@@ -1,2 +1,4 @@

 *.o

 re

+keccak/*.o

+keccak/*.a

@@ -1,15 +1,21 @@

 CC=gcc

-CFLAGS=-g -Wall -I/usr/include/SDL2

+CFLAGS=-g -Wall -Ideps -I/usr/include/SDL2

 LDFLAGS=-lSDL2 -lSDL2_image

+KECCAKOPTS=-Ikeccak -DKeccakP200_excluded -DKeccakP400_excluded -DKeccakP800_excluded -DKeccakOpt=32

+

 all: re

 recenteditor_data.o: recenteditor_data.c recenteditor_data.h

+	$(CC) $(CFLAGS) $(KECCAKOPTS) -c -o recenteditor_data.o recenteditor_data.c

 recenteditor.o: recenteditor.c recenteditor_data.h

-re: recenteditor.o recenteditor_data.o

-	$(CC) $(LDFLAGS) -o re recenteditor.o recenteditor_data.o

+keccak/keccak.a:

+	sh -c "cd keccak && make keccak.a"

+

+re: recenteditor.o recenteditor_data.o keccak/keccak.a

+	$(CC) $(LDFLAGS) -o re recenteditor.o recenteditor_data.o keccak/keccak.a

 clean:

 	rm -f recenteditor.o recenteditor_data.o re

new file mode 100644

@@ -0,0 +1,82 @@

+/*

+Implementation by the Keccak, Keyak and Ketje Teams, namely, Guido Bertoni,

+Joan Daemen, Michaël Peeters, Gilles Van Assche and Ronny Van Keer, hereby

+denoted as "the implementer".

+

+For more information, feedback or questions, please refer to our websites:

+http://keccak.noekeon.org/

+http://keyak.noekeon.org/

+http://ketje.noekeon.org/

+

+To the extent possible under law, the implementer has waived all copyright

+and related or neighboring rights to the source code in this file.

+http://creativecommons.org/publicdomain/zero/1.0/

+*/

+

+#include <string.h>

+#include "KeccakHash.h"

+

+/* ---------------------------------------------------------------- */

+

+HashReturn Keccak_HashInitialize(Keccak_HashInstance *instance, unsigned int rate, unsigned int capacity, unsigned int hashbitlen, unsigned char delimitedSuffix)

+{

+    HashReturn result;

+

+    if (delimitedSuffix == 0)

+        return FAIL;

+    result = (HashReturn)KeccakWidth1600_SpongeInitialize(&instance->sponge, rate, capacity);

+    if (result != SUCCESS)

+        return result;

+    instance->fixedOutputLength = hashbitlen;

+    instance->delimitedSuffix = delimitedSuffix;

+    return SUCCESS;

+}

+

+/* ---------------------------------------------------------------- */

+

+HashReturn Keccak_HashUpdate(Keccak_HashInstance *instance, const BitSequence *data, DataLength databitlen)

+{

+    if ((databitlen % 8) == 0)

+        return (HashReturn)KeccakWidth1600_SpongeAbsorb(&instance->sponge, data, databitlen/8);

+    else {

+        HashReturn ret = (HashReturn)KeccakWidth1600_SpongeAbsorb(&instance->sponge, data, databitlen/8);

+        if (ret == SUCCESS) {

+            /* The last partial byte is assumed to be aligned on the least significant bits */

+

+            unsigned char lastByte = data[databitlen/8];

+            /* Concatenate the last few bits provided here with those of the suffix */

+

+            unsigned short delimitedLastBytes = (unsigned short)((unsigned short)lastByte | ((unsigned short)instance->delimitedSuffix << (databitlen % 8)));

+            if ((delimitedLastBytes & 0xFF00) == 0x0000) {

+                instance->delimitedSuffix = delimitedLastBytes & 0xFF;

+            }

+            else {

+                unsigned char oneByte[1];

+                oneByte[0] = delimitedLastBytes & 0xFF;

+                ret = (HashReturn)KeccakWidth1600_SpongeAbsorb(&instance->sponge, oneByte, 1);

+                instance->delimitedSuffix = (delimitedLastBytes >> 8) & 0xFF;

+            }

+        }

+        return ret;

+    }

+}

+

+/* ---------------------------------------------------------------- */

+

+HashReturn Keccak_HashFinal(Keccak_HashInstance *instance, BitSequence *hashval)

+{

+    HashReturn ret = (HashReturn)KeccakWidth1600_SpongeAbsorbLastFewBits(&instance->sponge, instance->delimitedSuffix);

+    if (ret == SUCCESS)

+        return (HashReturn)KeccakWidth1600_SpongeSqueeze(&instance->sponge, hashval, instance->fixedOutputLength/8);

+    else

+        return ret;

+}

+

+/* ---------------------------------------------------------------- */

+

+HashReturn Keccak_HashSqueeze(Keccak_HashInstance *instance, BitSequence *data, DataLength databitlen)

+{

+    if ((databitlen % 8) != 0)

+        return FAIL;

+    return (HashReturn)KeccakWidth1600_SpongeSqueeze(&instance->sponge, data, databitlen/8);

+}

new file mode 100644

@@ -0,0 +1,114 @@

+/*

+Implementation by the Keccak, Keyak and Ketje Teams, namely, Guido Bertoni,

+Joan Daemen, Michaël Peeters, Gilles Van Assche and Ronny Van Keer, hereby

+denoted as "the implementer".

+

+For more information, feedback or questions, please refer to our websites:

+http://keccak.noekeon.org/

+http://keyak.noekeon.org/

+http://ketje.noekeon.org/

+

+To the extent possible under law, the implementer has waived all copyright

+and related or neighboring rights to the source code in this file.

+http://creativecommons.org/publicdomain/zero/1.0/

+*/

+

+#ifndef _KeccakHashInterface_h_

+#define _KeccakHashInterface_h_

+

+#ifndef KeccakP1600_excluded

+

+#include "KeccakSponge.h"

+#include <string.h>

+

+typedef unsigned char BitSequence;

+typedef size_t DataLength;

+typedef enum { SUCCESS = 0, FAIL = 1, BAD_HASHLEN = 2 } HashReturn;

+

+typedef struct {

+    KeccakWidth1600_SpongeInstance sponge;

+    unsigned int fixedOutputLength;

+    unsigned char delimitedSuffix;

+} Keccak_HashInstance;

+

+/**

+  * Function to initialize the Keccak[r, c] sponge function instance used in sequential hashing mode.

+  * @param  hashInstance    Pointer to the hash instance to be initialized.

+  * @param  rate        The value of the rate r.

+  * @param  capacity    The value of the capacity c.

+  * @param  hashbitlen  The desired number of output bits,

+  *                     or 0 for an arbitrarily-long output.

+  * @param  delimitedSuffix Bits that will be automatically appended to the end

+  *                         of the input message, as in domain separation.

+  *                         This is a byte containing from 0 to 7 bits

+  *                         formatted like the @a delimitedData parameter of

+  *                         the Keccak_SpongeAbsorbLastFewBits() function.

+  * @pre    One must have r+c=1600 and the rate a multiple of 8 bits in this implementation.

+  * @return SUCCESS if successful, FAIL otherwise.

+  */

+HashReturn Keccak_HashInitialize(Keccak_HashInstance *hashInstance, unsigned int rate, unsigned int capacity, unsigned int hashbitlen, unsigned char delimitedSuffix);

+

+/** Macro to initialize a SHAKE128 instance as specified in the FIPS 202 standard.

+  */

+#define Keccak_HashInitialize_SHAKE128(hashInstance)        Keccak_HashInitialize(hashInstance, 1344,  256,   0, 0x1F)

+

+/** Macro to initialize a SHAKE256 instance as specified in the FIPS 202 standard.

+  */

+#define Keccak_HashInitialize_SHAKE256(hashInstance)        Keccak_HashInitialize(hashInstance, 1088,  512,   0, 0x1F)

+

+/** Macro to initialize a SHA3-224 instance as specified in the FIPS 202 standard.

+  */

+#define Keccak_HashInitialize_SHA3_224(hashInstance)        Keccak_HashInitialize(hashInstance, 1152,  448, 224, 0x06)

+

+/** Macro to initialize a SHA3-256 instance as specified in the FIPS 202 standard.

+  */

+#define Keccak_HashInitialize_SHA3_256(hashInstance)        Keccak_HashInitialize(hashInstance, 1088,  512, 256, 0x06)

+

+/** Macro to initialize a SHA3-384 instance as specified in the FIPS 202 standard.

+  */

+#define Keccak_HashInitialize_SHA3_384(hashInstance)        Keccak_HashInitialize(hashInstance,  832,  768, 384, 0x06)

+

+/** Macro to initialize a SHA3-512 instance as specified in the FIPS 202 standard.

+  */

+#define Keccak_HashInitialize_SHA3_512(hashInstance)        Keccak_HashInitialize(hashInstance,  576, 1024, 512, 0x06)

+

+/**

+  * Function to give input data to be absorbed.

+  * @param  hashInstance    Pointer to the hash instance initialized by Keccak_HashInitialize().

+  * @param  data        Pointer to the input data.

+  *                     When @a databitLen is not a multiple of 8, the last bits of data must be

+  *                     in the least significant bits of the last byte (little-endian convention).

+  * @param  databitLen  The number of input bits provided in the input data.

+  * @pre    In the previous call to Keccak_HashUpdate(), databitlen was a multiple of 8.

+  * @return SUCCESS if successful, FAIL otherwise.

+  */

+HashReturn Keccak_HashUpdate(Keccak_HashInstance *hashInstance, const BitSequence *data, DataLength databitlen);

+

+/**

+  * Function to call after all input blocks have been input and to get

+  * output bits if the length was specified when calling Keccak_HashInitialize().

+  * @param  hashInstance    Pointer to the hash instance initialized by Keccak_HashInitialize().

+  * If @a hashbitlen was not 0 in the call to Keccak_HashInitialize(), the number of

+  *     output bits is equal to @a hashbitlen.

+  * If @a hashbitlen was 0 in the call to Keccak_HashInitialize(), the output bits

+  *     must be extracted using the Keccak_HashSqueeze() function.

+  * @param  state       Pointer to the state of the sponge function initialized by Init().

+  * @param  hashval     Pointer to the buffer where to store the output data.

+  * @return SUCCESS if successful, FAIL otherwise.

+  */

+HashReturn Keccak_HashFinal(Keccak_HashInstance *hashInstance, BitSequence *hashval);

+

+ /**

+  * Function to squeeze output data.

+  * @param  hashInstance    Pointer to the hash instance initialized by Keccak_HashInitialize().

+  * @param  data        Pointer to the buffer where to store the output data.

+  * @param  databitlen  The number of output bits desired (must be a multiple of 8).

+  * @pre    Keccak_HashFinal() must have been already called.

+  * @pre    @a databitlen is a multiple of 8.

+  * @return SUCCESS if successful, FAIL otherwise.

+  */

+HashReturn Keccak_HashSqueeze(Keccak_HashInstance *hashInstance, BitSequence *data, DataLength databitlen);

+

+#endif

+

+#endif

new file mode 100644

@@ -0,0 +1,37 @@

+/*

+Implementation by the Keccak, Keyak and Ketje Teams, namely, Guido Bertoni,

+Joan Daemen, Michaël Peeters, Gilles Van Assche and Ronny Van Keer, hereby

+denoted as "the implementer".

+

+For more information, feedback or questions, please refer to our websites:

+http://keccak.noekeon.org/

+http://keyak.noekeon.org/

+http://ketje.noekeon.org/

+

+To the extent possible under law, the implementer has waived all copyright

+and related or neighboring rights to the source code in this file.

+http://creativecommons.org/publicdomain/zero/1.0/

+*/

+

+#ifndef _KeccakP_1600_SnP_h_

+#define _KeccakP_1600_SnP_h_

+

+/** For the documentation, see SnP-documentation.h.

+ */

+

+#define KeccakP1600_implementation      "in-place 32-bit optimized implementation"

+#define KeccakP1600_stateSizeInBytes    200

+#define KeccakP1600_stateAlignment      8

+

+#define KeccakP1600_StaticInitialize()

+void KeccakP1600_Initialize(void *state);

+void KeccakP1600_AddByte(void *state, unsigned char data, unsigned int offset);

+void KeccakP1600_AddBytes(void *state, const unsigned char *data, unsigned int offset, unsigned int length);

+void KeccakP1600_OverwriteBytes(void *state, const unsigned char *data, unsigned int offset, unsigned int length);

+void KeccakP1600_OverwriteWithZeroes(void *state, unsigned int byteCount);

+void KeccakP1600_Permute_12rounds(void *state);

+void KeccakP1600_Permute_24rounds(void *state);

+void KeccakP1600_ExtractBytes(const void *state, unsigned char *data, unsigned int offset, unsigned int length);

+void KeccakP1600_ExtractAndAddBytes(const void *state, const unsigned char *input, unsigned char *output, unsigned int offset, unsigned int length);

+

+#endif

new file mode 100644

@@ -0,0 +1,49 @@

+/*

+Implementation by the Keccak, Keyak and Ketje Teams, namely, Guido Bertoni,

+Joan Daemen, Michaël Peeters, Gilles Van Assche and Ronny Van Keer, hereby

+denoted as "the implementer".

+

+For more information, feedback or questions, please refer to our websites:

+http://keccak.noekeon.org/

+http://keyak.noekeon.org/

+http://ketje.noekeon.org/

+

+To the extent possible under law, the implementer has waived all copyright

+and related or neighboring rights to the source code in this file.

+http://creativecommons.org/publicdomain/zero/1.0/

+*/

+

+#ifndef _KeccakP_1600_SnP_h_

+#define _KeccakP_1600_SnP_h_

+

+/** For the documentation, see SnP-documentation.h.

+ */

+

+/* #include "brg_endian.h" */

+#include "KeccakP-1600-opt64-config.h"

+

+#define KeccakP1600_implementation      "generic 64-bit optimized implementation (" KeccakP1600_implementation_config ")"

+#define KeccakP1600_stateSizeInBytes    200

+#define KeccakP1600_stateAlignment      8

+#define KeccakF1600_FastLoop_supported

+

+#include <stddef.h>

+

+#define KeccakP1600_StaticInitialize()

+void KeccakP1600_Initialize(void *state);

+#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN)

+#define KeccakP1600_AddByte(state, byte, offset) \

+    ((unsigned char*)(state))[(offset)] ^= (byte)

+#else

+void KeccakP1600_AddByte(void *state, unsigned char data, unsigned int offset);

+#endif

+void KeccakP1600_AddBytes(void *state, const unsigned char *data, unsigned int offset, unsigned int length);

+void KeccakP1600_OverwriteBytes(void *state, const unsigned char *data, unsigned int offset, unsigned int length);

+void KeccakP1600_OverwriteWithZeroes(void *state, unsigned int byteCount);

+void KeccakP1600_Permute_12rounds(void *state);

+void KeccakP1600_Permute_24rounds(void *state);

+void KeccakP1600_ExtractBytes(const void *state, unsigned char *data, unsigned int offset, unsigned int length);

+void KeccakP1600_ExtractAndAddBytes(const void *state, const unsigned char *input, unsigned char *output, unsigned int offset, unsigned int length);

+size_t KeccakF1600_FastLoop_Absorb(void *state, unsigned int laneCount, const unsigned char *data, size_t dataByteLen);

+

+#endif

new file mode 100644

@@ -0,0 +1,7 @@

+#if KeccakOpt == 64

+  #include "KeccakP-1600-SnP-opt64.h"

+#elif KeccakOpt == 32

+  #include "KeccakP-1600-SnP-opt32.h"

+#else

+  #error "No KeccakOpt"

+#endif

new file mode 100644

@@ -0,0 +1,1162 @@

+/*

+Implementation by the Keccak, Keyak and Ketje Teams, namely, Guido Bertoni,

+Joan Daemen, Michaël Peeters, Gilles Van Assche and Ronny Van Keer, hereby

+denoted as "the implementer".

+

+For more information, feedback or questions, please refer to our websites:

+http://keccak.noekeon.org/

+http://keyak.noekeon.org/

+http://ketje.noekeon.org/

+

+To the extent possible under law, the implementer has waived all copyright

+and related or neighboring rights to the source code in this file.

+http://creativecommons.org/publicdomain/zero/1.0/

+*/

+

+#include    <string.h>

+/* #include "brg_endian.h" */

+#include "KeccakP-1600-SnP.h"

+#include "SnP-Relaned.h"

+

+typedef unsigned char UINT8;

+typedef unsigned int UINT32;

+/* WARNING: on 8-bit and 16-bit platforms, this should be replaced by: */

+

+/*typedef unsigned long       UINT32; */

+

+

+#define ROL32(a, offset) ((((UINT32)a) << (offset)) ^ (((UINT32)a) >> (32-(offset))))

+

+/* Credit to Henry S. Warren, Hacker's Delight, Addison-Wesley, 2002 */

+

+#define prepareToBitInterleaving(low, high, temp, temp0, temp1) \

+        temp0 = (low); \

+        temp = (temp0 ^ (temp0 >>  1)) & 0x22222222UL;  temp0 = temp0 ^ temp ^ (temp <<  1); \

+        temp = (temp0 ^ (temp0 >>  2)) & 0x0C0C0C0CUL;  temp0 = temp0 ^ temp ^ (temp <<  2); \

+        temp = (temp0 ^ (temp0 >>  4)) & 0x00F000F0UL;  temp0 = temp0 ^ temp ^ (temp <<  4); \

+        temp = (temp0 ^ (temp0 >>  8)) & 0x0000FF00UL;  temp0 = temp0 ^ temp ^ (temp <<  8); \

+        temp1 = (high); \

+        temp = (temp1 ^ (temp1 >>  1)) & 0x22222222UL;  temp1 = temp1 ^ temp ^ (temp <<  1); \

+        temp = (temp1 ^ (temp1 >>  2)) & 0x0C0C0C0CUL;  temp1 = temp1 ^ temp ^ (temp <<  2); \

+        temp = (temp1 ^ (temp1 >>  4)) & 0x00F000F0UL;  temp1 = temp1 ^ temp ^ (temp <<  4); \

+        temp = (temp1 ^ (temp1 >>  8)) & 0x0000FF00UL;  temp1 = temp1 ^ temp ^ (temp <<  8);

+

+#define toBitInterleavingAndXOR(low, high, even, odd, temp, temp0, temp1) \

+        prepareToBitInterleaving(low, high, temp, temp0, temp1) \

+        even ^= (temp0 & 0x0000FFFF) | (temp1 << 16); \

+        odd ^= (temp0 >> 16) | (temp1 & 0xFFFF0000);

+

+#define toBitInterleavingAndAND(low, high, even, odd, temp, temp0, temp1) \

+        prepareToBitInterleaving(low, high, temp, temp0, temp1) \

+        even &= (temp0 & 0x0000FFFF) | (temp1 << 16); \

+        odd &= (temp0 >> 16) | (temp1 & 0xFFFF0000);

+

+#define toBitInterleavingAndSet(low, high, even, odd, temp, temp0, temp1) \

+        prepareToBitInterleaving(low, high, temp, temp0, temp1) \

+        even = (temp0 & 0x0000FFFF) | (temp1 << 16); \

+        odd = (temp0 >> 16) | (temp1 & 0xFFFF0000);

+

+/* Credit to Henry S. Warren, Hacker's Delight, Addison-Wesley, 2002 */

+

+#define prepareFromBitInterleaving(even, odd, temp, temp0, temp1) \

+        temp0 = (even); \

+        temp1 = (odd); \

+        temp = (temp0 & 0x0000FFFF) | (temp1 << 16); \

+        temp1 = (temp0 >> 16) | (temp1 & 0xFFFF0000); \

+        temp0 = temp; \

+        temp = (temp0 ^ (temp0 >>  8)) & 0x0000FF00UL;  temp0 = temp0 ^ temp ^ (temp <<  8); \

+        temp = (temp0 ^ (temp0 >>  4)) & 0x00F000F0UL;  temp0 = temp0 ^ temp ^ (temp <<  4); \

+        temp = (temp0 ^ (temp0 >>  2)) & 0x0C0C0C0CUL;  temp0 = temp0 ^ temp ^ (temp <<  2); \

+        temp = (temp0 ^ (temp0 >>  1)) & 0x22222222UL;  temp0 = temp0 ^ temp ^ (temp <<  1); \

+        temp = (temp1 ^ (temp1 >>  8)) & 0x0000FF00UL;  temp1 = temp1 ^ temp ^ (temp <<  8); \

+        temp = (temp1 ^ (temp1 >>  4)) & 0x00F000F0UL;  temp1 = temp1 ^ temp ^ (temp <<  4); \

+        temp = (temp1 ^ (temp1 >>  2)) & 0x0C0C0C0CUL;  temp1 = temp1 ^ temp ^ (temp <<  2); \

+        temp = (temp1 ^ (temp1 >>  1)) & 0x22222222UL;  temp1 = temp1 ^ temp ^ (temp <<  1);

+

+#define fromBitInterleaving(even, odd, low, high, temp, temp0, temp1) \

+        prepareFromBitInterleaving(even, odd, temp, temp0, temp1) \

+        low = temp0; \

+        high = temp1;

+

+#define fromBitInterleavingAndXOR(even, odd, lowIn, highIn, lowOut, highOut, temp, temp0, temp1) \

+        prepareFromBitInterleaving(even, odd, temp, temp0, temp1) \

+        lowOut = lowIn ^ temp0; \

+        highOut = highIn ^ temp1;

+

+void KeccakP1600_SetBytesInLaneToZero(void *state, unsigned int lanePosition, unsigned int offset, unsigned int length)

+{

+    UINT8 laneAsBytes[8];

+    UINT32 low, high;

+    UINT32 temp, temp0, temp1;

+    UINT32 *stateAsHalfLanes = (UINT32*)state;

+

+    memset(laneAsBytes, 0xFF, offset);

+    memset(laneAsBytes+offset, 0x00, length);

+    memset(laneAsBytes+offset+length, 0xFF, 8-offset-length);

+#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN)

+    low = *((UINT32*)(laneAsBytes+0));

+    high = *((UINT32*)(laneAsBytes+4));

+#else

+    low = laneAsBytes[0]

+        | ((UINT32)(laneAsBytes[1]) << 8)

+        | ((UINT32)(laneAsBytes[2]) << 16)

+        | ((UINT32)(laneAsBytes[3]) << 24);

+    high = laneAsBytes[4]

+        | ((UINT32)(laneAsBytes[5]) << 8)

+        | ((UINT32)(laneAsBytes[6]) << 16)

+        | ((UINT32)(laneAsBytes[7]) << 24);

+#endif

+    toBitInterleavingAndAND(low, high, stateAsHalfLanes[lanePosition*2+0], stateAsHalfLanes[lanePosition*2+1], temp, temp0, temp1);

+}

+

+/* ---------------------------------------------------------------- */

+

+void KeccakP1600_Initialize(void *state)

+{

+    memset(state, 0, 200);

+}

+

+/* ---------------------------------------------------------------- */

+

+void KeccakP1600_AddByte(void *state, unsigned char byte, unsigned int offset)

+{

+    unsigned int lanePosition = offset/8;

+    unsigned int offsetInLane = offset%8;

+    UINT32 low, high;

+    UINT32 temp, temp0, temp1;

+    UINT32 *stateAsHalfLanes = (UINT32*)state;

+

+    if (offsetInLane < 4) {

+        low = (UINT32)byte << (offsetInLane*8);

+        high = 0;

+    }

+    else {

+        low = 0;

+        high = (UINT32)byte << ((offsetInLane-4)*8);

+    }

+    toBitInterleavingAndXOR(low, high, stateAsHalfLanes[lanePosition*2+0], stateAsHalfLanes[lanePosition*2+1], temp, temp0, temp1);

+}

+

+/* ---------------------------------------------------------------- */

+

+void KeccakP1600_AddBytesInLane(void *state, unsigned int lanePosition, const unsigned char *data, unsigned int offset, unsigned int length)

+{

+    UINT8 laneAsBytes[8];

+    UINT32 low, high;

+    UINT32 temp, temp0, temp1;

+    UINT32 *stateAsHalfLanes = (UINT32*)state;

+

+    memset(laneAsBytes, 0, 8);

+    memcpy(laneAsBytes+offset, data, length);

+#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN)

+    low = *((UINT32*)(laneAsBytes+0));

+    high = *((UINT32*)(laneAsBytes+4));

+#else

+    low = laneAsBytes[0]

+        | ((UINT32)(laneAsBytes[1]) << 8)

+        | ((UINT32)(laneAsBytes[2]) << 16)

+        | ((UINT32)(laneAsBytes[3]) << 24);

+    high = laneAsBytes[4]

+        | ((UINT32)(laneAsBytes[5]) << 8)

+        | ((UINT32)(laneAsBytes[6]) << 16)

+        | ((UINT32)(laneAsBytes[7]) << 24);

+#endif

+    toBitInterleavingAndXOR(low, high, stateAsHalfLanes[lanePosition*2+0], stateAsHalfLanes[lanePosition*2+1], temp, temp0, temp1);

+}

+

+/* ---------------------------------------------------------------- */

+

+void KeccakP1600_AddLanes(void *state, const unsigned char *data, unsigned int laneCount)

+{

+#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN)

+    const UINT32 * pI = (const UINT32 *)data;

+    UINT32 * pS = (UINT32*)state;

+    UINT32 t, x0, x1;

+    int i;

+    for (i = laneCount-1; i >= 0; --i) {

+#ifdef NO_MISALIGNED_ACCESSES

+        UINT32 low;

+        UINT32 high;

+        memcpy(&low, pI++, 4);

+        memcpy(&high, pI++, 4);

+        toBitInterleavingAndXOR(low, high, *(pS++), *(pS++), t, x0, x1);

+#else

+        toBitInterleavingAndXOR(*(pI++), *(pI++), *(pS++), *(pS++), t, x0, x1)

+#endif

+    }

+#else

+    unsigned int lanePosition;

+    for(lanePosition=0; lanePosition<laneCount; lanePosition++) {

+        UINT8 laneAsBytes[8];

+        UINT32 low, high, temp, temp0, temp1;

+        UINT32 *stateAsHalfLanes;

+        memcpy(laneAsBytes, data+lanePosition*8, 8);

+        low = laneAsBytes[0]

+            | ((UINT32)(laneAsBytes[1]) << 8)

+            | ((UINT32)(laneAsBytes[2]) << 16)

+            | ((UINT32)(laneAsBytes[3]) << 24);

+        high = laneAsBytes[4]

+            | ((UINT32)(laneAsBytes[5]) << 8)

+            | ((UINT32)(laneAsBytes[6]) << 16)

+            | ((UINT32)(laneAsBytes[7]) << 24);

+        stateAsHalfLanes = (UINT32*)state;

+        toBitInterleavingAndXOR(low, high, stateAsHalfLanes[lanePosition*2+0], stateAsHalfLanes[lanePosition*2+1], temp, temp0, temp1);

+    }

+#endif

+}

+

+/* ---------------------------------------------------------------- */

+

+void KeccakP1600_AddBytes(void *state, const unsigned char *data, unsigned int offset, unsigned int length)

+{

+    SnP_AddBytes(state, data, offset, length, KeccakP1600_AddLanes, KeccakP1600_AddBytesInLane, 8);

+}

+

+/* ---------------------------------------------------------------- */

+

+void KeccakP1600_OverwriteBytesInLane(void *state, unsigned int lanePosition, const unsigned char *data, unsigned int offset, unsigned int length)

+{

+    KeccakP1600_SetBytesInLaneToZero(state, lanePosition, offset, length);

+    KeccakP1600_AddBytesInLane(state, lanePosition, data, offset, length);

+}

+

+/* ---------------------------------------------------------------- */

+

+void KeccakP1600_OverwriteLanes(void *state, const unsigned char *data, unsigned int laneCount)

+{

+#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN)

+    const UINT32 * pI = (const UINT32 *)data;

+    UINT32 * pS = (UINT32 *)state;

+    UINT32 t, x0, x1;

+    int i;

+    for (i = laneCount-1; i >= 0; --i) {

+#ifdef NO_MISALIGNED_ACCESSES

+        UINT32 low;

+        UINT32 high;

+        memcpy(&low, pI++, 4);

+        memcpy(&high, pI++, 4);

+        toBitInterleavingAndSet(low, high, *(pS++), *(pS++), t, x0, x1);

+#else

+        toBitInterleavingAndSet(*(pI++), *(pI++), *(pS++), *(pS++), t, x0, x1)

+#endif

+    }

+#else

+    unsigned int lanePosition;

+    for(lanePosition=0; lanePosition<laneCount; lanePosition++) {

+        UINT8 laneAsBytes[8];

+        UINT32 low, high, temp, temp0, temp1;

+        UINT32 *stateAsHalfLanes;

+        memcpy(laneAsBytes, data+lanePosition*8, 8);

+        low = laneAsBytes[0]

+            | ((UINT32)(laneAsBytes[1]) << 8)

+            | ((UINT32)(laneAsBytes[2]) << 16)

+            | ((UINT32)(laneAsBytes[3]) << 24);

+        high = laneAsBytes[4]

+            | ((UINT32)(laneAsBytes[5]) << 8)

+            | ((UINT32)(laneAsBytes[6]) << 16)

+            | ((UINT32)(laneAsBytes[7]) << 24);

+        stateAsHalfLanes = (UINT32*)state;

+        toBitInterleavingAndSet(low, high, stateAsHalfLanes[lanePosition*2+0], stateAsHalfLanes[lanePosition*2+1], temp, temp0, temp1);

+    }

+#endif

+}

+

+/* ---------------------------------------------------------------- */

+

+void KeccakP1600_OverwriteBytes(void *state, const unsigned char *data, unsigned int offset, unsigned int length)

+{

+    SnP_OverwriteBytes(state, data, offset, length, KeccakP1600_OverwriteLanes, KeccakP1600_OverwriteBytesInLane, 8);

+}

+

+/* ---------------------------------------------------------------- */

+

+void KeccakP1600_OverwriteWithZeroes(void *state, unsigned int byteCount)

+{

+    UINT32 *stateAsHalfLanes = (UINT32*)state;

+    unsigned int i;

+

+    for(i=0; i<byteCount/8; i++) {

+        stateAsHalfLanes[i*2+0] = 0;

+        stateAsHalfLanes[i*2+1] = 0;

+    }

+    if (byteCount%8 != 0)

+        KeccakP1600_SetBytesInLaneToZero(state, byteCount/8, 0, byteCount%8);

+}

+

+/* ---------------------------------------------------------------- */

+

+void KeccakP1600_ExtractBytesInLane(const void *state, unsigned int lanePosition, unsigned char *data, unsigned int offset, unsigned int length)

+{

+    UINT32 *stateAsHalfLanes = (UINT32*)state;

+    UINT32 low, high, temp, temp0, temp1;

+    UINT8 laneAsBytes[8];

+

+    fromBitInterleaving(stateAsHalfLanes[lanePosition*2], stateAsHalfLanes[lanePosition*2+1], low, high, temp, temp0, temp1);

+#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN)

+    *((UINT32*)(laneAsBytes+0)) = low;

+    *((UINT32*)(laneAsBytes+4)) = high;

+#else

+    laneAsBytes[0] = low & 0xFF;

+    laneAsBytes[1] = (low >> 8) & 0xFF;

+    laneAsBytes[2] = (low >> 16) & 0xFF;

+    laneAsBytes[3] = (low >> 24) & 0xFF;

+    laneAsBytes[4] = high & 0xFF;

+    laneAsBytes[5] = (high >> 8) & 0xFF;

+    laneAsBytes[6] = (high >> 16) & 0xFF;

+    laneAsBytes[7] = (high >> 24) & 0xFF;

+#endif

+    memcpy(data, laneAsBytes+offset, length);

+}

+

+/* ---------------------------------------------------------------- */

+

+void KeccakP1600_ExtractLanes(const void *state, unsigned char *data, unsigned int laneCount)

+{

+#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN)

+    UINT32 * pI = (UINT32 *)data;

+    const UINT32 * pS = ( const UINT32 *)state;

+    UINT32 t, x0, x1;

+    int i;

+    for (i = laneCount-1; i >= 0; --i) {

+#ifdef NO_MISALIGNED_ACCESSES

+        UINT32 low;

+        UINT32 high;

+        fromBitInterleaving(*(pS++), *(pS++), low, high, t, x0, x1);

+        memcpy(pI++, &low, 4);

+        memcpy(pI++, &high, 4);

+#else

+        fromBitInterleaving(*(pS++), *(pS++), *(pI++), *(pI++), t, x0, x1)

+#endif

+    }

+#else

+    unsigned int lanePosition;

+    for(lanePosition=0; lanePosition<laneCount; lanePosition++) {

+        UINT32 *stateAsHalfLanes = (UINT32*)state;

+        UINT32 low, high, temp, temp0, temp1;

+        UINT8 laneAsBytes[8];

+        fromBitInterleaving(stateAsHalfLanes[lanePosition*2], stateAsHalfLanes[lanePosition*2+1], low, high, temp, temp0, temp1);

+        laneAsBytes[0] = low & 0xFF;

+        laneAsBytes[1] = (low >> 8) & 0xFF;

+        laneAsBytes[2] = (low >> 16) & 0xFF;

+        laneAsBytes[3] = (low >> 24) & 0xFF;

+        laneAsBytes[4] = high & 0xFF;

+        laneAsBytes[5] = (high >> 8) & 0xFF;

+        laneAsBytes[6] = (high >> 16) & 0xFF;

+        laneAsBytes[7] = (high >> 24) & 0xFF;

+        memcpy(data+lanePosition*8, laneAsBytes, 8);

+    }

+#endif

+}

+

+/* ---------------------------------------------------------------- */

+

+void KeccakP1600_ExtractBytes(const void *state, unsigned char *data, unsigned int offset, unsigned int length)

+{

+    SnP_ExtractBytes(state, data, offset, length, KeccakP1600_ExtractLanes, KeccakP1600_ExtractBytesInLane, 8);

+}

+

+/* ---------------------------------------------------------------- */

+

+void KeccakP1600_ExtractAndAddBytesInLane(const void *state, unsigned int lanePosition, const unsigned char *input, unsigned char *output, unsigned int offset, unsigned int length)

+{

+    UINT32 *stateAsHalfLanes = (UINT32*)state;

+    UINT32 low, high, temp, temp0, temp1;

+    UINT8 laneAsBytes[8];

+    unsigned int i;

+

+    fromBitInterleaving(stateAsHalfLanes[lanePosition*2], stateAsHalfLanes[lanePosition*2+1], low, high, temp, temp0, temp1);

+#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN)

+    *((UINT32*)(laneAsBytes+0)) = low;

+    *((UINT32*)(laneAsBytes+4)) = high;

+#else

+    laneAsBytes[0] = low & 0xFF;

+    laneAsBytes[1] = (low >> 8) & 0xFF;

+    laneAsBytes[2] = (low >> 16) & 0xFF;

+    laneAsBytes[3] = (low >> 24) & 0xFF;

+    laneAsBytes[4] = high & 0xFF;

+    laneAsBytes[5] = (high >> 8) & 0xFF;

+    laneAsBytes[6] = (high >> 16) & 0xFF;

+    laneAsBytes[7] = (high >> 24) & 0xFF;

+#endif

+    for(i=0; i<length; i++)

+        output[i] = input[i] ^ laneAsBytes[offset+i];

+}

+

+/* ---------------------------------------------------------------- */

+

+void KeccakP1600_ExtractAndAddLanes(const void *state, const unsigned char *input, unsigned char *output, unsigned int laneCount)

+{

+#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN)

+    const UINT32 * pI = (const UINT32 *)input;

+    UINT32 * pO = (UINT32 *)output;

+    const UINT32 * pS = (const UINT32 *)state;

+    UINT32 t, x0, x1;

+    int i;

+    for (i = laneCount-1; i >= 0; --i) {

+#ifdef NO_MISALIGNED_ACCESSES

+        UINT32 low;

+        UINT32 high;

+        fromBitInterleaving(*(pS++), *(pS++), low, high, t, x0, x1);

+        *(pO++) = *(pI++) ^ low;

+        *(pO++) = *(pI++) ^ high;

+#else

+        fromBitInterleavingAndXOR(*(pS++), *(pS++), *(pI++), *(pI++), *(pO++), *(pO++), t, x0, x1)

+#endif

+    }

+#else

+    unsigned int lanePosition;

+    for(lanePosition=0; lanePosition<laneCount; lanePosition++) {

+        UINT32 *stateAsHalfLanes = (UINT32*)state;

+        UINT32 low, high, temp, temp0, temp1;

+        UINT8 laneAsBytes[8];

+        fromBitInterleaving(stateAsHalfLanes[lanePosition*2], stateAsHalfLanes[lanePosition*2+1], low, high, temp, temp0, temp1);

+        laneAsBytes[0] = low & 0xFF;

+        laneAsBytes[1] = (low >> 8) & 0xFF;

+        laneAsBytes[2] = (low >> 16) & 0xFF;

+        laneAsBytes[3] = (low >> 24) & 0xFF;

+        laneAsBytes[4] = high & 0xFF;

+        laneAsBytes[5] = (high >> 8) & 0xFF;

+        laneAsBytes[6] = (high >> 16) & 0xFF;

+        laneAsBytes[7] = (high >> 24) & 0xFF;

+        ((UINT32*)(output+lanePosition*8))[0] = ((UINT32*)(input+lanePosition*8))[0] ^ (*(const UINT32*)(laneAsBytes+0));

+        ((UINT32*)(output+lanePosition*8))[1] = ((UINT32*)(input+lanePosition*8))[0] ^ (*(const UINT32*)(laneAsBytes+4));

+    }

+#endif

+}

+/* ---------------------------------------------------------------- */

+

+void KeccakP1600_ExtractAndAddBytes(const void *state, const unsigned char *input, unsigned char *output, unsigned int offset, unsigned int length)

+{

+    SnP_ExtractAndAddBytes(state, input, output, offset, length, KeccakP1600_ExtractAndAddLanes, KeccakP1600_ExtractAndAddBytesInLane, 8);

+}

+

+/* ---------------------------------------------------------------- */

+

+static const UINT32 KeccakF1600RoundConstants_int2[2*24+1] =

+{

+    0x00000001UL,    0x00000000UL,

+    0x00000000UL,    0x00000089UL,

+    0x00000000UL,    0x8000008bUL,

+    0x00000000UL,    0x80008080UL,

+    0x00000001UL,    0x0000008bUL,

+    0x00000001UL,    0x00008000UL,

+    0x00000001UL,    0x80008088UL,

+    0x00000001UL,    0x80000082UL,

+    0x00000000UL,    0x0000000bUL,

+    0x00000000UL,    0x0000000aUL,

+    0x00000001UL,    0x00008082UL,

+    0x00000000UL,    0x00008003UL,

+    0x00000001UL,    0x0000808bUL,

+    0x00000001UL,    0x8000000bUL,

+    0x00000001UL,    0x8000008aUL,

+    0x00000001UL,    0x80000081UL,

+    0x00000000UL,    0x80000081UL,

+    0x00000000UL,    0x80000008UL,

+    0x00000000UL,    0x00000083UL,

+    0x00000000UL,    0x80008003UL,

+    0x00000001UL,    0x80008088UL,

+    0x00000000UL,    0x80000088UL,

+    0x00000001UL,    0x00008000UL,

+    0x00000000UL,    0x80008082UL,

+    0x000000FFUL

+};

+

+#define KeccakAtoD_round0() \

+        Cx = Abu0^Agu0^Aku0^Amu0^Asu0; \

+        Du1 = Abe1^Age1^Ake1^Ame1^Ase1; \

+        Da0 = Cx^ROL32(Du1, 1); \

+        Cz = Abu1^Agu1^Aku1^Amu1^Asu1; \

+        Du0 = Abe0^Age0^Ake0^Ame0^Ase0; \

+        Da1 = Cz^Du0; \

+\

+        Cw = Abi0^Agi0^Aki0^Ami0^Asi0; \

+        Do0 = Cw^ROL32(Cz, 1); \

+        Cy = Abi1^Agi1^Aki1^Ami1^Asi1; \

+        Do1 = Cy^Cx; \

+\

+        Cx = Aba0^Aga0^Aka0^Ama0^Asa0; \

+        De0 = Cx^ROL32(Cy, 1); \

+        Cz = Aba1^Aga1^Aka1^Ama1^Asa1; \

+        De1 = Cz^Cw; \

+\

+        Cy = Abo1^Ago1^Ako1^Amo1^Aso1; \

+        Di0 = Du0^ROL32(Cy, 1); \

+        Cw = Abo0^Ago0^Ako0^Amo0^Aso0; \

+        Di1 = Du1^Cw; \

+\

+        Du0 = Cw^ROL32(Cz, 1); \

+        Du1 = Cy^Cx; \

+

+#define KeccakAtoD_round1() \

+        Cx = Asu0^Agu0^Amu0^Abu1^Aku1; \

+        Du1 = Age1^Ame0^Abe0^Ake1^Ase1; \

+        Da0 = Cx^ROL32(Du1, 1); \

+        Cz = Asu1^Agu1^Amu1^Abu0^Aku0; \

+        Du0 = Age0^Ame1^Abe1^Ake0^Ase0; \

+        Da1 = Cz^Du0; \

+\

+        Cw = Aki1^Asi1^Agi0^Ami1^Abi0; \

+        Do0 = Cw^ROL32(Cz, 1); \

+        Cy = Aki0^Asi0^Agi1^Ami0^Abi1; \

+        Do1 = Cy^Cx; \

+\

+        Cx = Aba0^Aka1^Asa0^Aga0^Ama1; \

+        De0 = Cx^ROL32(Cy, 1); \

+        Cz = Aba1^Aka0^Asa1^Aga1^Ama0; \

+        De1 = Cz^Cw; \

+\

+        Cy = Amo0^Abo1^Ako0^Aso1^Ago0; \

+        Di0 = Du0^ROL32(Cy, 1); \

+        Cw = Amo1^Abo0^Ako1^Aso0^Ago1; \

+        Di1 = Du1^Cw; \

+\

+        Du0 = Cw^ROL32(Cz, 1); \

+        Du1 = Cy^Cx; \

+

+#define KeccakAtoD_round2() \

+        Cx = Aku1^Agu0^Abu1^Asu1^Amu1; \

+        Du1 = Ame0^Ake0^Age0^Abe0^Ase1; \

+        Da0 = Cx^ROL32(Du1, 1); \

+        Cz = Aku0^Agu1^Abu0^Asu0^Amu0; \

+        Du0 = Ame1^Ake1^Age1^Abe1^Ase0; \

+        Da1 = Cz^Du0; \

+\

+        Cw = Agi1^Abi1^Asi1^Ami0^Aki1; \

+        Do0 = Cw^ROL32(Cz, 1); \

+        Cy = Agi0^Abi0^Asi0^Ami1^Aki0; \

+        Do1 = Cy^Cx; \

+\

+        Cx = Aba0^Asa1^Ama1^Aka1^Aga1; \

+        De0 = Cx^ROL32(Cy, 1); \

+        Cz = Aba1^Asa0^Ama0^Aka0^Aga0; \

+        De1 = Cz^Cw; \

+\

+        Cy = Aso0^Amo0^Ako1^Ago0^Abo0; \