VirtualBox

source: vbox/trunk/src/libs/openssl-3.0.1/crypto/whrlpool/wp_block.c@ 94081

最後變更 在這個檔案從94081是 91772,由 vboxsync 提交於 3 年 前

openssl-1.1.1l: Applied and adjusted our OpenSSL changes to 1.1.1l. bugref:10126
檔案大小: 34.3 KB
 
1/*
2 * Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10/**
11 * The Whirlpool hashing function.
12 *
13 * See
14 * P.S.L.M. Barreto, V. Rijmen,
15 * ``The Whirlpool hashing function,''
16 * NESSIE submission, 2000 (tweaked version, 2001),
17 * <https://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/whirlpool.zip>
18 *
19 * Based on "@version 3.0 (2003.03.12)" by Paulo S.L.M. Barreto and
20 * Vincent Rijmen. Lookup "reference implementations" on
21 * <http://planeta.terra.com.br/informatica/paulobarreto/>
22 *
23 * =============================================================================
24 *
25 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
26 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
27 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
28 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
29 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
30 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
32 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
33 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
34 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
35 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 *
37 */
38
39#include "wp_local.h"
40#include <string.h>
41
42typedef unsigned char u8;
43#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32)
44typedef unsigned __int64 u64;
45#elif defined(__arch64__)
46typedef unsigned long u64;
47#else
48typedef unsigned long long u64;
49#endif
50
51#define ROUNDS 10
52
53#define STRICT_ALIGNMENT
54#if !defined(PEDANTIC) && (defined(__i386) || defined(__i386__) || \
55 defined(__x86_64) || defined(__x86_64__) || \
56 defined(_M_IX86) || defined(_M_AMD64) || \
57 defined(_M_X64))
58/*
59 * Well, formally there're couple of other architectures, which permit
60 * unaligned loads, specifically those not crossing cache lines, IA-64 and
61 * PowerPC...
62 */
63# undef STRICT_ALIGNMENT
64#endif
65
66#ifndef STRICT_ALIGNMENT
67# ifdef __GNUC__
68typedef u64 u64_a1 __attribute((__aligned__(1)));
69# else
70typedef u64 u64_a1;
71# endif
72#endif
73
74#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT)
75typedef u64 u64_aX __attribute((__aligned__(1)));
76#else
77typedef u64 u64_aX;
78#endif
79
80#undef SMALL_REGISTER_BANK
81#if defined(__i386) || defined(__i386__) || defined(_M_IX86)
82# define SMALL_REGISTER_BANK
83# if defined(WHIRLPOOL_ASM)
84# ifndef OPENSSL_SMALL_FOOTPRINT
85/*
86 * it appears that for elder non-MMX
87 * CPUs this is actually faster!
88 */
89# define OPENSSL_SMALL_FOOTPRINT
90# endif
91# define GO_FOR_MMX(ctx,inp,num) do { \
92 extern unsigned long OPENSSL_ia32cap_P[]; \
93 void whirlpool_block_mmx(void *,const void *,size_t); \
94 if (!(OPENSSL_ia32cap_P[0] & (1<<23))) break; \
95 whirlpool_block_mmx(ctx->H.c,inp,num); return; \
96 } while (0)
97# endif
98#endif
99
100#undef ROTATE
101#ifndef PEDANTIC
102# if defined(_MSC_VER)
103# if defined(_WIN64) /* applies to both IA-64 and AMD64 */
104# include <stdlib.h>
105# pragma intrinsic(_rotl64)
106# define ROTATE(a,n) _rotl64((a),n)
107# endif
108# elif defined(__GNUC__) && __GNUC__>=2
109# if defined(__x86_64) || defined(__x86_64__)
110# if defined(L_ENDIAN)
111# define ROTATE(a,n) ({ u64 ret; asm ("rolq %1,%0" \
112 : "=r"(ret) : "J"(n),"0"(a) : "cc"); ret; })
113# elif defined(B_ENDIAN)
114 /*
115 * Most will argue that x86_64 is always little-endian. Well, yes, but
116 * then we have stratus.com who has modified gcc to "emulate"
117 * big-endian on x86. Is there evidence that they [or somebody else]
118 * won't do same for x86_64? Naturally no. And this line is waiting
119 * ready for that brave soul:-)
120 */
121# define ROTATE(a,n) ({ u64 ret; asm ("rorq %1,%0" \
122 : "=r"(ret) : "J"(n),"0"(a) : "cc"); ret; })
123# endif
124# elif defined(__ia64) || defined(__ia64__)
125# if defined(L_ENDIAN)
126# define ROTATE(a,n) ({ u64 ret; asm ("shrp %0=%1,%1,%2" \
127 : "=r"(ret) : "r"(a),"M"(64-(n))); ret; })
128# elif defined(B_ENDIAN)
129# define ROTATE(a,n) ({ u64 ret; asm ("shrp %0=%1,%1,%2" \
130 : "=r"(ret) : "r"(a),"M"(n)); ret; })
131# endif
132# endif
133# endif
134#endif
135
136#if defined(OPENSSL_SMALL_FOOTPRINT)
137# if !defined(ROTATE)
138# if defined(L_ENDIAN) /* little-endians have to rotate left */
139# define ROTATE(i,n) ((i)<<(n) ^ (i)>>(64-n))
140# elif defined(B_ENDIAN) /* big-endians have to rotate right */
141# define ROTATE(i,n) ((i)>>(n) ^ (i)<<(64-n))
142# endif
143# endif
144# if defined(ROTATE) && !defined(STRICT_ALIGNMENT)
145# define STRICT_ALIGNMENT /* ensure smallest table size */
146# endif
147#endif
148
149/*
150 * Table size depends on STRICT_ALIGNMENT and whether or not endian-
151 * specific ROTATE macro is defined. If STRICT_ALIGNMENT is not
152 * defined, which is normally the case on x86[_64] CPUs, the table is
153 * 4KB large unconditionally. Otherwise if ROTATE is defined, the
154 * table is 2KB large, and otherwise - 16KB. 2KB table requires a
155 * whole bunch of additional rotations, but I'm willing to "trade,"
156 * because 16KB table certainly trashes L1 cache. I wish all CPUs
157 * could handle unaligned load as 4KB table doesn't trash the cache,
158 * nor does it require additional rotations.
159 */
160/*
161 * Note that every Cn macro expands as two loads: one byte load and
162 * one quadword load. One can argue that that many single-byte loads
163 * is too excessive, as one could load a quadword and "milk" it for
164 * eight 8-bit values instead. Well, yes, but in order to do so *and*
165 * avoid excessive loads you have to accommodate a handful of 64-bit
166 * values in the register bank and issue a bunch of shifts and mask.
167 * It's a tradeoff: loads vs. shift and mask in big register bank[!].
168 * On most CPUs eight single-byte loads are faster and I let other
169 * ones to depend on smart compiler to fold byte loads if beneficial.
170 * Hand-coded assembler would be another alternative:-)
171 */
172#ifdef STRICT_ALIGNMENT
173# if defined(ROTATE)
174# define N 1
175# define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7
176# define C0(K,i) (Cx.q[K.c[(i)*8+0]])
177# define C1(K,i) ROTATE(Cx.q[K.c[(i)*8+1]],8)
178# define C2(K,i) ROTATE(Cx.q[K.c[(i)*8+2]],16)
179# define C3(K,i) ROTATE(Cx.q[K.c[(i)*8+3]],24)
180# define C4(K,i) ROTATE(Cx.q[K.c[(i)*8+4]],32)
181# define C5(K,i) ROTATE(Cx.q[K.c[(i)*8+5]],40)
182# define C6(K,i) ROTATE(Cx.q[K.c[(i)*8+6]],48)
183# define C7(K,i) ROTATE(Cx.q[K.c[(i)*8+7]],56)
184# else
185# define N 8
186# define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7, \
187 c7,c0,c1,c2,c3,c4,c5,c6, \
188 c6,c7,c0,c1,c2,c3,c4,c5, \
189 c5,c6,c7,c0,c1,c2,c3,c4, \
190 c4,c5,c6,c7,c0,c1,c2,c3, \
191 c3,c4,c5,c6,c7,c0,c1,c2, \
192 c2,c3,c4,c5,c6,c7,c0,c1, \
193 c1,c2,c3,c4,c5,c6,c7,c0
194# define C0(K,i) (Cx.q[0+8*K.c[(i)*8+0]])
195# define C1(K,i) (Cx.q[1+8*K.c[(i)*8+1]])
196# define C2(K,i) (Cx.q[2+8*K.c[(i)*8+2]])
197# define C3(K,i) (Cx.q[3+8*K.c[(i)*8+3]])
198# define C4(K,i) (Cx.q[4+8*K.c[(i)*8+4]])
199# define C5(K,i) (Cx.q[5+8*K.c[(i)*8+5]])
200# define C6(K,i) (Cx.q[6+8*K.c[(i)*8+6]])
201# define C7(K,i) (Cx.q[7+8*K.c[(i)*8+7]])
202# endif
203#else
204# define N 2
205# define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7, \
206 c0,c1,c2,c3,c4,c5,c6,c7
207# define C0(K,i) (((u64*)(Cx.c+0))[2*K.c[(i)*8+0]])
208# define C1(K,i) (((u64_a1*)(Cx.c+7))[2*K.c[(i)*8+1]])
209# define C2(K,i) (((u64_a1*)(Cx.c+6))[2*K.c[(i)*8+2]])
210# define C3(K,i) (((u64_a1*)(Cx.c+5))[2*K.c[(i)*8+3]])
211# define C4(K,i) (((u64_a1*)(Cx.c+4))[2*K.c[(i)*8+4]])
212# define C5(K,i) (((u64_a1*)(Cx.c+3))[2*K.c[(i)*8+5]])
213# define C6(K,i) (((u64_a1*)(Cx.c+2))[2*K.c[(i)*8+6]])
214# define C7(K,i) (((u64_a1*)(Cx.c+1))[2*K.c[(i)*8+7]])
215#endif
216
217static const
218 union {
219 u8 c[(256 * N + ROUNDS) * sizeof(u64)];
220 u64 q[(256 * N + ROUNDS)];
221} Cx = {
222 {
223 /* Note endian-neutral representation:-) */
224 LL(0x18, 0x18, 0x60, 0x18, 0xc0, 0x78, 0x30, 0xd8),
225 LL(0x23, 0x23, 0x8c, 0x23, 0x05, 0xaf, 0x46, 0x26),
226 LL(0xc6, 0xc6, 0x3f, 0xc6, 0x7e, 0xf9, 0x91, 0xb8),
227 LL(0xe8, 0xe8, 0x87, 0xe8, 0x13, 0x6f, 0xcd, 0xfb),
228 LL(0x87, 0x87, 0x26, 0x87, 0x4c, 0xa1, 0x13, 0xcb),
229 LL(0xb8, 0xb8, 0xda, 0xb8, 0xa9, 0x62, 0x6d, 0x11),
230 LL(0x01, 0x01, 0x04, 0x01, 0x08, 0x05, 0x02, 0x09),
231 LL(0x4f, 0x4f, 0x21, 0x4f, 0x42, 0x6e, 0x9e, 0x0d),
232 LL(0x36, 0x36, 0xd8, 0x36, 0xad, 0xee, 0x6c, 0x9b),
233 LL(0xa6, 0xa6, 0xa2, 0xa6, 0x59, 0x04, 0x51, 0xff),
234 LL(0xd2, 0xd2, 0x6f, 0xd2, 0xde, 0xbd, 0xb9, 0x0c),
235 LL(0xf5, 0xf5, 0xf3, 0xf5, 0xfb, 0x06, 0xf7, 0x0e),
236 LL(0x79, 0x79, 0xf9, 0x79, 0xef, 0x80, 0xf2, 0x96),
237 LL(0x6f, 0x6f, 0xa1, 0x6f, 0x5f, 0xce, 0xde, 0x30),
238 LL(0x91, 0x91, 0x7e, 0x91, 0xfc, 0xef, 0x3f, 0x6d),
239 LL(0x52, 0x52, 0x55, 0x52, 0xaa, 0x07, 0xa4, 0xf8),
240 LL(0x60, 0x60, 0x9d, 0x60, 0x27, 0xfd, 0xc0, 0x47),
241 LL(0xbc, 0xbc, 0xca, 0xbc, 0x89, 0x76, 0x65, 0x35),
242 LL(0x9b, 0x9b, 0x56, 0x9b, 0xac, 0xcd, 0x2b, 0x37),
243 LL(0x8e, 0x8e, 0x02, 0x8e, 0x04, 0x8c, 0x01, 0x8a),
244 LL(0xa3, 0xa3, 0xb6, 0xa3, 0x71, 0x15, 0x5b, 0xd2),
245 LL(0x0c, 0x0c, 0x30, 0x0c, 0x60, 0x3c, 0x18, 0x6c),
246 LL(0x7b, 0x7b, 0xf1, 0x7b, 0xff, 0x8a, 0xf6, 0x84),
247 LL(0x35, 0x35, 0xd4, 0x35, 0xb5, 0xe1, 0x6a, 0x80),
248 LL(0x1d, 0x1d, 0x74, 0x1d, 0xe8, 0x69, 0x3a, 0xf5),
249 LL(0xe0, 0xe0, 0xa7, 0xe0, 0x53, 0x47, 0xdd, 0xb3),
250 LL(0xd7, 0xd7, 0x7b, 0xd7, 0xf6, 0xac, 0xb3, 0x21),
251 LL(0xc2, 0xc2, 0x2f, 0xc2, 0x5e, 0xed, 0x99, 0x9c),
252 LL(0x2e, 0x2e, 0xb8, 0x2e, 0x6d, 0x96, 0x5c, 0x43),
253 LL(0x4b, 0x4b, 0x31, 0x4b, 0x62, 0x7a, 0x96, 0x29),
254 LL(0xfe, 0xfe, 0xdf, 0xfe, 0xa3, 0x21, 0xe1, 0x5d),
255 LL(0x57, 0x57, 0x41, 0x57, 0x82, 0x16, 0xae, 0xd5),
256 LL(0x15, 0x15, 0x54, 0x15, 0xa8, 0x41, 0x2a, 0xbd),
257 LL(0x77, 0x77, 0xc1, 0x77, 0x9f, 0xb6, 0xee, 0xe8),
258 LL(0x37, 0x37, 0xdc, 0x37, 0xa5, 0xeb, 0x6e, 0x92),
259 LL(0xe5, 0xe5, 0xb3, 0xe5, 0x7b, 0x56, 0xd7, 0x9e),
260 LL(0x9f, 0x9f, 0x46, 0x9f, 0x8c, 0xd9, 0x23, 0x13),
261 LL(0xf0, 0xf0, 0xe7, 0xf0, 0xd3, 0x17, 0xfd, 0x23),
262 LL(0x4a, 0x4a, 0x35, 0x4a, 0x6a, 0x7f, 0x94, 0x20),
263 LL(0xda, 0xda, 0x4f, 0xda, 0x9e, 0x95, 0xa9, 0x44),
264 LL(0x58, 0x58, 0x7d, 0x58, 0xfa, 0x25, 0xb0, 0xa2),
265 LL(0xc9, 0xc9, 0x03, 0xc9, 0x06, 0xca, 0x8f, 0xcf),
266 LL(0x29, 0x29, 0xa4, 0x29, 0x55, 0x8d, 0x52, 0x7c),
267 LL(0x0a, 0x0a, 0x28, 0x0a, 0x50, 0x22, 0x14, 0x5a),
268 LL(0xb1, 0xb1, 0xfe, 0xb1, 0xe1, 0x4f, 0x7f, 0x50),
269 LL(0xa0, 0xa0, 0xba, 0xa0, 0x69, 0x1a, 0x5d, 0xc9),
270 LL(0x6b, 0x6b, 0xb1, 0x6b, 0x7f, 0xda, 0xd6, 0x14),
271 LL(0x85, 0x85, 0x2e, 0x85, 0x5c, 0xab, 0x17, 0xd9),
272 LL(0xbd, 0xbd, 0xce, 0xbd, 0x81, 0x73, 0x67, 0x3c),
273 LL(0x5d, 0x5d, 0x69, 0x5d, 0xd2, 0x34, 0xba, 0x8f),
274 LL(0x10, 0x10, 0x40, 0x10, 0x80, 0x50, 0x20, 0x90),
275 LL(0xf4, 0xf4, 0xf7, 0xf4, 0xf3, 0x03, 0xf5, 0x07),
276 LL(0xcb, 0xcb, 0x0b, 0xcb, 0x16, 0xc0, 0x8b, 0xdd),
277 LL(0x3e, 0x3e, 0xf8, 0x3e, 0xed, 0xc6, 0x7c, 0xd3),
278 LL(0x05, 0x05, 0x14, 0x05, 0x28, 0x11, 0x0a, 0x2d),
279 LL(0x67, 0x67, 0x81, 0x67, 0x1f, 0xe6, 0xce, 0x78),
280 LL(0xe4, 0xe4, 0xb7, 0xe4, 0x73, 0x53, 0xd5, 0x97),
281 LL(0x27, 0x27, 0x9c, 0x27, 0x25, 0xbb, 0x4e, 0x02),
282 LL(0x41, 0x41, 0x19, 0x41, 0x32, 0x58, 0x82, 0x73),
283 LL(0x8b, 0x8b, 0x16, 0x8b, 0x2c, 0x9d, 0x0b, 0xa7),
284 LL(0xa7, 0xa7, 0xa6, 0xa7, 0x51, 0x01, 0x53, 0xf6),
285 LL(0x7d, 0x7d, 0xe9, 0x7d, 0xcf, 0x94, 0xfa, 0xb2),
286 LL(0x95, 0x95, 0x6e, 0x95, 0xdc, 0xfb, 0x37, 0x49),
287 LL(0xd8, 0xd8, 0x47, 0xd8, 0x8e, 0x9f, 0xad, 0x56),
288 LL(0xfb, 0xfb, 0xcb, 0xfb, 0x8b, 0x30, 0xeb, 0x70),
289 LL(0xee, 0xee, 0x9f, 0xee, 0x23, 0x71, 0xc1, 0xcd),
290 LL(0x7c, 0x7c, 0xed, 0x7c, 0xc7, 0x91, 0xf8, 0xbb),
291 LL(0x66, 0x66, 0x85, 0x66, 0x17, 0xe3, 0xcc, 0x71),
292 LL(0xdd, 0xdd, 0x53, 0xdd, 0xa6, 0x8e, 0xa7, 0x7b),
293 LL(0x17, 0x17, 0x5c, 0x17, 0xb8, 0x4b, 0x2e, 0xaf),
294 LL(0x47, 0x47, 0x01, 0x47, 0x02, 0x46, 0x8e, 0x45),
295 LL(0x9e, 0x9e, 0x42, 0x9e, 0x84, 0xdc, 0x21, 0x1a),
296 LL(0xca, 0xca, 0x0f, 0xca, 0x1e, 0xc5, 0x89, 0xd4),
297 LL(0x2d, 0x2d, 0xb4, 0x2d, 0x75, 0x99, 0x5a, 0x58),
298 LL(0xbf, 0xbf, 0xc6, 0xbf, 0x91, 0x79, 0x63, 0x2e),
299 LL(0x07, 0x07, 0x1c, 0x07, 0x38, 0x1b, 0x0e, 0x3f),
300 LL(0xad, 0xad, 0x8e, 0xad, 0x01, 0x23, 0x47, 0xac),
301 LL(0x5a, 0x5a, 0x75, 0x5a, 0xea, 0x2f, 0xb4, 0xb0),
302 LL(0x83, 0x83, 0x36, 0x83, 0x6c, 0xb5, 0x1b, 0xef),
303 LL(0x33, 0x33, 0xcc, 0x33, 0x85, 0xff, 0x66, 0xb6),
304 LL(0x63, 0x63, 0x91, 0x63, 0x3f, 0xf2, 0xc6, 0x5c),
305 LL(0x02, 0x02, 0x08, 0x02, 0x10, 0x0a, 0x04, 0x12),
306 LL(0xaa, 0xaa, 0x92, 0xaa, 0x39, 0x38, 0x49, 0x93),
307 LL(0x71, 0x71, 0xd9, 0x71, 0xaf, 0xa8, 0xe2, 0xde),
308 LL(0xc8, 0xc8, 0x07, 0xc8, 0x0e, 0xcf, 0x8d, 0xc6),
309 LL(0x19, 0x19, 0x64, 0x19, 0xc8, 0x7d, 0x32, 0xd1),
310 LL(0x49, 0x49, 0x39, 0x49, 0x72, 0x70, 0x92, 0x3b),
311 LL(0xd9, 0xd9, 0x43, 0xd9, 0x86, 0x9a, 0xaf, 0x5f),
312 LL(0xf2, 0xf2, 0xef, 0xf2, 0xc3, 0x1d, 0xf9, 0x31),
313 LL(0xe3, 0xe3, 0xab, 0xe3, 0x4b, 0x48, 0xdb, 0xa8),
314 LL(0x5b, 0x5b, 0x71, 0x5b, 0xe2, 0x2a, 0xb6, 0xb9),
315 LL(0x88, 0x88, 0x1a, 0x88, 0x34, 0x92, 0x0d, 0xbc),
316 LL(0x9a, 0x9a, 0x52, 0x9a, 0xa4, 0xc8, 0x29, 0x3e),
317 LL(0x26, 0x26, 0x98, 0x26, 0x2d, 0xbe, 0x4c, 0x0b),
318 LL(0x32, 0x32, 0xc8, 0x32, 0x8d, 0xfa, 0x64, 0xbf),
319 LL(0xb0, 0xb0, 0xfa, 0xb0, 0xe9, 0x4a, 0x7d, 0x59),
320 LL(0xe9, 0xe9, 0x83, 0xe9, 0x1b, 0x6a, 0xcf, 0xf2),
321 LL(0x0f, 0x0f, 0x3c, 0x0f, 0x78, 0x33, 0x1e, 0x77),
322 LL(0xd5, 0xd5, 0x73, 0xd5, 0xe6, 0xa6, 0xb7, 0x33),
323 LL(0x80, 0x80, 0x3a, 0x80, 0x74, 0xba, 0x1d, 0xf4),
324 LL(0xbe, 0xbe, 0xc2, 0xbe, 0x99, 0x7c, 0x61, 0x27),
325 LL(0xcd, 0xcd, 0x13, 0xcd, 0x26, 0xde, 0x87, 0xeb),
326 LL(0x34, 0x34, 0xd0, 0x34, 0xbd, 0xe4, 0x68, 0x89),
327 LL(0x48, 0x48, 0x3d, 0x48, 0x7a, 0x75, 0x90, 0x32),
328 LL(0xff, 0xff, 0xdb, 0xff, 0xab, 0x24, 0xe3, 0x54),
329 LL(0x7a, 0x7a, 0xf5, 0x7a, 0xf7, 0x8f, 0xf4, 0x8d),
330 LL(0x90, 0x90, 0x7a, 0x90, 0xf4, 0xea, 0x3d, 0x64),
331 LL(0x5f, 0x5f, 0x61, 0x5f, 0xc2, 0x3e, 0xbe, 0x9d),
332 LL(0x20, 0x20, 0x80, 0x20, 0x1d, 0xa0, 0x40, 0x3d),
333 LL(0x68, 0x68, 0xbd, 0x68, 0x67, 0xd5, 0xd0, 0x0f),
334 LL(0x1a, 0x1a, 0x68, 0x1a, 0xd0, 0x72, 0x34, 0xca),
335 LL(0xae, 0xae, 0x82, 0xae, 0x19, 0x2c, 0x41, 0xb7),
336 LL(0xb4, 0xb4, 0xea, 0xb4, 0xc9, 0x5e, 0x75, 0x7d),
337 LL(0x54, 0x54, 0x4d, 0x54, 0x9a, 0x19, 0xa8, 0xce),
338 LL(0x93, 0x93, 0x76, 0x93, 0xec, 0xe5, 0x3b, 0x7f),
339 LL(0x22, 0x22, 0x88, 0x22, 0x0d, 0xaa, 0x44, 0x2f),
340 LL(0x64, 0x64, 0x8d, 0x64, 0x07, 0xe9, 0xc8, 0x63),
341 LL(0xf1, 0xf1, 0xe3, 0xf1, 0xdb, 0x12, 0xff, 0x2a),
342 LL(0x73, 0x73, 0xd1, 0x73, 0xbf, 0xa2, 0xe6, 0xcc),
343 LL(0x12, 0x12, 0x48, 0x12, 0x90, 0x5a, 0x24, 0x82),
344 LL(0x40, 0x40, 0x1d, 0x40, 0x3a, 0x5d, 0x80, 0x7a),
345 LL(0x08, 0x08, 0x20, 0x08, 0x40, 0x28, 0x10, 0x48),
346 LL(0xc3, 0xc3, 0x2b, 0xc3, 0x56, 0xe8, 0x9b, 0x95),
347 LL(0xec, 0xec, 0x97, 0xec, 0x33, 0x7b, 0xc5, 0xdf),
348 LL(0xdb, 0xdb, 0x4b, 0xdb, 0x96, 0x90, 0xab, 0x4d),
349 LL(0xa1, 0xa1, 0xbe, 0xa1, 0x61, 0x1f, 0x5f, 0xc0),
350 LL(0x8d, 0x8d, 0x0e, 0x8d, 0x1c, 0x83, 0x07, 0x91),
351 LL(0x3d, 0x3d, 0xf4, 0x3d, 0xf5, 0xc9, 0x7a, 0xc8),
352 LL(0x97, 0x97, 0x66, 0x97, 0xcc, 0xf1, 0x33, 0x5b),
353 LL(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
354 LL(0xcf, 0xcf, 0x1b, 0xcf, 0x36, 0xd4, 0x83, 0xf9),
355 LL(0x2b, 0x2b, 0xac, 0x2b, 0x45, 0x87, 0x56, 0x6e),
356 LL(0x76, 0x76, 0xc5, 0x76, 0x97, 0xb3, 0xec, 0xe1),
357 LL(0x82, 0x82, 0x32, 0x82, 0x64, 0xb0, 0x19, 0xe6),
358 LL(0xd6, 0xd6, 0x7f, 0xd6, 0xfe, 0xa9, 0xb1, 0x28),
359 LL(0x1b, 0x1b, 0x6c, 0x1b, 0xd8, 0x77, 0x36, 0xc3),
360 LL(0xb5, 0xb5, 0xee, 0xb5, 0xc1, 0x5b, 0x77, 0x74),
361 LL(0xaf, 0xaf, 0x86, 0xaf, 0x11, 0x29, 0x43, 0xbe),
362 LL(0x6a, 0x6a, 0xb5, 0x6a, 0x77, 0xdf, 0xd4, 0x1d),
363 LL(0x50, 0x50, 0x5d, 0x50, 0xba, 0x0d, 0xa0, 0xea),
364 LL(0x45, 0x45, 0x09, 0x45, 0x12, 0x4c, 0x8a, 0x57),
365 LL(0xf3, 0xf3, 0xeb, 0xf3, 0xcb, 0x18, 0xfb, 0x38),
366 LL(0x30, 0x30, 0xc0, 0x30, 0x9d, 0xf0, 0x60, 0xad),
367 LL(0xef, 0xef, 0x9b, 0xef, 0x2b, 0x74, 0xc3, 0xc4),
368 LL(0x3f, 0x3f, 0xfc, 0x3f, 0xe5, 0xc3, 0x7e, 0xda),
369 LL(0x55, 0x55, 0x49, 0x55, 0x92, 0x1c, 0xaa, 0xc7),
370 LL(0xa2, 0xa2, 0xb2, 0xa2, 0x79, 0x10, 0x59, 0xdb),
371 LL(0xea, 0xea, 0x8f, 0xea, 0x03, 0x65, 0xc9, 0xe9),
372 LL(0x65, 0x65, 0x89, 0x65, 0x0f, 0xec, 0xca, 0x6a),
373 LL(0xba, 0xba, 0xd2, 0xba, 0xb9, 0x68, 0x69, 0x03),
374 LL(0x2f, 0x2f, 0xbc, 0x2f, 0x65, 0x93, 0x5e, 0x4a),
375 LL(0xc0, 0xc0, 0x27, 0xc0, 0x4e, 0xe7, 0x9d, 0x8e),
376 LL(0xde, 0xde, 0x5f, 0xde, 0xbe, 0x81, 0xa1, 0x60),
377 LL(0x1c, 0x1c, 0x70, 0x1c, 0xe0, 0x6c, 0x38, 0xfc),
378 LL(0xfd, 0xfd, 0xd3, 0xfd, 0xbb, 0x2e, 0xe7, 0x46),
379 LL(0x4d, 0x4d, 0x29, 0x4d, 0x52, 0x64, 0x9a, 0x1f),
380 LL(0x92, 0x92, 0x72, 0x92, 0xe4, 0xe0, 0x39, 0x76),
381 LL(0x75, 0x75, 0xc9, 0x75, 0x8f, 0xbc, 0xea, 0xfa),
382 LL(0x06, 0x06, 0x18, 0x06, 0x30, 0x1e, 0x0c, 0x36),
383 LL(0x8a, 0x8a, 0x12, 0x8a, 0x24, 0x98, 0x09, 0xae),
384 LL(0xb2, 0xb2, 0xf2, 0xb2, 0xf9, 0x40, 0x79, 0x4b),
385 LL(0xe6, 0xe6, 0xbf, 0xe6, 0x63, 0x59, 0xd1, 0x85),
386 LL(0x0e, 0x0e, 0x38, 0x0e, 0x70, 0x36, 0x1c, 0x7e),
387 LL(0x1f, 0x1f, 0x7c, 0x1f, 0xf8, 0x63, 0x3e, 0xe7),
388 LL(0x62, 0x62, 0x95, 0x62, 0x37, 0xf7, 0xc4, 0x55),
389 LL(0xd4, 0xd4, 0x77, 0xd4, 0xee, 0xa3, 0xb5, 0x3a),
390 LL(0xa8, 0xa8, 0x9a, 0xa8, 0x29, 0x32, 0x4d, 0x81),
391 LL(0x96, 0x96, 0x62, 0x96, 0xc4, 0xf4, 0x31, 0x52),
392 LL(0xf9, 0xf9, 0xc3, 0xf9, 0x9b, 0x3a, 0xef, 0x62),
393 LL(0xc5, 0xc5, 0x33, 0xc5, 0x66, 0xf6, 0x97, 0xa3),
394 LL(0x25, 0x25, 0x94, 0x25, 0x35, 0xb1, 0x4a, 0x10),
395 LL(0x59, 0x59, 0x79, 0x59, 0xf2, 0x20, 0xb2, 0xab),
396 LL(0x84, 0x84, 0x2a, 0x84, 0x54, 0xae, 0x15, 0xd0),
397 LL(0x72, 0x72, 0xd5, 0x72, 0xb7, 0xa7, 0xe4, 0xc5),
398 LL(0x39, 0x39, 0xe4, 0x39, 0xd5, 0xdd, 0x72, 0xec),
399 LL(0x4c, 0x4c, 0x2d, 0x4c, 0x5a, 0x61, 0x98, 0x16),
400 LL(0x5e, 0x5e, 0x65, 0x5e, 0xca, 0x3b, 0xbc, 0x94),
401 LL(0x78, 0x78, 0xfd, 0x78, 0xe7, 0x85, 0xf0, 0x9f),
402 LL(0x38, 0x38, 0xe0, 0x38, 0xdd, 0xd8, 0x70, 0xe5),
403 LL(0x8c, 0x8c, 0x0a, 0x8c, 0x14, 0x86, 0x05, 0x98),
404 LL(0xd1, 0xd1, 0x63, 0xd1, 0xc6, 0xb2, 0xbf, 0x17),
405 LL(0xa5, 0xa5, 0xae, 0xa5, 0x41, 0x0b, 0x57, 0xe4),
406 LL(0xe2, 0xe2, 0xaf, 0xe2, 0x43, 0x4d, 0xd9, 0xa1),
407 LL(0x61, 0x61, 0x99, 0x61, 0x2f, 0xf8, 0xc2, 0x4e),
408 LL(0xb3, 0xb3, 0xf6, 0xb3, 0xf1, 0x45, 0x7b, 0x42),
409 LL(0x21, 0x21, 0x84, 0x21, 0x15, 0xa5, 0x42, 0x34),
410 LL(0x9c, 0x9c, 0x4a, 0x9c, 0x94, 0xd6, 0x25, 0x08),
411 LL(0x1e, 0x1e, 0x78, 0x1e, 0xf0, 0x66, 0x3c, 0xee),
412 LL(0x43, 0x43, 0x11, 0x43, 0x22, 0x52, 0x86, 0x61),
413 LL(0xc7, 0xc7, 0x3b, 0xc7, 0x76, 0xfc, 0x93, 0xb1),
414 LL(0xfc, 0xfc, 0xd7, 0xfc, 0xb3, 0x2b, 0xe5, 0x4f),
415 LL(0x04, 0x04, 0x10, 0x04, 0x20, 0x14, 0x08, 0x24),
416 LL(0x51, 0x51, 0x59, 0x51, 0xb2, 0x08, 0xa2, 0xe3),
417 LL(0x99, 0x99, 0x5e, 0x99, 0xbc, 0xc7, 0x2f, 0x25),
418 LL(0x6d, 0x6d, 0xa9, 0x6d, 0x4f, 0xc4, 0xda, 0x22),
419 LL(0x0d, 0x0d, 0x34, 0x0d, 0x68, 0x39, 0x1a, 0x65),
420 LL(0xfa, 0xfa, 0xcf, 0xfa, 0x83, 0x35, 0xe9, 0x79),
421 LL(0xdf, 0xdf, 0x5b, 0xdf, 0xb6, 0x84, 0xa3, 0x69),
422 LL(0x7e, 0x7e, 0xe5, 0x7e, 0xd7, 0x9b, 0xfc, 0xa9),
423 LL(0x24, 0x24, 0x90, 0x24, 0x3d, 0xb4, 0x48, 0x19),
424 LL(0x3b, 0x3b, 0xec, 0x3b, 0xc5, 0xd7, 0x76, 0xfe),
425 LL(0xab, 0xab, 0x96, 0xab, 0x31, 0x3d, 0x4b, 0x9a),
426 LL(0xce, 0xce, 0x1f, 0xce, 0x3e, 0xd1, 0x81, 0xf0),
427 LL(0x11, 0x11, 0x44, 0x11, 0x88, 0x55, 0x22, 0x99),
428 LL(0x8f, 0x8f, 0x06, 0x8f, 0x0c, 0x89, 0x03, 0x83),
429 LL(0x4e, 0x4e, 0x25, 0x4e, 0x4a, 0x6b, 0x9c, 0x04),
430 LL(0xb7, 0xb7, 0xe6, 0xb7, 0xd1, 0x51, 0x73, 0x66),
431 LL(0xeb, 0xeb, 0x8b, 0xeb, 0x0b, 0x60, 0xcb, 0xe0),
432 LL(0x3c, 0x3c, 0xf0, 0x3c, 0xfd, 0xcc, 0x78, 0xc1),
433 LL(0x81, 0x81, 0x3e, 0x81, 0x7c, 0xbf, 0x1f, 0xfd),
434 LL(0x94, 0x94, 0x6a, 0x94, 0xd4, 0xfe, 0x35, 0x40),
435 LL(0xf7, 0xf7, 0xfb, 0xf7, 0xeb, 0x0c, 0xf3, 0x1c),
436 LL(0xb9, 0xb9, 0xde, 0xb9, 0xa1, 0x67, 0x6f, 0x18),
437 LL(0x13, 0x13, 0x4c, 0x13, 0x98, 0x5f, 0x26, 0x8b),
438 LL(0x2c, 0x2c, 0xb0, 0x2c, 0x7d, 0x9c, 0x58, 0x51),
439 LL(0xd3, 0xd3, 0x6b, 0xd3, 0xd6, 0xb8, 0xbb, 0x05),
440 LL(0xe7, 0xe7, 0xbb, 0xe7, 0x6b, 0x5c, 0xd3, 0x8c),
441 LL(0x6e, 0x6e, 0xa5, 0x6e, 0x57, 0xcb, 0xdc, 0x39),
442 LL(0xc4, 0xc4, 0x37, 0xc4, 0x6e, 0xf3, 0x95, 0xaa),
443 LL(0x03, 0x03, 0x0c, 0x03, 0x18, 0x0f, 0x06, 0x1b),
444 LL(0x56, 0x56, 0x45, 0x56, 0x8a, 0x13, 0xac, 0xdc),
445 LL(0x44, 0x44, 0x0d, 0x44, 0x1a, 0x49, 0x88, 0x5e),
446 LL(0x7f, 0x7f, 0xe1, 0x7f, 0xdf, 0x9e, 0xfe, 0xa0),
447 LL(0xa9, 0xa9, 0x9e, 0xa9, 0x21, 0x37, 0x4f, 0x88),
448 LL(0x2a, 0x2a, 0xa8, 0x2a, 0x4d, 0x82, 0x54, 0x67),
449 LL(0xbb, 0xbb, 0xd6, 0xbb, 0xb1, 0x6d, 0x6b, 0x0a),
450 LL(0xc1, 0xc1, 0x23, 0xc1, 0x46, 0xe2, 0x9f, 0x87),
451 LL(0x53, 0x53, 0x51, 0x53, 0xa2, 0x02, 0xa6, 0xf1),
452 LL(0xdc, 0xdc, 0x57, 0xdc, 0xae, 0x8b, 0xa5, 0x72),
453 LL(0x0b, 0x0b, 0x2c, 0x0b, 0x58, 0x27, 0x16, 0x53),
454 LL(0x9d, 0x9d, 0x4e, 0x9d, 0x9c, 0xd3, 0x27, 0x01),
455 LL(0x6c, 0x6c, 0xad, 0x6c, 0x47, 0xc1, 0xd8, 0x2b),
456 LL(0x31, 0x31, 0xc4, 0x31, 0x95, 0xf5, 0x62, 0xa4),
457 LL(0x74, 0x74, 0xcd, 0x74, 0x87, 0xb9, 0xe8, 0xf3),
458 LL(0xf6, 0xf6, 0xff, 0xf6, 0xe3, 0x09, 0xf1, 0x15),
459 LL(0x46, 0x46, 0x05, 0x46, 0x0a, 0x43, 0x8c, 0x4c),
460 LL(0xac, 0xac, 0x8a, 0xac, 0x09, 0x26, 0x45, 0xa5),
461 LL(0x89, 0x89, 0x1e, 0x89, 0x3c, 0x97, 0x0f, 0xb5),
462 LL(0x14, 0x14, 0x50, 0x14, 0xa0, 0x44, 0x28, 0xb4),
463 LL(0xe1, 0xe1, 0xa3, 0xe1, 0x5b, 0x42, 0xdf, 0xba),
464 LL(0x16, 0x16, 0x58, 0x16, 0xb0, 0x4e, 0x2c, 0xa6),
465 LL(0x3a, 0x3a, 0xe8, 0x3a, 0xcd, 0xd2, 0x74, 0xf7),
466 LL(0x69, 0x69, 0xb9, 0x69, 0x6f, 0xd0, 0xd2, 0x06),
467 LL(0x09, 0x09, 0x24, 0x09, 0x48, 0x2d, 0x12, 0x41),
468 LL(0x70, 0x70, 0xdd, 0x70, 0xa7, 0xad, 0xe0, 0xd7),
469 LL(0xb6, 0xb6, 0xe2, 0xb6, 0xd9, 0x54, 0x71, 0x6f),
470 LL(0xd0, 0xd0, 0x67, 0xd0, 0xce, 0xb7, 0xbd, 0x1e),
471 LL(0xed, 0xed, 0x93, 0xed, 0x3b, 0x7e, 0xc7, 0xd6),
472 LL(0xcc, 0xcc, 0x17, 0xcc, 0x2e, 0xdb, 0x85, 0xe2),
473 LL(0x42, 0x42, 0x15, 0x42, 0x2a, 0x57, 0x84, 0x68),
474 LL(0x98, 0x98, 0x5a, 0x98, 0xb4, 0xc2, 0x2d, 0x2c),
475 LL(0xa4, 0xa4, 0xaa, 0xa4, 0x49, 0x0e, 0x55, 0xed),
476 LL(0x28, 0x28, 0xa0, 0x28, 0x5d, 0x88, 0x50, 0x75),
477 LL(0x5c, 0x5c, 0x6d, 0x5c, 0xda, 0x31, 0xb8, 0x86),
478 LL(0xf8, 0xf8, 0xc7, 0xf8, 0x93, 0x3f, 0xed, 0x6b),
479 LL(0x86, 0x86, 0x22, 0x86, 0x44, 0xa4, 0x11, 0xc2),
480#define RC (&(Cx.q[256*N]))
481 0x18, 0x23, 0xc6, 0xe8, 0x87, 0xb8, 0x01, 0x4f,
482 /* rc[ROUNDS] */
483 0x36, 0xa6, 0xd2, 0xf5, 0x79, 0x6f, 0x91, 0x52, 0x60, 0xbc, 0x9b,
484 0x8e, 0xa3, 0x0c, 0x7b, 0x35, 0x1d, 0xe0, 0xd7, 0xc2, 0x2e, 0x4b,
485 0xfe, 0x57, 0x15, 0x77, 0x37, 0xe5, 0x9f, 0xf0, 0x4a, 0xda, 0x58,
486 0xc9, 0x29, 0x0a, 0xb1, 0xa0, 0x6b, 0x85, 0xbd, 0x5d, 0x10, 0xf4,
487 0xcb, 0x3e, 0x05, 0x67, 0xe4, 0x27, 0x41, 0x8b, 0xa7, 0x7d, 0x95,
488 0xd8, 0xfb, 0xee, 0x7c, 0x66, 0xdd, 0x17, 0x47, 0x9e, 0xca, 0x2d,
489 0xbf, 0x07, 0xad, 0x5a, 0x83, 0x33
490 }
491 };
492
493void whirlpool_block(WHIRLPOOL_CTX *ctx, const void *inp, size_t n)
494{
495 int r;
496 const u8 *p = inp;
497 union {
498 u64 q[8];
499 u8 c[64];
500 } S, K, *H = (void *)ctx->H.q;
501
502#ifdef GO_FOR_MMX
503 GO_FOR_MMX(ctx, inp, n);
504#endif
505 do {
506#ifdef OPENSSL_SMALL_FOOTPRINT
507 u64 L[8];
508 int i;
509
510 for (i = 0; i < 64; i++)
511 S.c[i] = (K.c[i] = H->c[i]) ^ p[i];
512 for (r = 0; r < ROUNDS; r++) {
513 for (i = 0; i < 8; i++) {
514 L[i] = i ? 0 : RC[r];
515 L[i] ^= C0(K, i) ^ C1(K, (i - 1) & 7) ^
516 C2(K, (i - 2) & 7) ^ C3(K, (i - 3) & 7) ^
517 C4(K, (i - 4) & 7) ^ C5(K, (i - 5) & 7) ^
518 C6(K, (i - 6) & 7) ^ C7(K, (i - 7) & 7);
519 }
520 memcpy(K.q, L, 64);
521 for (i = 0; i < 8; i++) {
522 L[i] ^= C0(S, i) ^ C1(S, (i - 1) & 7) ^
523 C2(S, (i - 2) & 7) ^ C3(S, (i - 3) & 7) ^
524 C4(S, (i - 4) & 7) ^ C5(S, (i - 5) & 7) ^
525 C6(S, (i - 6) & 7) ^ C7(S, (i - 7) & 7);
526 }
527 memcpy(S.q, L, 64);
528 }
529 for (i = 0; i < 64; i++)
530 H->c[i] ^= S.c[i] ^ p[i];
531#else
532 u64 L0, L1, L2, L3, L4, L5, L6, L7;
533
534# ifdef STRICT_ALIGNMENT
535 if ((size_t)p & 7) {
536 memcpy(S.c, p, 64);
537 S.q[0] ^= (K.q[0] = H->q[0]);
538 S.q[1] ^= (K.q[1] = H->q[1]);
539 S.q[2] ^= (K.q[2] = H->q[2]);
540 S.q[3] ^= (K.q[3] = H->q[3]);
541 S.q[4] ^= (K.q[4] = H->q[4]);
542 S.q[5] ^= (K.q[5] = H->q[5]);
543 S.q[6] ^= (K.q[6] = H->q[6]);
544 S.q[7] ^= (K.q[7] = H->q[7]);
545 } else
546# endif
547 {
548 const u64_aX *pa = (const u64_aX *)p;
549 S.q[0] = (K.q[0] = H->q[0]) ^ pa[0];
550 S.q[1] = (K.q[1] = H->q[1]) ^ pa[1];
551 S.q[2] = (K.q[2] = H->q[2]) ^ pa[2];
552 S.q[3] = (K.q[3] = H->q[3]) ^ pa[3];
553 S.q[4] = (K.q[4] = H->q[4]) ^ pa[4];
554 S.q[5] = (K.q[5] = H->q[5]) ^ pa[5];
555 S.q[6] = (K.q[6] = H->q[6]) ^ pa[6];
556 S.q[7] = (K.q[7] = H->q[7]) ^ pa[7];
557 }
558
559 for (r = 0; r < ROUNDS; r++) {
560# ifdef SMALL_REGISTER_BANK
561 L0 = C0(K, 0) ^ C1(K, 7) ^ C2(K, 6) ^ C3(K, 5) ^
562 C4(K, 4) ^ C5(K, 3) ^ C6(K, 2) ^ C7(K, 1) ^ RC[r];
563 L1 = C0(K, 1) ^ C1(K, 0) ^ C2(K, 7) ^ C3(K, 6) ^
564 C4(K, 5) ^ C5(K, 4) ^ C6(K, 3) ^ C7(K, 2);
565 L2 = C0(K, 2) ^ C1(K, 1) ^ C2(K, 0) ^ C3(K, 7) ^
566 C4(K, 6) ^ C5(K, 5) ^ C6(K, 4) ^ C7(K, 3);
567 L3 = C0(K, 3) ^ C1(K, 2) ^ C2(K, 1) ^ C3(K, 0) ^
568 C4(K, 7) ^ C5(K, 6) ^ C6(K, 5) ^ C7(K, 4);
569 L4 = C0(K, 4) ^ C1(K, 3) ^ C2(K, 2) ^ C3(K, 1) ^
570 C4(K, 0) ^ C5(K, 7) ^ C6(K, 6) ^ C7(K, 5);
571 L5 = C0(K, 5) ^ C1(K, 4) ^ C2(K, 3) ^ C3(K, 2) ^
572 C4(K, 1) ^ C5(K, 0) ^ C6(K, 7) ^ C7(K, 6);
573 L6 = C0(K, 6) ^ C1(K, 5) ^ C2(K, 4) ^ C3(K, 3) ^
574 C4(K, 2) ^ C5(K, 1) ^ C6(K, 0) ^ C7(K, 7);
575 L7 = C0(K, 7) ^ C1(K, 6) ^ C2(K, 5) ^ C3(K, 4) ^
576 C4(K, 3) ^ C5(K, 2) ^ C6(K, 1) ^ C7(K, 0);
577
578 K.q[0] = L0;
579 K.q[1] = L1;
580 K.q[2] = L2;
581 K.q[3] = L3;
582 K.q[4] = L4;
583 K.q[5] = L5;
584 K.q[6] = L6;
585 K.q[7] = L7;
586
587 L0 ^= C0(S, 0) ^ C1(S, 7) ^ C2(S, 6) ^ C3(S, 5) ^
588 C4(S, 4) ^ C5(S, 3) ^ C6(S, 2) ^ C7(S, 1);
589 L1 ^= C0(S, 1) ^ C1(S, 0) ^ C2(S, 7) ^ C3(S, 6) ^
590 C4(S, 5) ^ C5(S, 4) ^ C6(S, 3) ^ C7(S, 2);
591 L2 ^= C0(S, 2) ^ C1(S, 1) ^ C2(S, 0) ^ C3(S, 7) ^
592 C4(S, 6) ^ C5(S, 5) ^ C6(S, 4) ^ C7(S, 3);
593 L3 ^= C0(S, 3) ^ C1(S, 2) ^ C2(S, 1) ^ C3(S, 0) ^
594 C4(S, 7) ^ C5(S, 6) ^ C6(S, 5) ^ C7(S, 4);
595 L4 ^= C0(S, 4) ^ C1(S, 3) ^ C2(S, 2) ^ C3(S, 1) ^
596 C4(S, 0) ^ C5(S, 7) ^ C6(S, 6) ^ C7(S, 5);
597 L5 ^= C0(S, 5) ^ C1(S, 4) ^ C2(S, 3) ^ C3(S, 2) ^
598 C4(S, 1) ^ C5(S, 0) ^ C6(S, 7) ^ C7(S, 6);
599 L6 ^= C0(S, 6) ^ C1(S, 5) ^ C2(S, 4) ^ C3(S, 3) ^
600 C4(S, 2) ^ C5(S, 1) ^ C6(S, 0) ^ C7(S, 7);
601 L7 ^= C0(S, 7) ^ C1(S, 6) ^ C2(S, 5) ^ C3(S, 4) ^
602 C4(S, 3) ^ C5(S, 2) ^ C6(S, 1) ^ C7(S, 0);
603
604 S.q[0] = L0;
605 S.q[1] = L1;
606 S.q[2] = L2;
607 S.q[3] = L3;
608 S.q[4] = L4;
609 S.q[5] = L5;
610 S.q[6] = L6;
611 S.q[7] = L7;
612# else
613 L0 = C0(K, 0);
614 L1 = C1(K, 0);
615 L2 = C2(K, 0);
616 L3 = C3(K, 0);
617 L4 = C4(K, 0);
618 L5 = C5(K, 0);
619 L6 = C6(K, 0);
620 L7 = C7(K, 0);
621 L0 ^= RC[r];
622
623 L1 ^= C0(K, 1);
624 L2 ^= C1(K, 1);
625 L3 ^= C2(K, 1);
626 L4 ^= C3(K, 1);
627 L5 ^= C4(K, 1);
628 L6 ^= C5(K, 1);
629 L7 ^= C6(K, 1);
630 L0 ^= C7(K, 1);
631
632 L2 ^= C0(K, 2);
633 L3 ^= C1(K, 2);
634 L4 ^= C2(K, 2);
635 L5 ^= C3(K, 2);
636 L6 ^= C4(K, 2);
637 L7 ^= C5(K, 2);
638 L0 ^= C6(K, 2);
639 L1 ^= C7(K, 2);
640
641 L3 ^= C0(K, 3);
642 L4 ^= C1(K, 3);
643 L5 ^= C2(K, 3);
644 L6 ^= C3(K, 3);
645 L7 ^= C4(K, 3);
646 L0 ^= C5(K, 3);
647 L1 ^= C6(K, 3);
648 L2 ^= C7(K, 3);
649
650 L4 ^= C0(K, 4);
651 L5 ^= C1(K, 4);
652 L6 ^= C2(K, 4);
653 L7 ^= C3(K, 4);
654 L0 ^= C4(K, 4);
655 L1 ^= C5(K, 4);
656 L2 ^= C6(K, 4);
657 L3 ^= C7(K, 4);
658
659 L5 ^= C0(K, 5);
660 L6 ^= C1(K, 5);
661 L7 ^= C2(K, 5);
662 L0 ^= C3(K, 5);
663 L1 ^= C4(K, 5);
664 L2 ^= C5(K, 5);
665 L3 ^= C6(K, 5);
666 L4 ^= C7(K, 5);
667
668 L6 ^= C0(K, 6);
669 L7 ^= C1(K, 6);
670 L0 ^= C2(K, 6);
671 L1 ^= C3(K, 6);
672 L2 ^= C4(K, 6);
673 L3 ^= C5(K, 6);
674 L4 ^= C6(K, 6);
675 L5 ^= C7(K, 6);
676
677 L7 ^= C0(K, 7);
678 L0 ^= C1(K, 7);
679 L1 ^= C2(K, 7);
680 L2 ^= C3(K, 7);
681 L3 ^= C4(K, 7);
682 L4 ^= C5(K, 7);
683 L5 ^= C6(K, 7);
684 L6 ^= C7(K, 7);
685
686 K.q[0] = L0;
687 K.q[1] = L1;
688 K.q[2] = L2;
689 K.q[3] = L3;
690 K.q[4] = L4;
691 K.q[5] = L5;
692 K.q[6] = L6;
693 K.q[7] = L7;
694
695 L0 ^= C0(S, 0);
696 L1 ^= C1(S, 0);
697 L2 ^= C2(S, 0);
698 L3 ^= C3(S, 0);
699 L4 ^= C4(S, 0);
700 L5 ^= C5(S, 0);
701 L6 ^= C6(S, 0);
702 L7 ^= C7(S, 0);
703
704 L1 ^= C0(S, 1);
705 L2 ^= C1(S, 1);
706 L3 ^= C2(S, 1);
707 L4 ^= C3(S, 1);
708 L5 ^= C4(S, 1);
709 L6 ^= C5(S, 1);
710 L7 ^= C6(S, 1);
711 L0 ^= C7(S, 1);
712
713 L2 ^= C0(S, 2);
714 L3 ^= C1(S, 2);
715 L4 ^= C2(S, 2);
716 L5 ^= C3(S, 2);
717 L6 ^= C4(S, 2);
718 L7 ^= C5(S, 2);
719 L0 ^= C6(S, 2);
720 L1 ^= C7(S, 2);
721
722 L3 ^= C0(S, 3);
723 L4 ^= C1(S, 3);
724 L5 ^= C2(S, 3);
725 L6 ^= C3(S, 3);
726 L7 ^= C4(S, 3);
727 L0 ^= C5(S, 3);
728 L1 ^= C6(S, 3);
729 L2 ^= C7(S, 3);
730
731 L4 ^= C0(S, 4);
732 L5 ^= C1(S, 4);
733 L6 ^= C2(S, 4);
734 L7 ^= C3(S, 4);
735 L0 ^= C4(S, 4);
736 L1 ^= C5(S, 4);
737 L2 ^= C6(S, 4);
738 L3 ^= C7(S, 4);
739
740 L5 ^= C0(S, 5);
741 L6 ^= C1(S, 5);
742 L7 ^= C2(S, 5);
743 L0 ^= C3(S, 5);
744 L1 ^= C4(S, 5);
745 L2 ^= C5(S, 5);
746 L3 ^= C6(S, 5);
747 L4 ^= C7(S, 5);
748
749 L6 ^= C0(S, 6);
750 L7 ^= C1(S, 6);
751 L0 ^= C2(S, 6);
752 L1 ^= C3(S, 6);
753 L2 ^= C4(S, 6);
754 L3 ^= C5(S, 6);
755 L4 ^= C6(S, 6);
756 L5 ^= C7(S, 6);
757
758 L7 ^= C0(S, 7);
759 L0 ^= C1(S, 7);
760 L1 ^= C2(S, 7);
761 L2 ^= C3(S, 7);
762 L3 ^= C4(S, 7);
763 L4 ^= C5(S, 7);
764 L5 ^= C6(S, 7);
765 L6 ^= C7(S, 7);
766
767 S.q[0] = L0;
768 S.q[1] = L1;
769 S.q[2] = L2;
770 S.q[3] = L3;
771 S.q[4] = L4;
772 S.q[5] = L5;
773 S.q[6] = L6;
774 S.q[7] = L7;
775# endif
776 }
777
778# ifdef STRICT_ALIGNMENT
779 if ((size_t)p & 7) {
780 int i;
781 for (i = 0; i < 64; i++)
782 H->c[i] ^= S.c[i] ^ p[i];
783 } else
784# endif
785 {
786 const u64_aX *pa = (const u64_aX *)p;
787 H->q[0] ^= S.q[0] ^ pa[0];
788 H->q[1] ^= S.q[1] ^ pa[1];
789 H->q[2] ^= S.q[2] ^ pa[2];
790 H->q[3] ^= S.q[3] ^ pa[3];
791 H->q[4] ^= S.q[4] ^ pa[4];
792 H->q[5] ^= S.q[5] ^ pa[5];
793 H->q[6] ^= S.q[6] ^ pa[6];
794 H->q[7] ^= S.q[7] ^ pa[7];
795 }
796#endif
797 p += 64;
798 } while (--n);
799}
注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette