-
+ 48A01A5652A1114C59D074CADB86BDEF0AE3F94FC32AF991E415F4FC7984314A7BAA9D5A16BC291654301F2F0FCDBD7843CAF18914BAFC718F058ED02C9CD5E6eucrypt/smg_bit_keccak/smg_bit_keccak.ads(0 . 0)(1 . 239)
290 -- S.MG bit-level implementation of Keccak-f permutations
291 -- (Based on The Keccak Reference, Version 3.0, January 14, 2011, by
292 -- Guido Bertoni, Joan Daemen, Michael Peeters and Gilles Van Assche)
293
294 -- S.MG, 2018
295
296 package SMG_Bit_Keccak is
297 pragma Pure(SMG_Bit_Keccak); --stateless, no side effects -> can cache calls
298
299 --knobs (can change as per keccak design but fixed here for S.MG purposes)--
300 Keccak_L: constant := 6; --gives keccak z dimension of 2^6=64 bits and
301 --therefore keccak function 1600 with current
302 --constants (5*5*2^6)
303
304 --constants: dimensions of keccak state and number of rounds
305 XY_Length: constant := 5;
306 Z_Length: constant := 2 ** Keccak_L;
307 Width: constant := XY_Length * XY_Length * Z_Length;
308 N_Rounds: constant := 12 + 2 * Keccak_L;
309
310 --types
311 type XYCoord is mod XY_Length;
312 type ZCoord is mod Z_Length;
313 type Round_Index is mod N_Rounds;
314
315 type Bit is mod 2;
316 type Bitstream is array( Natural range <> ) of Bit; -- any length; message
317 type Bitword is array( ZCoord ) of Bit; -- a keccak "word" of bits
318
319 type State is array( XYCoord, XYCoord ) of Bitword; -- the full keccak state
320
321 type Round_Constants is array(Round_Index) of Bitword; --magic keccak values
322
323 -- rate can be chosen by caller at each call, between 1 and width of state
324 -- higher rate means sponge "eats" more bits at a time but has fewer bits in
325 -- the "secret" part of the state (i.e. lower capacity)
326 subtype Keccak_Rate is Positive range 1..Width; -- capacity = width - rate
327
328 -- public function, the sponge itself
329 -- Keccak sponge structure using Keccak_Function, Pad and a given bitrate;
330 -- Input - the stream of bits to hash (the message)
331 -- Block_Len - the bitrate to use; this is effectively the block length
332 -- for splitting Input AND squeezing output between scrambles
333 -- Output - a bitstream of desired size for holding output
334 procedure Sponge(Input : in Bitstream;
335 Block_Len : in Keccak_Rate;
336 Output : out Bitstream);
337
338 private
339 -- these are internals of the keccak implementation, not meant to be directly
340 -- accessed/used
341 -- moving one bit forwards in Keccak state
342 procedure Next_Pos( X : in out XYCoord;
343 Y : in out XYCoord;
344 Z : in out ZCoord
345 );
346 -- set coordinates to first bit of Keccak state
347 procedure First_Pos( X : out XYCoord;
348 Y : out XYCoord;
349 Z : out ZCoord
350 );
351
352 -- operations with Bitwords
353 function BWRotate_Left( Input: in Bitword;
354 Count: in Natural)
355 return Bitword;
356
357 -- this will squeeze Block'Length bits out of state S
358 -- NO scramble of state in here!
359 -- NB: make SURE that Block'Length is the correct bitrate for this sponge
360 -- in particular, Block'Length should be a correct bitrate aka LESS than Width
361 procedure SqueezeBlock( Block: out Bitstream; S: in State);
362
363 -- This absorbs into sponge the given block, modifying the state accordingly
364 -- NO scramble of state in here so make sure the whole Block fits in state!
365 -- NB: make SURE that Block'Length is *the correct bitrate* for this sponge
366 -- in particular, Block'Length should be a correct bitrate aka LESS than Width
367 procedure AbsorbBlock( Block: in Bitstream; S: in out State );
368
369 -- Keccak magic bitwords
370 RC : constant Round_Constants :=
371 (
372 -- 16#0000_0000_0000_0001#, round 0
373 (0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
374 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
375 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
376 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,1),
377 -- 16#0000_0000_0000_8082#, round 1
378 (0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
379 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
380 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
381 1,0,0,0, 0,0,0,0, 1,0,0,0, 0,0,1,0),
382 -- 16#8000_0000_0000_808A#, round 2
383 (1,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
384 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
385 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
386 1,0,0,0, 0,0,0,0, 1,0,0,0, 1,0,1,0),
387
388 -- 16#8000_0000_8000_8000#, round 3
389 (1,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
390 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
391 1,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
392 1,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0),
393
394 -- 16#0000_0000_0000_808B#, round 4
395 (0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
396 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
397 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
398 1,0,0,0, 0,0,0,0, 1,0,0,0, 1,0,1,1),
399
400 -- 16#0000_0000_8000_0001#, round 5
401 (0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
402 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
403 1,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
404 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,1),
405
406 -- 16#8000_0000_8000_8081#, round 6
407 (1,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
408 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
409 1,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
410 1,0,0,0, 0,0,0,0, 1,0,0,0, 0,0,0,1),
411
412 -- 16#8000_0000_0000_8009#, round 7
413 (1,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
414 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
415 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
416 1,0,0,0, 0,0,0,0, 0,0,0,0, 1,0,0,1),
417
418 -- 16#0000_0000_0000_008A#, round 8
419 (0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
420 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
421 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
422 0,0,0,0, 0,0,0,0, 1,0,0,0, 1,0,1,0),
423
424 -- 16#0000_0000_0000_0088#, round 9
425 (0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
426 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
427 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
428 0,0,0,0, 0,0,0,0, 1,0,0,0, 1,0,0,0),
429
430 -- 16#0000_0000_8000_8009#, round 10
431 (0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
432 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
433 1,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
434 1,0,0,0, 0,0,0,0, 0,0,0,0, 1,0,0,1),
435
436 -- 16#0000_0000_8000_000A#, round 11
437 (0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
438 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
439 1,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
440 0,0,0,0, 0,0,0,0, 0,0,0,0, 1,0,1,0),
441
442 -- 16#0000_0000_8000_808B#, round 12
443 (0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
444 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
445 1,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
446 1,0,0,0, 0,0,0,0, 1,0,0,0, 1,0,1,1),
447
448 -- 16#8000_0000_0000_008B#, round 13
449 (1,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
450 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
451 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
452 0,0,0,0, 0,0,0,0, 1,0,0,0, 1,0,1,1),
453
454 -- 16#8000_0000_0000_8089#, round 14
455 (1,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
456 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
457 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
458 1,0,0,0, 0,0,0,0, 1,0,0,0, 1,0,0,1),
459
460 -- 16#8000_0000_0000_8003#, round 15
461 (1,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
462 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
463 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
464 1,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,1,1),
465
466 -- 16#8000_0000_0000_8002#, round 16
467 (1,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
468 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
469 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
470 1,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,1,0),
471
472 -- 16#8000_0000_0000_0080#, round 17
473 (1,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
474 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
475 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
476 0,0,0,0, 0,0,0,0, 1,0,0,0, 0,0,0,0),
477
478 -- 16#0000_0000_0000_800A#, round 18
479 (0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
480 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
481 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
482 1,0,0,0, 0,0,0,0, 0,0,0,0, 1,0,1,0),
483
484 -- 16#8000_0000_8000_000A#, round 19
485 (1,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
486 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
487 1,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
488 0,0,0,0, 0,0,0,0, 0,0,0,0, 1,0,1,0),
489
490 -- 16#8000_0000_8000_8081#, round 20
491 (1,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
492 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
493 1,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
494 1,0,0,0, 0,0,0,0, 1,0,0,0, 0,0,0,1),
495
496 -- 16#8000_0000_0000_8080#, round 21
497 (1,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
498 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
499 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
500 1,0,0,0, 0,0,0,0, 1,0,0,0, 0,0,0,0),
501
502 -- 16#0000_0000_8000_0001#, round 22
503 (0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
504 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
505 1,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
506 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,1),
507
508 -- 16#8000_0000_8000_8008#, round 23
509 (1,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
510 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
511 1,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
512 1,0,0,0, 0,0,0,0, 0,0,0,0, 1,0,0,0)
513 );
514
515 -- Keccak transformations of the internal state
516 function Theta ( Input : in State ) return State;
517 function Rho ( Input : in State ) return State;
518 function Pi ( Input : in State ) return State;
519 function Chi ( Input : in State ) return State;
520 function Iota ( Round_Const : in Bitword; Input : in State ) return State;
521
522 -- Keccak function with block width currently 1600 (Width constant above)
523 -- It simply applies *all* keccak transformations in the correct order, using
524 -- the keccak magic numbers (round constants) as per keccak reference
525 function Keccak_Function(Input: in State) return State;
526
527 end SMG_Bit_Keccak;
528