equals the given permutation width (200, 400, 800 or 1600).
* KeccakSponge: the Keccak sponge functions for all widths.
* FIPS202: all the functions approved in the FIPS 202 standard, i.e., the extendable output functions (SHAKE{128, 256}) and hash functions (SHA3-{224, 256, 384, 512}). This includes also the Keccak hash functions without suffix (e.g., such as Keccak[r=1088, c=512] as used in Ethereum).
* SP800-185: all the functions defined in the NIST SP 800-185 standard, i.e., cSHAKE, TupleHash, KMAC and ParallelHash.
* KeccakDuplexWidth{200, 400, 800, 1600}: the Keccak[r, c] duplex objects, where r+c equals the given permutation width (200, 400, 800 or 1600).
* KeccakDupex: the Keccak duplex objects for all widths.
* KeccakPRGWidth{200, 400, 800, 1600}: a pseudo-random bit generator based on Keccak with the given permutation width.
* KeccakPRG: the pseudo-random bit generators for all widths.
* KangarooTwelve: the KangarooTwelve extendable output function.
* Kravatte: the Kravatte pseudo-random function and its modes (Kravatte-SANE, -SANSE, -WBC and -WBC-AE).
* Xoofff: the Xoofff pseudo-random function and its modes (Xoofff-SANE, Xoofff-SANSE, Xoofff-WBC and Xoofff-WBC-AE).
-->
<!-- *** High-level services *** -->
<!-- Keccak sponge functions -->
<fragment name="KeccakSponge-common" inherits="common">
<h>lib/high/Keccak/KeccakSponge-common.h</h>
<h>lib/high/Keccak/KeccakSponge.inc</h>
</fragment>
<fragment name="KeccakSpongeWidth200" inherits="KeccakSponge-common">
<c>lib/high/Keccak/KeccakSpongeWidth200.c</c>
<h>lib/high/Keccak/KeccakSpongeWidth200.h</h>
</fragment>
<fragment name="KeccakSpongeWidth400" inherits="KeccakSponge-common">
<c>lib/high/Keccak/KeccakSpongeWidth400.c</c>
<h>lib/high/Keccak/KeccakSpongeWidth400.h</h>
</fragment>
<fragment name="KeccakSpongeWidth800" inherits="KeccakSponge-common">
<c>lib/high/Keccak/KeccakSpongeWidth800.c</c>
<h>lib/high/Keccak/KeccakSpongeWidth800.h</h>
</fragment>
<fragment name="KeccakSpongeWidth1600" inherits="KeccakSponge-common">
<c>lib/high/Keccak/KeccakSpongeWidth1600.c</c>
<h>lib/high/Keccak/KeccakSpongeWidth1600.h</h>
</fragment>
<fragment name="KeccakSponge" inherits="KeccakSpongeWidth200 KeccakSpongeWidth400 KeccakSpongeWidth800 KeccakSpongeWidth1600"/>
<!-- NIST standards -->
<fragment name="FIPS202" inherits="KeccakSpongeWidth1600">
<c>lib/high/Keccak/FIPS202/SimpleFIPS202.c</c>
<h>lib/high/Keccak/FIPS202/SimpleFIPS202.h</h>
<c>lib/high/Keccak/FIPS202/KeccakHash.c</c>
<h>lib/high/Keccak/FIPS202/KeccakHash.h</h>
</fragment>
<fragment name="SP800-185" inherits="KeccakSpongeWidth1600">
<c>lib/high/Keccak/SP800-185/SP800-185.c</c>
<h>lib/high/Keccak/SP800-185/SP800-185.inc</h>
<h>lib/high/Keccak/SP800-185/SP800-185.h</h>
<h>lib/high/common/Phases.h</h>
</fragment>
<!-- Keccak duplex objects -->
<fragment name="KeccakDuplex-common" inherits="common">
<h>lib/high/Keccak/KeccakDuplex-common.h</h>
<h>lib/high/Keccak/KeccakDuplex.inc</h>
</fragment>
<fragment name="KeccakDuplexWidth200" inherits="KeccakDuplex-common">
<c>lib/high/Keccak/KeccakDuplexWidth200.c</c>
<h>lib/high/Keccak/KeccakDuplexWidth200.h</h>
</fragment>
<fragment name="KeccakDuplexWidth400" inherits="KeccakDuplex-common">
<c>lib/high/Keccak/KeccakDuplexWidth400.c</c>
<h>lib/high/Keccak/KeccakDuplexWidth400.h</h>
</fragment>
<fragment name="KeccakDuplexWidth800" inherits="KeccakDuplex-common">
<c>lib/high/Keccak/KeccakDuplexWidth800.c</c>
<h>lib/high/Keccak/KeccakDuplexWidth800.h</h>
</fragment>
<fragment name="KeccakDuplexWidth1600" inherits="KeccakDuplex-common">
<c>lib/high/Keccak/KeccakDuplexWidth1600.c</c>
<h>lib/high/Keccak/KeccakDuplexWidth1600.h</h>
</fragment>
<fragment name="KeccakDuplex" inherits="KeccakDuplexWidth200 KeccakDuplexWidth400 KeccakDuplexWidth800 KeccakDuplexWidth1600"/>
<!-- Pseudo-random bit generation -->
<fragment name="KeccakPRG-common" inherits="common">
<h>lib/high/Keccak/PRG/KeccakPRG-common.h</h>
<h>lib/high/Keccak/PRG/KeccakPRG.inc</h>
</fragment>
<fragment name="KeccakPRGWidth200" inherits="KeccakPRG-common KeccakDuplexWidth200">
<c>lib/high/Keccak/PRG/KeccakPRGWidth200.c</c>
<h>lib/high/Keccak/PRG/KeccakPRGWidth200.h</h>
</fragment>
<fragment name="KeccakPRGWidth400" inherits="KeccakPRG-common KeccakDuplexWidth400">
<c>lib/high/Keccak/PRG/KeccakPRGWidth400.c</c>
<h>lib/high/Keccak/PRG/KeccakPRGWidth400.h</h>
</fragment>
<fragment name="KeccakPRGWidth800" inherits="KeccakPRG-common KeccakDuplexWidth800">
<c>lib/high/Keccak/PRG/KeccakPRGWidth800.c</c>
<h>lib/high/Keccak/PRG/KeccakPRGWidth800.h</h>
</fragment>
<fragment name="KeccakPRGWidth1600" inherits="KeccakPRG-common KeccakDuplexWidth1600">
<c>lib/high/Keccak/PRG/KeccakPRGWidth1600.c</c>
<h>lib/high/Keccak/PRG/KeccakPRGWidth1600.h</h>
</fragment>
<fragment name="KeccakPRG" inherits="KeccakPRGWidth200 KeccakPRGWidth400 KeccakPRGWidth800 KeccakPRGWidth1600"/>
<!-- KangarooTwelve -->
<fragment name="KangarooTwelve" inherits="KeccakSpongeWidth1600">
<c>lib/high/KangarooTwelve/KangarooTwelve.c</c>
<h>lib/high/KangarooTwelve/KangarooTwelve.h</h>
<h>lib/high/common/Phases.h</h>
</fragment>
<!-- Kravatte and modes on top of it -->
<fragment name="Kravatte" inherits="common">
<c>lib/high/Kravatte/Kravatte.c</c>
<h>lib/high/Kravatte/Kravatte.h</h>
<c>lib/high/Kravatte/KravatteModes.c</c>
<h>lib/high/Kravatte/KravatteModes.h</h>
</fragment>
<fragment name="All" inherits="common Ketje Keyak KeccakSponge KeccakDuplex KeccakPRG FIPS202 SP800-185 KangarooTwelve Kravatte"/>
<!-- Xoofff and modes on top of it -->
<fragment name="Xoofff" inherits="common">
<c>lib/high/Xoofff/Xoofff.c</c>
<h>lib/high/Xoofff/Xoofff.h</h>
<c>lib/high/Xoofff/XoofffModes.c</c>
<h>lib/high/Xoofff/XoofffModes.h</h>
</fragment>
<fragment name="Xoodyak" inherits="common">
<c>lib/high/Xoodyak/Xoodyak.c</c>
<h>lib/high/Xoodyak/Xoodyak.h</h>
<h>lib/high/Xoodyak/Cyclist.h</h>
<h>lib/high/Xoodyak/Cyclist.inc</h>
</fragment>
<fragment name="XooAll" inherits="common Xoofff Xoodyak"/>
</group>
src/XKCP/lib/Ketje.build 0 → 100755
View file @ 70bfa60b
<?xml version="1.0"?>
<!--
Implementation by the Keccak Team, namely, Guido Bertoni, Joan Daemen,
Michaël Peeters, Gilles Van Assche and Ronny Van Keer,
hereby denoted as "the implementer".
For more information, feedback or questions, please refer to our website:
https://keccak.team/
To the extent possible under law, the implementer has waived all copyright
and related or neighboring rights to the source code in this file.
http://creativecommons.org/publicdomain/zero/1.0/
-->
<group>
<!--
The fragments below allow to select the desired Ketje instances.
* KetjeJr: Ketje Jr
* KetjeSr: Ketje Sr
* KetjeMn: Ketje Minor
* KetjeMj: Ketje Major
* Ketje: all 4 instances
In addition, one of the following fragments is required:
* Ket{Jr, Sr, Mn, Mj}-SnP: to glue the Ketje implementation to an implementation of the permutation with SnP (default choice)
* Ket{Jr, Sr, Mn, Mj}-ARMv7M: same as Ket{Jr, Sr, Mn, Mj}-SnP, but with specific optimizations for ARMv7M
* Ket{Jr, Sr, Mn, Mj}-optimizedLE: same as Ket{Jr, Sr, Mn, Mj}-SnP, but with specific optimizations for other ARM plaforms (ARMv6M, ARMv7A, ARMv8A)
-->
<!-- "Ket", the layer between SnP and Ketje services -->
<fragment name="Ket-SnP-common">
<h>lib/low/Ketje/SnP-compliant/Ket.inc</h>
<h>lib/low/Ketje/SnP-compliant/Ket-common.h</h>
</fragment>
<fragment name="KetJr-SnP" inherits="Ket-SnP-common">
<c>lib/low/Ketje/SnP-compliant/KetJr.c</c>
<h>lib/low/Ketje/SnP-compliant/KetJr.h</h>
</fragment>
<fragment name="KetSr-SnP" inherits="Ket-SnP-common">
<c>lib/low/Ketje/SnP-compliant/KetSr.c</c>
<h>lib/low/Ketje/SnP-compliant/KetSr.h</h>
</fragment>
<fragment name="KetMn-SnP" inherits="Ket-SnP-common">
<c>lib/low/Ketje/SnP-compliant/KetMn.c</c>
<h>lib/low/Ketje/SnP-compliant/KetMn.h</h>
</fragment>
<fragment name="KetMj-SnP" inherits="Ket-SnP-common">
<c>lib/low/Ketje/SnP-compliant/KetMj.c</c>
<h>lib/low/Ketje/SnP-compliant/KetMj.h</h>
</fragment>
<fragment name="Ket-SnP" inherits="KetJr-SnP KetSr-SnP KetMn-SnP KetMj-SnP"/>
<fragment name="Ket-optimizedLE-common">
<h>lib/low/Ketje/OptimizedLE/Ket.inc</h>
<h>lib/low/Ketje/OptimizedLE/Ket-common.h</h>
</fragment>
<fragment name="KetJr-optimizedLE" inherits="Ket-optimizedLE-common">
<c>lib/low/Ketje/OptimizedLE/KetJr.c</c>
<h>lib/low/Ketje/OptimizedLE/KetJr.h</h>
</fragment>
<fragment name="KetSr-optimizedLE" inherits="Ket-optimizedLE-common">
<c>lib/low/Ketje/OptimizedLE/KetSr.c</c>
<h>lib/low/Ketje/OptimizedLE/KetSr.h</h>
</fragment>
<fragment name="KetMn-optimizedLE" inherits="Ket-optimizedLE-common">
<c>lib/low/Ketje/OptimizedLE/KetMn.c</c>
<h>lib/low/Ketje/OptimizedLE/KetMn.h</h>
</fragment>
<fragment name="KetMj-optimizedLE" inherits="Ket-optimizedLE-common">
<c>lib/low/Ketje/OptimizedLE/KetMj.c</c>
<h>lib/low/Ketje/OptimizedLE/KetMj.h</h>
</fragment>
<fragment name="Ket-optimizedLE" inherits="KetJr-optimizedLE KetSr-optimizedLE KetMn-optimizedLE KetMj-optimizedLE"/>
<fragment name="Ket-ARMv7M-common">
<h>lib/low/Ketje/OptimizedAsmARM/Ket-common.h</h>
</fragment>
<fragment name="KetJr-ARMv7M" inherits="Ket-ARMv7M-common">
<h>lib/low/Ketje/OptimizedAsmARM/KetJr.h</h>
<c>lib/low/Ketje/OptimizedAsmARM/KetjeJr-armv7m-le-gcc.s</c>
</fragment>
<fragment name="KetSr-ARMv7M" inherits="Ket-ARMv7M-common">
<h>lib/low/Ketje/OptimizedAsmARM/KetSr.h</h>
<c>lib/low/Ketje/OptimizedAsmARM/KetjeSr-armv7m-le-gcc.s</c>
</fragment>
<fragment name="Ket-ARMv7M" inherits="KetJr-ARMv7M KetSr-ARMv7M KetMn-optimizedLE KetMj-SnP"/>
<!-- *** High-level services *** -->
<fragment name="Ketje-common" inherits="common">
<h>lib/high/Ketje/Ketje-common.h</h>
<h>lib/high/Ketje/Ketjev2.inc</h>
</fragment>
<fragment name="KetjeJr" inherits="Ketje-common">
<c>lib/high/Ketje/KetjeJr.c</c>
<h>lib/high/Ketje/KetjeJr.h</h>
</fragment>
<fragment name="KetjeSr" inherits="Ketje-common">
<c>lib/high/Ketje/KetjeSr.c</c>
<h>lib/high/Ketje/KetjeSr.h</h>
</fragment>
<fragment name="KetjeMn" inherits="Ketje-common">
<c>lib/high/Ketje/KetjeMn.c</c>
<h>lib/high/Ketje/KetjeMn.h</h>
</fragment>
<fragment name="KetjeMj" inherits="Ketje-common">
<c>lib/high/Ketje/KetjeMj.c</c>
<h>lib/high/Ketje/KetjeMj.h</h>
</fragment>
<fragment name="Ketje" inherits="KetjeJr KetjeSr KetjeMn KetjeMj">
<h>lib/high/Ketje/Ketjev2.h</h>
</fragment>
<!-- Ketje with CAESAR API and SUPERCOP packages -->
<!-- Ketje Jr -->
<fragment name="crypto_aead/ketjejrv2" inherits="KetjeJr">
<c>tests/SUPERCOP/KetjeJr/encrypt.c</c>
<h>tests/SUPERCOP/KetjeJr/api.h</h>
</fragment>
<fragment name="KetjeJrSelfTest" inherits="crypto_aead/ketjejrv2 crypto_aead_test">
<c>tests/SUPERCOP/KetjeJr/selftest.c</c>
</fragment>
<fragment name="KetjeJr-compact" inherits="KetjeJr KetJr-SnP compact200"/>
<fragment name="KetjeJr-AVR8" inherits="KetjeJr KetJr-SnP optimized200AVR8"/>
<fragment name="KetjeJr-ARMv6M" inherits="KetjeJr KetJr-optimizedLE optimized200ARMv6M"/>
<fragment name="KetjeJr-ARMv7M" inherits="KetjeJr KetJr-ARMv7M"/>
<group all="supercop">
<product delimiter="/">
<factor set="crypto_aead/ketjejrv2 KetjeJrSelfTest"/>
<factor set="KetjeJr-compact KetjeJr-AVR8 KetjeJr-ARMv6M KetjeJr-ARMv7M"/>
</product>
</group>
<!-- Ketje Sr -->
<fragment name="crypto_aead/ketjesrv2" inherits="KetjeSr">
<c>tests/SUPERCOP/KetjeSr/encrypt.c</c>
<h>tests/SUPERCOP/KetjeSr/api.h</h>
</fragment>
<fragment name="KetjeSrSelfTest" inherits="crypto_aead/ketjesrv2 crypto_aead_test">
<c>tests/SUPERCOP/KetjeSr/selftest.c</c>
</fragment>
<fragment name="KetjeSr-compact" inherits="KetjeSr KetSr-SnP reference400"/>
<fragment name="KetjeSr-AVR8" inherits="KetjeSr KetSr-SnP optimized400AVR8"/>
<fragment name="KetjeSr-ARMv6M" inherits="KetjeSr KetSr-optimizedLE optimized400ARMv6M"/>
<fragment name="KetjeSr-ARMv7M" inherits="KetjeSr KetSr-ARMv7M"/>
<group all="supercop">
<product delimiter="/">
<factor set="crypto_aead/ketjesrv2 KetjeSrSelfTest"/>
<factor set="KetjeSr-compact KetjeSr-AVR8 KetjeSr-ARMv6M KetjeSr-ARMv7M"/>
</product>
</group>
<!-- Ketje Minor -->
<fragment name="crypto_aead/ketjeminorv2" inherits="KetjeMn">
<c>tests/SUPERCOP/KetjeMn/encrypt.c</c>
<h>tests/SUPERCOP/KetjeMn/api.h</h>
</fragment>
<fragment name="KetjeMnSelfTest" inherits="crypto_aead/ketjeminorv2 crypto_aead_test">
<c>tests/SUPERCOP/KetjeMn/selftest.c</c>
</fragment>
<fragment name="KetjeMn-compact" inherits="KetjeMn KetMn-SnP compact800"/>
<fragment name="KetjeMn-AVR8" inherits="KetjeMn KetMn-SnP optimized800AVR8"/>
<fragment name="KetjeMn-generic32" inherits="KetjeMn KetMn-SnP optimized800u2"/>
<fragment name="KetjeMn-generic32lc" inherits="KetjeMn KetMn-SnP optimized800lcu2"/>
<fragment name="KetjeMn-ARMv6M" inherits="KetjeMn KetMn-optimizedLE optimized800ARMv6Mu2"/>
<fragment name="KetjeMn-ARMv7M" inherits="KetjeMn KetMn-SnP optimized800ARMv7Mu2"/>
<fragment name="KetjeMn-ARMv7A" inherits="KetjeMn KetMn-optimizedLE optimized800ARMv7Au2"/>
<fragment name="KetjeMn-ARMv8A" inherits="KetjeMn KetMn-optimizedLE optimized800ARMv8A"/>
<group all="supercop">
<product delimiter="/">
<factor set="crypto_aead/ketjeminorv2 KetjeMnSelfTest"/>
<factor set="KetjeMn-compact KetjeMn-AVR8 KetjeMn-generic32 KetjeMn-generic32lc KetjeMn-ARMv6M KetjeMn-ARMv7M KetjeMn-ARMv7A KetjeMn-ARMv8A"/>
</product>
</group>
<!-- Ketje Major -->
<fragment name="crypto_aead/ketjemajorv2" inherits="KetjeMj">
<c>tests/SUPERCOP/KetjeMj/encrypt.c</c>
<h>tests/SUPERCOP/KetjeMj/api.h</h>
</fragment>
<fragment name="KetjeMjSelfTest" inherits="crypto_aead/ketjemajorv2 crypto_aead_test">
<c>tests/SUPERCOP/KetjeMj/selftest.c</c>
</fragment>
<fragment name="KetjeMj-compact" inherits="KetjeMj KetMj-SnP compact1600"/>
<fragment name="KetjeMj-AVR8" inherits="KetjeMj KetMj-SnP optimized1600AVR8"/>
<fragment name="KetjeMj-generic32" inherits="KetjeMj KetMj-SnP inplace1600bi"/>
<fragment name="KetjeMj-generic64" inherits="KetjeMj KetMj-SnP optimized1600ufull"/>
<fragment name="KetjeMj-generic64lc" inherits="KetjeMj KetMj-SnP optimized1600lcufull"/>
<fragment name="KetjeMj-ARMv6M" inherits="KetjeMj KetMj-optimizedLE optimized1600ARMv6Mu2"/>
<fragment name="KetjeMj-ARMv7M" inherits="KetjeMj KetMj-SnP inplace1600ARMv7M"/>
<fragment name="KetjeMj-ARMv7A" inherits="KetjeMj KetMj-optimizedLE optimized1600ARMv7A"/>
<fragment name="KetjeMj-ARMv8A" inherits="KetjeMj KetMj-optimizedLE optimized1600ARMv8A"/>
<group all="supercop">
<product delimiter="/">
<factor set="crypto_aead/ketjemajorv2 KetjeMjSelfTest"/>
<factor set="KetjeMj-compact KetjeMj-AVR8 KetjeMj-generic32 KetjeMj-generic64 KetjeMj-generic64lc KetjeMj-ARMv6M KetjeMj-ARMv7M KetjeMj-ARMv7A KetjeMj-ARMv8A"/>
</product>
</group>
</group>
src/XKCP/lib/Keyak.build 0 → 100755
View file @ 70bfa60b
<?xml version="1.0"?>
<!--
Implementation by the Keccak Team, namely, Guido Bertoni, Joan Daemen,
Michaël Peeters, Gilles Van Assche and Ronny Van Keer,
hereby denoted as "the implementer".
For more information, feedback or questions, please refer to our website:
https://keccak.team/
To the extent possible under law, the implementer has waived all copyright
and related or neighboring rights to the source code in this file.
http://creativecommons.org/publicdomain/zero/1.0/
-->
<group>
<!--
The fragments below allow to select the desired Keyak instances.
* RiverKeyak: River Keyak
* LakeKeyak: Lake Keyak
* SeaKeyak: Sea Keyak
* OceanKeyak: Ocean Keyak
* LunarKeyak: Lunar Keyak
* Keyak: all 5 instances
-->
<fragment name="Keyak-common" inherits="common">
<h>lib/high/Keyak/Motorist.inc</h>
<h>lib/high/Keyak/Keyak-common.h</h>
<h>lib/high/Keyak/Keyakv2.inc</h>
</fragment>
<fragment name="RiverKeyak" inherits="Keyak-common">
<c>lib/high/Keyak/RiverKeyak.c</c>
<h>lib/high/Keyak/RiverKeyak.h</h>
</fragment>
<fragment name="LakeKeyak" inherits="Keyak-common">
<c>lib/high/Keyak/LakeKeyak.c</c>
<h>lib/high/Keyak/LakeKeyak.h</h>
</fragment>
<fragment name="SeaKeyak" inherits="Keyak-common">
<c>lib/high/Keyak/SeaKeyak.c</c>
<h>lib/high/Keyak/SeaKeyak.h</h>
</fragment>
<fragment name="OceanKeyak" inherits="Keyak-common">
<c>lib/high/Keyak/OceanKeyak.c</c>
<h>lib/high/Keyak/OceanKeyak.h</h>
</fragment>
<fragment name="LunarKeyak" inherits="Keyak-common">
<c>lib/high/Keyak/LunarKeyak.c</c>
<h>lib/high/Keyak/LunarKeyak.h</h>
</fragment>
<fragment name="Keyak" inherits="RiverKeyak LakeKeyak SeaKeyak OceanKeyak LunarKeyak"/>
<!-- Keyak with CAESAR API and SUPERCOP packages -->
<fragment name="crypto_aead/riverkeyakv2" inherits="RiverKeyak">
<c>tests/SUPERCOP/RiverKeyak/encrypt.c</c>
<h>tests/SUPERCOP/RiverKeyak/api.h</h>
</fragment>
<fragment name="RiverKeyakSelfTest" inherits="crypto_aead/riverkeyakv2 crypto_aead_test">
<c>tests/SUPERCOP/RiverKeyak/selftest.c</c>
</fragment>
<fragment name="crypto_aead/lakekeyakv2" inherits="LakeKeyak">
<c>tests/SUPERCOP/LakeKeyak/encrypt.c</c>
<h>tests/SUPERCOP/LakeKeyak/api.h</h>
</fragment>
<fragment name="LakeKeyakSelfTest" inherits="crypto_aead/lakekeyakv2 crypto_aead_test">
<c>tests/SUPERCOP/LakeKeyak/selftest.c</c>
</fragment>
<fragment name="crypto_aead/seakeyakv2" inherits="SeaKeyak">
<c>tests/SUPERCOP/SeaKeyak/encrypt.c</c>
<h>tests/SUPERCOP/SeaKeyak/api.h</h>
</fragment>
<fragment name="SeaKeyakSelfTest" inherits="crypto_aead/seakeyakv2 crypto_aead_test">
<c>tests/SUPERCOP/SeaKeyak/selftest.c</c>
</fragment>
<fragment name="crypto_aead/oceankeyakv2" inherits="OceanKeyak">
<c>tests/SUPERCOP/OceanKeyak/encrypt.c</c>
<h>tests/SUPERCOP/OceanKeyak/api.h</h>
</fragment>
<fragment name="OceanKeyakSelfTest" inherits="crypto_aead/oceankeyakv2 crypto_aead_test">
<c>tests/SUPERCOP/OceanKeyak/selftest.c</c>
</fragment>
<fragment name="crypto_aead/lunarkeyakv2" inherits="LunarKeyak">
<c>tests/SUPERCOP/LunarKeyak/encrypt.c</c>
<h>tests/SUPERCOP/LunarKeyak/api.h</h>
</fragment>
<fragment name="LunarKeyakSelfTest" inherits="crypto_aead/lunarkeyakv2 crypto_aead_test">
<c>tests/SUPERCOP/LunarKeyak/selftest.c</c>
</fragment>
<group all="supercop">
<product delimiter="/">
<factor set="crypto_aead/riverkeyakv2 RiverKeyakSelfTest crypto_aead/lakekeyakv2 LakeKeyakSelfTest crypto_aead/seakeyakv2 SeaKeyakSelfTest crypto_aead/oceankeyakv2 OceanKeyakSelfTest crypto_aead/lunarkeyakv2 LunarKeyakSelfTest"/>
<factor set="reference reference32bits compact generic32 generic32lc generic64 generic64lc asmX86-64 asmX86-64shld Nehalem SandyBridge Bulldozer Haswell SkylakeX ARMv6M ARMv7M ARMv7A ARMv8A AVR8"/>
</product>
</group>
</group>
src/XKCP/lib/LowLevel.build 0 → 100755
View file @ 70bfa60b
<?xml version="1.0"?>
<!--
Implementation by the Keccak Team, namely, Guido Bertoni, Joan Daemen,
Michaël Peeters, Gilles Van Assche and Ronny Van Keer,
hereby denoted as "the implementer".
For more information, feedback or questions, please refer to our website:
https://keccak.team/
To the extent possible under law, the implementer has waived all copyright
and related or neighboring rights to the source code in this file.
http://creativecommons.org/publicdomain/zero/1.0/
-->
<group>
<!--
The fragments below allow to select the desired implementation of the permutations (a.k.a. low-level services below the SnP or PlSnP interface).
# For Keccak-p[200]:
* reference200: the unoptimized reference implementation
* compact200: an implementation aimed at minimizing code and memory sizes
* optimized200ARMv6M: an assembly-optimized implementation for ARMv6M
* optimized200ARMv7M: an assembly-optimized implementation for ARMv7M
* optimized200AVR8: an assembly-optimized implementation for AVR8
# For Keccak-p[400]:
* reference400: the unoptimized reference implementation
* optimized400ARMv6M: an assembly-optimized implementation for ARMv6M
* optimized400ARMv7M: an assembly-optimized implementation for ARMv7M
* optimized400AVR8: an assembly-optimized implementation for AVR8
# For Keccak-p[800]:
* reference800: the unoptimized reference implementation
* compact800: an implementation aimed at minimizing code and memory sizes
* optimized800u2: a generically optimized implementation for 32-bit platforms with 2 rounds unrolled
* optimized800ufull: same as optimized800u2 but with all rounds unrolled
* optimized800lcu2: same as optimized800u2 but using the lane complementing technique, which is useful for platforms that do not have a "and not" instruction
* optimized800lcufull: same as optimized800lcu2 but with all rounds unrolled
* optimized800ARMv6Mu1: an assembly-optimized implementation for ARMv6M (no round unrolling)
* optimized800ARMv6Mu2: same as optimized800ARMv6Mu1 but with 2 rounds unrolled
* optimized800ARMv7Mu2: an assembly-optimized implementation for ARMv7M with 2 rounds unrolled
* optimized800ARMv7Mufull: same as optimized800ARMv7Mu2 but with all rounds unrolled
* optimized800ARMv7Au2: an assembly-optimized implementation for ARMv7A with 2 rounds unrolled
* optimized800ARMv8A: an assembly-optimized implementation for ARMv8A
* optimized800AVR8: an assembly-optimized implementation for AVR8
# For Keccak-p[1600]:
* reference1600: the unoptimized reference implementation
* reference1600-32bits: a reference implementation using only 32-bit operations with the bit interleaving technique
* compact1600: an implementation aimed at minimizing code and memory sizes
* compact1600AVR8: same as compact1600, but specifically for AVR8
* inplace1600bi: a generically optimized implementation for 32-bit platforms aimed at minimizing the memory size by performing the permutation in-place
* inplace1600ARMv6M: same as inplace1600bi, but specifically for ARMv6M
* inplace1600ARMv7M: same as inplace1600bi, but specifically for ARMv7M
* inplace1600ARMv7A: same as inplace1600bi, but specifically for ARMv7A
* optimized1600u6: a generically optimized implementation for 64-bit platforms with 6 rounds unrolled
* optimized1600ufull: same as optimized1600u6 but with all rounds unrolled
* optimized1600lcu6: same as optimized1600u6 but using the lane complementing technique, which is useful for platforms that do not have a "and not" instruction
* optimized1600lcufull: same as optimized1600lcu6 but with all rounds unrolled
* optimized1600lcufullshld: same as optimized1600lcufull but with the rotation implementation with the 'shld' instruction, as it is faster on some platforms (e.g., SandyBridge)
* optimized1600AsmX86-64: an assembly-optimized implementation for x86_64
* optimized1600AsmX86-64shld: same as optimized1600AsmX86-64, but with the 'shld' instruction
* optimized1600AsmX86-64Apple: same as optimized1600AsmX86-64, but with a syntax that works better on some Apple platforms
* optimized1600AVX2: an optimized implementation taking advantage of the AVX2 instruction set
* optimized1600AVX512a: an optimized implementation taking advantage of the AVX512 instruction set (in assembler)
* optimized1600AVX512c: an optimized implementation taking advantage of the AVX512 instruction set (in C)
* optimized1600XOPu6: an optimized implementation taking advantage of the XOP instruction set, with 6 rounds unrolled
* optimized1600XOPufull: same as optimized1600XOPu6, but with all rounds unrolled
* optimized1600ARMv6Mu1: an assembly-optimized implementation for ARMv6M (no round unrolling)
* optimized1600ARMv6Mu2: same as optimized1600ARMv6Mu1 but with 2 rounds unrolled
* optimized1600ARMv7A: an assembly-optimized implementation for ARMv7A
* optimized1600ARMv8A: an assembly-optimized implementation for ARMv8A
* optimized1600AVR8: an assembly-optimized implementation for AVR8
# For Keccak-p[1600]×2:
* 1600times2on1: a stub that calls Keccak-p[1600] twice (requires an implementation of Keccak-p[1600])
* SIMD128-SSE2u2: an implementation taking advantage of the SSE2 instruction set, with two rounds unrolled
* SIMD128-SSE2ufull: same SIMD128-SSE2u2, but with all rounds unrolled
* SIMD128-XOPu2: an implementation taking advantage of the XOP instruction set, with two rounds unrolled
* SIMD128-XOPufull: same SIMD128-XOPu2, but with all rounds unrolled
* SIMD512-2-AVX512u4: an implementation taking advantage of the AVX512 instruction set, with 4 rounds unrolled
* SIMD512-2-AVX512u12: same as SIMD512-2-AVX512u4, but with 12 rounds unrolled
* SIMD512-2-AVX512ufull: same as SIMD512-2-AVX512u4, but with all rounds unrolled
* 1600times2ARMV7A: an assembly-optimized implementation for ARMv7A using NEON
# For Keccak-p[1600]×4:
* 1600times4on1: a stub that calls Keccak-p[1600] four times (requires an implementation of Keccak-p[1600])
* 1600times4on2: a stub that calls Keccak-p[1600]×2 twice (requires an implementation of Keccak-p[1600]×2)
* SIMD256-AVX2u6: an implementation taking advantage of the AVX2 instruction set, with 6 rounds unrolled
* SIMD256-AVXu12: same as SIMD256-AVX2u6, but with 12 rounds unrolled
* SIMD256-AVXufull: same as SIMD256-AVX2u6, but with all rounds unrolled
* SIMD512-4-AVX512u4: an implementation taking advantage of the AVX512 instruction set, with 4 rounds unrolled
* SIMD512-4-AVX512u12: same as SIMD512-4-AVX512u4, but with 12 rounds unrolled
* SIMD512-4-AVX512ufull: same as SIMD512-4-AVX512u4, but with all rounds unrolled
# For Keccak-p[1600]×8:
* 1600times8on1: a stub that calls Keccak-p[1600] eight times (requires an implementation of Keccak-p[1600])
* 1600times8on2: a stub that calls Keccak-p[1600]×2 four times (requires an implementation of Keccak-p[1600]×2)
* 1600times8on4: a stub that calls Keccak-p[1600]×4 twice (requires an implementation of Keccak-p[1600]×4)
* SIMD512-8-AVX512u4: an implementation taking advantage of the AVX512 instruction set, with 4 rounds unrolled
* SIMD512-8-AVX512u12: same as SIMD512-8-AVX512u4, but with 12 rounds unrolled
* SIMD512-8-AVX512ufull: same as SIMD512-8-AVX512u4, but with all rounds unrolled
# For Xoodoo:
* reference: the unoptimized reference implementation
* optimized: a generically optimized implementation for 32-bit platforms, fully unrolled
* optimizedARMv6M: assembler optimized for ARMv6M, one round unrolled
* optimizedARMv7M: assembler optimized for ARMv7M, fully unrolled
* optimizedSIMD128: Optimized for SIMD-128, fully unrolled
* optimizedSIMD512: Optimized for AVX-512, fully unrolled
# For Xoodoo×4:
* SIMD128: an implementation taking advantage of the SIMD-128 instruction set, fully unrolled
* SIMD512: an implementation taking advantage of the AVX-512 instruction set, fully unrolled
# For Xoodoo×8:
* SIMD256: an implementation taking advantage of the AVX-2 instruction set, fully unrolled
* SIMD512: an implementation taking advantage of the AVX-512 instruction set, fully unrolled
# For Xoodoo×16:
* SIMD512: an implementation taking advantage of the AVX-512 instruction set, fully unrolled
-->
<!-- *** Low-level services *** -->
<fragment name="optimized">
<h>lib/common/brg_endian.h</h>
<gcc>-fomit-frame-pointer</gcc>
<gcc>-O2</gcc>
<gcc>-g0</gcc>
<gcc>-march=native</gcc>
<gcc>-mtune=native</gcc>
</fragment>
<!-- Keccak-p[200] -->
<fragment name="width200">
</fragment>
<fragment name="reference200" inherits="common width200">
<c>lib/low/KeccakP-200/Reference/KeccakP-200-reference.c</c>
<h>lib/low/KeccakP-200/Reference/KeccakP-200-reference.h</h>
<h>lib/low/KeccakP-200/Reference/KeccakP-200-SnP.h</h>
</fragment>
<fragment name="compact200" inherits="common optimized width200">
<c>lib/low/KeccakP-200/Compact/KeccakP-200-compact.c</c>
<h>lib/low/KeccakP-200/Compact/KeccakP-200-SnP.h</h>
</fragment>
<fragment name="optimized200ARMv6M" inherits="common optimized width200">
<c>lib/low/KeccakP-200/OptimizedAsmARM/KeccakP-200-armv6m-le-gcc.s</c>
<h>lib/low/KeccakP-200/OptimizedAsmARM/KeccakP-200-SnP.h</h>
</fragment>
<fragment name="optimized200ARMv7M" inherits="common optimized width200">
<c>lib/low/KeccakP-200/OptimizedAsmARM/KeccakP-200-armv7m-le-gcc.s</c>
<h>lib/low/KeccakP-200/OptimizedAsmARM/KeccakP-200-SnP.h</h>
</fragment>
<fragment name="optimized200AVR8" inherits="common optimized width200">
<c>lib/low/KeccakP-200/OptimizedAsmAVR8/KeccakP-200-avr8-fast.s</c>
<h>lib/low/KeccakP-200/OptimizedAsmAVR8/KeccakP-200-SnP.h</h>
</fragment>
<!-- Keccak-p[400] -->
<fragment name="width400">
</fragment>
<fragment name="reference400" inherits="common width400">
<c>lib/low/KeccakP-400/Reference/KeccakP-400-reference.c</c>
<h>lib/low/KeccakP-400/Reference/KeccakP-400-reference.h</h>
<h>lib/low/KeccakP-400/Reference/KeccakP-400-SnP.h</h>
</fragment>
<fragment name="optimized400ARMv6M" inherits="common optimized width400">
<c>lib/low/KeccakP-400/OptimizedAsmARM/KeccakP-400-armv6m-le-gcc.s</c>
<h>lib/low/KeccakP-400/OptimizedAsmARM/KeccakP-400-SnP.h</h>
</fragment>
<fragment name="optimized400ARMv7M" inherits="common optimized width400">
<c>lib/low/KeccakP-400/OptimizedAsmARM/KeccakP-400-armv7m-le-gcc.s</c>
<h>lib/low/KeccakP-400/OptimizedAsmARM/KeccakP-400-SnP.h</h>
</fragment>
<fragment name="optimized400AVR8" inherits="common optimized width400">
<c>lib/low/KeccakP-400/OptimizedAsmAVR8/KeccakP-400-avr8-fast.s</c>
<h>lib/low/KeccakP-400/OptimizedAsmAVR8/KeccakP-400-SnP.h</h>
</fragment>
<!-- Keccak-p[800] -->
<fragment name="width800">
</fragment>
<fragment name="reference800" inherits="common width800">
<c>lib/low/KeccakP-800/Reference/KeccakP-800-reference.c</c>
<h>lib/low/KeccakP-800/Reference/KeccakP-800-reference.h</h>
<h>lib/low/KeccakP-800/Reference/KeccakP-800-SnP.h</h>
</fragment>
<fragment name="compact800" inherits="common optimized width800">
<c>lib/low/KeccakP-800/Compact/KeccakP-800-compact.c</c>
<h>lib/low/KeccakP-800/Compact/KeccakP-800-SnP.h</h>
</fragment>
<fragment name="optimized800" inherits="width800 optimized">
<h>lib/low/KeccakP-800/Optimized32/KeccakP-800-SnP.h</h>
<h>lib/low/KeccakP-800/Optimized32/KeccakP-800-opt32-bis.macros</h>
<c>lib/low/KeccakP-800/Optimized32/KeccakP-800-opt32.c</c>
<h>lib/low/KeccakP-800/Optimized32/KeccakP-800-opt32.macros</h>
<h>lib/low/KeccakP-800/Optimized32/KeccakP-800-unrolling-bis.macros</h>
<h>lib/low/KeccakP-800/Optimized32/KeccakP-800-unrolling.macros</h>
</fragment>
<fragment name="optimized800u2" inherits="optimized800">
<h>lib/low/KeccakP-800/Optimized32/u2/KeccakP-800-opt32-config.h</h>
</fragment>
<fragment name="optimized800ufull" inherits="optimized800">
<h>lib/low/KeccakP-800/Optimized32/ufull/KeccakP-800-opt32-config.h</h>
</fragment>
<fragment name="optimized800lcu2" inherits="optimized800">
<h>lib/low/KeccakP-800/Optimized32/LCu2/KeccakP-800-opt32-config.h</h>
</fragment>
<fragment name="optimized800lcufull" inherits="optimized800">
<h>lib/low/KeccakP-800/Optimized32/LCufull/KeccakP-800-opt32-config.h</h>
</fragment>
<fragment name="optimized800ARM" inherits="common optimized width800">
<h>lib/low/KeccakP-800/OptimizedAsmARM/KeccakP-800-SnP.h</h>
</fragment>
<fragment name="optimized800ARMv6Mu1" inherits="optimized800ARM">
<c>lib/low/KeccakP-800/OptimizedAsmARM/KeccakP-800-u1-armv6m-le-gcc.s</c>
</fragment>
<fragment name="optimized800ARMv6Mu2" inherits="optimized800ARM">
<c>lib/low/KeccakP-800/OptimizedAsmARM/KeccakP-800-u2-armv6m-le-gcc.s</c>
</fragment>
<fragment name="optimized800ARMv7Mu2" inherits="optimized800ARM">
<c>lib/low/KeccakP-800/OptimizedAsmARM/KeccakP-800-u2-armv7m-le-gcc.s</c>
</fragment>
<fragment name="optimized800ARMv7Mufull" inherits="optimized800ARM">
<c>lib/low/KeccakP-800/OptimizedAsmARM/KeccakP-800-uf-armv7m-le-gcc.s</c>
</fragment>
<fragment name="optimized800ARMv7Au2" inherits="optimized800ARM">
<c>lib/low/KeccakP-800/OptimizedAsmARM/KeccakP-800-u2-armv7a-le-gcc.s</c>
</fragment>
<fragment name="optimized800ARMv8A" inherits="common optimized width800">
<gcc>-mfpu=neon</gcc>
<c>lib/low/KeccakP-800/Optimized64AsmARM/KeccakP-800-armv8a-neon.s</c>
<h>lib/low/KeccakP-800/Optimized64AsmARM/KeccakP-800-SnP.h</h>
</fragment>
<fragment name="optimized800AVR8" inherits="common optimized width800">
<c>lib/low/KeccakP-800/OptimizedAsmAVR8/KeccakP-800-avr8-fast.s</c>
<h>lib/low/KeccakP-800/OptimizedAsmAVR8/KeccakP-800-SnP.h</h>
</fragment>
<!-- Keccak-p[1600] -->
<fragment name="width1600">
</fragment>
<fragment name="reference1600" inherits="common width1600">
<c>lib/low/KeccakP-1600/Reference/KeccakP-1600-reference.c</c>
<h>lib/low/KeccakP-1600/Reference/KeccakP-1600-reference.h</h>
<h>lib/low/KeccakP-1600/Reference/KeccakP-1600-SnP.h</h>
</fragment>
<fragment name="reference1600-32bits" inherits="common width1600">
<c>lib/low/KeccakP-1600/Reference32BI/KeccakP-1600-reference32BI.c</c>
<h>lib/low/KeccakP-1600/Reference32BI/KeccakP-1600-reference.h</h>
<h>lib/low/KeccakP-1600/Reference32BI/KeccakP-1600-SnP.h</h>
</fragment>
<fragment name="compact1600" inherits="common optimized width1600">
<c>lib/low/KeccakP-1600/Compact64/KeccakP-1600-compact64.c</c>
<h>lib/low/KeccakP-1600/Compact64/KeccakP-1600-SnP.h</h>
<h>lib/low/common/SnP-Relaned.h</h>
</fragment>
<fragment name="compact1600AVR8" inherits="common optimized width1600">
<c>lib/low/KeccakP-1600/OptimizedAsmAVR8/KeccakP-1600-avr8-compact.s</c>
<h>lib/low/KeccakP-1600/OptimizedAsmAVR8/KeccakP-1600-SnP.h</h>
</fragment>
<fragment name="inplace1600bi" inherits="width1600 optimized">
<c>lib/low/KeccakP-1600/Inplace32BI/KeccakP-1600-inplace32BI.c</c>
<h>lib/low/KeccakP-1600/Inplace32BI/KeccakP-1600-SnP.h</h>
<h>lib/low/common/SnP-Relaned.h</h>
</fragment>
<fragment name="inplace1600ARM" inherits="width1600 optimized">
<h>lib/low/KeccakP-1600/Optimized32biAsmARM/KeccakP-1600-SnP.h</h>
</fragment>
<fragment name="inplace1600ARMv6M" inherits="inplace1600ARM">
<c>lib/low/KeccakP-1600/Optimized32biAsmARM/KeccakP-1600-inplace-32bi-armv6m-le-gcc.s</c>
</fragment>
<fragment name="inplace1600ARMv7M" inherits="inplace1600ARM">
<c>lib/low/KeccakP-1600/Optimized32biAsmARM/KeccakP-1600-inplace-32bi-armv7m-le-gcc.s</c>
</fragment>
<fragment name="inplace1600ARMv7A" inherits="inplace1600ARM">
<c>lib/low/KeccakP-1600/Optimized32biAsmARM/KeccakP-1600-inplace-32bi-armv7a-le-gcc.s</c>
</fragment>
<fragment name="optimized1600" inherits="width1600 optimized">
<c>lib/low/KeccakP-1600/Optimized64/KeccakP-1600-opt64.c</c>
<h>lib/low/KeccakP-1600/Optimized/KeccakP-1600-unrolling.macros</h>
<h>lib/low/KeccakP-1600/Optimized/KeccakP-1600-64.macros</h>
<h>lib/low/KeccakP-1600/Optimized64/KeccakP-1600-SnP.h</h>
<h>lib/low/common/SnP-Relaned.h</h>
<gcc>-m64</gcc>
</fragment>
<fragment name="optimized1600u6" inherits="optimized1600">
<h>lib/low/KeccakP-1600/Optimized64/u6/KeccakP-1600-opt64-config.h</h>
</fragment>
<fragment name="optimized1600ufull" inherits="optimized1600">
<h>lib/low/KeccakP-1600/Optimized64/ufull/KeccakP-1600-opt64-config.h</h>
</fragment>
<fragment name="optimized1600lcu6" inherits="optimized1600">
<h>lib/low/KeccakP-1600/Optimized64/LCu6/KeccakP-1600-opt64-config.h</h>
</fragment>
<fragment name="optimized1600lcufull" inherits="optimized1600">
<h>lib/low/KeccakP-1600/Optimized64/LCufull/KeccakP-1600-opt64-config.h</h>
</fragment>
<fragment name="optimized1600lcufullshld" inherits="optimized1600">
<h>lib/low/KeccakP-1600/Optimized64/LCufullshld/KeccakP-1600-opt64-config.h</h>
</fragment>
<fragment name="optimized1600AsmX86-64" inherits="width1600 optimized">
<c>lib/low/KeccakP-1600/OptimizedAsmX86-64/KeccakP-1600-x86-64-gas.s</c>
<h>lib/low/KeccakP-1600/OptimizedAsmX86-64/KeccakP-1600-SnP.h</h>
</fragment>
<fragment name="optimized1600AsmX86-64shld" inherits="width1600 optimized">
<c>lib/low/KeccakP-1600/OptimizedAsmX86-64/KeccakP-1600-x86-64-shld-gas.s</c>
<h>lib/low/KeccakP-1600/OptimizedAsmX86-64/KeccakP-1600-SnP.h</h>
</fragment>
<fragment name="optimized1600AsmX86-64Apple" inherits="width1600 optimized">
<c>lib/low/KeccakP-1600/OptimizedAsmX86-64/KeccakP-1600-x86-64-gas_Apple.s</c>
<h>lib/low/KeccakP-1600/OptimizedAsmX86-64/KeccakP-1600-SnP.h</h>
</fragment>
<!-- Not yet updated with Permute_Nrounds
<fragment name="optimized1600Haswell" inherits="width1600 optimized">
<c>lib/low/KeccakP-1600/Optimized64/CompiledByGCC474forHaswell/KeccakP-1600-opt64.s</c>
<h>lib/low/KeccakP-1600/Optimized64/CompiledByGCC474forHaswell/KeccakP-1600-SnP.h</h>
</fragment>
<fragment name="optimized1600SandyBridge" inherits="width1600 optimized">
<c>lib/low/KeccakP-1600/Optimized64/CompiledByGCC474forSandyBridge/KeccakP-1600-opt64.s</c>
<h>lib/low/KeccakP-1600/Optimized64/CompiledByGCC474forSandyBridge/KeccakP-1600-SnP.h</h>
</fragment>
<fragment name="optimized1600Nehalem" inherits="width1600 optimized">
<c>lib/low/KeccakP-1600/Optimized64/CompiledByGCC474forNehalem/KeccakP-1600-opt64.s</c>
<h>lib/low/KeccakP-1600/Optimized64/CompiledByGCC474forNehalem/KeccakP-1600-SnP.h</h>
</fragment>
-->
<fragment name="optimized1600AVX2" inherits="width1600 optimized">
<c>lib/low/KeccakP-1600/OptimizedAVX2/KeccakP-1600-AVX2.s</c>
<h>lib/low/KeccakP-1600/OptimizedAVX2/KeccakP-1600-SnP.h</h>
</fragment>
<fragment name="optimized1600AVX512c" inherits="width1600 optimized">
<c>lib/low/KeccakP-1600/OptimizedAVX512c/KeccakP-1600-AVX512.c</c>
<h>lib/low/KeccakP-1600/OptimizedAVX512c/AVX512u12/KeccakP-1600-AVX512-config.h</h>
<h>lib/low/KeccakP-1600/OptimizedAVX512c/KeccakP-1600-SnP.h</h>
</fragment>
<fragment name="optimized1600AVX512a" inherits="width1600 optimized">
<c>lib/low/KeccakP-1600/OptimizedAVX512a/KeccakP-1600-AVX512.s</c>
<h>lib/low/KeccakP-1600/OptimizedAVX512a/KeccakP-1600-SnP.h</h>
</fragment>
<fragment name="optimized1600XOP" inherits="width1600 optimized">
<c>lib/low/KeccakP-1600/OptimizedXOP/KeccakP-1600-XOP.c</c>
<h>lib/low/KeccakP-1600/OptimizedXOP/KeccakP-1600-SnP.h</h>
<h>lib/low/KeccakP-1600/Optimized/KeccakP-1600-unrolling.macros</h>
<h>lib/low/common/SnP-Relaned.h</h>
</fragment>
<fragment name="optimized1600XOPu6" inherits="optimized1600XOP">
<h>lib/low/KeccakP-1600/OptimizedXOP/u6/KeccakP-1600-XOP-config.h</h>
</fragment>
<fragment name="optimized1600XOPufull" inherits="optimized1600XOP">
<h>lib/low/KeccakP-1600/OptimizedXOP/ufull/KeccakP-1600-XOP-config.h</h>
</fragment>
<fragment name="optimized1600ARM" inherits="width1600 optimized">
<h>lib/low/KeccakP-1600/Optimized32biAsmARM/KeccakP-1600-SnP.h</h>
</fragment>
<fragment name="optimized1600ARMv6Mu1" inherits="optimized1600ARM">
<c>lib/low/KeccakP-1600/Optimized32biAsmARM/KeccakP-1600-u1-32bi-armv6m-le-gcc.s</c>
</fragment>
<fragment name="optimized1600ARMv6Mu2" inherits="optimized1600ARM">
<c>lib/low/KeccakP-1600/Optimized32biAsmARM/KeccakP-1600-u2-32bi-armv6m-le-gcc.s</c>
</fragment>
<fragment name="optimized1600ARMv7A" inherits="width1600 optimized">
<gcc>-mfpu=neon</gcc>
<c>lib/low/KeccakP-1600/OptimizedAsmARM/KeccakP-1600-armv7a-le-neon-gcc.s</c>
<h>lib/low/KeccakP-1600/OptimizedAsmARM/KeccakP-1600-SnP.h</h>
</fragment>
<fragment name="optimized1600ARMv8A" inherits="width1600 optimized">
<gcc>-mfpu=neon</gcc>
<c>lib/low/KeccakP-1600/Optimized64AsmARM/KeccakP-1600-armv8a-neon.s</c>
<h>lib/low/KeccakP-1600/Optimized64AsmARM/KeccakP-1600-SnP.h</h>
</fragment>
<fragment name="optimized1600AVR8" inherits="common optimized width1600">
<c>lib/low/KeccakP-1600/OptimizedAsmAVR8/KeccakP-1600-avr8-fast.s</c>
<h>lib/low/KeccakP-1600/OptimizedAsmAVR8/KeccakP-1600-SnP.h</h>
</fragment>
<!-- Keccak-p[1600]×2 -->
<fragment name="1600times2on1">
<c>lib/low/KeccakP-1600-times2/FallbackOn1/KeccakP-1600-times2-on1.c</c>
<h>lib/low/KeccakP-1600-times2/FallbackOn1/KeccakP-1600-times2-SnP.h</h>
<h>lib/low/common/PlSnP-Fallback.inc</h>
</fragment>
<fragment name="SIMD128">
<c>lib/low/KeccakP-1600-times2/SIMD128/KeccakP-1600-times2-SIMD128.c</c>
<h>lib/low/KeccakP-1600-times2/SIMD128/KeccakP-1600-times2-SnP.h</h>
<h>lib/low/KeccakP-1600/Optimized/KeccakP-1600-unrolling.macros</h>
</fragment>
<fragment name="SIMD128-SSE2u2" inherits="SIMD128">
<h>lib/low/KeccakP-1600-times2/SIMD128/SSE2u2/SIMD128-config.h</h>
</fragment>
<fragment name="SIMD128-SSE2ufull" inherits="SIMD128">
<h>lib/low/KeccakP-1600-times2/SIMD128/SSE2ufull/SIMD128-config.h</h>
</fragment>
<fragment name="SIMD128-XOPu2" inherits="SIMD128">
<h>lib/low/KeccakP-1600-times2/SIMD128/XOPu2/SIMD128-config.h</h>
</fragment>
<fragment name="SIMD128-XOPufull" inherits="SIMD128">
<h>lib/low/KeccakP-1600-times2/SIMD128/XOPufull/SIMD128-config.h</h>
</fragment>
<fragment name="SIMD512-2">
<c>lib/low/KeccakP-1600-times2/SIMD512/KeccakP-1600-times2-SIMD512.c</c>
<h>lib/low/KeccakP-1600-times2/SIMD512/KeccakP-1600-times2-SnP.h</h>
</fragment>
<fragment name="SIMD512-2-AVX512u4" inherits="SIMD512-2">
<h>lib/low/KeccakP-1600-times2/SIMD512/AVX512u4/SIMD512-2-config.h</h>
</fragment>
<fragment name="SIMD512-2-AVX512u12" inherits="SIMD512-2">
<h>lib/low/KeccakP-1600-times2/SIMD512/AVX512u12/SIMD512-2-config.h</h>
</fragment>
<fragment name="SIMD512-2-AVX512ufull" inherits="SIMD512-2">
<h>lib/low/KeccakP-1600-times2/SIMD512/AVX512ufull/SIMD512-2-config.h</h>
</fragment>
<fragment name="1600times2ARMV7A">
<gcc>-mfpu=neon</gcc>
<c>lib/low/KeccakP-1600-times2/OptimizedAsmARM/KeccakP-1600-inplace-pl2-armv7a-neon-le-gcc.s</c>
<h>lib/low/KeccakP-1600-times2/OptimizedAsmARM/KeccakP-1600-times2-SnP.h</h>
</fragment>
<!-- Keccak-p[1600]×4 -->
<fragment name="1600times4on1">
<c>lib/low/KeccakP-1600-times4/FallbackOn1/KeccakP-1600-times4-on1.c</c>
<h>lib/low/KeccakP-1600-times4/FallbackOn1/KeccakP-1600-times4-SnP.h</h>
<h>lib/low/common/PlSnP-Fallback.inc</h>
</fragment>
<fragment name="1600times4on2">
<c>lib/low/KeccakP-1600-times4/FallbackOn2/KeccakP-1600-times4-on2.c</c>
<h>lib/low/KeccakP-1600-times4/FallbackOn2/KeccakP-1600-times4-SnP.h</h>
<h>lib/low/common/PlSnP-Fallback.inc</h>
</fragment>
<fragment name="SIMD256">
<c>lib/low/KeccakP-1600-times4/SIMD256/KeccakP-1600-times4-SIMD256.c</c>
<h>lib/low/KeccakP-1600-times4/SIMD256/KeccakP-1600-times4-SnP.h</h>
<h>lib/low/KeccakP-1600/Optimized/KeccakP-1600-unrolling.macros</h>
</fragment>
<fragment name="SIMD256-AVX2u6" inherits="SIMD256">
<h>lib/low/KeccakP-1600-times4/SIMD256/AVX2u6/SIMD256-config.h</h>
</fragment>
<fragment name="SIMD256-AVX2u12" inherits="SIMD256">
<h>lib/low/KeccakP-1600-times4/SIMD256/AVX2u12/SIMD256-config.h</h>
</fragment>
<fragment name="SIMD256-AVX2ufull" inherits="SIMD256">
<h>lib/low/KeccakP-1600-times4/SIMD256/AVX2ufull/SIMD256-config.h</h>
</fragment>
<fragment name="SIMD512-4">
<c>lib/low/KeccakP-1600-times4/SIMD512/KeccakP-1600-times4-SIMD512.c</c>
<h>lib/low/KeccakP-1600-times4/SIMD512/KeccakP-1600-times4-SnP.h</h>
</fragment>
<fragment name="SIMD512-4-AVX512u4" inherits="SIMD512-4">
<h>lib/low/KeccakP-1600-times4/SIMD512/AVX512u4/SIMD512-4-config.h</h>
</fragment>
<fragment name="SIMD512-4-AVX512u12" inherits="SIMD512-4">
<h>lib/low/KeccakP-1600-times4/SIMD512/AVX512u12/SIMD512-4-config.h</h>
</fragment>
<fragment name="SIMD512-4-AVX512ufull" inherits="SIMD512-4">
<h>lib/low/KeccakP-1600-times4/SIMD512/AVX512ufull/SIMD512-4-config.h</h>
</fragment>
<!-- Keccak-p[1600]×8 -->
<fragment name="1600times8on1">
<c>lib/low/KeccakP-1600-times8/FallbackOn1/KeccakP-1600-times8-on1.c</c>
<h>lib/low/KeccakP-1600-times8/FallbackOn1/KeccakP-1600-times8-SnP.h</h>
<h>lib/low/common/PlSnP-Fallback.inc</h>
</fragment>
<fragment name="1600times8on2">
<c>lib/low/KeccakP-1600-times8/FallbackOn2/KeccakP-1600-times8-on2.c</c>
<h>lib/low/KeccakP-1600-times8/FallbackOn2/KeccakP-1600-times8-SnP.h</h>
<h>lib/low/common/PlSnP-Fallback.inc</h>
</fragment>
<fragment name="1600times8on4">
<c>lib/low/KeccakP-1600-times8/FallbackOn4/KeccakP-1600-times8-on4.c</c>
<h>lib/low/KeccakP-1600-times8/FallbackOn4/KeccakP-1600-times8-SnP.h</h>
<h>lib/low/common/PlSnP-Fallback.inc</h>
</fragment>
<fragment name="SIMD512-8">
<c>lib/low/KeccakP-1600-times8/SIMD512/KeccakP-1600-times8-SIMD512.c</c>
<h>lib/low/KeccakP-1600-times8/SIMD512/KeccakP-1600-times8-SnP.h</h>
</fragment>
<fragment name="SIMD512-8-AVX512u4" inherits="SIMD512-8">
<h>lib/low/KeccakP-1600-times8/SIMD512/AVX512u4/SIMD512-config.h</h>
</fragment>
<fragment name="SIMD512-8-AVX512u12" inherits="SIMD512-8">
<h>lib/low/KeccakP-1600-times8/SIMD512/AVX512u12/SIMD512-config.h</h>
</fragment>
<fragment name="SIMD512-8-AVX512ufull" inherits="SIMD512-8">
<h>lib/low/KeccakP-1600-times8/SIMD512/AVX512ufull/SIMD512-config.h</h>
</fragment>
<fragment name="no_parallel1600">
<define>KeccakP1600timesN_excluded</define>
</fragment>
<!-- ++++++++++++++++++++++++ Xoodoo +++++++++++++++++++++ -->
<fragment name="XooWidth384">
<h>lib/low/Xoodoo/Xoodoo.h</h>
<h>lib/high/Xoodyak/Xoodyak-parameters.h</h>
</fragment>
<fragment name="XooReference" inherits="common XooWidth384">
<c>lib/low/Xoodoo/Reference/Xoodoo-reference.c</c>
<h>lib/low/Xoodoo/Reference/Xoodoo-SnP.h</h>
</fragment>
<fragment name="XooOptimized32" inherits="common optimized XooWidth384">
<c>lib/low/Xoodoo/Optimized/Xoodoo-optimized.c</c>
<c>lib/low/Xoodoo/Optimized/Xoodyak-full-blocks.c</c>
<h>lib/low/Xoodoo/Optimized/Xoodoo-SnP.h</h>
</fragment>
<fragment name="XooOptimizedARMv6" inherits="common optimized XooWidth384">
<c>lib/low/Xoodoo/OptimizedAsmARM/Xoodoo-uf-armv6-le-gcc.s</c>
<c>lib/low/Xoodoo/OptimizedAsmARM/Xoodyak-uf-armv6-le-gcc.s</c>
<h>lib/low/Xoodoo/OptimizedAsmARM/Xoodoo-SnP.h</h>
</fragment>
<fragment name="XooOptimizedARMv6M" inherits="common optimized XooWidth384">
<c>lib/low/Xoodoo/OptimizedAsmARM/Xoodoo-u1-armv6m-le-gcc.s</c>
<c>lib/low/Xoodoo/OptimizedAsmARM/Xoodyak-u1-armv6m-le-gcc.s</c>
<h>lib/low/Xoodoo/OptimizedAsmARM/Xoodoo-SnP.h</h>
</fragment>
<fragment name="XooOptimizedARMv7M" inherits="common optimized XooWidth384">
<c>lib/low/Xoodoo/OptimizedAsmARM/Xoodoo-uf-armv7m-le-gcc.s</c>
<c>lib/low/Xoodoo/OptimizedAsmARM/Xoodyak-uf-armv7m-le-gcc.s</c>
<h>lib/low/Xoodoo/OptimizedAsmARM/Xoodoo-SnP.h</h>
</fragment>
<fragment name="XooOptimizedARMv7A" inherits="common optimized XooWidth384">
<gcc>-mfpu=neon</gcc>
<c>lib/low/Xoodoo/OptimizedAsmARMv7A/Xoodoo-uf-armv7a-neon-le-gcc.s</c>
<c>lib/low/Xoodoo/OptimizedAsmARMv7A/Xoodyak-uf-armv7a-neon-le-gcc.s</c>
<h>lib/low/Xoodoo/OptimizedAsmARMv7A/Xoodoo-SnP.h</h>
</fragment>
<fragment name="XooOptimizedAVR8" inherits="common optimized XooWidth384">
<c>lib/low/Xoodoo/OptimizedAsmAVR8/Xoodoo-avr8-u1.s</c>
<h>lib/low/Xoodoo/OptimizedAsmAVR8/Xoodoo-SnP.h</h>
</fragment>
<fragment name="XooOptimizedSIMD128" inherits="common optimized XooWidth384">
<c>lib/low/Xoodoo/OptimizedSIMD128/Xoodoo-SIMD128.c</c>
<h>lib/low/Xoodoo/OptimizedSIMD128/Xoodoo-SnP.h</h>
<c>lib/low/Xoodoo/OptimizedSIMD128/Xoodyak-full-block-SIMD128.c</c>
</fragment>
<fragment name="XooOptimizedSIMD512" inherits="common optimized XooWidth384">
<c>lib/low/Xoodoo/OptimizedSIMD512/Xoodoo-SIMD512.c</c>
<h>lib/low/Xoodoo/OptimizedSIMD512/Xoodoo-SnP.h</h>
<c>lib/low/Xoodoo/OptimizedSIMD512/Xoodyak-full-block-SIMD512.c</c>
</fragment>
<!-- Xoodoo×4 -->
<fragment name="XooOptimizedTimes4_On1" inherits="common optimized XooWidth384">
<c>lib/low/Xoodoo-times4/FallbackOn1/Xoodoo-times4-on1.c</c>
<h>lib/low/Xoodoo-times4/FallbackOn1/Xoodoo-times4-SnP.h</h>
<h>lib/low/common/PlSnP-Fallback.inc</h>
</fragment>
<fragment name="XooOptimizedTimes4_SIMD128" inherits="common optimized XooWidth384">
<c>lib/low/Xoodoo-times4/SIMD128/Xoodoo-times4-SIMD128.c</c>
<h>lib/low/Xoodoo-times4/SIMD128/Xoodoo-times4-SnP.h</h>
</fragment>
<fragment name="XooOptimizedTimes4_AVX512" inherits="common optimized XooWidth384">>
<c>lib/low/Xoodoo-times4/SIMD512/Xoodoo-times4-SIMD512.c</c>
<h>lib/low/Xoodoo-times4/SIMD512/Xoodoo-times4-SnP.h</h>
</fragment>
<!-- Xoodoo×8 -->
<fragment name="XooOptimizedTimes8_On1" inherits="common optimized XooWidth384">
<c>lib/low/Xoodoo-times8/FallbackOn1/Xoodoo-times8-on1.c</c>
<h>lib/low/Xoodoo-times8/FallbackOn1/Xoodoo-times8-SnP.h</h>
<h>lib/low/common/PlSnP-Fallback.inc</h>
</fragment>
<fragment name="XooOptimizedTimes8_AVX2" inherits="common optimized XooWidth384">>
<c>lib/low/Xoodoo-times8/SIMD256/Xoodoo-times8-SIMD256.c</c>
<h>lib/low/Xoodoo-times8/SIMD256/Xoodoo-times8-SnP.h</h>
</fragment>
<fragment name="XooOptimizedTimes8_AVX512" inherits="common optimized XooWidth384">>
<c>lib/low/Xoodoo-times8/SIMD512/Xoodoo-times8-SIMD512.c</c>
<h>lib/low/Xoodoo-times8/SIMD512/Xoodoo-times8-SnP.h</h>
</fragment>
<!-- Xoodoo×16 -->
<fragment name="XooOptimizedTimes16_On1" inherits="common optimized XooWidth384">
<c>lib/low/Xoodoo-times16/FallbackOn1/Xoodoo-times16-on1.c</c>
<h>lib/low/Xoodoo-times16/FallbackOn1/Xoodoo-times16-SnP.h</h>
<h>lib/low/common/PlSnP-Fallback.inc</h>
</fragment>
<fragment name="XooOptimizedTimes16_AVX512" inherits="common optimized XooWidth384">>
<c>lib/low/Xoodoo-times16/SIMD512/Xoodoo-times16-SIMD512.c</c>
<h>lib/low/Xoodoo-times16/SIMD512/Xoodoo-times16-SnP.h</h>
</fragment>
<fragment name="no_parallel">
<define>XoodooMaxParallellism=1</define>
</fragment>
</group>
src/XKCP/lib/common/align.h 0 → 100755
View file @ 70bfa60b
/*
Implementation by the Keccak Team, namely, Guido Bertoni, Joan Daemen,
Michaël Peeters, Gilles Van Assche and Ronny Van Keer,
hereby denoted as "the implementer".
For more information, feedback or questions, please refer to our website:
https://keccak.team/
To the extent possible under law, the implementer has waived all copyright
and related or neighboring rights to the source code in this file.
http://creativecommons.org/publicdomain/zero/1.0/
*/
#ifndef _align_h_
#define _align_h_
/* on Mac OS-X and possibly others, ALIGN(x) is defined in param.h, and -Werror chokes on the redef. */
#ifdef ALIGN
#undef ALIGN
#endif
#if defined(__GNUC__)
#define ALIGN(x) __attribute__ ((aligned(x)))
#elif defined(_MSC_VER)
#define ALIGN(x) __declspec(align(x))
#elif defined(__ARMCC_VERSION)
#define ALIGN(x) __align(x)
#else
#define ALIGN(x)
#endif
#endif
src/XKCP/lib/common/brg_endian.h 0 → 100755
View file @ 70bfa60b
/*
---------------------------------------------------------------------------
Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved.
LICENSE TERMS
The redistribution and use of this software (with or without changes)
is allowed without the payment of fees or royalties provided that:
1. source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
2. binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation;
3. the name of the copyright holder is not used to endorse products
built using this software without specific written permission.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties
in respect of its properties, including, but not limited to, correctness
and/or fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 20/12/2007
Changes for ARM 9/9/2010
*/
#ifndef _BRG_ENDIAN_H
#define _BRG_ENDIAN_H
#define IS_BIG_ENDIAN 4321 /* byte 0 is most significant (mc68k) */
#define IS_LITTLE_ENDIAN 1234 /* byte 0 is least significant (i386) */
#if 0
/* Include files where endian defines and byteswap functions may reside */
#if defined( __sun )
# include <sys/isa_defs.h>
#elif defined( __FreeBSD__ ) || defined( __OpenBSD__ ) || defined( __NetBSD__ )
# include <sys/endian.h>
#elif defined( BSD ) && ( BSD >= 199103 ) || defined( __APPLE__ ) || \
defined( __CYGWIN32__ ) || defined( __DJGPP__ ) || defined( __osf__ )
# include <machine/endian.h>
#elif defined( __linux__ ) || defined( __GNUC__ ) || defined( __GNU_LIBRARY__ )
# if !defined( __MINGW32__ ) && !defined( _AIX )
# include <endian.h>
# if !defined( __BEOS__ )
# include <byteswap.h>
# endif
# endif
#endif
#endif
/* Now attempt to set the define for platform byte order using any */
/* of the four forms SYMBOL, _SYMBOL, __SYMBOL & __SYMBOL__, which */
/* seem to encompass most endian symbol definitions */
#if defined( BIG_ENDIAN ) && defined( LITTLE_ENDIAN )
# if defined( BYTE_ORDER ) && BYTE_ORDER == BIG_ENDIAN
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
# elif defined( BYTE_ORDER ) && BYTE_ORDER == LITTLE_ENDIAN
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
# endif
#elif defined( BIG_ENDIAN )
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
#elif defined( LITTLE_ENDIAN )
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
#endif
#if defined( _BIG_ENDIAN ) && defined( _LITTLE_ENDIAN )
# if defined( _BYTE_ORDER ) && _BYTE_ORDER == _BIG_ENDIAN
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
# elif defined( _BYTE_ORDER ) && _BYTE_ORDER == _LITTLE_ENDIAN
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
# endif
#elif defined( _BIG_ENDIAN )
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
#elif defined( _LITTLE_ENDIAN )
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
#endif
#if defined( __BIG_ENDIAN ) && defined( __LITTLE_ENDIAN )
# if defined( __BYTE_ORDER ) && __BYTE_ORDER == __BIG_ENDIAN
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
# elif defined( __BYTE_ORDER ) && __BYTE_ORDER == __LITTLE_ENDIAN
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
# endif
#elif defined( __BIG_ENDIAN )
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
#elif defined( __LITTLE_ENDIAN )
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
#endif
#if defined( __BIG_ENDIAN__ ) && defined( __LITTLE_ENDIAN__ )
# if defined( __BYTE_ORDER__ ) && __BYTE_ORDER__ == __BIG_ENDIAN__
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
# elif defined( __BYTE_ORDER__ ) && __BYTE_ORDER__ == __LITTLE_ENDIAN__
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
# endif
#elif defined( __BIG_ENDIAN__ )
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
#elif defined( __LITTLE_ENDIAN__ )
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
#endif
/* if the platform byte order could not be determined, then try to */
/* set this define using common machine defines */
#if !defined(PLATFORM_BYTE_ORDER)
#if defined( __alpha__ ) || defined( __alpha ) || defined( i386 ) || \
defined( __i386__ ) || defined( _M_I86 ) || defined( _M_IX86 ) || \
defined( __OS2__ ) || defined( sun386 ) || defined( __TURBOC__ ) || \
defined( vax ) || defined( vms ) || defined( VMS ) || \
defined( __VMS ) || defined( _M_X64 )
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
#elif defined( AMIGA ) || defined( applec ) || defined( __AS400__ ) || \
defined( _CRAY ) || defined( __hppa ) || defined( __hp9000 ) || \
defined( ibm370 ) || defined( mc68000 ) || defined( m68k ) || \
defined( __MRC__ ) || defined( __MVS__ ) || defined( __MWERKS__ ) || \
defined( sparc ) || defined( __sparc) || defined( SYMANTEC_C ) || \
defined( __VOS__ ) || defined( __TIGCC__ ) || defined( __TANDEM ) || \
defined( THINK_C ) || defined( __VMCMS__ ) || defined( _AIX ) || \
defined( __s390__ ) || defined( __s390x__ ) || defined( __zarch__ )
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
#elif defined(__arm__)
# ifdef __BIG_ENDIAN
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
# else
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
# endif
#elif 1 /* **** EDIT HERE IF NECESSARY **** */
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
#elif 0 /* **** EDIT HERE IF NECESSARY **** */
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
#else
# error Please edit lines 132 or 134 in brg_endian.h to set the platform byte order
#endif
#endif
#endif
src/XKCP/lib/high/KangarooTwelve/KangarooTwelve.c 0 → 100755
View file @ 70bfa60b
/*
Implementation by Ronny Van Keer, hereby denoted as "the implementer".
For more information, feedback or questions, please refer to our website:
https://keccak.team/
To the extent possible under law, the implementer has waived all copyright
and related or neighboring rights to the source code in this file.
http://creativecommons.org/publicdomain/zero/1.0/
*/
#include <string.h>
#include "KangarooTwelve.h"
#ifndef KeccakP1600timesN_excluded
#include "KeccakP-1600-times2-SnP.h"
#include "KeccakP-1600-times4-SnP.h"
#include "KeccakP-1600-times8-SnP.h"
#endif
#define chunkSize 8192
#define laneSize 8
#define suffixLeaf 0x0B /* '110': message hop, simple padding, inner node */
#define security 128
#define capacity (2*security)
#define capacityInBytes (capacity/8)
#define capacityInLanes (capacityInBytes/laneSize)
#define rate (1600-capacity)
#define rateInBytes (rate/8)
#define rateInLanes (rateInBytes/laneSize)
#define ParallelSpongeFastLoop( Parallellism ) \
while ( inLen >= Parallellism * chunkSize ) { \
ALIGN(KeccakP1600times##Parallellism##_statesAlignment) unsigned char states[KeccakP1600times##Parallellism##_statesSizeInBytes]; \
unsigned char intermediate[Parallellism*capacityInBytes]; \
unsigned int localBlockLen = chunkSize; \
const unsigned char * localInput = input; \
unsigned int i; \
unsigned int fastLoopOffset; \
\
KeccakP1600times##Parallellism##_StaticInitialize(); \
KeccakP1600times##Parallellism##_InitializeAll(states); \
fastLoopOffset = KeccakP1600times##Parallellism##_12rounds_FastLoop_Absorb(states, rateInLanes, chunkSize / laneSize, rateInLanes, localInput, Parallellism * chunkSize); \
localBlockLen -= fastLoopOffset; \
localInput += fastLoopOffset; \
for ( i = 0; i < Parallellism; ++i, localInput += chunkSize ) { \
KeccakP1600times##Parallellism##_AddBytes(states, i, localInput, 0, localBlockLen); \
KeccakP1600times##Parallellism##_AddByte(states, i, suffixLeaf, localBlockLen); \
KeccakP1600times##Parallellism##_AddByte(states, i, 0x80, rateInBytes-1); \
} \
KeccakP1600times##Parallellism##_PermuteAll_12rounds(states); \
input += Parallellism * chunkSize; \
inLen -= Parallellism * chunkSize; \
ktInstance->blockNumber += Parallellism; \
KeccakP1600times##Parallellism##_ExtractLanesAll(states, intermediate, capacityInLanes, capacityInLanes ); \
if (KeccakWidth1600_12rounds_SpongeAbsorb(&ktInstance->finalNode, intermediate, Parallellism * capacityInBytes) != 0) return 1; \
}
#define ParallelSpongeLoop( Parallellism ) \
while ( inLen >= Parallellism * chunkSize ) { \
ALIGN(KeccakP1600times##Parallellism##_statesAlignment) unsigned char states[KeccakP1600times##Parallellism##_statesSizeInBytes]; \
unsigned char intermediate[Parallellism*capacityInBytes]; \
unsigned int localBlockLen = chunkSize; \
const unsigned char * localInput = input; \
unsigned int i; \
\
KeccakP1600times##Parallellism##_StaticInitialize(); \
KeccakP1600times##Parallellism##_InitializeAll(states); \
while(localBlockLen >= rateInBytes) { \
KeccakP1600times##Parallellism##_AddLanesAll(states, localInput, rateInLanes, chunkSize / laneSize); \
KeccakP1600times##Parallellism##_PermuteAll_12rounds(states); \
localBlockLen -= rateInBytes; \
localInput += rateInBytes; \
} \
for ( i = 0; i < Parallellism; ++i, localInput += chunkSize ) { \
KeccakP1600times##Parallellism##_AddBytes(states, i, localInput, 0, localBlockLen); \
KeccakP1600times##Parallellism##_AddByte(states, i, suffixLeaf, localBlockLen); \
KeccakP1600times##Parallellism##_AddByte(states, i, 0x80, rateInBytes-1); \
} \
KeccakP1600times##Parallellism##_PermuteAll_12rounds(states); \
input += Parallellism * chunkSize; \
inLen -= Parallellism * chunkSize; \
ktInstance->blockNumber += Parallellism; \
KeccakP1600times##Parallellism##_ExtractLanesAll(states, intermediate, capacityInLanes, capacityInLanes ); \
if (KeccakWidth1600_12rounds_SpongeAbsorb(&ktInstance->finalNode, intermediate, Parallellism * capacityInBytes) != 0) return 1; \
}
static unsigned int right_encode( unsigned char * encbuf, size_t value )
{
unsigned int n, i;
size_t v;
for ( v = value, n = 0; v && (n < sizeof(size_t)); ++n, v >>= 8 )
; /* empty */
for ( i = 1; i <= n; ++i )
encbuf[i-1] = (unsigned char)(value >> (8 * (n-i)));
encbuf[n] = (unsigned char)n;
return n + 1;
}
int KangarooTwelve_Initialize(KangarooTwelve_Instance *ktInstance, size_t outputLen)
{
ktInstance->fixedOutputLength = outputLen;
ktInstance->queueAbsorbedLen = 0;
ktInstance->blockNumber = 0;
ktInstance->phase = ABSORBING;
return KeccakWidth1600_12rounds_SpongeInitialize(&ktInstance->finalNode, rate, capacity);
}
int KangarooTwelve_Update(KangarooTwelve_Instance *ktInstance, const unsigned char *input, size_t inLen)
{
if (ktInstance->phase != ABSORBING)
return 1;
if ( ktInstance->blockNumber == 0 ) {
/* First block, absorb in final node */
unsigned int len = (inLen < (chunkSize - ktInstance->queueAbsorbedLen)) ? inLen : (chunkSize - ktInstance->queueAbsorbedLen);
if (KeccakWidth1600_12rounds_SpongeAbsorb(&ktInstance->finalNode, input, len) != 0)
return 1;
input += len;
inLen -= len;
ktInstance->queueAbsorbedLen += len;
if ( (ktInstance->queueAbsorbedLen == chunkSize) && (inLen != 0) ) {
/* First block complete and more input data available, finalize it */
const unsigned char padding = 0x03; /* '110^6': message hop, simple padding */
ktInstance->queueAbsorbedLen = 0;
ktInstance->blockNumber = 1;
if (KeccakWidth1600_12rounds_SpongeAbsorb(&ktInstance->finalNode, &padding, 1) != 0)
return 1;
ktInstance->finalNode.byteIOIndex = (ktInstance->finalNode.byteIOIndex + 7) & ~7; /* Zero padding up to 64 bits */
}
}
else if ( ktInstance->queueAbsorbedLen != 0 ) {
/* There is data in the queue, absorb further in queue until block complete */
unsigned int len = (inLen < (chunkSize - ktInstance->queueAbsorbedLen)) ? inLen : (chunkSize - ktInstance->queueAbsorbedLen);
if (KeccakWidth1600_12rounds_SpongeAbsorb(&ktInstance->queueNode, input, len) != 0)
return 1;
input += len;
inLen -= len;
ktInstance->queueAbsorbedLen += len;
if ( ktInstance->queueAbsorbedLen == chunkSize ) {
unsigned char intermediate[capacityInBytes];
ktInstance->queueAbsorbedLen = 0;
++ktInstance->blockNumber;
if (KeccakWidth1600_12rounds_SpongeAbsorbLastFewBits(&ktInstance->queueNode, suffixLeaf) != 0)
return 1;
if (KeccakWidth1600_12rounds_SpongeSqueeze(&ktInstance->queueNode, intermediate, capacityInBytes) != 0)
return 1;
if (KeccakWidth1600_12rounds_SpongeAbsorb(&ktInstance->finalNode, intermediate, capacityInBytes) != 0)
return 1;
}
}
#if defined(KeccakP1600times8_implementation) && !defined(KeccakP1600times8_isFallback)
#if defined(KeccakP1600times8_12rounds_FastLoop_supported)
ParallelSpongeFastLoop( 8 )
#else
ParallelSpongeLoop( 8 )
#endif
#endif
#if defined(KeccakP1600times4_implementation) && !defined(KeccakP1600times4_isFallback)
#if defined(KeccakP1600times4_12rounds_FastLoop_supported)
ParallelSpongeFastLoop( 4 )
#else
ParallelSpongeLoop( 4 )
#endif
#endif
#if defined(KeccakP1600times2_implementation) && !defined(KeccakP1600times2_isFallback)
#if defined(KeccakP1600times2_12rounds_FastLoop_supported)
ParallelSpongeFastLoop( 2 )
#else
ParallelSpongeLoop( 2 )
#endif
#endif
while ( inLen > 0 ) {
unsigned int len = (inLen < chunkSize) ? inLen : chunkSize;
if (KeccakWidth1600_12rounds_SpongeInitialize(&ktInstance->queueNode, rate, capacity) != 0)
return 1;
if (KeccakWidth1600_12rounds_SpongeAbsorb(&ktInstance->queueNode, input, len) != 0)
return 1;
input += len;
inLen -= len;
if ( len == chunkSize ) {
unsigned char intermediate[capacityInBytes];
++ktInstance->blockNumber;
if (KeccakWidth1600_12rounds_SpongeAbsorbLastFewBits(&ktInstance->queueNode, suffixLeaf) != 0)
return 1;
if (KeccakWidth1600_12rounds_SpongeSqueeze(&ktInstance->queueNode, intermediate, capacityInBytes) != 0)
return 1;
if (KeccakWidth1600_12rounds_SpongeAbsorb(&ktInstance->finalNode, intermediate, capacityInBytes) != 0)
return 1;
}
else
ktInstance->queueAbsorbedLen = len;
}
return 0;
}
int KangarooTwelve_Final(KangarooTwelve_Instance *ktInstance, unsigned char * output, const unsigned char * customization, size_t customLen)
{
unsigned char encbuf[sizeof(size_t)+1+2];
unsigned char padding;
if (ktInstance->phase != ABSORBING)
return 1;
/* Absorb customization | right_encode(customLen) */
if ((customLen != 0) && (KangarooTwelve_Update(ktInstance, customization, customLen) != 0))
return 1;
if (KangarooTwelve_Update(ktInstance, encbuf, right_encode(encbuf, customLen)) != 0)
return 1;
if ( ktInstance->blockNumber == 0 ) {
/* Non complete first block in final node, pad it */
padding = 0x07; /* '11': message hop, final node */
}
else {
unsigned int n;
if ( ktInstance->queueAbsorbedLen != 0 ) {
/* There is data in the queue node */
unsigned char intermediate[capacityInBytes];
++ktInstance->blockNumber;
if (KeccakWidth1600_12rounds_SpongeAbsorbLastFewBits(&ktInstance->queueNode, suffixLeaf) != 0)
return 1;
if (KeccakWidth1600_12rounds_SpongeSqueeze(&ktInstance->queueNode, intermediate, capacityInBytes) != 0)
return 1;
if (KeccakWidth1600_12rounds_SpongeAbsorb(&ktInstance->finalNode, intermediate, capacityInBytes) != 0)
return 1;
}
--ktInstance->blockNumber; /* Absorb right_encode(number of Chaining Values) || 0xFF || 0xFF */
n = right_encode(encbuf, ktInstance->blockNumber);
encbuf[n++] = 0xFF;
encbuf[n++] = 0xFF;
if (KeccakWidth1600_12rounds_SpongeAbsorb(&ktInstance->finalNode, encbuf, n) != 0)
return 1;
padding = 0x06; /* '01': chaining hop, final node */
}
if (KeccakWidth1600_12rounds_SpongeAbsorbLastFewBits(&ktInstance->finalNode, padding) != 0)
return 1;
if ( ktInstance->fixedOutputLength != 0 ) {
ktInstance->phase = FINAL;
return KeccakWidth1600_12rounds_SpongeSqueeze(&ktInstance->finalNode, output, ktInstance->fixedOutputLength);
}
ktInstance->phase = SQUEEZING;
return 0;
}
int KangarooTwelve_Squeeze(KangarooTwelve_Instance *ktInstance, unsigned char * output, size_t outputLen)
{
if (ktInstance->phase != SQUEEZING)
return 1;
return KeccakWidth1600_12rounds_SpongeSqueeze(&ktInstance->finalNode, output, outputLen);
}
int KangarooTwelve( const unsigned char * input, size_t inLen, unsigned char * output, size_t outLen, const unsigned char * customization, size_t customLen )
{
KangarooTwelve_Instance ktInstance;
if (outLen == 0)
return 1;
if (KangarooTwelve_Initialize(&ktInstance, outLen) != 0)
return 1;
if (KangarooTwelve_Update(&ktInstance, input, inLen) != 0)
return 1;
return KangarooTwelve_Final(&ktInstance, output, customization, customLen);
}
src/XKCP/lib/high/KangarooTwelve/KangarooTwelve.h 0 → 100755
View file @ 70bfa60b
/*
Implementation by Ronny Van Keer, hereby denoted as "the implementer".
For more information, feedback or questions, please refer to our website:
https://keccak.team/
To the extent possible under law, the implementer has waived all copyright
and related or neighboring rights to the source code in this file.
http://creativecommons.org/publicdomain/zero/1.0/
*/
#ifndef _KangarooTwelve_h_
#define _KangarooTwelve_h_
#ifndef KeccakP1600_excluded
#include <stddef.h>
#include "align.h"
#include "KeccakSpongeWidth1600.h"
#include "Phases.h"
typedef KCP_Phases KangarooTwelve_Phases;
typedef struct {
KeccakWidth1600_12rounds_SpongeInstance queueNode;
KeccakWidth1600_12rounds_SpongeInstance finalNode;
size_t fixedOutputLength;
size_t blockNumber;
unsigned int queueAbsorbedLen;
KangarooTwelve_Phases phase;
} KangarooTwelve_Instance;
/** Extendable ouput function KangarooTwelve.
* @param input Pointer to the input message (M).
* @param inputByteLen The length of the input message in bytes.
* @param output Pointer to the output buffer.
* @param outputByteLen The desired number of output bytes.
* @param customization Pointer to the customization string (C).
* @param customByteLen The length of the customization string in bytes.
* @return 0 if successful, 1 otherwise.
*/
int KangarooTwelve(const unsigned char *input, size_t inputByteLen, unsigned char *output, size_t outputByteLen, const unsigned char *customization, size_t customByteLen );
/**
* Function to initialize a KangarooTwelve instance.
* @param ktInstance Pointer to the instance to be initialized.
* @param outputByteLen The desired number of output bytes,
* or 0 for an arbitrarily-long output.
* @return 0 if successful, 1 otherwise.
*/
int KangarooTwelve_Initialize(KangarooTwelve_Instance *ktInstance, size_t outputByteLen);
/**
* Function to give input data to be absorbed.
* @param ktInstance Pointer to the instance initialized by KangarooTwelve_Initialize().
* @param input Pointer to the input message data (M).
* @param inputByteLen The number of bytes provided in the input message data.
* @return 0 if successful, 1 otherwise.
*/
int KangarooTwelve_Update(KangarooTwelve_Instance *ktInstance, const unsigned char *input, size_t inputByteLen);
/**
* Function to call after all the input message has been input, and to get
* output bytes if the length was specified when calling KangarooTwelve_Initialize().
* @param ktInstance Pointer to the hash instance initialized by KangarooTwelve_Initialize().
* If @a outputByteLen was not 0 in the call to KangarooTwelve_Initialize(), the number of
* output bytes is equal to @a outputByteLen.
* If @a outputByteLen was 0 in the call to KangarooTwelve_Initialize(), the output bytes
* must be extracted using the KangarooTwelve_Squeeze() function.
* @param output Pointer to the buffer where to store the output data.
* @param customization Pointer to the customization string (C).
* @param customByteLen The length of the customization string in bytes.
* @return 0 if successful, 1 otherwise.
*/
int KangarooTwelve_Final(KangarooTwelve_Instance *ktInstance, unsigned char *output, const unsigned char *customization, size_t customByteLen);
/**
* Function to squeeze output data.
* @param ktInstance Pointer to the hash instance initialized by KangarooTwelve_Initialize().
* @param data Pointer to the buffer where to store the output data.
* @param outputByteLen The number of output bytes desired.
* @pre KangarooTwelve_Final() must have been already called.
* @return 0 if successful, 1 otherwise.
*/
int KangarooTwelve_Squeeze(KangarooTwelve_Instance *ktInstance, unsigned char *output, size_t outputByteLen);
#endif
#endif