source: EcnlProtoTool/trunk/openssl-1.1.0e/crypto/whrlpool/wp_block.c@ 331

Last change on this file since 331 was 331, checked in by coas-nagasima, 6 years ago

prototoolに関連するプロジェクトをnewlibからmuslを使うよう変更・更新
ntshellをnewlibの下位の実装から、muslのsyscallの実装に変更・更新
以下のOSSをアップデート
・mruby-1.3.0
・musl-1.1.18
・onigmo-6.1.3
・tcc-0.9.27
以下のOSSを追加
・openssl-1.1.0e
・curl-7.57.0
・zlib-1.2.11
以下のmrbgemsを追加
・iij/mruby-digest
・iij/mruby-env
・iij/mruby-errno
・iij/mruby-iijson
・iij/mruby-ipaddr
・iij/mruby-mock
・iij/mruby-require
・iij/mruby-tls-openssl
  • Property svn:eol-style set to native
  • Property svn:mime-type set to text/x-csrc
File size: 34.2 KB
Line 
1/*
2 * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10/**
11 * The Whirlpool hashing function.
12 *
13 * <P>
14 * <b>References</b>
15 *
16 * <P>
17 * The Whirlpool algorithm was developed by
18 * <a href="mailto:pbarreto@scopus.com.br">Paulo S. L. M. Barreto</a> and
19 * <a href="mailto:vincent.rijmen@cryptomathic.com">Vincent Rijmen</a>.
20 *
21 * See
22 * P.S.L.M. Barreto, V. Rijmen,
23 * ``The Whirlpool hashing function,''
24 * NESSIE submission, 2000 (tweaked version, 2001),
25 * <https://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/whirlpool.zip>
26 *
27 * Based on "@version 3.0 (2003.03.12)" by Paulo S.L.M. Barreto and
28 * Vincent Rijmen. Lookup "reference implementations" on
29 * <http://planeta.terra.com.br/informatica/paulobarreto/>
30 *
31 * =============================================================================
32 *
33 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
34 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
35 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
36 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
37 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
38 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
39 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
40 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
41 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
42 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
43 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
44 *
45 */
46
47#include "wp_locl.h"
48#include <string.h>
49
50typedef unsigned char u8;
51#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32)
52typedef unsigned __int64 u64;
53#elif defined(__arch64__)
54typedef unsigned long u64;
55#else
56typedef unsigned long long u64;
57#endif
58
59#define ROUNDS 10
60
61#define STRICT_ALIGNMENT
62#if !defined(PEDANTIC) && (defined(__i386) || defined(__i386__) || \
63 defined(__x86_64) || defined(__x86_64__) || \
64 defined(_M_IX86) || defined(_M_AMD64) || \
65 defined(_M_X64))
66/*
67 * Well, formally there're couple of other architectures, which permit
68 * unaligned loads, specifically those not crossing cache lines, IA-64 and
69 * PowerPC...
70 */
71# undef STRICT_ALIGNMENT
72#endif
73
74#undef SMALL_REGISTER_BANK
75#if defined(__i386) || defined(__i386__) || defined(_M_IX86)
76# define SMALL_REGISTER_BANK
77# if defined(WHIRLPOOL_ASM)
78# ifndef OPENSSL_SMALL_FOOTPRINT
79/*
80 * it appears that for elder non-MMX
81 * CPUs this is actually faster!
82 */
83# define OPENSSL_SMALL_FOOTPRINT
84# endif
85# define GO_FOR_MMX(ctx,inp,num) do { \
86 extern unsigned long OPENSSL_ia32cap_P[]; \
87 void whirlpool_block_mmx(void *,const void *,size_t); \
88 if (!(OPENSSL_ia32cap_P[0] & (1<<23))) break; \
89 whirlpool_block_mmx(ctx->H.c,inp,num); return; \
90 } while (0)
91# endif
92#endif
93
94#undef ROTATE
95#ifndef PEDANTIC
96# if defined(_MSC_VER)
97# if defined(_WIN64) /* applies to both IA-64 and AMD64 */
98# pragma intrinsic(_rotl64)
99# define ROTATE(a,n) _rotl64((a),n)
100# endif
101# elif defined(__GNUC__) && __GNUC__>=2
102# if defined(__x86_64) || defined(__x86_64__)
103# if defined(L_ENDIAN)
104# define ROTATE(a,n) ({ u64 ret; asm ("rolq %1,%0" \
105 : "=r"(ret) : "J"(n),"0"(a) : "cc"); ret; })
106# elif defined(B_ENDIAN)
107 /*
108 * Most will argue that x86_64 is always little-endian. Well, yes, but
109 * then we have stratus.com who has modified gcc to "emulate"
110 * big-endian on x86. Is there evidence that they [or somebody else]
111 * won't do same for x86_64? Naturally no. And this line is waiting
112 * ready for that brave soul:-)
113 */
114# define ROTATE(a,n) ({ u64 ret; asm ("rorq %1,%0" \
115 : "=r"(ret) : "J"(n),"0"(a) : "cc"); ret; })
116# endif
117# elif defined(__ia64) || defined(__ia64__)
118# if defined(L_ENDIAN)
119# define ROTATE(a,n) ({ u64 ret; asm ("shrp %0=%1,%1,%2" \
120 : "=r"(ret) : "r"(a),"M"(64-(n))); ret; })
121# elif defined(B_ENDIAN)
122# define ROTATE(a,n) ({ u64 ret; asm ("shrp %0=%1,%1,%2" \
123 : "=r"(ret) : "r"(a),"M"(n)); ret; })
124# endif
125# endif
126# endif
127#endif
128
129#if defined(OPENSSL_SMALL_FOOTPRINT)
130# if !defined(ROTATE)
131# if defined(L_ENDIAN) /* little-endians have to rotate left */
132# define ROTATE(i,n) ((i)<<(n) ^ (i)>>(64-n))
133# elif defined(B_ENDIAN) /* big-endians have to rotate right */
134# define ROTATE(i,n) ((i)>>(n) ^ (i)<<(64-n))
135# endif
136# endif
137# if defined(ROTATE) && !defined(STRICT_ALIGNMENT)
138# define STRICT_ALIGNMENT /* ensure smallest table size */
139# endif
140#endif
141
142/*
143 * Table size depends on STRICT_ALIGNMENT and whether or not endian-
144 * specific ROTATE macro is defined. If STRICT_ALIGNMENT is not
145 * defined, which is normally the case on x86[_64] CPUs, the table is
146 * 4KB large unconditionally. Otherwise if ROTATE is defined, the
147 * table is 2KB large, and otherwise - 16KB. 2KB table requires a
148 * whole bunch of additional rotations, but I'm willing to "trade,"
149 * because 16KB table certainly trashes L1 cache. I wish all CPUs
150 * could handle unaligned load as 4KB table doesn't trash the cache,
151 * nor does it require additional rotations.
152 */
153/*
154 * Note that every Cn macro expands as two loads: one byte load and
155 * one quadword load. One can argue that that many single-byte loads
156 * is too excessive, as one could load a quadword and "milk" it for
157 * eight 8-bit values instead. Well, yes, but in order to do so *and*
158 * avoid excessive loads you have to accommodate a handful of 64-bit
159 * values in the register bank and issue a bunch of shifts and mask.
160 * It's a tradeoff: loads vs. shift and mask in big register bank[!].
161 * On most CPUs eight single-byte loads are faster and I let other
162 * ones to depend on smart compiler to fold byte loads if beneficial.
163 * Hand-coded assembler would be another alternative:-)
164 */
165#ifdef STRICT_ALIGNMENT
166# if defined(ROTATE)
167# define N 1
168# define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7
169# define C0(K,i) (Cx.q[K.c[(i)*8+0]])
170# define C1(K,i) ROTATE(Cx.q[K.c[(i)*8+1]],8)
171# define C2(K,i) ROTATE(Cx.q[K.c[(i)*8+2]],16)
172# define C3(K,i) ROTATE(Cx.q[K.c[(i)*8+3]],24)
173# define C4(K,i) ROTATE(Cx.q[K.c[(i)*8+4]],32)
174# define C5(K,i) ROTATE(Cx.q[K.c[(i)*8+5]],40)
175# define C6(K,i) ROTATE(Cx.q[K.c[(i)*8+6]],48)
176# define C7(K,i) ROTATE(Cx.q[K.c[(i)*8+7]],56)
177# else
178# define N 8
179# define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7, \
180 c7,c0,c1,c2,c3,c4,c5,c6, \
181 c6,c7,c0,c1,c2,c3,c4,c5, \
182 c5,c6,c7,c0,c1,c2,c3,c4, \
183 c4,c5,c6,c7,c0,c1,c2,c3, \
184 c3,c4,c5,c6,c7,c0,c1,c2, \
185 c2,c3,c4,c5,c6,c7,c0,c1, \
186 c1,c2,c3,c4,c5,c6,c7,c0
187# define C0(K,i) (Cx.q[0+8*K.c[(i)*8+0]])
188# define C1(K,i) (Cx.q[1+8*K.c[(i)*8+1]])
189# define C2(K,i) (Cx.q[2+8*K.c[(i)*8+2]])
190# define C3(K,i) (Cx.q[3+8*K.c[(i)*8+3]])
191# define C4(K,i) (Cx.q[4+8*K.c[(i)*8+4]])
192# define C5(K,i) (Cx.q[5+8*K.c[(i)*8+5]])
193# define C6(K,i) (Cx.q[6+8*K.c[(i)*8+6]])
194# define C7(K,i) (Cx.q[7+8*K.c[(i)*8+7]])
195# endif
196#else
197# define N 2
198# define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7, \
199 c0,c1,c2,c3,c4,c5,c6,c7
200# define C0(K,i) (((u64*)(Cx.c+0))[2*K.c[(i)*8+0]])
201# define C1(K,i) (((u64*)(Cx.c+7))[2*K.c[(i)*8+1]])
202# define C2(K,i) (((u64*)(Cx.c+6))[2*K.c[(i)*8+2]])
203# define C3(K,i) (((u64*)(Cx.c+5))[2*K.c[(i)*8+3]])
204# define C4(K,i) (((u64*)(Cx.c+4))[2*K.c[(i)*8+4]])
205# define C5(K,i) (((u64*)(Cx.c+3))[2*K.c[(i)*8+5]])
206# define C6(K,i) (((u64*)(Cx.c+2))[2*K.c[(i)*8+6]])
207# define C7(K,i) (((u64*)(Cx.c+1))[2*K.c[(i)*8+7]])
208#endif
209
210static const
211 union {
212 u8 c[(256 * N + ROUNDS) * sizeof(u64)];
213 u64 q[(256 * N + ROUNDS)];
214} Cx = {
215 {
216 /* Note endian-neutral representation:-) */
217 LL(0x18, 0x18, 0x60, 0x18, 0xc0, 0x78, 0x30, 0xd8),
218 LL(0x23, 0x23, 0x8c, 0x23, 0x05, 0xaf, 0x46, 0x26),
219 LL(0xc6, 0xc6, 0x3f, 0xc6, 0x7e, 0xf9, 0x91, 0xb8),
220 LL(0xe8, 0xe8, 0x87, 0xe8, 0x13, 0x6f, 0xcd, 0xfb),
221 LL(0x87, 0x87, 0x26, 0x87, 0x4c, 0xa1, 0x13, 0xcb),
222 LL(0xb8, 0xb8, 0xda, 0xb8, 0xa9, 0x62, 0x6d, 0x11),
223 LL(0x01, 0x01, 0x04, 0x01, 0x08, 0x05, 0x02, 0x09),
224 LL(0x4f, 0x4f, 0x21, 0x4f, 0x42, 0x6e, 0x9e, 0x0d),
225 LL(0x36, 0x36, 0xd8, 0x36, 0xad, 0xee, 0x6c, 0x9b),
226 LL(0xa6, 0xa6, 0xa2, 0xa6, 0x59, 0x04, 0x51, 0xff),
227 LL(0xd2, 0xd2, 0x6f, 0xd2, 0xde, 0xbd, 0xb9, 0x0c),
228 LL(0xf5, 0xf5, 0xf3, 0xf5, 0xfb, 0x06, 0xf7, 0x0e),
229 LL(0x79, 0x79, 0xf9, 0x79, 0xef, 0x80, 0xf2, 0x96),
230 LL(0x6f, 0x6f, 0xa1, 0x6f, 0x5f, 0xce, 0xde, 0x30),
231 LL(0x91, 0x91, 0x7e, 0x91, 0xfc, 0xef, 0x3f, 0x6d),
232 LL(0x52, 0x52, 0x55, 0x52, 0xaa, 0x07, 0xa4, 0xf8),
233 LL(0x60, 0x60, 0x9d, 0x60, 0x27, 0xfd, 0xc0, 0x47),
234 LL(0xbc, 0xbc, 0xca, 0xbc, 0x89, 0x76, 0x65, 0x35),
235 LL(0x9b, 0x9b, 0x56, 0x9b, 0xac, 0xcd, 0x2b, 0x37),
236 LL(0x8e, 0x8e, 0x02, 0x8e, 0x04, 0x8c, 0x01, 0x8a),
237 LL(0xa3, 0xa3, 0xb6, 0xa3, 0x71, 0x15, 0x5b, 0xd2),
238 LL(0x0c, 0x0c, 0x30, 0x0c, 0x60, 0x3c, 0x18, 0x6c),
239 LL(0x7b, 0x7b, 0xf1, 0x7b, 0xff, 0x8a, 0xf6, 0x84),
240 LL(0x35, 0x35, 0xd4, 0x35, 0xb5, 0xe1, 0x6a, 0x80),
241 LL(0x1d, 0x1d, 0x74, 0x1d, 0xe8, 0x69, 0x3a, 0xf5),
242 LL(0xe0, 0xe0, 0xa7, 0xe0, 0x53, 0x47, 0xdd, 0xb3),
243 LL(0xd7, 0xd7, 0x7b, 0xd7, 0xf6, 0xac, 0xb3, 0x21),
244 LL(0xc2, 0xc2, 0x2f, 0xc2, 0x5e, 0xed, 0x99, 0x9c),
245 LL(0x2e, 0x2e, 0xb8, 0x2e, 0x6d, 0x96, 0x5c, 0x43),
246 LL(0x4b, 0x4b, 0x31, 0x4b, 0x62, 0x7a, 0x96, 0x29),
247 LL(0xfe, 0xfe, 0xdf, 0xfe, 0xa3, 0x21, 0xe1, 0x5d),
248 LL(0x57, 0x57, 0x41, 0x57, 0x82, 0x16, 0xae, 0xd5),
249 LL(0x15, 0x15, 0x54, 0x15, 0xa8, 0x41, 0x2a, 0xbd),
250 LL(0x77, 0x77, 0xc1, 0x77, 0x9f, 0xb6, 0xee, 0xe8),
251 LL(0x37, 0x37, 0xdc, 0x37, 0xa5, 0xeb, 0x6e, 0x92),
252 LL(0xe5, 0xe5, 0xb3, 0xe5, 0x7b, 0x56, 0xd7, 0x9e),
253 LL(0x9f, 0x9f, 0x46, 0x9f, 0x8c, 0xd9, 0x23, 0x13),
254 LL(0xf0, 0xf0, 0xe7, 0xf0, 0xd3, 0x17, 0xfd, 0x23),
255 LL(0x4a, 0x4a, 0x35, 0x4a, 0x6a, 0x7f, 0x94, 0x20),
256 LL(0xda, 0xda, 0x4f, 0xda, 0x9e, 0x95, 0xa9, 0x44),
257 LL(0x58, 0x58, 0x7d, 0x58, 0xfa, 0x25, 0xb0, 0xa2),
258 LL(0xc9, 0xc9, 0x03, 0xc9, 0x06, 0xca, 0x8f, 0xcf),
259 LL(0x29, 0x29, 0xa4, 0x29, 0x55, 0x8d, 0x52, 0x7c),
260 LL(0x0a, 0x0a, 0x28, 0x0a, 0x50, 0x22, 0x14, 0x5a),
261 LL(0xb1, 0xb1, 0xfe, 0xb1, 0xe1, 0x4f, 0x7f, 0x50),
262 LL(0xa0, 0xa0, 0xba, 0xa0, 0x69, 0x1a, 0x5d, 0xc9),
263 LL(0x6b, 0x6b, 0xb1, 0x6b, 0x7f, 0xda, 0xd6, 0x14),
264 LL(0x85, 0x85, 0x2e, 0x85, 0x5c, 0xab, 0x17, 0xd9),
265 LL(0xbd, 0xbd, 0xce, 0xbd, 0x81, 0x73, 0x67, 0x3c),
266 LL(0x5d, 0x5d, 0x69, 0x5d, 0xd2, 0x34, 0xba, 0x8f),
267 LL(0x10, 0x10, 0x40, 0x10, 0x80, 0x50, 0x20, 0x90),
268 LL(0xf4, 0xf4, 0xf7, 0xf4, 0xf3, 0x03, 0xf5, 0x07),
269 LL(0xcb, 0xcb, 0x0b, 0xcb, 0x16, 0xc0, 0x8b, 0xdd),
270 LL(0x3e, 0x3e, 0xf8, 0x3e, 0xed, 0xc6, 0x7c, 0xd3),
271 LL(0x05, 0x05, 0x14, 0x05, 0x28, 0x11, 0x0a, 0x2d),
272 LL(0x67, 0x67, 0x81, 0x67, 0x1f, 0xe6, 0xce, 0x78),
273 LL(0xe4, 0xe4, 0xb7, 0xe4, 0x73, 0x53, 0xd5, 0x97),
274 LL(0x27, 0x27, 0x9c, 0x27, 0x25, 0xbb, 0x4e, 0x02),
275 LL(0x41, 0x41, 0x19, 0x41, 0x32, 0x58, 0x82, 0x73),
276 LL(0x8b, 0x8b, 0x16, 0x8b, 0x2c, 0x9d, 0x0b, 0xa7),
277 LL(0xa7, 0xa7, 0xa6, 0xa7, 0x51, 0x01, 0x53, 0xf6),
278 LL(0x7d, 0x7d, 0xe9, 0x7d, 0xcf, 0x94, 0xfa, 0xb2),
279 LL(0x95, 0x95, 0x6e, 0x95, 0xdc, 0xfb, 0x37, 0x49),
280 LL(0xd8, 0xd8, 0x47, 0xd8, 0x8e, 0x9f, 0xad, 0x56),
281 LL(0xfb, 0xfb, 0xcb, 0xfb, 0x8b, 0x30, 0xeb, 0x70),
282 LL(0xee, 0xee, 0x9f, 0xee, 0x23, 0x71, 0xc1, 0xcd),
283 LL(0x7c, 0x7c, 0xed, 0x7c, 0xc7, 0x91, 0xf8, 0xbb),
284 LL(0x66, 0x66, 0x85, 0x66, 0x17, 0xe3, 0xcc, 0x71),
285 LL(0xdd, 0xdd, 0x53, 0xdd, 0xa6, 0x8e, 0xa7, 0x7b),
286 LL(0x17, 0x17, 0x5c, 0x17, 0xb8, 0x4b, 0x2e, 0xaf),
287 LL(0x47, 0x47, 0x01, 0x47, 0x02, 0x46, 0x8e, 0x45),
288 LL(0x9e, 0x9e, 0x42, 0x9e, 0x84, 0xdc, 0x21, 0x1a),
289 LL(0xca, 0xca, 0x0f, 0xca, 0x1e, 0xc5, 0x89, 0xd4),
290 LL(0x2d, 0x2d, 0xb4, 0x2d, 0x75, 0x99, 0x5a, 0x58),
291 LL(0xbf, 0xbf, 0xc6, 0xbf, 0x91, 0x79, 0x63, 0x2e),
292 LL(0x07, 0x07, 0x1c, 0x07, 0x38, 0x1b, 0x0e, 0x3f),
293 LL(0xad, 0xad, 0x8e, 0xad, 0x01, 0x23, 0x47, 0xac),
294 LL(0x5a, 0x5a, 0x75, 0x5a, 0xea, 0x2f, 0xb4, 0xb0),
295 LL(0x83, 0x83, 0x36, 0x83, 0x6c, 0xb5, 0x1b, 0xef),
296 LL(0x33, 0x33, 0xcc, 0x33, 0x85, 0xff, 0x66, 0xb6),
297 LL(0x63, 0x63, 0x91, 0x63, 0x3f, 0xf2, 0xc6, 0x5c),
298 LL(0x02, 0x02, 0x08, 0x02, 0x10, 0x0a, 0x04, 0x12),
299 LL(0xaa, 0xaa, 0x92, 0xaa, 0x39, 0x38, 0x49, 0x93),
300 LL(0x71, 0x71, 0xd9, 0x71, 0xaf, 0xa8, 0xe2, 0xde),
301 LL(0xc8, 0xc8, 0x07, 0xc8, 0x0e, 0xcf, 0x8d, 0xc6),
302 LL(0x19, 0x19, 0x64, 0x19, 0xc8, 0x7d, 0x32, 0xd1),
303 LL(0x49, 0x49, 0x39, 0x49, 0x72, 0x70, 0x92, 0x3b),
304 LL(0xd9, 0xd9, 0x43, 0xd9, 0x86, 0x9a, 0xaf, 0x5f),
305 LL(0xf2, 0xf2, 0xef, 0xf2, 0xc3, 0x1d, 0xf9, 0x31),
306 LL(0xe3, 0xe3, 0xab, 0xe3, 0x4b, 0x48, 0xdb, 0xa8),
307 LL(0x5b, 0x5b, 0x71, 0x5b, 0xe2, 0x2a, 0xb6, 0xb9),
308 LL(0x88, 0x88, 0x1a, 0x88, 0x34, 0x92, 0x0d, 0xbc),
309 LL(0x9a, 0x9a, 0x52, 0x9a, 0xa4, 0xc8, 0x29, 0x3e),
310 LL(0x26, 0x26, 0x98, 0x26, 0x2d, 0xbe, 0x4c, 0x0b),
311 LL(0x32, 0x32, 0xc8, 0x32, 0x8d, 0xfa, 0x64, 0xbf),
312 LL(0xb0, 0xb0, 0xfa, 0xb0, 0xe9, 0x4a, 0x7d, 0x59),
313 LL(0xe9, 0xe9, 0x83, 0xe9, 0x1b, 0x6a, 0xcf, 0xf2),
314 LL(0x0f, 0x0f, 0x3c, 0x0f, 0x78, 0x33, 0x1e, 0x77),
315 LL(0xd5, 0xd5, 0x73, 0xd5, 0xe6, 0xa6, 0xb7, 0x33),
316 LL(0x80, 0x80, 0x3a, 0x80, 0x74, 0xba, 0x1d, 0xf4),
317 LL(0xbe, 0xbe, 0xc2, 0xbe, 0x99, 0x7c, 0x61, 0x27),
318 LL(0xcd, 0xcd, 0x13, 0xcd, 0x26, 0xde, 0x87, 0xeb),
319 LL(0x34, 0x34, 0xd0, 0x34, 0xbd, 0xe4, 0x68, 0x89),
320 LL(0x48, 0x48, 0x3d, 0x48, 0x7a, 0x75, 0x90, 0x32),
321 LL(0xff, 0xff, 0xdb, 0xff, 0xab, 0x24, 0xe3, 0x54),
322 LL(0x7a, 0x7a, 0xf5, 0x7a, 0xf7, 0x8f, 0xf4, 0x8d),
323 LL(0x90, 0x90, 0x7a, 0x90, 0xf4, 0xea, 0x3d, 0x64),
324 LL(0x5f, 0x5f, 0x61, 0x5f, 0xc2, 0x3e, 0xbe, 0x9d),
325 LL(0x20, 0x20, 0x80, 0x20, 0x1d, 0xa0, 0x40, 0x3d),
326 LL(0x68, 0x68, 0xbd, 0x68, 0x67, 0xd5, 0xd0, 0x0f),
327 LL(0x1a, 0x1a, 0x68, 0x1a, 0xd0, 0x72, 0x34, 0xca),
328 LL(0xae, 0xae, 0x82, 0xae, 0x19, 0x2c, 0x41, 0xb7),
329 LL(0xb4, 0xb4, 0xea, 0xb4, 0xc9, 0x5e, 0x75, 0x7d),
330 LL(0x54, 0x54, 0x4d, 0x54, 0x9a, 0x19, 0xa8, 0xce),
331 LL(0x93, 0x93, 0x76, 0x93, 0xec, 0xe5, 0x3b, 0x7f),
332 LL(0x22, 0x22, 0x88, 0x22, 0x0d, 0xaa, 0x44, 0x2f),
333 LL(0x64, 0x64, 0x8d, 0x64, 0x07, 0xe9, 0xc8, 0x63),
334 LL(0xf1, 0xf1, 0xe3, 0xf1, 0xdb, 0x12, 0xff, 0x2a),
335 LL(0x73, 0x73, 0xd1, 0x73, 0xbf, 0xa2, 0xe6, 0xcc),
336 LL(0x12, 0x12, 0x48, 0x12, 0x90, 0x5a, 0x24, 0x82),
337 LL(0x40, 0x40, 0x1d, 0x40, 0x3a, 0x5d, 0x80, 0x7a),
338 LL(0x08, 0x08, 0x20, 0x08, 0x40, 0x28, 0x10, 0x48),
339 LL(0xc3, 0xc3, 0x2b, 0xc3, 0x56, 0xe8, 0x9b, 0x95),
340 LL(0xec, 0xec, 0x97, 0xec, 0x33, 0x7b, 0xc5, 0xdf),
341 LL(0xdb, 0xdb, 0x4b, 0xdb, 0x96, 0x90, 0xab, 0x4d),
342 LL(0xa1, 0xa1, 0xbe, 0xa1, 0x61, 0x1f, 0x5f, 0xc0),
343 LL(0x8d, 0x8d, 0x0e, 0x8d, 0x1c, 0x83, 0x07, 0x91),
344 LL(0x3d, 0x3d, 0xf4, 0x3d, 0xf5, 0xc9, 0x7a, 0xc8),
345 LL(0x97, 0x97, 0x66, 0x97, 0xcc, 0xf1, 0x33, 0x5b),
346 LL(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
347 LL(0xcf, 0xcf, 0x1b, 0xcf, 0x36, 0xd4, 0x83, 0xf9),
348 LL(0x2b, 0x2b, 0xac, 0x2b, 0x45, 0x87, 0x56, 0x6e),
349 LL(0x76, 0x76, 0xc5, 0x76, 0x97, 0xb3, 0xec, 0xe1),
350 LL(0x82, 0x82, 0x32, 0x82, 0x64, 0xb0, 0x19, 0xe6),
351 LL(0xd6, 0xd6, 0x7f, 0xd6, 0xfe, 0xa9, 0xb1, 0x28),
352 LL(0x1b, 0x1b, 0x6c, 0x1b, 0xd8, 0x77, 0x36, 0xc3),
353 LL(0xb5, 0xb5, 0xee, 0xb5, 0xc1, 0x5b, 0x77, 0x74),
354 LL(0xaf, 0xaf, 0x86, 0xaf, 0x11, 0x29, 0x43, 0xbe),
355 LL(0x6a, 0x6a, 0xb5, 0x6a, 0x77, 0xdf, 0xd4, 0x1d),
356 LL(0x50, 0x50, 0x5d, 0x50, 0xba, 0x0d, 0xa0, 0xea),
357 LL(0x45, 0x45, 0x09, 0x45, 0x12, 0x4c, 0x8a, 0x57),
358 LL(0xf3, 0xf3, 0xeb, 0xf3, 0xcb, 0x18, 0xfb, 0x38),
359 LL(0x30, 0x30, 0xc0, 0x30, 0x9d, 0xf0, 0x60, 0xad),
360 LL(0xef, 0xef, 0x9b, 0xef, 0x2b, 0x74, 0xc3, 0xc4),
361 LL(0x3f, 0x3f, 0xfc, 0x3f, 0xe5, 0xc3, 0x7e, 0xda),
362 LL(0x55, 0x55, 0x49, 0x55, 0x92, 0x1c, 0xaa, 0xc7),
363 LL(0xa2, 0xa2, 0xb2, 0xa2, 0x79, 0x10, 0x59, 0xdb),
364 LL(0xea, 0xea, 0x8f, 0xea, 0x03, 0x65, 0xc9, 0xe9),
365 LL(0x65, 0x65, 0x89, 0x65, 0x0f, 0xec, 0xca, 0x6a),
366 LL(0xba, 0xba, 0xd2, 0xba, 0xb9, 0x68, 0x69, 0x03),
367 LL(0x2f, 0x2f, 0xbc, 0x2f, 0x65, 0x93, 0x5e, 0x4a),
368 LL(0xc0, 0xc0, 0x27, 0xc0, 0x4e, 0xe7, 0x9d, 0x8e),
369 LL(0xde, 0xde, 0x5f, 0xde, 0xbe, 0x81, 0xa1, 0x60),
370 LL(0x1c, 0x1c, 0x70, 0x1c, 0xe0, 0x6c, 0x38, 0xfc),
371 LL(0xfd, 0xfd, 0xd3, 0xfd, 0xbb, 0x2e, 0xe7, 0x46),
372 LL(0x4d, 0x4d, 0x29, 0x4d, 0x52, 0x64, 0x9a, 0x1f),
373 LL(0x92, 0x92, 0x72, 0x92, 0xe4, 0xe0, 0x39, 0x76),
374 LL(0x75, 0x75, 0xc9, 0x75, 0x8f, 0xbc, 0xea, 0xfa),
375 LL(0x06, 0x06, 0x18, 0x06, 0x30, 0x1e, 0x0c, 0x36),
376 LL(0x8a, 0x8a, 0x12, 0x8a, 0x24, 0x98, 0x09, 0xae),
377 LL(0xb2, 0xb2, 0xf2, 0xb2, 0xf9, 0x40, 0x79, 0x4b),
378 LL(0xe6, 0xe6, 0xbf, 0xe6, 0x63, 0x59, 0xd1, 0x85),
379 LL(0x0e, 0x0e, 0x38, 0x0e, 0x70, 0x36, 0x1c, 0x7e),
380 LL(0x1f, 0x1f, 0x7c, 0x1f, 0xf8, 0x63, 0x3e, 0xe7),
381 LL(0x62, 0x62, 0x95, 0x62, 0x37, 0xf7, 0xc4, 0x55),
382 LL(0xd4, 0xd4, 0x77, 0xd4, 0xee, 0xa3, 0xb5, 0x3a),
383 LL(0xa8, 0xa8, 0x9a, 0xa8, 0x29, 0x32, 0x4d, 0x81),
384 LL(0x96, 0x96, 0x62, 0x96, 0xc4, 0xf4, 0x31, 0x52),
385 LL(0xf9, 0xf9, 0xc3, 0xf9, 0x9b, 0x3a, 0xef, 0x62),
386 LL(0xc5, 0xc5, 0x33, 0xc5, 0x66, 0xf6, 0x97, 0xa3),
387 LL(0x25, 0x25, 0x94, 0x25, 0x35, 0xb1, 0x4a, 0x10),
388 LL(0x59, 0x59, 0x79, 0x59, 0xf2, 0x20, 0xb2, 0xab),
389 LL(0x84, 0x84, 0x2a, 0x84, 0x54, 0xae, 0x15, 0xd0),
390 LL(0x72, 0x72, 0xd5, 0x72, 0xb7, 0xa7, 0xe4, 0xc5),
391 LL(0x39, 0x39, 0xe4, 0x39, 0xd5, 0xdd, 0x72, 0xec),
392 LL(0x4c, 0x4c, 0x2d, 0x4c, 0x5a, 0x61, 0x98, 0x16),
393 LL(0x5e, 0x5e, 0x65, 0x5e, 0xca, 0x3b, 0xbc, 0x94),
394 LL(0x78, 0x78, 0xfd, 0x78, 0xe7, 0x85, 0xf0, 0x9f),
395 LL(0x38, 0x38, 0xe0, 0x38, 0xdd, 0xd8, 0x70, 0xe5),
396 LL(0x8c, 0x8c, 0x0a, 0x8c, 0x14, 0x86, 0x05, 0x98),
397 LL(0xd1, 0xd1, 0x63, 0xd1, 0xc6, 0xb2, 0xbf, 0x17),
398 LL(0xa5, 0xa5, 0xae, 0xa5, 0x41, 0x0b, 0x57, 0xe4),
399 LL(0xe2, 0xe2, 0xaf, 0xe2, 0x43, 0x4d, 0xd9, 0xa1),
400 LL(0x61, 0x61, 0x99, 0x61, 0x2f, 0xf8, 0xc2, 0x4e),
401 LL(0xb3, 0xb3, 0xf6, 0xb3, 0xf1, 0x45, 0x7b, 0x42),
402 LL(0x21, 0x21, 0x84, 0x21, 0x15, 0xa5, 0x42, 0x34),
403 LL(0x9c, 0x9c, 0x4a, 0x9c, 0x94, 0xd6, 0x25, 0x08),
404 LL(0x1e, 0x1e, 0x78, 0x1e, 0xf0, 0x66, 0x3c, 0xee),
405 LL(0x43, 0x43, 0x11, 0x43, 0x22, 0x52, 0x86, 0x61),
406 LL(0xc7, 0xc7, 0x3b, 0xc7, 0x76, 0xfc, 0x93, 0xb1),
407 LL(0xfc, 0xfc, 0xd7, 0xfc, 0xb3, 0x2b, 0xe5, 0x4f),
408 LL(0x04, 0x04, 0x10, 0x04, 0x20, 0x14, 0x08, 0x24),
409 LL(0x51, 0x51, 0x59, 0x51, 0xb2, 0x08, 0xa2, 0xe3),
410 LL(0x99, 0x99, 0x5e, 0x99, 0xbc, 0xc7, 0x2f, 0x25),
411 LL(0x6d, 0x6d, 0xa9, 0x6d, 0x4f, 0xc4, 0xda, 0x22),
412 LL(0x0d, 0x0d, 0x34, 0x0d, 0x68, 0x39, 0x1a, 0x65),
413 LL(0xfa, 0xfa, 0xcf, 0xfa, 0x83, 0x35, 0xe9, 0x79),
414 LL(0xdf, 0xdf, 0x5b, 0xdf, 0xb6, 0x84, 0xa3, 0x69),
415 LL(0x7e, 0x7e, 0xe5, 0x7e, 0xd7, 0x9b, 0xfc, 0xa9),
416 LL(0x24, 0x24, 0x90, 0x24, 0x3d, 0xb4, 0x48, 0x19),
417 LL(0x3b, 0x3b, 0xec, 0x3b, 0xc5, 0xd7, 0x76, 0xfe),
418 LL(0xab, 0xab, 0x96, 0xab, 0x31, 0x3d, 0x4b, 0x9a),
419 LL(0xce, 0xce, 0x1f, 0xce, 0x3e, 0xd1, 0x81, 0xf0),
420 LL(0x11, 0x11, 0x44, 0x11, 0x88, 0x55, 0x22, 0x99),
421 LL(0x8f, 0x8f, 0x06, 0x8f, 0x0c, 0x89, 0x03, 0x83),
422 LL(0x4e, 0x4e, 0x25, 0x4e, 0x4a, 0x6b, 0x9c, 0x04),
423 LL(0xb7, 0xb7, 0xe6, 0xb7, 0xd1, 0x51, 0x73, 0x66),
424 LL(0xeb, 0xeb, 0x8b, 0xeb, 0x0b, 0x60, 0xcb, 0xe0),
425 LL(0x3c, 0x3c, 0xf0, 0x3c, 0xfd, 0xcc, 0x78, 0xc1),
426 LL(0x81, 0x81, 0x3e, 0x81, 0x7c, 0xbf, 0x1f, 0xfd),
427 LL(0x94, 0x94, 0x6a, 0x94, 0xd4, 0xfe, 0x35, 0x40),
428 LL(0xf7, 0xf7, 0xfb, 0xf7, 0xeb, 0x0c, 0xf3, 0x1c),
429 LL(0xb9, 0xb9, 0xde, 0xb9, 0xa1, 0x67, 0x6f, 0x18),
430 LL(0x13, 0x13, 0x4c, 0x13, 0x98, 0x5f, 0x26, 0x8b),
431 LL(0x2c, 0x2c, 0xb0, 0x2c, 0x7d, 0x9c, 0x58, 0x51),
432 LL(0xd3, 0xd3, 0x6b, 0xd3, 0xd6, 0xb8, 0xbb, 0x05),
433 LL(0xe7, 0xe7, 0xbb, 0xe7, 0x6b, 0x5c, 0xd3, 0x8c),
434 LL(0x6e, 0x6e, 0xa5, 0x6e, 0x57, 0xcb, 0xdc, 0x39),
435 LL(0xc4, 0xc4, 0x37, 0xc4, 0x6e, 0xf3, 0x95, 0xaa),
436 LL(0x03, 0x03, 0x0c, 0x03, 0x18, 0x0f, 0x06, 0x1b),
437 LL(0x56, 0x56, 0x45, 0x56, 0x8a, 0x13, 0xac, 0xdc),
438 LL(0x44, 0x44, 0x0d, 0x44, 0x1a, 0x49, 0x88, 0x5e),
439 LL(0x7f, 0x7f, 0xe1, 0x7f, 0xdf, 0x9e, 0xfe, 0xa0),
440 LL(0xa9, 0xa9, 0x9e, 0xa9, 0x21, 0x37, 0x4f, 0x88),
441 LL(0x2a, 0x2a, 0xa8, 0x2a, 0x4d, 0x82, 0x54, 0x67),
442 LL(0xbb, 0xbb, 0xd6, 0xbb, 0xb1, 0x6d, 0x6b, 0x0a),
443 LL(0xc1, 0xc1, 0x23, 0xc1, 0x46, 0xe2, 0x9f, 0x87),
444 LL(0x53, 0x53, 0x51, 0x53, 0xa2, 0x02, 0xa6, 0xf1),
445 LL(0xdc, 0xdc, 0x57, 0xdc, 0xae, 0x8b, 0xa5, 0x72),
446 LL(0x0b, 0x0b, 0x2c, 0x0b, 0x58, 0x27, 0x16, 0x53),
447 LL(0x9d, 0x9d, 0x4e, 0x9d, 0x9c, 0xd3, 0x27, 0x01),
448 LL(0x6c, 0x6c, 0xad, 0x6c, 0x47, 0xc1, 0xd8, 0x2b),
449 LL(0x31, 0x31, 0xc4, 0x31, 0x95, 0xf5, 0x62, 0xa4),
450 LL(0x74, 0x74, 0xcd, 0x74, 0x87, 0xb9, 0xe8, 0xf3),
451 LL(0xf6, 0xf6, 0xff, 0xf6, 0xe3, 0x09, 0xf1, 0x15),
452 LL(0x46, 0x46, 0x05, 0x46, 0x0a, 0x43, 0x8c, 0x4c),
453 LL(0xac, 0xac, 0x8a, 0xac, 0x09, 0x26, 0x45, 0xa5),
454 LL(0x89, 0x89, 0x1e, 0x89, 0x3c, 0x97, 0x0f, 0xb5),
455 LL(0x14, 0x14, 0x50, 0x14, 0xa0, 0x44, 0x28, 0xb4),
456 LL(0xe1, 0xe1, 0xa3, 0xe1, 0x5b, 0x42, 0xdf, 0xba),
457 LL(0x16, 0x16, 0x58, 0x16, 0xb0, 0x4e, 0x2c, 0xa6),
458 LL(0x3a, 0x3a, 0xe8, 0x3a, 0xcd, 0xd2, 0x74, 0xf7),
459 LL(0x69, 0x69, 0xb9, 0x69, 0x6f, 0xd0, 0xd2, 0x06),
460 LL(0x09, 0x09, 0x24, 0x09, 0x48, 0x2d, 0x12, 0x41),
461 LL(0x70, 0x70, 0xdd, 0x70, 0xa7, 0xad, 0xe0, 0xd7),
462 LL(0xb6, 0xb6, 0xe2, 0xb6, 0xd9, 0x54, 0x71, 0x6f),
463 LL(0xd0, 0xd0, 0x67, 0xd0, 0xce, 0xb7, 0xbd, 0x1e),
464 LL(0xed, 0xed, 0x93, 0xed, 0x3b, 0x7e, 0xc7, 0xd6),
465 LL(0xcc, 0xcc, 0x17, 0xcc, 0x2e, 0xdb, 0x85, 0xe2),
466 LL(0x42, 0x42, 0x15, 0x42, 0x2a, 0x57, 0x84, 0x68),
467 LL(0x98, 0x98, 0x5a, 0x98, 0xb4, 0xc2, 0x2d, 0x2c),
468 LL(0xa4, 0xa4, 0xaa, 0xa4, 0x49, 0x0e, 0x55, 0xed),
469 LL(0x28, 0x28, 0xa0, 0x28, 0x5d, 0x88, 0x50, 0x75),
470 LL(0x5c, 0x5c, 0x6d, 0x5c, 0xda, 0x31, 0xb8, 0x86),
471 LL(0xf8, 0xf8, 0xc7, 0xf8, 0x93, 0x3f, 0xed, 0x6b),
472 LL(0x86, 0x86, 0x22, 0x86, 0x44, 0xa4, 0x11, 0xc2),
473#define RC (&(Cx.q[256*N]))
474 0x18, 0x23, 0xc6, 0xe8, 0x87, 0xb8, 0x01, 0x4f,
475 /* rc[ROUNDS] */
476 0x36, 0xa6, 0xd2, 0xf5, 0x79, 0x6f, 0x91, 0x52, 0x60, 0xbc, 0x9b,
477 0x8e, 0xa3, 0x0c, 0x7b, 0x35, 0x1d, 0xe0, 0xd7, 0xc2, 0x2e, 0x4b,
478 0xfe, 0x57, 0x15, 0x77, 0x37, 0xe5, 0x9f, 0xf0, 0x4a, 0xda, 0x58,
479 0xc9, 0x29, 0x0a, 0xb1, 0xa0, 0x6b, 0x85, 0xbd, 0x5d, 0x10, 0xf4,
480 0xcb, 0x3e, 0x05, 0x67, 0xe4, 0x27, 0x41, 0x8b, 0xa7, 0x7d, 0x95,
481 0xd8, 0xfb, 0xee, 0x7c, 0x66, 0xdd, 0x17, 0x47, 0x9e, 0xca, 0x2d,
482 0xbf, 0x07, 0xad, 0x5a, 0x83, 0x33
483 }
484 };
485
486void whirlpool_block(WHIRLPOOL_CTX *ctx, const void *inp, size_t n)
487{
488 int r;
489 const u8 *p = inp;
490 union {
491 u64 q[8];
492 u8 c[64];
493 } S, K, *H = (void *)ctx->H.q;
494
495#ifdef GO_FOR_MMX
496 GO_FOR_MMX(ctx, inp, n);
497#endif
498 do {
499#ifdef OPENSSL_SMALL_FOOTPRINT
500 u64 L[8];
501 int i;
502
503 for (i = 0; i < 64; i++)
504 S.c[i] = (K.c[i] = H->c[i]) ^ p[i];
505 for (r = 0; r < ROUNDS; r++) {
506 for (i = 0; i < 8; i++) {
507 L[i] = i ? 0 : RC[r];
508 L[i] ^= C0(K, i) ^ C1(K, (i - 1) & 7) ^
509 C2(K, (i - 2) & 7) ^ C3(K, (i - 3) & 7) ^
510 C4(K, (i - 4) & 7) ^ C5(K, (i - 5) & 7) ^
511 C6(K, (i - 6) & 7) ^ C7(K, (i - 7) & 7);
512 }
513 memcpy(K.q, L, 64);
514 for (i = 0; i < 8; i++) {
515 L[i] ^= C0(S, i) ^ C1(S, (i - 1) & 7) ^
516 C2(S, (i - 2) & 7) ^ C3(S, (i - 3) & 7) ^
517 C4(S, (i - 4) & 7) ^ C5(S, (i - 5) & 7) ^
518 C6(S, (i - 6) & 7) ^ C7(S, (i - 7) & 7);
519 }
520 memcpy(S.q, L, 64);
521 }
522 for (i = 0; i < 64; i++)
523 H->c[i] ^= S.c[i] ^ p[i];
524#else
525 u64 L0, L1, L2, L3, L4, L5, L6, L7;
526
527# ifdef STRICT_ALIGNMENT
528 if ((size_t)p & 7) {
529 memcpy(S.c, p, 64);
530 S.q[0] ^= (K.q[0] = H->q[0]);
531 S.q[1] ^= (K.q[1] = H->q[1]);
532 S.q[2] ^= (K.q[2] = H->q[2]);
533 S.q[3] ^= (K.q[3] = H->q[3]);
534 S.q[4] ^= (K.q[4] = H->q[4]);
535 S.q[5] ^= (K.q[5] = H->q[5]);
536 S.q[6] ^= (K.q[6] = H->q[6]);
537 S.q[7] ^= (K.q[7] = H->q[7]);
538 } else
539# endif
540 {
541 const u64 *pa = (const u64 *)p;
542 S.q[0] = (K.q[0] = H->q[0]) ^ pa[0];
543 S.q[1] = (K.q[1] = H->q[1]) ^ pa[1];
544 S.q[2] = (K.q[2] = H->q[2]) ^ pa[2];
545 S.q[3] = (K.q[3] = H->q[3]) ^ pa[3];
546 S.q[4] = (K.q[4] = H->q[4]) ^ pa[4];
547 S.q[5] = (K.q[5] = H->q[5]) ^ pa[5];
548 S.q[6] = (K.q[6] = H->q[6]) ^ pa[6];
549 S.q[7] = (K.q[7] = H->q[7]) ^ pa[7];
550 }
551
552 for (r = 0; r < ROUNDS; r++) {
553# ifdef SMALL_REGISTER_BANK
554 L0 = C0(K, 0) ^ C1(K, 7) ^ C2(K, 6) ^ C3(K, 5) ^
555 C4(K, 4) ^ C5(K, 3) ^ C6(K, 2) ^ C7(K, 1) ^ RC[r];
556 L1 = C0(K, 1) ^ C1(K, 0) ^ C2(K, 7) ^ C3(K, 6) ^
557 C4(K, 5) ^ C5(K, 4) ^ C6(K, 3) ^ C7(K, 2);
558 L2 = C0(K, 2) ^ C1(K, 1) ^ C2(K, 0) ^ C3(K, 7) ^
559 C4(K, 6) ^ C5(K, 5) ^ C6(K, 4) ^ C7(K, 3);
560 L3 = C0(K, 3) ^ C1(K, 2) ^ C2(K, 1) ^ C3(K, 0) ^
561 C4(K, 7) ^ C5(K, 6) ^ C6(K, 5) ^ C7(K, 4);
562 L4 = C0(K, 4) ^ C1(K, 3) ^ C2(K, 2) ^ C3(K, 1) ^
563 C4(K, 0) ^ C5(K, 7) ^ C6(K, 6) ^ C7(K, 5);
564 L5 = C0(K, 5) ^ C1(K, 4) ^ C2(K, 3) ^ C3(K, 2) ^
565 C4(K, 1) ^ C5(K, 0) ^ C6(K, 7) ^ C7(K, 6);
566 L6 = C0(K, 6) ^ C1(K, 5) ^ C2(K, 4) ^ C3(K, 3) ^
567 C4(K, 2) ^ C5(K, 1) ^ C6(K, 0) ^ C7(K, 7);
568 L7 = C0(K, 7) ^ C1(K, 6) ^ C2(K, 5) ^ C3(K, 4) ^
569 C4(K, 3) ^ C5(K, 2) ^ C6(K, 1) ^ C7(K, 0);
570
571 K.q[0] = L0;
572 K.q[1] = L1;
573 K.q[2] = L2;
574 K.q[3] = L3;
575 K.q[4] = L4;
576 K.q[5] = L5;
577 K.q[6] = L6;
578 K.q[7] = L7;
579
580 L0 ^= C0(S, 0) ^ C1(S, 7) ^ C2(S, 6) ^ C3(S, 5) ^
581 C4(S, 4) ^ C5(S, 3) ^ C6(S, 2) ^ C7(S, 1);
582 L1 ^= C0(S, 1) ^ C1(S, 0) ^ C2(S, 7) ^ C3(S, 6) ^
583 C4(S, 5) ^ C5(S, 4) ^ C6(S, 3) ^ C7(S, 2);
584 L2 ^= C0(S, 2) ^ C1(S, 1) ^ C2(S, 0) ^ C3(S, 7) ^
585 C4(S, 6) ^ C5(S, 5) ^ C6(S, 4) ^ C7(S, 3);
586 L3 ^= C0(S, 3) ^ C1(S, 2) ^ C2(S, 1) ^ C3(S, 0) ^
587 C4(S, 7) ^ C5(S, 6) ^ C6(S, 5) ^ C7(S, 4);
588 L4 ^= C0(S, 4) ^ C1(S, 3) ^ C2(S, 2) ^ C3(S, 1) ^
589 C4(S, 0) ^ C5(S, 7) ^ C6(S, 6) ^ C7(S, 5);
590 L5 ^= C0(S, 5) ^ C1(S, 4) ^ C2(S, 3) ^ C3(S, 2) ^
591 C4(S, 1) ^ C5(S, 0) ^ C6(S, 7) ^ C7(S, 6);
592 L6 ^= C0(S, 6) ^ C1(S, 5) ^ C2(S, 4) ^ C3(S, 3) ^
593 C4(S, 2) ^ C5(S, 1) ^ C6(S, 0) ^ C7(S, 7);
594 L7 ^= C0(S, 7) ^ C1(S, 6) ^ C2(S, 5) ^ C3(S, 4) ^
595 C4(S, 3) ^ C5(S, 2) ^ C6(S, 1) ^ C7(S, 0);
596
597 S.q[0] = L0;
598 S.q[1] = L1;
599 S.q[2] = L2;
600 S.q[3] = L3;
601 S.q[4] = L4;
602 S.q[5] = L5;
603 S.q[6] = L6;
604 S.q[7] = L7;
605# else
606 L0 = C0(K, 0);
607 L1 = C1(K, 0);
608 L2 = C2(K, 0);
609 L3 = C3(K, 0);
610 L4 = C4(K, 0);
611 L5 = C5(K, 0);
612 L6 = C6(K, 0);
613 L7 = C7(K, 0);
614 L0 ^= RC[r];
615
616 L1 ^= C0(K, 1);
617 L2 ^= C1(K, 1);
618 L3 ^= C2(K, 1);
619 L4 ^= C3(K, 1);
620 L5 ^= C4(K, 1);
621 L6 ^= C5(K, 1);
622 L7 ^= C6(K, 1);
623 L0 ^= C7(K, 1);
624
625 L2 ^= C0(K, 2);
626 L3 ^= C1(K, 2);
627 L4 ^= C2(K, 2);
628 L5 ^= C3(K, 2);
629 L6 ^= C4(K, 2);
630 L7 ^= C5(K, 2);
631 L0 ^= C6(K, 2);
632 L1 ^= C7(K, 2);
633
634 L3 ^= C0(K, 3);
635 L4 ^= C1(K, 3);
636 L5 ^= C2(K, 3);
637 L6 ^= C3(K, 3);
638 L7 ^= C4(K, 3);
639 L0 ^= C5(K, 3);
640 L1 ^= C6(K, 3);
641 L2 ^= C7(K, 3);
642
643 L4 ^= C0(K, 4);
644 L5 ^= C1(K, 4);
645 L6 ^= C2(K, 4);
646 L7 ^= C3(K, 4);
647 L0 ^= C4(K, 4);
648 L1 ^= C5(K, 4);
649 L2 ^= C6(K, 4);
650 L3 ^= C7(K, 4);
651
652 L5 ^= C0(K, 5);
653 L6 ^= C1(K, 5);
654 L7 ^= C2(K, 5);
655 L0 ^= C3(K, 5);
656 L1 ^= C4(K, 5);
657 L2 ^= C5(K, 5);
658 L3 ^= C6(K, 5);
659 L4 ^= C7(K, 5);
660
661 L6 ^= C0(K, 6);
662 L7 ^= C1(K, 6);
663 L0 ^= C2(K, 6);
664 L1 ^= C3(K, 6);
665 L2 ^= C4(K, 6);
666 L3 ^= C5(K, 6);
667 L4 ^= C6(K, 6);
668 L5 ^= C7(K, 6);
669
670 L7 ^= C0(K, 7);
671 L0 ^= C1(K, 7);
672 L1 ^= C2(K, 7);
673 L2 ^= C3(K, 7);
674 L3 ^= C4(K, 7);
675 L4 ^= C5(K, 7);
676 L5 ^= C6(K, 7);
677 L6 ^= C7(K, 7);
678
679 K.q[0] = L0;
680 K.q[1] = L1;
681 K.q[2] = L2;
682 K.q[3] = L3;
683 K.q[4] = L4;
684 K.q[5] = L5;
685 K.q[6] = L6;
686 K.q[7] = L7;
687
688 L0 ^= C0(S, 0);
689 L1 ^= C1(S, 0);
690 L2 ^= C2(S, 0);
691 L3 ^= C3(S, 0);
692 L4 ^= C4(S, 0);
693 L5 ^= C5(S, 0);
694 L6 ^= C6(S, 0);
695 L7 ^= C7(S, 0);
696
697 L1 ^= C0(S, 1);
698 L2 ^= C1(S, 1);
699 L3 ^= C2(S, 1);
700 L4 ^= C3(S, 1);
701 L5 ^= C4(S, 1);
702 L6 ^= C5(S, 1);
703 L7 ^= C6(S, 1);
704 L0 ^= C7(S, 1);
705
706 L2 ^= C0(S, 2);
707 L3 ^= C1(S, 2);
708 L4 ^= C2(S, 2);
709 L5 ^= C3(S, 2);
710 L6 ^= C4(S, 2);
711 L7 ^= C5(S, 2);
712 L0 ^= C6(S, 2);
713 L1 ^= C7(S, 2);
714
715 L3 ^= C0(S, 3);
716 L4 ^= C1(S, 3);
717 L5 ^= C2(S, 3);
718 L6 ^= C3(S, 3);
719 L7 ^= C4(S, 3);
720 L0 ^= C5(S, 3);
721 L1 ^= C6(S, 3);
722 L2 ^= C7(S, 3);
723
724 L4 ^= C0(S, 4);
725 L5 ^= C1(S, 4);
726 L6 ^= C2(S, 4);
727 L7 ^= C3(S, 4);
728 L0 ^= C4(S, 4);
729 L1 ^= C5(S, 4);
730 L2 ^= C6(S, 4);
731 L3 ^= C7(S, 4);
732
733 L5 ^= C0(S, 5);
734 L6 ^= C1(S, 5);
735 L7 ^= C2(S, 5);
736 L0 ^= C3(S, 5);
737 L1 ^= C4(S, 5);
738 L2 ^= C5(S, 5);
739 L3 ^= C6(S, 5);
740 L4 ^= C7(S, 5);
741
742 L6 ^= C0(S, 6);
743 L7 ^= C1(S, 6);
744 L0 ^= C2(S, 6);
745 L1 ^= C3(S, 6);
746 L2 ^= C4(S, 6);
747 L3 ^= C5(S, 6);
748 L4 ^= C6(S, 6);
749 L5 ^= C7(S, 6);
750
751 L7 ^= C0(S, 7);
752 L0 ^= C1(S, 7);
753 L1 ^= C2(S, 7);
754 L2 ^= C3(S, 7);
755 L3 ^= C4(S, 7);
756 L4 ^= C5(S, 7);
757 L5 ^= C6(S, 7);
758 L6 ^= C7(S, 7);
759
760 S.q[0] = L0;
761 S.q[1] = L1;
762 S.q[2] = L2;
763 S.q[3] = L3;
764 S.q[4] = L4;
765 S.q[5] = L5;
766 S.q[6] = L6;
767 S.q[7] = L7;
768# endif
769 }
770
771# ifdef STRICT_ALIGNMENT
772 if ((size_t)p & 7) {
773 int i;
774 for (i = 0; i < 64; i++)
775 H->c[i] ^= S.c[i] ^ p[i];
776 } else
777# endif
778 {
779 const u64 *pa = (const u64 *)p;
780 H->q[0] ^= S.q[0] ^ pa[0];
781 H->q[1] ^= S.q[1] ^ pa[1];
782 H->q[2] ^= S.q[2] ^ pa[2];
783 H->q[3] ^= S.q[3] ^ pa[3];
784 H->q[4] ^= S.q[4] ^ pa[4];
785 H->q[5] ^= S.q[5] ^ pa[5];
786 H->q[6] ^= S.q[6] ^ pa[6];
787 H->q[7] ^= S.q[7] ^ pa[7];
788 }
789#endif
790 p += 64;
791 } while (--n);
792}
Note: See TracBrowser for help on using the repository browser.