Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cpython3 / 42ac3c91e75fc3b44c3d5e3ab30db6d022f3f749 / . / Modules / _sha3 / keccak / KeccakF-1600-32-s2.macros
blob: fa1176219a4b43f0883a14d5363dc4da062851aa [file] [log] [blame]
Christian Heimes4a0270d2012-10-06 02:23:36 +0200[diff] [blame]1/*
2Code automatically generated by KeccakTools!
3
4The Keccak sponge function, designed by Guido Bertoni, Joan Daemen,
5Michaƫl Peeters and Gilles Van Assche. For more information, feedback or
6questions, please refer to our website: http://keccak.noekeon.org/
7
8Implementation by the designers,
9hereby denoted as "the implementer".
10
11To the extent possible under law, the implementer has waived all copyright
12and related or neighboring rights to the source code in this file.
13http://creativecommons.org/publicdomain/zero/1.0/
14*/
15
16#define declareABCDE \
17 UINT32 Aba0, Abe0, Abi0, Abo0, Abu0; \
18 UINT32 Aba1, Abe1, Abi1, Abo1, Abu1; \
19 UINT32 Aga0, Age0, Agi0, Ago0, Agu0; \
20 UINT32 Aga1, Age1, Agi1, Ago1, Agu1; \
21 UINT32 Aka0, Ake0, Aki0, Ako0, Aku0; \
22 UINT32 Aka1, Ake1, Aki1, Ako1, Aku1; \
23 UINT32 Ama0, Ame0, Ami0, Amo0, Amu0; \
24 UINT32 Ama1, Ame1, Ami1, Amo1, Amu1; \
25 UINT32 Asa0, Ase0, Asi0, Aso0, Asu0; \
26 UINT32 Asa1, Ase1, Asi1, Aso1, Asu1; \
27 UINT32 Bba0, Bbe0, Bbi0, Bbo0, Bbu0; \
28 UINT32 Bba1, Bbe1, Bbi1, Bbo1, Bbu1; \
29 UINT32 Bga0, Bge0, Bgi0, Bgo0, Bgu0; \
30 UINT32 Bga1, Bge1, Bgi1, Bgo1, Bgu1; \
31 UINT32 Bka0, Bke0, Bki0, Bko0, Bku0; \
32 UINT32 Bka1, Bke1, Bki1, Bko1, Bku1; \
33 UINT32 Bma0, Bme0, Bmi0, Bmo0, Bmu0; \
34 UINT32 Bma1, Bme1, Bmi1, Bmo1, Bmu1; \
35 UINT32 Bsa0, Bse0, Bsi0, Bso0, Bsu0; \
36 UINT32 Bsa1, Bse1, Bsi1, Bso1, Bsu1; \
37 UINT32 Ca0, Ce0, Ci0, Co0, Cu0; \
38 UINT32 Ca1, Ce1, Ci1, Co1, Cu1; \
39 UINT32 Da0, De0, Di0, Do0, Du0; \
40 UINT32 Da1, De1, Di1, Do1, Du1; \
41 UINT32 Eba0, Ebe0, Ebi0, Ebo0, Ebu0; \
42 UINT32 Eba1, Ebe1, Ebi1, Ebo1, Ebu1; \
43 UINT32 Ega0, Ege0, Egi0, Ego0, Egu0; \
44 UINT32 Ega1, Ege1, Egi1, Ego1, Egu1; \
45 UINT32 Eka0, Eke0, Eki0, Eko0, Eku0; \
46 UINT32 Eka1, Eke1, Eki1, Eko1, Eku1; \
47 UINT32 Ema0, Eme0, Emi0, Emo0, Emu0; \
48 UINT32 Ema1, Eme1, Emi1, Emo1, Emu1; \
49 UINT32 Esa0, Ese0, Esi0, Eso0, Esu0; \
50 UINT32 Esa1, Ese1, Esi1, Eso1, Esu1; \
51
52#define prepareTheta \
53 Ca0 = Aba0^Aga0^Aka0^Ama0^Asa0; \
54 Ca1 = Aba1^Aga1^Aka1^Ama1^Asa1; \
55 Ce0 = Abe0^Age0^Ake0^Ame0^Ase0; \
56 Ce1 = Abe1^Age1^Ake1^Ame1^Ase1; \
57 Ci0 = Abi0^Agi0^Aki0^Ami0^Asi0; \
58 Ci1 = Abi1^Agi1^Aki1^Ami1^Asi1; \
59 Co0 = Abo0^Ago0^Ako0^Amo0^Aso0; \
60 Co1 = Abo1^Ago1^Ako1^Amo1^Aso1; \
61 Cu0 = Abu0^Agu0^Aku0^Amu0^Asu0; \
62 Cu1 = Abu1^Agu1^Aku1^Amu1^Asu1; \
63
64#ifdef UseBebigokimisa
65/* --- Code for round, with prepare-theta (lane complementing pattern 'bebigokimisa') */
66/* --- using factor 2 interleaving, 64-bit lanes mapped to 32-bit words */
67#define thetaRhoPiChiIotaPrepareTheta(i, A, E) \
68 Da0 = Cu0^ROL32(Ce1, 1); \
69 Da1 = Cu1^Ce0; \
70 De0 = Ca0^ROL32(Ci1, 1); \
71 De1 = Ca1^Ci0; \
72 Di0 = Ce0^ROL32(Co1, 1); \
73 Di1 = Ce1^Co0; \
74 Do0 = Ci0^ROL32(Cu1, 1); \
75 Do1 = Ci1^Cu0; \
76 Du0 = Co0^ROL32(Ca1, 1); \
77 Du1 = Co1^Ca0; \
78\
79 A##ba0 ^= Da0; \
80 Bba0 = A##ba0; \
81 A##ge0 ^= De0; \
82 Bbe0 = ROL32(A##ge0, 22); \
83 A##ki1 ^= Di1; \
84 Bbi0 = ROL32(A##ki1, 22); \
85 E##ba0 = Bba0 ^( Bbe0 | Bbi0 ); \
86 E##ba0 ^= KeccakF1600RoundConstants_int2_0[i]; \
87 Ca0 = E##ba0; \
88 A##mo1 ^= Do1; \
89 Bbo0 = ROL32(A##mo1, 11); \
90 E##be0 = Bbe0 ^((~Bbi0)| Bbo0 ); \
91 Ce0 = E##be0; \
92 A##su0 ^= Du0; \
93 Bbu0 = ROL32(A##su0, 7); \
94 E##bi0 = Bbi0 ^( Bbo0 & Bbu0 ); \
95 Ci0 = E##bi0; \
96 E##bo0 = Bbo0 ^( Bbu0 | Bba0 ); \
97 Co0 = E##bo0; \
98 E##bu0 = Bbu0 ^( Bba0 & Bbe0 ); \
99 Cu0 = E##bu0; \
100\
101 A##ba1 ^= Da1; \
102 Bba1 = A##ba1; \
103 A##ge1 ^= De1; \
104 Bbe1 = ROL32(A##ge1, 22); \
105 A##ki0 ^= Di0; \
106 Bbi1 = ROL32(A##ki0, 21); \
107 E##ba1 = Bba1 ^( Bbe1 | Bbi1 ); \
108 E##ba1 ^= KeccakF1600RoundConstants_int2_1[i]; \
109 Ca1 = E##ba1; \
110 A##mo0 ^= Do0; \
111 Bbo1 = ROL32(A##mo0, 10); \
112 E##be1 = Bbe1 ^((~Bbi1)| Bbo1 ); \
113 Ce1 = E##be1; \
114 A##su1 ^= Du1; \
115 Bbu1 = ROL32(A##su1, 7); \
116 E##bi1 = Bbi1 ^( Bbo1 & Bbu1 ); \
117 Ci1 = E##bi1; \
118 E##bo1 = Bbo1 ^( Bbu1 | Bba1 ); \
119 Co1 = E##bo1; \
120 E##bu1 = Bbu1 ^( Bba1 & Bbe1 ); \
121 Cu1 = E##bu1; \
122\
123 A##bo0 ^= Do0; \
124 Bga0 = ROL32(A##bo0, 14); \
125 A##gu0 ^= Du0; \
126 Bge0 = ROL32(A##gu0, 10); \
127 A##ka1 ^= Da1; \
128 Bgi0 = ROL32(A##ka1, 2); \
129 E##ga0 = Bga0 ^( Bge0 | Bgi0 ); \
130 Ca0 ^= E##ga0; \
131 A##me1 ^= De1; \
132 Bgo0 = ROL32(A##me1, 23); \
133 E##ge0 = Bge0 ^( Bgi0 & Bgo0 ); \
134 Ce0 ^= E##ge0; \
135 A##si1 ^= Di1; \
136 Bgu0 = ROL32(A##si1, 31); \
137 E##gi0 = Bgi0 ^( Bgo0 |(~Bgu0)); \
138 Ci0 ^= E##gi0; \
139 E##go0 = Bgo0 ^( Bgu0 | Bga0 ); \
140 Co0 ^= E##go0; \
141 E##gu0 = Bgu0 ^( Bga0 & Bge0 ); \
142 Cu0 ^= E##gu0; \
143\
144 A##bo1 ^= Do1; \
145 Bga1 = ROL32(A##bo1, 14); \
146 A##gu1 ^= Du1; \
147 Bge1 = ROL32(A##gu1, 10); \
148 A##ka0 ^= Da0; \
149 Bgi1 = ROL32(A##ka0, 1); \
150 E##ga1 = Bga1 ^( Bge1 | Bgi1 ); \
151 Ca1 ^= E##ga1; \
152 A##me0 ^= De0; \
153 Bgo1 = ROL32(A##me0, 22); \
154 E##ge1 = Bge1 ^( Bgi1 & Bgo1 ); \
155 Ce1 ^= E##ge1; \
156 A##si0 ^= Di0; \
157 Bgu1 = ROL32(A##si0, 30); \
158 E##gi1 = Bgi1 ^( Bgo1 |(~Bgu1)); \
159 Ci1 ^= E##gi1; \
160 E##go1 = Bgo1 ^( Bgu1 | Bga1 ); \
161 Co1 ^= E##go1; \
162 E##gu1 = Bgu1 ^( Bga1 & Bge1 ); \
163 Cu1 ^= E##gu1; \
164\
165 A##be1 ^= De1; \
166 Bka0 = ROL32(A##be1, 1); \
167 A##gi0 ^= Di0; \
168 Bke0 = ROL32(A##gi0, 3); \
169 A##ko1 ^= Do1; \
170 Bki0 = ROL32(A##ko1, 13); \
171 E##ka0 = Bka0 ^( Bke0 | Bki0 ); \
172 Ca0 ^= E##ka0; \
173 A##mu0 ^= Du0; \
174 Bko0 = ROL32(A##mu0, 4); \
175 E##ke0 = Bke0 ^( Bki0 & Bko0 ); \
176 Ce0 ^= E##ke0; \
177 A##sa0 ^= Da0; \
178 Bku0 = ROL32(A##sa0, 9); \
179 E##ki0 = Bki0 ^((~Bko0)& Bku0 ); \
180 Ci0 ^= E##ki0; \
181 E##ko0 = (~Bko0)^( Bku0 | Bka0 ); \
182 Co0 ^= E##ko0; \
183 E##ku0 = Bku0 ^( Bka0 & Bke0 ); \
184 Cu0 ^= E##ku0; \
185\
186 A##be0 ^= De0; \
187 Bka1 = A##be0; \
188 A##gi1 ^= Di1; \
189 Bke1 = ROL32(A##gi1, 3); \
190 A##ko0 ^= Do0; \
191 Bki1 = ROL32(A##ko0, 12); \
192 E##ka1 = Bka1 ^( Bke1 | Bki1 ); \
193 Ca1 ^= E##ka1; \
194 A##mu1 ^= Du1; \
195 Bko1 = ROL32(A##mu1, 4); \
196 E##ke1 = Bke1 ^( Bki1 & Bko1 ); \
197 Ce1 ^= E##ke1; \
198 A##sa1 ^= Da1; \
199 Bku1 = ROL32(A##sa1, 9); \
200 E##ki1 = Bki1 ^((~Bko1)& Bku1 ); \
201 Ci1 ^= E##ki1; \
202 E##ko1 = (~Bko1)^( Bku1 | Bka1 ); \
203 Co1 ^= E##ko1; \
204 E##ku1 = Bku1 ^( Bka1 & Bke1 ); \
205 Cu1 ^= E##ku1; \
206\
207 A##bu1 ^= Du1; \
208 Bma0 = ROL32(A##bu1, 14); \
209 A##ga0 ^= Da0; \
210 Bme0 = ROL32(A##ga0, 18); \
211 A##ke0 ^= De0; \
212 Bmi0 = ROL32(A##ke0, 5); \
213 E##ma0 = Bma0 ^( Bme0 & Bmi0 ); \
214 Ca0 ^= E##ma0; \
215 A##mi1 ^= Di1; \
216 Bmo0 = ROL32(A##mi1, 8); \
217 E##me0 = Bme0 ^( Bmi0 | Bmo0 ); \
218 Ce0 ^= E##me0; \
219 A##so0 ^= Do0; \
220 Bmu0 = ROL32(A##so0, 28); \
221 E##mi0 = Bmi0 ^((~Bmo0)| Bmu0 ); \
222 Ci0 ^= E##mi0; \
223 E##mo0 = (~Bmo0)^( Bmu0 & Bma0 ); \
224 Co0 ^= E##mo0; \
225 E##mu0 = Bmu0 ^( Bma0 | Bme0 ); \
226 Cu0 ^= E##mu0; \
227\
228 A##bu0 ^= Du0; \
229 Bma1 = ROL32(A##bu0, 13); \
230 A##ga1 ^= Da1; \
231 Bme1 = ROL32(A##ga1, 18); \
232 A##ke1 ^= De1; \
233 Bmi1 = ROL32(A##ke1, 5); \
234 E##ma1 = Bma1 ^( Bme1 & Bmi1 ); \
235 Ca1 ^= E##ma1; \
236 A##mi0 ^= Di0; \
237 Bmo1 = ROL32(A##mi0, 7); \
238 E##me1 = Bme1 ^( Bmi1 | Bmo1 ); \
239 Ce1 ^= E##me1; \
240 A##so1 ^= Do1; \
241 Bmu1 = ROL32(A##so1, 28); \
242 E##mi1 = Bmi1 ^((~Bmo1)| Bmu1 ); \
243 Ci1 ^= E##mi1; \
244 E##mo1 = (~Bmo1)^( Bmu1 & Bma1 ); \
245 Co1 ^= E##mo1; \
246 E##mu1 = Bmu1 ^( Bma1 | Bme1 ); \
247 Cu1 ^= E##mu1; \
248\
249 A##bi0 ^= Di0; \
250 Bsa0 = ROL32(A##bi0, 31); \
251 A##go1 ^= Do1; \
252 Bse0 = ROL32(A##go1, 28); \
253 A##ku1 ^= Du1; \
254 Bsi0 = ROL32(A##ku1, 20); \
255 E##sa0 = Bsa0 ^((~Bse0)& Bsi0 ); \
256 Ca0 ^= E##sa0; \
257 A##ma1 ^= Da1; \
258 Bso0 = ROL32(A##ma1, 21); \
259 E##se0 = (~Bse0)^( Bsi0 | Bso0 ); \
260 Ce0 ^= E##se0; \
261 A##se0 ^= De0; \
262 Bsu0 = ROL32(A##se0, 1); \
263 E##si0 = Bsi0 ^( Bso0 & Bsu0 ); \
264 Ci0 ^= E##si0; \
265 E##so0 = Bso0 ^( Bsu0 | Bsa0 ); \
266 Co0 ^= E##so0; \
267 E##su0 = Bsu0 ^( Bsa0 & Bse0 ); \
268 Cu0 ^= E##su0; \
269\
270 A##bi1 ^= Di1; \
271 Bsa1 = ROL32(A##bi1, 31); \
272 A##go0 ^= Do0; \
273 Bse1 = ROL32(A##go0, 27); \
274 A##ku0 ^= Du0; \
275 Bsi1 = ROL32(A##ku0, 19); \
276 E##sa1 = Bsa1 ^((~Bse1)& Bsi1 ); \
277 Ca1 ^= E##sa1; \
278 A##ma0 ^= Da0; \
279 Bso1 = ROL32(A##ma0, 20); \
280 E##se1 = (~Bse1)^( Bsi1 | Bso1 ); \
281 Ce1 ^= E##se1; \
282 A##se1 ^= De1; \
283 Bsu1 = ROL32(A##se1, 1); \
284 E##si1 = Bsi1 ^( Bso1 & Bsu1 ); \
285 Ci1 ^= E##si1; \
286 E##so1 = Bso1 ^( Bsu1 | Bsa1 ); \
287 Co1 ^= E##so1; \
288 E##su1 = Bsu1 ^( Bsa1 & Bse1 ); \
289 Cu1 ^= E##su1; \
290\
291
292/* --- Code for round (lane complementing pattern 'bebigokimisa') */
293/* --- using factor 2 interleaving, 64-bit lanes mapped to 32-bit words */
294#define thetaRhoPiChiIota(i, A, E) \
295 Da0 = Cu0^ROL32(Ce1, 1); \
296 Da1 = Cu1^Ce0; \
297 De0 = Ca0^ROL32(Ci1, 1); \
298 De1 = Ca1^Ci0; \
299 Di0 = Ce0^ROL32(Co1, 1); \
300 Di1 = Ce1^Co0; \
301 Do0 = Ci0^ROL32(Cu1, 1); \
302 Do1 = Ci1^Cu0; \
303 Du0 = Co0^ROL32(Ca1, 1); \
304 Du1 = Co1^Ca0; \
305\
306 A##ba0 ^= Da0; \
307 Bba0 = A##ba0; \
308 A##ge0 ^= De0; \
309 Bbe0 = ROL32(A##ge0, 22); \
310 A##ki1 ^= Di1; \
311 Bbi0 = ROL32(A##ki1, 22); \
312 E##ba0 = Bba0 ^( Bbe0 | Bbi0 ); \
313 E##ba0 ^= KeccakF1600RoundConstants_int2_0[i]; \
314 A##mo1 ^= Do1; \
315 Bbo0 = ROL32(A##mo1, 11); \
316 E##be0 = Bbe0 ^((~Bbi0)| Bbo0 ); \
317 A##su0 ^= Du0; \
318 Bbu0 = ROL32(A##su0, 7); \
319 E##bi0 = Bbi0 ^( Bbo0 & Bbu0 ); \
320 E##bo0 = Bbo0 ^( Bbu0 | Bba0 ); \
321 E##bu0 = Bbu0 ^( Bba0 & Bbe0 ); \
322\
323 A##ba1 ^= Da1; \
324 Bba1 = A##ba1; \
325 A##ge1 ^= De1; \
326 Bbe1 = ROL32(A##ge1, 22); \
327 A##ki0 ^= Di0; \
328 Bbi1 = ROL32(A##ki0, 21); \
329 E##ba1 = Bba1 ^( Bbe1 | Bbi1 ); \
330 E##ba1 ^= KeccakF1600RoundConstants_int2_1[i]; \
331 A##mo0 ^= Do0; \
332 Bbo1 = ROL32(A##mo0, 10); \
333 E##be1 = Bbe1 ^((~Bbi1)| Bbo1 ); \
334 A##su1 ^= Du1; \
335 Bbu1 = ROL32(A##su1, 7); \
336 E##bi1 = Bbi1 ^( Bbo1 & Bbu1 ); \
337 E##bo1 = Bbo1 ^( Bbu1 | Bba1 ); \
338 E##bu1 = Bbu1 ^( Bba1 & Bbe1 ); \
339\
340 A##bo0 ^= Do0; \
341 Bga0 = ROL32(A##bo0, 14); \
342 A##gu0 ^= Du0; \
343 Bge0 = ROL32(A##gu0, 10); \
344 A##ka1 ^= Da1; \
345 Bgi0 = ROL32(A##ka1, 2); \
346 E##ga0 = Bga0 ^( Bge0 | Bgi0 ); \
347 A##me1 ^= De1; \
348 Bgo0 = ROL32(A##me1, 23); \
349 E##ge0 = Bge0 ^( Bgi0 & Bgo0 ); \
350 A##si1 ^= Di1; \
351 Bgu0 = ROL32(A##si1, 31); \
352 E##gi0 = Bgi0 ^( Bgo0 |(~Bgu0)); \
353 E##go0 = Bgo0 ^( Bgu0 | Bga0 ); \
354 E##gu0 = Bgu0 ^( Bga0 & Bge0 ); \
355\
356 A##bo1 ^= Do1; \
357 Bga1 = ROL32(A##bo1, 14); \
358 A##gu1 ^= Du1; \
359 Bge1 = ROL32(A##gu1, 10); \
360 A##ka0 ^= Da0; \
361 Bgi1 = ROL32(A##ka0, 1); \
362 E##ga1 = Bga1 ^( Bge1 | Bgi1 ); \
363 A##me0 ^= De0; \
364 Bgo1 = ROL32(A##me0, 22); \
365 E##ge1 = Bge1 ^( Bgi1 & Bgo1 ); \
366 A##si0 ^= Di0; \
367 Bgu1 = ROL32(A##si0, 30); \
368 E##gi1 = Bgi1 ^( Bgo1 |(~Bgu1)); \
369 E##go1 = Bgo1 ^( Bgu1 | Bga1 ); \
370 E##gu1 = Bgu1 ^( Bga1 & Bge1 ); \
371\
372 A##be1 ^= De1; \
373 Bka0 = ROL32(A##be1, 1); \
374 A##gi0 ^= Di0; \
375 Bke0 = ROL32(A##gi0, 3); \
376 A##ko1 ^= Do1; \
377 Bki0 = ROL32(A##ko1, 13); \
378 E##ka0 = Bka0 ^( Bke0 | Bki0 ); \
379 A##mu0 ^= Du0; \
380 Bko0 = ROL32(A##mu0, 4); \
381 E##ke0 = Bke0 ^( Bki0 & Bko0 ); \
382 A##sa0 ^= Da0; \
383 Bku0 = ROL32(A##sa0, 9); \
384 E##ki0 = Bki0 ^((~Bko0)& Bku0 ); \
385 E##ko0 = (~Bko0)^( Bku0 | Bka0 ); \
386 E##ku0 = Bku0 ^( Bka0 & Bke0 ); \
387\
388 A##be0 ^= De0; \
389 Bka1 = A##be0; \
390 A##gi1 ^= Di1; \
391 Bke1 = ROL32(A##gi1, 3); \
392 A##ko0 ^= Do0; \
393 Bki1 = ROL32(A##ko0, 12); \
394 E##ka1 = Bka1 ^( Bke1 | Bki1 ); \
395 A##mu1 ^= Du1; \
396 Bko1 = ROL32(A##mu1, 4); \
397 E##ke1 = Bke1 ^( Bki1 & Bko1 ); \
398 A##sa1 ^= Da1; \
399 Bku1 = ROL32(A##sa1, 9); \
400 E##ki1 = Bki1 ^((~Bko1)& Bku1 ); \
401 E##ko1 = (~Bko1)^( Bku1 | Bka1 ); \
402 E##ku1 = Bku1 ^( Bka1 & Bke1 ); \
403\
404 A##bu1 ^= Du1; \
405 Bma0 = ROL32(A##bu1, 14); \
406 A##ga0 ^= Da0; \
407 Bme0 = ROL32(A##ga0, 18); \
408 A##ke0 ^= De0; \
409 Bmi0 = ROL32(A##ke0, 5); \
410 E##ma0 = Bma0 ^( Bme0 & Bmi0 ); \
411 A##mi1 ^= Di1; \
412 Bmo0 = ROL32(A##mi1, 8); \
413 E##me0 = Bme0 ^( Bmi0 | Bmo0 ); \
414 A##so0 ^= Do0; \
415 Bmu0 = ROL32(A##so0, 28); \
416 E##mi0 = Bmi0 ^((~Bmo0)| Bmu0 ); \
417 E##mo0 = (~Bmo0)^( Bmu0 & Bma0 ); \
418 E##mu0 = Bmu0 ^( Bma0 | Bme0 ); \
419\
420 A##bu0 ^= Du0; \
421 Bma1 = ROL32(A##bu0, 13); \
422 A##ga1 ^= Da1; \
423 Bme1 = ROL32(A##ga1, 18); \
424 A##ke1 ^= De1; \
425 Bmi1 = ROL32(A##ke1, 5); \
426 E##ma1 = Bma1 ^( Bme1 & Bmi1 ); \
427 A##mi0 ^= Di0; \
428 Bmo1 = ROL32(A##mi0, 7); \
429 E##me1 = Bme1 ^( Bmi1 | Bmo1 ); \
430 A##so1 ^= Do1; \
431 Bmu1 = ROL32(A##so1, 28); \
432 E##mi1 = Bmi1 ^((~Bmo1)| Bmu1 ); \
433 E##mo1 = (~Bmo1)^( Bmu1 & Bma1 ); \
434 E##mu1 = Bmu1 ^( Bma1 | Bme1 ); \
435\
436 A##bi0 ^= Di0; \
437 Bsa0 = ROL32(A##bi0, 31); \
438 A##go1 ^= Do1; \
439 Bse0 = ROL32(A##go1, 28); \
440 A##ku1 ^= Du1; \
441 Bsi0 = ROL32(A##ku1, 20); \
442 E##sa0 = Bsa0 ^((~Bse0)& Bsi0 ); \
443 A##ma1 ^= Da1; \
444 Bso0 = ROL32(A##ma1, 21); \
445 E##se0 = (~Bse0)^( Bsi0 | Bso0 ); \
446 A##se0 ^= De0; \
447 Bsu0 = ROL32(A##se0, 1); \
448 E##si0 = Bsi0 ^( Bso0 & Bsu0 ); \
449 E##so0 = Bso0 ^( Bsu0 | Bsa0 ); \
450 E##su0 = Bsu0 ^( Bsa0 & Bse0 ); \
451\
452 A##bi1 ^= Di1; \
453 Bsa1 = ROL32(A##bi1, 31); \
454 A##go0 ^= Do0; \
455 Bse1 = ROL32(A##go0, 27); \
456 A##ku0 ^= Du0; \
457 Bsi1 = ROL32(A##ku0, 19); \
458 E##sa1 = Bsa1 ^((~Bse1)& Bsi1 ); \
459 A##ma0 ^= Da0; \
460 Bso1 = ROL32(A##ma0, 20); \
461 E##se1 = (~Bse1)^( Bsi1 | Bso1 ); \
462 A##se1 ^= De1; \
463 Bsu1 = ROL32(A##se1, 1); \
464 E##si1 = Bsi1 ^( Bso1 & Bsu1 ); \
465 E##so1 = Bso1 ^( Bsu1 | Bsa1 ); \
466 E##su1 = Bsu1 ^( Bsa1 & Bse1 ); \
467\
468
469#else /* UseBebigokimisa */
470/* --- Code for round, with prepare-theta */
471/* --- using factor 2 interleaving, 64-bit lanes mapped to 32-bit words */
472#define thetaRhoPiChiIotaPrepareTheta(i, A, E) \
473 Da0 = Cu0^ROL32(Ce1, 1); \
474 Da1 = Cu1^Ce0; \
475 De0 = Ca0^ROL32(Ci1, 1); \
476 De1 = Ca1^Ci0; \
477 Di0 = Ce0^ROL32(Co1, 1); \
478 Di1 = Ce1^Co0; \
479 Do0 = Ci0^ROL32(Cu1, 1); \
480 Do1 = Ci1^Cu0; \
481 Du0 = Co0^ROL32(Ca1, 1); \
482 Du1 = Co1^Ca0; \
483\
484 A##ba0 ^= Da0; \
485 Bba0 = A##ba0; \
486 A##ge0 ^= De0; \
487 Bbe0 = ROL32(A##ge0, 22); \
488 A##ki1 ^= Di1; \
489 Bbi0 = ROL32(A##ki1, 22); \
490 E##ba0 = Bba0 ^((~Bbe0)& Bbi0 ); \
491 E##ba0 ^= KeccakF1600RoundConstants_int2_0[i]; \
492 Ca0 = E##ba0; \
493 A##mo1 ^= Do1; \
494 Bbo0 = ROL32(A##mo1, 11); \
495 E##be0 = Bbe0 ^((~Bbi0)& Bbo0 ); \
496 Ce0 = E##be0; \
497 A##su0 ^= Du0; \
498 Bbu0 = ROL32(A##su0, 7); \
499 E##bi0 = Bbi0 ^((~Bbo0)& Bbu0 ); \
500 Ci0 = E##bi0; \
501 E##bo0 = Bbo0 ^((~Bbu0)& Bba0 ); \
502 Co0 = E##bo0; \
503 E##bu0 = Bbu0 ^((~Bba0)& Bbe0 ); \
504 Cu0 = E##bu0; \
505\
506 A##ba1 ^= Da1; \
507 Bba1 = A##ba1; \
508 A##ge1 ^= De1; \
509 Bbe1 = ROL32(A##ge1, 22); \
510 A##ki0 ^= Di0; \
511 Bbi1 = ROL32(A##ki0, 21); \
512 E##ba1 = Bba1 ^((~Bbe1)& Bbi1 ); \
513 E##ba1 ^= KeccakF1600RoundConstants_int2_1[i]; \
514 Ca1 = E##ba1; \
515 A##mo0 ^= Do0; \
516 Bbo1 = ROL32(A##mo0, 10); \
517 E##be1 = Bbe1 ^((~Bbi1)& Bbo1 ); \
518 Ce1 = E##be1; \
519 A##su1 ^= Du1; \
520 Bbu1 = ROL32(A##su1, 7); \
521 E##bi1 = Bbi1 ^((~Bbo1)& Bbu1 ); \
522 Ci1 = E##bi1; \
523 E##bo1 = Bbo1 ^((~Bbu1)& Bba1 ); \
524 Co1 = E##bo1; \
525 E##bu1 = Bbu1 ^((~Bba1)& Bbe1 ); \
526 Cu1 = E##bu1; \
527\
528 A##bo0 ^= Do0; \
529 Bga0 = ROL32(A##bo0, 14); \
530 A##gu0 ^= Du0; \
531 Bge0 = ROL32(A##gu0, 10); \
532 A##ka1 ^= Da1; \
533 Bgi0 = ROL32(A##ka1, 2); \
534 E##ga0 = Bga0 ^((~Bge0)& Bgi0 ); \
535 Ca0 ^= E##ga0; \
536 A##me1 ^= De1; \
537 Bgo0 = ROL32(A##me1, 23); \
538 E##ge0 = Bge0 ^((~Bgi0)& Bgo0 ); \
539 Ce0 ^= E##ge0; \
540 A##si1 ^= Di1; \
541 Bgu0 = ROL32(A##si1, 31); \
542 E##gi0 = Bgi0 ^((~Bgo0)& Bgu0 ); \
543 Ci0 ^= E##gi0; \
544 E##go0 = Bgo0 ^((~Bgu0)& Bga0 ); \
545 Co0 ^= E##go0; \
546 E##gu0 = Bgu0 ^((~Bga0)& Bge0 ); \
547 Cu0 ^= E##gu0; \
548\
549 A##bo1 ^= Do1; \
550 Bga1 = ROL32(A##bo1, 14); \
551 A##gu1 ^= Du1; \
552 Bge1 = ROL32(A##gu1, 10); \
553 A##ka0 ^= Da0; \
554 Bgi1 = ROL32(A##ka0, 1); \
555 E##ga1 = Bga1 ^((~Bge1)& Bgi1 ); \
556 Ca1 ^= E##ga1; \
557 A##me0 ^= De0; \
558 Bgo1 = ROL32(A##me0, 22); \
559 E##ge1 = Bge1 ^((~Bgi1)& Bgo1 ); \
560 Ce1 ^= E##ge1; \
561 A##si0 ^= Di0; \
562 Bgu1 = ROL32(A##si0, 30); \
563 E##gi1 = Bgi1 ^((~Bgo1)& Bgu1 ); \
564 Ci1 ^= E##gi1; \
565 E##go1 = Bgo1 ^((~Bgu1)& Bga1 ); \
566 Co1 ^= E##go1; \
567 E##gu1 = Bgu1 ^((~Bga1)& Bge1 ); \
568 Cu1 ^= E##gu1; \
569\
570 A##be1 ^= De1; \
571 Bka0 = ROL32(A##be1, 1); \
572 A##gi0 ^= Di0; \
573 Bke0 = ROL32(A##gi0, 3); \
574 A##ko1 ^= Do1; \
575 Bki0 = ROL32(A##ko1, 13); \
576 E##ka0 = Bka0 ^((~Bke0)& Bki0 ); \
577 Ca0 ^= E##ka0; \
578 A##mu0 ^= Du0; \
579 Bko0 = ROL32(A##mu0, 4); \
580 E##ke0 = Bke0 ^((~Bki0)& Bko0 ); \
581 Ce0 ^= E##ke0; \
582 A##sa0 ^= Da0; \
583 Bku0 = ROL32(A##sa0, 9); \
584 E##ki0 = Bki0 ^((~Bko0)& Bku0 ); \
585 Ci0 ^= E##ki0; \
586 E##ko0 = Bko0 ^((~Bku0)& Bka0 ); \
587 Co0 ^= E##ko0; \
588 E##ku0 = Bku0 ^((~Bka0)& Bke0 ); \
589 Cu0 ^= E##ku0; \
590\
591 A##be0 ^= De0; \
592 Bka1 = A##be0; \
593 A##gi1 ^= Di1; \
594 Bke1 = ROL32(A##gi1, 3); \
595 A##ko0 ^= Do0; \
596 Bki1 = ROL32(A##ko0, 12); \
597 E##ka1 = Bka1 ^((~Bke1)& Bki1 ); \
598 Ca1 ^= E##ka1; \
599 A##mu1 ^= Du1; \
600 Bko1 = ROL32(A##mu1, 4); \
601 E##ke1 = Bke1 ^((~Bki1)& Bko1 ); \
602 Ce1 ^= E##ke1; \
603 A##sa1 ^= Da1; \
604 Bku1 = ROL32(A##sa1, 9); \
605 E##ki1 = Bki1 ^((~Bko1)& Bku1 ); \
606 Ci1 ^= E##ki1; \
607 E##ko1 = Bko1 ^((~Bku1)& Bka1 ); \
608 Co1 ^= E##ko1; \
609 E##ku1 = Bku1 ^((~Bka1)& Bke1 ); \
610 Cu1 ^= E##ku1; \
611\
612 A##bu1 ^= Du1; \
613 Bma0 = ROL32(A##bu1, 14); \
614 A##ga0 ^= Da0; \
615 Bme0 = ROL32(A##ga0, 18); \
616 A##ke0 ^= De0; \
617 Bmi0 = ROL32(A##ke0, 5); \
618 E##ma0 = Bma0 ^((~Bme0)& Bmi0 ); \
619 Ca0 ^= E##ma0; \
620 A##mi1 ^= Di1; \
621 Bmo0 = ROL32(A##mi1, 8); \
622 E##me0 = Bme0 ^((~Bmi0)& Bmo0 ); \
623 Ce0 ^= E##me0; \
624 A##so0 ^= Do0; \
625 Bmu0 = ROL32(A##so0, 28); \
626 E##mi0 = Bmi0 ^((~Bmo0)& Bmu0 ); \
627 Ci0 ^= E##mi0; \
628 E##mo0 = Bmo0 ^((~Bmu0)& Bma0 ); \
629 Co0 ^= E##mo0; \
630 E##mu0 = Bmu0 ^((~Bma0)& Bme0 ); \
631 Cu0 ^= E##mu0; \
632\
633 A##bu0 ^= Du0; \
634 Bma1 = ROL32(A##bu0, 13); \
635 A##ga1 ^= Da1; \
636 Bme1 = ROL32(A##ga1, 18); \
637 A##ke1 ^= De1; \
638 Bmi1 = ROL32(A##ke1, 5); \
639 E##ma1 = Bma1 ^((~Bme1)& Bmi1 ); \
640 Ca1 ^= E##ma1; \
641 A##mi0 ^= Di0; \
642 Bmo1 = ROL32(A##mi0, 7); \
643 E##me1 = Bme1 ^((~Bmi1)& Bmo1 ); \
644 Ce1 ^= E##me1; \
645 A##so1 ^= Do1; \
646 Bmu1 = ROL32(A##so1, 28); \
647 E##mi1 = Bmi1 ^((~Bmo1)& Bmu1 ); \
648 Ci1 ^= E##mi1; \
649 E##mo1 = Bmo1 ^((~Bmu1)& Bma1 ); \
650 Co1 ^= E##mo1; \
651 E##mu1 = Bmu1 ^((~Bma1)& Bme1 ); \
652 Cu1 ^= E##mu1; \
653\
654 A##bi0 ^= Di0; \
655 Bsa0 = ROL32(A##bi0, 31); \
656 A##go1 ^= Do1; \
657 Bse0 = ROL32(A##go1, 28); \
658 A##ku1 ^= Du1; \
659 Bsi0 = ROL32(A##ku1, 20); \
660 E##sa0 = Bsa0 ^((~Bse0)& Bsi0 ); \
661 Ca0 ^= E##sa0; \
662 A##ma1 ^= Da1; \
663 Bso0 = ROL32(A##ma1, 21); \
664 E##se0 = Bse0 ^((~Bsi0)& Bso0 ); \
665 Ce0 ^= E##se0; \
666 A##se0 ^= De0; \
667 Bsu0 = ROL32(A##se0, 1); \
668 E##si0 = Bsi0 ^((~Bso0)& Bsu0 ); \
669 Ci0 ^= E##si0; \
670 E##so0 = Bso0 ^((~Bsu0)& Bsa0 ); \
671 Co0 ^= E##so0; \
672 E##su0 = Bsu0 ^((~Bsa0)& Bse0 ); \
673 Cu0 ^= E##su0; \
674\
675 A##bi1 ^= Di1; \
676 Bsa1 = ROL32(A##bi1, 31); \
677 A##go0 ^= Do0; \
678 Bse1 = ROL32(A##go0, 27); \
679 A##ku0 ^= Du0; \
680 Bsi1 = ROL32(A##ku0, 19); \
681 E##sa1 = Bsa1 ^((~Bse1)& Bsi1 ); \
682 Ca1 ^= E##sa1; \
683 A##ma0 ^= Da0; \
684 Bso1 = ROL32(A##ma0, 20); \
685 E##se1 = Bse1 ^((~Bsi1)& Bso1 ); \
686 Ce1 ^= E##se1; \
687 A##se1 ^= De1; \
688 Bsu1 = ROL32(A##se1, 1); \
689 E##si1 = Bsi1 ^((~Bso1)& Bsu1 ); \
690 Ci1 ^= E##si1; \
691 E##so1 = Bso1 ^((~Bsu1)& Bsa1 ); \
692 Co1 ^= E##so1; \
693 E##su1 = Bsu1 ^((~Bsa1)& Bse1 ); \
694 Cu1 ^= E##su1; \
695\
696
697/* --- Code for round */
698/* --- using factor 2 interleaving, 64-bit lanes mapped to 32-bit words */
699#define thetaRhoPiChiIota(i, A, E) \
700 Da0 = Cu0^ROL32(Ce1, 1); \
701 Da1 = Cu1^Ce0; \
702 De0 = Ca0^ROL32(Ci1, 1); \
703 De1 = Ca1^Ci0; \
704 Di0 = Ce0^ROL32(Co1, 1); \
705 Di1 = Ce1^Co0; \
706 Do0 = Ci0^ROL32(Cu1, 1); \
707 Do1 = Ci1^Cu0; \
708 Du0 = Co0^ROL32(Ca1, 1); \
709 Du1 = Co1^Ca0; \
710\
711 A##ba0 ^= Da0; \
712 Bba0 = A##ba0; \
713 A##ge0 ^= De0; \
714 Bbe0 = ROL32(A##ge0, 22); \
715 A##ki1 ^= Di1; \
716 Bbi0 = ROL32(A##ki1, 22); \
717 E##ba0 = Bba0 ^((~Bbe0)& Bbi0 ); \
718 E##ba0 ^= KeccakF1600RoundConstants_int2_0[i]; \
719 A##mo1 ^= Do1; \
720 Bbo0 = ROL32(A##mo1, 11); \
721 E##be0 = Bbe0 ^((~Bbi0)& Bbo0 ); \
722 A##su0 ^= Du0; \
723 Bbu0 = ROL32(A##su0, 7); \
724 E##bi0 = Bbi0 ^((~Bbo0)& Bbu0 ); \
725 E##bo0 = Bbo0 ^((~Bbu0)& Bba0 ); \
726 E##bu0 = Bbu0 ^((~Bba0)& Bbe0 ); \
727\
728 A##ba1 ^= Da1; \
729 Bba1 = A##ba1; \
730 A##ge1 ^= De1; \
731 Bbe1 = ROL32(A##ge1, 22); \
732 A##ki0 ^= Di0; \
733 Bbi1 = ROL32(A##ki0, 21); \
734 E##ba1 = Bba1 ^((~Bbe1)& Bbi1 ); \
735 E##ba1 ^= KeccakF1600RoundConstants_int2_1[i]; \
736 A##mo0 ^= Do0; \
737 Bbo1 = ROL32(A##mo0, 10); \
738 E##be1 = Bbe1 ^((~Bbi1)& Bbo1 ); \
739 A##su1 ^= Du1; \
740 Bbu1 = ROL32(A##su1, 7); \
741 E##bi1 = Bbi1 ^((~Bbo1)& Bbu1 ); \
742 E##bo1 = Bbo1 ^((~Bbu1)& Bba1 ); \
743 E##bu1 = Bbu1 ^((~Bba1)& Bbe1 ); \
744\
745 A##bo0 ^= Do0; \
746 Bga0 = ROL32(A##bo0, 14); \
747 A##gu0 ^= Du0; \
748 Bge0 = ROL32(A##gu0, 10); \
749 A##ka1 ^= Da1; \
750 Bgi0 = ROL32(A##ka1, 2); \
751 E##ga0 = Bga0 ^((~Bge0)& Bgi0 ); \
752 A##me1 ^= De1; \
753 Bgo0 = ROL32(A##me1, 23); \
754 E##ge0 = Bge0 ^((~Bgi0)& Bgo0 ); \
755 A##si1 ^= Di1; \
756 Bgu0 = ROL32(A##si1, 31); \
757 E##gi0 = Bgi0 ^((~Bgo0)& Bgu0 ); \
758 E##go0 = Bgo0 ^((~Bgu0)& Bga0 ); \
759 E##gu0 = Bgu0 ^((~Bga0)& Bge0 ); \
760\
761 A##bo1 ^= Do1; \
762 Bga1 = ROL32(A##bo1, 14); \
763 A##gu1 ^= Du1; \
764 Bge1 = ROL32(A##gu1, 10); \
765 A##ka0 ^= Da0; \
766 Bgi1 = ROL32(A##ka0, 1); \
767 E##ga1 = Bga1 ^((~Bge1)& Bgi1 ); \
768 A##me0 ^= De0; \
769 Bgo1 = ROL32(A##me0, 22); \
770 E##ge1 = Bge1 ^((~Bgi1)& Bgo1 ); \
771 A##si0 ^= Di0; \
772 Bgu1 = ROL32(A##si0, 30); \
773 E##gi1 = Bgi1 ^((~Bgo1)& Bgu1 ); \
774 E##go1 = Bgo1 ^((~Bgu1)& Bga1 ); \
775 E##gu1 = Bgu1 ^((~Bga1)& Bge1 ); \
776\
777 A##be1 ^= De1; \
778 Bka0 = ROL32(A##be1, 1); \
779 A##gi0 ^= Di0; \
780 Bke0 = ROL32(A##gi0, 3); \
781 A##ko1 ^= Do1; \
782 Bki0 = ROL32(A##ko1, 13); \
783 E##ka0 = Bka0 ^((~Bke0)& Bki0 ); \
784 A##mu0 ^= Du0; \
785 Bko0 = ROL32(A##mu0, 4); \
786 E##ke0 = Bke0 ^((~Bki0)& Bko0 ); \
787 A##sa0 ^= Da0; \
788 Bku0 = ROL32(A##sa0, 9); \
789 E##ki0 = Bki0 ^((~Bko0)& Bku0 ); \
790 E##ko0 = Bko0 ^((~Bku0)& Bka0 ); \
791 E##ku0 = Bku0 ^((~Bka0)& Bke0 ); \
792\
793 A##be0 ^= De0; \
794 Bka1 = A##be0; \
795 A##gi1 ^= Di1; \
796 Bke1 = ROL32(A##gi1, 3); \
797 A##ko0 ^= Do0; \
798 Bki1 = ROL32(A##ko0, 12); \
799 E##ka1 = Bka1 ^((~Bke1)& Bki1 ); \
800 A##mu1 ^= Du1; \
801 Bko1 = ROL32(A##mu1, 4); \
802 E##ke1 = Bke1 ^((~Bki1)& Bko1 ); \
803 A##sa1 ^= Da1; \
804 Bku1 = ROL32(A##sa1, 9); \
805 E##ki1 = Bki1 ^((~Bko1)& Bku1 ); \
806 E##ko1 = Bko1 ^((~Bku1)& Bka1 ); \
807 E##ku1 = Bku1 ^((~Bka1)& Bke1 ); \
808\
809 A##bu1 ^= Du1; \
810 Bma0 = ROL32(A##bu1, 14); \
811 A##ga0 ^= Da0; \
812 Bme0 = ROL32(A##ga0, 18); \
813 A##ke0 ^= De0; \
814 Bmi0 = ROL32(A##ke0, 5); \
815 E##ma0 = Bma0 ^((~Bme0)& Bmi0 ); \
816 A##mi1 ^= Di1; \
817 Bmo0 = ROL32(A##mi1, 8); \
818 E##me0 = Bme0 ^((~Bmi0)& Bmo0 ); \
819 A##so0 ^= Do0; \
820 Bmu0 = ROL32(A##so0, 28); \
821 E##mi0 = Bmi0 ^((~Bmo0)& Bmu0 ); \
822 E##mo0 = Bmo0 ^((~Bmu0)& Bma0 ); \
823 E##mu0 = Bmu0 ^((~Bma0)& Bme0 ); \
824\
825 A##bu0 ^= Du0; \
826 Bma1 = ROL32(A##bu0, 13); \
827 A##ga1 ^= Da1; \
828 Bme1 = ROL32(A##ga1, 18); \
829 A##ke1 ^= De1; \
830 Bmi1 = ROL32(A##ke1, 5); \
831 E##ma1 = Bma1 ^((~Bme1)& Bmi1 ); \
832 A##mi0 ^= Di0; \
833 Bmo1 = ROL32(A##mi0, 7); \
834 E##me1 = Bme1 ^((~Bmi1)& Bmo1 ); \
835 A##so1 ^= Do1; \
836 Bmu1 = ROL32(A##so1, 28); \
837 E##mi1 = Bmi1 ^((~Bmo1)& Bmu1 ); \
838 E##mo1 = Bmo1 ^((~Bmu1)& Bma1 ); \
839 E##mu1 = Bmu1 ^((~Bma1)& Bme1 ); \
840\
841 A##bi0 ^= Di0; \
842 Bsa0 = ROL32(A##bi0, 31); \
843 A##go1 ^= Do1; \
844 Bse0 = ROL32(A##go1, 28); \
845 A##ku1 ^= Du1; \
846 Bsi0 = ROL32(A##ku1, 20); \
847 E##sa0 = Bsa0 ^((~Bse0)& Bsi0 ); \
848 A##ma1 ^= Da1; \
849 Bso0 = ROL32(A##ma1, 21); \
850 E##se0 = Bse0 ^((~Bsi0)& Bso0 ); \
851 A##se0 ^= De0; \
852 Bsu0 = ROL32(A##se0, 1); \
853 E##si0 = Bsi0 ^((~Bso0)& Bsu0 ); \
854 E##so0 = Bso0 ^((~Bsu0)& Bsa0 ); \
855 E##su0 = Bsu0 ^((~Bsa0)& Bse0 ); \
856\
857 A##bi1 ^= Di1; \
858 Bsa1 = ROL32(A##bi1, 31); \
859 A##go0 ^= Do0; \
860 Bse1 = ROL32(A##go0, 27); \
861 A##ku0 ^= Du0; \
862 Bsi1 = ROL32(A##ku0, 19); \
863 E##sa1 = Bsa1 ^((~Bse1)& Bsi1 ); \
864 A##ma0 ^= Da0; \
865 Bso1 = ROL32(A##ma0, 20); \
866 E##se1 = Bse1 ^((~Bsi1)& Bso1 ); \
867 A##se1 ^= De1; \
868 Bsu1 = ROL32(A##se1, 1); \
869 E##si1 = Bsi1 ^((~Bso1)& Bsu1 ); \
870 E##so1 = Bso1 ^((~Bsu1)& Bsa1 ); \
871 E##su1 = Bsu1 ^((~Bsa1)& Bse1 ); \
872\
873
874#endif /* UseBebigokimisa */
875
876const UINT32 KeccakF1600RoundConstants_int2_0[24] = {
877 0x00000001UL,
878 0x00000000UL,
879 0x00000000UL,
880 0x00000000UL,
881 0x00000001UL,
882 0x00000001UL,
883 0x00000001UL,
884 0x00000001UL,
885 0x00000000UL,
886 0x00000000UL,
887 0x00000001UL,
888 0x00000000UL,
889 0x00000001UL,
890 0x00000001UL,
891 0x00000001UL,
892 0x00000001UL,
893 0x00000000UL,
894 0x00000000UL,
895 0x00000000UL,
896 0x00000000UL,
897 0x00000001UL,
898 0x00000000UL,
899 0x00000001UL,
900 0x00000000UL };
901
902const UINT32 KeccakF1600RoundConstants_int2_1[24] = {
903 0x00000000UL,
904 0x00000089UL,
905 0x8000008bUL,
906 0x80008080UL,
907 0x0000008bUL,
908 0x00008000UL,
909 0x80008088UL,
910 0x80000082UL,
911 0x0000000bUL,
912 0x0000000aUL,
913 0x00008082UL,
914 0x00008003UL,
915 0x0000808bUL,
916 0x8000000bUL,
917 0x8000008aUL,
918 0x80000081UL,
919 0x80000081UL,
920 0x80000008UL,
921 0x00000083UL,
922 0x80008003UL,
923 0x80008088UL,
924 0x80000088UL,
925 0x00008000UL,
926 0x80008082UL };
927
928#define copyFromStateAndXor1024bits(X, state, input) \
929 X##ba0 = state[ 0]^input[ 0]; \
930 X##ba1 = state[ 1]^input[ 1]; \
931 X##be0 = state[ 2]^input[ 2]; \
932 X##be1 = state[ 3]^input[ 3]; \
933 X##bi0 = state[ 4]^input[ 4]; \
934 X##bi1 = state[ 5]^input[ 5]; \
935 X##bo0 = state[ 6]^input[ 6]; \
936 X##bo1 = state[ 7]^input[ 7]; \
937 X##bu0 = state[ 8]^input[ 8]; \
938 X##bu1 = state[ 9]^input[ 9]; \
939 X##ga0 = state[10]^input[10]; \
940 X##ga1 = state[11]^input[11]; \
941 X##ge0 = state[12]^input[12]; \
942 X##ge1 = state[13]^input[13]; \
943 X##gi0 = state[14]^input[14]; \
944 X##gi1 = state[15]^input[15]; \
945 X##go0 = state[16]^input[16]; \
946 X##go1 = state[17]^input[17]; \
947 X##gu0 = state[18]^input[18]; \
948 X##gu1 = state[19]^input[19]; \
949 X##ka0 = state[20]^input[20]; \
950 X##ka1 = state[21]^input[21]; \
951 X##ke0 = state[22]^input[22]; \
952 X##ke1 = state[23]^input[23]; \
953 X##ki0 = state[24]^input[24]; \
954 X##ki1 = state[25]^input[25]; \
955 X##ko0 = state[26]^input[26]; \
956 X##ko1 = state[27]^input[27]; \
957 X##ku0 = state[28]^input[28]; \
958 X##ku1 = state[29]^input[29]; \
959 X##ma0 = state[30]^input[30]; \
960 X##ma1 = state[31]^input[31]; \
961 X##me0 = state[32]; \
962 X##me1 = state[33]; \
963 X##mi0 = state[34]; \
964 X##mi1 = state[35]; \
965 X##mo0 = state[36]; \
966 X##mo1 = state[37]; \
967 X##mu0 = state[38]; \
968 X##mu1 = state[39]; \
969 X##sa0 = state[40]; \
970 X##sa1 = state[41]; \
971 X##se0 = state[42]; \
972 X##se1 = state[43]; \
973 X##si0 = state[44]; \
974 X##si1 = state[45]; \
975 X##so0 = state[46]; \
976 X##so1 = state[47]; \
977 X##su0 = state[48]; \
978 X##su1 = state[49]; \
979
980#define copyFromStateAndXor1088bits(X, state, input) \
981 X##ba0 = state[ 0]^input[ 0]; \
982 X##ba1 = state[ 1]^input[ 1]; \
983 X##be0 = state[ 2]^input[ 2]; \
984 X##be1 = state[ 3]^input[ 3]; \
985 X##bi0 = state[ 4]^input[ 4]; \
986 X##bi1 = state[ 5]^input[ 5]; \
987 X##bo0 = state[ 6]^input[ 6]; \
988 X##bo1 = state[ 7]^input[ 7]; \
989 X##bu0 = state[ 8]^input[ 8]; \
990 X##bu1 = state[ 9]^input[ 9]; \
991 X##ga0 = state[10]^input[10]; \
992 X##ga1 = state[11]^input[11]; \
993 X##ge0 = state[12]^input[12]; \
994 X##ge1 = state[13]^input[13]; \
995 X##gi0 = state[14]^input[14]; \
996 X##gi1 = state[15]^input[15]; \
997 X##go0 = state[16]^input[16]; \
998 X##go1 = state[17]^input[17]; \
999 X##gu0 = state[18]^input[18]; \
1000 X##gu1 = state[19]^input[19]; \
1001 X##ka0 = state[20]^input[20]; \
1002 X##ka1 = state[21]^input[21]; \
1003 X##ke0 = state[22]^input[22]; \
1004 X##ke1 = state[23]^input[23]; \
1005 X##ki0 = state[24]^input[24]; \
1006 X##ki1 = state[25]^input[25]; \
1007 X##ko0 = state[26]^input[26]; \
1008 X##ko1 = state[27]^input[27]; \
1009 X##ku0 = state[28]^input[28]; \
1010 X##ku1 = state[29]^input[29]; \
1011 X##ma0 = state[30]^input[30]; \
1012 X##ma1 = state[31]^input[31]; \
1013 X##me0 = state[32]^input[32]; \
1014 X##me1 = state[33]^input[33]; \
1015 X##mi0 = state[34]; \
1016 X##mi1 = state[35]; \
1017 X##mo0 = state[36]; \
1018 X##mo1 = state[37]; \
1019 X##mu0 = state[38]; \
1020 X##mu1 = state[39]; \
1021 X##sa0 = state[40]; \
1022 X##sa1 = state[41]; \
1023 X##se0 = state[42]; \
1024 X##se1 = state[43]; \
1025 X##si0 = state[44]; \
1026 X##si1 = state[45]; \
1027 X##so0 = state[46]; \
1028 X##so1 = state[47]; \
1029 X##su0 = state[48]; \
1030 X##su1 = state[49]; \
1031
1032#define copyFromState(X, state) \
1033 X##ba0 = state[ 0]; \
1034 X##ba1 = state[ 1]; \
1035 X##be0 = state[ 2]; \
1036 X##be1 = state[ 3]; \
1037 X##bi0 = state[ 4]; \
1038 X##bi1 = state[ 5]; \
1039 X##bo0 = state[ 6]; \
1040 X##bo1 = state[ 7]; \
1041 X##bu0 = state[ 8]; \
1042 X##bu1 = state[ 9]; \
1043 X##ga0 = state[10]; \
1044 X##ga1 = state[11]; \
1045 X##ge0 = state[12]; \
1046 X##ge1 = state[13]; \
1047 X##gi0 = state[14]; \
1048 X##gi1 = state[15]; \
1049 X##go0 = state[16]; \
1050 X##go1 = state[17]; \
1051 X##gu0 = state[18]; \
1052 X##gu1 = state[19]; \
1053 X##ka0 = state[20]; \
1054 X##ka1 = state[21]; \
1055 X##ke0 = state[22]; \
1056 X##ke1 = state[23]; \
1057 X##ki0 = state[24]; \
1058 X##ki1 = state[25]; \
1059 X##ko0 = state[26]; \
1060 X##ko1 = state[27]; \
1061 X##ku0 = state[28]; \
1062 X##ku1 = state[29]; \
1063 X##ma0 = state[30]; \
1064 X##ma1 = state[31]; \
1065 X##me0 = state[32]; \
1066 X##me1 = state[33]; \
1067 X##mi0 = state[34]; \
1068 X##mi1 = state[35]; \
1069 X##mo0 = state[36]; \
1070 X##mo1 = state[37]; \
1071 X##mu0 = state[38]; \
1072 X##mu1 = state[39]; \
1073 X##sa0 = state[40]; \
1074 X##sa1 = state[41]; \
1075 X##se0 = state[42]; \
1076 X##se1 = state[43]; \
1077 X##si0 = state[44]; \
1078 X##si1 = state[45]; \
1079 X##so0 = state[46]; \
1080 X##so1 = state[47]; \
1081 X##su0 = state[48]; \
1082 X##su1 = state[49]; \
1083
1084#define copyToState(state, X) \
1085 state[ 0] = X##ba0; \
1086 state[ 1] = X##ba1; \
1087 state[ 2] = X##be0; \
1088 state[ 3] = X##be1; \
1089 state[ 4] = X##bi0; \
1090 state[ 5] = X##bi1; \
1091 state[ 6] = X##bo0; \
1092 state[ 7] = X##bo1; \
1093 state[ 8] = X##bu0; \
1094 state[ 9] = X##bu1; \
1095 state[10] = X##ga0; \
1096 state[11] = X##ga1; \
1097 state[12] = X##ge0; \
1098 state[13] = X##ge1; \
1099 state[14] = X##gi0; \
1100 state[15] = X##gi1; \
1101 state[16] = X##go0; \
1102 state[17] = X##go1; \
1103 state[18] = X##gu0; \
1104 state[19] = X##gu1; \
1105 state[20] = X##ka0; \
1106 state[21] = X##ka1; \
1107 state[22] = X##ke0; \
1108 state[23] = X##ke1; \
1109 state[24] = X##ki0; \
1110 state[25] = X##ki1; \
1111 state[26] = X##ko0; \
1112 state[27] = X##ko1; \
1113 state[28] = X##ku0; \
1114 state[29] = X##ku1; \
1115 state[30] = X##ma0; \
1116 state[31] = X##ma1; \
1117 state[32] = X##me0; \
1118 state[33] = X##me1; \
1119 state[34] = X##mi0; \
1120 state[35] = X##mi1; \
1121 state[36] = X##mo0; \
1122 state[37] = X##mo1; \
1123 state[38] = X##mu0; \
1124 state[39] = X##mu1; \
1125 state[40] = X##sa0; \
1126 state[41] = X##sa1; \
1127 state[42] = X##se0; \
1128 state[43] = X##se1; \
1129 state[44] = X##si0; \
1130 state[45] = X##si1; \
1131 state[46] = X##so0; \
1132 state[47] = X##so1; \
1133 state[48] = X##su0; \
1134 state[49] = X##su1; \
1135
1136#define copyStateVariables(X, Y) \
1137 X##ba0 = Y##ba0; \
1138 X##ba1 = Y##ba1; \
1139 X##be0 = Y##be0; \
1140 X##be1 = Y##be1; \
1141 X##bi0 = Y##bi0; \
1142 X##bi1 = Y##bi1; \
1143 X##bo0 = Y##bo0; \
1144 X##bo1 = Y##bo1; \
1145 X##bu0 = Y##bu0; \
1146 X##bu1 = Y##bu1; \
1147 X##ga0 = Y##ga0; \
1148 X##ga1 = Y##ga1; \
1149 X##ge0 = Y##ge0; \
1150 X##ge1 = Y##ge1; \
1151 X##gi0 = Y##gi0; \
1152 X##gi1 = Y##gi1; \
1153 X##go0 = Y##go0; \
1154 X##go1 = Y##go1; \
1155 X##gu0 = Y##gu0; \
1156 X##gu1 = Y##gu1; \
1157 X##ka0 = Y##ka0; \
1158 X##ka1 = Y##ka1; \
1159 X##ke0 = Y##ke0; \
1160 X##ke1 = Y##ke1; \
1161 X##ki0 = Y##ki0; \
1162 X##ki1 = Y##ki1; \
1163 X##ko0 = Y##ko0; \
1164 X##ko1 = Y##ko1; \
1165 X##ku0 = Y##ku0; \
1166 X##ku1 = Y##ku1; \
1167 X##ma0 = Y##ma0; \
1168 X##ma1 = Y##ma1; \
1169 X##me0 = Y##me0; \
1170 X##me1 = Y##me1; \
1171 X##mi0 = Y##mi0; \
1172 X##mi1 = Y##mi1; \
1173 X##mo0 = Y##mo0; \
1174 X##mo1 = Y##mo1; \
1175 X##mu0 = Y##mu0; \
1176 X##mu1 = Y##mu1; \
1177 X##sa0 = Y##sa0; \
1178 X##sa1 = Y##sa1; \
1179 X##se0 = Y##se0; \
1180 X##se1 = Y##se1; \
1181 X##si0 = Y##si0; \
1182 X##si1 = Y##si1; \
1183 X##so0 = Y##so0; \
1184 X##so1 = Y##so1; \
1185 X##su0 = Y##su0; \
1186 X##su1 = Y##su1; \
1187