eucrypt_ch9_keccak

raw
eucrypt_ch6_kecca...    1  -- S.MG implementation of Keccak-f permutations
eucrypt_ch6_kecca...    2 
eucrypt_ch6_kecca...    3  -- (Based on The Keccak Reference, Version 3.0, January 14, 2011, by
eucrypt_ch6_kecca...    4  --   Guido Bertoni, Joan Daemen, Michael Peeters and Gilles Van Assche)
eucrypt_ch6_kecca...    5 
eucrypt_ch6_kecca...    6  -- S.MG, 2018
eucrypt_ch6_kecca...    7 
eucrypt_ch6_kecca...    8 package SMG_Keccak is
eucrypt_ch6_kecca...    9 	pragma Pure(SMG_Keccak);  --stateless, no side effects -> can cache calls
eucrypt_ch6_kecca...   10 
eucrypt_ch6_kecca...   11   --knobs (can change as per keccak design but fixed here for S.MG purposes)--
eucrypt_ch6_kecca...   12   Keccak_L: constant := 6;  --gives keccak z (word) dimension of 2^6=64 and 
eucrypt_ch6_kecca...   13                             --therefore keccak function 1600 with current 
eucrypt_ch6_kecca...   14                             --constants (5*5*2^6)
eucrypt_ch6_kecca...   15 
eucrypt_ch6_kecca...   16   --constants: dimensions of keccak state and number of rounds
eucrypt_ch6_kecca...   17   XY_Length: constant := 5;
eucrypt_ch6_kecca...   18   Z_Length: constant := 2**Keccak_L;
eucrypt_ch6_kecca...   19   Width: constant := XY_Length * XY_Length * Z_Length;
eucrypt_ch6_kecca...   20   N_Rounds: constant := 12 + 2*Keccak_L;
eucrypt_ch6_kecca...   21 
eucrypt_ch6_kecca...   22   --types
eucrypt_ch6_kecca...   23   type XYCoord is mod XY_Length;
eucrypt_ch6_kecca...   24   type ZCoord is mod Z_Length;
eucrypt_ch6_kecca...   25   type Round_Index is mod N_Rounds;
eucrypt_ch6_kecca...   26 
eucrypt_ch6_kecca...   27   type ZWord is mod 2**Z_Length;	--"lane" in keccak ref
eucrypt_ch6_kecca...   28   type Plane is array(XYCoord) of ZWord; --a "horizontal slice" of keccak state
eucrypt_ch6_kecca...   29   type State is array(XYCoord, XYCoord) of ZWord; --the full keccak state
eucrypt_ch6_kecca...   30 
eucrypt_ch6_kecca...   31   type Round_Constants is array(Round_Index) of ZWord;  --magic keccak constants
eucrypt_ch6_kecca...   32 
eucrypt_ch7_kecca...   33   -- rate can be chosen by caller at each call, between 1 and width of state
eucrypt_ch7_kecca...   34   -- higher rate means sponge "eats" more bits at a time but has fewer bits in 
eucrypt_ch7_kecca...   35   --   the "secret" part of the state (i.e. lower capacity)
eucrypt_ch7_kecca...   36   subtype Keccak_Rate is Positive range 1..Width;  -- capacity = width - rate
eucrypt_ch7_kecca...   37 
eucrypt_ch7_kecca...   38   type Bit is mod 2;
eucrypt_ch7_kecca...   39   type Bitstream is array( Natural range <> ) of Bit; -- any length; message
eucrypt_ch7_kecca...   40   subtype Bitword is Bitstream( 0..Z_Length - 1 ); -- bits of one state "word"
eucrypt_ch7_kecca...   41 
eucrypt_ch7_kecca...   42   -- type conversions
eucrypt_ch9_kecca...   43   function BitsToWord( BWord : in Bitword ) return ZWord;
eucrypt_ch9_kecca...   44   function WordToBits( Word  : in ZWord ) return Bitword;
eucrypt_ch9_kecca...   45 
eucrypt_ch9_kecca...   46   -- flip input octets (i.e. groups of 8 bits)
eucrypt_ch9_kecca...   47   function FlipOctets( BWord : in Bitword ) return Bitword;
eucrypt_ch7_kecca...   48 
eucrypt_ch7_kecca...   49   -- public function, the sponge itself
eucrypt_ch7_kecca...   50   -- Keccak sponge structure using Keccak_Function, Pad and a given bitrate;
eucrypt_ch7_kecca...   51   -- Input - the stream of bits to hash (the message)
eucrypt_ch7_kecca...   52   -- Block_Len - the bitrate to use; this is effectively the block length 
eucrypt_ch7_kecca...   53   --             for splitting Input AND squeezing output between scrambles 
eucrypt_ch7_kecca...   54   -- Output - a bitstream of desired size for holding output
eucrypt_ch7_kecca...   55   procedure Sponge(Input      : in Bitstream;
eucrypt_ch7_kecca...   56                    Block_Len  : in Keccak_Rate;
eucrypt_ch7_kecca...   57                    Output     : out Bitstream);
eucrypt_ch7_kecca...   58 
eucrypt_ch6_kecca...   59 private
eucrypt_ch6_kecca...   60   -- these are internals of the keccak implementation, not meant to be directly 
eucrypt_ch6_kecca...   61   --  accessed/used
eucrypt_ch6_kecca...   62 
eucrypt_ch7_kecca...   63   -- this will squeeze Block'Length bits out of state S
eucrypt_ch7_kecca...   64   -- NO scramble of state in here!
eucrypt_ch7_kecca...   65   -- NB: make SURE that Block'Length is the correct bitrate for this sponge
eucrypt_ch7_kecca...   66   -- in particular, Block'Length should be a correct bitrate aka LESS than Width 
eucrypt_ch7_kecca...   67   procedure SqueezeBlock( Block: out Bitstream; S: in State);
eucrypt_ch7_kecca...   68 
eucrypt_ch7_kecca...   69   -- This absorbs into sponge the given block, modifying the state accordingly
eucrypt_ch7_kecca...   70   -- NO scramble of state in here so make sure the whole Block fits in state!
eucrypt_ch7_kecca...   71   -- NB: make SURE that Block'Length is *the correct bitrate* for this sponge
eucrypt_ch7_kecca...   72   -- in particular, Block'Length should be a correct bitrate aka LESS than Width 
eucrypt_ch7_kecca...   73   procedure AbsorbBlock( Block: in Bitstream; S: in out State );
eucrypt_ch7_kecca...   74 
eucrypt_ch6_kecca...   75   --Keccak magic numbers
eucrypt_ch6_kecca...   76   RC : constant Round_Constants :=
eucrypt_ch6_kecca...   77     (
eucrypt_ch6_kecca...   78      16#0000_0000_0000_0001#,
eucrypt_ch6_kecca...   79      16#0000_0000_0000_8082#,
eucrypt_ch6_kecca...   80      16#8000_0000_0000_808A#,
eucrypt_ch6_kecca...   81      16#8000_0000_8000_8000#,
eucrypt_ch6_kecca...   82      16#0000_0000_0000_808B#,
eucrypt_ch6_kecca...   83      16#0000_0000_8000_0001#,
eucrypt_ch6_kecca...   84      16#8000_0000_8000_8081#,
eucrypt_ch6_kecca...   85      16#8000_0000_0000_8009#,
eucrypt_ch6_kecca...   86      16#0000_0000_0000_008A#,
eucrypt_ch6_kecca...   87      16#0000_0000_0000_0088#,
eucrypt_ch6_kecca...   88      16#0000_0000_8000_8009#,
eucrypt_ch6_kecca...   89      16#0000_0000_8000_000A#,
eucrypt_ch6_kecca...   90      16#0000_0000_8000_808B#,
eucrypt_ch6_kecca...   91      16#8000_0000_0000_008B#,
eucrypt_ch6_kecca...   92      16#8000_0000_0000_8089#,
eucrypt_ch6_kecca...   93      16#8000_0000_0000_8003#,
eucrypt_ch6_kecca...   94      16#8000_0000_0000_8002#,
eucrypt_ch6_kecca...   95      16#8000_0000_0000_0080#,
eucrypt_ch6_kecca...   96      16#0000_0000_0000_800A#,
eucrypt_ch6_kecca...   97      16#8000_0000_8000_000A#,
eucrypt_ch6_kecca...   98      16#8000_0000_8000_8081#,
eucrypt_ch6_kecca...   99      16#8000_0000_0000_8080#,
eucrypt_ch6_kecca...  100      16#0000_0000_8000_0001#,
eucrypt_ch6_kecca...  101      16#8000_0000_8000_8008#
eucrypt_ch6_kecca...  102     );
eucrypt_ch6_kecca...  103 
eucrypt_ch6_kecca...  104   --gnat-specific methods to have bit-ops for modular types
eucrypt_ch6_kecca...  105   function Rotate_Left( Value  : ZWord; 
eucrypt_ch6_kecca...  106 	                      Amount : Natural) 
eucrypt_ch6_kecca...  107 	                      return ZWord;
eucrypt_ch6_kecca...  108 	pragma Import(Intrinsic, Rotate_Left); 
eucrypt_ch6_kecca...  109 
eucrypt_ch6_kecca...  110 	function Shift_Right( Value  : ZWord; 
eucrypt_ch6_kecca...  111                         Amount : Natural) 
eucrypt_ch6_kecca...  112                         return ZWord;
eucrypt_ch6_kecca...  113   pragma Import(Intrinsic, Shift_Right); 
eucrypt_ch6_kecca...  114 
eucrypt_ch9_kecca...  115   function Shift_Left( Value  : ZWord;
eucrypt_ch9_kecca...  116                        Amount : Natural)
eucrypt_ch9_kecca...  117                        return ZWord;
eucrypt_ch9_kecca...  118   pragma Import(Intrinsic, Shift_Left);
eucrypt_ch9_kecca...  119 
eucrypt_ch7_kecca...  120   --Keccak transformations of the internal state
eucrypt_ch6_kecca...  121   function Theta ( Input       : in State) return State;
eucrypt_ch6_kecca...  122   function Rho   ( Input       : in State) return State;
eucrypt_ch6_kecca...  123   function Pi    ( Input       : in State) return State;
eucrypt_ch6_kecca...  124   function Chi   ( Input       : in State) return State;
eucrypt_ch6_kecca...  125   function Iota  ( Round_Const : in ZWord; Input : in State) return State;
eucrypt_ch6_kecca...  126 
eucrypt_ch7_kecca...  127   --Keccak function with block width currently 1600 (Width constant above)
eucrypt_ch7_kecca...  128   --this simply applies *all* keccak transformations in the correct order, using
eucrypt_ch6_kecca...  129   -- the keccak magic numbers (round constants) as per keccak reference
eucrypt_ch6_kecca...  130   function Keccak_Function(Input: in State) return State;
eucrypt_ch6_kecca...  131 
eucrypt_ch6_kecca...  132 end SMG_Keccak;