X-Git-Url: https://git.distorted.org.uk/~mdw/catacomb/blobdiff_plain/89717a56084f7cac56330c8527fbaff99b15709b..10f61ef8a2deafb3b801786ad37338c410ed21d7:/symm/keccak1600.c

diff --git a/symm/keccak1600.c b/symm/keccak1600.c
index d58bc6f8..c2d82926 100644
--- a/symm/keccak1600.c
+++ b/symm/keccak1600.c
@@ -221,6 +221,8 @@ static const lane rcon[24] = {
  * `keccak1600_round' below for the details.
  */
 
+#define COMPL_MASK 0x00121106u
+
 #define STATE_INIT(z) do {						\
   lane cmpl = LANE_CMPL;						\
   (z)->S[I(1, 0)] = cmpl; (z)->S[I(2, 0)] = cmpl;			\
@@ -240,6 +242,8 @@ static const lane rcon[24] = {
 #else
 /* A target with fused and/not (`bic', `andc2').  Everything is simple. */
 
+#define COMPL_MASK 0u
+
 #define STATE_INIT(z) do ; while (0)
 #define STATE_OUT(z) do ; while (0)
 
@@ -585,6 +589,35 @@ void keccak1600_mix(keccak1600_state *s, const kludge64 *p, size_t n)
     { a = TO_LANE(p[i]); XOR_LANE(s->S[i], s->S[i], a); }
 }
 
+/* --- @keccak1600_set@ --- *
+ *
+ * Arguments:	@keccak1600_state *s@ = a state to update
+ *		@const kludge64 *p@ = pointer to 64-bit words to mix in
+ *		@size_t n@ = size of the input, in 64-bit words
+ *
+ * Returns:	---
+ *
+ * Use:		Stores data into a %$\Keccak[r, 1600 - r]$% state.  Note that
+ *		it's the caller's responsibility to pass in no more than
+ *		%$r$% bits of data.
+ *
+ *		This is not the operation you wanted for ordinary hashing.
+ *		It's provided for the use of higher-level protocols which use
+ *		duplexing and other fancy sponge features.
+ */
+
+void keccak1600_set(keccak1600_state *s, const kludge64 *p, size_t n)
+{
+  uint32 m = COMPL_MASK;
+  unsigned i;
+  lane a;
+
+  for (i = 0; i < n; i++) {
+    a = TO_LANE(p[i]); if (m&1) NOT_LANE(a, a);
+    s->S[i] = a; m >>= 1;
+  }
+}
+
 /* --- @keccak1600_extract@ --- *
  *
  * Arguments:	@const keccak1600_state *s@ = a state to extract output from
@@ -600,11 +633,14 @@ void keccak1600_mix(keccak1600_state *s, const kludge64 *p, size_t n)
 
 void keccak1600_extract(const keccak1600_state *s, kludge64 *p, size_t n)
 {
+  uint32 m = COMPL_MASK;
   unsigned i;
-  keccak1600_state t;
+  lane t;
 
-  t = *s; STATE_OUT(&t);
-  for (i = 0; i < n; i++) p[i] = FROM_LANE(t.S[i]);
+  for (i = 0; i < n; i++) {
+    t = s->S[i]; if (m&1) NOT_LANE(t, t);
+    *p++ = FROM_LANE(t); m >>= 1;
+  }
 }
 
 /*----- Test rig ----------------------------------------------------------*/