-rw-r--r-- 1185 libmceliece-20241009/crypto_xof/shake256/unrollround/shake256.c raw
// 20221231 djb
#include <inttypes.h>
#include <string.h>
#include "crypto_xof.h"
static inline uint64_t ROL(uint64_t x,int b)
{
return (x<<b)|(x>>(64-b));
}
static inline uint64_t load64(const unsigned char *x)
{
uint64_t result = 0;
int i;
for (i = 0;i < 8;++i)
result |= ((uint64_t) x[i])<<(8*i);
return result;
}
#include "keccak.inc"
#define ratebytes 136
#define padding 31
void crypto_xof(
unsigned char *h,long long hlen,
const unsigned char *m,long long mlen
)
{
uint64_t state[25];
unsigned char t[ratebytes];
int i;
memset(state,0,sizeof state);
while (mlen >= ratebytes) {
for (i = 0;i < ratebytes/8;++i)
state[i] ^= load64(m+8*i);
keccak(state);
m += ratebytes; mlen -= ratebytes;
}
memset(t,0,sizeof t);
memcpy(t,m,mlen);
t[mlen] = padding;
t[ratebytes-1] |= 128;
for (i = 0;i < ratebytes/8;++i)
state[i] ^= load64(t+8*i);
while (hlen >= ratebytes) {
keccak(state);
for (i = 0;i < ratebytes;++i)
h[i] = state[i/8]>>(8*(i%8));
h += ratebytes;
hlen -= ratebytes;
}
if (hlen > 0) {
keccak(state);
for (i = 0;i < hlen;++i)
h[i] = state[i/8]>>(8*(i%8));
}
}