From fb8f4a68e12dc6659077b9397a7bc39059eff8f6 Mon Sep 17 00:00:00 2001
From: Mattias Andrée <maandree@operamail.com>
Date: Tue, 11 Nov 2014 20:11:17 +0100
Subject: fix bug in the c versions for smaller state sizes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Mattias Andrée <maandree@operamail.com>
---
 c/sha3.c | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

(limited to 'c/sha3.c')

diff --git a/c/sha3.c b/c/sha3.c
index d51d004..996894c 100644
--- a/c/sha3.c
+++ b/c/sha3.c
@@ -290,14 +290,14 @@ static void sha3_keccakFRound(llong* restrict_ A, llong rc)
   __C(4,  20, 21, 22, 23, 24);
   #undef __C
   
-  da = C[4] ^ rotate64(C[1], 1);
-  dd = C[2] ^ rotate64(C[4], 1);
-  db = C[0] ^ rotate64(C[2], 1);
-  de = C[3] ^ rotate64(C[0], 1);
-  dc = C[1] ^ rotate64(C[3], 1);
-  
   if (w == 64)
     {
+      da = C[4] ^ rotate64(C[1], 1);
+      dd = C[2] ^ rotate64(C[4], 1);
+      db = C[0] ^ rotate64(C[2], 1);
+      de = C[3] ^ rotate64(C[0], 1);
+      dc = C[1] ^ rotate64(C[3], 1);
+      
       /* ρ and π steps, with last two part of θ */
       #define __B(Bi, Ai, Dv, R)  B[Bi] = rotate64(A[Ai] ^ Dv, R)
       B[0] = A[0] ^ da;     __B( 1, 15, dd, 28);  __B( 2,  5, db,  1);  __B( 3, 20, de, 27);  __B( 4, 10, dc, 62);
@@ -309,6 +309,12 @@ static void sha3_keccakFRound(llong* restrict_ A, llong rc)
     }
   else
     {
+      da = C[4] ^ rotate(C[1], 1);
+      dd = C[2] ^ rotate(C[4], 1);
+      db = C[0] ^ rotate(C[2], 1);
+      de = C[3] ^ rotate(C[0], 1);
+      dc = C[1] ^ rotate(C[3], 1);
+      
       /* ρ and π steps, with last two part of θ */
       #define __B(Bi, Ai, Dv, R)  B[Bi] = rotate(A[Ai] ^ Dv, R)
       B[0] = A[0] ^ da;     __B( 1, 15, dd, 28);  __B( 2,  5, db,  1);  __B( 3, 20, de, 27);  __B( 4, 10, dc, 62);
-- 
cgit v1.2.3-70-g09d2