Lines Matching refs:A
16 size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len,
18 void SHA3_squeeze(uint64_t A[5][5], unsigned char *out, size_t len, size_t r, int next);
126 static void Theta(uint64_t A[5][5]) in Theta()
131 C[0] = A[0][0]; in Theta()
132 C[1] = A[0][1]; in Theta()
133 C[2] = A[0][2]; in Theta()
134 C[3] = A[0][3]; in Theta()
135 C[4] = A[0][4]; in Theta()
138 C[0] ^= A[y][0]; in Theta()
139 C[1] ^= A[y][1]; in Theta()
140 C[2] ^= A[y][2]; in Theta()
141 C[3] ^= A[y][3]; in Theta()
142 C[4] ^= A[y][4]; in Theta()
152 A[y][0] ^= D[0]; in Theta()
153 A[y][1] ^= D[1]; in Theta()
154 A[y][2] ^= D[2]; in Theta()
155 A[y][3] ^= D[3]; in Theta()
156 A[y][4] ^= D[4]; in Theta()
160 static void Rho(uint64_t A[5][5]) in Rho()
165 A[y][0] = ROL64(A[y][0], rhotates[y][0]); in Rho()
166 A[y][1] = ROL64(A[y][1], rhotates[y][1]); in Rho()
167 A[y][2] = ROL64(A[y][2], rhotates[y][2]); in Rho()
168 A[y][3] = ROL64(A[y][3], rhotates[y][3]); in Rho()
169 A[y][4] = ROL64(A[y][4], rhotates[y][4]); in Rho()
173 static void Pi(uint64_t A[5][5]) in Pi()
181 memcpy(T, A, sizeof(T)); in Pi()
183 A[0][0] = T[0][0]; in Pi()
184 A[0][1] = T[1][1]; in Pi()
185 A[0][2] = T[2][2]; in Pi()
186 A[0][3] = T[3][3]; in Pi()
187 A[0][4] = T[4][4]; in Pi()
189 A[1][0] = T[0][3]; in Pi()
190 A[1][1] = T[1][4]; in Pi()
191 A[1][2] = T[2][0]; in Pi()
192 A[1][3] = T[3][1]; in Pi()
193 A[1][4] = T[4][2]; in Pi()
195 A[2][0] = T[0][1]; in Pi()
196 A[2][1] = T[1][2]; in Pi()
197 A[2][2] = T[2][3]; in Pi()
198 A[2][3] = T[3][4]; in Pi()
199 A[2][4] = T[4][0]; in Pi()
201 A[3][0] = T[0][4]; in Pi()
202 A[3][1] = T[1][0]; in Pi()
203 A[3][2] = T[2][1]; in Pi()
204 A[3][3] = T[3][2]; in Pi()
205 A[3][4] = T[4][3]; in Pi()
207 A[4][0] = T[0][2]; in Pi()
208 A[4][1] = T[1][3]; in Pi()
209 A[4][2] = T[2][4]; in Pi()
210 A[4][3] = T[3][0]; in Pi()
211 A[4][4] = T[4][1]; in Pi()
214 static void Chi(uint64_t A[5][5]) in Chi()
220 C[0] = A[y][0] ^ (~A[y][1] & A[y][2]); in Chi()
221 C[1] = A[y][1] ^ (~A[y][2] & A[y][3]); in Chi()
222 C[2] = A[y][2] ^ (~A[y][3] & A[y][4]); in Chi()
223 C[3] = A[y][3] ^ (~A[y][4] & A[y][0]); in Chi()
224 C[4] = A[y][4] ^ (~A[y][0] & A[y][1]); in Chi()
226 A[y][0] = C[0]; in Chi()
227 A[y][1] = C[1]; in Chi()
228 A[y][2] = C[2]; in Chi()
229 A[y][3] = C[3]; in Chi()
230 A[y][4] = C[4]; in Chi()
234 static void Iota(uint64_t A[5][5], size_t i) in Iota()
237 A[0][0] ^= iotas[i]; in Iota()
240 static void KeccakF1600(uint64_t A[5][5]) in KeccakF1600()
245 Theta(A); in KeccakF1600()
246 Rho(A); in KeccakF1600()
247 Pi(A); in KeccakF1600()
248 Chi(A); in KeccakF1600()
249 Iota(A, i); in KeccakF1600()
264 static void Round(uint64_t A[5][5], size_t i) in Round()
271 C[0] = A[0][0] ^ A[1][0] ^ A[2][0] ^ A[3][0] ^ A[4][0]; in Round()
272 C[1] = A[0][1] ^ A[1][1] ^ A[2][1] ^ A[3][1] ^ A[4][1]; in Round()
273 C[2] = A[0][2] ^ A[1][2] ^ A[2][2] ^ A[3][2] ^ A[4][2]; in Round()
274 C[3] = A[0][3] ^ A[1][3] ^ A[2][3] ^ A[3][3] ^ A[4][3]; in Round()
275 C[4] = A[0][4] ^ A[1][4] ^ A[2][4] ^ A[3][4] ^ A[4][4]; in Round()
284 T[0][0] = A[3][0] ^ C[0]; /* borrow T[0][0] */ in Round()
285 T[0][1] = A[0][1] ^ E[0]; /* D[1] */ in Round()
286 T[0][2] = A[0][2] ^ C[1]; /* D[2] */ in Round()
287 T[0][3] = A[0][3] ^ C[2]; /* D[3] */ in Round()
288 T[0][4] = A[0][4] ^ E[1]; /* D[4] */ in Round()
290 C[3] = ROL64(A[3][3] ^ C[2], rhotates[3][3]); /* D[3] */ in Round()
291 C[4] = ROL64(A[4][4] ^ E[1], rhotates[4][4]); /* D[4] */ in Round()
292 C[0] = A[0][0] ^ C[0]; /* rotate by 0 */ /* D[0] */ in Round()
293 C[2] = ROL64(A[2][2] ^ C[1], rhotates[2][2]); /* D[2] */ in Round()
294 C[1] = ROL64(A[1][1] ^ E[0], rhotates[1][1]); /* D[1] */ in Round()
302 T[0][0] = A[3][0] ^ D[0]; /* borrow T[0][0] */ in Round()
303 T[0][1] = A[0][1] ^ D[1]; in Round()
304 T[0][2] = A[0][2] ^ D[2]; in Round()
305 T[0][3] = A[0][3] ^ D[3]; in Round()
306 T[0][4] = A[0][4] ^ D[4]; in Round()
308 C[0] = A[0][0] ^ D[0]; /* rotate by 0 */ in Round()
309 C[1] = ROL64(A[1][1] ^ D[1], rhotates[1][1]); in Round()
310 C[2] = ROL64(A[2][2] ^ D[2], rhotates[2][2]); in Round()
311 C[3] = ROL64(A[3][3] ^ D[3], rhotates[3][3]); in Round()
312 C[4] = ROL64(A[4][4] ^ D[4], rhotates[4][4]); in Round()
314 A[0][0] = C[0] ^ (~C[1] & C[2]) ^ iotas[i]; in Round()
315 A[0][1] = C[1] ^ (~C[2] & C[3]); in Round()
316 A[0][2] = C[2] ^ (~C[3] & C[4]); in Round()
317 A[0][3] = C[3] ^ (~C[4] & C[0]); in Round()
318 A[0][4] = C[4] ^ (~C[0] & C[1]); in Round()
320 T[1][0] = A[1][0] ^ (C[3] = D[0]); in Round()
321 T[1][1] = A[2][1] ^ (C[4] = D[1]); /* borrow T[1][1] */ in Round()
322 T[1][2] = A[1][2] ^ (E[0] = D[2]); in Round()
323 T[1][3] = A[1][3] ^ (E[1] = D[3]); in Round()
324 T[1][4] = A[2][4] ^ (C[2] = D[4]); /* borrow T[1][4] */ in Round()
327 C[1] = ROL64(A[1][4] ^ C[2], rhotates[1][4]); /* D[4] */ in Round()
328 C[2] = ROL64(A[2][0] ^ C[3], rhotates[2][0]); /* D[0] */ in Round()
329 C[3] = ROL64(A[3][1] ^ C[4], rhotates[3][1]); /* D[1] */ in Round()
330 C[4] = ROL64(A[4][2] ^ E[0], rhotates[4][2]); /* D[2] */ in Round()
332 A[1][0] = C[0] ^ (~C[1] & C[2]); in Round()
333 A[1][1] = C[1] ^ (~C[2] & C[3]); in Round()
334 A[1][2] = C[2] ^ (~C[3] & C[4]); in Round()
335 A[1][3] = C[3] ^ (~C[4] & C[0]); in Round()
336 A[1][4] = C[4] ^ (~C[0] & C[1]); in Round()
340 C[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]); in Round()
341 C[3] = ROL64(A[3][4] ^ D[4], rhotates[3][4]); in Round()
342 C[4] = ROL64(A[4][0] ^ D[0], rhotates[4][0]); in Round()
344 A[2][0] = C[0] ^ (~C[1] & C[2]); in Round()
345 A[2][1] = C[1] ^ (~C[2] & C[3]); in Round()
346 A[2][2] = C[2] ^ (~C[3] & C[4]); in Round()
347 A[2][3] = C[3] ^ (~C[4] & C[0]); in Round()
348 A[2][4] = C[4] ^ (~C[0] & C[1]); in Round()
353 C[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]); in Round()
354 C[4] = ROL64(A[4][3] ^ D[3], rhotates[4][3]); in Round()
356 A[3][0] = C[0] ^ (~C[1] & C[2]); in Round()
357 A[3][1] = C[1] ^ (~C[2] & C[3]); in Round()
358 A[3][2] = C[2] ^ (~C[3] & C[4]); in Round()
359 A[3][3] = C[3] ^ (~C[4] & C[0]); in Round()
360 A[3][4] = C[4] ^ (~C[0] & C[1]); in Round()
366 C[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]); in Round()
368 A[4][0] = C[0] ^ (~C[1] & C[2]); in Round()
369 A[4][1] = C[1] ^ (~C[2] & C[3]); in Round()
370 A[4][2] = C[2] ^ (~C[3] & C[4]); in Round()
371 A[4][3] = C[3] ^ (~C[4] & C[0]); in Round()
372 A[4][4] = C[4] ^ (~C[0] & C[1]); in Round()
375 static void KeccakF1600(uint64_t A[5][5]) in KeccakF1600()
380 Round(A, i); in KeccakF1600()
392 static void Round(uint64_t A[5][5], size_t i) in Round()
398 C[0] = A[0][0] ^ A[1][0] ^ A[2][0] ^ A[3][0] ^ A[4][0]; in Round()
399 C[1] = A[0][1] ^ A[1][1] ^ A[2][1] ^ A[3][1] ^ A[4][1]; in Round()
400 C[2] = A[0][2] ^ A[1][2] ^ A[2][2] ^ A[3][2] ^ A[4][2]; in Round()
401 C[3] = A[0][3] ^ A[1][3] ^ A[2][3] ^ A[3][3] ^ A[4][3]; in Round()
402 C[4] = A[0][4] ^ A[1][4] ^ A[2][4] ^ A[3][4] ^ A[4][4]; in Round()
410 A[0][1] ^= D[1]; in Round()
411 A[1][1] ^= D[1]; in Round()
412 A[2][1] ^= D[1]; in Round()
413 A[3][1] ^= D[1]; in Round()
414 A[4][1] ^= D[1]; in Round()
416 A[0][2] ^= D[2]; in Round()
417 A[1][2] ^= D[2]; in Round()
418 A[2][2] ^= D[2]; in Round()
419 A[3][2] ^= D[2]; in Round()
420 A[4][2] ^= D[2]; in Round()
422 A[0][3] ^= C[2]; in Round()
423 A[1][3] ^= C[2]; in Round()
424 A[2][3] ^= C[2]; in Round()
425 A[3][3] ^= C[2]; in Round()
426 A[4][3] ^= C[2]; in Round()
428 A[0][4] ^= C[3]; in Round()
429 A[1][4] ^= C[3]; in Round()
430 A[2][4] ^= C[3]; in Round()
431 A[3][4] ^= C[3]; in Round()
432 A[4][4] ^= C[3]; in Round()
434 A[0][0] ^= C[4]; in Round()
435 A[1][0] ^= C[4]; in Round()
436 A[2][0] ^= C[4]; in Round()
437 A[3][0] ^= C[4]; in Round()
438 A[4][0] ^= C[4]; in Round()
440 C[1] = A[0][1]; in Round()
441 C[2] = A[0][2]; in Round()
442 C[3] = A[0][3]; in Round()
443 C[4] = A[0][4]; in Round()
445 A[0][1] = ROL64(A[1][1], rhotates[1][1]); in Round()
446 A[0][2] = ROL64(A[2][2], rhotates[2][2]); in Round()
447 A[0][3] = ROL64(A[3][3], rhotates[3][3]); in Round()
448 A[0][4] = ROL64(A[4][4], rhotates[4][4]); in Round()
450 A[1][1] = ROL64(A[1][4], rhotates[1][4]); in Round()
451 A[2][2] = ROL64(A[2][3], rhotates[2][3]); in Round()
452 A[3][3] = ROL64(A[3][2], rhotates[3][2]); in Round()
453 A[4][4] = ROL64(A[4][1], rhotates[4][1]); in Round()
455 A[1][4] = ROL64(A[4][2], rhotates[4][2]); in Round()
456 A[2][3] = ROL64(A[3][4], rhotates[3][4]); in Round()
457 A[3][2] = ROL64(A[2][1], rhotates[2][1]); in Round()
458 A[4][1] = ROL64(A[1][3], rhotates[1][3]); in Round()
460 A[4][2] = ROL64(A[2][4], rhotates[2][4]); in Round()
461 A[3][4] = ROL64(A[4][3], rhotates[4][3]); in Round()
462 A[2][1] = ROL64(A[1][2], rhotates[1][2]); in Round()
463 A[1][3] = ROL64(A[3][1], rhotates[3][1]); in Round()
465 A[2][4] = ROL64(A[4][0], rhotates[4][0]); in Round()
466 A[4][3] = ROL64(A[3][0], rhotates[3][0]); in Round()
467 A[1][2] = ROL64(A[2][0], rhotates[2][0]); in Round()
468 A[3][1] = ROL64(A[1][0], rhotates[1][0]); in Round()
470 A[1][0] = ROL64(C[3], rhotates[0][3]); in Round()
471 A[2][0] = ROL64(C[1], rhotates[0][1]); in Round()
472 A[3][0] = ROL64(C[4], rhotates[0][4]); in Round()
473 A[4][0] = ROL64(C[2], rhotates[0][2]); in Round()
475 C[0] = A[0][0]; in Round()
476 C[1] = A[1][0]; in Round()
477 D[0] = A[0][1]; in Round()
478 D[1] = A[1][1]; in Round()
480 A[0][0] ^= (~A[0][1] & A[0][2]); in Round()
481 A[1][0] ^= (~A[1][1] & A[1][2]); in Round()
482 A[0][1] ^= (~A[0][2] & A[0][3]); in Round()
483 A[1][1] ^= (~A[1][2] & A[1][3]); in Round()
484 A[0][2] ^= (~A[0][3] & A[0][4]); in Round()
485 A[1][2] ^= (~A[1][3] & A[1][4]); in Round()
486 A[0][3] ^= (~A[0][4] & C[0]); in Round()
487 A[1][3] ^= (~A[1][4] & C[1]); in Round()
488 A[0][4] ^= (~C[0] & D[0]); in Round()
489 A[1][4] ^= (~C[1] & D[1]); in Round()
491 C[2] = A[2][0]; in Round()
492 C[3] = A[3][0]; in Round()
493 D[2] = A[2][1]; in Round()
494 D[3] = A[3][1]; in Round()
496 A[2][0] ^= (~A[2][1] & A[2][2]); in Round()
497 A[3][0] ^= (~A[3][1] & A[3][2]); in Round()
498 A[2][1] ^= (~A[2][2] & A[2][3]); in Round()
499 A[3][1] ^= (~A[3][2] & A[3][3]); in Round()
500 A[2][2] ^= (~A[2][3] & A[2][4]); in Round()
501 A[3][2] ^= (~A[3][3] & A[3][4]); in Round()
502 A[2][3] ^= (~A[2][4] & C[2]); in Round()
503 A[3][3] ^= (~A[3][4] & C[3]); in Round()
504 A[2][4] ^= (~C[2] & D[2]); in Round()
505 A[3][4] ^= (~C[3] & D[3]); in Round()
507 C[4] = A[4][0]; in Round()
508 D[4] = A[4][1]; in Round()
510 A[4][0] ^= (~A[4][1] & A[4][2]); in Round()
511 A[4][1] ^= (~A[4][2] & A[4][3]); in Round()
512 A[4][2] ^= (~A[4][3] & A[4][4]); in Round()
513 A[4][3] ^= (~A[4][4] & C[4]); in Round()
514 A[4][4] ^= (~C[4] & D[4]); in Round()
515 A[0][0] ^= iotas[i]; in Round()
518 static void KeccakF1600(uint64_t A[5][5]) in KeccakF1600()
523 Round(A, i); in KeccakF1600()
537 static void Round(uint64_t R[5][5], uint64_t A[5][5], size_t i) in Round()
543 C[0] = A[0][0] ^ A[1][0] ^ A[2][0] ^ A[3][0] ^ A[4][0]; in Round()
544 C[1] = A[0][1] ^ A[1][1] ^ A[2][1] ^ A[3][1] ^ A[4][1]; in Round()
545 C[2] = A[0][2] ^ A[1][2] ^ A[2][2] ^ A[3][2] ^ A[4][2]; in Round()
546 C[3] = A[0][3] ^ A[1][3] ^ A[2][3] ^ A[3][3] ^ A[4][3]; in Round()
547 C[4] = A[0][4] ^ A[1][4] ^ A[2][4] ^ A[3][4] ^ A[4][4]; in Round()
555 C[0] = A[0][0] ^ D[0]; /* rotate by 0 */ in Round()
556 C[1] = ROL64(A[1][1] ^ D[1], rhotates[1][1]); in Round()
557 C[2] = ROL64(A[2][2] ^ D[2], rhotates[2][2]); in Round()
558 C[3] = ROL64(A[3][3] ^ D[3], rhotates[3][3]); in Round()
559 C[4] = ROL64(A[4][4] ^ D[4], rhotates[4][4]); in Round()
575 C[0] = ROL64(A[0][3] ^ D[3], rhotates[0][3]); in Round()
576 C[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]); in Round()
577 C[2] = ROL64(A[2][0] ^ D[0], rhotates[2][0]); in Round()
578 C[3] = ROL64(A[3][1] ^ D[1], rhotates[3][1]); in Round()
579 C[4] = ROL64(A[4][2] ^ D[2], rhotates[4][2]); in Round()
595 C[0] = ROL64(A[0][1] ^ D[1], rhotates[0][1]); in Round()
596 C[1] = ROL64(A[1][2] ^ D[2], rhotates[1][2]); in Round()
597 C[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]); in Round()
598 C[3] = ROL64(A[3][4] ^ D[4], rhotates[3][4]); in Round()
599 C[4] = ROL64(A[4][0] ^ D[0], rhotates[4][0]); in Round()
615 C[0] = ROL64(A[0][4] ^ D[4], rhotates[0][4]); in Round()
616 C[1] = ROL64(A[1][0] ^ D[0], rhotates[1][0]); in Round()
617 C[2] = ROL64(A[2][1] ^ D[1], rhotates[2][1]); in Round()
618 C[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]); in Round()
619 C[4] = ROL64(A[4][3] ^ D[3], rhotates[4][3]); in Round()
635 C[0] = ROL64(A[0][2] ^ D[2], rhotates[0][2]); in Round()
636 C[1] = ROL64(A[1][3] ^ D[3], rhotates[1][3]); in Round()
637 C[2] = ROL64(A[2][4] ^ D[4], rhotates[2][4]); in Round()
638 C[3] = ROL64(A[3][0] ^ D[0], rhotates[3][0]); in Round()
639 C[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]); in Round()
656 static void KeccakF1600(uint64_t A[5][5]) in KeccakF1600()
662 A[0][1] = ~A[0][1]; in KeccakF1600()
663 A[0][2] = ~A[0][2]; in KeccakF1600()
664 A[1][3] = ~A[1][3]; in KeccakF1600()
665 A[2][2] = ~A[2][2]; in KeccakF1600()
666 A[3][2] = ~A[3][2]; in KeccakF1600()
667 A[4][0] = ~A[4][0]; in KeccakF1600()
671 Round(T, A, i); in KeccakF1600()
672 Round(A, T, i + 1); in KeccakF1600()
676 A[0][1] = ~A[0][1]; in KeccakF1600()
677 A[0][2] = ~A[0][2]; in KeccakF1600()
678 A[1][3] = ~A[1][3]; in KeccakF1600()
679 A[2][2] = ~A[2][2]; in KeccakF1600()
680 A[3][2] = ~A[3][2]; in KeccakF1600()
681 A[4][0] = ~A[4][0]; in KeccakF1600()
695 static void FourRounds(uint64_t A[5][5], size_t i) in FourRounds()
702 C[0] = A[0][0] ^ A[1][0] ^ A[2][0] ^ A[3][0] ^ A[4][0]; in FourRounds()
703 C[1] = A[0][1] ^ A[1][1] ^ A[2][1] ^ A[3][1] ^ A[4][1]; in FourRounds()
704 C[2] = A[0][2] ^ A[1][2] ^ A[2][2] ^ A[3][2] ^ A[4][2]; in FourRounds()
705 C[3] = A[0][3] ^ A[1][3] ^ A[2][3] ^ A[3][3] ^ A[4][3]; in FourRounds()
706 C[4] = A[0][4] ^ A[1][4] ^ A[2][4] ^ A[3][4] ^ A[4][4]; in FourRounds()
714 B[0] = A[0][0] ^ D[0]; /* rotate by 0 */ in FourRounds()
715 B[1] = ROL64(A[1][1] ^ D[1], rhotates[1][1]); in FourRounds()
716 B[2] = ROL64(A[2][2] ^ D[2], rhotates[2][2]); in FourRounds()
717 B[3] = ROL64(A[3][3] ^ D[3], rhotates[3][3]); in FourRounds()
718 B[4] = ROL64(A[4][4] ^ D[4], rhotates[4][4]); in FourRounds()
720 C[0] = A[0][0] = B[0] ^ (~B[1] & B[2]) ^ iotas[i]; in FourRounds()
721 C[1] = A[1][1] = B[1] ^ (~B[2] & B[3]); in FourRounds()
722 C[2] = A[2][2] = B[2] ^ (~B[3] & B[4]); in FourRounds()
723 C[3] = A[3][3] = B[3] ^ (~B[4] & B[0]); in FourRounds()
724 C[4] = A[4][4] = B[4] ^ (~B[0] & B[1]); in FourRounds()
726 B[0] = ROL64(A[0][3] ^ D[3], rhotates[0][3]); in FourRounds()
727 B[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]); in FourRounds()
728 B[2] = ROL64(A[2][0] ^ D[0], rhotates[2][0]); in FourRounds()
729 B[3] = ROL64(A[3][1] ^ D[1], rhotates[3][1]); in FourRounds()
730 B[4] = ROL64(A[4][2] ^ D[2], rhotates[4][2]); in FourRounds()
732 C[0] ^= A[2][0] = B[0] ^ (~B[1] & B[2]); in FourRounds()
733 C[1] ^= A[3][1] = B[1] ^ (~B[2] & B[3]); in FourRounds()
734 C[2] ^= A[4][2] = B[2] ^ (~B[3] & B[4]); in FourRounds()
735 C[3] ^= A[0][3] = B[3] ^ (~B[4] & B[0]); in FourRounds()
736 C[4] ^= A[1][4] = B[4] ^ (~B[0] & B[1]); in FourRounds()
738 B[0] = ROL64(A[0][1] ^ D[1], rhotates[0][1]); in FourRounds()
739 B[1] = ROL64(A[1][2] ^ D[2], rhotates[1][2]); in FourRounds()
740 B[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]); in FourRounds()
741 B[3] = ROL64(A[3][4] ^ D[4], rhotates[3][4]); in FourRounds()
742 B[4] = ROL64(A[4][0] ^ D[0], rhotates[4][0]); in FourRounds()
744 C[0] ^= A[4][0] = B[0] ^ (~B[1] & B[2]); in FourRounds()
745 C[1] ^= A[0][1] = B[1] ^ (~B[2] & B[3]); in FourRounds()
746 C[2] ^= A[1][2] = B[2] ^ (~B[3] & B[4]); in FourRounds()
747 C[3] ^= A[2][3] = B[3] ^ (~B[4] & B[0]); in FourRounds()
748 C[4] ^= A[3][4] = B[4] ^ (~B[0] & B[1]); in FourRounds()
750 B[0] = ROL64(A[0][4] ^ D[4], rhotates[0][4]); in FourRounds()
751 B[1] = ROL64(A[1][0] ^ D[0], rhotates[1][0]); in FourRounds()
752 B[2] = ROL64(A[2][1] ^ D[1], rhotates[2][1]); in FourRounds()
753 B[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]); in FourRounds()
754 B[4] = ROL64(A[4][3] ^ D[3], rhotates[4][3]); in FourRounds()
756 C[0] ^= A[1][0] = B[0] ^ (~B[1] & B[2]); in FourRounds()
757 C[1] ^= A[2][1] = B[1] ^ (~B[2] & B[3]); in FourRounds()
758 C[2] ^= A[3][2] = B[2] ^ (~B[3] & B[4]); in FourRounds()
759 C[3] ^= A[4][3] = B[3] ^ (~B[4] & B[0]); in FourRounds()
760 C[4] ^= A[0][4] = B[4] ^ (~B[0] & B[1]); in FourRounds()
762 B[0] = ROL64(A[0][2] ^ D[2], rhotates[0][2]); in FourRounds()
763 B[1] = ROL64(A[1][3] ^ D[3], rhotates[1][3]); in FourRounds()
764 B[2] = ROL64(A[2][4] ^ D[4], rhotates[2][4]); in FourRounds()
765 B[3] = ROL64(A[3][0] ^ D[0], rhotates[3][0]); in FourRounds()
766 B[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]); in FourRounds()
768 C[0] ^= A[3][0] = B[0] ^ (~B[1] & B[2]); in FourRounds()
769 C[1] ^= A[4][1] = B[1] ^ (~B[2] & B[3]); in FourRounds()
770 C[2] ^= A[0][2] = B[2] ^ (~B[3] & B[4]); in FourRounds()
771 C[3] ^= A[1][3] = B[3] ^ (~B[4] & B[0]); in FourRounds()
772 C[4] ^= A[2][4] = B[4] ^ (~B[0] & B[1]); in FourRounds()
781 B[0] = A[0][0] ^ D[0]; /* rotate by 0 */ in FourRounds()
782 B[1] = ROL64(A[3][1] ^ D[1], rhotates[1][1]); in FourRounds()
783 B[2] = ROL64(A[1][2] ^ D[2], rhotates[2][2]); in FourRounds()
784 B[3] = ROL64(A[4][3] ^ D[3], rhotates[3][3]); in FourRounds()
785 B[4] = ROL64(A[2][4] ^ D[4], rhotates[4][4]); in FourRounds()
787 C[0] = A[0][0] = B[0] ^ (~B[1] & B[2]) ^ iotas[i + 1]; in FourRounds()
788 C[1] = A[3][1] = B[1] ^ (~B[2] & B[3]); in FourRounds()
789 C[2] = A[1][2] = B[2] ^ (~B[3] & B[4]); in FourRounds()
790 C[3] = A[4][3] = B[3] ^ (~B[4] & B[0]); in FourRounds()
791 C[4] = A[2][4] = B[4] ^ (~B[0] & B[1]); in FourRounds()
793 B[0] = ROL64(A[3][3] ^ D[3], rhotates[0][3]); in FourRounds()
794 B[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]); in FourRounds()
795 B[2] = ROL64(A[4][0] ^ D[0], rhotates[2][0]); in FourRounds()
796 B[3] = ROL64(A[2][1] ^ D[1], rhotates[3][1]); in FourRounds()
797 B[4] = ROL64(A[0][2] ^ D[2], rhotates[4][2]); in FourRounds()
799 C[0] ^= A[4][0] = B[0] ^ (~B[1] & B[2]); in FourRounds()
800 C[1] ^= A[2][1] = B[1] ^ (~B[2] & B[3]); in FourRounds()
801 C[2] ^= A[0][2] = B[2] ^ (~B[3] & B[4]); in FourRounds()
802 C[3] ^= A[3][3] = B[3] ^ (~B[4] & B[0]); in FourRounds()
803 C[4] ^= A[1][4] = B[4] ^ (~B[0] & B[1]); in FourRounds()
805 B[0] = ROL64(A[1][1] ^ D[1], rhotates[0][1]); in FourRounds()
806 B[1] = ROL64(A[4][2] ^ D[2], rhotates[1][2]); in FourRounds()
807 B[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]); in FourRounds()
808 B[3] = ROL64(A[0][4] ^ D[4], rhotates[3][4]); in FourRounds()
809 B[4] = ROL64(A[3][0] ^ D[0], rhotates[4][0]); in FourRounds()
811 C[0] ^= A[3][0] = B[0] ^ (~B[1] & B[2]); in FourRounds()
812 C[1] ^= A[1][1] = B[1] ^ (~B[2] & B[3]); in FourRounds()
813 C[2] ^= A[4][2] = B[2] ^ (~B[3] & B[4]); in FourRounds()
814 C[3] ^= A[2][3] = B[3] ^ (~B[4] & B[0]); in FourRounds()
815 C[4] ^= A[0][4] = B[4] ^ (~B[0] & B[1]); in FourRounds()
817 B[0] = ROL64(A[4][4] ^ D[4], rhotates[0][4]); in FourRounds()
818 B[1] = ROL64(A[2][0] ^ D[0], rhotates[1][0]); in FourRounds()
819 B[2] = ROL64(A[0][1] ^ D[1], rhotates[2][1]); in FourRounds()
820 B[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]); in FourRounds()
821 B[4] = ROL64(A[1][3] ^ D[3], rhotates[4][3]); in FourRounds()
823 C[0] ^= A[2][0] = B[0] ^ (~B[1] & B[2]); in FourRounds()
824 C[1] ^= A[0][1] = B[1] ^ (~B[2] & B[3]); in FourRounds()
825 C[2] ^= A[3][2] = B[2] ^ (~B[3] & B[4]); in FourRounds()
826 C[3] ^= A[1][3] = B[3] ^ (~B[4] & B[0]); in FourRounds()
827 C[4] ^= A[4][4] = B[4] ^ (~B[0] & B[1]); in FourRounds()
829 B[0] = ROL64(A[2][2] ^ D[2], rhotates[0][2]); in FourRounds()
830 B[1] = ROL64(A[0][3] ^ D[3], rhotates[1][3]); in FourRounds()
831 B[2] = ROL64(A[3][4] ^ D[4], rhotates[2][4]); in FourRounds()
832 B[3] = ROL64(A[1][0] ^ D[0], rhotates[3][0]); in FourRounds()
833 B[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]); in FourRounds()
835 C[0] ^= A[1][0] = B[0] ^ (~B[1] & B[2]); in FourRounds()
836 C[1] ^= A[4][1] = B[1] ^ (~B[2] & B[3]); in FourRounds()
837 C[2] ^= A[2][2] = B[2] ^ (~B[3] & B[4]); in FourRounds()
838 C[3] ^= A[0][3] = B[3] ^ (~B[4] & B[0]); in FourRounds()
839 C[4] ^= A[3][4] = B[4] ^ (~B[0] & B[1]); in FourRounds()
848 B[0] = A[0][0] ^ D[0]; /* rotate by 0 */ in FourRounds()
849 B[1] = ROL64(A[2][1] ^ D[1], rhotates[1][1]); in FourRounds()
850 B[2] = ROL64(A[4][2] ^ D[2], rhotates[2][2]); in FourRounds()
851 B[3] = ROL64(A[1][3] ^ D[3], rhotates[3][3]); in FourRounds()
852 B[4] = ROL64(A[3][4] ^ D[4], rhotates[4][4]); in FourRounds()
854 C[0] = A[0][0] = B[0] ^ (~B[1] & B[2]) ^ iotas[i + 2]; in FourRounds()
855 C[1] = A[2][1] = B[1] ^ (~B[2] & B[3]); in FourRounds()
856 C[2] = A[4][2] = B[2] ^ (~B[3] & B[4]); in FourRounds()
857 C[3] = A[1][3] = B[3] ^ (~B[4] & B[0]); in FourRounds()
858 C[4] = A[3][4] = B[4] ^ (~B[0] & B[1]); in FourRounds()
860 B[0] = ROL64(A[4][3] ^ D[3], rhotates[0][3]); in FourRounds()
861 B[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]); in FourRounds()
862 B[2] = ROL64(A[3][0] ^ D[0], rhotates[2][0]); in FourRounds()
863 B[3] = ROL64(A[0][1] ^ D[1], rhotates[3][1]); in FourRounds()
864 B[4] = ROL64(A[2][2] ^ D[2], rhotates[4][2]); in FourRounds()
866 C[0] ^= A[3][0] = B[0] ^ (~B[1] & B[2]); in FourRounds()
867 C[1] ^= A[0][1] = B[1] ^ (~B[2] & B[3]); in FourRounds()
868 C[2] ^= A[2][2] = B[2] ^ (~B[3] & B[4]); in FourRounds()
869 C[3] ^= A[4][3] = B[3] ^ (~B[4] & B[0]); in FourRounds()
870 C[4] ^= A[1][4] = B[4] ^ (~B[0] & B[1]); in FourRounds()
872 B[0] = ROL64(A[3][1] ^ D[1], rhotates[0][1]); in FourRounds()
873 B[1] = ROL64(A[0][2] ^ D[2], rhotates[1][2]); in FourRounds()
874 B[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]); in FourRounds()
875 B[3] = ROL64(A[4][4] ^ D[4], rhotates[3][4]); in FourRounds()
876 B[4] = ROL64(A[1][0] ^ D[0], rhotates[4][0]); in FourRounds()
878 C[0] ^= A[1][0] = B[0] ^ (~B[1] & B[2]); in FourRounds()
879 C[1] ^= A[3][1] = B[1] ^ (~B[2] & B[3]); in FourRounds()
880 C[2] ^= A[0][2] = B[2] ^ (~B[3] & B[4]); in FourRounds()
881 C[3] ^= A[2][3] = B[3] ^ (~B[4] & B[0]); in FourRounds()
882 C[4] ^= A[4][4] = B[4] ^ (~B[0] & B[1]); in FourRounds()
884 B[0] = ROL64(A[2][4] ^ D[4], rhotates[0][4]); in FourRounds()
885 B[1] = ROL64(A[4][0] ^ D[0], rhotates[1][0]); in FourRounds()
886 B[2] = ROL64(A[1][1] ^ D[1], rhotates[2][1]); in FourRounds()
887 B[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]); in FourRounds()
888 B[4] = ROL64(A[0][3] ^ D[3], rhotates[4][3]); in FourRounds()
890 C[0] ^= A[4][0] = B[0] ^ (~B[1] & B[2]); in FourRounds()
891 C[1] ^= A[1][1] = B[1] ^ (~B[2] & B[3]); in FourRounds()
892 C[2] ^= A[3][2] = B[2] ^ (~B[3] & B[4]); in FourRounds()
893 C[3] ^= A[0][3] = B[3] ^ (~B[4] & B[0]); in FourRounds()
894 C[4] ^= A[2][4] = B[4] ^ (~B[0] & B[1]); in FourRounds()
896 B[0] = ROL64(A[1][2] ^ D[2], rhotates[0][2]); in FourRounds()
897 B[1] = ROL64(A[3][3] ^ D[3], rhotates[1][3]); in FourRounds()
898 B[2] = ROL64(A[0][4] ^ D[4], rhotates[2][4]); in FourRounds()
899 B[3] = ROL64(A[2][0] ^ D[0], rhotates[3][0]); in FourRounds()
900 B[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]); in FourRounds()
902 C[0] ^= A[2][0] = B[0] ^ (~B[1] & B[2]); in FourRounds()
903 C[1] ^= A[4][1] = B[1] ^ (~B[2] & B[3]); in FourRounds()
904 C[2] ^= A[1][2] = B[2] ^ (~B[3] & B[4]); in FourRounds()
905 C[3] ^= A[3][3] = B[3] ^ (~B[4] & B[0]); in FourRounds()
906 C[4] ^= A[0][4] = B[4] ^ (~B[0] & B[1]); in FourRounds()
915 B[0] = A[0][0] ^ D[0]; /* rotate by 0 */ in FourRounds()
916 B[1] = ROL64(A[0][1] ^ D[1], rhotates[1][1]); in FourRounds()
917 B[2] = ROL64(A[0][2] ^ D[2], rhotates[2][2]); in FourRounds()
918 B[3] = ROL64(A[0][3] ^ D[3], rhotates[3][3]); in FourRounds()
919 B[4] = ROL64(A[0][4] ^ D[4], rhotates[4][4]); in FourRounds()
921 /* C[0] = */ A[0][0] = B[0] ^ (~B[1] & B[2]) ^ iotas[i + 3]; in FourRounds()
922 /* C[1] = */ A[0][1] = B[1] ^ (~B[2] & B[3]); in FourRounds()
923 /* C[2] = */ A[0][2] = B[2] ^ (~B[3] & B[4]); in FourRounds()
924 /* C[3] = */ A[0][3] = B[3] ^ (~B[4] & B[0]); in FourRounds()
925 /* C[4] = */ A[0][4] = B[4] ^ (~B[0] & B[1]); in FourRounds()
927 B[0] = ROL64(A[1][3] ^ D[3], rhotates[0][3]); in FourRounds()
928 B[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]); in FourRounds()
929 B[2] = ROL64(A[1][0] ^ D[0], rhotates[2][0]); in FourRounds()
930 B[3] = ROL64(A[1][1] ^ D[1], rhotates[3][1]); in FourRounds()
931 B[4] = ROL64(A[1][2] ^ D[2], rhotates[4][2]); in FourRounds()
933 /* C[0] ^= */ A[1][0] = B[0] ^ (~B[1] & B[2]); in FourRounds()
934 /* C[1] ^= */ A[1][1] = B[1] ^ (~B[2] & B[3]); in FourRounds()
935 /* C[2] ^= */ A[1][2] = B[2] ^ (~B[3] & B[4]); in FourRounds()
936 /* C[3] ^= */ A[1][3] = B[3] ^ (~B[4] & B[0]); in FourRounds()
937 /* C[4] ^= */ A[1][4] = B[4] ^ (~B[0] & B[1]); in FourRounds()
939 B[0] = ROL64(A[2][1] ^ D[1], rhotates[0][1]); in FourRounds()
940 B[1] = ROL64(A[2][2] ^ D[2], rhotates[1][2]); in FourRounds()
941 B[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]); in FourRounds()
942 B[3] = ROL64(A[2][4] ^ D[4], rhotates[3][4]); in FourRounds()
943 B[4] = ROL64(A[2][0] ^ D[0], rhotates[4][0]); in FourRounds()
945 /* C[0] ^= */ A[2][0] = B[0] ^ (~B[1] & B[2]); in FourRounds()
946 /* C[1] ^= */ A[2][1] = B[1] ^ (~B[2] & B[3]); in FourRounds()
947 /* C[2] ^= */ A[2][2] = B[2] ^ (~B[3] & B[4]); in FourRounds()
948 /* C[3] ^= */ A[2][3] = B[3] ^ (~B[4] & B[0]); in FourRounds()
949 /* C[4] ^= */ A[2][4] = B[4] ^ (~B[0] & B[1]); in FourRounds()
951 B[0] = ROL64(A[3][4] ^ D[4], rhotates[0][4]); in FourRounds()
952 B[1] = ROL64(A[3][0] ^ D[0], rhotates[1][0]); in FourRounds()
953 B[2] = ROL64(A[3][1] ^ D[1], rhotates[2][1]); in FourRounds()
954 B[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]); in FourRounds()
955 B[4] = ROL64(A[3][3] ^ D[3], rhotates[4][3]); in FourRounds()
957 /* C[0] ^= */ A[3][0] = B[0] ^ (~B[1] & B[2]); in FourRounds()
958 /* C[1] ^= */ A[3][1] = B[1] ^ (~B[2] & B[3]); in FourRounds()
959 /* C[2] ^= */ A[3][2] = B[2] ^ (~B[3] & B[4]); in FourRounds()
960 /* C[3] ^= */ A[3][3] = B[3] ^ (~B[4] & B[0]); in FourRounds()
961 /* C[4] ^= */ A[3][4] = B[4] ^ (~B[0] & B[1]); in FourRounds()
963 B[0] = ROL64(A[4][2] ^ D[2], rhotates[0][2]); in FourRounds()
964 B[1] = ROL64(A[4][3] ^ D[3], rhotates[1][3]); in FourRounds()
965 B[2] = ROL64(A[4][4] ^ D[4], rhotates[2][4]); in FourRounds()
966 B[3] = ROL64(A[4][0] ^ D[0], rhotates[3][0]); in FourRounds()
967 B[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]); in FourRounds()
969 /* C[0] ^= */ A[4][0] = B[0] ^ (~B[1] & B[2]); in FourRounds()
970 /* C[1] ^= */ A[4][1] = B[1] ^ (~B[2] & B[3]); in FourRounds()
971 /* C[2] ^= */ A[4][2] = B[2] ^ (~B[3] & B[4]); in FourRounds()
972 /* C[3] ^= */ A[4][3] = B[3] ^ (~B[4] & B[0]); in FourRounds()
973 /* C[4] ^= */ A[4][4] = B[4] ^ (~B[0] & B[1]); in FourRounds()
976 static void KeccakF1600(uint64_t A[5][5]) in KeccakF1600()
981 FourRounds(A, i); in KeccakF1600()
1069 size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len, in SHA3_absorb()
1072 uint64_t *A_flat = (uint64_t *)A; in SHA3_absorb()
1075 assert(r < (25 * sizeof(A[0][0])) && (r % 8) == 0); in SHA3_absorb()
1087 KeccakF1600(A); in SHA3_absorb()
1103 void SHA3_squeeze(uint64_t A[5][5], unsigned char *out, size_t len, size_t r, in SHA3_squeeze()
1106 uint64_t *A_flat = (uint64_t *)A; in SHA3_squeeze()
1109 assert(r < (25 * sizeof(A[0][0])) && (r % 8) == 0); in SHA3_squeeze()
1113 KeccakF1600(A); in SHA3_squeeze()
1156 uint64_t A[5][5]; in SHA3_sponge() local
1158 memset(A, 0, sizeof(A)); in SHA3_sponge()
1159 SHA3_absorb(A, inp, len, r); in SHA3_sponge()
1160 SHA3_squeeze(A, out, d, r); in SHA3_sponge()
