RubyGems - sha3-ruby - Versions diffs - 0.0.1 - Mend

sha3-ruby 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (186) hide show

data/ext/sha3/KeccakReferenceAndOptimized/Sources/KeccakF-1600-avr8.c ADDED Viewed

@@ -0,0 +1,163 @@
+/*
+The Keccak sponge function, designed by Guido Bertoni, Joan Daemen,
+Michaël Peeters and Gilles Van Assche. For more information, feedback or
+questions, please refer to our website: http://keccak.noekeon.org/
+Implementation by Ronny Van Keer,
+hereby denoted as "the implementer".
+To the extent possible under law, the implementer has waived all copyright
+and related or neighboring rights to the source code in this file.
+http://creativecommons.org/publicdomain/zero/1.0/
+*/
+#include <string.h>
+#include <avr/pgmspace.h>
+#include "AVR8-rotate64.h"
+typedef unsigned char				UINT8;
+typedef UINT8								tSmallUInt;
+typedef unsigned long long  UINT64;
+typedef UINT64 							tKeccakLane;
+#define cKeccakLaneSizeInBits   (sizeof(tKeccakLane) * 8)
+#define cKeccakNumberOfRounds   24
+static tKeccakLane KeccakF_RoundConstants[cKeccakNumberOfRounds] PROGMEM =
+{
+    (tKeccakLane)0x0000000000000001ULL,
+    (tKeccakLane)0x0000000000008082ULL,
+    (tKeccakLane)0x800000000000808aULL,
+    (tKeccakLane)0x8000000080008000ULL,
+    (tKeccakLane)0x000000000000808bULL,
+    (tKeccakLane)0x0000000080000001ULL,
+    (tKeccakLane)0x8000000080008081ULL,
+    (tKeccakLane)0x8000000000008009ULL,
+    (tKeccakLane)0x000000000000008aULL,
+    (tKeccakLane)0x0000000000000088ULL,
+    (tKeccakLane)0x0000000080008009ULL,
+    (tKeccakLane)0x000000008000000aULL,
+    (tKeccakLane)0x000000008000808bULL,
+    (tKeccakLane)0x800000000000008bULL,
+    (tKeccakLane)0x8000000000008089ULL,
+    (tKeccakLane)0x8000000000008003ULL,
+    (tKeccakLane)0x8000000000008002ULL,
+    (tKeccakLane)0x8000000000000080ULL,
+    (tKeccakLane)0x000000000000800aULL,
+    (tKeccakLane)0x800000008000000aULL,
+    (tKeccakLane)0x8000000080008081ULL,
+    (tKeccakLane)0x8000000000008080ULL,
+    (tKeccakLane)0x0000000080000001ULL,
+    (tKeccakLane)0x8000000080008008ULL
+};
+static tSmallUInt KeccakF_RotationConstants[24] PROGMEM =
+{
+	 ROT_CODE( 1), ROT_CODE( 3), ROT_CODE( 6), ROT_CODE(10), ROT_CODE(15),
+	 ROT_CODE(21), ROT_CODE(28), ROT_CODE(36), ROT_CODE(45), ROT_CODE(55),
+	 ROT_CODE( 2), ROT_CODE(14), ROT_CODE(27), ROT_CODE(41), ROT_CODE(56),
+	 ROT_CODE( 8), ROT_CODE(25), ROT_CODE(43), ROT_CODE(62), ROT_CODE(18),
+	 ROT_CODE(39), ROT_CODE(61), ROT_CODE(20), ROT_CODE(44)
+};
+static tSmallUInt KeccakF_PiLane[24] PROGMEM =
+{
+    10,  7, 11, 17, 18,  3,  5, 16,  8, 21, 24,  4, 15, 23, 19, 13, 12,  2, 20, 14, 22,  9,  6,  1
+};
+static tSmallUInt KeccakF_Mod5[10] PROGMEM =
+{
+    0, 1, 2, 3, 4, 0, 1, 2, 3, 4
+};
+void KeccakF( tKeccakLane * state )
+{
+	tSmallUInt	round;
+	tKeccakLane	C[5];
+	// prepare Theta
+	{
+		tSmallUInt x;
+		tKeccakLane	* pC;
+		for ( x = 0, pC = C; x < 5; ++x, ++pC )
+		{
+			*pC = state[x] ^ state[5 + x] ^ state[10 + x] ^ state[15 + x] ^ state[20 + x];
+		}
+	}
+  for( round = 0; round < cKeccakNumberOfRounds; ++round )
+  {
+		// Theta
+  	{
+			tSmallUInt x;
+			for ( x = 0; x < 5; ++x )
+			{
+				tKeccakLane temp;
+				tSmallUInt y;
+				temp = rotate64_1bit_left( C[pgm_read_byte((KeccakF_Mod5+1)+x)] );
+				temp ^= C[pgm_read_byte((KeccakF_Mod5+4)+x)];
+				for ( y = 0; y < 25; y += 5 )
+				{
+					state[y + x] ^= temp;
+				}
+			}
+		}
+    // Rho Pi
+    {
+			tKeccakLane temp;
+			tSmallUInt x;
+			temp = state[1];
+			for ( x = 0; x < 24; ++x )
+			{
+				tSmallUInt t;
+				tKeccakLane T[1];
+				t = pgm_read_byte(&KeccakF_PiLane[x]);
+				T[0] = state[t];
+				state[t] = rotate64left_code( temp, pgm_read_byte(&KeccakF_RotationConstants[x]) );
+				temp = T[0];
+			}
+		}
+		// Chi Iota Prepare Theta
+		{
+			tSmallUInt z;
+			UINT8 * p = (unsigned char *)state;
+			UINT8 * pC = (unsigned char *)C;
+			for( z = 0; z < 8; ++z, ++p, ++pC )
+			{
+				tSmallUInt y;
+				UINT8 c0, c1, c2, c3, c4, t;
+				c0 = c1 = c2 = c3 = c4 = 0;
+				for( y = 5; y != 0; --y, p += 40 )
+				{
+					UINT8 a0 = *p;
+					UINT8 a1 = *(p+8);
+					UINT8 a2 = *(p+16);
+					UINT8 a3 = *(p+24);
+					UINT8 a4 = *(p+32);
+					*p			= t = a0 ^ ((~a1) & a2); c0 ^= t;
+					*(p+8)	= t = a1 ^ ((~a2) & a3); c1 ^= t;
+					*(p+16) = a2 ^= ((~a3) & a4); c2 ^= a2;
+					*(p+24) = a3 ^= ((~a4) & a0); c3 ^= a3;
+					*(p+32) = a4 ^= ((~a0) & a1); c4 ^= a4;
+				}
+				p -= 5 * 5 * 8;
+				y = pgm_read_byte( (UINT8 *)(KeccakF_RoundConstants+round) + z );
+				*p ^= y;
+				*pC 			= c0 ^ y;
+				*(pC+ 8)	= c1;
+				*(pC+16)	= c2;
+				*(pC+24)	= c3;
+				*(pC+32)	= c4;
+			}
+		}
+  }
+}

data/ext/sha3/KeccakReferenceAndOptimized/Sources/KeccakF-1600-avr8asm-compact.s ADDED Viewed

@@ -0,0 +1,647 @@
+/*
+The Keccak sponge function, designed by Guido Bertoni, Joan Daemen,
+Michaël Peeters and Gilles Van Assche. For more information, feedback or
+questions, please refer to our website: http://keccak.noekeon.org/
+Implementation by Ronny Van Keer, hereby denoted as "the implementer".
+To the extent possible under law, the implementer has waived all copyright
+and related or neighboring rights to the source code in this file.
+http://creativecommons.org/publicdomain/zero/1.0/
+*/
+#include "Keccak-avr8-settings.h"
+#include "crypto_hash.h"
+#define	cKeccakR_SizeInBytes	(cKeccakR/8)
+#ifndef crypto_hash_BYTES
+    #ifdef cKeccakFixedOutputLengthInBytes
+        #define crypto_hash_BYTES cKeccakFixedOutputLengthInBytes
+    #else
+        #define crypto_hash_BYTES cKeccakR_SizeInBytes
+    #endif
+#endif
+//	Registers used in all routines
+#define	zero			1
+#define	rpState		24
+#define	rX				26
+#define	rY				28
+#define	rZ				30
+/*
+ * int crypto_hash( unsigned char *out, const unsigned char *in, unsigned long long inlen )
+ *
+ * argument out   is passed in r24:r25
+ * argument in    is passed in r22:r23
+ * argument inlen is passed in r14:r21, only lowest 16-bits (r14-r15) are used
+ */
+.global crypto_hash		// populate.py, please update crypto_hash
+crypto_hash:			// populate.py, please update crypto_hash
+	//	crypto_hash only registers
+	#define	rT1				16
+	#define	rT2				17
+	#define	rT3				18
+	#define	rInLen		22 //(2 regs)
+	#define	sp				0x3D
+	push	r2
+	push	r3
+	push	r4
+	push	r5
+	push	r6
+	push	r7
+	push	r8
+	push	r9
+	push	r10
+	push	r11
+	push	r12
+	push	r13
+	push	r14
+	push	r15
+	push	r16
+	push	r17
+	push	r28
+	push	r29
+	//	Allocate state (25*8) + C variables (5*8)
+	in		rZ,			 			sp
+	in		rZ+1, 				sp+1
+	subi  rZ,			  		240
+	sbci  rZ+1,					0
+	in		r0,						0x3F
+	cli
+	out		sp+1, 				rZ+1
+	out		sp,						rZ
+	out		0x3F,					r0
+	adiw	rZ,						41			// pointer to start of state, end of C, compensate post decrement
+	push	r24										// save out pointer
+	push	r25
+	movw	rpState,			rZ
+	movw	rY, 					r22				//y contains in pointer
+	movw	rInLen,				r14
+	ldi		rT3,					5*5*8			//clear state
+clearStateLoop:
+	st		z+,						zero
+	dec		rT3
+	brne	clearStateLoop
+	//	Full blocks
+	cpi		rInLen,				cKeccakR_SizeInBytes
+	cpc		rInLen+1,			zero
+	brcs	ch_lastblock
+ch_FullRateLoop:
+	ldi		rT3, 					cKeccakR_SizeInBytes
+	movw	rZ, 					rpState
+ch_XorLanesLoop:
+	ld		rT1,					Y+
+	ld		rT2, 					Z
+	eor		rT1, 					rT2
+	st		Z+, 					rT1
+	subi	rT3, 					1
+	brne	ch_XorLanesLoop
+	push	rY
+	push	rY+1
+	call  KeccakF
+	pop		rY+1
+	pop		rY
+	subi  rInLen,   		cKeccakR_SizeInBytes
+	sbci  rInLen+1, 		0
+	cpi   rInLen,   		cKeccakR_SizeInBytes
+	cpc   rInLen+1, 		zero
+	brcc	ch_FullRateLoop
+ch_lastblock:					//	XOR last uncomplete block into state
+	movw	rZ, 					rpState
+	subi	rInLen,				0
+	breq	ch_Padding
+ch_xorBytesLoop:
+	ld		rT1, 					Y+
+	ld		rT2, 					Z
+	eor		rT1, 					rT2
+	st		Z+, 					rT1
+	subi	rInLen,				1
+	brne	ch_xorBytesLoop
+ch_Padding:
+	ldi		rT1,					1
+	ld		rT2,					Z
+	eor		rT1,					rT2
+	st		Z,						rT1
+	ldi		rZ,						cKeccakR_SizeInBytes-1
+	add		rZ,						rpState
+	mov		rZ+1,					rpState+1
+	adc		rZ+1,					zero
+	ld		rT1,					Z
+	subi	rT1,					0x80
+	st		Z,						rT1
+	call  KeccakF
+	//output
+	ldi		rT3,			 		crypto_hash_BYTES
+	movw	rY, 					rpState
+	pop		rZ+1																	; restore out pointer
+	pop		rZ
+outputLoop:
+	ld		rT1,					Y+
+	st		Z+, 					rT1
+	dec		rT3
+	brne  outputLoop
+	//	Free state and pop registers
+	ldi		rZ,						199
+	add		rpState,			rZ
+	adc		rpState+1,		zero
+	in		r0,						0x3F
+	cli
+	out		sp+1, 				rpState+1
+	out		sp,						rpState
+	out		0x3F,					r0
+	pop		r29
+	pop		r28
+	pop		r17
+	pop		r16
+	pop		r15
+	pop		r14
+	pop		r13
+	pop		r12
+	pop		r11
+	pop		r10
+	pop		r9
+	pop		r8
+	pop		r7
+	pop		r6
+	pop		r5
+	pop		r4
+	pop		r3
+	pop		r2
+	// return 0
+	mov		r24, 					zero
+	mov		r25, 					zero
+	#undef	rInLen
+	#undef	rT1
+	#undef	rT2
+	#undef	rT3
+	#undef	sp
+	ret
+//#define ROT_BIT(a)	 (a <= 4) ? ((a == 0) ? 0x80 : (a & 7)) : (0x80 | (8-a))
+#define ROT_BIT(a)	 ((a) & 7)
+#define ROT_BYTE(a)	 (((a)/8 + !!(((a)%8) > 4)) & 7)
+KeccakF_RhoPiConstants:
+	.BYTE	 ROT_BIT( 1), ROT_BYTE( 3),	10 * 8
+	.BYTE	 ROT_BIT( 3), ROT_BYTE( 6),	 7 * 8
+	.BYTE	 ROT_BIT( 6), ROT_BYTE(10),	11 * 8
+	.BYTE	 ROT_BIT(10), ROT_BYTE(15),	17 * 8
+	.BYTE	 ROT_BIT(15), ROT_BYTE(21),	18 * 8
+	.BYTE	 ROT_BIT(21), ROT_BYTE(28),	 3 * 8
+	.BYTE	 ROT_BIT(28), ROT_BYTE(36),	 5 * 8
+	.BYTE	 ROT_BIT(36), ROT_BYTE(45),	16 * 8
+	.BYTE	 ROT_BIT(45), ROT_BYTE(55),	 8 * 8
+	.BYTE	 ROT_BIT(55), ROT_BYTE( 2),	21 * 8
+	.BYTE	 ROT_BIT( 2), ROT_BYTE(14),	24 * 8
+	.BYTE	 ROT_BIT(14), ROT_BYTE(27),	 4 * 8
+	.BYTE	 ROT_BIT(27), ROT_BYTE(41),	15 * 8
+	.BYTE	 ROT_BIT(41), ROT_BYTE(56),	23 * 8
+	.BYTE	 ROT_BIT(56), ROT_BYTE( 8),	19 * 8
+	.BYTE	 ROT_BIT( 8), ROT_BYTE(25),	13 * 8
+	.BYTE	 ROT_BIT(25), ROT_BYTE(43),	12 * 8
+	.BYTE	 ROT_BIT(43), ROT_BYTE(62),	 2 * 8
+	.BYTE	 ROT_BIT(62), ROT_BYTE(18),	20 * 8
+	.BYTE	 ROT_BIT(18), ROT_BYTE(39),	14 * 8
+	.BYTE	 ROT_BIT(39), ROT_BYTE(61),	22 * 8
+	.BYTE	 ROT_BIT(61), ROT_BYTE(20),	 9 * 8
+	.BYTE	 ROT_BIT(20), ROT_BYTE(44),	 6 * 8
+	.BYTE	 ROT_BIT(44), ROT_BYTE( 1),	 1 * 8
+KeccakF_RoundConstants:
+	.BYTE	   0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+	.BYTE	   0x82, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+	.BYTE	   0x8a, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80
+	.BYTE	   0x00, 0x80, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80
+	.BYTE	   0x8b, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+	.BYTE	   0x01, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00
+	.BYTE	   0x81, 0x80, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80
+	.BYTE	   0x09, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80
+	.BYTE	   0x8a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+	.BYTE	   0x88, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+	.BYTE	   0x09, 0x80, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00
+	.BYTE	   0x0a, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00
+	.BYTE	   0x8b, 0x80, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00
+	.BYTE	   0x8b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80
+	.BYTE	   0x89, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80
+	.BYTE	   0x03, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80
+	.BYTE	   0x02, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80
+	.BYTE	   0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80
+	.BYTE	   0x0a, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+	.BYTE	   0x0a, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80
+	.BYTE	   0x81, 0x80, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80
+	.BYTE	   0x80, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80
+	.BYTE	   0x01, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00
+	.BYTE	   0x08, 0x80, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80
+	.BYTE	   0xFF, 0		//terminator
+	.text
+// KeccakF
+// Not callable from C!
+//
+// argument rpState is passed in r24:r25
+//
+KeccakF:
+	//	Variables used in multiple operations
+	#define	rTemp			2			// 8 regs (2-9)
+	#define	rTempBis	10		// 8 regs (10-17)
+	#define	rTempTer	18		// 2 regs (18-19)
+	#define	pRound		20		// 2 regs (20-21)
+	//	Initial Prepare Theta
+	#define	TCIPx				rTempTer
+	movw	rZ, 					rpState				// Z points to 5 C lanes
+	sbiw	rZ,						40
+	movw	rY,						rpState
+	ldi		TCIPx,				5*8
+KeccakInitialPrepTheta_Loop:
+	ld		r0,						Y
+	adiw	rY,						40
+	ld		rTemp,				Y
+	adiw	rY,						40
+	eor		r0,						rTemp
+	ld		rTemp,				Y
+	adiw	rY,						40
+	eor		r0,						rTemp
+	ld		rTemp,				Y
+	eor		r0,						rTemp
+	ldd		rTemp,				Y+40
+	eor		r0,						rTemp
+	st		Z+, 					r0
+	subi	rY,						119
+	sbc		rY+1,					zero
+	dec		TCIPx
+	brne	KeccakInitialPrepTheta_Loop
+	#undef	TCIPx
+	ldi		pRound,				lo8(KeccakF_RoundConstants)
+	ldi		pRound+1,			hi8(KeccakF_RoundConstants)
+Keccak_RoundLoop:
+	//	Theta
+	#define	TCplus			rX
+	#define	TCminus			rZ
+	#define	TCcoordX		rTempTer
+	#define	TCcoordY		rTempTer+1
+	movw	TCminus,			rpState
+	sbiw	TCminus,			1*8
+	movw	TCplus,				rpState
+	sbiw	TCplus,				4*8
+	movw	rY,						rpState
+	ldi		TCcoordX,			0x16
+KeccakTheta_Loop1:
+	ld		rTemp+0,			X+
+	ld		rTemp+1,			X+
+	ld		rTemp+2,			X+
+	ld		rTemp+3,			X+
+	ld		rTemp+4,			X+
+	ld		rTemp+5,			X+
+	ld		rTemp+6,			X+
+	ld		rTemp+7,			X+
+	lsl		rTemp+0
+	rol		rTemp+1
+	rol		rTemp+2
+	rol		rTemp+3
+	rol		rTemp+4
+	rol		rTemp+5
+	rol		rTemp+6
+	rol		rTemp+7
+	adc		rTemp+0, 			zero
+	ld		r0,						Z+
+	eor		rTemp+0,			r0
+	ld		r0,						Z+
+	eor		rTemp+1,			r0
+	ld		r0,						Z+
+	eor		rTemp+2,			r0
+	ld		r0,						Z+
+	eor		rTemp+3,			r0
+	ld		r0,						Z+
+	eor		rTemp+4,			r0
+	ld		r0,						Z+
+	eor		rTemp+5,			r0
+	ld		r0,						Z+
+	eor		rTemp+6,			r0
+	ld		r0,						Z+
+	eor		rTemp+7,			r0
+	ldi		TCcoordY,			5
+KeccakTheta_Loop2:
+	ld		r0,						Y
+	eor		r0, 					rTemp+0
+	st		Y+, 					r0
+	ld		r0,						Y
+	eor		r0, 					rTemp+1
+	st		Y+, 					r0
+	ld		r0,						Y
+	eor		r0, 					rTemp+2
+	st		Y+, 					r0
+	ld		r0,						Y
+	eor		r0, 					rTemp+3
+	st		Y+, 					r0
+	ld		r0,						Y
+	eor		r0, 					rTemp+4
+	st		Y+, 					r0
+	ld		r0,						Y
+	eor		r0, 					rTemp+5
+	st		Y+, 					r0
+	ld		r0,						Y
+	eor		r0, 					rTemp+6
+	st		Y+, 					r0
+	ld		r0,						Y
+	eor		r0, 					rTemp+7
+	st		Y+, 					r0
+	adiw	rY, 					32
+	dec		TCcoordY
+	brne	KeccakTheta_Loop2
+	subi	rY, 					200-8
+	sbc		rY+1, 				zero
+	lsr		TCcoordX
+	brcc	1f
+	breq	KeccakTheta_End
+	rjmp	KeccakTheta_Loop1
+1:
+	cpi		TCcoordX, 		0x0B
+	brne	2f
+	sbiw	TCminus, 			40
+	rjmp	KeccakTheta_Loop1
+2:
+	sbiw	TCplus,				40
+	rjmp	KeccakTheta_Loop1
+KeccakTheta_End:
+	#undef	TCplus
+	#undef	TCminus
+	#undef	TCcoordX
+	#undef	TCcoordY
+	//	Rho Pi
+	#define	RPindex			rTempTer+0
+	#define	RPTemp			rTempTer+1
+	sbiw	rY, 					32
+	ld		rTemp+0,			Y+
+	ld		rTemp+1,			Y+
+	ld		rTemp+2,			Y+
+	ld		rTemp+3,			Y+
+	ld		rTemp+4,			Y+
+	ld		rTemp+5,			Y+
+	ld		rTemp+6,			Y+
+	ld		rTemp+7,			Y+
+	ldi		rZ,						lo8(KeccakF_RhoPiConstants)
+	ldi		rZ+1,					hi8(KeccakF_RhoPiConstants)
+KeccakRhoPi_Loop:
+	;	do bit rotation
+	lpm		RPTemp,				Z+		;get nuber of bits to rotate
+	cpi		RPTemp,				5
+	brcs	rotate64_nbit_leftOrNot
+	neg		RPTemp
+	andi	RPTemp,				3
+rotate64_nbit_right:
+	bst		rTemp, 				0
+	ror		rTemp+7
+	ror		rTemp+6
+	ror		rTemp+5
+	ror		rTemp+4
+	ror		rTemp+3
+	ror		rTemp+2
+	ror		rTemp+1
+	ror		rTemp
+	bld		rTemp+7, 			7
+	dec		RPTemp
+	brne	rotate64_nbit_right
+	rjmp	KeccakRhoPi_RhoBitRotateDone
+rotate64_nbit_leftOrNot:
+	tst		RPTemp
+	breq	KeccakRhoPi_RhoBitRotateDone
+rotate64_nbit_left:
+	lsl		rTemp
+	rol		rTemp+1
+	rol		rTemp+2
+	rol		rTemp+3
+	rol 	rTemp+4
+	rol		rTemp+5
+	rol		rTemp+6
+	rol		rTemp+7
+	adc		rTemp, 				r1
+	dec		RPTemp
+	brne	rotate64_nbit_left
+KeccakRhoPi_RhoBitRotateDone:
+	lpm		r0,						Z+		;get number of bytes to rotate
+	lpm		RPindex,			Z+		;get index in state
+	movw	rY,						rpState
+	add		rY,						RPindex
+	adc		rY+1, 				zero
+	ldi		rX,						rTempBis
+	add		rX,						r0
+	mov		rX+1,					zero
+	ldi		RPTemp,				8
+KeccakRhoPi_PiByteRotLoop:
+	ld		r0,						Y+
+	st		X+,						r0
+	cpi		rX,						rTempBis+8
+	brne	KeccakRhoPi_PiByteRotFirst
+	ldi		rX,						rTempBis
+KeccakRhoPi_PiByteRotFirst:
+	dec		RPTemp
+	brne	KeccakRhoPi_PiByteRotLoop
+	sbiw	rY, 					8
+	st		Y+,						rTemp+0
+	st		Y+,						rTemp+1
+	st		Y+,						rTemp+2
+	st		Y+,						rTemp+3
+	st		Y+,						rTemp+4
+	st		Y+,						rTemp+5
+	st		Y+,						rTemp+6
+	st		Y+,						rTemp+7
+	movw	rTemp+0,			rTempBis+0
+	movw	rTemp+2,			rTempBis+2
+	movw	rTemp+4,			rTempBis+4
+	movw	rTemp+6,			rTempBis+6
+KeccakRhoPi_RhoDone:
+	subi	RPindex, 			8
+	brne	KeccakRhoPi_Loop
+	#undef	RPindex
+	#undef	RPTemp
+	//	Chi Iota prepare Theta
+	#define	CIPTa0			rTemp
+	#define	CIPTa1			rTemp+1
+	#define	CIPTa2			rTemp+2
+	#define	CIPTa3			rTemp+3
+	#define	CIPTa4			rTemp+4
+	#define	CIPTc0			rTempBis
+	#define	CIPTc1			rTempBis+1
+	#define	CIPTc2			rTempBis+2
+	#define	CIPTc3			rTempBis+3
+	#define	CIPTc4			rTempBis+4
+	#define	CIPTz				rTempBis+6
+	#define	CIPTy				rTempBis+7
+	movw	rY,						rpState
+	movw	rX,			 			rpState			; 5 * C
+	sbiw	rX,						40
+	movw	rZ, 					pRound
+	ldi		CIPTz,				8
+KeccakChiIotaPrepareTheta_zLoop:
+	mov		CIPTc0,				zero
+	mov		CIPTc1,				zero
+	movw	CIPTc2,				CIPTc0
+	mov		CIPTc4,				zero
+	ldi		CIPTy,				5
+KeccakChiIotaPrepareTheta_yLoop:
+	ld		CIPTa0,				Y
+	ldd		CIPTa1,				Y+8
+	ldd		CIPTa2,				Y+16
+	ldd		CIPTa3,				Y+24
+	ldd		CIPTa4,				Y+32
+	;*p			= t = a0 ^ ((~a1) & a2); c0 ^= t;
+	mov		r0, 					CIPTa1
+	com		r0
+	and		r0,						CIPTa2
+	eor		r0,						CIPTa0
+	eor		CIPTc0,				r0
+	st		Y,  					r0
+	;*(p+8)	= t = a1 ^ ((~a2) & a3); c1 ^= t;
+	mov		r0, 					CIPTa2
+	com		r0
+	and		r0,						CIPTa3
+	eor		r0,						CIPTa1
+	eor		CIPTc1,				r0
+	std		Y+8, 					r0
+	;*(p+16) = a2 ^= ((~a3) & a4); c2 ^= a2;
+	mov		r0, 					CIPTa3
+	com		r0
+	and		r0,						CIPTa4
+	eor		r0,						CIPTa2
+	eor		CIPTc2,				r0
+	std		Y+16,					r0
+	;*(p+24) = a3 ^= ((~a4) & a0); c3 ^= a3;
+	mov		r0, 					CIPTa4
+	com		r0
+	and		r0,						CIPTa0
+	eor		r0,						CIPTa3
+	eor		CIPTc3,				r0
+	std		Y+24,					r0
+	;*(p+32) = a4 ^= ((~a0) & a1); c4 ^= a4;
+	com		CIPTa0
+	and		CIPTa0,				CIPTa1
+	eor		CIPTa0,				CIPTa4
+	eor		CIPTc4,				CIPTa0
+	std		Y+32,					CIPTa0
+	adiw	rY,						40
+	dec		CIPTy
+	brne	KeccakChiIotaPrepareTheta_yLoop
+	subi	rY,						200
+	sbc		rY+1,					zero
+	lpm		r0, 					Z+		;Round Constant
+	ld		CIPTa0,				Y
+	eor		CIPTa0,				r0
+	st		Y+,						CIPTa0
+	movw	pRound,				rZ
+	movw	rZ,						rX
+	eor		CIPTc0,				r0
+	st		Z+,						CIPTc0
+	std		Z+7,					CIPTc1
+	std		Z+15,					CIPTc2
+	std		Z+23,					CIPTc3
+	std		Z+31,					CIPTc4
+	movw	rX,						rZ
+	movw	rZ,						pRound
+	dec		CIPTz
+	brne	KeccakChiIotaPrepareTheta_zLoop
+	#undef	CIPTa0
+	#undef	CIPTa1
+	#undef	CIPTa2
+	#undef	CIPTa3
+	#undef	CIPTa4
+	#undef	CIPTc0
+	#undef	CIPTc1
+	#undef	CIPTc2
+	#undef	CIPTc3
+	#undef	CIPTc4
+	#undef	CIPTz
+	#undef	CIPTy
+	;Check for terminator
+	lpm		r0,						Z
+	inc		r0
+	breq	Keccak_Done
+	rjmp	Keccak_RoundLoop
+Keccak_Done:
+	ret
+	#undef	rTemp
+	#undef	rTempBis
+	#undef	rTempTer
+	#undef	pRound
+	#undef	rpState
+	#undef	zero
+	#undef	rX
+	#undef	rY
+	#undef	rZ