jbe@499: /* This file is derived from "Keccak-more-compact.c", which has been downloaded from <https://github.com/gvanas/KeccakCodePackage/blob/10856bc1922a1ee2c4d2822a88b9ef8fb5059932/Standalone/CompactFIPS202/Keccak-more-compact.c>. The original file "Keccak-more-compact.c" has, according to <https://github.com/gvanas/KeccakCodePackage/blob/10856bc1922a1ee2c4d2822a88b9ef8fb5059932/README.markdown>, been put into the public domain. */
jbe@499: 
jbe@499: #include <stdint.h>
jbe@499: 
jbe@501: #if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__)
jbe@501: #include <sys/endian.h>
jbe@501: #if defined(_BYTE_ORDER) && defined(_LITTLE_ENDIAN) && _BYTE_ORDER == _LITTLE_ENDIAN
jbe@501: #define MOONHASH_LITTLE_ENDIAN
jbe@501: #endif
jbe@501: #elif defined(__linux__)
jbe@501: #include <endian.h>
jbe@501: #if defined(__BYTE_ORDER) && defined(__LITTLE_ENDIAN) && __BYTE_ORDER == __LITTLE_ENDIAN
jbe@501: #define MOONHASH_LITTLE_ENDIAN
jbe@501: #endif
jbe@501: #else
jbe@501: #warning Could not determine endianess, revert to fail safe.
jbe@501: #endif
jbe@501: 
jbe@499: #define FOR(i,n) for(i=0; i<n; ++i)
jbe@499: typedef uint8_t u8;
jbe@499: typedef uint64_t u64;
jbe@499: typedef unsigned int ui;
jbe@499: 
jbe@499: static void Keccak(ui r, ui c, const u8 *in, u64 inLen, u8 sfx, u8 *out, u64 outLen);
jbe@499: void FIPS202_SHAKE128(const u8 *in, u64 inLen, u8 *out, u64 outLen) { Keccak(1344, 256, in, inLen, 0x1F, out, outLen); }
jbe@499: void FIPS202_SHAKE256(const u8 *in, u64 inLen, u8 *out, u64 outLen) { Keccak(1088, 512, in, inLen, 0x1F, out, outLen); }
jbe@499: void FIPS202_SHA3_224(const u8 *in, u64 inLen, u8 *out) { Keccak(1152, 448, in, inLen, 0x06, out, 28); }
jbe@499: void FIPS202_SHA3_256(const u8 *in, u64 inLen, u8 *out) { Keccak(1088, 512, in, inLen, 0x06, out, 32); }
jbe@499: void FIPS202_SHA3_384(const u8 *in, u64 inLen, u8 *out) { Keccak(832, 768, in, inLen, 0x06, out, 48); }
jbe@499: void FIPS202_SHA3_512(const u8 *in, u64 inLen, u8 *out) { Keccak(576, 1024, in, inLen, 0x06, out, 64); }
jbe@499: 
jbe@499: static int LFSR86540(u8 *R) { (*R)=((*R)<<1)^(((*R)&0x80)?0x71:0); return ((*R)&2)>>1; }
jbe@499: #define ROL(a,o) ((((u64)a)<<o)^(((u64)a)>>(64-o)))
jbe@501: #ifdef MOONHASH_LITTLE_ENDIAN
jbe@501: #define load64(src) (*(uint64_t *)(src))
jbe@501: #define store64(dst, src) do { *(uint64_t *)(dst) = src; } while (0)
jbe@501: #define xor64(dst, src) do { *(uint64_t *)(dst) ^= src; } while (0)
jbe@501: #else
jbe@500: static u64 load64(const u8 *x) { ui i; u64 u=0; FOR(i,8) { u<<=8; u|=x[7-i]; } return u; }
jbe@500: static void store64(u8 *x, u64 u) { ui i; FOR(i,8) { x[i]=u; u>>=8; } }
jbe@499: static void xor64(u8 *x, u64 u) { ui i; FOR(i,8) { x[i]^=u; u>>=8; } }
jbe@501: #endif
jbe@499: #define rL(x,y) load64((u8*)s+8*(x+5*y))
jbe@499: #define wL(x,y,l) store64((u8*)s+8*(x+5*y),l)
jbe@499: #define XL(x,y,l) xor64((u8*)s+8*(x+5*y),l)
jbe@499: static void KeccakF1600(void *s)
jbe@499: {
jbe@499:     ui r,x,y,i,j,Y; u8 R=0x01; u64 C[5],D;
jbe@499:     for(i=0; i<24; i++) {
jbe@499:         /*θ*/ FOR(x,5) C[x]=rL(x,0)^rL(x,1)^rL(x,2)^rL(x,3)^rL(x,4); FOR(x,5) { D=C[(x+4)%5]^ROL(C[(x+1)%5],1); FOR(y,5) XL(x,y,D); }
jbe@499:         /*ρπ*/ x=1; y=r=0; D=rL(x,y); FOR(j,24) { r+=j+1; Y=(2*x+3*y)%5; x=y; y=Y; C[0]=rL(x,y); wL(x,y,ROL(D,r%64)); D=C[0]; }
jbe@499:         /*χ*/ FOR(y,5) { FOR(x,5) C[x]=rL(x,y); FOR(x,5) wL(x,y,C[x]^((~C[(x+1)%5])&C[(x+2)%5])); }
jbe@499:         /*ι*/ FOR(j,7) if (LFSR86540(&R)) XL(0,0,(u64)1<<((1<<j)-1));
jbe@499:     }
jbe@499: }
jbe@499: static void Keccak(ui r, ui c, const u8 *in, u64 inLen, u8 sfx, u8 *out, u64 outLen)
jbe@499: {
jbe@499:     /*initialize*/ u8 s[200]; ui R=r/8; ui i,b=0; FOR(i,200) s[i]=0;
jbe@499:     /*absorb*/ while(inLen>0) { b=(inLen<R)?inLen:R; FOR(i,b) s[i]^=in[i]; in+=b; inLen-=b; if (b==R) { KeccakF1600(s); b=0; } }
jbe@499:     /*pad*/ s[b]^=sfx; if((sfx&0x80)&&(b==(R-1))) KeccakF1600(s); s[R-1]^=0x80; KeccakF1600(s);
jbe@499:     /*squeeze*/ while(outLen>0) { b=(outLen<R)?outLen:R; FOR(i,b) out[i]=s[i]; out+=b; outLen-=b; if(outLen>0) KeccakF1600(s); }
jbe@499: }