42 #if SPH_SMALL_FOOTPRINT && !defined SPH_SMALL_FOOTPRINT_SHAVITE 43 #define SPH_SMALL_FOOTPRINT_SHAVITE 1 47 #pragma warning (disable: 4146) 64 #define AES_BIG_ENDIAN 0 67 static const sph_u32 IV224[] = {
68 C32(0x6774F31C),
C32(0x990AE210),
C32(0xC87D4274),
C32(0xC9546371),
69 C32(0x62B2AEA8),
C32(0x4B5801D8),
C32(0x1B702860),
C32(0x842F3017)
72 static const sph_u32 IV256[] = {
73 C32(0x49BB3E47),
C32(0x2674860D),
C32(0xA8B392AC),
C32(0x021AC4E6),
74 C32(0x409283CF),
C32(0x620E5D86),
C32(0x6D929DCB),
C32(0x96CC2A8B)
77 static const sph_u32 IV384[] = {
78 C32(0x83DF1545),
C32(0xF9AAEC13),
C32(0xF4803CB0),
C32(0x11FE1F47),
79 C32(0xDA6CD269),
C32(0x4F53FCD7),
C32(0x950529A2),
C32(0x97908147),
80 C32(0xB0A4D7AF),
C32(0x2B9132BF),
C32(0x226E607D),
C32(0x3C0F8D7C),
81 C32(0x487B3F0F),
C32(0x04363E22),
C32(0x0155C99C),
C32(0xEC2E20D3)
84 static const sph_u32 IV512[] = {
85 C32(0x72FCCDD8),
C32(0x79CA4727),
C32(0x128A077B),
C32(0x40D55AEC),
86 C32(0xD1901A06),
C32(0x430AE307),
C32(0xB29F5CD1),
C32(0xDF07FBFC),
87 C32(0x8E45D73D),
C32(0x681AB538),
C32(0xBDE86578),
C32(0xDD577E47),
88 C32(0xE275EADE),
C32(0x502D9FCD),
C32(0xB9357178),
C32(0x022A4B9A)
91 #define AES_ROUND_NOKEY(x0, x1, x2, x3) do { \ 96 AES_ROUND_NOKEY_LE(t0, t1, t2, t3, x0, x1, x2, x3); \ 141 #define KEY_EXPAND_ELT(k0, k1, k2, k3) do { \ 143 AES_ROUND_NOKEY(k1, k2, k3, k0); \ 151 #if SPH_SMALL_FOOTPRINT_SHAVITE 159 sph_u32 p0, p1, p2, p3, p4, p5, p6, p7;
164 #if SPH_LITTLE_ENDIAN 167 for (u = 0; u < 16; u += 4) {
168 rk[u + 0] = sph_dec32le_aligned(
169 (
const unsigned char *)msg + (u << 2) + 0);
170 rk[u + 1] = sph_dec32le_aligned(
171 (
const unsigned char *)msg + (u << 2) + 4);
172 rk[u + 2] = sph_dec32le_aligned(
173 (
const unsigned char *)msg + (u << 2) + 8);
174 rk[u + 3] = sph_dec32le_aligned(
175 (
const unsigned char *)msg + (u << 2) + 12);
179 for (r = 0; r < 4; r ++) {
180 for (s = 0; s < 2; s ++) {
188 rk[u + 0] = x0 ^ rk[u - 4];
189 rk[u + 1] = x1 ^ rk[u - 3];
190 rk[u + 2] = x2 ^ rk[u - 2];
191 rk[u + 3] = x3 ^ rk[u - 1];
195 }
else if (u == 56) {
206 rk[u + 0] = x0 ^ rk[u - 4];
207 rk[u + 1] = x1 ^ rk[u - 3];
208 rk[u + 2] = x2 ^ rk[u - 2];
209 rk[u + 3] = x3 ^ rk[u - 1];
213 }
else if (u == 124) {
219 for (s = 0; s < 4; s ++) {
220 rk[u + 0] = rk[u - 16] ^ rk[u - 3];
221 rk[u + 1] = rk[u - 15] ^ rk[u - 2];
222 rk[u + 2] = rk[u - 14] ^ rk[u - 1];
223 rk[u + 3] = rk[u - 13] ^ rk[u - 0];
237 for (r = 0; r < 6; r ++) {
298 sph_u32 p0, p1, p2, p3, p4, p5, p6, p7;
300 sph_u32 rk0, rk1, rk2, rk3, rk4, rk5, rk6, rk7;
301 sph_u32 rk8, rk9, rkA, rkB, rkC, rkD, rkE, rkF;
312 rk0 = sph_dec32le_aligned((
const unsigned char *)msg + 0);
314 rk1 = sph_dec32le_aligned((
const unsigned char *)msg + 4);
316 rk2 = sph_dec32le_aligned((
const unsigned char *)msg + 8);
318 rk3 = sph_dec32le_aligned((
const unsigned char *)msg + 12);
321 rk4 = sph_dec32le_aligned((
const unsigned char *)msg + 16);
323 rk5 = sph_dec32le_aligned((
const unsigned char *)msg + 20);
325 rk6 = sph_dec32le_aligned((
const unsigned char *)msg + 24);
327 rk7 = sph_dec32le_aligned((
const unsigned char *)msg + 28);
330 rk8 = sph_dec32le_aligned((
const unsigned char *)msg + 32);
332 rk9 = sph_dec32le_aligned((
const unsigned char *)msg + 36);
334 rkA = sph_dec32le_aligned((
const unsigned char *)msg + 40);
336 rkB = sph_dec32le_aligned((
const unsigned char *)msg + 44);
344 rkC = sph_dec32le_aligned((
const unsigned char *)msg + 48);
346 rkD = sph_dec32le_aligned((
const unsigned char *)msg + 52);
348 rkE = sph_dec32le_aligned((
const unsigned char *)msg + 56);
350 rkF = sph_dec32le_aligned((
const unsigned char *)msg + 60);
723 #if SPH_SMALL_FOOTPRINT_SHAVITE 731 sph_u32 p0, p1, p2, p3, p4, p5, p6, p7;
732 sph_u32 p8, p9, pA, pB, pC, pD, pE, pF;
737 #if SPH_LITTLE_ENDIAN 740 for (u = 0; u < 32; u += 4) {
741 rk[u + 0] = sph_dec32le_aligned(
742 (
const unsigned char *)msg + (u << 2) + 0);
743 rk[u + 1] = sph_dec32le_aligned(
744 (
const unsigned char *)msg + (u << 2) + 4);
745 rk[u + 2] = sph_dec32le_aligned(
746 (
const unsigned char *)msg + (u << 2) + 8);
747 rk[u + 3] = sph_dec32le_aligned(
748 (
const unsigned char *)msg + (u << 2) + 12);
753 for (s = 0; s < 4; s ++) {
761 rk[u + 0] = x0 ^ rk[u - 4];
762 rk[u + 1] = x1 ^ rk[u - 3];
763 rk[u + 2] = x2 ^ rk[u - 2];
764 rk[u + 3] = x3 ^ rk[u - 1];
770 }
else if (u == 440) {
783 rk[u + 0] = x0 ^ rk[u - 4];
784 rk[u + 1] = x1 ^ rk[u - 3];
785 rk[u + 2] = x2 ^ rk[u - 2];
786 rk[u + 3] = x3 ^ rk[u - 1];
792 }
else if (u == 316) {
802 for (s = 0; s < 8; s ++) {
803 rk[u + 0] = rk[u - 32] ^ rk[u - 7];
804 rk[u + 1] = rk[u - 31] ^ rk[u - 6];
805 rk[u + 2] = rk[u - 30] ^ rk[u - 5];
806 rk[u + 3] = rk[u - 29] ^ rk[u - 4];
828 for (r = 0; r < 14; r ++) {
829 #define C512_ELT(l0, l1, l2, l3, r0, r1, r2, r3) do { \ 830 sph_u32 x0, x1, x2, x3; \ 831 x0 = r0 ^ rk[u ++]; \ 832 x1 = r1 ^ rk[u ++]; \ 833 x2 = r2 ^ rk[u ++]; \ 834 x3 = r3 ^ rk[u ++]; \ 835 AES_ROUND_NOKEY(x0, x1, x2, x3); \ 840 AES_ROUND_NOKEY(x0, x1, x2, x3); \ 845 AES_ROUND_NOKEY(x0, x1, x2, x3); \ 850 AES_ROUND_NOKEY(x0, x1, x2, x3); \ 857 #define WROT(a, b, c, d) do { \ 865 C512_ELT(p0, p1, p2, p3, p4, p5, p6, p7);
866 C512_ELT(p8, p9, pA, pB, pC, pD, pE, pF);
868 WROT(p0, p4, p8, pC);
869 WROT(p1, p5, p9, pD);
870 WROT(p2, p6, pA, pE);
871 WROT(p3, p7, pB, pF);
902 sph_u32 p0, p1, p2, p3, p4, p5, p6, p7;
903 sph_u32 p8, p9, pA, pB, pC, pD, pE, pF;
905 sph_u32 rk00, rk01, rk02, rk03, rk04, rk05, rk06, rk07;
906 sph_u32 rk08, rk09, rk0A, rk0B, rk0C, rk0D, rk0E, rk0F;
907 sph_u32 rk10, rk11, rk12, rk13, rk14, rk15, rk16, rk17;
908 sph_u32 rk18, rk19, rk1A, rk1B, rk1C, rk1D, rk1E, rk1F;
928 rk00 = sph_dec32le_aligned((
const unsigned char *)msg + 0);
930 rk01 = sph_dec32le_aligned((
const unsigned char *)msg + 4);
932 rk02 = sph_dec32le_aligned((
const unsigned char *)msg + 8);
934 rk03 = sph_dec32le_aligned((
const unsigned char *)msg + 12);
937 rk04 = sph_dec32le_aligned((
const unsigned char *)msg + 16);
939 rk05 = sph_dec32le_aligned((
const unsigned char *)msg + 20);
941 rk06 = sph_dec32le_aligned((
const unsigned char *)msg + 24);
943 rk07 = sph_dec32le_aligned((
const unsigned char *)msg + 28);
946 rk08 = sph_dec32le_aligned((
const unsigned char *)msg + 32);
948 rk09 = sph_dec32le_aligned((
const unsigned char *)msg + 36);
950 rk0A = sph_dec32le_aligned((
const unsigned char *)msg + 40);
952 rk0B = sph_dec32le_aligned((
const unsigned char *)msg + 44);
955 rk0C = sph_dec32le_aligned((
const unsigned char *)msg + 48);
957 rk0D = sph_dec32le_aligned((
const unsigned char *)msg + 52);
959 rk0E = sph_dec32le_aligned((
const unsigned char *)msg + 56);
961 rk0F = sph_dec32le_aligned((
const unsigned char *)msg + 60);
968 rk10 = sph_dec32le_aligned((
const unsigned char *)msg + 64);
970 rk11 = sph_dec32le_aligned((
const unsigned char *)msg + 68);
972 rk12 = sph_dec32le_aligned((
const unsigned char *)msg + 72);
974 rk13 = sph_dec32le_aligned((
const unsigned char *)msg + 76);
977 rk14 = sph_dec32le_aligned((
const unsigned char *)msg + 80);
979 rk15 = sph_dec32le_aligned((
const unsigned char *)msg + 84);
981 rk16 = sph_dec32le_aligned((
const unsigned char *)msg + 88);
983 rk17 = sph_dec32le_aligned((
const unsigned char *)msg + 92);
986 rk18 = sph_dec32le_aligned((
const unsigned char *)msg + 96);
988 rk19 = sph_dec32le_aligned((
const unsigned char *)msg + 100);
990 rk1A = sph_dec32le_aligned((
const unsigned char *)msg + 104);
992 rk1B = sph_dec32le_aligned((
const unsigned char *)msg + 108);
995 rk1C = sph_dec32le_aligned((
const unsigned char *)msg + 112);
997 rk1D = sph_dec32le_aligned((
const unsigned char *)msg + 116);
999 rk1E = sph_dec32le_aligned((
const unsigned char *)msg + 120);
1001 rk1F = sph_dec32le_aligned((
const unsigned char *)msg + 124);
1009 for (r = 0; r < 3; r ++) {
1435 rk18 ^= rk14 ^ sc->
count1;
1436 rk19 ^= rk15 ^ sc->
count0;
1437 rk1A ^= rk16 ^ sc->
count3;
1498 clen = (
sizeof sc->
buf) - ptr;
1501 memcpy(buf + ptr, data, clen);
1502 data = (
const unsigned char *)data + clen;
1505 if (ptr ==
sizeof sc->
buf) {
1517 unsigned ub,
unsigned n,
void *dst,
size_t out_size_w32)
1526 count0 = (sc->
count0 += (ptr << 3) + n);
1529 z = ((ub & -z) | z) & 0xFF;
1530 if (ptr == 0 && n == 0) {
1532 memset(buf + 1, 0, 53);
1534 }
else if (ptr < 54) {
1536 memset(buf + ptr, 0, 54 - ptr);
1539 memset(buf + ptr, 0, 64 - ptr);
1544 sph_enc32le(buf + 54, count0);
1545 sph_enc32le(buf + 58, count1);
1546 buf[62] = out_size_w32 << 5;
1547 buf[63] = out_size_w32 >> 3;
1549 for (u = 0; u < out_size_w32; u ++)
1550 sph_enc32le((
unsigned char *)dst + (u << 2), sc->
h[u]);
1575 clen = (
sizeof sc->
buf) - ptr;
1578 memcpy(buf + ptr, data, clen);
1579 data = (
const unsigned char *)data + clen;
1582 if (ptr ==
sizeof sc->
buf) {
1602 unsigned ub,
unsigned n,
void *dst,
size_t out_size_w32)
1607 sph_u32 count0, count1, count2, count3;
1611 count0 = (sc->
count0 += (ptr << 3) + n);
1616 z = ((ub & -z) | z) & 0xFF;
1617 if (ptr == 0 && n == 0) {
1619 memset(buf + 1, 0, 109);
1621 }
else if (ptr < 110) {
1623 memset(buf + ptr, 0, 110 - ptr);
1626 memset(buf + ptr, 0, 128 - ptr);
1628 memset(buf, 0, 110);
1631 sph_enc32le(buf + 110, count0);
1632 sph_enc32le(buf + 114, count1);
1633 sph_enc32le(buf + 118, count2);
1634 sph_enc32le(buf + 122, count3);
1635 buf[126] = out_size_w32 << 5;
1636 buf[127] = out_size_w32 >> 3;
1638 for (u = 0; u < out_size_w32; u ++)
1639 sph_enc32le((
unsigned char *)dst + (u << 2), sc->
h[u]);
1646 shavite_small_init(cc, IV224);
1653 shavite_small_core(cc, data, len);
1660 shavite_small_close(cc, 0, 0, dst, 7);
1661 shavite_small_init(cc, IV224);
1668 shavite_small_close(cc, ub, n, dst, 7);
1669 shavite_small_init(cc, IV224);
1676 shavite_small_init(cc, IV256);
1683 shavite_small_core(cc, data, len);
1690 shavite_small_close(cc, 0, 0, dst, 8);
1691 shavite_small_init(cc, IV256);
1698 shavite_small_close(cc, ub, n, dst, 8);
1699 shavite_small_init(cc, IV256);
1706 shavite_big_init(cc, IV384);
1713 shavite_big_core(cc, data, len);
1720 shavite_big_close(cc, 0, 0, dst, 12);
1721 shavite_big_init(cc, IV384);
1728 shavite_big_close(cc, ub, n, dst, 12);
1729 shavite_big_init(cc, IV384);
1736 shavite_big_init(cc, IV512);
1743 shavite_big_core(cc, data, len);
1750 shavite_big_close(cc, 0, 0, dst, 16);
1751 shavite_big_init(cc, IV512);
1758 shavite_big_close(cc, ub, n, dst, 16);
1759 shavite_big_init(cc, IV512);
#define AES_ROUND_NOKEY(x0, x1, x2, x3)
void sph_shavite512_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst)
Add a few additional bits (0 to 7) to the current computation, then terminate it and output the resul...
void sph_shavite224_close(void *cc, void *dst)
Terminate the current SHAvite-224 computation and output the result into the provided buffer...
This structure is a context for SHAvite-384 and SHAvite-512 computations: it contains the intermediat...
void sph_shavite256_init(void *cc)
Initialize a SHAvite-256 context.
void sph_shavite384_init(void *cc)
Initialize a SHAvite-384 context.
#define KEY_EXPAND_ELT(k0, k1, k2, k3)
This structure is a context for SHAvite-224 and SHAvite-256 computations: it contains the intermediat...
void sph_shavite512_init(void *cc)
Initialize a SHAvite-512 context.
void sph_shavite224_init(void *cc)
Initialize a SHAvite-224 context.
void sph_shavite256_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst)
Add a few additional bits (0 to 7) to the current computation, then terminate it and output the resul...
void sph_shavite512(void *cc, const void *data, size_t len)
Process some data bytes.
void sph_shavite256_close(void *cc, void *dst)
Terminate the current SHAvite-256 computation and output the result into the provided buffer...
void sph_shavite224_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst)
Add a few additional bits (0 to 7) to the current computation, then terminate it and output the resul...
void * memcpy(void *a, const void *b, size_t c)
void sph_shavite512_close(void *cc, void *dst)
Terminate the current SHAvite-512 computation and output the result into the provided buffer...
void sph_shavite384_close(void *cc, void *dst)
Terminate the current SHAvite-384 computation and output the result into the provided buffer...
void sph_shavite256(void *cc, const void *data, size_t len)
Process some data bytes.
void sph_shavite384_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst)
Add a few additional bits (0 to 7) to the current computation, then terminate it and output the resul...
void sph_shavite384(void *cc, const void *data, size_t len)
Process some data bytes.
void sph_shavite224(void *cc, const void *data, size_t len)
Process some data bytes.