-
Notifications
You must be signed in to change notification settings - Fork 0
/
round.h
42 lines (38 loc) · 1.19 KB
/
round.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#ifndef ROUND_H_
#define ROUND_H_
#include "ascon.h"
#include "constants.h"
#include "printstate.h"
static inline uint64_t ROR(uint64_t x, int n) {
return x >> n | x << (-n & 63);
}
static inline void ROUND(ascon_state_t* s, uint8_t C) {
ascon_state_t t;
/* addition of round constant */
s->x[2] ^= C;
/* printstate(" round constant", s); */
/* substitution layer */
s->x[0] ^= s->x[4];
s->x[4] ^= s->x[3];
s->x[2] ^= s->x[1];
/* start of keccak s-box */
t.x[0] = s->x[0] ^ (~s->x[1] & s->x[2]);
t.x[1] = s->x[1] ^ (~s->x[2] & s->x[3]);
t.x[2] = s->x[2] ^ (~s->x[3] & s->x[4]);
t.x[3] = s->x[3] ^ (~s->x[4] & s->x[0]);
t.x[4] = s->x[4] ^ (~s->x[0] & s->x[1]);
/* end of keccak s-box */
t.x[1] ^= t.x[0];
t.x[0] ^= t.x[4];
t.x[3] ^= t.x[2];
t.x[2] = ~t.x[2];
/* printstate(" substitution layer", &t); */
/* linear diffusion layer */
s->x[0] = t.x[0] ^ ROR(t.x[0], 19) ^ ROR(t.x[0], 28);
s->x[1] = t.x[1] ^ ROR(t.x[1], 61) ^ ROR(t.x[1], 39);
s->x[2] = t.x[2] ^ ROR(t.x[2], 1) ^ ROR(t.x[2], 6);
s->x[3] = t.x[3] ^ ROR(t.x[3], 10) ^ ROR(t.x[3], 17);
s->x[4] = t.x[4] ^ ROR(t.x[4], 7) ^ ROR(t.x[4], 41);
printstate(" round output", s);
}
#endif /* ROUND_H_ */