smg_comms_rsa

raw
smg_comms_rsa_oaep      1  -- S.MG implementation of Keccak-f permutations
smg_comms_rsa_oaep      2 
smg_comms_rsa_oaep      3  -- (Based on The Keccak Reference, Version 3.0, January 14, 2011, by
smg_comms_rsa_oaep      4  --   Guido Bertoni, Joan Daemen, Michael Peeters and Gilles Van Assche)
smg_comms_rsa_oaep      5 
smg_comms_rsa_oaep      6  -- S.MG, 2018
smg_comms_rsa_oaep      7 
smg_comms_rsa_oaep      8 package Keccak is
smg_comms_rsa_oaep      9 	pragma Pure(Keccak);  --stateless, no side effects -> can cache calls
smg_comms_rsa_oaep     10 
smg_comms_rsa_oaep     11   --knobs (can change as per keccak design but fixed here for S.MG purposes)--
smg_comms_rsa_oaep     12   Keccak_L: constant := 6;  --gives keccak z (word) dimension of 2^6=64 and 
smg_comms_rsa_oaep     13                             --therefore keccak function 1600 with current 
smg_comms_rsa_oaep     14                             --constants (5*5*2^6)
smg_comms_rsa_oaep     15 
smg_comms_rsa_oaep     16   Default_Bitrate: constant := 1344; --max bits the sponge can eat/spit without
smg_comms_rsa_oaep     17                                      --needing to scramble the state
smg_comms_rsa_oaep     18 
smg_comms_rsa_oaep     19   --constants: dimensions of keccak state and number of rounds
smg_comms_rsa_oaep     20   XY_Length: constant := 5;
smg_comms_rsa_oaep     21   Z_Length: constant := 2**Keccak_L;
smg_comms_rsa_oaep     22   Width: constant := XY_Length * XY_Length * Z_Length;
smg_comms_rsa_oaep     23   N_Rounds: constant := 12 + 2*Keccak_L;
smg_comms_rsa_oaep     24 
smg_comms_rsa_oaep     25   --types
smg_comms_rsa_oaep     26   type XYCoord is mod XY_Length;
smg_comms_rsa_oaep     27   type ZCoord is mod Z_Length;
smg_comms_rsa_oaep     28   type Round_Index is mod N_Rounds;
smg_comms_rsa_oaep     29 
smg_comms_rsa_oaep     30   type ZWord is mod 2**Z_Length;	--"lane" in keccak ref
smg_comms_rsa_oaep     31   type Plane is array(XYCoord) of ZWord; --a "horizontal slice" of keccak state
smg_comms_rsa_oaep     32   type State is array(XYCoord, XYCoord) of ZWord; --the full keccak state
smg_comms_rsa_oaep     33 
smg_comms_rsa_oaep     34   type Round_Constants is array(Round_Index) of ZWord; --magic keccak constants
smg_comms_rsa_oaep     35 
smg_comms_rsa_oaep     36   -- rate can be chosen by caller at each call, between 1 and width of state
smg_comms_rsa_oaep     37   -- higher rate means sponge "eats" more bits at a time but has fewer bits in 
smg_comms_rsa_oaep     38   --   the "secret" part of the state (i.e. lower capacity)
smg_comms_rsa_oaep     39   subtype Keccak_Rate is Positive range 1..Width;  -- capacity = width - rate
smg_comms_rsa_oaep     40 
smg_comms_rsa_oaep     41   type Bit is mod 2;
smg_comms_rsa_oaep     42   type Bitstream is array( Natural range <> ) of Bit; -- any length; message
smg_comms_rsa_oaep     43   subtype Bitword is Bitstream( 0..Z_Length - 1 ); -- bits of one state "word"
smg_comms_rsa_oaep     44 
smg_comms_rsa_oaep     45   -- type conversions
smg_comms_rsa_oaep     46   function BitsToWord( BWord : in Bitword ) return ZWord;
smg_comms_rsa_oaep     47   function WordToBits( Word  : in ZWord ) return Bitword;
smg_comms_rsa_oaep     48 
smg_comms_rsa_oaep     49   -- flip input octets (i.e. groups of 8 bits)
smg_comms_rsa_oaep     50   function FlipOctets( BWord : in Bitword ) return Bitword;
smg_comms_rsa_oaep     51 
smg_comms_rsa_oaep     52   -- public function, the sponge itself
smg_comms_rsa_oaep     53   -- Keccak sponge structure using Keccak_Function, Pad and a given bitrate;
smg_comms_rsa_oaep     54   -- Input - the stream of bits to hash (the message)
smg_comms_rsa_oaep     55   -- Output - a bitstream of desired size for holding output
smg_comms_rsa_oaep     56   -- Block_Len - the bitrate to use; this is effectively the block length 
smg_comms_rsa_oaep     57   --             for splitting Input AND squeezing output between scrambles 
smg_comms_rsa_oaep     58   procedure Sponge(Input      : in Bitstream;
smg_comms_rsa_oaep     59                    Output     : out Bitstream;
smg_comms_rsa_oaep     60                    Block_Len  : in Keccak_Rate := Default_Bitrate );
smg_comms_rsa_oaep     61 
smg_comms_rsa_oaep     62 private
smg_comms_rsa_oaep     63   -- these are internals of the keccak implementation, not meant to be directly
smg_comms_rsa_oaep     64   --  accessed/used
smg_comms_rsa_oaep     65 
smg_comms_rsa_oaep     66   -- this will squeeze Block'Length bits out of state S
smg_comms_rsa_oaep     67   -- NO scramble of state in here!
smg_comms_rsa_oaep     68   -- NB: make SURE that Block'Length is the correct bitrate for this sponge
smg_comms_rsa_oaep     69   -- specifically: Block'Length should be a correct bitrate aka LESS than Width
smg_comms_rsa_oaep     70   procedure SqueezeBlock( Block: out Bitstream; S: in State);
smg_comms_rsa_oaep     71 
smg_comms_rsa_oaep     72   -- This absorbs into sponge the given block, modifying the state accordingly
smg_comms_rsa_oaep     73   -- NO scramble of state in here so make sure the whole Block fits in state!
smg_comms_rsa_oaep     74   -- NB: make SURE that Block'Length is *the correct bitrate* for this sponge
smg_comms_rsa_oaep     75   -- specifically: Block'Length should be a correct bitrate aka LESS than Width
smg_comms_rsa_oaep     76   procedure AbsorbBlock( Block: in Bitstream; S: in out State );
smg_comms_rsa_oaep     77 
smg_comms_rsa_oaep     78   --Keccak magic numbers
smg_comms_rsa_oaep     79   RC : constant Round_Constants :=
smg_comms_rsa_oaep     80     (
smg_comms_rsa_oaep     81      16#0000_0000_0000_0001#,
smg_comms_rsa_oaep     82      16#0000_0000_0000_8082#,
smg_comms_rsa_oaep     83      16#8000_0000_0000_808A#,
smg_comms_rsa_oaep     84      16#8000_0000_8000_8000#,
smg_comms_rsa_oaep     85      16#0000_0000_0000_808B#,
smg_comms_rsa_oaep     86      16#0000_0000_8000_0001#,
smg_comms_rsa_oaep     87      16#8000_0000_8000_8081#,
smg_comms_rsa_oaep     88      16#8000_0000_0000_8009#,
smg_comms_rsa_oaep     89      16#0000_0000_0000_008A#,
smg_comms_rsa_oaep     90      16#0000_0000_0000_0088#,
smg_comms_rsa_oaep     91      16#0000_0000_8000_8009#,
smg_comms_rsa_oaep     92      16#0000_0000_8000_000A#,
smg_comms_rsa_oaep     93      16#0000_0000_8000_808B#,
smg_comms_rsa_oaep     94      16#8000_0000_0000_008B#,
smg_comms_rsa_oaep     95      16#8000_0000_0000_8089#,
smg_comms_rsa_oaep     96      16#8000_0000_0000_8003#,
smg_comms_rsa_oaep     97      16#8000_0000_0000_8002#,
smg_comms_rsa_oaep     98      16#8000_0000_0000_0080#,
smg_comms_rsa_oaep     99      16#0000_0000_0000_800A#,
smg_comms_rsa_oaep    100      16#8000_0000_8000_000A#,
smg_comms_rsa_oaep    101      16#8000_0000_8000_8081#,
smg_comms_rsa_oaep    102      16#8000_0000_0000_8080#,
smg_comms_rsa_oaep    103      16#0000_0000_8000_0001#,
smg_comms_rsa_oaep    104      16#8000_0000_8000_8008#
smg_comms_rsa_oaep    105     );
smg_comms_rsa_oaep    106 
smg_comms_rsa_oaep    107   --gnat-specific methods to have bit-ops for modular types
smg_comms_rsa_oaep    108   function Rotate_Left( Value  : ZWord; 
smg_comms_rsa_oaep    109 	                      Amount : Natural) 
smg_comms_rsa_oaep    110 	                      return ZWord;
smg_comms_rsa_oaep    111 	pragma Import(Intrinsic, Rotate_Left); 
smg_comms_rsa_oaep    112 
smg_comms_rsa_oaep    113 	function Shift_Right( Value  : ZWord; 
smg_comms_rsa_oaep    114                         Amount : Natural) 
smg_comms_rsa_oaep    115                         return ZWord;
smg_comms_rsa_oaep    116   pragma Import(Intrinsic, Shift_Right); 
smg_comms_rsa_oaep    117 
smg_comms_rsa_oaep    118   function Shift_Left( Value  : ZWord;
smg_comms_rsa_oaep    119                        Amount : Natural)
smg_comms_rsa_oaep    120                        return ZWord;
smg_comms_rsa_oaep    121   pragma Import(Intrinsic, Shift_Left);
smg_comms_rsa_oaep    122 
smg_comms_rsa_oaep    123   --Keccak transformations of the internal state
smg_comms_rsa_oaep    124   function Theta ( Input       : in State) return State;
smg_comms_rsa_oaep    125   function Rho   ( Input       : in State) return State;
smg_comms_rsa_oaep    126   function Pi    ( Input       : in State) return State;
smg_comms_rsa_oaep    127   function Chi   ( Input       : in State) return State;
smg_comms_rsa_oaep    128   function Iota  ( Round_Const : in ZWord; Input : in State) return State;
smg_comms_rsa_oaep    129 
smg_comms_rsa_oaep    130   --Keccak function with block width currently 1600 (Width constant above)
smg_comms_rsa_oaep    131   --this simply applies *all* keccak transformations in the correct order,
smg_comms_rsa_oaep    132   -- using the keccak magic numbers (round constants) as per keccak reference
smg_comms_rsa_oaep    133   function Keccak_Function(Input: in State) return State;
smg_comms_rsa_oaep    134 
smg_comms_rsa_oaep    135 end Keccak;