* `keccak1600_round' below for the details.
*/
+#define COMPL_MASK 0x00121106u
+
#define STATE_INIT(z) do { \
lane cmpl = LANE_CMPL; \
(z)->S[I(1, 0)] = cmpl; (z)->S[I(2, 0)] = cmpl; \
#else
/* A target with fused and/not (`bic', `andc2'). Everything is simple. */
+#define COMPL_MASK 0u
+
#define STATE_INIT(z) do ; while (0)
#define STATE_OUT(z) do ; while (0)
{ a = TO_LANE(p[i]); XOR_LANE(s->S[i], s->S[i], a); }
}
+/* --- @keccak1600_set@ --- *
+ *
+ * Arguments: @keccak1600_state *s@ = a state to update
+ * @const kludge64 *p@ = pointer to 64-bit words to mix in
+ * @size_t n@ = size of the input, in 64-bit words
+ *
+ * Returns: ---
+ *
+ * Use: Stores data into a %$\Keccak[r, 1600 - r]$% state. Note that
+ * it's the caller's responsibility to pass in no more than
+ * %$r$% bits of data.
+ *
+ * This is not the operation you wanted for ordinary hashing.
+ * It's provided for the use of higher-level protocols which use
+ * duplexing and other fancy sponge features.
+ */
+
+void keccak1600_set(keccak1600_state *s, const kludge64 *p, size_t n)
+{
+ uint32 m = COMPL_MASK;
+ unsigned i;
+ lane a;
+
+ for (i = 0; i < n; i++) {
+ a = TO_LANE(p[i]); if (m&1) NOT_LANE(a, a);
+ s->S[i] = a; m >>= 1;
+ }
+}
+
/* --- @keccak1600_extract@ --- *
*
* Arguments: @const keccak1600_state *s@ = a state to extract output from
void keccak1600_extract(const keccak1600_state *s, kludge64 *p, size_t n)
{
+ uint32 m = COMPL_MASK;
unsigned i;
- keccak1600_state t;
+ lane t;
- t = *s; STATE_OUT(&t);
- for (i = 0; i < n; i++) p[i] = FROM_LANE(t.S[i]);
+ for (i = 0; i < n; i++) {
+ t = s->S[i]; if (m&1) NOT_LANE(t, t);
+ *p++ = FROM_LANE(t); m >>= 1;
+ }
}
/*----- Test rig ----------------------------------------------------------*/
~mdw / catacomb / blobdiff