LBRYFoundation/pool
1
0
Fork 0
mirror of https://github.com/LBRYFoundation/pool.git synced 2025-08-23 17:37:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

stratum: add support for m7m algo (XMG)

Browse source 
Signed-off-by: Tanguy Pruvot <tanguy.pruvot@gmail.com>
This commit is contained in:
Tanguy Pruvot 2015-10-05 23:38:32 +02:00
parent 0ae5069694
commit e34da61806
24 changed files with 5902 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
rc.local
View file

@ -41,4 +41,5 @@ screen -dmS skein2 $STRATUM_DIR/run.sh skein2
screen -dmS zr5 $STRATUM_DIR/run.sh zr5
screen -dmS sib $STRATUM_DIR/run.sh sib
#screen -dmS hive $STRATUM_DIR/run.sh hive
screen -dmS m7m $STRATUM_DIR/run.sh m7m

2
stratum/Makefile
View file

@ -16,7 +16,7 @@ CFLAGS += -DNO_EXCHANGE
#CFLAGS=-c -O2 -I /usr/include/mysql
LDFLAGS=-O2 `mysql_config --libs`
LDLIBS=iniparser/libiniparser.a algos/libalgos.a sha3/libhash.a -lpthread -lm -lstdc++
LDLIBS=iniparser/libiniparser.a algos/libalgos.a sha3/libhash.a -lpthread -lgmp -lm -lstdc++
LDLIBS+=-lmysqlclient
SOURCES=stratum.cpp db.cpp coind.cpp coind_aux.cpp coind_template.cpp coind_submit.cpp util.cpp list.cpp \

265
stratum/algos/m7m.c Normal file
View file

@ -0,0 +1,265 @@
#include <gmp.h>
#include <stdbool.h>
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#include <float.h>
#include <math.h>
#include "magimath.h"
#include "../sha3/sph_sha2.h"
#include "../sha3/sph_keccak.h"
#include "../sha3/sph_haval.h"
#include "../sha3/sph_tiger.h"
#include "../sha3/sph_whirlpool.h"
#include "../sha3/sph_ripemd.h"
static void mpz_set_uint256(mpz_t r, uint8_t *u)
{
mpz_import(r, 32 / sizeof(unsigned long), -1, sizeof(unsigned long), -1, 0, u);
}
static void mpz_set_uint512(mpz_t r, uint8_t *u)
{
mpz_import(r, 64 / sizeof(unsigned long), -1, sizeof(unsigned long), -1, 0, u);
}
static void set_one_if_zero(uint8_t *hash512)
{
int i;
for (i=0; i < 32; i++) {
if (hash512[i] != 0) {
return;
}
}
hash512[0] = 1;
}
#define BITS_PER_DIGIT 3.32192809488736234787
#define EPS (DBL_EPSILON)
#define NM7M 5
#define SW_DIVS 5
#define M7_MIDSTATE_LEN 76
int m7m_hash(const char* input, char* output, uint32_t len)
{
uint32_t data[32] __attribute__((aligned(128)));
uint8_t bhash[7][64] __attribute__((aligned(32)));
uint32_t hash[8] __attribute__((aligned(32)));
uint32_t *data_p64 = data + (M7_MIDSTATE_LEN / sizeof(data[0]));
uint8_t *bdata = 0;
int i, j, rc = 0;
int bytes, nnNonce2;
mpz_t bns[8];
mpz_t product;
mpz_init(product);
for(i=0; i < 8; i++){
mpz_init(bns[i]);
}
memcpy(data, input, len /*80*/);
sph_sha256_context ctx_final_sha256;
sph_sha256_context ctx_sha256;
sph_sha512_context ctx_sha512;
sph_keccak512_context ctx_keccak;
sph_whirlpool_context ctx_whirlpool;
sph_haval256_5_context ctx_haval;
sph_tiger_context ctx_tiger;
sph_ripemd160_context ctx_ripemd;
sph_sha256_init(&ctx_sha256);
sph_sha256 (&ctx_sha256, data, M7_MIDSTATE_LEN);
sph_sha512_init(&ctx_sha512);
sph_sha512 (&ctx_sha512, data, M7_MIDSTATE_LEN);
sph_keccak512_init(&ctx_keccak);
sph_keccak512 (&ctx_keccak, data, M7_MIDSTATE_LEN);
sph_whirlpool_init(&ctx_whirlpool);
sph_whirlpool (&ctx_whirlpool, data, M7_MIDSTATE_LEN);
sph_haval256_5_init(&ctx_haval);
sph_haval256_5 (&ctx_haval, data, M7_MIDSTATE_LEN);
sph_tiger_init(&ctx_tiger);
sph_tiger (&ctx_tiger, data, M7_MIDSTATE_LEN);
sph_ripemd160_init(&ctx_ripemd);
sph_ripemd160 (&ctx_ripemd, data, M7_MIDSTATE_LEN);
nnNonce2 = (int)(data[19]/2);
memset(bhash, 0, 7 * 64);
sph_sha256 (&ctx_sha256, data_p64, 80 - M7_MIDSTATE_LEN);
sph_sha256_close(&ctx_sha256, (void*)(bhash[0]));
sph_sha512 (&ctx_sha512, data_p64, 80 - M7_MIDSTATE_LEN);
sph_sha512_close(&ctx_sha512, (void*)(bhash[1]));
sph_keccak512 (&ctx_keccak, data_p64, 80 - M7_MIDSTATE_LEN);
sph_keccak512_close(&ctx_keccak, (void*)(bhash[2]));
sph_whirlpool (&ctx_whirlpool, data_p64, 80 - M7_MIDSTATE_LEN);
sph_whirlpool_close(&ctx_whirlpool, (void*)(bhash[3]));
sph_haval256_5 (&ctx_haval, data_p64, 80 - M7_MIDSTATE_LEN);
sph_haval256_5_close(&ctx_haval, (void*)(bhash[4]));
sph_tiger (&ctx_tiger, data_p64, 80 - M7_MIDSTATE_LEN);
sph_tiger_close(&ctx_tiger, (void*)(bhash[5]));
sph_ripemd160 (&ctx_ripemd, data_p64, 80 - M7_MIDSTATE_LEN);
sph_ripemd160_close(&ctx_ripemd, (void*)(bhash[6]));
for(i=0; i < 7; i++) {
set_one_if_zero(bhash[i]);
mpz_set_uint512(bns[i], bhash[i]);
}
mpz_set_ui(bns[7],0);
for(i=0; i < 7; i++){
mpz_add(bns[7], bns[7], bns[i]);
}
mpz_set_ui(product, 1);
for(i=0; i < 8; i++){
mpz_mul(product, product, bns[i]);
}
mpz_pow_ui(product, product, 2);
bytes = mpz_sizeinbase(product, 256);
bdata = (uint8_t*) realloc(bdata, bytes);
mpz_export((void *)bdata, NULL, -1, 1, 0, 0, product);
sph_sha256_init(&ctx_final_sha256);
sph_sha256 (&ctx_final_sha256, bdata, bytes);
sph_sha256_close(&ctx_final_sha256, (void*)(hash));
int digits=(int)((sqrt((double)(nnNonce2))*(1.+EPS))/9000+75);
int iterations=20;
mpf_set_default_prec((long int)(digits*BITS_PER_DIGIT+16));
mpz_t magipi;
mpz_t magisw;
mpf_t magifpi;
mpf_t mpa1, mpb1, mpt1, mpp1;
mpf_t mpa2, mpb2, mpt2, mpp2;
mpf_t mpsft;
mpz_init(magipi);
mpz_init(magisw);
mpf_init(magifpi);
mpf_init(mpsft);
mpf_init(mpa1);
mpf_init(mpb1);
mpf_init(mpt1);
mpf_init(mpp1);
mpf_init(mpa2);
mpf_init(mpb2);
mpf_init(mpt2);
mpf_init(mpp2);
uint32_t usw_ = sw_(nnNonce2, SW_DIVS);
if (usw_ < 1) usw_ = 1;
mpz_set_ui(magisw, usw_);
uint32_t mpzscale = mpz_size(magisw);
for(i=0; i < NM7M; i++)
{
if (mpzscale > 1000) mpzscale = 1000;
else if (mpzscale < 1) mpzscale = 1;
mpf_set_ui(mpa1, 1);
mpf_set_ui(mpb1, 2);
mpf_set_d(mpt1, 0.25*mpzscale);
mpf_set_ui(mpp1, 1);
mpf_sqrt(mpb1, mpb1);
mpf_ui_div(mpb1, 1, mpb1);
mpf_set_ui(mpsft, 10);
for(j=0; j <= iterations; j++)
{
mpf_add(mpa2, mpa1, mpb1);
mpf_div_ui(mpa2, mpa2, 2);
mpf_mul(mpb2, mpa1, mpb1);
mpf_abs(mpb2, mpb2);
mpf_sqrt(mpb2, mpb2);
mpf_sub(mpt2, mpa1, mpa2);
mpf_abs(mpt2, mpt2);
mpf_sqrt(mpt2, mpt2);
mpf_mul(mpt2, mpt2, mpp1);
mpf_sub(mpt2, mpt1, mpt2);
mpf_mul_ui(mpp2, mpp1, 2);
mpf_swap(mpa1, mpa2);
mpf_swap(mpb1, mpb2);
mpf_swap(mpt1, mpt2);
mpf_swap(mpp1, mpp2);
}
mpf_add(magifpi, mpa1, mpb1);
mpf_pow_ui(magifpi, magifpi, 2);
mpf_div_ui(magifpi, magifpi, 4);
mpf_abs(mpt1, mpt1);
mpf_div(magifpi, magifpi, mpt1);
mpf_pow_ui(mpsft, mpsft, digits/2);
mpf_mul(magifpi, magifpi, mpsft);
mpz_set_f(magipi, magifpi);
mpz_add(product,product,magipi);
mpz_add(product,product,magisw);
mpz_set_uint256(bns[0], (void*)(hash));
mpz_add(bns[7], bns[7], bns[0]);
mpz_mul(product, product, bns[7]);
mpz_cdiv_q(product, product, bns[0]);
if (mpz_sgn(product) <= 0) mpz_set_ui(product,1);
bytes = mpz_sizeinbase(product, 256);
mpzscale = bytes;
bdata = (uint8_t *)realloc(bdata, bytes);
mpz_export(bdata, NULL, -1, 1, 0, 0, product);
sph_sha256_init(&ctx_final_sha256);
sph_sha256 (&ctx_final_sha256, bdata, bytes);
sph_sha256_close(&ctx_final_sha256, (void*)(hash));
}
mpz_clear(magipi);
mpz_clear(magisw);
mpf_clear(magifpi);
mpf_clear(mpsft);
mpf_clear(mpa1);
mpf_clear(mpb1);
mpf_clear(mpt1);
mpf_clear(mpp1);
mpf_clear(mpa2);
mpf_clear(mpb2);
mpf_clear(mpt2);
mpf_clear(mpp2);
for(i=0; i < 8; i++) {
mpz_clear(bns[i]);
}
mpz_clear(product);
free(bdata);
memcpy(output, (void*) hash, 32);
}

16
stratum/algos/m7m.h Normal file
View file

@ -0,0 +1,16 @@
#ifndef M7M_H
#define M7M_H
#ifdef __cplusplus
extern "C" {
#endif
#include <stdint.h>
void m7m_hash(const char* input, char* output, uint32_t size);
#ifdef __cplusplus
}
#endif
#endif

76
stratum/algos/magimath.cpp Normal file
View file

@ -0,0 +1,76 @@
// Copyright (c) 2014 The Magi developers
// Distributed under the MIT/X11 software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
#include <iostream>
#include <cfloat>
#include <limits>
#include <math.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include "magimath.h"
#define EPS1 (std::numeric_limits<double>::epsilon())
#define EPS2 3.0e-11
static void gauleg(double x1, double x2, double x[], double w[], const int n)
{
int m, i, j;
double z1, z, xm, xl, pp, p3, p2, p1;
m = (n+1)/2;
xm = 0.5*(x2+x1);
xl = 0.5*(x2-x1);
for (i=1; i <= m; i++)
{
z = cos(3.141592654 * (i-0.25)/(n+0.5));
do {
p1 = 1.0;
p2 = 0.0;
for (j=1; j <= n; j++) {
p3 = p2;
p2 = p1;
p1 = ((2.0*j-1.0)*z*p2-(j-1.0)*p3)/j;
}
pp = n * (z*p1 - p2) / (z*z - 1.0);
z1 = z;
z = z1 - p1/pp;
} while (fabs(z-z1) > EPS2);
x[i]=xm-xl*z;
x[n+1-i]=xm+xl*z;
w[i]=2.0*xl/((1.0-z*z)*pp*pp);
w[n+1-i]=w[i];
}
}
static double GaussianQuad_N(double func(const double), const double a2, const double b2, const int NptGQ)
{
int j;
double s = 0.0;
double x[NptGQ+1], w[NptGQ+1];
gauleg(a2, b2, x, w, NptGQ);
for (j=1; j <= NptGQ; j++) {
s += w[j] * func(x[j]);
}
return s;
}
static double swit_(double wvnmb)
{
return pow( (5.55243*(exp_n(-0.3*wvnmb/15.762) - exp_n(-0.6*wvnmb/15.762)))*wvnmb, 0.5)
/ 1034.66 * pow(sin(wvnmb/65.), 2.);
}
uint32_t sw_(int nnounce, const int divs)
{
double wmax = ((sqrt((double)(nnounce))*(1.+EPS1))/450 + 100);
return ((uint32_t)(GaussianQuad_N(swit_, 0., wmax, divs)*(1.+EPS1)*1.e6));
}

55
stratum/algos/magimath.h Normal file
View file

@ -0,0 +1,55 @@
// Copyright (c) 2014 The Magi developers
// Distributed under the MIT/X11 software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
#ifndef MAGI_MATH_H
#define MAGI_MATH_H
#include <math.h>
#ifdef __cplusplus
extern "C" {
#endif
uint32_t sw_(int nnounce, const int divs);
#ifdef __cplusplus
}
#endif
inline double exp_n(double xt)
{
double p1 = -700.0, p3 = -0.8e-8, p4 = 0.8e-8, p6 = 700.0;
if(xt < p1)
return 0;
else if(xt > p6)
return 1e200;
else if(xt > p3 && xt < p4)
return (1.0 + xt);
else
return exp(xt);
}
// 1 / (1 + exp(x1-x2))
inline double exp_n2(double x1, double x2)
{
double p1 = -700., p2 = -37., p3 = -0.8e-8, p4 = 0.8e-8, p5 = 37., p6 = 700.;
double xt = x1 - x2;
if (xt < p1+1.e-200)
return 1.;
else if (xt > p1 && xt < p2 + 1.e-200)
return ( 1. - exp(xt) );
else if (xt > p2 && xt < p3 + 1.e-200)
return ( 1. / (1. + exp(xt)) );
else if (xt > p3 && xt < p4)
return ( 1. / (2. + xt) );
else if (xt > p4 - 1.e-200 && xt < p5)
return ( exp(-xt) / (1. + exp(-xt)) );
else if (xt > p5 - 1.e-200 && xt < p6)
return ( exp(-xt) );
else //if (xt > p6 - 1.e-200)
return 0.;
}
#endif

7
stratum/algos/makefile
View file

@ -5,15 +5,16 @@ CC=gcc
#LDFLAGS=-g
CFLAGS=-c -O3 -I /usr/include/mysql -march=native
LDFLAGS=-O2
LDFLAGS=-O2 -lgmp
SOURCES=lyra2re.c lyra2v2.c Lyra2.c Sponge.c blake.c scrypt.c c11.c x11.c x13.c sha256.c keccak.c \
x14.c x15.c nist5.c fresh.c quark.c neoscrypt.c scryptn.c qubit.c skein.c groestl.c \
skein2.c zr5.c bmw.c luffa.c pentablake.c \
skein2.c zr5.c bmw.c luffa.c pentablake.c whirlpoolx.c \
m7m.c magimath.cpp \
hive.c pomelo.c \
sib.c gost.c
OBJECTS=$(SOURCES:.c=.o)
OBJECTS=$(SOURCES:.c=.o) $(SOURCES:.cpp=.o)
OUTPUT=libalgos.a
all: $(SOURCES) $(OUTPUT)

8
stratum/algos/whirlpoolx.c
View file

@ -1,4 +1,3 @@
#include "x15.h"
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
@ -31,14 +30,13 @@ void whirlpoolx_hash(const char* input, char* output, uint32_t len)
sph_whirlpool(&ctx_whirlpool, input, len);
sph_whirlpool_close(&ctx_whirlpool, hash);
unsigned char hash_xored[sizeof(hash) / 2];
unsigned char hash_xored[sizeof(hash) / 2];
uint32_t i;
uint32_t i;
for (i = 0; i < (sizeof(hash) / 2); i++)
{
hash_xored[i] = hash[i] ^ hash[i + ((sizeof(hash) / 2) / 2)];
hash_xored[i] = hash[i] ^ hash[i + ((sizeof(hash) / 2) / 2)];
}
memcpy(output, hash_xored, 32);
}

19
stratum/client_submit.cpp
View file

@ -266,16 +266,17 @@ bool client_submit(YAAMP_CLIENT *client, json_value *json_params)
memset(&submitvalues, 0, sizeof(submitvalues));
build_submit_values(&submitvalues, templ, client->extranonce1, extranonce2, ntime, nonce);
// zr5 has data here, ignore it... reversed endian ?
if(submitvalues.hash_bin[30] || submitvalues.hash_bin[31]) {
if (g_current_algo && strcmp(g_current_algo->name, "zr5")) {
client_submit_error(client, job, 25, "Invalid share", extranonce2, ntime, nonce);
return true;
}
if (g_current_algo && !strcmp(g_current_algo->name, "zr5"))
fprintf(stderr, "Possible %s error, %02x%02x\n", g_current_algo->name,
(int) submitvalues.hash_bin[28], (int) submitvalues.hash_bin[29]);
// minimum hash diff begins with 0000, for all...
uint8_t pfx = submitvalues.hash_bin[30] | submitvalues.hash_bin[31];
if(pfx) {
#ifdef HASH_DEBUGLOG_
debuglog("Possible %s error, hash starts with %02x%02x%02x%02x\n", g_current_algo->name,
(int) submitvalues.hash_bin[31], (int) submitvalues.hash_bin[30],
(int) submitvalues.hash_bin[29], (int) submitvalues.hash_bin[28]);
#endif
client_submit_error(client, job, 25, "Invalid share", extranonce2, ntime, nonce);
return true;
}
uint64_t hash_int = get_hash_difficulty(submitvalues.hash_bin);

16
stratum/config.sample/m7m.conf Normal file
View file

@ -0,0 +1,16 @@
[TCP]
server = yaamp.com
port = 6033
password = tu8tu5
[SQL]
host = yaampdb
database = yaamp
username = root
password = patofpaq
[STRATUM]
algo = m7m
difficulty = 2
max_ttf = 4000

195
stratum/sha3/haval_helper.c Normal file
View file

@ -0,0 +1,195 @@
/* $Id: haval_helper.c 218 2010-06-08 17:06:34Z tp $ */
/*
* Helper code, included (three times !) by HAVAL implementation.
*
* TODO: try to merge this with md_helper.c.
*
* ==========================(LICENSE BEGIN)============================
*
* Copyright (c) 2007-2010 Projet RNRT SAPHIR
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*
* ===========================(LICENSE END)=============================
*
* @author Thomas Pornin <thomas.pornin@cryptolog.com>
*/
#undef SPH_XCAT
#define SPH_XCAT(a, b) SPH_XCAT_(a, b)
#undef SPH_XCAT_
#define SPH_XCAT_(a, b) a ## b
static void
#ifdef SPH_UPTR
SPH_XCAT(SPH_XCAT(haval, PASSES), _short)
#else
SPH_XCAT(haval, PASSES)
#endif
(sph_haval_context *sc, const void *data, size_t len)
{
unsigned current;
#if SPH_64
current = (unsigned)sc->count & 127U;
#else
current = (unsigned)sc->count_low & 127U;
#endif
while (len > 0) {
unsigned clen;
#if !SPH_64
sph_u32 clow, clow2;
#endif
clen = 128U - current;
if (clen > len)
clen = len;
memcpy(sc->buf + current, data, clen);
data = (const unsigned char *)data + clen;
current += clen;
len -= clen;
if (current == 128U) {
DSTATE;
IN_PREPARE(sc->buf);
RSTATE;
SPH_XCAT(CORE, PASSES)(INW);
WSTATE;
current = 0;
}
#if SPH_64
sc->count += clen;
#else
clow = sc->count_low;
clow2 = SPH_T32(clow + clen);
sc->count_low = clow2;
if (clow2 < clow)
sc->count_high ++;
#endif
}
}
#ifdef SPH_UPTR
static void
SPH_XCAT(haval, PASSES)(sph_haval_context *sc, const void *data, size_t len)
{
unsigned current;
size_t orig_len;
#if !SPH_64
sph_u32 clow, clow2;
#endif
DSTATE;
if (len < 256U) {
SPH_XCAT(SPH_XCAT(haval, PASSES), _short)(sc, data, len);
return;
}
#if SPH_64
current = (unsigned)sc->count & 127U;
#else
current = (unsigned)sc->count_low & 127U;
#endif
if (current > 0) {
unsigned clen;
clen = 128U - current;
SPH_XCAT(SPH_XCAT(haval, PASSES), _short)(sc, data, clen);
data = (const unsigned char *)data + clen;
len -= clen;
}
#if !SPH_UNALIGNED
if (((SPH_UPTR)data & 3U) != 0) {
SPH_XCAT(SPH_XCAT(haval, PASSES), _short)(sc, data, len);
return;
}
#endif
orig_len = len;
RSTATE;
while (len >= 128U) {
IN_PREPARE(data);
SPH_XCAT(CORE, PASSES)(INW);
data = (const unsigned char *)data + 128U;
len -= 128U;
}
WSTATE;
if (len > 0)
memcpy(sc->buf, data, len);
#if SPH_64
sc->count += (sph_u64)orig_len;
#else
clow = sc->count_low;
clow2 = SPH_T32(clow + orig_len);
sc->count_low = clow2;
if (clow2 < clow)
sc->count_high ++;
orig_len >>= 12;
orig_len >>= 10;
orig_len >>= 10;
sc->count_high += orig_len;
#endif
}
#endif
static void
SPH_XCAT(SPH_XCAT(haval, PASSES), _close)(sph_haval_context *sc,
unsigned ub, unsigned n, void *dst)
{
unsigned current;
DSTATE;
#if SPH_64
current = (unsigned)sc->count & 127U;
#else
current = (unsigned)sc->count_low & 127U;
#endif
sc->buf[current ++] = (0x01 << n) | ((ub & 0xFF) >> (8 - n));
RSTATE;
if (current > 118U) {
memset(sc->buf + current, 0, 128U - current);
do {
IN_PREPARE(sc->buf);
SPH_XCAT(CORE, PASSES)(INW);
} while (0);
current = 0;
}
memset(sc->buf + current, 0, 118U - current);
sc->buf[118] = 0x01 | (PASSES << 3);
sc->buf[119] = sc->olen << 3;
#if SPH_64
sph_enc64le_aligned(sc->buf + 120, SPH_T64(sc->count << 3));
#else
sph_enc32le_aligned(sc->buf + 120, SPH_T32(sc->count_low << 3));
sph_enc32le_aligned(sc->buf + 124,
SPH_T32((sc->count_high << 3) | (sc->count_low >> 29)));
#endif
do {
IN_PREPARE(sc->buf);
SPH_XCAT(CORE, PASSES)(INW);
} while (0);
WSTATE;
haval_out(sc, dst);
haval_init(sc, sc->olen, sc->passes);
}

3
stratum/sha3/makefile
View file

@ -8,7 +8,8 @@ CFLAGS=-c -O3 -I /usr/include/mysql -march=native
LDFLAGS=-O2
SOURCES=sph_jh.c sph_blake.c sph_bmw.c sph_groestl.c sph_skein.c sph_keccak.c sph_luffa.c sph_cubehash.c sph_shavite.c \
sph_simd.c sph_echo.c sph_fugue.c sph_hamsi.c sph_shabal.c sph_whirlpool.c
sph_simd.c sph_echo.c sph_fugue.c sph_hamsi.c sph_shabal.c sph_whirlpool.c \
sph_haval.c sph_ripemd.c sph_sha2.c sph_sha2big.c sph_tiger.c
OBJECTS=$(SOURCES:.c=.o)
OUTPUT=libhash.a

975
stratum/sha3/sph_haval.c Normal file
View file

@ -0,0 +1,975 @@
/* $Id: haval.c 227 2010-06-16 17:28:38Z tp $ */
/*
* HAVAL implementation.
*
* The HAVAL reference paper is of questionable clarity with regards to
* some details such as endianness of bits within a byte, bytes within
* a 32-bit word, or the actual ordering of words within a stream of
* words. This implementation has been made compatible with the reference
* implementation available on: http://labs.calyptix.com/haval.php
*
* ==========================(LICENSE BEGIN)============================
*
* Copyright (c) 2007-2010 Projet RNRT SAPHIR
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*
* ===========================(LICENSE END)=============================
*
* @author Thomas Pornin <thomas.pornin@cryptolog.com>
*/
#include <stddef.h>
#include <string.h>
#include "sph_haval.h"
#if SPH_SMALL_FOOTPRINT && !defined SPH_SMALL_FOOTPRINT_HAVAL
#define SPH_SMALL_FOOTPRINT_HAVAL 1
#endif
/*
* Basic definition from the reference paper.
*
#define F1(x6, x5, x4, x3, x2, x1, x0) \
(((x1) & (x4)) ^ ((x2) & (x5)) ^ ((x3) & (x6)) ^ ((x0) & (x1)) ^ (x0))
*
*/
#define F1(x6, x5, x4, x3, x2, x1, x0) \
(((x1) & ((x0) ^ (x4))) ^ ((x2) & (x5)) ^ ((x3) & (x6)) ^ (x0))
/*
* Basic definition from the reference paper.
*
#define F2(x6, x5, x4, x3, x2, x1, x0) \
(((x1) & (x2) & (x3)) ^ ((x2) & (x4) & (x5)) ^ ((x1) & (x2)) \
^ ((x1) & (x4)) ^ ((x2) & (x6)) ^ ((x3) & (x5)) \
^ ((x4) & (x5)) ^ ((x0) & (x2)) ^ (x0))
*
*/
#define F2(x6, x5, x4, x3, x2, x1, x0) \
(((x2) & (((x1) & ~(x3)) ^ ((x4) & (x5)) ^ (x6) ^ (x0))) \
^ ((x4) & ((x1) ^ (x5))) ^ ((x3 & (x5)) ^ (x0)))
/*
* Basic definition from the reference paper.
*
#define F3(x6, x5, x4, x3, x2, x1, x0) \
(((x1) & (x2) & (x3)) ^ ((x1) & (x4)) ^ ((x2) & (x5)) \
^ ((x3) & (x6)) ^ ((x0) & (x3)) ^ (x0))
*
*/
#define F3(x6, x5, x4, x3, x2, x1, x0) \
(((x3) & (((x1) & (x2)) ^ (x6) ^ (x0))) \
^ ((x1) & (x4)) ^ ((x2) & (x5)) ^ (x0))
/*
* Basic definition from the reference paper.
*
#define F4(x6, x5, x4, x3, x2, x1, x0) \
(((x1) & (x2) & (x3)) ^ ((x2) & (x4) & (x5)) ^ ((x3) & (x4) & (x6)) \
^ ((x1) & (x4)) ^ ((x2) & (x6)) ^ ((x3) & (x4)) ^ ((x3) & (x5)) \
^ ((x3) & (x6)) ^ ((x4) & (x5)) ^ ((x4) & (x6)) ^ ((x0) & (x4)) ^ (x0))
*
*/
#define F4(x6, x5, x4, x3, x2, x1, x0) \
(((x3) & (((x1) & (x2)) ^ ((x4) | (x6)) ^ (x5))) \
^ ((x4) & ((~(x2) & (x5)) ^ (x1) ^ (x6) ^ (x0))) \
^ ((x2) & (x6)) ^ (x0))
/*
* Basic definition from the reference paper.
*
#define F5(x6, x5, x4, x3, x2, x1, x0) \
(((x1) & (x4)) ^ ((x2) & (x5)) ^ ((x3) & (x6)) \
^ ((x0) & (x1) & (x2) & (x3)) ^ ((x0) & (x5)) ^ (x0))
*
*/
#define F5(x6, x5, x4, x3, x2, x1, x0) \
(((x0) & ~(((x1) & (x2) & (x3)) ^ (x5))) \
^ ((x1) & (x4)) ^ ((x2) & (x5)) ^ ((x3) & (x6)))
/*
* The macros below integrate the phi() permutations, depending on the
* pass and the total number of passes.
*/
#define FP3_1(x6, x5, x4, x3, x2, x1, x0) \
F1(x1, x0, x3, x5, x6, x2, x4)
#define FP3_2(x6, x5, x4, x3, x2, x1, x0) \
F2(x4, x2, x1, x0, x5, x3, x6)
#define FP3_3(x6, x5, x4, x3, x2, x1, x0) \
F3(x6, x1, x2, x3, x4, x5, x0)
#define FP4_1(x6, x5, x4, x3, x2, x1, x0) \
F1(x2, x6, x1, x4, x5, x3, x0)
#define FP4_2(x6, x5, x4, x3, x2, x1, x0) \
F2(x3, x5, x2, x0, x1, x6, x4)
#define FP4_3(x6, x5, x4, x3, x2, x1, x0) \
F3(x1, x4, x3, x6, x0, x2, x5)
#define FP4_4(x6, x5, x4, x3, x2, x1, x0) \
F4(x6, x4, x0, x5, x2, x1, x3)
#define FP5_1(x6, x5, x4, x3, x2, x1, x0) \
F1(x3, x4, x1, x0, x5, x2, x6)
#define FP5_2(x6, x5, x4, x3, x2, x1, x0) \
F2(x6, x2, x1, x0, x3, x4, x5)
#define FP5_3(x6, x5, x4, x3, x2, x1, x0) \
F3(x2, x6, x0, x4, x3, x1, x5)
#define FP5_4(x6, x5, x4, x3, x2, x1, x0) \
F4(x1, x5, x3, x2, x0, x4, x6)
#define FP5_5(x6, x5, x4, x3, x2, x1, x0) \
F5(x2, x5, x0, x6, x4, x3, x1)
/*
* One step, for "n" passes, pass number "p" (1 <= p <= n), using
* input word number "w" and step constant "c".
*/
#define STEP(n, p, x7, x6, x5, x4, x3, x2, x1, x0, w, c) do { \
sph_u32 t = FP ## n ## _ ## p(x6, x5, x4, x3, x2, x1, x0); \
(x7) = SPH_T32(SPH_ROTR32(t, 7) + SPH_ROTR32((x7), 11) \
+ (w) + (c)); \
} while (0)
/*
* PASSy(n, in) computes pass number "y", for a total of "n", using the
* one-argument macro "in" to access input words. Current state is assumed
* to be held in variables "s0" to "s7".
*/
#if SPH_SMALL_FOOTPRINT_HAVAL
#define PASS1(n, in) do { \
unsigned pass_count; \
for (pass_count = 0; pass_count < 32; pass_count += 8) { \
STEP(n, 1, s7, s6, s5, s4, s3, s2, s1, s0, \
in(pass_count + 0), SPH_C32(0x00000000)); \
STEP(n, 1, s6, s5, s4, s3, s2, s1, s0, s7, \
in(pass_count + 1), SPH_C32(0x00000000)); \
STEP(n, 1, s5, s4, s3, s2, s1, s0, s7, s6, \
in(pass_count + 2), SPH_C32(0x00000000)); \
STEP(n, 1, s4, s3, s2, s1, s0, s7, s6, s5, \
in(pass_count + 3), SPH_C32(0x00000000)); \
STEP(n, 1, s3, s2, s1, s0, s7, s6, s5, s4, \
in(pass_count + 4), SPH_C32(0x00000000)); \
STEP(n, 1, s2, s1, s0, s7, s6, s5, s4, s3, \
in(pass_count + 5), SPH_C32(0x00000000)); \
STEP(n, 1, s1, s0, s7, s6, s5, s4, s3, s2, \
in(pass_count + 6), SPH_C32(0x00000000)); \
STEP(n, 1, s0, s7, s6, s5, s4, s3, s2, s1, \
in(pass_count + 7), SPH_C32(0x00000000)); \
} \
} while (0)
#define PASSG(p, n, in) do { \
unsigned pass_count; \
for (pass_count = 0; pass_count < 32; pass_count += 8) { \
STEP(n, p, s7, s6, s5, s4, s3, s2, s1, s0, \
in(MP ## p[pass_count + 0]), \
RK ## p[pass_count + 0]); \
STEP(n, p, s6, s5, s4, s3, s2, s1, s0, s7, \
in(MP ## p[pass_count + 1]), \
RK ## p[pass_count + 1]); \
STEP(n, p, s5, s4, s3, s2, s1, s0, s7, s6, \
in(MP ## p[pass_count + 2]), \
RK ## p[pass_count + 2]); \
STEP(n, p, s4, s3, s2, s1, s0, s7, s6, s5, \
in(MP ## p[pass_count + 3]), \
RK ## p[pass_count + 3]); \
STEP(n, p, s3, s2, s1, s0, s7, s6, s5, s4, \
in(MP ## p[pass_count + 4]), \
RK ## p[pass_count + 4]); \
STEP(n, p, s2, s1, s0, s7, s6, s5, s4, s3, \
in(MP ## p[pass_count + 5]), \
RK ## p[pass_count + 5]); \
STEP(n, p, s1, s0, s7, s6, s5, s4, s3, s2, \
in(MP ## p[pass_count + 6]), \
RK ## p[pass_count + 6]); \
STEP(n, p, s0, s7, s6, s5, s4, s3, s2, s1, \
in(MP ## p[pass_count + 7]), \
RK ## p[pass_count + 7]); \
} \
} while (0)
#define PASS2(n, in) PASSG(2, n, in)
#define PASS3(n, in) PASSG(3, n, in)
#define PASS4(n, in) PASSG(4, n, in)
#define PASS5(n, in) PASSG(5, n, in)
static const unsigned MP2[32] = {
5, 14, 26, 18, 11, 28, 7, 16,
0, 23, 20, 22, 1, 10, 4, 8,
30, 3, 21, 9, 17, 24, 29, 6,
19, 12, 15, 13, 2, 25, 31, 27
};
static const unsigned MP3[32] = {
19, 9, 4, 20, 28, 17, 8, 22,
29, 14, 25, 12, 24, 30, 16, 26,
31, 15, 7, 3, 1, 0, 18, 27,
13, 6, 21, 10, 23, 11, 5, 2
};
static const unsigned MP4[32] = {
24, 4, 0, 14, 2, 7, 28, 23,
26, 6, 30, 20, 18, 25, 19, 3,
22, 11, 31, 21, 8, 27, 12, 9,
1, 29, 5, 15, 17, 10, 16, 13
};
static const unsigned MP5[32] = {
27, 3, 21, 26, 17, 11, 20, 29,
19, 0, 12, 7, 13, 8, 31, 10,
5, 9, 14, 30, 18, 6, 28, 24,
2, 23, 16, 22, 4, 1, 25, 15
};
static const sph_u32 RK2[32] = {
SPH_C32(0x452821E6), SPH_C32(0x38D01377),
SPH_C32(0xBE5466CF), SPH_C32(0x34E90C6C),
SPH_C32(0xC0AC29B7), SPH_C32(0xC97C50DD),
SPH_C32(0x3F84D5B5), SPH_C32(0xB5470917),
SPH_C32(0x9216D5D9), SPH_C32(0x8979FB1B),
SPH_C32(0xD1310BA6), SPH_C32(0x98DFB5AC),
SPH_C32(0x2FFD72DB), SPH_C32(0xD01ADFB7),
SPH_C32(0xB8E1AFED), SPH_C32(0x6A267E96),
SPH_C32(0xBA7C9045), SPH_C32(0xF12C7F99),
SPH_C32(0x24A19947), SPH_C32(0xB3916CF7),
SPH_C32(0x0801F2E2), SPH_C32(0x858EFC16),
SPH_C32(0x636920D8), SPH_C32(0x71574E69),
SPH_C32(0xA458FEA3), SPH_C32(0xF4933D7E),
SPH_C32(0x0D95748F), SPH_C32(0x728EB658),
SPH_C32(0x718BCD58), SPH_C32(0x82154AEE),
SPH_C32(0x7B54A41D), SPH_C32(0xC25A59B5)
};
static const sph_u32 RK3[32] = {
SPH_C32(0x9C30D539), SPH_C32(0x2AF26013),
SPH_C32(0xC5D1B023), SPH_C32(0x286085F0),
SPH_C32(0xCA417918), SPH_C32(0xB8DB38EF),
SPH_C32(0x8E79DCB0), SPH_C32(0x603A180E),
SPH_C32(0x6C9E0E8B), SPH_C32(0xB01E8A3E),
SPH_C32(0xD71577C1), SPH_C32(0xBD314B27),
SPH_C32(0x78AF2FDA), SPH_C32(0x55605C60),
SPH_C32(0xE65525F3), SPH_C32(0xAA55AB94),
SPH_C32(0x57489862), SPH_C32(0x63E81440),
SPH_C32(0x55CA396A), SPH_C32(0x2AAB10B6),
SPH_C32(0xB4CC5C34), SPH_C32(0x1141E8CE),
SPH_C32(0xA15486AF), SPH_C32(0x7C72E993),
SPH_C32(0xB3EE1411), SPH_C32(0x636FBC2A),
SPH_C32(0x2BA9C55D), SPH_C32(0x741831F6),
SPH_C32(0xCE5C3E16), SPH_C32(0x9B87931E),
SPH_C32(0xAFD6BA33), SPH_C32(0x6C24CF5C)
};
static const sph_u32 RK4[32] = {
SPH_C32(0x7A325381), SPH_C32(0x28958677),
SPH_C32(0x3B8F4898), SPH_C32(0x6B4BB9AF),
SPH_C32(0xC4BFE81B), SPH_C32(0x66282193),
SPH_C32(0x61D809CC), SPH_C32(0xFB21A991),
SPH_C32(0x487CAC60), SPH_C32(0x5DEC8032),
SPH_C32(0xEF845D5D), SPH_C32(0xE98575B1),
SPH_C32(0xDC262302), SPH_C32(0xEB651B88),
SPH_C32(0x23893E81), SPH_C32(0xD396ACC5),
SPH_C32(0x0F6D6FF3), SPH_C32(0x83F44239),
SPH_C32(0x2E0B4482), SPH_C32(0xA4842004),
SPH_C32(0x69C8F04A), SPH_C32(0x9E1F9B5E),
SPH_C32(0x21C66842), SPH_C32(0xF6E96C9A),
SPH_C32(0x670C9C61), SPH_C32(0xABD388F0),
SPH_C32(0x6A51A0D2), SPH_C32(0xD8542F68),
SPH_C32(0x960FA728), SPH_C32(0xAB5133A3),
SPH_C32(0x6EEF0B6C), SPH_C32(0x137A3BE4)
};
static const sph_u32 RK5[32] = {
SPH_C32(0xBA3BF050), SPH_C32(0x7EFB2A98),
SPH_C32(0xA1F1651D), SPH_C32(0x39AF0176),
SPH_C32(0x66CA593E), SPH_C32(0x82430E88),
SPH_C32(0x8CEE8619), SPH_C32(0x456F9FB4),
SPH_C32(0x7D84A5C3), SPH_C32(0x3B8B5EBE),
SPH_C32(0xE06F75D8), SPH_C32(0x85C12073),
SPH_C32(0x401A449F), SPH_C32(0x56C16AA6),
SPH_C32(0x4ED3AA62), SPH_C32(0x363F7706),
SPH_C32(0x1BFEDF72), SPH_C32(0x429B023D),
SPH_C32(0x37D0D724), SPH_C32(0xD00A1248),
SPH_C32(0xDB0FEAD3), SPH_C32(0x49F1C09B),
SPH_C32(0x075372C9), SPH_C32(0x80991B7B),
SPH_C32(0x25D479D8), SPH_C32(0xF6E8DEF7),
SPH_C32(0xE3FE501A), SPH_C32(0xB6794C3B),
SPH_C32(0x976CE0BD), SPH_C32(0x04C006BA),
SPH_C32(0xC1A94FB6), SPH_C32(0x409F60C4)
};
#else
#define PASS1(n, in) do { \
STEP(n, 1, s7, s6, s5, s4, s3, s2, s1, s0, in( 0), SPH_C32(0x00000000)); \
STEP(n, 1, s6, s5, s4, s3, s2, s1, s0, s7, in( 1), SPH_C32(0x00000000)); \
STEP(n, 1, s5, s4, s3, s2, s1, s0, s7, s6, in( 2), SPH_C32(0x00000000)); \
STEP(n, 1, s4, s3, s2, s1, s0, s7, s6, s5, in( 3), SPH_C32(0x00000000)); \
STEP(n, 1, s3, s2, s1, s0, s7, s6, s5, s4, in( 4), SPH_C32(0x00000000)); \
STEP(n, 1, s2, s1, s0, s7, s6, s5, s4, s3, in( 5), SPH_C32(0x00000000)); \
STEP(n, 1, s1, s0, s7, s6, s5, s4, s3, s2, in( 6), SPH_C32(0x00000000)); \
STEP(n, 1, s0, s7, s6, s5, s4, s3, s2, s1, in( 7), SPH_C32(0x00000000)); \
\
STEP(n, 1, s7, s6, s5, s4, s3, s2, s1, s0, in( 8), SPH_C32(0x00000000)); \
STEP(n, 1, s6, s5, s4, s3, s2, s1, s0, s7, in( 9), SPH_C32(0x00000000)); \
STEP(n, 1, s5, s4, s3, s2, s1, s0, s7, s6, in(10), SPH_C32(0x00000000)); \
STEP(n, 1, s4, s3, s2, s1, s0, s7, s6, s5, in(11), SPH_C32(0x00000000)); \
STEP(n, 1, s3, s2, s1, s0, s7, s6, s5, s4, in(12), SPH_C32(0x00000000)); \
STEP(n, 1, s2, s1, s0, s7, s6, s5, s4, s3, in(13), SPH_C32(0x00000000)); \
STEP(n, 1, s1, s0, s7, s6, s5, s4, s3, s2, in(14), SPH_C32(0x00000000)); \
STEP(n, 1, s0, s7, s6, s5, s4, s3, s2, s1, in(15), SPH_C32(0x00000000)); \
\
STEP(n, 1, s7, s6, s5, s4, s3, s2, s1, s0, in(16), SPH_C32(0x00000000)); \
STEP(n, 1, s6, s5, s4, s3, s2, s1, s0, s7, in(17), SPH_C32(0x00000000)); \
STEP(n, 1, s5, s4, s3, s2, s1, s0, s7, s6, in(18), SPH_C32(0x00000000)); \
STEP(n, 1, s4, s3, s2, s1, s0, s7, s6, s5, in(19), SPH_C32(0x00000000)); \
STEP(n, 1, s3, s2, s1, s0, s7, s6, s5, s4, in(20), SPH_C32(0x00000000)); \
STEP(n, 1, s2, s1, s0, s7, s6, s5, s4, s3, in(21), SPH_C32(0x00000000)); \
STEP(n, 1, s1, s0, s7, s6, s5, s4, s3, s2, in(22), SPH_C32(0x00000000)); \
STEP(n, 1, s0, s7, s6, s5, s4, s3, s2, s1, in(23), SPH_C32(0x00000000)); \
\
STEP(n, 1, s7, s6, s5, s4, s3, s2, s1, s0, in(24), SPH_C32(0x00000000)); \
STEP(n, 1, s6, s5, s4, s3, s2, s1, s0, s7, in(25), SPH_C32(0x00000000)); \
STEP(n, 1, s5, s4, s3, s2, s1, s0, s7, s6, in(26), SPH_C32(0x00000000)); \
STEP(n, 1, s4, s3, s2, s1, s0, s7, s6, s5, in(27), SPH_C32(0x00000000)); \
STEP(n, 1, s3, s2, s1, s0, s7, s6, s5, s4, in(28), SPH_C32(0x00000000)); \
STEP(n, 1, s2, s1, s0, s7, s6, s5, s4, s3, in(29), SPH_C32(0x00000000)); \
STEP(n, 1, s1, s0, s7, s6, s5, s4, s3, s2, in(30), SPH_C32(0x00000000)); \
STEP(n, 1, s0, s7, s6, s5, s4, s3, s2, s1, in(31), SPH_C32(0x00000000)); \
} while (0)
#define PASS2(n, in) do { \
STEP(n, 2, s7, s6, s5, s4, s3, s2, s1, s0, in( 5), SPH_C32(0x452821E6)); \
STEP(n, 2, s6, s5, s4, s3, s2, s1, s0, s7, in(14), SPH_C32(0x38D01377)); \
STEP(n, 2, s5, s4, s3, s2, s1, s0, s7, s6, in(26), SPH_C32(0xBE5466CF)); \
STEP(n, 2, s4, s3, s2, s1, s0, s7, s6, s5, in(18), SPH_C32(0x34E90C6C)); \
STEP(n, 2, s3, s2, s1, s0, s7, s6, s5, s4, in(11), SPH_C32(0xC0AC29B7)); \
STEP(n, 2, s2, s1, s0, s7, s6, s5, s4, s3, in(28), SPH_C32(0xC97C50DD)); \
STEP(n, 2, s1, s0, s7, s6, s5, s4, s3, s2, in( 7), SPH_C32(0x3F84D5B5)); \
STEP(n, 2, s0, s7, s6, s5, s4, s3, s2, s1, in(16), SPH_C32(0xB5470917)); \
\
STEP(n, 2, s7, s6, s5, s4, s3, s2, s1, s0, in( 0), SPH_C32(0x9216D5D9)); \
STEP(n, 2, s6, s5, s4, s3, s2, s1, s0, s7, in(23), SPH_C32(0x8979FB1B)); \
STEP(n, 2, s5, s4, s3, s2, s1, s0, s7, s6, in(20), SPH_C32(0xD1310BA6)); \
STEP(n, 2, s4, s3, s2, s1, s0, s7, s6, s5, in(22), SPH_C32(0x98DFB5AC)); \
STEP(n, 2, s3, s2, s1, s0, s7, s6, s5, s4, in( 1), SPH_C32(0x2FFD72DB)); \
STEP(n, 2, s2, s1, s0, s7, s6, s5, s4, s3, in(10), SPH_C32(0xD01ADFB7)); \
STEP(n, 2, s1, s0, s7, s6, s5, s4, s3, s2, in( 4), SPH_C32(0xB8E1AFED)); \
STEP(n, 2, s0, s7, s6, s5, s4, s3, s2, s1, in( 8), SPH_C32(0x6A267E96)); \
\
STEP(n, 2, s7, s6, s5, s4, s3, s2, s1, s0, in(30), SPH_C32(0xBA7C9045)); \
STEP(n, 2, s6, s5, s4, s3, s2, s1, s0, s7, in( 3), SPH_C32(0xF12C7F99)); \
STEP(n, 2, s5, s4, s3, s2, s1, s0, s7, s6, in(21), SPH_C32(0x24A19947)); \
STEP(n, 2, s4, s3, s2, s1, s0, s7, s6, s5, in( 9), SPH_C32(0xB3916CF7)); \
STEP(n, 2, s3, s2, s1, s0, s7, s6, s5, s4, in(17), SPH_C32(0x0801F2E2)); \
STEP(n, 2, s2, s1, s0, s7, s6, s5, s4, s3, in(24), SPH_C32(0x858EFC16)); \
STEP(n, 2, s1, s0, s7, s6, s5, s4, s3, s2, in(29), SPH_C32(0x636920D8)); \
STEP(n, 2, s0, s7, s6, s5, s4, s3, s2, s1, in( 6), SPH_C32(0x71574E69)); \
\
STEP(n, 2, s7, s6, s5, s4, s3, s2, s1, s0, in(19), SPH_C32(0xA458FEA3)); \
STEP(n, 2, s6, s5, s4, s3, s2, s1, s0, s7, in(12), SPH_C32(0xF4933D7E)); \
STEP(n, 2, s5, s4, s3, s2, s1, s0, s7, s6, in(15), SPH_C32(0x0D95748F)); \
STEP(n, 2, s4, s3, s2, s1, s0, s7, s6, s5, in(13), SPH_C32(0x728EB658)); \
STEP(n, 2, s3, s2, s1, s0, s7, s6, s5, s4, in( 2), SPH_C32(0x718BCD58)); \
STEP(n, 2, s2, s1, s0, s7, s6, s5, s4, s3, in(25), SPH_C32(0x82154AEE)); \
STEP(n, 2, s1, s0, s7, s6, s5, s4, s3, s2, in(31), SPH_C32(0x7B54A41D)); \
STEP(n, 2, s0, s7, s6, s5, s4, s3, s2, s1, in(27), SPH_C32(0xC25A59B5)); \
} while (0)
#define PASS3(n, in) do { \
STEP(n, 3, s7, s6, s5, s4, s3, s2, s1, s0, in(19), SPH_C32(0x9C30D539)); \
STEP(n, 3, s6, s5, s4, s3, s2, s1, s0, s7, in( 9), SPH_C32(0x2AF26013)); \
STEP(n, 3, s5, s4, s3, s2, s1, s0, s7, s6, in( 4), SPH_C32(0xC5D1B023)); \
STEP(n, 3, s4, s3, s2, s1, s0, s7, s6, s5, in(20), SPH_C32(0x286085F0)); \
STEP(n, 3, s3, s2, s1, s0, s7, s6, s5, s4, in(28), SPH_C32(0xCA417918)); \
STEP(n, 3, s2, s1, s0, s7, s6, s5, s4, s3, in(17), SPH_C32(0xB8DB38EF)); \
STEP(n, 3, s1, s0, s7, s6, s5, s4, s3, s2, in( 8), SPH_C32(0x8E79DCB0)); \
STEP(n, 3, s0, s7, s6, s5, s4, s3, s2, s1, in(22), SPH_C32(0x603A180E)); \
\
STEP(n, 3, s7, s6, s5, s4, s3, s2, s1, s0, in(29), SPH_C32(0x6C9E0E8B)); \
STEP(n, 3, s6, s5, s4, s3, s2, s1, s0, s7, in(14), SPH_C32(0xB01E8A3E)); \
STEP(n, 3, s5, s4, s3, s2, s1, s0, s7, s6, in(25), SPH_C32(0xD71577C1)); \
STEP(n, 3, s4, s3, s2, s1, s0, s7, s6, s5, in(12), SPH_C32(0xBD314B27)); \
STEP(n, 3, s3, s2, s1, s0, s7, s6, s5, s4, in(24), SPH_C32(0x78AF2FDA)); \
STEP(n, 3, s2, s1, s0, s7, s6, s5, s4, s3, in(30), SPH_C32(0x55605C60)); \
STEP(n, 3, s1, s0, s7, s6, s5, s4, s3, s2, in(16), SPH_C32(0xE65525F3)); \
STEP(n, 3, s0, s7, s6, s5, s4, s3, s2, s1, in(26), SPH_C32(0xAA55AB94)); \
\
STEP(n, 3, s7, s6, s5, s4, s3, s2, s1, s0, in(31), SPH_C32(0x57489862)); \
STEP(n, 3, s6, s5, s4, s3, s2, s1, s0, s7, in(15), SPH_C32(0x63E81440)); \
STEP(n, 3, s5, s4, s3, s2, s1, s0, s7, s6, in( 7), SPH_C32(0x55CA396A)); \
STEP(n, 3, s4, s3, s2, s1, s0, s7, s6, s5, in( 3), SPH_C32(0x2AAB10B6)); \
STEP(n, 3, s3, s2, s1, s0, s7, s6, s5, s4, in( 1), SPH_C32(0xB4CC5C34)); \
STEP(n, 3, s2, s1, s0, s7, s6, s5, s4, s3, in( 0), SPH_C32(0x1141E8CE)); \
STEP(n, 3, s1, s0, s7, s6, s5, s4, s3, s2, in(18), SPH_C32(0xA15486AF)); \
STEP(n, 3, s0, s7, s6, s5, s4, s3, s2, s1, in(27), SPH_C32(0x7C72E993)); \
\
STEP(n, 3, s7, s6, s5, s4, s3, s2, s1, s0, in(13), SPH_C32(0xB3EE1411)); \
STEP(n, 3, s6, s5, s4, s3, s2, s1, s0, s7, in( 6), SPH_C32(0x636FBC2A)); \
STEP(n, 3, s5, s4, s3, s2, s1, s0, s7, s6, in(21), SPH_C32(0x2BA9C55D)); \
STEP(n, 3, s4, s3, s2, s1, s0, s7, s6, s5, in(10), SPH_C32(0x741831F6)); \
STEP(n, 3, s3, s2, s1, s0, s7, s6, s5, s4, in(23), SPH_C32(0xCE5C3E16)); \
STEP(n, 3, s2, s1, s0, s7, s6, s5, s4, s3, in(11), SPH_C32(0x9B87931E)); \
STEP(n, 3, s1, s0, s7, s6, s5, s4, s3, s2, in( 5), SPH_C32(0xAFD6BA33)); \
STEP(n, 3, s0, s7, s6, s5, s4, s3, s2, s1, in( 2), SPH_C32(0x6C24CF5C)); \
} while (0)
#define PASS4(n, in) do { \
STEP(n, 4, s7, s6, s5, s4, s3, s2, s1, s0, in(24), SPH_C32(0x7A325381)); \
STEP(n, 4, s6, s5, s4, s3, s2, s1, s0, s7, in( 4), SPH_C32(0x28958677)); \
STEP(n, 4, s5, s4, s3, s2, s1, s0, s7, s6, in( 0), SPH_C32(0x3B8F4898)); \
STEP(n, 4, s4, s3, s2, s1, s0, s7, s6, s5, in(14), SPH_C32(0x6B4BB9AF)); \
STEP(n, 4, s3, s2, s1, s0, s7, s6, s5, s4, in( 2), SPH_C32(0xC4BFE81B)); \
STEP(n, 4, s2, s1, s0, s7, s6, s5, s4, s3, in( 7), SPH_C32(0x66282193)); \
STEP(n, 4, s1, s0, s7, s6, s5, s4, s3, s2, in(28), SPH_C32(0x61D809CC)); \
STEP(n, 4, s0, s7, s6, s5, s4, s3, s2, s1, in(23), SPH_C32(0xFB21A991)); \
\
STEP(n, 4, s7, s6, s5, s4, s3, s2, s1, s0, in(26), SPH_C32(0x487CAC60)); \
STEP(n, 4, s6, s5, s4, s3, s2, s1, s0, s7, in( 6), SPH_C32(0x5DEC8032)); \
STEP(n, 4, s5, s4, s3, s2, s1, s0, s7, s6, in(30), SPH_C32(0xEF845D5D)); \
STEP(n, 4, s4, s3, s2, s1, s0, s7, s6, s5, in(20), SPH_C32(0xE98575B1)); \
STEP(n, 4, s3, s2, s1, s0, s7, s6, s5, s4, in(18), SPH_C32(0xDC262302)); \
STEP(n, 4, s2, s1, s0, s7, s6, s5, s4, s3, in(25), SPH_C32(0xEB651B88)); \
STEP(n, 4, s1, s0, s7, s6, s5, s4, s3, s2, in(19), SPH_C32(0x23893E81)); \
STEP(n, 4, s0, s7, s6, s5, s4, s3, s2, s1, in( 3), SPH_C32(0xD396ACC5)); \
\
STEP(n, 4, s7, s6, s5, s4, s3, s2, s1, s0, in(22), SPH_C32(0x0F6D6FF3)); \
STEP(n, 4, s6, s5, s4, s3, s2, s1, s0, s7, in(11), SPH_C32(0x83F44239)); \
STEP(n, 4, s5, s4, s3, s2, s1, s0, s7, s6, in(31), SPH_C32(0x2E0B4482)); \
STEP(n, 4, s4, s3, s2, s1, s0, s7, s6, s5, in(21), SPH_C32(0xA4842004)); \
STEP(n, 4, s3, s2, s1, s0, s7, s6, s5, s4, in( 8), SPH_C32(0x69C8F04A)); \
STEP(n, 4, s2, s1, s0, s7, s6, s5, s4, s3, in(27), SPH_C32(0x9E1F9B5E)); \
STEP(n, 4, s1, s0, s7, s6, s5, s4, s3, s2, in(12), SPH_C32(0x21C66842)); \
STEP(n, 4, s0, s7, s6, s5, s4, s3, s2, s1, in( 9), SPH_C32(0xF6E96C9A)); \
\
STEP(n, 4, s7, s6, s5, s4, s3, s2, s1, s0, in( 1), SPH_C32(0x670C9C61)); \
STEP(n, 4, s6, s5, s4, s3, s2, s1, s0, s7, in(29), SPH_C32(0xABD388F0)); \
STEP(n, 4, s5, s4, s3, s2, s1, s0, s7, s6, in( 5), SPH_C32(0x6A51A0D2)); \
STEP(n, 4, s4, s3, s2, s1, s0, s7, s6, s5, in(15), SPH_C32(0xD8542F68)); \
STEP(n, 4, s3, s2, s1, s0, s7, s6, s5, s4, in(17), SPH_C32(0x960FA728)); \
STEP(n, 4, s2, s1, s0, s7, s6, s5, s4, s3, in(10), SPH_C32(0xAB5133A3)); \
STEP(n, 4, s1, s0, s7, s6, s5, s4, s3, s2, in(16), SPH_C32(0x6EEF0B6C)); \
STEP(n, 4, s0, s7, s6, s5, s4, s3, s2, s1, in(13), SPH_C32(0x137A3BE4)); \
} while (0)
#define PASS5(n, in) do { \
STEP(n, 5, s7, s6, s5, s4, s3, s2, s1, s0, in(27), SPH_C32(0xBA3BF050)); \
STEP(n, 5, s6, s5, s4, s3, s2, s1, s0, s7, in( 3), SPH_C32(0x7EFB2A98)); \
STEP(n, 5, s5, s4, s3, s2, s1, s0, s7, s6, in(21), SPH_C32(0xA1F1651D)); \
STEP(n, 5, s4, s3, s2, s1, s0, s7, s6, s5, in(26), SPH_C32(0x39AF0176)); \
STEP(n, 5, s3, s2, s1, s0, s7, s6, s5, s4, in(17), SPH_C32(0x66CA593E)); \
STEP(n, 5, s2, s1, s0, s7, s6, s5, s4, s3, in(11), SPH_C32(0x82430E88)); \
STEP(n, 5, s1, s0, s7, s6, s5, s4, s3, s2, in(20), SPH_C32(0x8CEE8619)); \
STEP(n, 5, s0, s7, s6, s5, s4, s3, s2, s1, in(29), SPH_C32(0x456F9FB4)); \
\
STEP(n, 5, s7, s6, s5, s4, s3, s2, s1, s0, in(19), SPH_C32(0x7D84A5C3)); \
STEP(n, 5, s6, s5, s4, s3, s2, s1, s0, s7, in( 0), SPH_C32(0x3B8B5EBE)); \
STEP(n, 5, s5, s4, s3, s2, s1, s0, s7, s6, in(12), SPH_C32(0xE06F75D8)); \
STEP(n, 5, s4, s3, s2, s1, s0, s7, s6, s5, in( 7), SPH_C32(0x85C12073)); \
STEP(n, 5, s3, s2, s1, s0, s7, s6, s5, s4, in(13), SPH_C32(0x401A449F)); \
STEP(n, 5, s2, s1, s0, s7, s6, s5, s4, s3, in( 8), SPH_C32(0x56C16AA6)); \
STEP(n, 5, s1, s0, s7, s6, s5, s4, s3, s2, in(31), SPH_C32(0x4ED3AA62)); \
STEP(n, 5, s0, s7, s6, s5, s4, s3, s2, s1, in(10), SPH_C32(0x363F7706)); \
\
STEP(n, 5, s7, s6, s5, s4, s3, s2, s1, s0, in( 5), SPH_C32(0x1BFEDF72)); \
STEP(n, 5, s6, s5, s4, s3, s2, s1, s0, s7, in( 9), SPH_C32(0x429B023D)); \
STEP(n, 5, s5, s4, s3, s2, s1, s0, s7, s6, in(14), SPH_C32(0x37D0D724)); \
STEP(n, 5, s4, s3, s2, s1, s0, s7, s6, s5, in(30), SPH_C32(0xD00A1248)); \
STEP(n, 5, s3, s2, s1, s0, s7, s6, s5, s4, in(18), SPH_C32(0xDB0FEAD3)); \
STEP(n, 5, s2, s1, s0, s7, s6, s5, s4, s3, in( 6), SPH_C32(0x49F1C09B)); \
STEP(n, 5, s1, s0, s7, s6, s5, s4, s3, s2, in(28), SPH_C32(0x075372C9)); \
STEP(n, 5, s0, s7, s6, s5, s4, s3, s2, s1, in(24), SPH_C32(0x80991B7B)); \
\
STEP(n, 5, s7, s6, s5, s4, s3, s2, s1, s0, in( 2), SPH_C32(0x25D479D8)); \
STEP(n, 5, s6, s5, s4, s3, s2, s1, s0, s7, in(23), SPH_C32(0xF6E8DEF7)); \
STEP(n, 5, s5, s4, s3, s2, s1, s0, s7, s6, in(16), SPH_C32(0xE3FE501A)); \
STEP(n, 5, s4, s3, s2, s1, s0, s7, s6, s5, in(22), SPH_C32(0xB6794C3B)); \
STEP(n, 5, s3, s2, s1, s0, s7, s6, s5, s4, in( 4), SPH_C32(0x976CE0BD)); \
STEP(n, 5, s2, s1, s0, s7, s6, s5, s4, s3, in( 1), SPH_C32(0x04C006BA)); \
STEP(n, 5, s1, s0, s7, s6, s5, s4, s3, s2, in(25), SPH_C32(0xC1A94FB6)); \
STEP(n, 5, s0, s7, s6, s5, s4, s3, s2, s1, in(15), SPH_C32(0x409F60C4)); \
} while (0)
#endif
#define SAVE_STATE \
sph_u32 u0, u1, u2, u3, u4, u5, u6, u7; \
do { \
u0 = s0; \
u1 = s1; \
u2 = s2; \
u3 = s3; \
u4 = s4; \
u5 = s5; \
u6 = s6; \
u7 = s7; \
} while (0)
#define UPDATE_STATE do { \
s0 = SPH_T32(s0 + u0); \
s1 = SPH_T32(s1 + u1); \
s2 = SPH_T32(s2 + u2); \
s3 = SPH_T32(s3 + u3); \
s4 = SPH_T32(s4 + u4); \
s5 = SPH_T32(s5 + u5); \
s6 = SPH_T32(s6 + u6); \
s7 = SPH_T32(s7 + u7); \
} while (0)
/*
* COREn(in) performs the core HAVAL computation for "n" passes, using
* the one-argument macro "in" to access the input words. Running state
* is held in variable "s0" to "s7".
*/
#define CORE3(in) do { \
SAVE_STATE; \
PASS1(3, in); \
PASS2(3, in); \
PASS3(3, in); \
UPDATE_STATE; \
} while (0)
#define CORE4(in) do { \
SAVE_STATE; \
PASS1(4, in); \
PASS2(4, in); \
PASS3(4, in); \
PASS4(4, in); \
UPDATE_STATE; \
} while (0)
#define CORE5(in) do { \
SAVE_STATE; \
PASS1(5, in); \
PASS2(5, in); \
PASS3(5, in); \
PASS4(5, in); \
PASS5(5, in); \
UPDATE_STATE; \
} while (0)
/*
* DSTATE declares the state variables "s0" to "s7".
*/
#define DSTATE sph_u32 s0, s1, s2, s3, s4, s5, s6, s7
/*
* RSTATE fills the state variables from the context "sc".
*/
#define RSTATE do { \
s0 = sc->s0; \
s1 = sc->s1; \
s2 = sc->s2; \
s3 = sc->s3; \
s4 = sc->s4; \
s5 = sc->s5; \
s6 = sc->s6; \
s7 = sc->s7; \
} while (0)
/*
* WSTATE updates the context "sc" from the state variables.
*/
#define WSTATE do { \
sc->s0 = s0; \
sc->s1 = s1; \
sc->s2 = s2; \
sc->s3 = s3; \
sc->s4 = s4; \
sc->s5 = s5; \
sc->s6 = s6; \
sc->s7 = s7; \
} while (0)
/*
* Initialize a context. "olen" is the output length, in 32-bit words
* (between 4 and 8, inclusive). "passes" is the number of passes
* (3, 4 or 5).
*/
static void
haval_init(sph_haval_context *sc, unsigned olen, unsigned passes)
{
sc->s0 = SPH_C32(0x243F6A88);
sc->s1 = SPH_C32(0x85A308D3);
sc->s2 = SPH_C32(0x13198A2E);
sc->s3 = SPH_C32(0x03707344);
sc->s4 = SPH_C32(0xA4093822);
sc->s5 = SPH_C32(0x299F31D0);
sc->s6 = SPH_C32(0x082EFA98);
sc->s7 = SPH_C32(0xEC4E6C89);
sc->olen = olen;
sc->passes = passes;
#if SPH_64
sc->count = 0;
#else
sc->count_high = 0;
sc->count_low = 0;
#endif
}
/*
* IN_PREPARE(data) contains declarations and code to prepare for
* reading input words pointed to by "data".
* INW(i) reads the word number "i" (from 0 to 31).
*/
#if SPH_LITTLE_FAST
#define IN_PREPARE(indata) const unsigned char *const load_ptr = \
(const unsigned char *)(indata)
#define INW(i) sph_dec32le_aligned(load_ptr + 4 * (i))
#else
#define IN_PREPARE(indata) \
sph_u32 X_var[32]; \
int load_index; \
\
for (load_index = 0; load_index < 32; load_index ++) \
X_var[load_index] = sph_dec32le_aligned( \
(const unsigned char *)(indata) + 4 * load_index)
#define INW(i) X_var[i]
#endif
/*
* Mixing operation used for 128-bit output tailoring. This function
* takes the byte 0 from a0, byte 1 from a1, byte 2 from a2 and byte 3
* from a3, and combines them into a 32-bit word, which is then rotated
* to the left by n bits.
*/
static SPH_INLINE sph_u32
mix128(sph_u32 a0, sph_u32 a1, sph_u32 a2, sph_u32 a3, int n)
{
sph_u32 tmp;
tmp = (a0 & SPH_C32(0x000000FF))
| (a1 & SPH_C32(0x0000FF00))
| (a2 & SPH_C32(0x00FF0000))
| (a3 & SPH_C32(0xFF000000));
if (n > 0)
tmp = SPH_ROTL32(tmp, n);
return tmp;
}
/*
* Mixing operation used to compute output word 0 for 160-bit output.
*/
static SPH_INLINE sph_u32
mix160_0(sph_u32 x5, sph_u32 x6, sph_u32 x7)
{
sph_u32 tmp;
tmp = (x5 & SPH_C32(0x01F80000))
| (x6 & SPH_C32(0xFE000000))
| (x7 & SPH_C32(0x0000003F));
return SPH_ROTL32(tmp, 13);
}
/*
* Mixing operation used to compute output word 1 for 160-bit output.
*/
static SPH_INLINE sph_u32
mix160_1(sph_u32 x5, sph_u32 x6, sph_u32 x7)
{
sph_u32 tmp;
tmp = (x5 & SPH_C32(0xFE000000))
| (x6 & SPH_C32(0x0000003F))
| (x7 & SPH_C32(0x00000FC0));
return SPH_ROTL32(tmp, 7);
}
/*
* Mixing operation used to compute output word 2 for 160-bit output.
*/
static SPH_INLINE sph_u32
mix160_2(sph_u32 x5, sph_u32 x6, sph_u32 x7)
{
sph_u32 tmp;
tmp = (x5 & SPH_C32(0x0000003F))
| (x6 & SPH_C32(0x00000FC0))
| (x7 & SPH_C32(0x0007F000));
return tmp;
}
/*
* Mixing operation used to compute output word 3 for 160-bit output.
*/
static SPH_INLINE sph_u32
mix160_3(sph_u32 x5, sph_u32 x6, sph_u32 x7)
{
sph_u32 tmp;
tmp = (x5 & SPH_C32(0x00000FC0))
| (x6 & SPH_C32(0x0007F000))
| (x7 & SPH_C32(0x01F80000));
return tmp >> 6;
}
/*
* Mixing operation used to compute output word 4 for 160-bit output.
*/
static SPH_INLINE sph_u32
mix160_4(sph_u32 x5, sph_u32 x6, sph_u32 x7)
{
sph_u32 tmp;
tmp = (x5 & SPH_C32(0x0007F000))
| (x6 & SPH_C32(0x01F80000))
| (x7 & SPH_C32(0xFE000000));
return tmp >> 12;
}
/*
* Mixing operation used to compute output word 0 for 192-bit output.
*/
static SPH_INLINE sph_u32
mix192_0(sph_u32 x6, sph_u32 x7)
{
sph_u32 tmp;
tmp = (x6 & SPH_C32(0xFC000000)) | (x7 & SPH_C32(0x0000001F));
return SPH_ROTL32(tmp, 6);
}
/*
* Mixing operation used to compute output word 1 for 192-bit output.
*/
static SPH_INLINE sph_u32
mix192_1(sph_u32 x6, sph_u32 x7)
{
return (x6 & SPH_C32(0x0000001F)) | (x7 & SPH_C32(0x000003E0));
}
/*
* Mixing operation used to compute output word 2 for 192-bit output.
*/
static SPH_INLINE sph_u32
mix192_2(sph_u32 x6, sph_u32 x7)
{
return ((x6 & SPH_C32(0x000003E0)) | (x7 & SPH_C32(0x0000FC00))) >> 5;
}
/*
* Mixing operation used to compute output word 3 for 192-bit output.
*/
static SPH_INLINE sph_u32
mix192_3(sph_u32 x6, sph_u32 x7)
{
return ((x6 & SPH_C32(0x0000FC00)) | (x7 & SPH_C32(0x001F0000))) >> 10;
}
/*
* Mixing operation used to compute output word 4 for 192-bit output.
*/
static SPH_INLINE sph_u32
mix192_4(sph_u32 x6, sph_u32 x7)
{
return ((x6 & SPH_C32(0x001F0000)) | (x7 & SPH_C32(0x03E00000))) >> 16;
}
/*
* Mixing operation used to compute output word 5 for 192-bit output.
*/
static SPH_INLINE sph_u32
mix192_5(sph_u32 x6, sph_u32 x7)
{
return ((x6 & SPH_C32(0x03E00000)) | (x7 & SPH_C32(0xFC000000))) >> 21;
}
/*
* Write out HAVAL output. The output length is tailored to the requested
* length.
*/
static void
haval_out(sph_haval_context *sc, void *dst)
{
DSTATE;
unsigned char *buf;
buf = (unsigned char*)dst;
RSTATE;
switch (sc->olen) {
case 4:
sph_enc32le(buf, SPH_T32(s0 + mix128(s7, s4, s5, s6, 24)));
sph_enc32le(buf + 4, SPH_T32(s1 + mix128(s6, s7, s4, s5, 16)));
sph_enc32le(buf + 8, SPH_T32(s2 + mix128(s5, s6, s7, s4, 8)));
sph_enc32le(buf + 12, SPH_T32(s3 + mix128(s4, s5, s6, s7, 0)));
break;
case 5:
sph_enc32le(buf, SPH_T32(s0 + mix160_0(s5, s6, s7)));
sph_enc32le(buf + 4, SPH_T32(s1 + mix160_1(s5, s6, s7)));
sph_enc32le(buf + 8, SPH_T32(s2 + mix160_2(s5, s6, s7)));
sph_enc32le(buf + 12, SPH_T32(s3 + mix160_3(s5, s6, s7)));
sph_enc32le(buf + 16, SPH_T32(s4 + mix160_4(s5, s6, s7)));
break;
case 6:
sph_enc32le(buf, SPH_T32(s0 + mix192_0(s6, s7)));
sph_enc32le(buf + 4, SPH_T32(s1 + mix192_1(s6, s7)));
sph_enc32le(buf + 8, SPH_T32(s2 + mix192_2(s6, s7)));
sph_enc32le(buf + 12, SPH_T32(s3 + mix192_3(s6, s7)));
sph_enc32le(buf + 16, SPH_T32(s4 + mix192_4(s6, s7)));
sph_enc32le(buf + 20, SPH_T32(s5 + mix192_5(s6, s7)));
break;
case 7:
sph_enc32le(buf, SPH_T32(s0 + ((s7 >> 27) & 0x1F)));
sph_enc32le(buf + 4, SPH_T32(s1 + ((s7 >> 22) & 0x1F)));
sph_enc32le(buf + 8, SPH_T32(s2 + ((s7 >> 18) & 0x0F)));
sph_enc32le(buf + 12, SPH_T32(s3 + ((s7 >> 13) & 0x1F)));
sph_enc32le(buf + 16, SPH_T32(s4 + ((s7 >> 9) & 0x0F)));
sph_enc32le(buf + 20, SPH_T32(s5 + ((s7 >> 4) & 0x1F)));
sph_enc32le(buf + 24, SPH_T32(s6 + ((s7 ) & 0x0F)));
break;
case 8:
sph_enc32le(buf, s0);
sph_enc32le(buf + 4, s1);
sph_enc32le(buf + 8, s2);
sph_enc32le(buf + 12, s3);
sph_enc32le(buf + 16, s4);
sph_enc32le(buf + 20, s5);
sph_enc32le(buf + 24, s6);
sph_enc32le(buf + 28, s7);
break;
}
}
/*
* The main core functions inline the code with the COREx() macros. We
* use a helper file, included three times, which avoids code copying.
*/
#undef PASSES
#define PASSES 3
#include "haval_helper.c"
#undef PASSES
#define PASSES 4
#include "haval_helper.c"
#undef PASSES
#define PASSES 5
#include "haval_helper.c"
/* ====================================================================== */
#define API(xxx, y) \
void \
sph_haval ## xxx ## _ ## y ## _init(void *cc) \
{ \
haval_init((sph_haval_context*)cc, xxx >> 5, y); \
} \
\
void \
sph_haval ## xxx ## _ ## y (void *cc, const void *data, size_t len) \
{ \
haval ## y((sph_haval_context*)cc, data, len); \
} \
\
void \
sph_haval ## xxx ## _ ## y ## _close(void *cc, void *dst) \
{ \
haval ## y ## _close((sph_haval_context*)cc, 0, 0, dst); \
} \
\
void \
sph_haval ## xxx ## _ ## y ## addbits_and_close( \
void *cc, unsigned ub, unsigned n, void *dst) \
{ \
haval ## y ## _close((sph_haval_context*)cc, ub, n, dst); \
}
API(128, 3)
API(128, 4)
API(128, 5)
API(160, 3)
API(160, 4)
API(160, 5)
API(192, 3)
API(192, 4)
API(192, 5)
API(224, 3)
API(224, 4)
API(224, 5)
API(256, 3)
API(256, 4)
API(256, 5)
#define RVAL do { \
s0 = val[0]; \
s1 = val[1]; \
s2 = val[2]; \
s3 = val[3]; \
s4 = val[4]; \
s5 = val[5]; \
s6 = val[6]; \
s7 = val[7]; \
} while (0)
#define WVAL do { \
val[0] = s0; \
val[1] = s1; \
val[2] = s2; \
val[3] = s3; \
val[4] = s4; \
val[5] = s5; \
val[6] = s6; \
val[7] = s7; \
} while (0)
#define INMSG(i) msg[i]
/* see sph_haval.h */
void
sph_haval_3_comp(const sph_u32 msg[32], sph_u32 val[8])
{
DSTATE;
RVAL;
CORE3(INMSG);
WVAL;
}
/* see sph_haval.h */
void
sph_haval_4_comp(const sph_u32 msg[32], sph_u32 val[8])
{
DSTATE;
RVAL;
CORE4(INMSG);
WVAL;
}
/* see sph_haval.h */
void
sph_haval_5_comp(const sph_u32 msg[32], sph_u32 val[8])
{
DSTATE;
RVAL;
CORE5(INMSG);
WVAL;
}

969
stratum/sha3/sph_haval.h Normal file
View file

@ -0,0 +1,969 @@
/* $Id: sph_haval.h 218 2010-06-08 17:06:34Z tp $ */
/**
* HAVAL interface.
*
* HAVAL is actually a family of 15 hash functions, depending on whether
* the internal computation uses 3, 4 or 5 passes, and on the output
* length, which is 128, 160, 192, 224 or 256 bits. This implementation
* provides interface functions for all 15, which internally map to
* three cores (depending on the number of passes). Note that output
* lengths other than 256 bits are not obtained by a simple truncation
* of a longer result; the requested length is encoded within the
* padding data.
*
* HAVAL was published in: Yuliang Zheng, Josef Pieprzyk and Jennifer
* Seberry: "HAVAL -- a one-way hashing algorithm with variable length
* of output", Advances in Cryptology -- AUSCRYPT'92, Lecture Notes in
* Computer Science, Vol.718, pp.83-104, Springer-Verlag, 1993.
*
* This paper, and a reference implementation, are available on the
* Calyptix web site: http://labs.calyptix.com/haval.php
*
* The HAVAL reference paper is quite unclear on the data encoding
* details, i.e. endianness (both byte order within a 32-bit word, and
* word order within a message block). This implementation has been
* made compatible with the reference implementation referenced above.
*
* @warning A collision for HAVAL-128/3 (HAVAL with three passes and
* 128-bit output) has been published; this function is thus considered
* as cryptographically broken. The status for other variants is unclear;
* use only with care.
*
* ==========================(LICENSE BEGIN)============================
*
* Copyright (c) 2007-2010 Projet RNRT SAPHIR
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*
* ===========================(LICENSE END)=============================
*
* @file sph_haval.h
* @author Thomas Pornin <thomas.pornin@cryptolog.com>
*/
#ifndef SPH_HAVAL_H__
#define SPH_HAVAL_H__
#include <stddef.h>
#include "sph_types.h"
/**
* Output size (in bits) for HAVAL-128/3.
*/
#define SPH_SIZE_haval128_3 128
/**
* Output size (in bits) for HAVAL-128/4.
*/
#define SPH_SIZE_haval128_4 128
/**
* Output size (in bits) for HAVAL-128/5.
*/
#define SPH_SIZE_haval128_5 128
/**
* Output size (in bits) for HAVAL-160/3.
*/
#define SPH_SIZE_haval160_3 160
/**
* Output size (in bits) for HAVAL-160/4.
*/
#define SPH_SIZE_haval160_4 160
/**
* Output size (in bits) for HAVAL-160/5.
*/
#define SPH_SIZE_haval160_5 160
/**
* Output size (in bits) for HAVAL-192/3.
*/
#define SPH_SIZE_haval192_3 192
/**
* Output size (in bits) for HAVAL-192/4.
*/
#define SPH_SIZE_haval192_4 192
/**
* Output size (in bits) for HAVAL-192/5.
*/
#define SPH_SIZE_haval192_5 192
/**
* Output size (in bits) for HAVAL-224/3.
*/
#define SPH_SIZE_haval224_3 224
/**
* Output size (in bits) for HAVAL-224/4.
*/
#define SPH_SIZE_haval224_4 224
/**
* Output size (in bits) for HAVAL-224/5.
*/
#define SPH_SIZE_haval224_5 224
/**
* Output size (in bits) for HAVAL-256/3.
*/
#define SPH_SIZE_haval256_3 256
/**
* Output size (in bits) for HAVAL-256/4.
*/
#define SPH_SIZE_haval256_4 256
/**
* Output size (in bits) for HAVAL-256/5.
*/
#define SPH_SIZE_haval256_5 256
/**
* This structure is a context for HAVAL computations: it contains the
* intermediate values and some data from the last entered block. Once
* a HAVAL computation has been performed, the context can be reused for
* another computation.
*
* The contents of this structure are private. A running HAVAL computation
* can be cloned by copying the context (e.g. with a simple
* <code>memcpy()</code>).
*/
typedef struct {
#ifndef DOXYGEN_IGNORE
unsigned char buf[128]; /* first field, for alignment */
sph_u32 s0, s1, s2, s3, s4, s5, s6, s7;
unsigned olen, passes;
#if SPH_64
sph_u64 count;
#else
sph_u32 count_high, count_low;
#endif
#endif
} sph_haval_context;
/**
* Type for a HAVAL-128/3 context (identical to the common context).
*/
typedef sph_haval_context sph_haval128_3_context;
/**
* Type for a HAVAL-128/4 context (identical to the common context).
*/
typedef sph_haval_context sph_haval128_4_context;
/**
* Type for a HAVAL-128/5 context (identical to the common context).
*/
typedef sph_haval_context sph_haval128_5_context;
/**
* Type for a HAVAL-160/3 context (identical to the common context).
*/
typedef sph_haval_context sph_haval160_3_context;
/**
* Type for a HAVAL-160/4 context (identical to the common context).
*/
typedef sph_haval_context sph_haval160_4_context;
/**
* Type for a HAVAL-160/5 context (identical to the common context).
*/
typedef sph_haval_context sph_haval160_5_context;
/**
* Type for a HAVAL-192/3 context (identical to the common context).
*/
typedef sph_haval_context sph_haval192_3_context;
/**
* Type for a HAVAL-192/4 context (identical to the common context).
*/
typedef sph_haval_context sph_haval192_4_context;
/**
* Type for a HAVAL-192/5 context (identical to the common context).
*/
typedef sph_haval_context sph_haval192_5_context;
/**
* Type for a HAVAL-224/3 context (identical to the common context).
*/
typedef sph_haval_context sph_haval224_3_context;
/**
* Type for a HAVAL-224/4 context (identical to the common context).
*/
typedef sph_haval_context sph_haval224_4_context;
/**
* Type for a HAVAL-224/5 context (identical to the common context).
*/
typedef sph_haval_context sph_haval224_5_context;
/**
* Type for a HAVAL-256/3 context (identical to the common context).
*/
typedef sph_haval_context sph_haval256_3_context;
/**
* Type for a HAVAL-256/4 context (identical to the common context).
*/
typedef sph_haval_context sph_haval256_4_context;
/**
* Type for a HAVAL-256/5 context (identical to the common context).
*/
typedef sph_haval_context sph_haval256_5_context;
/**
* Initialize the context for HAVAL-128/3.
*
* @param cc context to initialize (pointer to a
* <code>sph_haval128_3_context</code> structure)
*/
void sph_haval128_3_init(void *cc);
/**
* Process some data bytes for HAVAL-128/3. If <code>len</code> is 0,
* then this function does nothing.
*
* @param cc the HAVAL-128/3 context
* @param data the input data
* @param len the input data length (in bytes)
*/
void sph_haval128_3(void *cc, const void *data, size_t len);
/**
* Close a HAVAL-128/3 computation. The output buffer must be wide
* enough to accomodate the result (16 bytes). The context is automatically
* reinitialized.
*
* @param cc the HAVAL-128/3 context
* @param dst the output buffer
*/
void sph_haval128_3_close(void *cc, void *dst);
/**
* Close a HAVAL-128/3 computation. Up to 7 extra input bits may be added
* to the input message; these are the <code>n</code> upper bits of
* the <code>ub</code> byte (i.e. the first extra bit has value 128 in
* <code>ub</code>, the second extra bit has value 64, and so on). Other
* bits in <code>ub</code> are ignored.
*
* The output buffer must be wide enough to accomodate the result (16
* bytes). The context is automatically reinitialized.
*
* @param cc the HAVAL-128/3 context
* @param ub the extra bits
* @param n the number of extra bits (0 to 7)
* @param dst the output buffer
*/
void sph_haval128_3_addbits_and_close(void *cc,
unsigned ub, unsigned n, void *dst);
/**
* Initialize the context for HAVAL-128/4.
*
* @param cc context to initialize (pointer to a
* <code>sph_haval128_4_context</code> structure)
*/
void sph_haval128_4_init(void *cc);
/**
* Process some data bytes for HAVAL-128/4. If <code>len</code> is 0,
* then this function does nothing.
*
* @param cc the HAVAL-128/4 context
* @param data the input data
* @param len the input data length (in bytes)
*/
void sph_haval128_4(void *cc, const void *data, size_t len);
/**
* Close a HAVAL-128/4 computation. The output buffer must be wide
* enough to accomodate the result (16 bytes). The context is automatically
* reinitialized.
*
* @param cc the HAVAL-128/4 context
* @param dst the output buffer
*/
void sph_haval128_4_close(void *cc, void *dst);
/**
* Close a HAVAL-128/4 computation. Up to 7 extra input bits may be added
* to the input message; these are the <code>n</code> upper bits of
* the <code>ub</code> byte (i.e. the first extra bit has value 128 in
* <code>ub</code>, the second extra bit has value 64, and so on). Other
* bits in <code>ub</code> are ignored.
*
* The output buffer must be wide enough to accomodate the result (16
* bytes). The context is automatically reinitialized.
*
* @param cc the HAVAL-128/4 context
* @param ub the extra bits
* @param n the number of extra bits (0 to 7)
* @param dst the output buffer
*/
void sph_haval128_4_addbits_and_close(void *cc,
unsigned ub, unsigned n, void *dst);
/**
* Initialize the context for HAVAL-128/5.
*
* @param cc context to initialize (pointer to a
* <code>sph_haval128_5_context</code> structure)
*/
void sph_haval128_5_init(void *cc);
/**
* Process some data bytes for HAVAL-128/5. If <code>len</code> is 0,
* then this function does nothing.
*
* @param cc the HAVAL-128/5 context
* @param data the input data
* @param len the input data length (in bytes)
*/
void sph_haval128_5(void *cc, const void *data, size_t len);
/**
* Close a HAVAL-128/5 computation. The output buffer must be wide
* enough to accomodate the result (16 bytes). The context is automatically
* reinitialized.
*
* @param cc the HAVAL-128/5 context
* @param dst the output buffer
*/
void sph_haval128_5_close(void *cc, void *dst);
/**
* Close a HAVAL-128/5 computation. Up to 7 extra input bits may be added
* to the input message; these are the <code>n</code> upper bits of
* the <code>ub</code> byte (i.e. the first extra bit has value 128 in
* <code>ub</code>, the second extra bit has value 64, and so on). Other
* bits in <code>ub</code> are ignored.
*
* The output buffer must be wide enough to accomodate the result (16
* bytes). The context is automatically reinitialized.
*
* @param cc the HAVAL-128/5 context
* @param ub the extra bits
* @param n the number of extra bits (0 to 7)
* @param dst the output buffer
*/
void sph_haval128_5_addbits_and_close(void *cc,
unsigned ub, unsigned n, void *dst);
/**
* Initialize the context for HAVAL-160/3.
*
* @param cc context to initialize (pointer to a
* <code>sph_haval160_3_context</code> structure)
*/
void sph_haval160_3_init(void *cc);
/**
* Process some data bytes for HAVAL-160/3. If <code>len</code> is 0,
* then this function does nothing.
*
* @param cc the HAVAL-160/3 context
* @param data the input data
* @param len the input data length (in bytes)
*/
void sph_haval160_3(void *cc, const void *data, size_t len);
/**
* Close a HAVAL-160/3 computation. The output buffer must be wide
* enough to accomodate the result (20 bytes). The context is automatically
* reinitialized.
*
* @param cc the HAVAL-160/3 context
* @param dst the output buffer
*/
void sph_haval160_3_close(void *cc, void *dst);
/**
* Close a HAVAL-160/3 computation. Up to 7 extra input bits may be added
* to the input message; these are the <code>n</code> upper bits of
* the <code>ub</code> byte (i.e. the first extra bit has value 128 in
* <code>ub</code>, the second extra bit has value 64, and so on). Other
* bits in <code>ub</code> are ignored.
*
* The output buffer must be wide enough to accomodate the result (20
* bytes). The context is automatically reinitialized.
*
* @param cc the HAVAL-160/3 context
* @param ub the extra bits
* @param n the number of extra bits (0 to 7)
* @param dst the output buffer
*/
void sph_haval160_3_addbits_and_close(void *cc,
unsigned ub, unsigned n, void *dst);
/**
* Initialize the context for HAVAL-160/4.
*
* @param cc context to initialize (pointer to a
* <code>sph_haval160_4_context</code> structure)
*/
void sph_haval160_4_init(void *cc);
/**
* Process some data bytes for HAVAL-160/4. If <code>len</code> is 0,
* then this function does nothing.
*
* @param cc the HAVAL-160/4 context
* @param data the input data
* @param len the input data length (in bytes)
*/
void sph_haval160_4(void *cc, const void *data, size_t len);
/**
* Close a HAVAL-160/4 computation. The output buffer must be wide
* enough to accomodate the result (20 bytes). The context is automatically
* reinitialized.
*
* @param cc the HAVAL-160/4 context
* @param dst the output buffer
*/
void sph_haval160_4_close(void *cc, void *dst);
/**
* Close a HAVAL-160/4 computation. Up to 7 extra input bits may be added
* to the input message; these are the <code>n</code> upper bits of
* the <code>ub</code> byte (i.e. the first extra bit has value 128 in
* <code>ub</code>, the second extra bit has value 64, and so on). Other
* bits in <code>ub</code> are ignored.
*
* The output buffer must be wide enough to accomodate the result (20
* bytes). The context is automatically reinitialized.
*
* @param cc the HAVAL-160/4 context
* @param ub the extra bits
* @param n the number of extra bits (0 to 7)
* @param dst the output buffer
*/
void sph_haval160_3_addbits_and_close(void *cc,
unsigned ub, unsigned n, void *dst);
/**
* Initialize the context for HAVAL-160/5.
*
* @param cc context to initialize (pointer to a
* <code>sph_haval160_5_context</code> structure)
*/
void sph_haval160_5_init(void *cc);
/**
* Process some data bytes for HAVAL-160/5. If <code>len</code> is 0,
* then this function does nothing.
*
* @param cc the HAVAL-160/5 context
* @param data the input data
* @param len the input data length (in bytes)
*/
void sph_haval160_5(void *cc, const void *data, size_t len);
/**
* Close a HAVAL-160/5 computation. The output buffer must be wide
* enough to accomodate the result (20 bytes). The context is automatically
* reinitialized.
*
* @param cc the HAVAL-160/5 context
* @param dst the output buffer
*/
void sph_haval160_5_close(void *cc, void *dst);
/**
* Close a HAVAL-160/5 computation. Up to 7 extra input bits may be added
* to the input message; these are the <code>n</code> upper bits of
* the <code>ub</code> byte (i.e. the first extra bit has value 128 in
* <code>ub</code>, the second extra bit has value 64, and so on). Other
* bits in <code>ub</code> are ignored.
*
* The output buffer must be wide enough to accomodate the result (20
* bytes). The context is automatically reinitialized.
*
* @param cc the HAVAL-160/5 context
* @param ub the extra bits
* @param n the number of extra bits (0 to 7)
* @param dst the output buffer
*/
void sph_haval160_5_addbits_and_close(void *cc,
unsigned ub, unsigned n, void *dst);
/**
* Initialize the context for HAVAL-192/3.
*
* @param cc context to initialize (pointer to a
* <code>sph_haval192_3_context</code> structure)
*/
void sph_haval192_3_init(void *cc);
/**
* Process some data bytes for HAVAL-192/3. If <code>len</code> is 0,
* then this function does nothing.
*
* @param cc the HAVAL-192/3 context
* @param data the input data
* @param len the input data length (in bytes)
*/
void sph_haval192_3(void *cc, const void *data, size_t len);
/**
* Close a HAVAL-192/3 computation. The output buffer must be wide
* enough to accomodate the result (24 bytes). The context is automatically
* reinitialized.
*
* @param cc the HAVAL-192/3 context
* @param dst the output buffer
*/
void sph_haval192_3_close(void *cc, void *dst);
/**
* Close a HAVAL-192/3 computation. Up to 7 extra input bits may be added
* to the input message; these are the <code>n</code> upper bits of
* the <code>ub</code> byte (i.e. the first extra bit has value 128 in
* <code>ub</code>, the second extra bit has value 64, and so on). Other
* bits in <code>ub</code> are ignored.
*
* The output buffer must be wide enough to accomodate the result (24
* bytes). The context is automatically reinitialized.
*
* @param cc the HAVAL-192/3 context
* @param ub the extra bits
* @param n the number of extra bits (0 to 7)
* @param dst the output buffer
*/
void sph_haval192_3_addbits_and_close(void *cc,
unsigned ub, unsigned n, void *dst);
/**
* Initialize the context for HAVAL-192/4.
*
* @param cc context to initialize (pointer to a
* <code>sph_haval192_4_context</code> structure)
*/
void sph_haval192_4_init(void *cc);
/**
* Process some data bytes for HAVAL-192/4. If <code>len</code> is 0,
* then this function does nothing.
*
* @param cc the HAVAL-192/4 context
* @param data the input data
* @param len the input data length (in bytes)
*/
void sph_haval192_4(void *cc, const void *data, size_t len);
/**
* Close a HAVAL-192/4 computation. The output buffer must be wide
* enough to accomodate the result (24 bytes). The context is automatically
* reinitialized.
*
* @param cc the HAVAL-192/4 context
* @param dst the output buffer
*/
void sph_haval192_4_close(void *cc, void *dst);
/**
* Close a HAVAL-192/4 computation. Up to 7 extra input bits may be added
* to the input message; these are the <code>n</code> upper bits of
* the <code>ub</code> byte (i.e. the first extra bit has value 128 in
* <code>ub</code>, the second extra bit has value 64, and so on). Other
* bits in <code>ub</code> are ignored.
*
* The output buffer must be wide enough to accomodate the result (24
* bytes). The context is automatically reinitialized.
*
* @param cc the HAVAL-192/4 context
* @param ub the extra bits
* @param n the number of extra bits (0 to 7)
* @param dst the output buffer
*/
void sph_haval192_4_addbits_and_close(void *cc,
unsigned ub, unsigned n, void *dst);
/**
* Initialize the context for HAVAL-192/5.
*
* @param cc context to initialize (pointer to a
* <code>sph_haval192_5_context</code> structure)
*/
void sph_haval192_5_init(void *cc);
/**
* Process some data bytes for HAVAL-192/5. If <code>len</code> is 0,
* then this function does nothing.
*
* @param cc the HAVAL-192/5 context
* @param data the input data
* @param len the input data length (in bytes)
*/
void sph_haval192_5(void *cc, const void *data, size_t len);
/**
* Close a HAVAL-192/5 computation. The output buffer must be wide
* enough to accomodate the result (24 bytes). The context is automatically
* reinitialized.
*
* @param cc the HAVAL-192/5 context
* @param dst the output buffer
*/
void sph_haval192_5_close(void *cc, void *dst);
/**
* Close a HAVAL-192/5 computation. Up to 7 extra input bits may be added
* to the input message; these are the <code>n</code> upper bits of
* the <code>ub</code> byte (i.e. the first extra bit has value 128 in
* <code>ub</code>, the second extra bit has value 64, and so on). Other
* bits in <code>ub</code> are ignored.
*
* The output buffer must be wide enough to accomodate the result (24
* bytes). The context is automatically reinitialized.
*
* @param cc the HAVAL-192/5 context
* @param ub the extra bits
* @param n the number of extra bits (0 to 7)
* @param dst the output buffer
*/
void sph_haval192_5_addbits_and_close(void *cc,
unsigned ub, unsigned n, void *dst);
/**
* Initialize the context for HAVAL-224/3.
*
* @param cc context to initialize (pointer to a
* <code>sph_haval224_3_context</code> structure)
*/
void sph_haval224_3_init(void *cc);
/**
* Process some data bytes for HAVAL-224/3. If <code>len</code> is 0,
* then this function does nothing.
*
* @param cc the HAVAL-224/3 context
* @param data the input data
* @param len the input data length (in bytes)
*/
void sph_haval224_3(void *cc, const void *data, size_t len);
/**
* Close a HAVAL-224/3 computation. The output buffer must be wide
* enough to accomodate the result (28 bytes). The context is automatically
* reinitialized.
*
* @param cc the HAVAL-224/3 context
* @param dst the output buffer
*/
void sph_haval224_3_close(void *cc, void *dst);
/**
* Close a HAVAL-224/3 computation. Up to 7 extra input bits may be added
* to the input message; these are the <code>n</code> upper bits of
* the <code>ub</code> byte (i.e. the first extra bit has value 128 in
* <code>ub</code>, the second extra bit has value 64, and so on). Other
* bits in <code>ub</code> are ignored.
*
* The output buffer must be wide enough to accomodate the result (28
* bytes). The context is automatically reinitialized.
*
* @param cc the HAVAL-224/3 context
* @param ub the extra bits
* @param n the number of extra bits (0 to 7)
* @param dst the output buffer
*/
void sph_haval224_3_addbits_and_close(void *cc,
unsigned ub, unsigned n, void *dst);
/**
* Initialize the context for HAVAL-224/4.
*
* @param cc context to initialize (pointer to a
* <code>sph_haval224_4_context</code> structure)
*/
void sph_haval224_4_init(void *cc);
/**
* Process some data bytes for HAVAL-224/4. If <code>len</code> is 0,
* then this function does nothing.
*
* @param cc the HAVAL-224/4 context
* @param data the input data
* @param len the input data length (in bytes)
*/
void sph_haval224_4(void *cc, const void *data, size_t len);
/**
* Close a HAVAL-224/4 computation. The output buffer must be wide
* enough to accomodate the result (28 bytes). The context is automatically
* reinitialized.
*
* @param cc the HAVAL-224/4 context
* @param dst the output buffer
*/
void sph_haval224_4_close(void *cc, void *dst);
/**
* Close a HAVAL-224/4 computation. Up to 7 extra input bits may be added
* to the input message; these are the <code>n</code> upper bits of
* the <code>ub</code> byte (i.e. the first extra bit has value 128 in
* <code>ub</code>, the second extra bit has value 64, and so on). Other
* bits in <code>ub</code> are ignored.
*
* The output buffer must be wide enough to accomodate the result (28
* bytes). The context is automatically reinitialized.
*
* @param cc the HAVAL-224/4 context
* @param ub the extra bits
* @param n the number of extra bits (0 to 7)
* @param dst the output buffer
*/
void sph_haval224_4_addbits_and_close(void *cc,
unsigned ub, unsigned n, void *dst);
/**
* Initialize the context for HAVAL-224/5.
*
* @param cc context to initialize (pointer to a
* <code>sph_haval224_5_context</code> structure)
*/
void sph_haval224_5_init(void *cc);
/**
* Process some data bytes for HAVAL-224/5. If <code>len</code> is 0,
* then this function does nothing.
*
* @param cc the HAVAL-224/5 context
* @param data the input data
* @param len the input data length (in bytes)
*/
void sph_haval224_5(void *cc, const void *data, size_t len);
/**
* Close a HAVAL-224/5 computation. The output buffer must be wide
* enough to accomodate the result (28 bytes). The context is automatically
* reinitialized.
*
* @param cc the HAVAL-224/5 context
* @param dst the output buffer
*/
void sph_haval224_5_close(void *cc, void *dst);
/**
* Close a HAVAL-224/5 computation. Up to 7 extra input bits may be added
* to the input message; these are the <code>n</code> upper bits of
* the <code>ub</code> byte (i.e. the first extra bit has value 128 in
* <code>ub</code>, the second extra bit has value 64, and so on). Other
* bits in <code>ub</code> are ignored.
*
* The output buffer must be wide enough to accomodate the result (28
* bytes). The context is automatically reinitialized.
*
* @param cc the HAVAL-224/5 context
* @param ub the extra bits
* @param n the number of extra bits (0 to 7)
* @param dst the output buffer
*/
void sph_haval224_5_addbits_and_close(void *cc,
unsigned ub, unsigned n, void *dst);
/**
* Initialize the context for HAVAL-256/3.
*
* @param cc context to initialize (pointer to a
* <code>sph_haval256_3_context</code> structure)
*/
void sph_haval256_3_init(void *cc);
/**
* Process some data bytes for HAVAL-256/3. If <code>len</code> is 0,
* then this function does nothing.
*
* @param cc the HAVAL-256/3 context
* @param data the input data
* @param len the input data length (in bytes)
*/
void sph_haval256_3(void *cc, const void *data, size_t len);
/**
* Close a HAVAL-256/3 computation. The output buffer must be wide
* enough to accomodate the result (32 bytes). The context is automatically
* reinitialized.
*
* @param cc the HAVAL-256/3 context
* @param dst the output buffer
*/
void sph_haval256_3_close(void *cc, void *dst);
/**
* Close a HAVAL-256/3 computation. Up to 7 extra input bits may be added
* to the input message; these are the <code>n</code> upper bits of
* the <code>ub</code> byte (i.e. the first extra bit has value 128 in
* <code>ub</code>, the second extra bit has value 64, and so on). Other
* bits in <code>ub</code> are ignored.
*
* The output buffer must be wide enough to accomodate the result (32
* bytes). The context is automatically reinitialized.
*
* @param cc the HAVAL-256/3 context
* @param ub the extra bits
* @param n the number of extra bits (0 to 7)
* @param dst the output buffer
*/
void sph_haval256_3_addbits_and_close(void *cc,
unsigned ub, unsigned n, void *dst);
/**
* Initialize the context for HAVAL-256/4.
*
* @param cc context to initialize (pointer to a
* <code>sph_haval256_4_context</code> structure)
*/
void sph_haval256_4_init(void *cc);
/**
* Process some data bytes for HAVAL-256/4. If <code>len</code> is 0,
* then this function does nothing.
*
* @param cc the HAVAL-256/4 context
* @param data the input data
* @param len the input data length (in bytes)
*/
void sph_haval256_4(void *cc, const void *data, size_t len);
/**
* Close a HAVAL-256/4 computation. The output buffer must be wide
* enough to accomodate the result (32 bytes). The context is automatically
* reinitialized.
*
* @param cc the HAVAL-256/4 context
* @param dst the output buffer
*/
void sph_haval256_4_close(void *cc, void *dst);
/**
* Close a HAVAL-256/4 computation. Up to 7 extra input bits may be added
* to the input message; these are the <code>n</code> upper bits of
* the <code>ub</code> byte (i.e. the first extra bit has value 128 in
* <code>ub</code>, the second extra bit has value 64, and so on). Other
* bits in <code>ub</code> are ignored.
*
* The output buffer must be wide enough to accomodate the result (32
* bytes). The context is automatically reinitialized.
*
* @param cc the HAVAL-256/4 context
* @param ub the extra bits
* @param n the number of extra bits (0 to 7)
* @param dst the output buffer
*/
void sph_haval256_4_addbits_and_close(void *cc,
unsigned ub, unsigned n, void *dst);
/**
* Initialize the context for HAVAL-256/5.
*
* @param cc context to initialize (pointer to a
* <code>sph_haval256_5_context</code> structure)
*/
void sph_haval256_5_init(void *cc);
/**
* Process some data bytes for HAVAL-256/5. If <code>len</code> is 0,
* then this function does nothing.
*
* @param cc the HAVAL-256/5 context
* @param data the input data
* @param len the input data length (in bytes)
*/
void sph_haval256_5(void *cc, const void *data, size_t len);
/**
* Close a HAVAL-256/5 computation. The output buffer must be wide
* enough to accomodate the result (32 bytes). The context is automatically
* reinitialized.
*
* @param cc the HAVAL-256/5 context
* @param dst the output buffer
*/
void sph_haval256_5_close(void *cc, void *dst);
/**
* Close a HAVAL-256/5 computation. Up to 7 extra input bits may be added
* to the input message; these are the <code>n</code> upper bits of
* the <code>ub</code> byte (i.e. the first extra bit has value 128 in
* <code>ub</code>, the second extra bit has value 64, and so on). Other
* bits in <code>ub</code> are ignored.
*
* The output buffer must be wide enough to accomodate the result (32
* bytes). The context is automatically reinitialized.
*
* @param cc the HAVAL-256/5 context
* @param ub the extra bits
* @param n the number of extra bits (0 to 7)
* @param dst the output buffer
*/
void sph_haval256_5_addbits_and_close(void *cc,
unsigned ub, unsigned n, void *dst);
/**
* Apply the HAVAL compression function on the provided data. The
* <code>msg</code> parameter contains the 32 32-bit input blocks,
* as numerical values (hence after the little-endian decoding). The
* <code>val</code> parameter contains the 8 32-bit input blocks for
* the compression function; the output is written in place in this
* array. This function uses three internal passes.
*
* @param msg the message block (32 values)
* @param val the function 256-bit input and output
*/
void sph_haval_3_comp(const sph_u32 msg[32], sph_u32 val[8]);
/**
* Apply the HAVAL compression function on the provided data. The
* <code>msg</code> parameter contains the 32 32-bit input blocks,
* as numerical values (hence after the little-endian decoding). The
* <code>val</code> parameter contains the 8 32-bit input blocks for
* the compression function; the output is written in place in this
* array. This function uses four internal passes.
*
* @param msg the message block (32 values)
* @param val the function 256-bit input and output
*/
void sph_haval_4_comp(const sph_u32 msg[32], sph_u32 val[8]);
/**
* Apply the HAVAL compression function on the provided data. The
* <code>msg</code> parameter contains the 32 32-bit input blocks,
* as numerical values (hence after the little-endian decoding). The
* <code>val</code> parameter contains the 8 32-bit input blocks for
* the compression function; the output is written in place in this
* array. This function uses five internal passes.
*
* @param msg the message block (32 values)
* @param val the function 256-bit input and output
*/
void sph_haval_5_comp(const sph_u32 msg[32], sph_u32 val[8]);
#endif

834
stratum/sha3/sph_ripemd.c Normal file
View file

@ -0,0 +1,834 @@
/* $Id: ripemd.c 216 2010-06-08 09:46:57Z tp $ */
/*
* RIPEMD-160 implementation.
*
* ==========================(LICENSE BEGIN)============================
*
* Copyright (c) 2007-2010 Projet RNRT SAPHIR
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*
* ===========================(LICENSE END)=============================
*
* @author Thomas Pornin <thomas.pornin@cryptolog.com>
*/
#include <stddef.h>
#include <string.h>
#include "sph_ripemd.h"
/*
* Round functions for RIPEMD (original).
*/
#define F(x, y, z) ((((y) ^ (z)) & (x)) ^ (z))
#define G(x, y, z) (((x) & (y)) | (((x) | (y)) & (z)))
#define H(x, y, z) ((x) ^ (y) ^ (z))
static const sph_u32 oIV[5] = {
SPH_C32(0x67452301), SPH_C32(0xEFCDAB89),
SPH_C32(0x98BADCFE), SPH_C32(0x10325476)
};
/*
* Round functions for RIPEMD-128 and RIPEMD-160.
*/
#define F1(x, y, z) ((x) ^ (y) ^ (z))
#define F2(x, y, z) ((((y) ^ (z)) & (x)) ^ (z))
#define F3(x, y, z) (((x) | ~(y)) ^ (z))
#define F4(x, y, z) ((((x) ^ (y)) & (z)) ^ (y))
#define F5(x, y, z) ((x) ^ ((y) | ~(z)))
static const sph_u32 IV[5] = {
SPH_C32(0x67452301), SPH_C32(0xEFCDAB89), SPH_C32(0x98BADCFE),
SPH_C32(0x10325476), SPH_C32(0xC3D2E1F0)
};
#define ROTL SPH_ROTL32
/* ===================================================================== */
/*
* RIPEMD (original hash, deprecated).
*/
#define FF1(A, B, C, D, X, s) do { \
sph_u32 tmp = SPH_T32((A) + F(B, C, D) + (X)); \
(A) = ROTL(tmp, (s)); \
} while (0)
#define GG1(A, B, C, D, X, s) do { \
sph_u32 tmp = SPH_T32((A) + G(B, C, D) \
+ (X) + SPH_C32(0x5A827999)); \
(A) = ROTL(tmp, (s)); \
} while (0)
#define HH1(A, B, C, D, X, s) do { \
sph_u32 tmp = SPH_T32((A) + H(B, C, D) \
+ (X) + SPH_C32(0x6ED9EBA1)); \
(A) = ROTL(tmp, (s)); \
} while (0)
#define FF2(A, B, C, D, X, s) do { \
sph_u32 tmp = SPH_T32((A) + F(B, C, D) \
+ (X) + SPH_C32(0x50A28BE6)); \
(A) = ROTL(tmp, (s)); \
} while (0)
#define GG2(A, B, C, D, X, s) do { \
sph_u32 tmp = SPH_T32((A) + G(B, C, D) + (X)); \
(A) = ROTL(tmp, (s)); \
} while (0)
#define HH2(A, B, C, D, X, s) do { \
sph_u32 tmp = SPH_T32((A) + H(B, C, D) \
+ (X) + SPH_C32(0x5C4DD124)); \
(A) = ROTL(tmp, (s)); \
} while (0)
#define RIPEMD_ROUND_BODY(in, h) do { \
sph_u32 A1, B1, C1, D1; \
sph_u32 A2, B2, C2, D2; \
sph_u32 tmp; \
\
A1 = A2 = (h)[0]; \
B1 = B2 = (h)[1]; \
C1 = C2 = (h)[2]; \
D1 = D2 = (h)[3]; \
\
FF1(A1, B1, C1, D1, in( 0), 11); \
FF1(D1, A1, B1, C1, in( 1), 14); \
FF1(C1, D1, A1, B1, in( 2), 15); \
FF1(B1, C1, D1, A1, in( 3), 12); \
FF1(A1, B1, C1, D1, in( 4), 5); \
FF1(D1, A1, B1, C1, in( 5), 8); \
FF1(C1, D1, A1, B1, in( 6), 7); \
FF1(B1, C1, D1, A1, in( 7), 9); \
FF1(A1, B1, C1, D1, in( 8), 11); \
FF1(D1, A1, B1, C1, in( 9), 13); \
FF1(C1, D1, A1, B1, in(10), 14); \
FF1(B1, C1, D1, A1, in(11), 15); \
FF1(A1, B1, C1, D1, in(12), 6); \
FF1(D1, A1, B1, C1, in(13), 7); \
FF1(C1, D1, A1, B1, in(14), 9); \
FF1(B1, C1, D1, A1, in(15), 8); \
\
GG1(A1, B1, C1, D1, in( 7), 7); \
GG1(D1, A1, B1, C1, in( 4), 6); \
GG1(C1, D1, A1, B1, in(13), 8); \
GG1(B1, C1, D1, A1, in( 1), 13); \
GG1(A1, B1, C1, D1, in(10), 11); \
GG1(D1, A1, B1, C1, in( 6), 9); \
GG1(C1, D1, A1, B1, in(15), 7); \
GG1(B1, C1, D1, A1, in( 3), 15); \
GG1(A1, B1, C1, D1, in(12), 7); \
GG1(D1, A1, B1, C1, in( 0), 12); \
GG1(C1, D1, A1, B1, in( 9), 15); \
GG1(B1, C1, D1, A1, in( 5), 9); \
GG1(A1, B1, C1, D1, in(14), 7); \
GG1(D1, A1, B1, C1, in( 2), 11); \
GG1(C1, D1, A1, B1, in(11), 13); \
GG1(B1, C1, D1, A1, in( 8), 12); \
\
HH1(A1, B1, C1, D1, in( 3), 11); \
HH1(D1, A1, B1, C1, in(10), 13); \
HH1(C1, D1, A1, B1, in( 2), 14); \
HH1(B1, C1, D1, A1, in( 4), 7); \
HH1(A1, B1, C1, D1, in( 9), 14); \
HH1(D1, A1, B1, C1, in(15), 9); \
HH1(C1, D1, A1, B1, in( 8), 13); \
HH1(B1, C1, D1, A1, in( 1), 15); \
HH1(A1, B1, C1, D1, in(14), 6); \
HH1(D1, A1, B1, C1, in( 7), 8); \
HH1(C1, D1, A1, B1, in( 0), 13); \
HH1(B1, C1, D1, A1, in( 6), 6); \
HH1(A1, B1, C1, D1, in(11), 12); \
HH1(D1, A1, B1, C1, in(13), 5); \
HH1(C1, D1, A1, B1, in( 5), 7); \
HH1(B1, C1, D1, A1, in(12), 5); \
\
FF2(A2, B2, C2, D2, in( 0), 11); \
FF2(D2, A2, B2, C2, in( 1), 14); \
FF2(C2, D2, A2, B2, in( 2), 15); \
FF2(B2, C2, D2, A2, in( 3), 12); \
FF2(A2, B2, C2, D2, in( 4), 5); \
FF2(D2, A2, B2, C2, in( 5), 8); \
FF2(C2, D2, A2, B2, in( 6), 7); \
FF2(B2, C2, D2, A2, in( 7), 9); \
FF2(A2, B2, C2, D2, in( 8), 11); \
FF2(D2, A2, B2, C2, in( 9), 13); \
FF2(C2, D2, A2, B2, in(10), 14); \
FF2(B2, C2, D2, A2, in(11), 15); \
FF2(A2, B2, C2, D2, in(12), 6); \
FF2(D2, A2, B2, C2, in(13), 7); \
FF2(C2, D2, A2, B2, in(14), 9); \
FF2(B2, C2, D2, A2, in(15), 8); \
\
GG2(A2, B2, C2, D2, in( 7), 7); \
GG2(D2, A2, B2, C2, in( 4), 6); \
GG2(C2, D2, A2, B2, in(13), 8); \
GG2(B2, C2, D2, A2, in( 1), 13); \
GG2(A2, B2, C2, D2, in(10), 11); \
GG2(D2, A2, B2, C2, in( 6), 9); \
GG2(C2, D2, A2, B2, in(15), 7); \
GG2(B2, C2, D2, A2, in( 3), 15); \
GG2(A2, B2, C2, D2, in(12), 7); \
GG2(D2, A2, B2, C2, in( 0), 12); \
GG2(C2, D2, A2, B2, in( 9), 15); \
GG2(B2, C2, D2, A2, in( 5), 9); \
GG2(A2, B2, C2, D2, in(14), 7); \
GG2(D2, A2, B2, C2, in( 2), 11); \
GG2(C2, D2, A2, B2, in(11), 13); \
GG2(B2, C2, D2, A2, in( 8), 12); \
\
HH2(A2, B2, C2, D2, in( 3), 11); \
HH2(D2, A2, B2, C2, in(10), 13); \
HH2(C2, D2, A2, B2, in( 2), 14); \
HH2(B2, C2, D2, A2, in( 4), 7); \
HH2(A2, B2, C2, D2, in( 9), 14); \
HH2(D2, A2, B2, C2, in(15), 9); \
HH2(C2, D2, A2, B2, in( 8), 13); \
HH2(B2, C2, D2, A2, in( 1), 15); \
HH2(A2, B2, C2, D2, in(14), 6); \
HH2(D2, A2, B2, C2, in( 7), 8); \
HH2(C2, D2, A2, B2, in( 0), 13); \
HH2(B2, C2, D2, A2, in( 6), 6); \
HH2(A2, B2, C2, D2, in(11), 12); \
HH2(D2, A2, B2, C2, in(13), 5); \
HH2(C2, D2, A2, B2, in( 5), 7); \
HH2(B2, C2, D2, A2, in(12), 5); \
\
tmp = SPH_T32((h)[1] + C1 + D2); \
(h)[1] = SPH_T32((h)[2] + D1 + A2); \
(h)[2] = SPH_T32((h)[3] + A1 + B2); \
(h)[3] = SPH_T32((h)[0] + B1 + C2); \
(h)[0] = tmp; \
} while (0)
/*
* One round of RIPEMD. The data must be aligned for 32-bit access.
*/
static void
ripemd_round(const unsigned char *data, sph_u32 r[5])
{
#if SPH_LITTLE_FAST
#define RIPEMD_IN(x) sph_dec32le_aligned(data + (4 * (x)))
#else
sph_u32 X_var[16];
int i;
for (i = 0; i < 16; i ++)
X_var[i] = sph_dec32le_aligned(data + 4 * i);
#define RIPEMD_IN(x) X_var[x]
#endif
RIPEMD_ROUND_BODY(RIPEMD_IN, r);
#undef RIPEMD_IN
}
/* see sph_ripemd.h */
void
sph_ripemd_init(void *cc)
{
sph_ripemd_context *sc;
sc = (sph_ripemd_context*)cc;
memcpy(sc->val, oIV, sizeof sc->val);
#if SPH_64
sc->count = 0;
#else
sc->count_high = sc->count_low = 0;
#endif
}
#define RFUN ripemd_round
#define HASH ripemd
#define LE32 1
#include "md_helper.c"
#undef RFUN
#undef HASH
#undef LE32
/* see sph_ripemd.h */
void
sph_ripemd_close(void *cc, void *dst)
{
ripemd_close(cc, dst, 4);
sph_ripemd_init(cc);
}
/* see sph_ripemd.h */
void
sph_ripemd_comp(const sph_u32 msg[16], sph_u32 val[4])
{
#define RIPEMD_IN(x) msg[x]
RIPEMD_ROUND_BODY(RIPEMD_IN, val);
#undef RIPEMD_IN
}
/* ===================================================================== */
/*
* RIPEMD-128.
*/
/*
* Round constants for RIPEMD-128.
*/
#define sK11 SPH_C32(0x00000000)
#define sK12 SPH_C32(0x5A827999)
#define sK13 SPH_C32(0x6ED9EBA1)
#define sK14 SPH_C32(0x8F1BBCDC)
#define sK21 SPH_C32(0x50A28BE6)
#define sK22 SPH_C32(0x5C4DD124)
#define sK23 SPH_C32(0x6D703EF3)
#define sK24 SPH_C32(0x00000000)
#define sRR(a, b, c, d, f, s, r, k) do { \
a = ROTL(SPH_T32(a + f(b, c, d) + r + k), s); \
} while (0)
#define sROUND1(a, b, c, d, f, s, r, k) \
sRR(a ## 1, b ## 1, c ## 1, d ## 1, f, s, r, sK1 ## k)
#define sROUND2(a, b, c, d, f, s, r, k) \
sRR(a ## 2, b ## 2, c ## 2, d ## 2, f, s, r, sK2 ## k)
/*
* This macro defines the body for a RIPEMD-128 compression function
* implementation. The "in" parameter should evaluate, when applied to a
* numerical input parameter from 0 to 15, to an expression which yields
* the corresponding input block. The "h" parameter should evaluate to
* an array or pointer expression designating the array of 4 words which
* contains the input and output of the compression function.
*/
#define RIPEMD128_ROUND_BODY(in, h) do { \
sph_u32 A1, B1, C1, D1; \
sph_u32 A2, B2, C2, D2; \
sph_u32 tmp; \
\
A1 = A2 = (h)[0]; \
B1 = B2 = (h)[1]; \
C1 = C2 = (h)[2]; \
D1 = D2 = (h)[3]; \
\
sROUND1(A, B, C, D, F1, 11, in( 0), 1); \
sROUND1(D, A, B, C, F1, 14, in( 1), 1); \
sROUND1(C, D, A, B, F1, 15, in( 2), 1); \
sROUND1(B, C, D, A, F1, 12, in( 3), 1); \
sROUND1(A, B, C, D, F1, 5, in( 4), 1); \
sROUND1(D, A, B, C, F1, 8, in( 5), 1); \
sROUND1(C, D, A, B, F1, 7, in( 6), 1); \
sROUND1(B, C, D, A, F1, 9, in( 7), 1); \
sROUND1(A, B, C, D, F1, 11, in( 8), 1); \
sROUND1(D, A, B, C, F1, 13, in( 9), 1); \
sROUND1(C, D, A, B, F1, 14, in(10), 1); \
sROUND1(B, C, D, A, F1, 15, in(11), 1); \
sROUND1(A, B, C, D, F1, 6, in(12), 1); \
sROUND1(D, A, B, C, F1, 7, in(13), 1); \
sROUND1(C, D, A, B, F1, 9, in(14), 1); \
sROUND1(B, C, D, A, F1, 8, in(15), 1); \
\
sROUND1(A, B, C, D, F2, 7, in( 7), 2); \
sROUND1(D, A, B, C, F2, 6, in( 4), 2); \
sROUND1(C, D, A, B, F2, 8, in(13), 2); \
sROUND1(B, C, D, A, F2, 13, in( 1), 2); \
sROUND1(A, B, C, D, F2, 11, in(10), 2); \
sROUND1(D, A, B, C, F2, 9, in( 6), 2); \
sROUND1(C, D, A, B, F2, 7, in(15), 2); \
sROUND1(B, C, D, A, F2, 15, in( 3), 2); \
sROUND1(A, B, C, D, F2, 7, in(12), 2); \
sROUND1(D, A, B, C, F2, 12, in( 0), 2); \
sROUND1(C, D, A, B, F2, 15, in( 9), 2); \
sROUND1(B, C, D, A, F2, 9, in( 5), 2); \
sROUND1(A, B, C, D, F2, 11, in( 2), 2); \
sROUND1(D, A, B, C, F2, 7, in(14), 2); \
sROUND1(C, D, A, B, F2, 13, in(11), 2); \
sROUND1(B, C, D, A, F2, 12, in( 8), 2); \
\
sROUND1(A, B, C, D, F3, 11, in( 3), 3); \
sROUND1(D, A, B, C, F3, 13, in(10), 3); \
sROUND1(C, D, A, B, F3, 6, in(14), 3); \
sROUND1(B, C, D, A, F3, 7, in( 4), 3); \
sROUND1(A, B, C, D, F3, 14, in( 9), 3); \
sROUND1(D, A, B, C, F3, 9, in(15), 3); \
sROUND1(C, D, A, B, F3, 13, in( 8), 3); \
sROUND1(B, C, D, A, F3, 15, in( 1), 3); \
sROUND1(A, B, C, D, F3, 14, in( 2), 3); \
sROUND1(D, A, B, C, F3, 8, in( 7), 3); \
sROUND1(C, D, A, B, F3, 13, in( 0), 3); \
sROUND1(B, C, D, A, F3, 6, in( 6), 3); \
sROUND1(A, B, C, D, F3, 5, in(13), 3); \
sROUND1(D, A, B, C, F3, 12, in(11), 3); \
sROUND1(C, D, A, B, F3, 7, in( 5), 3); \
sROUND1(B, C, D, A, F3, 5, in(12), 3); \
\
sROUND1(A, B, C, D, F4, 11, in( 1), 4); \
sROUND1(D, A, B, C, F4, 12, in( 9), 4); \
sROUND1(C, D, A, B, F4, 14, in(11), 4); \
sROUND1(B, C, D, A, F4, 15, in(10), 4); \
sROUND1(A, B, C, D, F4, 14, in( 0), 4); \
sROUND1(D, A, B, C, F4, 15, in( 8), 4); \
sROUND1(C, D, A, B, F4, 9, in(12), 4); \
sROUND1(B, C, D, A, F4, 8, in( 4), 4); \
sROUND1(A, B, C, D, F4, 9, in(13), 4); \
sROUND1(D, A, B, C, F4, 14, in( 3), 4); \
sROUND1(C, D, A, B, F4, 5, in( 7), 4); \
sROUND1(B, C, D, A, F4, 6, in(15), 4); \
sROUND1(A, B, C, D, F4, 8, in(14), 4); \
sROUND1(D, A, B, C, F4, 6, in( 5), 4); \
sROUND1(C, D, A, B, F4, 5, in( 6), 4); \
sROUND1(B, C, D, A, F4, 12, in( 2), 4); \
\
sROUND2(A, B, C, D, F4, 8, in( 5), 1); \
sROUND2(D, A, B, C, F4, 9, in(14), 1); \
sROUND2(C, D, A, B, F4, 9, in( 7), 1); \
sROUND2(B, C, D, A, F4, 11, in( 0), 1); \
sROUND2(A, B, C, D, F4, 13, in( 9), 1); \
sROUND2(D, A, B, C, F4, 15, in( 2), 1); \
sROUND2(C, D, A, B, F4, 15, in(11), 1); \
sROUND2(B, C, D, A, F4, 5, in( 4), 1); \
sROUND2(A, B, C, D, F4, 7, in(13), 1); \
sROUND2(D, A, B, C, F4, 7, in( 6), 1); \
sROUND2(C, D, A, B, F4, 8, in(15), 1); \
sROUND2(B, C, D, A, F4, 11, in( 8), 1); \
sROUND2(A, B, C, D, F4, 14, in( 1), 1); \
sROUND2(D, A, B, C, F4, 14, in(10), 1); \
sROUND2(C, D, A, B, F4, 12, in( 3), 1); \
sROUND2(B, C, D, A, F4, 6, in(12), 1); \
\
sROUND2(A, B, C, D, F3, 9, in( 6), 2); \
sROUND2(D, A, B, C, F3, 13, in(11), 2); \
sROUND2(C, D, A, B, F3, 15, in( 3), 2); \
sROUND2(B, C, D, A, F3, 7, in( 7), 2); \
sROUND2(A, B, C, D, F3, 12, in( 0), 2); \
sROUND2(D, A, B, C, F3, 8, in(13), 2); \
sROUND2(C, D, A, B, F3, 9, in( 5), 2); \
sROUND2(B, C, D, A, F3, 11, in(10), 2); \
sROUND2(A, B, C, D, F3, 7, in(14), 2); \
sROUND2(D, A, B, C, F3, 7, in(15), 2); \
sROUND2(C, D, A, B, F3, 12, in( 8), 2); \
sROUND2(B, C, D, A, F3, 7, in(12), 2); \
sROUND2(A, B, C, D, F3, 6, in( 4), 2); \
sROUND2(D, A, B, C, F3, 15, in( 9), 2); \
sROUND2(C, D, A, B, F3, 13, in( 1), 2); \
sROUND2(B, C, D, A, F3, 11, in( 2), 2); \
\
sROUND2(A, B, C, D, F2, 9, in(15), 3); \
sROUND2(D, A, B, C, F2, 7, in( 5), 3); \
sROUND2(C, D, A, B, F2, 15, in( 1), 3); \
sROUND2(B, C, D, A, F2, 11, in( 3), 3); \
sROUND2(A, B, C, D, F2, 8, in( 7), 3); \
sROUND2(D, A, B, C, F2, 6, in(14), 3); \
sROUND2(C, D, A, B, F2, 6, in( 6), 3); \
sROUND2(B, C, D, A, F2, 14, in( 9), 3); \
sROUND2(A, B, C, D, F2, 12, in(11), 3); \
sROUND2(D, A, B, C, F2, 13, in( 8), 3); \
sROUND2(C, D, A, B, F2, 5, in(12), 3); \
sROUND2(B, C, D, A, F2, 14, in( 2), 3); \
sROUND2(A, B, C, D, F2, 13, in(10), 3); \
sROUND2(D, A, B, C, F2, 13, in( 0), 3); \
sROUND2(C, D, A, B, F2, 7, in( 4), 3); \
sROUND2(B, C, D, A, F2, 5, in(13), 3); \
\
sROUND2(A, B, C, D, F1, 15, in( 8), 4); \
sROUND2(D, A, B, C, F1, 5, in( 6), 4); \
sROUND2(C, D, A, B, F1, 8, in( 4), 4); \
sROUND2(B, C, D, A, F1, 11, in( 1), 4); \
sROUND2(A, B, C, D, F1, 14, in( 3), 4); \
sROUND2(D, A, B, C, F1, 14, in(11), 4); \
sROUND2(C, D, A, B, F1, 6, in(15), 4); \
sROUND2(B, C, D, A, F1, 14, in( 0), 4); \
sROUND2(A, B, C, D, F1, 6, in( 5), 4); \
sROUND2(D, A, B, C, F1, 9, in(12), 4); \
sROUND2(C, D, A, B, F1, 12, in( 2), 4); \
sROUND2(B, C, D, A, F1, 9, in(13), 4); \
sROUND2(A, B, C, D, F1, 12, in( 9), 4); \
sROUND2(D, A, B, C, F1, 5, in( 7), 4); \
sROUND2(C, D, A, B, F1, 15, in(10), 4); \
sROUND2(B, C, D, A, F1, 8, in(14), 4); \
\
tmp = SPH_T32((h)[1] + C1 + D2); \
(h)[1] = SPH_T32((h)[2] + D1 + A2); \
(h)[2] = SPH_T32((h)[3] + A1 + B2); \
(h)[3] = SPH_T32((h)[0] + B1 + C2); \
(h)[0] = tmp; \
} while (0)
/*
* One round of RIPEMD-128. The data must be aligned for 32-bit access.
*/
static void
ripemd128_round(const unsigned char *data, sph_u32 r[5])
{
#if SPH_LITTLE_FAST
#define RIPEMD128_IN(x) sph_dec32le_aligned(data + (4 * (x)))
#else
sph_u32 X_var[16];
int i;
for (i = 0; i < 16; i ++)
X_var[i] = sph_dec32le_aligned(data + 4 * i);
#define RIPEMD128_IN(x) X_var[x]
#endif
RIPEMD128_ROUND_BODY(RIPEMD128_IN, r);
#undef RIPEMD128_IN
}
/* see sph_ripemd.h */
void
sph_ripemd128_init(void *cc)
{
sph_ripemd128_context *sc;
sc = (sph_ripemd128_context*)cc;
memcpy(sc->val, IV, sizeof sc->val);
#if SPH_64
sc->count = 0;
#else
sc->count_high = sc->count_low = 0;
#endif
}
#define RFUN ripemd128_round
#define HASH ripemd128
#define LE32 1
#include "md_helper.c"
#undef RFUN
#undef HASH
#undef LE32
/* see sph_ripemd.h */
void
sph_ripemd128_close(void *cc, void *dst)
{
ripemd128_close(cc, dst, 4);
sph_ripemd128_init(cc);
}
/* see sph_ripemd.h */
void
sph_ripemd128_comp(const sph_u32 msg[16], sph_u32 val[4])
{
#define RIPEMD128_IN(x) msg[x]
RIPEMD128_ROUND_BODY(RIPEMD128_IN, val);
#undef RIPEMD128_IN
}
/* ===================================================================== */
/*
* RIPEMD-160.
*/
/*
* Round constants for RIPEMD-160.
*/
#define K11 SPH_C32(0x00000000)
#define K12 SPH_C32(0x5A827999)
#define K13 SPH_C32(0x6ED9EBA1)
#define K14 SPH_C32(0x8F1BBCDC)
#define K15 SPH_C32(0xA953FD4E)
#define K21 SPH_C32(0x50A28BE6)
#define K22 SPH_C32(0x5C4DD124)
#define K23 SPH_C32(0x6D703EF3)
#define K24 SPH_C32(0x7A6D76E9)
#define K25 SPH_C32(0x00000000)
#define RR(a, b, c, d, e, f, s, r, k) do { \
a = SPH_T32(ROTL(SPH_T32(a + f(b, c, d) + r + k), s) + e); \
c = ROTL(c, 10); \
} while (0)
#define ROUND1(a, b, c, d, e, f, s, r, k) \
RR(a ## 1, b ## 1, c ## 1, d ## 1, e ## 1, f, s, r, K1 ## k)
#define ROUND2(a, b, c, d, e, f, s, r, k) \
RR(a ## 2, b ## 2, c ## 2, d ## 2, e ## 2, f, s, r, K2 ## k)
/*
* This macro defines the body for a RIPEMD-160 compression function
* implementation. The "in" parameter should evaluate, when applied to a
* numerical input parameter from 0 to 15, to an expression which yields
* the corresponding input block. The "h" parameter should evaluate to
* an array or pointer expression designating the array of 5 words which
* contains the input and output of the compression function.
*/
#define RIPEMD160_ROUND_BODY(in, h) do { \
sph_u32 A1, B1, C1, D1, E1; \
sph_u32 A2, B2, C2, D2, E2; \
sph_u32 tmp; \
\
A1 = A2 = (h)[0]; \
B1 = B2 = (h)[1]; \
C1 = C2 = (h)[2]; \
D1 = D2 = (h)[3]; \
E1 = E2 = (h)[4]; \
\
ROUND1(A, B, C, D, E, F1, 11, in( 0), 1); \
ROUND1(E, A, B, C, D, F1, 14, in( 1), 1); \
ROUND1(D, E, A, B, C, F1, 15, in( 2), 1); \
ROUND1(C, D, E, A, B, F1, 12, in( 3), 1); \
ROUND1(B, C, D, E, A, F1, 5, in( 4), 1); \
ROUND1(A, B, C, D, E, F1, 8, in( 5), 1); \
ROUND1(E, A, B, C, D, F1, 7, in( 6), 1); \
ROUND1(D, E, A, B, C, F1, 9, in( 7), 1); \
ROUND1(C, D, E, A, B, F1, 11, in( 8), 1); \
ROUND1(B, C, D, E, A, F1, 13, in( 9), 1); \
ROUND1(A, B, C, D, E, F1, 14, in(10), 1); \
ROUND1(E, A, B, C, D, F1, 15, in(11), 1); \
ROUND1(D, E, A, B, C, F1, 6, in(12), 1); \
ROUND1(C, D, E, A, B, F1, 7, in(13), 1); \
ROUND1(B, C, D, E, A, F1, 9, in(14), 1); \
ROUND1(A, B, C, D, E, F1, 8, in(15), 1); \
\
ROUND1(E, A, B, C, D, F2, 7, in( 7), 2); \
ROUND1(D, E, A, B, C, F2, 6, in( 4), 2); \
ROUND1(C, D, E, A, B, F2, 8, in(13), 2); \
ROUND1(B, C, D, E, A, F2, 13, in( 1), 2); \
ROUND1(A, B, C, D, E, F2, 11, in(10), 2); \
ROUND1(E, A, B, C, D, F2, 9, in( 6), 2); \
ROUND1(D, E, A, B, C, F2, 7, in(15), 2); \
ROUND1(C, D, E, A, B, F2, 15, in( 3), 2); \
ROUND1(B, C, D, E, A, F2, 7, in(12), 2); \
ROUND1(A, B, C, D, E, F2, 12, in( 0), 2); \
ROUND1(E, A, B, C, D, F2, 15, in( 9), 2); \
ROUND1(D, E, A, B, C, F2, 9, in( 5), 2); \
ROUND1(C, D, E, A, B, F2, 11, in( 2), 2); \
ROUND1(B, C, D, E, A, F2, 7, in(14), 2); \
ROUND1(A, B, C, D, E, F2, 13, in(11), 2); \
ROUND1(E, A, B, C, D, F2, 12, in( 8), 2); \
\
ROUND1(D, E, A, B, C, F3, 11, in( 3), 3); \
ROUND1(C, D, E, A, B, F3, 13, in(10), 3); \
ROUND1(B, C, D, E, A, F3, 6, in(14), 3); \
ROUND1(A, B, C, D, E, F3, 7, in( 4), 3); \
ROUND1(E, A, B, C, D, F3, 14, in( 9), 3); \
ROUND1(D, E, A, B, C, F3, 9, in(15), 3); \
ROUND1(C, D, E, A, B, F3, 13, in( 8), 3); \
ROUND1(B, C, D, E, A, F3, 15, in( 1), 3); \
ROUND1(A, B, C, D, E, F3, 14, in( 2), 3); \
ROUND1(E, A, B, C, D, F3, 8, in( 7), 3); \
ROUND1(D, E, A, B, C, F3, 13, in( 0), 3); \
ROUND1(C, D, E, A, B, F3, 6, in( 6), 3); \
ROUND1(B, C, D, E, A, F3, 5, in(13), 3); \
ROUND1(A, B, C, D, E, F3, 12, in(11), 3); \
ROUND1(E, A, B, C, D, F3, 7, in( 5), 3); \
ROUND1(D, E, A, B, C, F3, 5, in(12), 3); \
\
ROUND1(C, D, E, A, B, F4, 11, in( 1), 4); \
ROUND1(B, C, D, E, A, F4, 12, in( 9), 4); \
ROUND1(A, B, C, D, E, F4, 14, in(11), 4); \
ROUND1(E, A, B, C, D, F4, 15, in(10), 4); \
ROUND1(D, E, A, B, C, F4, 14, in( 0), 4); \
ROUND1(C, D, E, A, B, F4, 15, in( 8), 4); \
ROUND1(B, C, D, E, A, F4, 9, in(12), 4); \
ROUND1(A, B, C, D, E, F4, 8, in( 4), 4); \
ROUND1(E, A, B, C, D, F4, 9, in(13), 4); \
ROUND1(D, E, A, B, C, F4, 14, in( 3), 4); \
ROUND1(C, D, E, A, B, F4, 5, in( 7), 4); \
ROUND1(B, C, D, E, A, F4, 6, in(15), 4); \
ROUND1(A, B, C, D, E, F4, 8, in(14), 4); \
ROUND1(E, A, B, C, D, F4, 6, in( 5), 4); \
ROUND1(D, E, A, B, C, F4, 5, in( 6), 4); \
ROUND1(C, D, E, A, B, F4, 12, in( 2), 4); \
\
ROUND1(B, C, D, E, A, F5, 9, in( 4), 5); \
ROUND1(A, B, C, D, E, F5, 15, in( 0), 5); \
ROUND1(E, A, B, C, D, F5, 5, in( 5), 5); \
ROUND1(D, E, A, B, C, F5, 11, in( 9), 5); \
ROUND1(C, D, E, A, B, F5, 6, in( 7), 5); \
ROUND1(B, C, D, E, A, F5, 8, in(12), 5); \
ROUND1(A, B, C, D, E, F5, 13, in( 2), 5); \
ROUND1(E, A, B, C, D, F5, 12, in(10), 5); \
ROUND1(D, E, A, B, C, F5, 5, in(14), 5); \
ROUND1(C, D, E, A, B, F5, 12, in( 1), 5); \
ROUND1(B, C, D, E, A, F5, 13, in( 3), 5); \
ROUND1(A, B, C, D, E, F5, 14, in( 8), 5); \
ROUND1(E, A, B, C, D, F5, 11, in(11), 5); \
ROUND1(D, E, A, B, C, F5, 8, in( 6), 5); \
ROUND1(C, D, E, A, B, F5, 5, in(15), 5); \
ROUND1(B, C, D, E, A, F5, 6, in(13), 5); \
\
ROUND2(A, B, C, D, E, F5, 8, in( 5), 1); \
ROUND2(E, A, B, C, D, F5, 9, in(14), 1); \
ROUND2(D, E, A, B, C, F5, 9, in( 7), 1); \
ROUND2(C, D, E, A, B, F5, 11, in( 0), 1); \
ROUND2(B, C, D, E, A, F5, 13, in( 9), 1); \
ROUND2(A, B, C, D, E, F5, 15, in( 2), 1); \
ROUND2(E, A, B, C, D, F5, 15, in(11), 1); \
ROUND2(D, E, A, B, C, F5, 5, in( 4), 1); \
ROUND2(C, D, E, A, B, F5, 7, in(13), 1); \
ROUND2(B, C, D, E, A, F5, 7, in( 6), 1); \
ROUND2(A, B, C, D, E, F5, 8, in(15), 1); \
ROUND2(E, A, B, C, D, F5, 11, in( 8), 1); \
ROUND2(D, E, A, B, C, F5, 14, in( 1), 1); \
ROUND2(C, D, E, A, B, F5, 14, in(10), 1); \
ROUND2(B, C, D, E, A, F5, 12, in( 3), 1); \
ROUND2(A, B, C, D, E, F5, 6, in(12), 1); \
\
ROUND2(E, A, B, C, D, F4, 9, in( 6), 2); \
ROUND2(D, E, A, B, C, F4, 13, in(11), 2); \
ROUND2(C, D, E, A, B, F4, 15, in( 3), 2); \
ROUND2(B, C, D, E, A, F4, 7, in( 7), 2); \
ROUND2(A, B, C, D, E, F4, 12, in( 0), 2); \
ROUND2(E, A, B, C, D, F4, 8, in(13), 2); \
ROUND2(D, E, A, B, C, F4, 9, in( 5), 2); \
ROUND2(C, D, E, A, B, F4, 11, in(10), 2); \
ROUND2(B, C, D, E, A, F4, 7, in(14), 2); \
ROUND2(A, B, C, D, E, F4, 7, in(15), 2); \
ROUND2(E, A, B, C, D, F4, 12, in( 8), 2); \
ROUND2(D, E, A, B, C, F4, 7, in(12), 2); \
ROUND2(C, D, E, A, B, F4, 6, in( 4), 2); \
ROUND2(B, C, D, E, A, F4, 15, in( 9), 2); \
ROUND2(A, B, C, D, E, F4, 13, in( 1), 2); \
ROUND2(E, A, B, C, D, F4, 11, in( 2), 2); \
\
ROUND2(D, E, A, B, C, F3, 9, in(15), 3); \
ROUND2(C, D, E, A, B, F3, 7, in( 5), 3); \
ROUND2(B, C, D, E, A, F3, 15, in( 1), 3); \
ROUND2(A, B, C, D, E, F3, 11, in( 3), 3); \
ROUND2(E, A, B, C, D, F3, 8, in( 7), 3); \
ROUND2(D, E, A, B, C, F3, 6, in(14), 3); \
ROUND2(C, D, E, A, B, F3, 6, in( 6), 3); \
ROUND2(B, C, D, E, A, F3, 14, in( 9), 3); \
ROUND2(A, B, C, D, E, F3, 12, in(11), 3); \
ROUND2(E, A, B, C, D, F3, 13, in( 8), 3); \
ROUND2(D, E, A, B, C, F3, 5, in(12), 3); \
ROUND2(C, D, E, A, B, F3, 14, in( 2), 3); \
ROUND2(B, C, D, E, A, F3, 13, in(10), 3); \
ROUND2(A, B, C, D, E, F3, 13, in( 0), 3); \
ROUND2(E, A, B, C, D, F3, 7, in( 4), 3); \
ROUND2(D, E, A, B, C, F3, 5, in(13), 3); \
\
ROUND2(C, D, E, A, B, F2, 15, in( 8), 4); \
ROUND2(B, C, D, E, A, F2, 5, in( 6), 4); \
ROUND2(A, B, C, D, E, F2, 8, in( 4), 4); \
ROUND2(E, A, B, C, D, F2, 11, in( 1), 4); \
ROUND2(D, E, A, B, C, F2, 14, in( 3), 4); \
ROUND2(C, D, E, A, B, F2, 14, in(11), 4); \
ROUND2(B, C, D, E, A, F2, 6, in(15), 4); \
ROUND2(A, B, C, D, E, F2, 14, in( 0), 4); \
ROUND2(E, A, B, C, D, F2, 6, in( 5), 4); \
ROUND2(D, E, A, B, C, F2, 9, in(12), 4); \
ROUND2(C, D, E, A, B, F2, 12, in( 2), 4); \
ROUND2(B, C, D, E, A, F2, 9, in(13), 4); \
ROUND2(A, B, C, D, E, F2, 12, in( 9), 4); \
ROUND2(E, A, B, C, D, F2, 5, in( 7), 4); \
ROUND2(D, E, A, B, C, F2, 15, in(10), 4); \
ROUND2(C, D, E, A, B, F2, 8, in(14), 4); \
\
ROUND2(B, C, D, E, A, F1, 8, in(12), 5); \
ROUND2(A, B, C, D, E, F1, 5, in(15), 5); \
ROUND2(E, A, B, C, D, F1, 12, in(10), 5); \
ROUND2(D, E, A, B, C, F1, 9, in( 4), 5); \
ROUND2(C, D, E, A, B, F1, 12, in( 1), 5); \
ROUND2(B, C, D, E, A, F1, 5, in( 5), 5); \
ROUND2(A, B, C, D, E, F1, 14, in( 8), 5); \
ROUND2(E, A, B, C, D, F1, 6, in( 7), 5); \
ROUND2(D, E, A, B, C, F1, 8, in( 6), 5); \
ROUND2(C, D, E, A, B, F1, 13, in( 2), 5); \
ROUND2(B, C, D, E, A, F1, 6, in(13), 5); \
ROUND2(A, B, C, D, E, F1, 5, in(14), 5); \
ROUND2(E, A, B, C, D, F1, 15, in( 0), 5); \
ROUND2(D, E, A, B, C, F1, 13, in( 3), 5); \
ROUND2(C, D, E, A, B, F1, 11, in( 9), 5); \
ROUND2(B, C, D, E, A, F1, 11, in(11), 5); \
\
tmp = SPH_T32((h)[1] + C1 + D2); \
(h)[1] = SPH_T32((h)[2] + D1 + E2); \
(h)[2] = SPH_T32((h)[3] + E1 + A2); \
(h)[3] = SPH_T32((h)[4] + A1 + B2); \
(h)[4] = SPH_T32((h)[0] + B1 + C2); \
(h)[0] = tmp; \
} while (0)
/*
* One round of RIPEMD-160. The data must be aligned for 32-bit access.
*/
static void
ripemd160_round(const unsigned char *data, sph_u32 r[5])
{
#if SPH_LITTLE_FAST
#define RIPEMD160_IN(x) sph_dec32le_aligned(data + (4 * (x)))
#else
sph_u32 X_var[16];
int i;
for (i = 0; i < 16; i ++)
X_var[i] = sph_dec32le_aligned(data + 4 * i);
#define RIPEMD160_IN(x) X_var[x]
#endif
RIPEMD160_ROUND_BODY(RIPEMD160_IN, r);
#undef RIPEMD160_IN
}
/* see sph_ripemd.h */
void
sph_ripemd160_init(void *cc)
{
sph_ripemd160_context *sc;
sc = (sph_ripemd160_context*)cc;
memcpy(sc->val, IV, sizeof sc->val);
#if SPH_64
sc->count = 0;
#else
sc->count_high = sc->count_low = 0;
#endif
}
#define RFUN ripemd160_round
#define HASH ripemd160
#define LE32 1
#include "md_helper.c"
#undef RFUN
#undef HASH
#undef LE32
/* see sph_ripemd.h */
void
sph_ripemd160_close(void *cc, void *dst)
{
ripemd160_close(cc, dst, 5);
sph_ripemd160_init(cc);
}
/* see sph_ripemd.h */
void
sph_ripemd160_comp(const sph_u32 msg[16], sph_u32 val[5])
{
#define RIPEMD160_IN(x) msg[x]
RIPEMD160_ROUND_BODY(RIPEMD160_IN, val);
#undef RIPEMD160_IN
}

274
stratum/sha3/sph_ripemd.h Normal file
View file

@ -0,0 +1,274 @@
/* $Id: sph_ripemd.h 216 2010-06-08 09:46:57Z tp $ */
/**
* RIPEMD, RIPEMD-128 and RIPEMD-160 interface.
*
* RIPEMD was first described in: Research and Development in Advanced
* Communication Technologies in Europe, "RIPE Integrity Primitives:
* Final Report of RACE Integrity Primitives Evaluation (R1040)", RACE,
* June 1992.
*
* A new, strengthened version, dubbed RIPEMD-160, was published in: H.
* Dobbertin, A. Bosselaers, and B. Preneel, "RIPEMD-160, a strengthened
* version of RIPEMD", Fast Software Encryption - FSE'96, LNCS 1039,
* Springer (1996), pp. 71--82.
*
* This article describes both RIPEMD-160, with a 160-bit output, and a
* reduced version called RIPEMD-128, which has a 128-bit output. RIPEMD-128
* was meant as a "drop-in" replacement for any hash function with 128-bit
* output, especially the original RIPEMD.
*
* @warning Collisions, and an efficient method to build other collisions,
* have been published for the original RIPEMD, which is thus considered as
* cryptographically broken. It is also very rarely encountered, and there
* seems to exist no free description or implementation of RIPEMD (except
* the sphlib code, of course). As of january 2007, RIPEMD-128 and RIPEMD-160
* seem as secure as their output length allows.
*
* ==========================(LICENSE BEGIN)============================
*
* Copyright (c) 2007-2010 Projet RNRT SAPHIR
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*
* ===========================(LICENSE END)=============================
*
* @file sph_ripemd.h
* @author Thomas Pornin <thomas.pornin@cryptolog.com>
*/
#ifndef SPH_RIPEMD_H__
#define SPH_RIPEMD_H__
#include <stddef.h>
#include "sph_types.h"
/**
* Output size (in bits) for RIPEMD.
*/
#define SPH_SIZE_ripemd 128
/**
* Output size (in bits) for RIPEMD-128.
*/
#define SPH_SIZE_ripemd128 128
/**
* Output size (in bits) for RIPEMD-160.
*/
#define SPH_SIZE_ripemd160 160
/**
* This structure is a context for RIPEMD computations: it contains the
* intermediate values and some data from the last entered block. Once
* a RIPEMD computation has been performed, the context can be reused for
* another computation.
*
* The contents of this structure are private. A running RIPEMD computation
* can be cloned by copying the context (e.g. with a simple
* <code>memcpy()</code>).
*/
typedef struct {
#ifndef DOXYGEN_IGNORE
unsigned char buf[64]; /* first field, for alignment */
sph_u32 val[4];
#if SPH_64
sph_u64 count;
#else
sph_u32 count_high, count_low;
#endif
#endif
} sph_ripemd_context;
/**
* Initialize a RIPEMD context. This process performs no memory allocation.
*
* @param cc the RIPEMD context (pointer to
* a <code>sph_ripemd_context</code>)
*/
void sph_ripemd_init(void *cc);
/**
* Process some data bytes. It is acceptable that <code>len</code> is zero
* (in which case this function does nothing).
*
* @param cc the RIPEMD context
* @param data the input data
* @param len the input data length (in bytes)
*/
void sph_ripemd(void *cc, const void *data, size_t len);
/**
* Terminate the current RIPEMD computation and output the result into the
* provided buffer. The destination buffer must be wide enough to
* accomodate the result (16 bytes). The context is automatically
* reinitialized.
*
* @param cc the RIPEMD context
* @param dst the destination buffer
*/
void sph_ripemd_close(void *cc, void *dst);
/**
* Apply the RIPEMD compression function on the provided data. The
* <code>msg</code> parameter contains the 16 32-bit input blocks,
* as numerical values (hence after the little-endian decoding). The
* <code>val</code> parameter contains the 5 32-bit input blocks for
* the compression function; the output is written in place in this
* array.
*
* @param msg the message block (16 values)
* @param val the function 128-bit input and output
*/
void sph_ripemd_comp(const sph_u32 msg[16], sph_u32 val[4]);
/* ===================================================================== */
/**
* This structure is a context for RIPEMD-128 computations: it contains the
* intermediate values and some data from the last entered block. Once
* a RIPEMD-128 computation has been performed, the context can be reused for
* another computation.
*
* The contents of this structure are private. A running RIPEMD-128 computation
* can be cloned by copying the context (e.g. with a simple
* <code>memcpy()</code>).
*/
typedef struct {
#ifndef DOXYGEN_IGNORE
unsigned char buf[64]; /* first field, for alignment */
sph_u32 val[4];
#if SPH_64
sph_u64 count;
#else
sph_u32 count_high, count_low;
#endif
#endif
} sph_ripemd128_context;
/**
* Initialize a RIPEMD-128 context. This process performs no memory allocation.
*
* @param cc the RIPEMD-128 context (pointer to
* a <code>sph_ripemd128_context</code>)
*/
void sph_ripemd128_init(void *cc);
/**
* Process some data bytes. It is acceptable that <code>len</code> is zero
* (in which case this function does nothing).
*
* @param cc the RIPEMD-128 context
* @param data the input data
* @param len the input data length (in bytes)
*/
void sph_ripemd128(void *cc, const void *data, size_t len);
/**
* Terminate the current RIPEMD-128 computation and output the result into the
* provided buffer. The destination buffer must be wide enough to
* accomodate the result (16 bytes). The context is automatically
* reinitialized.
*
* @param cc the RIPEMD-128 context
* @param dst the destination buffer
*/
void sph_ripemd128_close(void *cc, void *dst);
/**
* Apply the RIPEMD-128 compression function on the provided data. The
* <code>msg</code> parameter contains the 16 32-bit input blocks,
* as numerical values (hence after the little-endian decoding). The
* <code>val</code> parameter contains the 5 32-bit input blocks for
* the compression function; the output is written in place in this
* array.
*
* @param msg the message block (16 values)
* @param val the function 128-bit input and output
*/
void sph_ripemd128_comp(const sph_u32 msg[16], sph_u32 val[4]);
/* ===================================================================== */
/**
* This structure is a context for RIPEMD-160 computations: it contains the
* intermediate values and some data from the last entered block. Once
* a RIPEMD-160 computation has been performed, the context can be reused for
* another computation.
*
* The contents of this structure are private. A running RIPEMD-160 computation
* can be cloned by copying the context (e.g. with a simple
* <code>memcpy()</code>).
*/
typedef struct {
#ifndef DOXYGEN_IGNORE
unsigned char buf[64]; /* first field, for alignment */
sph_u32 val[5];
#if SPH_64
sph_u64 count;
#else
sph_u32 count_high, count_low;
#endif
#endif
} sph_ripemd160_context;
/**
* Initialize a RIPEMD-160 context. This process performs no memory allocation.
*
* @param cc the RIPEMD-160 context (pointer to
* a <code>sph_ripemd160_context</code>)
*/
void sph_ripemd160_init(void *cc);
/**
* Process some data bytes. It is acceptable that <code>len</code> is zero
* (in which case this function does nothing).
*
* @param cc the RIPEMD-160 context
* @param data the input data
* @param len the input data length (in bytes)
*/
void sph_ripemd160(void *cc, const void *data, size_t len);
/**
* Terminate the current RIPEMD-160 computation and output the result into the
* provided buffer. The destination buffer must be wide enough to
* accomodate the result (20 bytes). The context is automatically
* reinitialized.
*
* @param cc the RIPEMD-160 context
* @param dst the destination buffer
*/
void sph_ripemd160_close(void *cc, void *dst);
/**
* Apply the RIPEMD-160 compression function on the provided data. The
* <code>msg</code> parameter contains the 16 32-bit input blocks,
* as numerical values (hence after the little-endian decoding). The
* <code>val</code> parameter contains the 5 32-bit input blocks for
* the compression function; the output is written in place in this
* array.
*
* @param msg the message block (16 values)
* @param val the function 160-bit input and output
*/
void sph_ripemd160_comp(const sph_u32 msg[16], sph_u32 val[5]);
#endif

691
stratum/sha3/sph_sha2.c Normal file
View file

@ -0,0 +1,691 @@
/* $Id: sha2.c 227 2010-06-16 17:28:38Z tp $ */
/*
* SHA-224 / SHA-256 implementation.
*
* ==========================(LICENSE BEGIN)============================
*
* Copyright (c) 2007-2010 Projet RNRT SAPHIR
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*
* ===========================(LICENSE END)=============================
*
* @author Thomas Pornin <thomas.pornin@cryptolog.com>
*/
#include <stddef.h>
#include <string.h>
#include "sph_sha2.h"
#if SPH_SMALL_FOOTPRINT && !defined SPH_SMALL_FOOTPRINT_SHA2
#define SPH_SMALL_FOOTPRINT_SHA2 1
#endif
#define CH(X, Y, Z) ((((Y) ^ (Z)) & (X)) ^ (Z))
#define MAJ(X, Y, Z) (((Y) & (Z)) | (((Y) | (Z)) & (X)))
#define ROTR SPH_ROTR32
#define BSG2_0(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22))
#define BSG2_1(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25))
#define SSG2_0(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ SPH_T32((x) >> 3))
#define SSG2_1(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ SPH_T32((x) >> 10))
static const sph_u32 H224[8] = {
SPH_C32(0xC1059ED8), SPH_C32(0x367CD507), SPH_C32(0x3070DD17),
SPH_C32(0xF70E5939), SPH_C32(0xFFC00B31), SPH_C32(0x68581511),
SPH_C32(0x64F98FA7), SPH_C32(0xBEFA4FA4)
};
static const sph_u32 H256[8] = {
SPH_C32(0x6A09E667), SPH_C32(0xBB67AE85), SPH_C32(0x3C6EF372),
SPH_C32(0xA54FF53A), SPH_C32(0x510E527F), SPH_C32(0x9B05688C),
SPH_C32(0x1F83D9AB), SPH_C32(0x5BE0CD19)
};
/*
* The SHA2_ROUND_BODY defines the body for a SHA-224 / SHA-256
* compression function implementation. The "in" parameter should
* evaluate, when applied to a numerical input parameter from 0 to 15,
* to an expression which yields the corresponding input block. The "r"
* parameter should evaluate to an array or pointer expression
* designating the array of 8 words which contains the input and output
* of the compression function.
*/
#if SPH_SMALL_FOOTPRINT_SHA2
static const sph_u32 K[64] = {
SPH_C32(0x428A2F98), SPH_C32(0x71374491),
SPH_C32(0xB5C0FBCF), SPH_C32(0xE9B5DBA5),
SPH_C32(0x3956C25B), SPH_C32(0x59F111F1),
SPH_C32(0x923F82A4), SPH_C32(0xAB1C5ED5),
SPH_C32(0xD807AA98), SPH_C32(0x12835B01),
SPH_C32(0x243185BE), SPH_C32(0x550C7DC3),
SPH_C32(0x72BE5D74), SPH_C32(0x80DEB1FE),
SPH_C32(0x9BDC06A7), SPH_C32(0xC19BF174),
SPH_C32(0xE49B69C1), SPH_C32(0xEFBE4786),
SPH_C32(0x0FC19DC6), SPH_C32(0x240CA1CC),
SPH_C32(0x2DE92C6F), SPH_C32(0x4A7484AA),
SPH_C32(0x5CB0A9DC), SPH_C32(0x76F988DA),
SPH_C32(0x983E5152), SPH_C32(0xA831C66D),
SPH_C32(0xB00327C8), SPH_C32(0xBF597FC7),
SPH_C32(0xC6E00BF3), SPH_C32(0xD5A79147),
SPH_C32(0x06CA6351), SPH_C32(0x14292967),
SPH_C32(0x27B70A85), SPH_C32(0x2E1B2138),
SPH_C32(0x4D2C6DFC), SPH_C32(0x53380D13),
SPH_C32(0x650A7354), SPH_C32(0x766A0ABB),
SPH_C32(0x81C2C92E), SPH_C32(0x92722C85),
SPH_C32(0xA2BFE8A1), SPH_C32(0xA81A664B),
SPH_C32(0xC24B8B70), SPH_C32(0xC76C51A3),
SPH_C32(0xD192E819), SPH_C32(0xD6990624),
SPH_C32(0xF40E3585), SPH_C32(0x106AA070),
SPH_C32(0x19A4C116), SPH_C32(0x1E376C08),
SPH_C32(0x2748774C), SPH_C32(0x34B0BCB5),
SPH_C32(0x391C0CB3), SPH_C32(0x4ED8AA4A),
SPH_C32(0x5B9CCA4F), SPH_C32(0x682E6FF3),
SPH_C32(0x748F82EE), SPH_C32(0x78A5636F),
SPH_C32(0x84C87814), SPH_C32(0x8CC70208),
SPH_C32(0x90BEFFFA), SPH_C32(0xA4506CEB),
SPH_C32(0xBEF9A3F7), SPH_C32(0xC67178F2)
};
#define SHA2_MEXP1(in, pc) do { \
W[pc] = in(pc); \
} while (0)
#define SHA2_MEXP2(in, pc) do { \
W[(pc) & 0x0F] = SPH_T32(SSG2_1(W[((pc) - 2) & 0x0F]) \
+ W[((pc) - 7) & 0x0F] \
+ SSG2_0(W[((pc) - 15) & 0x0F]) + W[(pc) & 0x0F]); \
} while (0)
#define SHA2_STEPn(n, a, b, c, d, e, f, g, h, in, pc) do { \
sph_u32 t1, t2; \
SHA2_MEXP ## n(in, pc); \
t1 = SPH_T32(h + BSG2_1(e) + CH(e, f, g) \
+ K[pcount + (pc)] + W[(pc) & 0x0F]); \
t2 = SPH_T32(BSG2_0(a) + MAJ(a, b, c)); \
d = SPH_T32(d + t1); \
h = SPH_T32(t1 + t2); \
} while (0)
#define SHA2_STEP1(a, b, c, d, e, f, g, h, in, pc) \
SHA2_STEPn(1, a, b, c, d, e, f, g, h, in, pc)
#define SHA2_STEP2(a, b, c, d, e, f, g, h, in, pc) \
SHA2_STEPn(2, a, b, c, d, e, f, g, h, in, pc)
#define SHA2_ROUND_BODY(in, r) do { \
sph_u32 A, B, C, D, E, F, G, H; \
sph_u32 W[16]; \
unsigned pcount; \
\
A = (r)[0]; \
B = (r)[1]; \
C = (r)[2]; \
D = (r)[3]; \
E = (r)[4]; \
F = (r)[5]; \
G = (r)[6]; \
H = (r)[7]; \
pcount = 0; \
SHA2_STEP1(A, B, C, D, E, F, G, H, in, 0); \
SHA2_STEP1(H, A, B, C, D, E, F, G, in, 1); \
SHA2_STEP1(G, H, A, B, C, D, E, F, in, 2); \
SHA2_STEP1(F, G, H, A, B, C, D, E, in, 3); \
SHA2_STEP1(E, F, G, H, A, B, C, D, in, 4); \
SHA2_STEP1(D, E, F, G, H, A, B, C, in, 5); \
SHA2_STEP1(C, D, E, F, G, H, A, B, in, 6); \
SHA2_STEP1(B, C, D, E, F, G, H, A, in, 7); \
SHA2_STEP1(A, B, C, D, E, F, G, H, in, 8); \
SHA2_STEP1(H, A, B, C, D, E, F, G, in, 9); \
SHA2_STEP1(G, H, A, B, C, D, E, F, in, 10); \
SHA2_STEP1(F, G, H, A, B, C, D, E, in, 11); \
SHA2_STEP1(E, F, G, H, A, B, C, D, in, 12); \
SHA2_STEP1(D, E, F, G, H, A, B, C, in, 13); \
SHA2_STEP1(C, D, E, F, G, H, A, B, in, 14); \
SHA2_STEP1(B, C, D, E, F, G, H, A, in, 15); \
for (pcount = 16; pcount < 64; pcount += 16) { \
SHA2_STEP2(A, B, C, D, E, F, G, H, in, 0); \
SHA2_STEP2(H, A, B, C, D, E, F, G, in, 1); \
SHA2_STEP2(G, H, A, B, C, D, E, F, in, 2); \
SHA2_STEP2(F, G, H, A, B, C, D, E, in, 3); \
SHA2_STEP2(E, F, G, H, A, B, C, D, in, 4); \
SHA2_STEP2(D, E, F, G, H, A, B, C, in, 5); \
SHA2_STEP2(C, D, E, F, G, H, A, B, in, 6); \
SHA2_STEP2(B, C, D, E, F, G, H, A, in, 7); \
SHA2_STEP2(A, B, C, D, E, F, G, H, in, 8); \
SHA2_STEP2(H, A, B, C, D, E, F, G, in, 9); \
SHA2_STEP2(G, H, A, B, C, D, E, F, in, 10); \
SHA2_STEP2(F, G, H, A, B, C, D, E, in, 11); \
SHA2_STEP2(E, F, G, H, A, B, C, D, in, 12); \
SHA2_STEP2(D, E, F, G, H, A, B, C, in, 13); \
SHA2_STEP2(C, D, E, F, G, H, A, B, in, 14); \
SHA2_STEP2(B, C, D, E, F, G, H, A, in, 15); \
} \
(r)[0] = SPH_T32((r)[0] + A); \
(r)[1] = SPH_T32((r)[1] + B); \
(r)[2] = SPH_T32((r)[2] + C); \
(r)[3] = SPH_T32((r)[3] + D); \
(r)[4] = SPH_T32((r)[4] + E); \
(r)[5] = SPH_T32((r)[5] + F); \
(r)[6] = SPH_T32((r)[6] + G); \
(r)[7] = SPH_T32((r)[7] + H); \
} while (0)
#else
#define SHA2_ROUND_BODY(in, r) do { \
sph_u32 A, B, C, D, E, F, G, H, T1, T2; \
sph_u32 W00, W01, W02, W03, W04, W05, W06, W07; \
sph_u32 W08, W09, W10, W11, W12, W13, W14, W15; \
\
A = (r)[0]; \
B = (r)[1]; \
C = (r)[2]; \
D = (r)[3]; \
E = (r)[4]; \
F = (r)[5]; \
G = (r)[6]; \
H = (r)[7]; \
W00 = in(0); \
T1 = SPH_T32(H + BSG2_1(E) + CH(E, F, G) \
+ SPH_C32(0x428A2F98) + W00); \
T2 = SPH_T32(BSG2_0(A) + MAJ(A, B, C)); \
D = SPH_T32(D + T1); \
H = SPH_T32(T1 + T2); \
W01 = in(1); \
T1 = SPH_T32(G + BSG2_1(D) + CH(D, E, F) \
+ SPH_C32(0x71374491) + W01); \
T2 = SPH_T32(BSG2_0(H) + MAJ(H, A, B)); \
C = SPH_T32(C + T1); \
G = SPH_T32(T1 + T2); \
W02 = in(2); \
T1 = SPH_T32(F + BSG2_1(C) + CH(C, D, E) \
+ SPH_C32(0xB5C0FBCF) + W02); \
T2 = SPH_T32(BSG2_0(G) + MAJ(G, H, A)); \
B = SPH_T32(B + T1); \
F = SPH_T32(T1 + T2); \
W03 = in(3); \
T1 = SPH_T32(E + BSG2_1(B) + CH(B, C, D) \
+ SPH_C32(0xE9B5DBA5) + W03); \
T2 = SPH_T32(BSG2_0(F) + MAJ(F, G, H)); \
A = SPH_T32(A + T1); \
E = SPH_T32(T1 + T2); \
W04 = in(4); \
T1 = SPH_T32(D + BSG2_1(A) + CH(A, B, C) \
+ SPH_C32(0x3956C25B) + W04); \
T2 = SPH_T32(BSG2_0(E) + MAJ(E, F, G)); \
H = SPH_T32(H + T1); \
D = SPH_T32(T1 + T2); \
W05 = in(5); \
T1 = SPH_T32(C + BSG2_1(H) + CH(H, A, B) \
+ SPH_C32(0x59F111F1) + W05); \
T2 = SPH_T32(BSG2_0(D) + MAJ(D, E, F)); \
G = SPH_T32(G + T1); \
C = SPH_T32(T1 + T2); \
W06 = in(6); \
T1 = SPH_T32(B + BSG2_1(G) + CH(G, H, A) \
+ SPH_C32(0x923F82A4) + W06); \
T2 = SPH_T32(BSG2_0(C) + MAJ(C, D, E)); \
F = SPH_T32(F + T1); \
B = SPH_T32(T1 + T2); \
W07 = in(7); \
T1 = SPH_T32(A + BSG2_1(F) + CH(F, G, H) \
+ SPH_C32(0xAB1C5ED5) + W07); \
T2 = SPH_T32(BSG2_0(B) + MAJ(B, C, D)); \
E = SPH_T32(E + T1); \
A = SPH_T32(T1 + T2); \
W08 = in(8); \
T1 = SPH_T32(H + BSG2_1(E) + CH(E, F, G) \
+ SPH_C32(0xD807AA98) + W08); \
T2 = SPH_T32(BSG2_0(A) + MAJ(A, B, C)); \
D = SPH_T32(D + T1); \
H = SPH_T32(T1 + T2); \
W09 = in(9); \
T1 = SPH_T32(G + BSG2_1(D) + CH(D, E, F) \
+ SPH_C32(0x12835B01) + W09); \
T2 = SPH_T32(BSG2_0(H) + MAJ(H, A, B)); \
C = SPH_T32(C + T1); \
G = SPH_T32(T1 + T2); \
W10 = in(10); \
T1 = SPH_T32(F + BSG2_1(C) + CH(C, D, E) \
+ SPH_C32(0x243185BE) + W10); \
T2 = SPH_T32(BSG2_0(G) + MAJ(G, H, A)); \
B = SPH_T32(B + T1); \
F = SPH_T32(T1 + T2); \
W11 = in(11); \
T1 = SPH_T32(E + BSG2_1(B) + CH(B, C, D) \
+ SPH_C32(0x550C7DC3) + W11); \
T2 = SPH_T32(BSG2_0(F) + MAJ(F, G, H)); \
A = SPH_T32(A + T1); \
E = SPH_T32(T1 + T2); \
W12 = in(12); \
T1 = SPH_T32(D + BSG2_1(A) + CH(A, B, C) \
+ SPH_C32(0x72BE5D74) + W12); \
T2 = SPH_T32(BSG2_0(E) + MAJ(E, F, G)); \
H = SPH_T32(H + T1); \
D = SPH_T32(T1 + T2); \
W13 = in(13); \
T1 = SPH_T32(C + BSG2_1(H) + CH(H, A, B) \
+ SPH_C32(0x80DEB1FE) + W13); \
T2 = SPH_T32(BSG2_0(D) + MAJ(D, E, F)); \
G = SPH_T32(G + T1); \
C = SPH_T32(T1 + T2); \
W14 = in(14); \
T1 = SPH_T32(B + BSG2_1(G) + CH(G, H, A) \
+ SPH_C32(0x9BDC06A7) + W14); \
T2 = SPH_T32(BSG2_0(C) + MAJ(C, D, E)); \
F = SPH_T32(F + T1); \
B = SPH_T32(T1 + T2); \
W15 = in(15); \
T1 = SPH_T32(A + BSG2_1(F) + CH(F, G, H) \
+ SPH_C32(0xC19BF174) + W15); \
T2 = SPH_T32(BSG2_0(B) + MAJ(B, C, D)); \
E = SPH_T32(E + T1); \
A = SPH_T32(T1 + T2); \
W00 = SPH_T32(SSG2_1(W14) + W09 + SSG2_0(W01) + W00); \
T1 = SPH_T32(H + BSG2_1(E) + CH(E, F, G) \
+ SPH_C32(0xE49B69C1) + W00); \
T2 = SPH_T32(BSG2_0(A) + MAJ(A, B, C)); \
D = SPH_T32(D + T1); \
H = SPH_T32(T1 + T2); \
W01 = SPH_T32(SSG2_1(W15) + W10 + SSG2_0(W02) + W01); \
T1 = SPH_T32(G + BSG2_1(D) + CH(D, E, F) \
+ SPH_C32(0xEFBE4786) + W01); \
T2 = SPH_T32(BSG2_0(H) + MAJ(H, A, B)); \
C = SPH_T32(C + T1); \
G = SPH_T32(T1 + T2); \
W02 = SPH_T32(SSG2_1(W00) + W11 + SSG2_0(W03) + W02); \
T1 = SPH_T32(F + BSG2_1(C) + CH(C, D, E) \
+ SPH_C32(0x0FC19DC6) + W02); \
T2 = SPH_T32(BSG2_0(G) + MAJ(G, H, A)); \
B = SPH_T32(B + T1); \
F = SPH_T32(T1 + T2); \
W03 = SPH_T32(SSG2_1(W01) + W12 + SSG2_0(W04) + W03); \
T1 = SPH_T32(E + BSG2_1(B) + CH(B, C, D) \
+ SPH_C32(0x240CA1CC) + W03); \
T2 = SPH_T32(BSG2_0(F) + MAJ(F, G, H)); \
A = SPH_T32(A + T1); \
E = SPH_T32(T1 + T2); \
W04 = SPH_T32(SSG2_1(W02) + W13 + SSG2_0(W05) + W04); \
T1 = SPH_T32(D + BSG2_1(A) + CH(A, B, C) \
+ SPH_C32(0x2DE92C6F) + W04); \
T2 = SPH_T32(BSG2_0(E) + MAJ(E, F, G)); \
H = SPH_T32(H + T1); \
D = SPH_T32(T1 + T2); \
W05 = SPH_T32(SSG2_1(W03) + W14 + SSG2_0(W06) + W05); \
T1 = SPH_T32(C + BSG2_1(H) + CH(H, A, B) \
+ SPH_C32(0x4A7484AA) + W05); \
T2 = SPH_T32(BSG2_0(D) + MAJ(D, E, F)); \
G = SPH_T32(G + T1); \
C = SPH_T32(T1 + T2); \
W06 = SPH_T32(SSG2_1(W04) + W15 + SSG2_0(W07) + W06); \
T1 = SPH_T32(B + BSG2_1(G) + CH(G, H, A) \
+ SPH_C32(0x5CB0A9DC) + W06); \
T2 = SPH_T32(BSG2_0(C) + MAJ(C, D, E)); \
F = SPH_T32(F + T1); \
B = SPH_T32(T1 + T2); \
W07 = SPH_T32(SSG2_1(W05) + W00 + SSG2_0(W08) + W07); \
T1 = SPH_T32(A + BSG2_1(F) + CH(F, G, H) \
+ SPH_C32(0x76F988DA) + W07); \
T2 = SPH_T32(BSG2_0(B) + MAJ(B, C, D)); \
E = SPH_T32(E + T1); \
A = SPH_T32(T1 + T2); \
W08 = SPH_T32(SSG2_1(W06) + W01 + SSG2_0(W09) + W08); \
T1 = SPH_T32(H + BSG2_1(E) + CH(E, F, G) \
+ SPH_C32(0x983E5152) + W08); \
T2 = SPH_T32(BSG2_0(A) + MAJ(A, B, C)); \
D = SPH_T32(D + T1); \
H = SPH_T32(T1 + T2); \
W09 = SPH_T32(SSG2_1(W07) + W02 + SSG2_0(W10) + W09); \
T1 = SPH_T32(G + BSG2_1(D) + CH(D, E, F) \
+ SPH_C32(0xA831C66D) + W09); \
T2 = SPH_T32(BSG2_0(H) + MAJ(H, A, B)); \
C = SPH_T32(C + T1); \
G = SPH_T32(T1 + T2); \
W10 = SPH_T32(SSG2_1(W08) + W03 + SSG2_0(W11) + W10); \
T1 = SPH_T32(F + BSG2_1(C) + CH(C, D, E) \
+ SPH_C32(0xB00327C8) + W10); \
T2 = SPH_T32(BSG2_0(G) + MAJ(G, H, A)); \
B = SPH_T32(B + T1); \
F = SPH_T32(T1 + T2); \
W11 = SPH_T32(SSG2_1(W09) + W04 + SSG2_0(W12) + W11); \
T1 = SPH_T32(E + BSG2_1(B) + CH(B, C, D) \
+ SPH_C32(0xBF597FC7) + W11); \
T2 = SPH_T32(BSG2_0(F) + MAJ(F, G, H)); \
A = SPH_T32(A + T1); \
E = SPH_T32(T1 + T2); \
W12 = SPH_T32(SSG2_1(W10) + W05 + SSG2_0(W13) + W12); \
T1 = SPH_T32(D + BSG2_1(A) + CH(A, B, C) \
+ SPH_C32(0xC6E00BF3) + W12); \
T2 = SPH_T32(BSG2_0(E) + MAJ(E, F, G)); \
H = SPH_T32(H + T1); \
D = SPH_T32(T1 + T2); \
W13 = SPH_T32(SSG2_1(W11) + W06 + SSG2_0(W14) + W13); \
T1 = SPH_T32(C + BSG2_1(H) + CH(H, A, B) \
+ SPH_C32(0xD5A79147) + W13); \
T2 = SPH_T32(BSG2_0(D) + MAJ(D, E, F)); \
G = SPH_T32(G + T1); \
C = SPH_T32(T1 + T2); \
W14 = SPH_T32(SSG2_1(W12) + W07 + SSG2_0(W15) + W14); \
T1 = SPH_T32(B + BSG2_1(G) + CH(G, H, A) \
+ SPH_C32(0x06CA6351) + W14); \
T2 = SPH_T32(BSG2_0(C) + MAJ(C, D, E)); \
F = SPH_T32(F + T1); \
B = SPH_T32(T1 + T2); \
W15 = SPH_T32(SSG2_1(W13) + W08 + SSG2_0(W00) + W15); \
T1 = SPH_T32(A + BSG2_1(F) + CH(F, G, H) \
+ SPH_C32(0x14292967) + W15); \
T2 = SPH_T32(BSG2_0(B) + MAJ(B, C, D)); \
E = SPH_T32(E + T1); \
A = SPH_T32(T1 + T2); \
W00 = SPH_T32(SSG2_1(W14) + W09 + SSG2_0(W01) + W00); \
T1 = SPH_T32(H + BSG2_1(E) + CH(E, F, G) \
+ SPH_C32(0x27B70A85) + W00); \
T2 = SPH_T32(BSG2_0(A) + MAJ(A, B, C)); \
D = SPH_T32(D + T1); \
H = SPH_T32(T1 + T2); \
W01 = SPH_T32(SSG2_1(W15) + W10 + SSG2_0(W02) + W01); \
T1 = SPH_T32(G + BSG2_1(D) + CH(D, E, F) \
+ SPH_C32(0x2E1B2138) + W01); \
T2 = SPH_T32(BSG2_0(H) + MAJ(H, A, B)); \
C = SPH_T32(C + T1); \
G = SPH_T32(T1 + T2); \
W02 = SPH_T32(SSG2_1(W00) + W11 + SSG2_0(W03) + W02); \
T1 = SPH_T32(F + BSG2_1(C) + CH(C, D, E) \
+ SPH_C32(0x4D2C6DFC) + W02); \
T2 = SPH_T32(BSG2_0(G) + MAJ(G, H, A)); \
B = SPH_T32(B + T1); \
F = SPH_T32(T1 + T2); \
W03 = SPH_T32(SSG2_1(W01) + W12 + SSG2_0(W04) + W03); \
T1 = SPH_T32(E + BSG2_1(B) + CH(B, C, D) \
+ SPH_C32(0x53380D13) + W03); \
T2 = SPH_T32(BSG2_0(F) + MAJ(F, G, H)); \
A = SPH_T32(A + T1); \
E = SPH_T32(T1 + T2); \
W04 = SPH_T32(SSG2_1(W02) + W13 + SSG2_0(W05) + W04); \
T1 = SPH_T32(D + BSG2_1(A) + CH(A, B, C) \
+ SPH_C32(0x650A7354) + W04); \
T2 = SPH_T32(BSG2_0(E) + MAJ(E, F, G)); \
H = SPH_T32(H + T1); \
D = SPH_T32(T1 + T2); \
W05 = SPH_T32(SSG2_1(W03) + W14 + SSG2_0(W06) + W05); \
T1 = SPH_T32(C + BSG2_1(H) + CH(H, A, B) \
+ SPH_C32(0x766A0ABB) + W05); \
T2 = SPH_T32(BSG2_0(D) + MAJ(D, E, F)); \
G = SPH_T32(G + T1); \
C = SPH_T32(T1 + T2); \
W06 = SPH_T32(SSG2_1(W04) + W15 + SSG2_0(W07) + W06); \
T1 = SPH_T32(B + BSG2_1(G) + CH(G, H, A) \
+ SPH_C32(0x81C2C92E) + W06); \
T2 = SPH_T32(BSG2_0(C) + MAJ(C, D, E)); \
F = SPH_T32(F + T1); \
B = SPH_T32(T1 + T2); \
W07 = SPH_T32(SSG2_1(W05) + W00 + SSG2_0(W08) + W07); \
T1 = SPH_T32(A + BSG2_1(F) + CH(F, G, H) \
+ SPH_C32(0x92722C85) + W07); \
T2 = SPH_T32(BSG2_0(B) + MAJ(B, C, D)); \
E = SPH_T32(E + T1); \
A = SPH_T32(T1 + T2); \
W08 = SPH_T32(SSG2_1(W06) + W01 + SSG2_0(W09) + W08); \
T1 = SPH_T32(H + BSG2_1(E) + CH(E, F, G) \
+ SPH_C32(0xA2BFE8A1) + W08); \
T2 = SPH_T32(BSG2_0(A) + MAJ(A, B, C)); \
D = SPH_T32(D + T1); \
H = SPH_T32(T1 + T2); \
W09 = SPH_T32(SSG2_1(W07) + W02 + SSG2_0(W10) + W09); \
T1 = SPH_T32(G + BSG2_1(D) + CH(D, E, F) \
+ SPH_C32(0xA81A664B) + W09); \
T2 = SPH_T32(BSG2_0(H) + MAJ(H, A, B)); \
C = SPH_T32(C + T1); \
G = SPH_T32(T1 + T2); \
W10 = SPH_T32(SSG2_1(W08) + W03 + SSG2_0(W11) + W10); \
T1 = SPH_T32(F + BSG2_1(C) + CH(C, D, E) \
+ SPH_C32(0xC24B8B70) + W10); \
T2 = SPH_T32(BSG2_0(G) + MAJ(G, H, A)); \
B = SPH_T32(B + T1); \
F = SPH_T32(T1 + T2); \
W11 = SPH_T32(SSG2_1(W09) + W04 + SSG2_0(W12) + W11); \
T1 = SPH_T32(E + BSG2_1(B) + CH(B, C, D) \
+ SPH_C32(0xC76C51A3) + W11); \
T2 = SPH_T32(BSG2_0(F) + MAJ(F, G, H)); \
A = SPH_T32(A + T1); \
E = SPH_T32(T1 + T2); \
W12 = SPH_T32(SSG2_1(W10) + W05 + SSG2_0(W13) + W12); \
T1 = SPH_T32(D + BSG2_1(A) + CH(A, B, C) \
+ SPH_C32(0xD192E819) + W12); \
T2 = SPH_T32(BSG2_0(E) + MAJ(E, F, G)); \
H = SPH_T32(H + T1); \
D = SPH_T32(T1 + T2); \
W13 = SPH_T32(SSG2_1(W11) + W06 + SSG2_0(W14) + W13); \
T1 = SPH_T32(C + BSG2_1(H) + CH(H, A, B) \
+ SPH_C32(0xD6990624) + W13); \
T2 = SPH_T32(BSG2_0(D) + MAJ(D, E, F)); \
G = SPH_T32(G + T1); \
C = SPH_T32(T1 + T2); \
W14 = SPH_T32(SSG2_1(W12) + W07 + SSG2_0(W15) + W14); \
T1 = SPH_T32(B + BSG2_1(G) + CH(G, H, A) \
+ SPH_C32(0xF40E3585) + W14); \
T2 = SPH_T32(BSG2_0(C) + MAJ(C, D, E)); \
F = SPH_T32(F + T1); \
B = SPH_T32(T1 + T2); \
W15 = SPH_T32(SSG2_1(W13) + W08 + SSG2_0(W00) + W15); \
T1 = SPH_T32(A + BSG2_1(F) + CH(F, G, H) \
+ SPH_C32(0x106AA070) + W15); \
T2 = SPH_T32(BSG2_0(B) + MAJ(B, C, D)); \
E = SPH_T32(E + T1); \
A = SPH_T32(T1 + T2); \
W00 = SPH_T32(SSG2_1(W14) + W09 + SSG2_0(W01) + W00); \
T1 = SPH_T32(H + BSG2_1(E) + CH(E, F, G) \
+ SPH_C32(0x19A4C116) + W00); \
T2 = SPH_T32(BSG2_0(A) + MAJ(A, B, C)); \
D = SPH_T32(D + T1); \
H = SPH_T32(T1 + T2); \
W01 = SPH_T32(SSG2_1(W15) + W10 + SSG2_0(W02) + W01); \
T1 = SPH_T32(G + BSG2_1(D) + CH(D, E, F) \
+ SPH_C32(0x1E376C08) + W01); \
T2 = SPH_T32(BSG2_0(H) + MAJ(H, A, B)); \
C = SPH_T32(C + T1); \
G = SPH_T32(T1 + T2); \
W02 = SPH_T32(SSG2_1(W00) + W11 + SSG2_0(W03) + W02); \
T1 = SPH_T32(F + BSG2_1(C) + CH(C, D, E) \
+ SPH_C32(0x2748774C) + W02); \
T2 = SPH_T32(BSG2_0(G) + MAJ(G, H, A)); \
B = SPH_T32(B + T1); \
F = SPH_T32(T1 + T2); \
W03 = SPH_T32(SSG2_1(W01) + W12 + SSG2_0(W04) + W03); \
T1 = SPH_T32(E + BSG2_1(B) + CH(B, C, D) \
+ SPH_C32(0x34B0BCB5) + W03); \
T2 = SPH_T32(BSG2_0(F) + MAJ(F, G, H)); \
A = SPH_T32(A + T1); \
E = SPH_T32(T1 + T2); \
W04 = SPH_T32(SSG2_1(W02) + W13 + SSG2_0(W05) + W04); \
T1 = SPH_T32(D + BSG2_1(A) + CH(A, B, C) \
+ SPH_C32(0x391C0CB3) + W04); \
T2 = SPH_T32(BSG2_0(E) + MAJ(E, F, G)); \
H = SPH_T32(H + T1); \
D = SPH_T32(T1 + T2); \
W05 = SPH_T32(SSG2_1(W03) + W14 + SSG2_0(W06) + W05); \
T1 = SPH_T32(C + BSG2_1(H) + CH(H, A, B) \
+ SPH_C32(0x4ED8AA4A) + W05); \
T2 = SPH_T32(BSG2_0(D) + MAJ(D, E, F)); \
G = SPH_T32(G + T1); \
C = SPH_T32(T1 + T2); \
W06 = SPH_T32(SSG2_1(W04) + W15 + SSG2_0(W07) + W06); \
T1 = SPH_T32(B + BSG2_1(G) + CH(G, H, A) \
+ SPH_C32(0x5B9CCA4F) + W06); \
T2 = SPH_T32(BSG2_0(C) + MAJ(C, D, E)); \
F = SPH_T32(F + T1); \
B = SPH_T32(T1 + T2); \
W07 = SPH_T32(SSG2_1(W05) + W00 + SSG2_0(W08) + W07); \
T1 = SPH_T32(A + BSG2_1(F) + CH(F, G, H) \
+ SPH_C32(0x682E6FF3) + W07); \
T2 = SPH_T32(BSG2_0(B) + MAJ(B, C, D)); \
E = SPH_T32(E + T1); \
A = SPH_T32(T1 + T2); \
W08 = SPH_T32(SSG2_1(W06) + W01 + SSG2_0(W09) + W08); \
T1 = SPH_T32(H + BSG2_1(E) + CH(E, F, G) \
+ SPH_C32(0x748F82EE) + W08); \
T2 = SPH_T32(BSG2_0(A) + MAJ(A, B, C)); \
D = SPH_T32(D + T1); \
H = SPH_T32(T1 + T2); \
W09 = SPH_T32(SSG2_1(W07) + W02 + SSG2_0(W10) + W09); \
T1 = SPH_T32(G + BSG2_1(D) + CH(D, E, F) \
+ SPH_C32(0x78A5636F) + W09); \
T2 = SPH_T32(BSG2_0(H) + MAJ(H, A, B)); \
C = SPH_T32(C + T1); \
G = SPH_T32(T1 + T2); \
W10 = SPH_T32(SSG2_1(W08) + W03 + SSG2_0(W11) + W10); \
T1 = SPH_T32(F + BSG2_1(C) + CH(C, D, E) \
+ SPH_C32(0x84C87814) + W10); \
T2 = SPH_T32(BSG2_0(G) + MAJ(G, H, A)); \
B = SPH_T32(B + T1); \
F = SPH_T32(T1 + T2); \
W11 = SPH_T32(SSG2_1(W09) + W04 + SSG2_0(W12) + W11); \
T1 = SPH_T32(E + BSG2_1(B) + CH(B, C, D) \
+ SPH_C32(0x8CC70208) + W11); \
T2 = SPH_T32(BSG2_0(F) + MAJ(F, G, H)); \
A = SPH_T32(A + T1); \
E = SPH_T32(T1 + T2); \
W12 = SPH_T32(SSG2_1(W10) + W05 + SSG2_0(W13) + W12); \
T1 = SPH_T32(D + BSG2_1(A) + CH(A, B, C) \
+ SPH_C32(0x90BEFFFA) + W12); \
T2 = SPH_T32(BSG2_0(E) + MAJ(E, F, G)); \
H = SPH_T32(H + T1); \
D = SPH_T32(T1 + T2); \
W13 = SPH_T32(SSG2_1(W11) + W06 + SSG2_0(W14) + W13); \
T1 = SPH_T32(C + BSG2_1(H) + CH(H, A, B) \
+ SPH_C32(0xA4506CEB) + W13); \
T2 = SPH_T32(BSG2_0(D) + MAJ(D, E, F)); \
G = SPH_T32(G + T1); \
C = SPH_T32(T1 + T2); \
W14 = SPH_T32(SSG2_1(W12) + W07 + SSG2_0(W15) + W14); \
T1 = SPH_T32(B + BSG2_1(G) + CH(G, H, A) \
+ SPH_C32(0xBEF9A3F7) + W14); \
T2 = SPH_T32(BSG2_0(C) + MAJ(C, D, E)); \
F = SPH_T32(F + T1); \
B = SPH_T32(T1 + T2); \
W15 = SPH_T32(SSG2_1(W13) + W08 + SSG2_0(W00) + W15); \
T1 = SPH_T32(A + BSG2_1(F) + CH(F, G, H) \
+ SPH_C32(0xC67178F2) + W15); \
T2 = SPH_T32(BSG2_0(B) + MAJ(B, C, D)); \
E = SPH_T32(E + T1); \
A = SPH_T32(T1 + T2); \
(r)[0] = SPH_T32((r)[0] + A); \
(r)[1] = SPH_T32((r)[1] + B); \
(r)[2] = SPH_T32((r)[2] + C); \
(r)[3] = SPH_T32((r)[3] + D); \
(r)[4] = SPH_T32((r)[4] + E); \
(r)[5] = SPH_T32((r)[5] + F); \
(r)[6] = SPH_T32((r)[6] + G); \
(r)[7] = SPH_T32((r)[7] + H); \
} while (0)
#endif
/*
* One round of SHA-224 / SHA-256. The data must be aligned for 32-bit access.
*/
static void
sha2_round(const unsigned char *data, sph_u32 r[8])
{
#define SHA2_IN(x) sph_dec32be_aligned(data + (4 * (x)))
SHA2_ROUND_BODY(SHA2_IN, r);
#undef SHA2_IN
}
/* see sph_sha2.h */
void
sph_sha224_init(void *cc)
{
sph_sha224_context *sc;
sc = (sph_sha224_context*)cc;
memcpy(sc->val, H224, sizeof H224);
#if SPH_64
sc->count = 0;
#else
sc->count_high = sc->count_low = 0;
#endif
}
/* see sph_sha2.h */
void
sph_sha256_init(void *cc)
{
sph_sha256_context *sc;
sc = (sph_sha224_context*)cc;
memcpy(sc->val, H256, sizeof H256);
#if SPH_64
sc->count = 0;
#else
sc->count_high = sc->count_low = 0;
#endif
}
#define RFUN sha2_round
#define HASH sha224
#define BE32 1
#include "md_helper.c"
/* see sph_sha2.h */
void
sph_sha224_close(void *cc, void *dst)
{
sha224_close(cc, dst, 7);
sph_sha224_init(cc);
}
/* see sph_sha2.h */
void
sph_sha224_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst)
{
sha224_addbits_and_close(cc, ub, n, dst, 7);
sph_sha224_init(cc);
}
/* see sph_sha2.h */
void
sph_sha256_close(void *cc, void *dst)
{
sha224_close(cc, dst, 8);
sph_sha256_init(cc);
}
/* see sph_sha2.h */
void
sph_sha256_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst)
{
sha224_addbits_and_close(cc, ub, n, dst, 8);
sph_sha256_init(cc);
}
/* see sph_sha2.h */
void
sph_sha224_comp(const sph_u32 msg[16], sph_u32 val[8])
{
#define SHA2_IN(x) msg[x]
SHA2_ROUND_BODY(SHA2_IN, val);
#undef SHA2_IN
}

371
stratum/sha3/sph_sha2.h Normal file
View file

@ -0,0 +1,371 @@
/* $Id: sph_sha2.h 216 2010-06-08 09:46:57Z tp $ */
/**
* SHA-224, SHA-256, SHA-384 and SHA-512 interface.
*
* SHA-256 has been published in FIPS 180-2, now amended with a change
* notice to include SHA-224 as well (which is a simple variation on
* SHA-256). SHA-384 and SHA-512 are also defined in FIPS 180-2. FIPS
* standards can be found at:
* http://csrc.nist.gov/publications/fips/
*
* ==========================(LICENSE BEGIN)============================
*
* Copyright (c) 2007-2010 Projet RNRT SAPHIR
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*
* ===========================(LICENSE END)=============================
*
* @file sph_sha2.h
* @author Thomas Pornin <thomas.pornin@cryptolog.com>
*/
#ifndef SPH_SHA2_H__
#define SPH_SHA2_H__
#include <stddef.h>
#include "sph_types.h"
/**
* Output size (in bits) for SHA-224.
*/
#define SPH_SIZE_sha224 224
/**
* Output size (in bits) for SHA-256.
*/
#define SPH_SIZE_sha256 256
/**
* This structure is a context for SHA-224 computations: it contains the
* intermediate values and some data from the last entered block. Once
* a SHA-224 computation has been performed, the context can be reused for
* another computation.
*
* The contents of this structure are private. A running SHA-224 computation
* can be cloned by copying the context (e.g. with a simple
* <code>memcpy()</code>).
*/
typedef struct {
#ifndef DOXYGEN_IGNORE
unsigned char buf[64]; /* first field, for alignment */
sph_u32 val[8];
#if SPH_64
sph_u64 count;
#else
sph_u32 count_high, count_low;
#endif
#endif
} sph_sha224_context;
/**
* This structure is a context for SHA-256 computations. It is identical
* to the SHA-224 context. However, a context is initialized for SHA-224
* <strong>or</strong> SHA-256, but not both (the internal IV is not the
* same).
*/
typedef sph_sha224_context sph_sha256_context;
/**
* Initialize a SHA-224 context. This process performs no memory allocation.
*
* @param cc the SHA-224 context (pointer to
* a <code>sph_sha224_context</code>)
*/
void sph_sha224_init(void *cc);
/**
* Process some data bytes. It is acceptable that <code>len</code> is zero
* (in which case this function does nothing).
*
* @param cc the SHA-224 context
* @param data the input data
* @param len the input data length (in bytes)
*/
void sph_sha224(void *cc, const void *data, size_t len);
/**
* Terminate the current SHA-224 computation and output the result into the
* provided buffer. The destination buffer must be wide enough to
* accomodate the result (28 bytes). The context is automatically
* reinitialized.
*
* @param cc the SHA-224 context
* @param dst the destination buffer
*/
void sph_sha224_close(void *cc, void *dst);
/**
* Add a few additional bits (0 to 7) to the current computation, then
* terminate it and output the result in the provided buffer, which must
* be wide enough to accomodate the result (28 bytes). If bit number i
* in <code>ub</code> has value 2^i, then the extra bits are those
* numbered 7 downto 8-n (this is the big-endian convention at the byte
* level). The context is automatically reinitialized.
*
* @param cc the SHA-224 context
* @param ub the extra bits
* @param n the number of extra bits (0 to 7)
* @param dst the destination buffer
*/
void sph_sha224_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst);
/**
* Apply the SHA-224 compression function on the provided data. The
* <code>msg</code> parameter contains the 16 32-bit input blocks,
* as numerical values (hence after the big-endian decoding). The
* <code>val</code> parameter contains the 8 32-bit input blocks for
* the compression function; the output is written in place in this
* array.
*
* @param msg the message block (16 values)
* @param val the function 256-bit input and output
*/
void sph_sha224_comp(const sph_u32 msg[16], sph_u32 val[8]);
/**
* Initialize a SHA-256 context. This process performs no memory allocation.
*
* @param cc the SHA-256 context (pointer to
* a <code>sph_sha256_context</code>)
*/
void sph_sha256_init(void *cc);
#ifdef DOXYGEN_IGNORE
/**
* Process some data bytes, for SHA-256. This function is identical to
* <code>sha_224()</code>
*
* @param cc the SHA-224 context
* @param data the input data
* @param len the input data length (in bytes)
*/
void sph_sha256(void *cc, const void *data, size_t len);
#endif
#ifndef DOXYGEN_IGNORE
#define sph_sha256 sph_sha224
#endif
/**
* Terminate the current SHA-256 computation and output the result into the
* provided buffer. The destination buffer must be wide enough to
* accomodate the result (32 bytes). The context is automatically
* reinitialized.
*
* @param cc the SHA-256 context
* @param dst the destination buffer
*/
void sph_sha256_close(void *cc, void *dst);
/**
* Add a few additional bits (0 to 7) to the current computation, then
* terminate it and output the result in the provided buffer, which must
* be wide enough to accomodate the result (32 bytes). If bit number i
* in <code>ub</code> has value 2^i, then the extra bits are those
* numbered 7 downto 8-n (this is the big-endian convention at the byte
* level). The context is automatically reinitialized.
*
* @param cc the SHA-256 context
* @param ub the extra bits
* @param n the number of extra bits (0 to 7)
* @param dst the destination buffer
*/
void sph_sha256_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst);
#ifdef DOXYGEN_IGNORE
/**
* Apply the SHA-256 compression function on the provided data. This
* function is identical to <code>sha224_comp()</code>.
*
* @param msg the message block (16 values)
* @param val the function 256-bit input and output
*/
void sph_sha256_comp(const sph_u32 msg[16], sph_u32 val[8]);
#endif
#ifndef DOXYGEN_IGNORE
#define sph_sha256_comp sph_sha224_comp
#endif
#if SPH_64
/**
* Output size (in bits) for SHA-384.
*/
#define SPH_SIZE_sha384 384
/**
* Output size (in bits) for SHA-512.
*/
#define SPH_SIZE_sha512 512
/**
* This structure is a context for SHA-384 computations: it contains the
* intermediate values and some data from the last entered block. Once
* a SHA-384 computation has been performed, the context can be reused for
* another computation.
*
* The contents of this structure are private. A running SHA-384 computation
* can be cloned by copying the context (e.g. with a simple
* <code>memcpy()</code>).
*/
typedef struct {
#ifndef DOXYGEN_IGNORE
unsigned char buf[128]; /* first field, for alignment */
sph_u64 val[8];
sph_u64 count;
#endif
} sph_sha384_context;
/**
* Initialize a SHA-384 context. This process performs no memory allocation.
*
* @param cc the SHA-384 context (pointer to
* a <code>sph_sha384_context</code>)
*/
void sph_sha384_init(void *cc);
/**
* Process some data bytes. It is acceptable that <code>len</code> is zero
* (in which case this function does nothing).
*
* @param cc the SHA-384 context
* @param data the input data
* @param len the input data length (in bytes)
*/
void sph_sha384(void *cc, const void *data, size_t len);
/**
* Terminate the current SHA-384 computation and output the result into the
* provided buffer. The destination buffer must be wide enough to
* accomodate the result (48 bytes). The context is automatically
* reinitialized.
*
* @param cc the SHA-384 context
* @param dst the destination buffer
*/
void sph_sha384_close(void *cc, void *dst);
/**
* Add a few additional bits (0 to 7) to the current computation, then
* terminate it and output the result in the provided buffer, which must
* be wide enough to accomodate the result (48 bytes). If bit number i
* in <code>ub</code> has value 2^i, then the extra bits are those
* numbered 7 downto 8-n (this is the big-endian convention at the byte
* level). The context is automatically reinitialized.
*
* @param cc the SHA-384 context
* @param ub the extra bits
* @param n the number of extra bits (0 to 7)
* @param dst the destination buffer
*/
void sph_sha384_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst);
/**
* Apply the SHA-384 compression function on the provided data. The
* <code>msg</code> parameter contains the 16 64-bit input blocks,
* as numerical values (hence after the big-endian decoding). The
* <code>val</code> parameter contains the 8 64-bit input blocks for
* the compression function; the output is written in place in this
* array.
*
* @param msg the message block (16 values)
* @param val the function 512-bit input and output
*/
void sph_sha384_comp(const sph_u64 msg[16], sph_u64 val[8]);
/**
* This structure is a context for SHA-512 computations. It is identical
* to the SHA-384 context. However, a context is initialized for SHA-384
* <strong>or</strong> SHA-512, but not both (the internal IV is not the
* same).
*/
typedef sph_sha384_context sph_sha512_context;
/**
* Initialize a SHA-512 context. This process performs no memory allocation.
*
* @param cc the SHA-512 context (pointer to
* a <code>sph_sha512_context</code>)
*/
void sph_sha512_init(void *cc);
#ifdef DOXYGEN_IGNORE
/**
* Process some data bytes, for SHA-512. This function is identical to
* <code>sph_sha384()</code>.
*
* @param cc the SHA-384 context
* @param data the input data
* @param len the input data length (in bytes)
*/
void sph_sha512(void *cc, const void *data, size_t len);
#endif
#ifndef DOXYGEN_IGNORE
#define sph_sha512 sph_sha384
#endif
/**
* Terminate the current SHA-512 computation and output the result into the
* provided buffer. The destination buffer must be wide enough to
* accomodate the result (64 bytes). The context is automatically
* reinitialized.
*
* @param cc the SHA-512 context
* @param dst the destination buffer
*/
void sph_sha512_close(void *cc, void *dst);
/**
* Add a few additional bits (0 to 7) to the current computation, then
* terminate it and output the result in the provided buffer, which must
* be wide enough to accomodate the result (64 bytes). If bit number i
* in <code>ub</code> has value 2^i, then the extra bits are those
* numbered 7 downto 8-n (this is the big-endian convention at the byte
* level). The context is automatically reinitialized.
*
* @param cc the SHA-512 context
* @param ub the extra bits
* @param n the number of extra bits (0 to 7)
* @param dst the destination buffer
*/
void sph_sha512_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst);
#ifdef DOXYGEN_IGNORE
/**
* Apply the SHA-512 compression function. This function is identical to
* <code>sph_sha384_comp()</code>.
*
* @param msg the message block (16 values)
* @param val the function 512-bit input and output
*/
void sph_sha512_comp(const sph_u64 msg[16], sph_u64 val[8]);
#endif
#ifndef DOXYGEN_IGNORE
#define sph_sha512_comp sph_sha384_comp
#endif
#endif
#endif

248
stratum/sha3/sph_sha2big.c Normal file
View file

@ -0,0 +1,248 @@
/* $Id: sha2big.c 216 2010-06-08 09:46:57Z tp $ */
/*
* SHA-384 / SHA-512 implementation.
*
* ==========================(LICENSE BEGIN)============================
*
* Copyright (c) 2007-2010 Projet RNRT SAPHIR
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*
* ===========================(LICENSE END)=============================
*
* @author Thomas Pornin <thomas.pornin@cryptolog.com>
*/
#include <stddef.h>
#include <string.h>
#include "sph_sha2.h"
#if SPH_64
#define CH(X, Y, Z) ((((Y) ^ (Z)) & (X)) ^ (Z))
#define MAJ(X, Y, Z) (((X) & (Y)) | (((X) | (Y)) & (Z)))
#define ROTR64 SPH_ROTR64
#define BSG5_0(x) (ROTR64(x, 28) ^ ROTR64(x, 34) ^ ROTR64(x, 39))
#define BSG5_1(x) (ROTR64(x, 14) ^ ROTR64(x, 18) ^ ROTR64(x, 41))
#define SSG5_0(x) (ROTR64(x, 1) ^ ROTR64(x, 8) ^ SPH_T64((x) >> 7))
#define SSG5_1(x) (ROTR64(x, 19) ^ ROTR64(x, 61) ^ SPH_T64((x) >> 6))
static const sph_u64 K512[80] = {
SPH_C64(0x428A2F98D728AE22), SPH_C64(0x7137449123EF65CD),
SPH_C64(0xB5C0FBCFEC4D3B2F), SPH_C64(0xE9B5DBA58189DBBC),
SPH_C64(0x3956C25BF348B538), SPH_C64(0x59F111F1B605D019),
SPH_C64(0x923F82A4AF194F9B), SPH_C64(0xAB1C5ED5DA6D8118),
SPH_C64(0xD807AA98A3030242), SPH_C64(0x12835B0145706FBE),
SPH_C64(0x243185BE4EE4B28C), SPH_C64(0x550C7DC3D5FFB4E2),
SPH_C64(0x72BE5D74F27B896F), SPH_C64(0x80DEB1FE3B1696B1),
SPH_C64(0x9BDC06A725C71235), SPH_C64(0xC19BF174CF692694),
SPH_C64(0xE49B69C19EF14AD2), SPH_C64(0xEFBE4786384F25E3),
SPH_C64(0x0FC19DC68B8CD5B5), SPH_C64(0x240CA1CC77AC9C65),
SPH_C64(0x2DE92C6F592B0275), SPH_C64(0x4A7484AA6EA6E483),
SPH_C64(0x5CB0A9DCBD41FBD4), SPH_C64(0x76F988DA831153B5),
SPH_C64(0x983E5152EE66DFAB), SPH_C64(0xA831C66D2DB43210),
SPH_C64(0xB00327C898FB213F), SPH_C64(0xBF597FC7BEEF0EE4),
SPH_C64(0xC6E00BF33DA88FC2), SPH_C64(0xD5A79147930AA725),
SPH_C64(0x06CA6351E003826F), SPH_C64(0x142929670A0E6E70),
SPH_C64(0x27B70A8546D22FFC), SPH_C64(0x2E1B21385C26C926),
SPH_C64(0x4D2C6DFC5AC42AED), SPH_C64(0x53380D139D95B3DF),
SPH_C64(0x650A73548BAF63DE), SPH_C64(0x766A0ABB3C77B2A8),
SPH_C64(0x81C2C92E47EDAEE6), SPH_C64(0x92722C851482353B),
SPH_C64(0xA2BFE8A14CF10364), SPH_C64(0xA81A664BBC423001),
SPH_C64(0xC24B8B70D0F89791), SPH_C64(0xC76C51A30654BE30),
SPH_C64(0xD192E819D6EF5218), SPH_C64(0xD69906245565A910),
SPH_C64(0xF40E35855771202A), SPH_C64(0x106AA07032BBD1B8),
SPH_C64(0x19A4C116B8D2D0C8), SPH_C64(0x1E376C085141AB53),
SPH_C64(0x2748774CDF8EEB99), SPH_C64(0x34B0BCB5E19B48A8),
SPH_C64(0x391C0CB3C5C95A63), SPH_C64(0x4ED8AA4AE3418ACB),
SPH_C64(0x5B9CCA4F7763E373), SPH_C64(0x682E6FF3D6B2B8A3),
SPH_C64(0x748F82EE5DEFB2FC), SPH_C64(0x78A5636F43172F60),
SPH_C64(0x84C87814A1F0AB72), SPH_C64(0x8CC702081A6439EC),
SPH_C64(0x90BEFFFA23631E28), SPH_C64(0xA4506CEBDE82BDE9),
SPH_C64(0xBEF9A3F7B2C67915), SPH_C64(0xC67178F2E372532B),
SPH_C64(0xCA273ECEEA26619C), SPH_C64(0xD186B8C721C0C207),
SPH_C64(0xEADA7DD6CDE0EB1E), SPH_C64(0xF57D4F7FEE6ED178),
SPH_C64(0x06F067AA72176FBA), SPH_C64(0x0A637DC5A2C898A6),
SPH_C64(0x113F9804BEF90DAE), SPH_C64(0x1B710B35131C471B),
SPH_C64(0x28DB77F523047D84), SPH_C64(0x32CAAB7B40C72493),
SPH_C64(0x3C9EBE0A15C9BEBC), SPH_C64(0x431D67C49C100D4C),
SPH_C64(0x4CC5D4BECB3E42B6), SPH_C64(0x597F299CFC657E2A),
SPH_C64(0x5FCB6FAB3AD6FAEC), SPH_C64(0x6C44198C4A475817)
};
static const sph_u64 H384[8] = {
SPH_C64(0xCBBB9D5DC1059ED8), SPH_C64(0x629A292A367CD507),
SPH_C64(0x9159015A3070DD17), SPH_C64(0x152FECD8F70E5939),
SPH_C64(0x67332667FFC00B31), SPH_C64(0x8EB44A8768581511),
SPH_C64(0xDB0C2E0D64F98FA7), SPH_C64(0x47B5481DBEFA4FA4)
};
static const sph_u64 H512[8] = {
SPH_C64(0x6A09E667F3BCC908), SPH_C64(0xBB67AE8584CAA73B),
SPH_C64(0x3C6EF372FE94F82B), SPH_C64(0xA54FF53A5F1D36F1),
SPH_C64(0x510E527FADE682D1), SPH_C64(0x9B05688C2B3E6C1F),
SPH_C64(0x1F83D9ABFB41BD6B), SPH_C64(0x5BE0CD19137E2179)
};
/*
* This macro defines the body for a SHA-384 / SHA-512 compression function
* implementation. The "in" parameter should evaluate, when applied to a
* numerical input parameter from 0 to 15, to an expression which yields
* the corresponding input block. The "r" parameter should evaluate to
* an array or pointer expression designating the array of 8 words which
* contains the input and output of the compression function.
*
* SHA-512 is hard for the compiler. If the loop is completely unrolled,
* then the code will be quite huge (possibly more than 100 kB), and the
* performance will be degraded due to cache misses on the code. We
* unroll only eight steps, which avoids all needless copies when
* 64-bit registers are swapped.
*/
#define SHA3_STEP(A, B, C, D, E, F, G, H, i) do { \
sph_u64 T1, T2; \
T1 = SPH_T64(H + BSG5_1(E) + CH(E, F, G) + K512[i] + W[i]); \
T2 = SPH_T64(BSG5_0(A) + MAJ(A, B, C)); \
D = SPH_T64(D + T1); \
H = SPH_T64(T1 + T2); \
} while (0)
#define SHA3_ROUND_BODY(in, r) do { \
int i; \
sph_u64 A, B, C, D, E, F, G, H; \
sph_u64 W[80]; \
\
for (i = 0; i < 16; i ++) \
W[i] = in(i); \
for (i = 16; i < 80; i ++) \
W[i] = SPH_T64(SSG5_1(W[i - 2]) + W[i - 7] \
+ SSG5_0(W[i - 15]) + W[i - 16]); \
A = (r)[0]; \
B = (r)[1]; \
C = (r)[2]; \
D = (r)[3]; \
E = (r)[4]; \
F = (r)[5]; \
G = (r)[6]; \
H = (r)[7]; \
for (i = 0; i < 80; i += 8) { \
SHA3_STEP(A, B, C, D, E, F, G, H, i + 0); \
SHA3_STEP(H, A, B, C, D, E, F, G, i + 1); \
SHA3_STEP(G, H, A, B, C, D, E, F, i + 2); \
SHA3_STEP(F, G, H, A, B, C, D, E, i + 3); \
SHA3_STEP(E, F, G, H, A, B, C, D, i + 4); \
SHA3_STEP(D, E, F, G, H, A, B, C, i + 5); \
SHA3_STEP(C, D, E, F, G, H, A, B, i + 6); \
SHA3_STEP(B, C, D, E, F, G, H, A, i + 7); \
} \
(r)[0] = SPH_T64((r)[0] + A); \
(r)[1] = SPH_T64((r)[1] + B); \
(r)[2] = SPH_T64((r)[2] + C); \
(r)[3] = SPH_T64((r)[3] + D); \
(r)[4] = SPH_T64((r)[4] + E); \
(r)[5] = SPH_T64((r)[5] + F); \
(r)[6] = SPH_T64((r)[6] + G); \
(r)[7] = SPH_T64((r)[7] + H); \
} while (0)
/*
* One round of SHA-384 / SHA-512. The data must be aligned for 64-bit access.
*/
static void
sha3_round(const unsigned char *data, sph_u64 r[8])
{
#define SHA3_IN(x) sph_dec64be_aligned(data + (8 * (x)))
SHA3_ROUND_BODY(SHA3_IN, r);
#undef SHA3_IN
}
/* see sph_sha3.h */
void
sph_sha384_init(void *cc)
{
sph_sha384_context *sc;
sc = (sph_sha384_context*)cc;
memcpy(sc->val, H384, sizeof H384);
sc->count = 0;
}
/* see sph_sha3.h */
void
sph_sha512_init(void *cc)
{
sph_sha512_context *sc;
sc = (sph_sha512_context*)cc;
memcpy(sc->val, H512, sizeof H512);
sc->count = 0;
}
#define RFUN sha3_round
#define HASH sha384
#define BE64 1
#include "md_helper.c"
/* see sph_sha3.h */
void
sph_sha384_close(void *cc, void *dst)
{
sha384_close(cc, dst, 6);
sph_sha384_init(cc);
}
/* see sph_sha3.h */
void
sph_sha384_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst)
{
sha384_addbits_and_close(cc, ub, n, dst, 6);
sph_sha384_init(cc);
}
/* see sph_sha3.h */
void
sph_sha512_close(void *cc, void *dst)
{
sha384_close(cc, dst, 8);
sph_sha512_init(cc);
}
/* see sph_sha3.h */
void
sph_sha512_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst)
{
sha384_addbits_and_close(cc, ub, n, dst, 8);
sph_sha512_init(cc);
}
/* see sph_sha3.h */
void
sph_sha384_comp(const sph_u64 msg[16], sph_u64 val[8])
{
#define SHA3_IN(x) msg[x]
SHA3_ROUND_BODY(SHA3_IN, val);
#undef SHA3_IN
}
#endif

698
stratum/sha3/sph_tiger.c Normal file
View file

@ -0,0 +1,698 @@
/* $Id: tiger.c 216 2010-06-08 09:46:57Z tp $ */
/*
* Tiger / Tiger2 implementation.
*
* ==========================(LICENSE BEGIN)============================
*
* Copyright (c) 2007-2010 Projet RNRT SAPHIR
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*
* ===========================(LICENSE END)=============================
*
* @author Thomas Pornin <thomas.pornin@cryptolog.com>
*/
#include <stddef.h>
#include <string.h>
#include "sph_tiger.h"
#if SPH_64
static const sph_u64 T1[256] = {
SPH_C64(0x02AAB17CF7E90C5E), SPH_C64(0xAC424B03E243A8EC),
SPH_C64(0x72CD5BE30DD5FCD3), SPH_C64(0x6D019B93F6F97F3A),
SPH_C64(0xCD9978FFD21F9193), SPH_C64(0x7573A1C9708029E2),
SPH_C64(0xB164326B922A83C3), SPH_C64(0x46883EEE04915870),
SPH_C64(0xEAACE3057103ECE6), SPH_C64(0xC54169B808A3535C),
SPH_C64(0x4CE754918DDEC47C), SPH_C64(0x0AA2F4DFDC0DF40C),
SPH_C64(0x10B76F18A74DBEFA), SPH_C64(0xC6CCB6235AD1AB6A),
SPH_C64(0x13726121572FE2FF), SPH_C64(0x1A488C6F199D921E),
SPH_C64(0x4BC9F9F4DA0007CA), SPH_C64(0x26F5E6F6E85241C7),
SPH_C64(0x859079DBEA5947B6), SPH_C64(0x4F1885C5C99E8C92),
SPH_C64(0xD78E761EA96F864B), SPH_C64(0x8E36428C52B5C17D),
SPH_C64(0x69CF6827373063C1), SPH_C64(0xB607C93D9BB4C56E),
SPH_C64(0x7D820E760E76B5EA), SPH_C64(0x645C9CC6F07FDC42),
SPH_C64(0xBF38A078243342E0), SPH_C64(0x5F6B343C9D2E7D04),
SPH_C64(0xF2C28AEB600B0EC6), SPH_C64(0x6C0ED85F7254BCAC),
SPH_C64(0x71592281A4DB4FE5), SPH_C64(0x1967FA69CE0FED9F),
SPH_C64(0xFD5293F8B96545DB), SPH_C64(0xC879E9D7F2A7600B),
SPH_C64(0x860248920193194E), SPH_C64(0xA4F9533B2D9CC0B3),
SPH_C64(0x9053836C15957613), SPH_C64(0xDB6DCF8AFC357BF1),
SPH_C64(0x18BEEA7A7A370F57), SPH_C64(0x037117CA50B99066),
SPH_C64(0x6AB30A9774424A35), SPH_C64(0xF4E92F02E325249B),
SPH_C64(0x7739DB07061CCAE1), SPH_C64(0xD8F3B49CECA42A05),
SPH_C64(0xBD56BE3F51382F73), SPH_C64(0x45FAED5843B0BB28),
SPH_C64(0x1C813D5C11BF1F83), SPH_C64(0x8AF0E4B6D75FA169),
SPH_C64(0x33EE18A487AD9999), SPH_C64(0x3C26E8EAB1C94410),
SPH_C64(0xB510102BC0A822F9), SPH_C64(0x141EEF310CE6123B),
SPH_C64(0xFC65B90059DDB154), SPH_C64(0xE0158640C5E0E607),
SPH_C64(0x884E079826C3A3CF), SPH_C64(0x930D0D9523C535FD),
SPH_C64(0x35638D754E9A2B00), SPH_C64(0x4085FCCF40469DD5),
SPH_C64(0xC4B17AD28BE23A4C), SPH_C64(0xCAB2F0FC6A3E6A2E),
SPH_C64(0x2860971A6B943FCD), SPH_C64(0x3DDE6EE212E30446),
SPH_C64(0x6222F32AE01765AE), SPH_C64(0x5D550BB5478308FE),
SPH_C64(0xA9EFA98DA0EDA22A), SPH_C64(0xC351A71686C40DA7),
SPH_C64(0x1105586D9C867C84), SPH_C64(0xDCFFEE85FDA22853),
SPH_C64(0xCCFBD0262C5EEF76), SPH_C64(0xBAF294CB8990D201),
SPH_C64(0xE69464F52AFAD975), SPH_C64(0x94B013AFDF133E14),
SPH_C64(0x06A7D1A32823C958), SPH_C64(0x6F95FE5130F61119),
SPH_C64(0xD92AB34E462C06C0), SPH_C64(0xED7BDE33887C71D2),
SPH_C64(0x79746D6E6518393E), SPH_C64(0x5BA419385D713329),
SPH_C64(0x7C1BA6B948A97564), SPH_C64(0x31987C197BFDAC67),
SPH_C64(0xDE6C23C44B053D02), SPH_C64(0x581C49FED002D64D),
SPH_C64(0xDD474D6338261571), SPH_C64(0xAA4546C3E473D062),
SPH_C64(0x928FCE349455F860), SPH_C64(0x48161BBACAAB94D9),
SPH_C64(0x63912430770E6F68), SPH_C64(0x6EC8A5E602C6641C),
SPH_C64(0x87282515337DDD2B), SPH_C64(0x2CDA6B42034B701B),
SPH_C64(0xB03D37C181CB096D), SPH_C64(0xE108438266C71C6F),
SPH_C64(0x2B3180C7EB51B255), SPH_C64(0xDF92B82F96C08BBC),
SPH_C64(0x5C68C8C0A632F3BA), SPH_C64(0x5504CC861C3D0556),
SPH_C64(0xABBFA4E55FB26B8F), SPH_C64(0x41848B0AB3BACEB4),
SPH_C64(0xB334A273AA445D32), SPH_C64(0xBCA696F0A85AD881),
SPH_C64(0x24F6EC65B528D56C), SPH_C64(0x0CE1512E90F4524A),
SPH_C64(0x4E9DD79D5506D35A), SPH_C64(0x258905FAC6CE9779),
SPH_C64(0x2019295B3E109B33), SPH_C64(0xF8A9478B73A054CC),
SPH_C64(0x2924F2F934417EB0), SPH_C64(0x3993357D536D1BC4),
SPH_C64(0x38A81AC21DB6FF8B), SPH_C64(0x47C4FBF17D6016BF),
SPH_C64(0x1E0FAADD7667E3F5), SPH_C64(0x7ABCFF62938BEB96),
SPH_C64(0xA78DAD948FC179C9), SPH_C64(0x8F1F98B72911E50D),
SPH_C64(0x61E48EAE27121A91), SPH_C64(0x4D62F7AD31859808),
SPH_C64(0xECEBA345EF5CEAEB), SPH_C64(0xF5CEB25EBC9684CE),
SPH_C64(0xF633E20CB7F76221), SPH_C64(0xA32CDF06AB8293E4),
SPH_C64(0x985A202CA5EE2CA4), SPH_C64(0xCF0B8447CC8A8FB1),
SPH_C64(0x9F765244979859A3), SPH_C64(0xA8D516B1A1240017),
SPH_C64(0x0BD7BA3EBB5DC726), SPH_C64(0xE54BCA55B86ADB39),
SPH_C64(0x1D7A3AFD6C478063), SPH_C64(0x519EC608E7669EDD),
SPH_C64(0x0E5715A2D149AA23), SPH_C64(0x177D4571848FF194),
SPH_C64(0xEEB55F3241014C22), SPH_C64(0x0F5E5CA13A6E2EC2),
SPH_C64(0x8029927B75F5C361), SPH_C64(0xAD139FABC3D6E436),
SPH_C64(0x0D5DF1A94CCF402F), SPH_C64(0x3E8BD948BEA5DFC8),
SPH_C64(0xA5A0D357BD3FF77E), SPH_C64(0xA2D12E251F74F645),
SPH_C64(0x66FD9E525E81A082), SPH_C64(0x2E0C90CE7F687A49),
SPH_C64(0xC2E8BCBEBA973BC5), SPH_C64(0x000001BCE509745F),
SPH_C64(0x423777BBE6DAB3D6), SPH_C64(0xD1661C7EAEF06EB5),
SPH_C64(0xA1781F354DAACFD8), SPH_C64(0x2D11284A2B16AFFC),
SPH_C64(0xF1FC4F67FA891D1F), SPH_C64(0x73ECC25DCB920ADA),
SPH_C64(0xAE610C22C2A12651), SPH_C64(0x96E0A810D356B78A),
SPH_C64(0x5A9A381F2FE7870F), SPH_C64(0xD5AD62EDE94E5530),
SPH_C64(0xD225E5E8368D1427), SPH_C64(0x65977B70C7AF4631),
SPH_C64(0x99F889B2DE39D74F), SPH_C64(0x233F30BF54E1D143),
SPH_C64(0x9A9675D3D9A63C97), SPH_C64(0x5470554FF334F9A8),
SPH_C64(0x166ACB744A4F5688), SPH_C64(0x70C74CAAB2E4AEAD),
SPH_C64(0xF0D091646F294D12), SPH_C64(0x57B82A89684031D1),
SPH_C64(0xEFD95A5A61BE0B6B), SPH_C64(0x2FBD12E969F2F29A),
SPH_C64(0x9BD37013FEFF9FE8), SPH_C64(0x3F9B0404D6085A06),
SPH_C64(0x4940C1F3166CFE15), SPH_C64(0x09542C4DCDF3DEFB),
SPH_C64(0xB4C5218385CD5CE3), SPH_C64(0xC935B7DC4462A641),
SPH_C64(0x3417F8A68ED3B63F), SPH_C64(0xB80959295B215B40),
SPH_C64(0xF99CDAEF3B8C8572), SPH_C64(0x018C0614F8FCB95D),
SPH_C64(0x1B14ACCD1A3ACDF3), SPH_C64(0x84D471F200BB732D),
SPH_C64(0xC1A3110E95E8DA16), SPH_C64(0x430A7220BF1A82B8),
SPH_C64(0xB77E090D39DF210E), SPH_C64(0x5EF4BD9F3CD05E9D),
SPH_C64(0x9D4FF6DA7E57A444), SPH_C64(0xDA1D60E183D4A5F8),
SPH_C64(0xB287C38417998E47), SPH_C64(0xFE3EDC121BB31886),
SPH_C64(0xC7FE3CCC980CCBEF), SPH_C64(0xE46FB590189BFD03),
SPH_C64(0x3732FD469A4C57DC), SPH_C64(0x7EF700A07CF1AD65),
SPH_C64(0x59C64468A31D8859), SPH_C64(0x762FB0B4D45B61F6),
SPH_C64(0x155BAED099047718), SPH_C64(0x68755E4C3D50BAA6),
SPH_C64(0xE9214E7F22D8B4DF), SPH_C64(0x2ADDBF532EAC95F4),
SPH_C64(0x32AE3909B4BD0109), SPH_C64(0x834DF537B08E3450),
SPH_C64(0xFA209DA84220728D), SPH_C64(0x9E691D9B9EFE23F7),
SPH_C64(0x0446D288C4AE8D7F), SPH_C64(0x7B4CC524E169785B),
SPH_C64(0x21D87F0135CA1385), SPH_C64(0xCEBB400F137B8AA5),
SPH_C64(0x272E2B66580796BE), SPH_C64(0x3612264125C2B0DE),
SPH_C64(0x057702BDAD1EFBB2), SPH_C64(0xD4BABB8EACF84BE9),
SPH_C64(0x91583139641BC67B), SPH_C64(0x8BDC2DE08036E024),
SPH_C64(0x603C8156F49F68ED), SPH_C64(0xF7D236F7DBEF5111),
SPH_C64(0x9727C4598AD21E80), SPH_C64(0xA08A0896670A5FD7),
SPH_C64(0xCB4A8F4309EBA9CB), SPH_C64(0x81AF564B0F7036A1),
SPH_C64(0xC0B99AA778199ABD), SPH_C64(0x959F1EC83FC8E952),
SPH_C64(0x8C505077794A81B9), SPH_C64(0x3ACAAF8F056338F0),
SPH_C64(0x07B43F50627A6778), SPH_C64(0x4A44AB49F5ECCC77),
SPH_C64(0x3BC3D6E4B679EE98), SPH_C64(0x9CC0D4D1CF14108C),
SPH_C64(0x4406C00B206BC8A0), SPH_C64(0x82A18854C8D72D89),
SPH_C64(0x67E366B35C3C432C), SPH_C64(0xB923DD61102B37F2),
SPH_C64(0x56AB2779D884271D), SPH_C64(0xBE83E1B0FF1525AF),
SPH_C64(0xFB7C65D4217E49A9), SPH_C64(0x6BDBE0E76D48E7D4),
SPH_C64(0x08DF828745D9179E), SPH_C64(0x22EA6A9ADD53BD34),
SPH_C64(0xE36E141C5622200A), SPH_C64(0x7F805D1B8CB750EE),
SPH_C64(0xAFE5C7A59F58E837), SPH_C64(0xE27F996A4FB1C23C),
SPH_C64(0xD3867DFB0775F0D0), SPH_C64(0xD0E673DE6E88891A),
SPH_C64(0x123AEB9EAFB86C25), SPH_C64(0x30F1D5D5C145B895),
SPH_C64(0xBB434A2DEE7269E7), SPH_C64(0x78CB67ECF931FA38),
SPH_C64(0xF33B0372323BBF9C), SPH_C64(0x52D66336FB279C74),
SPH_C64(0x505F33AC0AFB4EAA), SPH_C64(0xE8A5CD99A2CCE187),
SPH_C64(0x534974801E2D30BB), SPH_C64(0x8D2D5711D5876D90),
SPH_C64(0x1F1A412891BC038E), SPH_C64(0xD6E2E71D82E56648),
SPH_C64(0x74036C3A497732B7), SPH_C64(0x89B67ED96361F5AB),
SPH_C64(0xFFED95D8F1EA02A2), SPH_C64(0xE72B3BD61464D43D),
SPH_C64(0xA6300F170BDC4820), SPH_C64(0xEBC18760ED78A77A),
};
static const sph_u64 T2[256] = {
SPH_C64(0xE6A6BE5A05A12138), SPH_C64(0xB5A122A5B4F87C98),
SPH_C64(0x563C6089140B6990), SPH_C64(0x4C46CB2E391F5DD5),
SPH_C64(0xD932ADDBC9B79434), SPH_C64(0x08EA70E42015AFF5),
SPH_C64(0xD765A6673E478CF1), SPH_C64(0xC4FB757EAB278D99),
SPH_C64(0xDF11C6862D6E0692), SPH_C64(0xDDEB84F10D7F3B16),
SPH_C64(0x6F2EF604A665EA04), SPH_C64(0x4A8E0F0FF0E0DFB3),
SPH_C64(0xA5EDEEF83DBCBA51), SPH_C64(0xFC4F0A2A0EA4371E),
SPH_C64(0xE83E1DA85CB38429), SPH_C64(0xDC8FF882BA1B1CE2),
SPH_C64(0xCD45505E8353E80D), SPH_C64(0x18D19A00D4DB0717),
SPH_C64(0x34A0CFEDA5F38101), SPH_C64(0x0BE77E518887CAF2),
SPH_C64(0x1E341438B3C45136), SPH_C64(0xE05797F49089CCF9),
SPH_C64(0xFFD23F9DF2591D14), SPH_C64(0x543DDA228595C5CD),
SPH_C64(0x661F81FD99052A33), SPH_C64(0x8736E641DB0F7B76),
SPH_C64(0x15227725418E5307), SPH_C64(0xE25F7F46162EB2FA),
SPH_C64(0x48A8B2126C13D9FE), SPH_C64(0xAFDC541792E76EEA),
SPH_C64(0x03D912BFC6D1898F), SPH_C64(0x31B1AAFA1B83F51B),
SPH_C64(0xF1AC2796E42AB7D9), SPH_C64(0x40A3A7D7FCD2EBAC),
SPH_C64(0x1056136D0AFBBCC5), SPH_C64(0x7889E1DD9A6D0C85),
SPH_C64(0xD33525782A7974AA), SPH_C64(0xA7E25D09078AC09B),
SPH_C64(0xBD4138B3EAC6EDD0), SPH_C64(0x920ABFBE71EB9E70),
SPH_C64(0xA2A5D0F54FC2625C), SPH_C64(0xC054E36B0B1290A3),
SPH_C64(0xF6DD59FF62FE932B), SPH_C64(0x3537354511A8AC7D),
SPH_C64(0xCA845E9172FADCD4), SPH_C64(0x84F82B60329D20DC),
SPH_C64(0x79C62CE1CD672F18), SPH_C64(0x8B09A2ADD124642C),
SPH_C64(0xD0C1E96A19D9E726), SPH_C64(0x5A786A9B4BA9500C),
SPH_C64(0x0E020336634C43F3), SPH_C64(0xC17B474AEB66D822),
SPH_C64(0x6A731AE3EC9BAAC2), SPH_C64(0x8226667AE0840258),
SPH_C64(0x67D4567691CAECA5), SPH_C64(0x1D94155C4875ADB5),
SPH_C64(0x6D00FD985B813FDF), SPH_C64(0x51286EFCB774CD06),
SPH_C64(0x5E8834471FA744AF), SPH_C64(0xF72CA0AEE761AE2E),
SPH_C64(0xBE40E4CDAEE8E09A), SPH_C64(0xE9970BBB5118F665),
SPH_C64(0x726E4BEB33DF1964), SPH_C64(0x703B000729199762),
SPH_C64(0x4631D816F5EF30A7), SPH_C64(0xB880B5B51504A6BE),
SPH_C64(0x641793C37ED84B6C), SPH_C64(0x7B21ED77F6E97D96),
SPH_C64(0x776306312EF96B73), SPH_C64(0xAE528948E86FF3F4),
SPH_C64(0x53DBD7F286A3F8F8), SPH_C64(0x16CADCE74CFC1063),
SPH_C64(0x005C19BDFA52C6DD), SPH_C64(0x68868F5D64D46AD3),
SPH_C64(0x3A9D512CCF1E186A), SPH_C64(0x367E62C2385660AE),
SPH_C64(0xE359E7EA77DCB1D7), SPH_C64(0x526C0773749ABE6E),
SPH_C64(0x735AE5F9D09F734B), SPH_C64(0x493FC7CC8A558BA8),
SPH_C64(0xB0B9C1533041AB45), SPH_C64(0x321958BA470A59BD),
SPH_C64(0x852DB00B5F46C393), SPH_C64(0x91209B2BD336B0E5),
SPH_C64(0x6E604F7D659EF19F), SPH_C64(0xB99A8AE2782CCB24),
SPH_C64(0xCCF52AB6C814C4C7), SPH_C64(0x4727D9AFBE11727B),
SPH_C64(0x7E950D0C0121B34D), SPH_C64(0x756F435670AD471F),
SPH_C64(0xF5ADD442615A6849), SPH_C64(0x4E87E09980B9957A),
SPH_C64(0x2ACFA1DF50AEE355), SPH_C64(0xD898263AFD2FD556),
SPH_C64(0xC8F4924DD80C8FD6), SPH_C64(0xCF99CA3D754A173A),
SPH_C64(0xFE477BACAF91BF3C), SPH_C64(0xED5371F6D690C12D),
SPH_C64(0x831A5C285E687094), SPH_C64(0xC5D3C90A3708A0A4),
SPH_C64(0x0F7F903717D06580), SPH_C64(0x19F9BB13B8FDF27F),
SPH_C64(0xB1BD6F1B4D502843), SPH_C64(0x1C761BA38FFF4012),
SPH_C64(0x0D1530C4E2E21F3B), SPH_C64(0x8943CE69A7372C8A),
SPH_C64(0xE5184E11FEB5CE66), SPH_C64(0x618BDB80BD736621),
SPH_C64(0x7D29BAD68B574D0B), SPH_C64(0x81BB613E25E6FE5B),
SPH_C64(0x071C9C10BC07913F), SPH_C64(0xC7BEEB7909AC2D97),
SPH_C64(0xC3E58D353BC5D757), SPH_C64(0xEB017892F38F61E8),
SPH_C64(0xD4EFFB9C9B1CC21A), SPH_C64(0x99727D26F494F7AB),
SPH_C64(0xA3E063A2956B3E03), SPH_C64(0x9D4A8B9A4AA09C30),
SPH_C64(0x3F6AB7D500090FB4), SPH_C64(0x9CC0F2A057268AC0),
SPH_C64(0x3DEE9D2DEDBF42D1), SPH_C64(0x330F49C87960A972),
SPH_C64(0xC6B2720287421B41), SPH_C64(0x0AC59EC07C00369C),
SPH_C64(0xEF4EAC49CB353425), SPH_C64(0xF450244EEF0129D8),
SPH_C64(0x8ACC46E5CAF4DEB6), SPH_C64(0x2FFEAB63989263F7),
SPH_C64(0x8F7CB9FE5D7A4578), SPH_C64(0x5BD8F7644E634635),
SPH_C64(0x427A7315BF2DC900), SPH_C64(0x17D0C4AA2125261C),
SPH_C64(0x3992486C93518E50), SPH_C64(0xB4CBFEE0A2D7D4C3),
SPH_C64(0x7C75D6202C5DDD8D), SPH_C64(0xDBC295D8E35B6C61),
SPH_C64(0x60B369D302032B19), SPH_C64(0xCE42685FDCE44132),
SPH_C64(0x06F3DDB9DDF65610), SPH_C64(0x8EA4D21DB5E148F0),
SPH_C64(0x20B0FCE62FCD496F), SPH_C64(0x2C1B912358B0EE31),
SPH_C64(0xB28317B818F5A308), SPH_C64(0xA89C1E189CA6D2CF),
SPH_C64(0x0C6B18576AAADBC8), SPH_C64(0xB65DEAA91299FAE3),
SPH_C64(0xFB2B794B7F1027E7), SPH_C64(0x04E4317F443B5BEB),
SPH_C64(0x4B852D325939D0A6), SPH_C64(0xD5AE6BEEFB207FFC),
SPH_C64(0x309682B281C7D374), SPH_C64(0xBAE309A194C3B475),
SPH_C64(0x8CC3F97B13B49F05), SPH_C64(0x98A9422FF8293967),
SPH_C64(0x244B16B01076FF7C), SPH_C64(0xF8BF571C663D67EE),
SPH_C64(0x1F0D6758EEE30DA1), SPH_C64(0xC9B611D97ADEB9B7),
SPH_C64(0xB7AFD5887B6C57A2), SPH_C64(0x6290AE846B984FE1),
SPH_C64(0x94DF4CDEACC1A5FD), SPH_C64(0x058A5BD1C5483AFF),
SPH_C64(0x63166CC142BA3C37), SPH_C64(0x8DB8526EB2F76F40),
SPH_C64(0xE10880036F0D6D4E), SPH_C64(0x9E0523C9971D311D),
SPH_C64(0x45EC2824CC7CD691), SPH_C64(0x575B8359E62382C9),
SPH_C64(0xFA9E400DC4889995), SPH_C64(0xD1823ECB45721568),
SPH_C64(0xDAFD983B8206082F), SPH_C64(0xAA7D29082386A8CB),
SPH_C64(0x269FCD4403B87588), SPH_C64(0x1B91F5F728BDD1E0),
SPH_C64(0xE4669F39040201F6), SPH_C64(0x7A1D7C218CF04ADE),
SPH_C64(0x65623C29D79CE5CE), SPH_C64(0x2368449096C00BB1),
SPH_C64(0xAB9BF1879DA503BA), SPH_C64(0xBC23ECB1A458058E),
SPH_C64(0x9A58DF01BB401ECC), SPH_C64(0xA070E868A85F143D),
SPH_C64(0x4FF188307DF2239E), SPH_C64(0x14D565B41A641183),
SPH_C64(0xEE13337452701602), SPH_C64(0x950E3DCF3F285E09),
SPH_C64(0x59930254B9C80953), SPH_C64(0x3BF299408930DA6D),
SPH_C64(0xA955943F53691387), SPH_C64(0xA15EDECAA9CB8784),
SPH_C64(0x29142127352BE9A0), SPH_C64(0x76F0371FFF4E7AFB),
SPH_C64(0x0239F450274F2228), SPH_C64(0xBB073AF01D5E868B),
SPH_C64(0xBFC80571C10E96C1), SPH_C64(0xD267088568222E23),
SPH_C64(0x9671A3D48E80B5B0), SPH_C64(0x55B5D38AE193BB81),
SPH_C64(0x693AE2D0A18B04B8), SPH_C64(0x5C48B4ECADD5335F),
SPH_C64(0xFD743B194916A1CA), SPH_C64(0x2577018134BE98C4),
SPH_C64(0xE77987E83C54A4AD), SPH_C64(0x28E11014DA33E1B9),
SPH_C64(0x270CC59E226AA213), SPH_C64(0x71495F756D1A5F60),
SPH_C64(0x9BE853FB60AFEF77), SPH_C64(0xADC786A7F7443DBF),
SPH_C64(0x0904456173B29A82), SPH_C64(0x58BC7A66C232BD5E),
SPH_C64(0xF306558C673AC8B2), SPH_C64(0x41F639C6B6C9772A),
SPH_C64(0x216DEFE99FDA35DA), SPH_C64(0x11640CC71C7BE615),
SPH_C64(0x93C43694565C5527), SPH_C64(0xEA038E6246777839),
SPH_C64(0xF9ABF3CE5A3E2469), SPH_C64(0x741E768D0FD312D2),
SPH_C64(0x0144B883CED652C6), SPH_C64(0xC20B5A5BA33F8552),
SPH_C64(0x1AE69633C3435A9D), SPH_C64(0x97A28CA4088CFDEC),
SPH_C64(0x8824A43C1E96F420), SPH_C64(0x37612FA66EEEA746),
SPH_C64(0x6B4CB165F9CF0E5A), SPH_C64(0x43AA1C06A0ABFB4A),
SPH_C64(0x7F4DC26FF162796B), SPH_C64(0x6CBACC8E54ED9B0F),
SPH_C64(0xA6B7FFEFD2BB253E), SPH_C64(0x2E25BC95B0A29D4F),
SPH_C64(0x86D6A58BDEF1388C), SPH_C64(0xDED74AC576B6F054),
SPH_C64(0x8030BDBC2B45805D), SPH_C64(0x3C81AF70E94D9289),
SPH_C64(0x3EFF6DDA9E3100DB), SPH_C64(0xB38DC39FDFCC8847),
SPH_C64(0x123885528D17B87E), SPH_C64(0xF2DA0ED240B1B642),
SPH_C64(0x44CEFADCD54BF9A9), SPH_C64(0x1312200E433C7EE6),
SPH_C64(0x9FFCC84F3A78C748), SPH_C64(0xF0CD1F72248576BB),
SPH_C64(0xEC6974053638CFE4), SPH_C64(0x2BA7B67C0CEC4E4C),
SPH_C64(0xAC2F4DF3E5CE32ED), SPH_C64(0xCB33D14326EA4C11),
SPH_C64(0xA4E9044CC77E58BC), SPH_C64(0x5F513293D934FCEF),
SPH_C64(0x5DC9645506E55444), SPH_C64(0x50DE418F317DE40A),
SPH_C64(0x388CB31A69DDE259), SPH_C64(0x2DB4A83455820A86),
SPH_C64(0x9010A91E84711AE9), SPH_C64(0x4DF7F0B7B1498371),
SPH_C64(0xD62A2EABC0977179), SPH_C64(0x22FAC097AA8D5C0E),
};
static const sph_u64 T3[256] = {
SPH_C64(0xF49FCC2FF1DAF39B), SPH_C64(0x487FD5C66FF29281),
SPH_C64(0xE8A30667FCDCA83F), SPH_C64(0x2C9B4BE3D2FCCE63),
SPH_C64(0xDA3FF74B93FBBBC2), SPH_C64(0x2FA165D2FE70BA66),
SPH_C64(0xA103E279970E93D4), SPH_C64(0xBECDEC77B0E45E71),
SPH_C64(0xCFB41E723985E497), SPH_C64(0xB70AAA025EF75017),
SPH_C64(0xD42309F03840B8E0), SPH_C64(0x8EFC1AD035898579),
SPH_C64(0x96C6920BE2B2ABC5), SPH_C64(0x66AF4163375A9172),
SPH_C64(0x2174ABDCCA7127FB), SPH_C64(0xB33CCEA64A72FF41),
SPH_C64(0xF04A4933083066A5), SPH_C64(0x8D970ACDD7289AF5),
SPH_C64(0x8F96E8E031C8C25E), SPH_C64(0xF3FEC02276875D47),
SPH_C64(0xEC7BF310056190DD), SPH_C64(0xF5ADB0AEBB0F1491),
SPH_C64(0x9B50F8850FD58892), SPH_C64(0x4975488358B74DE8),
SPH_C64(0xA3354FF691531C61), SPH_C64(0x0702BBE481D2C6EE),
SPH_C64(0x89FB24057DEDED98), SPH_C64(0xAC3075138596E902),
SPH_C64(0x1D2D3580172772ED), SPH_C64(0xEB738FC28E6BC30D),
SPH_C64(0x5854EF8F63044326), SPH_C64(0x9E5C52325ADD3BBE),
SPH_C64(0x90AA53CF325C4623), SPH_C64(0xC1D24D51349DD067),
SPH_C64(0x2051CFEEA69EA624), SPH_C64(0x13220F0A862E7E4F),
SPH_C64(0xCE39399404E04864), SPH_C64(0xD9C42CA47086FCB7),
SPH_C64(0x685AD2238A03E7CC), SPH_C64(0x066484B2AB2FF1DB),
SPH_C64(0xFE9D5D70EFBF79EC), SPH_C64(0x5B13B9DD9C481854),
SPH_C64(0x15F0D475ED1509AD), SPH_C64(0x0BEBCD060EC79851),
SPH_C64(0xD58C6791183AB7F8), SPH_C64(0xD1187C5052F3EEE4),
SPH_C64(0xC95D1192E54E82FF), SPH_C64(0x86EEA14CB9AC6CA2),
SPH_C64(0x3485BEB153677D5D), SPH_C64(0xDD191D781F8C492A),
SPH_C64(0xF60866BAA784EBF9), SPH_C64(0x518F643BA2D08C74),
SPH_C64(0x8852E956E1087C22), SPH_C64(0xA768CB8DC410AE8D),
SPH_C64(0x38047726BFEC8E1A), SPH_C64(0xA67738B4CD3B45AA),
SPH_C64(0xAD16691CEC0DDE19), SPH_C64(0xC6D4319380462E07),
SPH_C64(0xC5A5876D0BA61938), SPH_C64(0x16B9FA1FA58FD840),
SPH_C64(0x188AB1173CA74F18), SPH_C64(0xABDA2F98C99C021F),
SPH_C64(0x3E0580AB134AE816), SPH_C64(0x5F3B05B773645ABB),
SPH_C64(0x2501A2BE5575F2F6), SPH_C64(0x1B2F74004E7E8BA9),
SPH_C64(0x1CD7580371E8D953), SPH_C64(0x7F6ED89562764E30),
SPH_C64(0xB15926FF596F003D), SPH_C64(0x9F65293DA8C5D6B9),
SPH_C64(0x6ECEF04DD690F84C), SPH_C64(0x4782275FFF33AF88),
SPH_C64(0xE41433083F820801), SPH_C64(0xFD0DFE409A1AF9B5),
SPH_C64(0x4325A3342CDB396B), SPH_C64(0x8AE77E62B301B252),
SPH_C64(0xC36F9E9F6655615A), SPH_C64(0x85455A2D92D32C09),
SPH_C64(0xF2C7DEA949477485), SPH_C64(0x63CFB4C133A39EBA),
SPH_C64(0x83B040CC6EBC5462), SPH_C64(0x3B9454C8FDB326B0),
SPH_C64(0x56F56A9E87FFD78C), SPH_C64(0x2DC2940D99F42BC6),
SPH_C64(0x98F7DF096B096E2D), SPH_C64(0x19A6E01E3AD852BF),
SPH_C64(0x42A99CCBDBD4B40B), SPH_C64(0xA59998AF45E9C559),
SPH_C64(0x366295E807D93186), SPH_C64(0x6B48181BFAA1F773),
SPH_C64(0x1FEC57E2157A0A1D), SPH_C64(0x4667446AF6201AD5),
SPH_C64(0xE615EBCACFB0F075), SPH_C64(0xB8F31F4F68290778),
SPH_C64(0x22713ED6CE22D11E), SPH_C64(0x3057C1A72EC3C93B),
SPH_C64(0xCB46ACC37C3F1F2F), SPH_C64(0xDBB893FD02AAF50E),
SPH_C64(0x331FD92E600B9FCF), SPH_C64(0xA498F96148EA3AD6),
SPH_C64(0xA8D8426E8B6A83EA), SPH_C64(0xA089B274B7735CDC),
SPH_C64(0x87F6B3731E524A11), SPH_C64(0x118808E5CBC96749),
SPH_C64(0x9906E4C7B19BD394), SPH_C64(0xAFED7F7E9B24A20C),
SPH_C64(0x6509EADEEB3644A7), SPH_C64(0x6C1EF1D3E8EF0EDE),
SPH_C64(0xB9C97D43E9798FB4), SPH_C64(0xA2F2D784740C28A3),
SPH_C64(0x7B8496476197566F), SPH_C64(0x7A5BE3E6B65F069D),
SPH_C64(0xF96330ED78BE6F10), SPH_C64(0xEEE60DE77A076A15),
SPH_C64(0x2B4BEE4AA08B9BD0), SPH_C64(0x6A56A63EC7B8894E),
SPH_C64(0x02121359BA34FEF4), SPH_C64(0x4CBF99F8283703FC),
SPH_C64(0x398071350CAF30C8), SPH_C64(0xD0A77A89F017687A),
SPH_C64(0xF1C1A9EB9E423569), SPH_C64(0x8C7976282DEE8199),
SPH_C64(0x5D1737A5DD1F7ABD), SPH_C64(0x4F53433C09A9FA80),
SPH_C64(0xFA8B0C53DF7CA1D9), SPH_C64(0x3FD9DCBC886CCB77),
SPH_C64(0xC040917CA91B4720), SPH_C64(0x7DD00142F9D1DCDF),
SPH_C64(0x8476FC1D4F387B58), SPH_C64(0x23F8E7C5F3316503),
SPH_C64(0x032A2244E7E37339), SPH_C64(0x5C87A5D750F5A74B),
SPH_C64(0x082B4CC43698992E), SPH_C64(0xDF917BECB858F63C),
SPH_C64(0x3270B8FC5BF86DDA), SPH_C64(0x10AE72BB29B5DD76),
SPH_C64(0x576AC94E7700362B), SPH_C64(0x1AD112DAC61EFB8F),
SPH_C64(0x691BC30EC5FAA427), SPH_C64(0xFF246311CC327143),
SPH_C64(0x3142368E30E53206), SPH_C64(0x71380E31E02CA396),
SPH_C64(0x958D5C960AAD76F1), SPH_C64(0xF8D6F430C16DA536),
SPH_C64(0xC8FFD13F1BE7E1D2), SPH_C64(0x7578AE66004DDBE1),
SPH_C64(0x05833F01067BE646), SPH_C64(0xBB34B5AD3BFE586D),
SPH_C64(0x095F34C9A12B97F0), SPH_C64(0x247AB64525D60CA8),
SPH_C64(0xDCDBC6F3017477D1), SPH_C64(0x4A2E14D4DECAD24D),
SPH_C64(0xBDB5E6D9BE0A1EEB), SPH_C64(0x2A7E70F7794301AB),
SPH_C64(0xDEF42D8A270540FD), SPH_C64(0x01078EC0A34C22C1),
SPH_C64(0xE5DE511AF4C16387), SPH_C64(0x7EBB3A52BD9A330A),
SPH_C64(0x77697857AA7D6435), SPH_C64(0x004E831603AE4C32),
SPH_C64(0xE7A21020AD78E312), SPH_C64(0x9D41A70C6AB420F2),
SPH_C64(0x28E06C18EA1141E6), SPH_C64(0xD2B28CBD984F6B28),
SPH_C64(0x26B75F6C446E9D83), SPH_C64(0xBA47568C4D418D7F),
SPH_C64(0xD80BADBFE6183D8E), SPH_C64(0x0E206D7F5F166044),
SPH_C64(0xE258A43911CBCA3E), SPH_C64(0x723A1746B21DC0BC),
SPH_C64(0xC7CAA854F5D7CDD3), SPH_C64(0x7CAC32883D261D9C),
SPH_C64(0x7690C26423BA942C), SPH_C64(0x17E55524478042B8),
SPH_C64(0xE0BE477656A2389F), SPH_C64(0x4D289B5E67AB2DA0),
SPH_C64(0x44862B9C8FBBFD31), SPH_C64(0xB47CC8049D141365),
SPH_C64(0x822C1B362B91C793), SPH_C64(0x4EB14655FB13DFD8),
SPH_C64(0x1ECBBA0714E2A97B), SPH_C64(0x6143459D5CDE5F14),
SPH_C64(0x53A8FBF1D5F0AC89), SPH_C64(0x97EA04D81C5E5B00),
SPH_C64(0x622181A8D4FDB3F3), SPH_C64(0xE9BCD341572A1208),
SPH_C64(0x1411258643CCE58A), SPH_C64(0x9144C5FEA4C6E0A4),
SPH_C64(0x0D33D06565CF620F), SPH_C64(0x54A48D489F219CA1),
SPH_C64(0xC43E5EAC6D63C821), SPH_C64(0xA9728B3A72770DAF),
SPH_C64(0xD7934E7B20DF87EF), SPH_C64(0xE35503B61A3E86E5),
SPH_C64(0xCAE321FBC819D504), SPH_C64(0x129A50B3AC60BFA6),
SPH_C64(0xCD5E68EA7E9FB6C3), SPH_C64(0xB01C90199483B1C7),
SPH_C64(0x3DE93CD5C295376C), SPH_C64(0xAED52EDF2AB9AD13),
SPH_C64(0x2E60F512C0A07884), SPH_C64(0xBC3D86A3E36210C9),
SPH_C64(0x35269D9B163951CE), SPH_C64(0x0C7D6E2AD0CDB5FA),
SPH_C64(0x59E86297D87F5733), SPH_C64(0x298EF221898DB0E7),
SPH_C64(0x55000029D1A5AA7E), SPH_C64(0x8BC08AE1B5061B45),
SPH_C64(0xC2C31C2B6C92703A), SPH_C64(0x94CC596BAF25EF42),
SPH_C64(0x0A1D73DB22540456), SPH_C64(0x04B6A0F9D9C4179A),
SPH_C64(0xEFFDAFA2AE3D3C60), SPH_C64(0xF7C8075BB49496C4),
SPH_C64(0x9CC5C7141D1CD4E3), SPH_C64(0x78BD1638218E5534),
SPH_C64(0xB2F11568F850246A), SPH_C64(0xEDFABCFA9502BC29),
SPH_C64(0x796CE5F2DA23051B), SPH_C64(0xAAE128B0DC93537C),
SPH_C64(0x3A493DA0EE4B29AE), SPH_C64(0xB5DF6B2C416895D7),
SPH_C64(0xFCABBD25122D7F37), SPH_C64(0x70810B58105DC4B1),
SPH_C64(0xE10FDD37F7882A90), SPH_C64(0x524DCAB5518A3F5C),
SPH_C64(0x3C9E85878451255B), SPH_C64(0x4029828119BD34E2),
SPH_C64(0x74A05B6F5D3CECCB), SPH_C64(0xB610021542E13ECA),
SPH_C64(0x0FF979D12F59E2AC), SPH_C64(0x6037DA27E4F9CC50),
SPH_C64(0x5E92975A0DF1847D), SPH_C64(0xD66DE190D3E623FE),
SPH_C64(0x5032D6B87B568048), SPH_C64(0x9A36B7CE8235216E),
SPH_C64(0x80272A7A24F64B4A), SPH_C64(0x93EFED8B8C6916F7),
SPH_C64(0x37DDBFF44CCE1555), SPH_C64(0x4B95DB5D4B99BD25),
SPH_C64(0x92D3FDA169812FC0), SPH_C64(0xFB1A4A9A90660BB6),
SPH_C64(0x730C196946A4B9B2), SPH_C64(0x81E289AA7F49DA68),
SPH_C64(0x64669A0F83B1A05F), SPH_C64(0x27B3FF7D9644F48B),
SPH_C64(0xCC6B615C8DB675B3), SPH_C64(0x674F20B9BCEBBE95),
SPH_C64(0x6F31238275655982), SPH_C64(0x5AE488713E45CF05),
SPH_C64(0xBF619F9954C21157), SPH_C64(0xEABAC46040A8EAE9),
SPH_C64(0x454C6FE9F2C0C1CD), SPH_C64(0x419CF6496412691C),
SPH_C64(0xD3DC3BEF265B0F70), SPH_C64(0x6D0E60F5C3578A9E),
};
static const sph_u64 T4[256] = {
SPH_C64(0x5B0E608526323C55), SPH_C64(0x1A46C1A9FA1B59F5),
SPH_C64(0xA9E245A17C4C8FFA), SPH_C64(0x65CA5159DB2955D7),
SPH_C64(0x05DB0A76CE35AFC2), SPH_C64(0x81EAC77EA9113D45),
SPH_C64(0x528EF88AB6AC0A0D), SPH_C64(0xA09EA253597BE3FF),
SPH_C64(0x430DDFB3AC48CD56), SPH_C64(0xC4B3A67AF45CE46F),
SPH_C64(0x4ECECFD8FBE2D05E), SPH_C64(0x3EF56F10B39935F0),
SPH_C64(0x0B22D6829CD619C6), SPH_C64(0x17FD460A74DF2069),
SPH_C64(0x6CF8CC8E8510ED40), SPH_C64(0xD6C824BF3A6ECAA7),
SPH_C64(0x61243D581A817049), SPH_C64(0x048BACB6BBC163A2),
SPH_C64(0xD9A38AC27D44CC32), SPH_C64(0x7FDDFF5BAAF410AB),
SPH_C64(0xAD6D495AA804824B), SPH_C64(0xE1A6A74F2D8C9F94),
SPH_C64(0xD4F7851235DEE8E3), SPH_C64(0xFD4B7F886540D893),
SPH_C64(0x247C20042AA4BFDA), SPH_C64(0x096EA1C517D1327C),
SPH_C64(0xD56966B4361A6685), SPH_C64(0x277DA5C31221057D),
SPH_C64(0x94D59893A43ACFF7), SPH_C64(0x64F0C51CCDC02281),
SPH_C64(0x3D33BCC4FF6189DB), SPH_C64(0xE005CB184CE66AF1),
SPH_C64(0xFF5CCD1D1DB99BEA), SPH_C64(0xB0B854A7FE42980F),
SPH_C64(0x7BD46A6A718D4B9F), SPH_C64(0xD10FA8CC22A5FD8C),
SPH_C64(0xD31484952BE4BD31), SPH_C64(0xC7FA975FCB243847),
SPH_C64(0x4886ED1E5846C407), SPH_C64(0x28CDDB791EB70B04),
SPH_C64(0xC2B00BE2F573417F), SPH_C64(0x5C9590452180F877),
SPH_C64(0x7A6BDDFFF370EB00), SPH_C64(0xCE509E38D6D9D6A4),
SPH_C64(0xEBEB0F00647FA702), SPH_C64(0x1DCC06CF76606F06),
SPH_C64(0xE4D9F28BA286FF0A), SPH_C64(0xD85A305DC918C262),
SPH_C64(0x475B1D8732225F54), SPH_C64(0x2D4FB51668CCB5FE),
SPH_C64(0xA679B9D9D72BBA20), SPH_C64(0x53841C0D912D43A5),
SPH_C64(0x3B7EAA48BF12A4E8), SPH_C64(0x781E0E47F22F1DDF),
SPH_C64(0xEFF20CE60AB50973), SPH_C64(0x20D261D19DFFB742),
SPH_C64(0x16A12B03062A2E39), SPH_C64(0x1960EB2239650495),
SPH_C64(0x251C16FED50EB8B8), SPH_C64(0x9AC0C330F826016E),
SPH_C64(0xED152665953E7671), SPH_C64(0x02D63194A6369570),
SPH_C64(0x5074F08394B1C987), SPH_C64(0x70BA598C90B25CE1),
SPH_C64(0x794A15810B9742F6), SPH_C64(0x0D5925E9FCAF8C6C),
SPH_C64(0x3067716CD868744E), SPH_C64(0x910AB077E8D7731B),
SPH_C64(0x6A61BBDB5AC42F61), SPH_C64(0x93513EFBF0851567),
SPH_C64(0xF494724B9E83E9D5), SPH_C64(0xE887E1985C09648D),
SPH_C64(0x34B1D3C675370CFD), SPH_C64(0xDC35E433BC0D255D),
SPH_C64(0xD0AAB84234131BE0), SPH_C64(0x08042A50B48B7EAF),
SPH_C64(0x9997C4EE44A3AB35), SPH_C64(0x829A7B49201799D0),
SPH_C64(0x263B8307B7C54441), SPH_C64(0x752F95F4FD6A6CA6),
SPH_C64(0x927217402C08C6E5), SPH_C64(0x2A8AB754A795D9EE),
SPH_C64(0xA442F7552F72943D), SPH_C64(0x2C31334E19781208),
SPH_C64(0x4FA98D7CEAEE6291), SPH_C64(0x55C3862F665DB309),
SPH_C64(0xBD0610175D53B1F3), SPH_C64(0x46FE6CB840413F27),
SPH_C64(0x3FE03792DF0CFA59), SPH_C64(0xCFE700372EB85E8F),
SPH_C64(0xA7BE29E7ADBCE118), SPH_C64(0xE544EE5CDE8431DD),
SPH_C64(0x8A781B1B41F1873E), SPH_C64(0xA5C94C78A0D2F0E7),
SPH_C64(0x39412E2877B60728), SPH_C64(0xA1265EF3AFC9A62C),
SPH_C64(0xBCC2770C6A2506C5), SPH_C64(0x3AB66DD5DCE1CE12),
SPH_C64(0xE65499D04A675B37), SPH_C64(0x7D8F523481BFD216),
SPH_C64(0x0F6F64FCEC15F389), SPH_C64(0x74EFBE618B5B13C8),
SPH_C64(0xACDC82B714273E1D), SPH_C64(0xDD40BFE003199D17),
SPH_C64(0x37E99257E7E061F8), SPH_C64(0xFA52626904775AAA),
SPH_C64(0x8BBBF63A463D56F9), SPH_C64(0xF0013F1543A26E64),
SPH_C64(0xA8307E9F879EC898), SPH_C64(0xCC4C27A4150177CC),
SPH_C64(0x1B432F2CCA1D3348), SPH_C64(0xDE1D1F8F9F6FA013),
SPH_C64(0x606602A047A7DDD6), SPH_C64(0xD237AB64CC1CB2C7),
SPH_C64(0x9B938E7225FCD1D3), SPH_C64(0xEC4E03708E0FF476),
SPH_C64(0xFEB2FBDA3D03C12D), SPH_C64(0xAE0BCED2EE43889A),
SPH_C64(0x22CB8923EBFB4F43), SPH_C64(0x69360D013CF7396D),
SPH_C64(0x855E3602D2D4E022), SPH_C64(0x073805BAD01F784C),
SPH_C64(0x33E17A133852F546), SPH_C64(0xDF4874058AC7B638),
SPH_C64(0xBA92B29C678AA14A), SPH_C64(0x0CE89FC76CFAADCD),
SPH_C64(0x5F9D4E0908339E34), SPH_C64(0xF1AFE9291F5923B9),
SPH_C64(0x6E3480F60F4A265F), SPH_C64(0xEEBF3A2AB29B841C),
SPH_C64(0xE21938A88F91B4AD), SPH_C64(0x57DFEFF845C6D3C3),
SPH_C64(0x2F006B0BF62CAAF2), SPH_C64(0x62F479EF6F75EE78),
SPH_C64(0x11A55AD41C8916A9), SPH_C64(0xF229D29084FED453),
SPH_C64(0x42F1C27B16B000E6), SPH_C64(0x2B1F76749823C074),
SPH_C64(0x4B76ECA3C2745360), SPH_C64(0x8C98F463B91691BD),
SPH_C64(0x14BCC93CF1ADE66A), SPH_C64(0x8885213E6D458397),
SPH_C64(0x8E177DF0274D4711), SPH_C64(0xB49B73B5503F2951),
SPH_C64(0x10168168C3F96B6B), SPH_C64(0x0E3D963B63CAB0AE),
SPH_C64(0x8DFC4B5655A1DB14), SPH_C64(0xF789F1356E14DE5C),
SPH_C64(0x683E68AF4E51DAC1), SPH_C64(0xC9A84F9D8D4B0FD9),
SPH_C64(0x3691E03F52A0F9D1), SPH_C64(0x5ED86E46E1878E80),
SPH_C64(0x3C711A0E99D07150), SPH_C64(0x5A0865B20C4E9310),
SPH_C64(0x56FBFC1FE4F0682E), SPH_C64(0xEA8D5DE3105EDF9B),
SPH_C64(0x71ABFDB12379187A), SPH_C64(0x2EB99DE1BEE77B9C),
SPH_C64(0x21ECC0EA33CF4523), SPH_C64(0x59A4D7521805C7A1),
SPH_C64(0x3896F5EB56AE7C72), SPH_C64(0xAA638F3DB18F75DC),
SPH_C64(0x9F39358DABE9808E), SPH_C64(0xB7DEFA91C00B72AC),
SPH_C64(0x6B5541FD62492D92), SPH_C64(0x6DC6DEE8F92E4D5B),
SPH_C64(0x353F57ABC4BEEA7E), SPH_C64(0x735769D6DA5690CE),
SPH_C64(0x0A234AA642391484), SPH_C64(0xF6F9508028F80D9D),
SPH_C64(0xB8E319A27AB3F215), SPH_C64(0x31AD9C1151341A4D),
SPH_C64(0x773C22A57BEF5805), SPH_C64(0x45C7561A07968633),
SPH_C64(0xF913DA9E249DBE36), SPH_C64(0xDA652D9B78A64C68),
SPH_C64(0x4C27A97F3BC334EF), SPH_C64(0x76621220E66B17F4),
SPH_C64(0x967743899ACD7D0B), SPH_C64(0xF3EE5BCAE0ED6782),
SPH_C64(0x409F753600C879FC), SPH_C64(0x06D09A39B5926DB6),
SPH_C64(0x6F83AEB0317AC588), SPH_C64(0x01E6CA4A86381F21),
SPH_C64(0x66FF3462D19F3025), SPH_C64(0x72207C24DDFD3BFB),
SPH_C64(0x4AF6B6D3E2ECE2EB), SPH_C64(0x9C994DBEC7EA08DE),
SPH_C64(0x49ACE597B09A8BC4), SPH_C64(0xB38C4766CF0797BA),
SPH_C64(0x131B9373C57C2A75), SPH_C64(0xB1822CCE61931E58),
SPH_C64(0x9D7555B909BA1C0C), SPH_C64(0x127FAFDD937D11D2),
SPH_C64(0x29DA3BADC66D92E4), SPH_C64(0xA2C1D57154C2ECBC),
SPH_C64(0x58C5134D82F6FE24), SPH_C64(0x1C3AE3515B62274F),
SPH_C64(0xE907C82E01CB8126), SPH_C64(0xF8ED091913E37FCB),
SPH_C64(0x3249D8F9C80046C9), SPH_C64(0x80CF9BEDE388FB63),
SPH_C64(0x1881539A116CF19E), SPH_C64(0x5103F3F76BD52457),
SPH_C64(0x15B7E6F5AE47F7A8), SPH_C64(0xDBD7C6DED47E9CCF),
SPH_C64(0x44E55C410228BB1A), SPH_C64(0xB647D4255EDB4E99),
SPH_C64(0x5D11882BB8AAFC30), SPH_C64(0xF5098BBB29D3212A),
SPH_C64(0x8FB5EA14E90296B3), SPH_C64(0x677B942157DD025A),
SPH_C64(0xFB58E7C0A390ACB5), SPH_C64(0x89D3674C83BD4A01),
SPH_C64(0x9E2DA4DF4BF3B93B), SPH_C64(0xFCC41E328CAB4829),
SPH_C64(0x03F38C96BA582C52), SPH_C64(0xCAD1BDBD7FD85DB2),
SPH_C64(0xBBB442C16082AE83), SPH_C64(0xB95FE86BA5DA9AB0),
SPH_C64(0xB22E04673771A93F), SPH_C64(0x845358C9493152D8),
SPH_C64(0xBE2A488697B4541E), SPH_C64(0x95A2DC2DD38E6966),
SPH_C64(0xC02C11AC923C852B), SPH_C64(0x2388B1990DF2A87B),
SPH_C64(0x7C8008FA1B4F37BE), SPH_C64(0x1F70D0C84D54E503),
SPH_C64(0x5490ADEC7ECE57D4), SPH_C64(0x002B3C27D9063A3A),
SPH_C64(0x7EAEA3848030A2BF), SPH_C64(0xC602326DED2003C0),
SPH_C64(0x83A7287D69A94086), SPH_C64(0xC57A5FCB30F57A8A),
SPH_C64(0xB56844E479EBE779), SPH_C64(0xA373B40F05DCBCE9),
SPH_C64(0xD71A786E88570EE2), SPH_C64(0x879CBACDBDE8F6A0),
SPH_C64(0x976AD1BCC164A32F), SPH_C64(0xAB21E25E9666D78B),
SPH_C64(0x901063AAE5E5C33C), SPH_C64(0x9818B34448698D90),
SPH_C64(0xE36487AE3E1E8ABB), SPH_C64(0xAFBDF931893BDCB4),
SPH_C64(0x6345A0DC5FBBD519), SPH_C64(0x8628FE269B9465CA),
SPH_C64(0x1E5D01603F9C51EC), SPH_C64(0x4DE44006A15049B7),
SPH_C64(0xBF6C70E5F776CBB1), SPH_C64(0x411218F2EF552BED),
SPH_C64(0xCB0C0708705A36A3), SPH_C64(0xE74D14754F986044),
SPH_C64(0xCD56D9430EA8280E), SPH_C64(0xC12591D7535F5065),
SPH_C64(0xC83223F1720AEF96), SPH_C64(0xC3A0396F7363A51F),
};
#define PASS(a, b, c, mul) do { \
ROUND(a, b, c, X0, mul); \
ROUND(b, c, a, X1, mul); \
ROUND(c, a, b, X2, mul); \
ROUND(a, b, c, X3, mul); \
ROUND(b, c, a, X4, mul); \
ROUND(c, a, b, X5, mul); \
ROUND(a, b, c, X6, mul); \
ROUND(b, c, a, X7, mul); \
} while (0)
#define ROUND(a, b, c, x, mul) do { \
c ^= x; \
a = SPH_T64(a - (T1[c & 0xFF] ^ T2[(c >> 16) & 0xFF] \
^ T3[(c >> 32) & 0xFF] ^ T4[(c >> 48) & 0xFF])); \
b = SPH_T64(b + (T4[(c >> 8) & 0xFF] ^ T3[(c >> 24) & 0xFF] \
^ T2[(c >> 40) & 0xFF] ^ T1[(c >> 56) & 0xFF])); \
b = mul(b); \
} while (0)
#define MUL5(x) SPH_T64((x) * SPH_C64(5))
#define MUL7(x) SPH_T64((x) * SPH_C64(7))
#define MUL9(x) SPH_T64((x) * SPH_C64(9))
#define KSCHED do { \
X0 = SPH_T64(X0 - (X7 ^ SPH_C64(0xA5A5A5A5A5A5A5A5))); \
X1 ^= X0; \
X2 = SPH_T64(X2 + X1); \
X3 = SPH_T64(X3 - (X2 ^ (~X1 << 19))); \
X4 ^= X3; \
X5 = SPH_T64(X5 + X4); \
X6 = SPH_T64(X6 - (X5 ^ (~X4 >> 23))); \
X7 ^= X6; \
X0 = SPH_T64(X0 + X7); \
X1 = SPH_T64(X1 - (X0 ^ (~X7 << 19))); \
X2 ^= X1; \
X3 = SPH_T64(X3 + X2); \
X4 = SPH_T64(X4 - (X3 ^ (~X2 >> 23))); \
X5 ^= X4; \
X6 = SPH_T64(X6 + X5); \
X7 = SPH_T64(X7 - (X6 ^ SPH_C64(0x0123456789ABCDEF))); \
} while (0)
#define TIGER_ROUND_BODY(in, r) do { \
sph_u64 A, B, C; \
sph_u64 X0, X1, X2, X3, X4, X5, X6, X7; \
\
A = (r)[0]; \
B = (r)[1]; \
C = (r)[2]; \
\
X0 = (in(0)); \
X1 = (in(1)); \
X2 = (in(2)); \
X3 = (in(3)); \
X4 = (in(4)); \
X5 = (in(5)); \
X6 = (in(6)); \
X7 = (in(7)); \
PASS(A, B, C, MUL5); \
KSCHED; \
PASS(C, A, B, MUL7); \
KSCHED; \
PASS(B, C, A, MUL9); \
\
(r)[0] ^= A; \
(r)[1] = SPH_T64(B - (r)[1]); \
(r)[2] = SPH_T64(C + (r)[2]); \
} while (0)
/*
* One round of Tiger. The data must be aligned for 64-bit access.
*/
static void
tiger_round(const unsigned char *data, sph_u64 r[3])
{
#define TIGER_IN(i) sph_dec64le_aligned(data + 8 * (i))
TIGER_ROUND_BODY(TIGER_IN, r);
#undef TIGER_IN
}
/* see sph_tiger.h */
void
sph_tiger_init(void *cc)
{
sph_tiger_context *sc;
sc = (sph_tiger_context*)cc;
sc->val[0] = SPH_C64(0x0123456789ABCDEF);
sc->val[1] = SPH_C64(0xFEDCBA9876543210);
sc->val[2] = SPH_C64(0xF096A5B4C3B2E187);
sc->count = 0;
}
#define RFUN tiger_round
#define HASH tiger
#define LE64 1
#define BLEN 64U
#define PW01 1
#define PLW1 1
#include "md_helper.c"
/* see sph_tiger.h */
void
sph_tiger_close(void *cc, void *dst)
{
tiger_close(cc, dst, 3);
sph_tiger_init(cc);
}
/* see sph_tiger.h */
void
sph_tiger_comp(const sph_u64 msg[8], sph_u64 val[3])
{
#define TIGER_IN(i) msg[i]
TIGER_ROUND_BODY(TIGER_IN, val);
#undef TIGER_IN
}
#undef HASH
#define HASH tiger2
#undef PW01
#define CLOSE_ONLY 1
#include "md_helper.c"
/* see sph_tiger.h */
void
sph_tiger2_close(void *cc, void *dst)
{
tiger2_close(cc, dst, 3);
sph_tiger2_init(cc);
}
#endif

192
stratum/sha3/sph_tiger.h Normal file
View file

@ -0,0 +1,192 @@
/* $Id: sph_tiger.h 216 2010-06-08 09:46:57Z tp $ */
/**
* Tiger / Tiger-2 interface.
*
* Tiger has been published in: R. Anderson, E. Biham, "Tiger: A Fast
* New Hash Function", Fast Software Encryption - FSE'96, LNCS 1039,
* Springer (1996), pp. 89--97.
*
* Tiger2 has never been formally published, but it was described as
* identical to Tiger, except for the padding which is the same in
* Tiger2 as it is in MD4. Fortunately, an implementation of Tiger2
* was submitted to NESSIE, which produced test vectors; the sphlib
* implementation of Tiger2 is compatible with the NESSIE test vectors.
*
* ==========================(LICENSE BEGIN)============================
*
* Copyright (c) 2007-2010 Projet RNRT SAPHIR
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*
* ===========================(LICENSE END)=============================
*
* @file sph_tiger.h
* @author Thomas Pornin <thomas.pornin@cryptolog.com>
*/
#ifndef SPH_TIGER_H__
#define SPH_TIGER_H__
#include <stddef.h>
#include "sph_types.h"
#if SPH_64
/**
* Output size (in bits) for Tiger.
*/
#define SPH_SIZE_tiger 192
/**
* Output size (in bits) for Tiger2.
*/
#define SPH_SIZE_tiger2 192
/**
* This structure is a context for Tiger computations: it contains the
* intermediate values and some data from the last entered block. Once
* a Tiger computation has been performed, the context can be reused for
* another computation.
*
* The contents of this structure are private. A running Tiger computation
* can be cloned by copying the context (e.g. with a simple
* <code>memcpy()</code>).
*/
typedef struct {
#ifndef DOXYGEN_IGNORE
unsigned char buf[64]; /* first field, for alignment */
sph_u64 val[3];
sph_u64 count;
#endif
} sph_tiger_context;
/**
* Initialize a Tiger context. This process performs no memory allocation.
*
* @param cc the Tiger context (pointer to
* a <code>sph_tiger_context</code>)
*/
void sph_tiger_init(void *cc);
/**
* Process some data bytes. It is acceptable that <code>len</code> is zero
* (in which case this function does nothing).
*
* @param cc the Tiger context
* @param data the input data
* @param len the input data length (in bytes)
*/
void sph_tiger(void *cc, const void *data, size_t len);
/**
* Terminate the current Tiger computation and output the result into the
* provided buffer. The destination buffer must be wide enough to
* accomodate the result (24 bytes). The context is automatically
* reinitialized.
*
* @param cc the Tiger context
* @param dst the destination buffer
*/
void sph_tiger_close(void *cc, void *dst);
/**
* Apply the Tiger compression function on the provided data. The
* <code>msg</code> parameter contains the 8 64-bit input blocks,
* as numerical values (hence after the little-endian decoding). The
* <code>val</code> parameter contains the 3 64-bit input blocks for
* the compression function; the output is written in place in this
* array.
*
* @param msg the message block (8 values)
* @param val the function 192-bit input and output
*/
void sph_tiger_comp(const sph_u64 msg[8], sph_u64 val[3]);
/**
* This structure is a context for Tiger2 computations. It is identical
* to the Tiger context, and they may be freely exchanged, since the
* difference between Tiger and Tiger2 resides solely in the padding, which
* is computed only in the last computation step.
*/
typedef sph_tiger_context sph_tiger2_context;
#ifdef DOXYGEN_IGNORE
/**
* Initialize a Tiger2 context. This function is identical to
* <code>sph_tiger_init()</code>.
*
* @param cc the Tiger2 context (pointer to
* a <code>sph_tiger2_context</code>)
*/
void sph_tiger2_init(void *cc);
#endif
#ifndef DOXYGEN_IGNORE
#define sph_tiger2_init sph_tiger_init
#endif
#ifdef DOXYGEN_IGNORE
/**
* Process some data bytes. This function is identical to
* <code>sph_tiger()</code>.
*
* @param cc the Tiger2 context
* @param data the input data
* @param len the input data length (in bytes)
*/
void sph_tiger2(void *cc, const void *data, size_t len);
#endif
#ifndef DOXYGEN_IGNORE
#define sph_tiger2 sph_tiger
#endif
/**
* Terminate the current Tiger2 computation and output the result into the
* provided buffer. The destination buffer must be wide enough to
* accomodate the result (24 bytes). The context is automatically
* reinitialized. Note that this function is NOT identical to
* <code>sph_tiger2_close()</code>: this is the exact and unique point
* where Tiger and Tiger2 differ.
*
* @param cc the Tiger context
* @param dst the destination buffer
*/
void sph_tiger2_close(void *cc, void *dst);
#ifdef DOXYGEN_IGNORE
/**
* Apply the Tiger2 compression function, which is identical to the Tiger
* compression function.
*
* @param msg the message block (8 values)
* @param val the function 192-bit input and output
*/
void sph_tiger2_comp(const sph_u64 msg[8], sph_u64 val[3]);
#endif
#ifndef DOXYGEN_IGNORE
#define sph_tiger2_comp sph_tiger_comp
#endif
#endif
#endif

2
stratum/stratum.cpp
View file

@ -116,7 +116,7 @@ YAAMP_ALGO g_algos[] =
// {"whirlpoolx", whirlpoolx_hash, 1, 0, 0},
// {"jha", jha_hash, 1, 0, 0},
// {"m7", NULL, 1, 0},
{"m7m", m7m_hash, 0x10000, 0, 0},
{"", NULL, 0, 0},
};

6
stratum/stratum.h
View file

@ -143,12 +143,10 @@ void sha256_double_hash_hex(const char *input, char *output, unsigned int len);
#include "algos/bmw.h"
#include "algos/luffa.h"
#include "algos/pentablake.h"
//#include "algos/whirlpoolx.h"
#include "algos/whirlpoolx.h"
#include "algos/skein2.h"
#include "algos/zr5.h"
#include "algos/hive.h"
#include "algos/sib.h"
//#include "jha.h"
//#include "hash/m7m.h"
#include "algos/m7m.h"

5
web/yaamp/core/functions/yaamp.php
View file

@ -20,7 +20,7 @@ function yaamp_get_algos()
'x13',
'x15',
'groestl', // dmd-gr -m 256
//'hive',
'm7m',
'sib',
'skein',
'skein2',
@ -76,6 +76,7 @@ function getAlgoColors($algo)
'x15' => '#f0b0a0',
'hive' => '#d0a0a0',
'luffa' => '#a0c0c0',
'm7m' => '#d0a0a0',
'penta' => '#80c0c0',
'nist5' => '#e0d0e0',
'quark' => '#c0c0c0',
@ -127,7 +128,7 @@ function getAlgoPort($algo)
'blake' => 5733,
'penta' => 5833,
'luffa' => 5933,
'hive' => 6033,
'm7m' => 6033,
);
global $configCustomPorts;