Raven Core  3.0.0
P2P Digital Currency
skein.c
Go to the documentation of this file.
1 /* $Id: skein.c 254 2011-06-07 19:38:58Z tp $ */
2 /*
3  * Skein implementation.
4  *
5  * ==========================(LICENSE BEGIN)============================
6  *
7  * Copyright (c) 2007-2010 Projet RNRT SAPHIR
8  *
9  * Permission is hereby granted, free of charge, to any person obtaining
10  * a copy of this software and associated documentation files (the
11  * "Software"), to deal in the Software without restriction, including
12  * without limitation the rights to use, copy, modify, merge, publish,
13  * distribute, sublicense, and/or sell copies of the Software, and to
14  * permit persons to whom the Software is furnished to do so, subject to
15  * the following conditions:
16  *
17  * The above copyright notice and this permission notice shall be
18  * included in all copies or substantial portions of the Software.
19  *
20  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
21  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
22  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
23  * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
24  * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
25  * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
26  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
27  *
28  * ===========================(LICENSE END)=============================
29  *
30  * @author Thomas Pornin <thomas.pornin@cryptolog.com>
31  */
32 
33 #include <stddef.h>
34 #include <string.h>
35 
36 #include "sph_skein.h"
37 
38 #ifdef __cplusplus
39 extern "C"{
40 #endif
41 
42 
43 #if SPH_SMALL_FOOTPRINT && !defined SPH_SMALL_FOOTPRINT_SKEIN
44 #define SPH_SMALL_FOOTPRINT_SKEIN 1
45 #endif
46 
47 #ifdef _MSC_VER
48 #pragma warning (disable: 4146)
49 #endif
50 
51 #if SPH_64
52 
53 #if 0
54 /* obsolete */
55 /*
56  * M5_ ## s ## _ ## i evaluates to s+i mod 5 (0 <= s <= 18, 0 <= i <= 3).
57  */
58 
59 #define M5_0_0 0
60 #define M5_0_1 1
61 #define M5_0_2 2
62 #define M5_0_3 3
63 
64 #define M5_1_0 1
65 #define M5_1_1 2
66 #define M5_1_2 3
67 #define M5_1_3 4
68 
69 #define M5_2_0 2
70 #define M5_2_1 3
71 #define M5_2_2 4
72 #define M5_2_3 0
73 
74 #define M5_3_0 3
75 #define M5_3_1 4
76 #define M5_3_2 0
77 #define M5_3_3 1
78 
79 #define M5_4_0 4
80 #define M5_4_1 0
81 #define M5_4_2 1
82 #define M5_4_3 2
83 
84 #define M5_5_0 0
85 #define M5_5_1 1
86 #define M5_5_2 2
87 #define M5_5_3 3
88 
89 #define M5_6_0 1
90 #define M5_6_1 2
91 #define M5_6_2 3
92 #define M5_6_3 4
93 
94 #define M5_7_0 2
95 #define M5_7_1 3
96 #define M5_7_2 4
97 #define M5_7_3 0
98 
99 #define M5_8_0 3
100 #define M5_8_1 4
101 #define M5_8_2 0
102 #define M5_8_3 1
103 
104 #define M5_9_0 4
105 #define M5_9_1 0
106 #define M5_9_2 1
107 #define M5_9_3 2
108 
109 #define M5_10_0 0
110 #define M5_10_1 1
111 #define M5_10_2 2
112 #define M5_10_3 3
113 
114 #define M5_11_0 1
115 #define M5_11_1 2
116 #define M5_11_2 3
117 #define M5_11_3 4
118 
119 #define M5_12_0 2
120 #define M5_12_1 3
121 #define M5_12_2 4
122 #define M5_12_3 0
123 
124 #define M5_13_0 3
125 #define M5_13_1 4
126 #define M5_13_2 0
127 #define M5_13_3 1
128 
129 #define M5_14_0 4
130 #define M5_14_1 0
131 #define M5_14_2 1
132 #define M5_14_3 2
133 
134 #define M5_15_0 0
135 #define M5_15_1 1
136 #define M5_15_2 2
137 #define M5_15_3 3
138 
139 #define M5_16_0 1
140 #define M5_16_1 2
141 #define M5_16_2 3
142 #define M5_16_3 4
143 
144 #define M5_17_0 2
145 #define M5_17_1 3
146 #define M5_17_2 4
147 #define M5_17_3 0
148 
149 #define M5_18_0 3
150 #define M5_18_1 4
151 #define M5_18_2 0
152 #define M5_18_3 1
153 #endif
154 
155 /*
156  * M9_ ## s ## _ ## i evaluates to s+i mod 9 (0 <= s <= 18, 0 <= i <= 7).
157  */
158 
159 #define M9_0_0 0
160 #define M9_0_1 1
161 #define M9_0_2 2
162 #define M9_0_3 3
163 #define M9_0_4 4
164 #define M9_0_5 5
165 #define M9_0_6 6
166 #define M9_0_7 7
167 
168 #define M9_1_0 1
169 #define M9_1_1 2
170 #define M9_1_2 3
171 #define M9_1_3 4
172 #define M9_1_4 5
173 #define M9_1_5 6
174 #define M9_1_6 7
175 #define M9_1_7 8
176 
177 #define M9_2_0 2
178 #define M9_2_1 3
179 #define M9_2_2 4
180 #define M9_2_3 5
181 #define M9_2_4 6
182 #define M9_2_5 7
183 #define M9_2_6 8
184 #define M9_2_7 0
185 
186 #define M9_3_0 3
187 #define M9_3_1 4
188 #define M9_3_2 5
189 #define M9_3_3 6
190 #define M9_3_4 7
191 #define M9_3_5 8
192 #define M9_3_6 0
193 #define M9_3_7 1
194 
195 #define M9_4_0 4
196 #define M9_4_1 5
197 #define M9_4_2 6
198 #define M9_4_3 7
199 #define M9_4_4 8
200 #define M9_4_5 0
201 #define M9_4_6 1
202 #define M9_4_7 2
203 
204 #define M9_5_0 5
205 #define M9_5_1 6
206 #define M9_5_2 7
207 #define M9_5_3 8
208 #define M9_5_4 0
209 #define M9_5_5 1
210 #define M9_5_6 2
211 #define M9_5_7 3
212 
213 #define M9_6_0 6
214 #define M9_6_1 7
215 #define M9_6_2 8
216 #define M9_6_3 0
217 #define M9_6_4 1
218 #define M9_6_5 2
219 #define M9_6_6 3
220 #define M9_6_7 4
221 
222 #define M9_7_0 7
223 #define M9_7_1 8
224 #define M9_7_2 0
225 #define M9_7_3 1
226 #define M9_7_4 2
227 #define M9_7_5 3
228 #define M9_7_6 4
229 #define M9_7_7 5
230 
231 #define M9_8_0 8
232 #define M9_8_1 0
233 #define M9_8_2 1
234 #define M9_8_3 2
235 #define M9_8_4 3
236 #define M9_8_5 4
237 #define M9_8_6 5
238 #define M9_8_7 6
239 
240 #define M9_9_0 0
241 #define M9_9_1 1
242 #define M9_9_2 2
243 #define M9_9_3 3
244 #define M9_9_4 4
245 #define M9_9_5 5
246 #define M9_9_6 6
247 #define M9_9_7 7
248 
249 #define M9_10_0 1
250 #define M9_10_1 2
251 #define M9_10_2 3
252 #define M9_10_3 4
253 #define M9_10_4 5
254 #define M9_10_5 6
255 #define M9_10_6 7
256 #define M9_10_7 8
257 
258 #define M9_11_0 2
259 #define M9_11_1 3
260 #define M9_11_2 4
261 #define M9_11_3 5
262 #define M9_11_4 6
263 #define M9_11_5 7
264 #define M9_11_6 8
265 #define M9_11_7 0
266 
267 #define M9_12_0 3
268 #define M9_12_1 4
269 #define M9_12_2 5
270 #define M9_12_3 6
271 #define M9_12_4 7
272 #define M9_12_5 8
273 #define M9_12_6 0
274 #define M9_12_7 1
275 
276 #define M9_13_0 4
277 #define M9_13_1 5
278 #define M9_13_2 6
279 #define M9_13_3 7
280 #define M9_13_4 8
281 #define M9_13_5 0
282 #define M9_13_6 1
283 #define M9_13_7 2
284 
285 #define M9_14_0 5
286 #define M9_14_1 6
287 #define M9_14_2 7
288 #define M9_14_3 8
289 #define M9_14_4 0
290 #define M9_14_5 1
291 #define M9_14_6 2
292 #define M9_14_7 3
293 
294 #define M9_15_0 6
295 #define M9_15_1 7
296 #define M9_15_2 8
297 #define M9_15_3 0
298 #define M9_15_4 1
299 #define M9_15_5 2
300 #define M9_15_6 3
301 #define M9_15_7 4
302 
303 #define M9_16_0 7
304 #define M9_16_1 8
305 #define M9_16_2 0
306 #define M9_16_3 1
307 #define M9_16_4 2
308 #define M9_16_5 3
309 #define M9_16_6 4
310 #define M9_16_7 5
311 
312 #define M9_17_0 8
313 #define M9_17_1 0
314 #define M9_17_2 1
315 #define M9_17_3 2
316 #define M9_17_4 3
317 #define M9_17_5 4
318 #define M9_17_6 5
319 #define M9_17_7 6
320 
321 #define M9_18_0 0
322 #define M9_18_1 1
323 #define M9_18_2 2
324 #define M9_18_3 3
325 #define M9_18_4 4
326 #define M9_18_5 5
327 #define M9_18_6 6
328 #define M9_18_7 7
329 
330 /*
331  * M3_ ## s ## _ ## i evaluates to s+i mod 3 (0 <= s <= 18, 0 <= i <= 1).
332  */
333 
334 #define M3_0_0 0
335 #define M3_0_1 1
336 #define M3_1_0 1
337 #define M3_1_1 2
338 #define M3_2_0 2
339 #define M3_2_1 0
340 #define M3_3_0 0
341 #define M3_3_1 1
342 #define M3_4_0 1
343 #define M3_4_1 2
344 #define M3_5_0 2
345 #define M3_5_1 0
346 #define M3_6_0 0
347 #define M3_6_1 1
348 #define M3_7_0 1
349 #define M3_7_1 2
350 #define M3_8_0 2
351 #define M3_8_1 0
352 #define M3_9_0 0
353 #define M3_9_1 1
354 #define M3_10_0 1
355 #define M3_10_1 2
356 #define M3_11_0 2
357 #define M3_11_1 0
358 #define M3_12_0 0
359 #define M3_12_1 1
360 #define M3_13_0 1
361 #define M3_13_1 2
362 #define M3_14_0 2
363 #define M3_14_1 0
364 #define M3_15_0 0
365 #define M3_15_1 1
366 #define M3_16_0 1
367 #define M3_16_1 2
368 #define M3_17_0 2
369 #define M3_17_1 0
370 #define M3_18_0 0
371 #define M3_18_1 1
372 
373 #define XCAT(x, y) XCAT_(x, y)
374 #define XCAT_(x, y) x ## y
375 
376 #if 0
377 /* obsolete */
378 #define SKSI(k, s, i) XCAT(k, XCAT(XCAT(XCAT(M5_, s), _), i))
379 #define SKST(t, s, v) XCAT(t, XCAT(XCAT(XCAT(M3_, s), _), v))
380 #endif
381 
382 #define SKBI(k, s, i) XCAT(k, XCAT(XCAT(XCAT(M9_, s), _), i))
383 #define SKBT(t, s, v) XCAT(t, XCAT(XCAT(XCAT(M3_, s), _), v))
384 
385 #if 0
386 /* obsolete */
387 #define TFSMALL_KINIT(k0, k1, k2, k3, k4, t0, t1, t2) do { \
388  k4 = (k0 ^ k1) ^ (k2 ^ k3) ^ SPH_C64(0x1BD11BDAA9FC1A22); \
389  t2 = t0 ^ t1; \
390  } while (0)
391 #endif
392 
393 #define TFBIG_KINIT(k0, k1, k2, k3, k4, k5, k6, k7, k8, t0, t1, t2) do { \
394  k8 = ((k0 ^ k1) ^ (k2 ^ k3)) ^ ((k4 ^ k5) ^ (k6 ^ k7)) \
395  ^ SPH_C64(0x1BD11BDAA9FC1A22); \
396  t2 = t0 ^ t1; \
397  } while (0)
398 
399 #if 0
400 /* obsolete */
401 #define TFSMALL_ADDKEY(w0, w1, w2, w3, k, t, s) do { \
402  w0 = SPH_T64(w0 + SKSI(k, s, 0)); \
403  w1 = SPH_T64(w1 + SKSI(k, s, 1) + SKST(t, s, 0)); \
404  w2 = SPH_T64(w2 + SKSI(k, s, 2) + SKST(t, s, 1)); \
405  w3 = SPH_T64(w3 + SKSI(k, s, 3) + (sph_u64)s); \
406  } while (0)
407 #endif
408 
409 #if SPH_SMALL_FOOTPRINT_SKEIN
410 
411 #define TFBIG_ADDKEY(s, tt0, tt1) do { \
412  p0 = SPH_T64(p0 + h[s + 0]); \
413  p1 = SPH_T64(p1 + h[s + 1]); \
414  p2 = SPH_T64(p2 + h[s + 2]); \
415  p3 = SPH_T64(p3 + h[s + 3]); \
416  p4 = SPH_T64(p4 + h[s + 4]); \
417  p5 = SPH_T64(p5 + h[s + 5] + tt0); \
418  p6 = SPH_T64(p6 + h[s + 6] + tt1); \
419  p7 = SPH_T64(p7 + h[s + 7] + (sph_u64)s); \
420  } while (0)
421 
422 #else
423 
424 #define TFBIG_ADDKEY(w0, w1, w2, w3, w4, w5, w6, w7, k, t, s) do { \
425  w0 = SPH_T64(w0 + SKBI(k, s, 0)); \
426  w1 = SPH_T64(w1 + SKBI(k, s, 1)); \
427  w2 = SPH_T64(w2 + SKBI(k, s, 2)); \
428  w3 = SPH_T64(w3 + SKBI(k, s, 3)); \
429  w4 = SPH_T64(w4 + SKBI(k, s, 4)); \
430  w5 = SPH_T64(w5 + SKBI(k, s, 5) + SKBT(t, s, 0)); \
431  w6 = SPH_T64(w6 + SKBI(k, s, 6) + SKBT(t, s, 1)); \
432  w7 = SPH_T64(w7 + SKBI(k, s, 7) + (sph_u64)s); \
433  } while (0)
434 
435 #endif
436 
437 #if 0
438 /* obsolete */
439 #define TFSMALL_MIX(x0, x1, rc) do { \
440  x0 = SPH_T64(x0 + x1); \
441  x1 = SPH_ROTL64(x1, rc) ^ x0; \
442  } while (0)
443 #endif
444 
445 #define TFBIG_MIX(x0, x1, rc) do { \
446  x0 = SPH_T64(x0 + x1); \
447  x1 = SPH_ROTL64(x1, rc) ^ x0; \
448  } while (0)
449 
450 #if 0
451 /* obsolete */
452 #define TFSMALL_MIX4(w0, w1, w2, w3, rc0, rc1) do { \
453  TFSMALL_MIX(w0, w1, rc0); \
454  TFSMALL_MIX(w2, w3, rc1); \
455  } while (0)
456 #endif
457 
458 #define TFBIG_MIX8(w0, w1, w2, w3, w4, w5, w6, w7, rc0, rc1, rc2, rc3) do { \
459  TFBIG_MIX(w0, w1, rc0); \
460  TFBIG_MIX(w2, w3, rc1); \
461  TFBIG_MIX(w4, w5, rc2); \
462  TFBIG_MIX(w6, w7, rc3); \
463  } while (0)
464 
465 #if 0
466 /* obsolete */
467 #define TFSMALL_4e(s) do { \
468  TFSMALL_ADDKEY(p0, p1, p2, p3, h, t, s); \
469  TFSMALL_MIX4(p0, p1, p2, p3, 14, 16); \
470  TFSMALL_MIX4(p0, p3, p2, p1, 52, 57); \
471  TFSMALL_MIX4(p0, p1, p2, p3, 23, 40); \
472  TFSMALL_MIX4(p0, p3, p2, p1, 5, 37); \
473  } while (0)
474 
475 #define TFSMALL_4o(s) do { \
476  TFSMALL_ADDKEY(p0, p1, p2, p3, h, t, s); \
477  TFSMALL_MIX4(p0, p1, p2, p3, 25, 33); \
478  TFSMALL_MIX4(p0, p3, p2, p1, 46, 12); \
479  TFSMALL_MIX4(p0, p1, p2, p3, 58, 22); \
480  TFSMALL_MIX4(p0, p3, p2, p1, 32, 32); \
481  } while (0)
482 #endif
483 
484 #if SPH_SMALL_FOOTPRINT_SKEIN
485 
486 #define TFBIG_4e(s) do { \
487  TFBIG_ADDKEY(s, t0, t1); \
488  TFBIG_MIX8(p0, p1, p2, p3, p4, p5, p6, p7, 46, 36, 19, 37); \
489  TFBIG_MIX8(p2, p1, p4, p7, p6, p5, p0, p3, 33, 27, 14, 42); \
490  TFBIG_MIX8(p4, p1, p6, p3, p0, p5, p2, p7, 17, 49, 36, 39); \
491  TFBIG_MIX8(p6, p1, p0, p7, p2, p5, p4, p3, 44, 9, 54, 56); \
492  } while (0)
493 
494 #define TFBIG_4o(s) do { \
495  TFBIG_ADDKEY(s, t1, t2); \
496  TFBIG_MIX8(p0, p1, p2, p3, p4, p5, p6, p7, 39, 30, 34, 24); \
497  TFBIG_MIX8(p2, p1, p4, p7, p6, p5, p0, p3, 13, 50, 10, 17); \
498  TFBIG_MIX8(p4, p1, p6, p3, p0, p5, p2, p7, 25, 29, 39, 43); \
499  TFBIG_MIX8(p6, p1, p0, p7, p2, p5, p4, p3, 8, 35, 56, 22); \
500  } while (0)
501 
502 #else
503 
504 #define TFBIG_4e(s) do { \
505  TFBIG_ADDKEY(p0, p1, p2, p3, p4, p5, p6, p7, h, t, s); \
506  TFBIG_MIX8(p0, p1, p2, p3, p4, p5, p6, p7, 46, 36, 19, 37); \
507  TFBIG_MIX8(p2, p1, p4, p7, p6, p5, p0, p3, 33, 27, 14, 42); \
508  TFBIG_MIX8(p4, p1, p6, p3, p0, p5, p2, p7, 17, 49, 36, 39); \
509  TFBIG_MIX8(p6, p1, p0, p7, p2, p5, p4, p3, 44, 9, 54, 56); \
510  } while (0)
511 
512 #define TFBIG_4o(s) do { \
513  TFBIG_ADDKEY(p0, p1, p2, p3, p4, p5, p6, p7, h, t, s); \
514  TFBIG_MIX8(p0, p1, p2, p3, p4, p5, p6, p7, 39, 30, 34, 24); \
515  TFBIG_MIX8(p2, p1, p4, p7, p6, p5, p0, p3, 13, 50, 10, 17); \
516  TFBIG_MIX8(p4, p1, p6, p3, p0, p5, p2, p7, 25, 29, 39, 43); \
517  TFBIG_MIX8(p6, p1, p0, p7, p2, p5, p4, p3, 8, 35, 56, 22); \
518  } while (0)
519 
520 #endif
521 
522 #if 0
523 /* obsolete */
524 #define UBI_SMALL(etype, extra) do { \
525  sph_u64 h4, t0, t1, t2; \
526  sph_u64 m0 = sph_dec64le(buf + 0); \
527  sph_u64 m1 = sph_dec64le(buf + 8); \
528  sph_u64 m2 = sph_dec64le(buf + 16); \
529  sph_u64 m3 = sph_dec64le(buf + 24); \
530  sph_u64 p0 = m0; \
531  sph_u64 p1 = m1; \
532  sph_u64 p2 = m2; \
533  sph_u64 p3 = m3; \
534  t0 = SPH_T64(bcount << 5) + (sph_u64)(extra); \
535  t1 = (bcount >> 59) + ((sph_u64)(etype) << 55); \
536  TFSMALL_KINIT(h0, h1, h2, h3, h4, t0, t1, t2); \
537  TFSMALL_4e(0); \
538  TFSMALL_4o(1); \
539  TFSMALL_4e(2); \
540  TFSMALL_4o(3); \
541  TFSMALL_4e(4); \
542  TFSMALL_4o(5); \
543  TFSMALL_4e(6); \
544  TFSMALL_4o(7); \
545  TFSMALL_4e(8); \
546  TFSMALL_4o(9); \
547  TFSMALL_4e(10); \
548  TFSMALL_4o(11); \
549  TFSMALL_4e(12); \
550  TFSMALL_4o(13); \
551  TFSMALL_4e(14); \
552  TFSMALL_4o(15); \
553  TFSMALL_4e(16); \
554  TFSMALL_4o(17); \
555  TFSMALL_ADDKEY(p0, p1, p2, p3, h, t, 18); \
556  h0 = m0 ^ p0; \
557  h1 = m1 ^ p1; \
558  h2 = m2 ^ p2; \
559  h3 = m3 ^ p3; \
560  } while (0)
561 #endif
562 
563 #if SPH_SMALL_FOOTPRINT_SKEIN
564 
565 #define UBI_BIG(etype, extra) do { \
566  sph_u64 t0, t1, t2; \
567  unsigned u; \
568  sph_u64 m0 = sph_dec64le_aligned(buf + 0); \
569  sph_u64 m1 = sph_dec64le_aligned(buf + 8); \
570  sph_u64 m2 = sph_dec64le_aligned(buf + 16); \
571  sph_u64 m3 = sph_dec64le_aligned(buf + 24); \
572  sph_u64 m4 = sph_dec64le_aligned(buf + 32); \
573  sph_u64 m5 = sph_dec64le_aligned(buf + 40); \
574  sph_u64 m6 = sph_dec64le_aligned(buf + 48); \
575  sph_u64 m7 = sph_dec64le_aligned(buf + 56); \
576  sph_u64 p0 = m0; \
577  sph_u64 p1 = m1; \
578  sph_u64 p2 = m2; \
579  sph_u64 p3 = m3; \
580  sph_u64 p4 = m4; \
581  sph_u64 p5 = m5; \
582  sph_u64 p6 = m6; \
583  sph_u64 p7 = m7; \
584  t0 = SPH_T64(bcount << 6) + (sph_u64)(extra); \
585  t1 = (bcount >> 58) + ((sph_u64)(etype) << 55); \
586  TFBIG_KINIT(h[0], h[1], h[2], h[3], h[4], h[5], \
587  h[6], h[7], h[8], t0, t1, t2); \
588  for (u = 0; u <= 15; u += 3) { \
589  h[u + 9] = h[u + 0]; \
590  h[u + 10] = h[u + 1]; \
591  h[u + 11] = h[u + 2]; \
592  } \
593  for (u = 0; u < 9; u ++) { \
594  sph_u64 s = u << 1; \
595  sph_u64 tmp; \
596  TFBIG_4e(s); \
597  TFBIG_4o(s + 1); \
598  tmp = t2; \
599  t2 = t1; \
600  t1 = t0; \
601  t0 = tmp; \
602  } \
603  TFBIG_ADDKEY(18, t0, t1); \
604  h[0] = m0 ^ p0; \
605  h[1] = m1 ^ p1; \
606  h[2] = m2 ^ p2; \
607  h[3] = m3 ^ p3; \
608  h[4] = m4 ^ p4; \
609  h[5] = m5 ^ p5; \
610  h[6] = m6 ^ p6; \
611  h[7] = m7 ^ p7; \
612  } while (0)
613 
614 #else
615 
616 #define UBI_BIG(etype, extra) do { \
617  sph_u64 h8, t0, t1, t2; \
618  sph_u64 m0 = sph_dec64le_aligned(buf + 0); \
619  sph_u64 m1 = sph_dec64le_aligned(buf + 8); \
620  sph_u64 m2 = sph_dec64le_aligned(buf + 16); \
621  sph_u64 m3 = sph_dec64le_aligned(buf + 24); \
622  sph_u64 m4 = sph_dec64le_aligned(buf + 32); \
623  sph_u64 m5 = sph_dec64le_aligned(buf + 40); \
624  sph_u64 m6 = sph_dec64le_aligned(buf + 48); \
625  sph_u64 m7 = sph_dec64le_aligned(buf + 56); \
626  sph_u64 p0 = m0; \
627  sph_u64 p1 = m1; \
628  sph_u64 p2 = m2; \
629  sph_u64 p3 = m3; \
630  sph_u64 p4 = m4; \
631  sph_u64 p5 = m5; \
632  sph_u64 p6 = m6; \
633  sph_u64 p7 = m7; \
634  t0 = SPH_T64(bcount << 6) + (sph_u64)(extra); \
635  t1 = (bcount >> 58) + ((sph_u64)(etype) << 55); \
636  TFBIG_KINIT(h0, h1, h2, h3, h4, h5, h6, h7, h8, t0, t1, t2); \
637  TFBIG_4e(0); \
638  TFBIG_4o(1); \
639  TFBIG_4e(2); \
640  TFBIG_4o(3); \
641  TFBIG_4e(4); \
642  TFBIG_4o(5); \
643  TFBIG_4e(6); \
644  TFBIG_4o(7); \
645  TFBIG_4e(8); \
646  TFBIG_4o(9); \
647  TFBIG_4e(10); \
648  TFBIG_4o(11); \
649  TFBIG_4e(12); \
650  TFBIG_4o(13); \
651  TFBIG_4e(14); \
652  TFBIG_4o(15); \
653  TFBIG_4e(16); \
654  TFBIG_4o(17); \
655  TFBIG_ADDKEY(p0, p1, p2, p3, p4, p5, p6, p7, h, t, 18); \
656  h0 = m0 ^ p0; \
657  h1 = m1 ^ p1; \
658  h2 = m2 ^ p2; \
659  h3 = m3 ^ p3; \
660  h4 = m4 ^ p4; \
661  h5 = m5 ^ p5; \
662  h6 = m6 ^ p6; \
663  h7 = m7 ^ p7; \
664  } while (0)
665 
666 #endif
667 
668 #if 0
669 /* obsolete */
670 #define DECL_STATE_SMALL \
671  sph_u64 h0, h1, h2, h3; \
672  sph_u64 bcount;
673 
674 #define READ_STATE_SMALL(sc) do { \
675  h0 = (sc)->h0; \
676  h1 = (sc)->h1; \
677  h2 = (sc)->h2; \
678  h3 = (sc)->h3; \
679  bcount = sc->bcount; \
680  } while (0)
681 
682 #define WRITE_STATE_SMALL(sc) do { \
683  (sc)->h0 = h0; \
684  (sc)->h1 = h1; \
685  (sc)->h2 = h2; \
686  (sc)->h3 = h3; \
687  sc->bcount = bcount; \
688  } while (0)
689 #endif
690 
691 #if SPH_SMALL_FOOTPRINT_SKEIN
692 
693 #define DECL_STATE_BIG \
694  sph_u64 h[27]; \
695  sph_u64 bcount;
696 
697 #define READ_STATE_BIG(sc) do { \
698  h[0] = (sc)->h0; \
699  h[1] = (sc)->h1; \
700  h[2] = (sc)->h2; \
701  h[3] = (sc)->h3; \
702  h[4] = (sc)->h4; \
703  h[5] = (sc)->h5; \
704  h[6] = (sc)->h6; \
705  h[7] = (sc)->h7; \
706  bcount = sc->bcount; \
707  } while (0)
708 
709 #define WRITE_STATE_BIG(sc) do { \
710  (sc)->h0 = h[0]; \
711  (sc)->h1 = h[1]; \
712  (sc)->h2 = h[2]; \
713  (sc)->h3 = h[3]; \
714  (sc)->h4 = h[4]; \
715  (sc)->h5 = h[5]; \
716  (sc)->h6 = h[6]; \
717  (sc)->h7 = h[7]; \
718  sc->bcount = bcount; \
719  } while (0)
720 
721 #else
722 
723 #define DECL_STATE_BIG \
724  sph_u64 h0, h1, h2, h3, h4, h5, h6, h7; \
725  sph_u64 bcount;
726 
727 #define READ_STATE_BIG(sc) do { \
728  h0 = (sc)->h0; \
729  h1 = (sc)->h1; \
730  h2 = (sc)->h2; \
731  h3 = (sc)->h3; \
732  h4 = (sc)->h4; \
733  h5 = (sc)->h5; \
734  h6 = (sc)->h6; \
735  h7 = (sc)->h7; \
736  bcount = sc->bcount; \
737  } while (0)
738 
739 #define WRITE_STATE_BIG(sc) do { \
740  (sc)->h0 = h0; \
741  (sc)->h1 = h1; \
742  (sc)->h2 = h2; \
743  (sc)->h3 = h3; \
744  (sc)->h4 = h4; \
745  (sc)->h5 = h5; \
746  (sc)->h6 = h6; \
747  (sc)->h7 = h7; \
748  sc->bcount = bcount; \
749  } while (0)
750 
751 #endif
752 
753 #if 0
754 /* obsolete */
755 static void
756 skein_small_init(sph_skein_small_context *sc, const sph_u64 *iv)
757 {
758  sc->h0 = iv[0];
759  sc->h1 = iv[1];
760  sc->h2 = iv[2];
761  sc->h3 = iv[3];
762  sc->bcount = 0;
763  sc->ptr = 0;
764 }
765 #endif
766 
767 static void
768 skein_big_init(sph_skein_big_context *sc, const sph_u64 *iv)
769 {
770  sc->h0 = iv[0];
771  sc->h1 = iv[1];
772  sc->h2 = iv[2];
773  sc->h3 = iv[3];
774  sc->h4 = iv[4];
775  sc->h5 = iv[5];
776  sc->h6 = iv[6];
777  sc->h7 = iv[7];
778  sc->bcount = 0;
779  sc->ptr = 0;
780 }
781 
782 #if 0
783 /* obsolete */
784 static void
785 skein_small_core(sph_skein_small_context *sc, const void *data, size_t len)
786 {
787  unsigned char *buf;
788  size_t ptr, clen;
789  unsigned first;
791 
792  buf = sc->buf;
793  ptr = sc->ptr;
794  clen = (sizeof sc->buf) - ptr;
795  if (len <= clen) {
796  memcpy(buf + ptr, data, len);
797  sc->ptr = ptr + len;
798  return;
799  }
800  if (clen != 0) {
801  memcpy(buf + ptr, data, clen);
802  data = (const unsigned char *)data + clen;
803  len -= clen;
804  }
805 
806 #if SPH_SMALL_FOOTPRINT_SKEIN
807 
808  READ_STATE_SMALL(sc);
809  first = (bcount == 0) << 7;
810  for (;;) {
811  bcount ++;
812  UBI_SMALL(96 + first, 0);
813  if (len <= sizeof sc->buf)
814  break;
815  first = 0;
816  memcpy(buf, data, sizeof sc->buf);
817  data = (const unsigned char *)data + sizeof sc->buf;
818  len -= sizeof sc->buf;
819  }
820  WRITE_STATE_SMALL(sc);
821  sc->ptr = len;
822  memcpy(buf, data, len);
823 
824 #else
825 
826  /*
827  * Unrolling the loop yields a slight performance boost, while
828  * keeping the code size aorund 24 kB on 32-bit x86.
829  */
830  READ_STATE_SMALL(sc);
831  first = (bcount == 0) << 7;
832  for (;;) {
833  bcount ++;
834  UBI_SMALL(96 + first, 0);
835  if (len <= sizeof sc->buf)
836  break;
837  buf = (unsigned char *)data;
838  bcount ++;
839  UBI_SMALL(96, 0);
840  if (len <= 2 * sizeof sc->buf) {
841  data = buf + sizeof sc->buf;
842  len -= sizeof sc->buf;
843  break;
844  }
845  buf += sizeof sc->buf;
846  data = buf + sizeof sc->buf;
847  first = 0;
848  len -= 2 * sizeof sc->buf;
849  }
850  WRITE_STATE_SMALL(sc);
851  sc->ptr = len;
852  memcpy(sc->buf, data, len);
853 
854 #endif
855 }
856 #endif
857 
858 static void
859 skein_big_core(sph_skein_big_context *sc, const void *data, size_t len)
860 {
861  /*
862  * The Skein "final bit" in the tweak is troublesome here,
863  * because if the input has a length which is a multiple of the
864  * block size (512 bits) then that bit must be set for the
865  * final block, which is full of message bits (padding in
866  * Skein can be reduced to no extra bit at all). However, this
867  * function cannot know whether it processes the last chunks of
868  * the message or not. Hence we may keep a full block of buffered
869  * data (64 bytes).
870  */
871  unsigned char *buf;
872  size_t ptr;
873  unsigned first;
875 
876  buf = sc->buf;
877  ptr = sc->ptr;
878  if (len <= (sizeof sc->buf) - ptr) {
879  memcpy(buf + ptr, data, len);
880  ptr += len;
881  sc->ptr = ptr;
882  return;
883  }
884 
885  READ_STATE_BIG(sc);
886  first = (bcount == 0) << 7;
887  do {
888  size_t clen;
889 
890  if (ptr == sizeof sc->buf) {
891  bcount ++;
892  UBI_BIG(96 + first, 0);
893  first = 0;
894  ptr = 0;
895  }
896  clen = (sizeof sc->buf) - ptr;
897  if (clen > len)
898  clen = len;
899  memcpy(buf + ptr, data, clen);
900  ptr += clen;
901  data = (const unsigned char *)data + clen;
902  len -= clen;
903  } while (len > 0);
904  WRITE_STATE_BIG(sc);
905  sc->ptr = ptr;
906 }
907 
908 #if 0
909 /* obsolete */
910 static void
911 skein_small_close(sph_skein_small_context *sc, unsigned ub, unsigned n,
912  void *dst, size_t out_len)
913 {
914  unsigned char *buf;
915  size_t ptr;
916  unsigned et;
917  int i;
919 
920  if (n != 0) {
921  unsigned z;
922  unsigned char x;
923 
924  z = 0x80 >> n;
925  x = ((ub & -z) | z) & 0xFF;
926  skein_small_core(sc, &x, 1);
927  }
928 
929  buf = sc->buf;
930  ptr = sc->ptr;
931  READ_STATE_SMALL(sc);
932  memset(buf + ptr, 0, (sizeof sc->buf) - ptr);
933  et = 352 + ((bcount == 0) << 7) + (n != 0);
934  for (i = 0; i < 2; i ++) {
935  UBI_SMALL(et, ptr);
936  if (i == 0) {
937  memset(buf, 0, sizeof sc->buf);
938  bcount = 0;
939  et = 510;
940  ptr = 8;
941  }
942  }
943 
944  sph_enc64le_aligned(buf + 0, h0);
945  sph_enc64le_aligned(buf + 8, h1);
946  sph_enc64le_aligned(buf + 16, h2);
947  sph_enc64le_aligned(buf + 24, h3);
948  memcpy(dst, buf, out_len);
949 }
950 #endif
951 
952 static void
953 skein_big_close(sph_skein_big_context *sc, unsigned ub, unsigned n,
954  void *dst, size_t out_len)
955 {
956  unsigned char *buf;
957  size_t ptr;
958  unsigned et;
959  int i;
960 #if SPH_SMALL_FOOTPRINT_SKEIN
961  size_t u;
962 #endif
964 
965  /*
966  * Add bit padding if necessary.
967  */
968  if (n != 0) {
969  unsigned z;
970  unsigned char x;
971 
972  z = 0x80 >> n;
973  x = ((ub & -z) | z) & 0xFF;
974  skein_big_core(sc, &x, 1);
975  }
976 
977  buf = sc->buf;
978  ptr = sc->ptr;
979 
980  /*
981  * At that point, if ptr == 0, then the message was empty;
982  * otherwise, there is between 1 and 64 bytes (inclusive) which
983  * are yet to be processed. Either way, we complete the buffer
984  * to a full block with zeros (the Skein specification mandates
985  * that an empty message is padded so that there is at least
986  * one block to process).
987  *
988  * Once this block has been processed, we do it again, with
989  * a block full of zeros, for the output (that block contains
990  * the encoding of "0", over 8 bytes, then padded with zeros).
991  */
992  READ_STATE_BIG(sc);
993  memset(buf + ptr, 0, (sizeof sc->buf) - ptr);
994  et = 352 + ((bcount == 0) << 7) + (n != 0);
995  for (i = 0; i < 2; i ++) {
996  UBI_BIG(et, ptr);
997  if (i == 0) {
998  memset(buf, 0, sizeof sc->buf);
999  bcount = 0;
1000  et = 510;
1001  ptr = 8;
1002  }
1003  }
1004 
1005 #if SPH_SMALL_FOOTPRINT_SKEIN
1006 
1007  /*
1008  * We use a temporary buffer because we must support the case
1009  * where output size is not a multiple of 64 (namely, a 224-bit
1010  * output).
1011  */
1012  for (u = 0; u < out_len; u += 8)
1013  sph_enc64le_aligned(buf + u, h[u >> 3]);
1014  memcpy(dst, buf, out_len);
1015 
1016 #else
1017 
1018  sph_enc64le_aligned(buf + 0, h0);
1019  sph_enc64le_aligned(buf + 8, h1);
1020  sph_enc64le_aligned(buf + 16, h2);
1021  sph_enc64le_aligned(buf + 24, h3);
1022  sph_enc64le_aligned(buf + 32, h4);
1023  sph_enc64le_aligned(buf + 40, h5);
1024  sph_enc64le_aligned(buf + 48, h6);
1025  sph_enc64le_aligned(buf + 56, h7);
1026  memcpy(dst, buf, out_len);
1027 
1028 #endif
1029 }
1030 
1031 #if 0
1032 /* obsolete */
1033 static const sph_u64 IV224[] = {
1034  SPH_C64(0xC6098A8C9AE5EA0B), SPH_C64(0x876D568608C5191C),
1035  SPH_C64(0x99CB88D7D7F53884), SPH_C64(0x384BDDB1AEDDB5DE)
1036 };
1037 
1038 static const sph_u64 IV256[] = {
1039  SPH_C64(0xFC9DA860D048B449), SPH_C64(0x2FCA66479FA7D833),
1040  SPH_C64(0xB33BC3896656840F), SPH_C64(0x6A54E920FDE8DA69)
1041 };
1042 #endif
1043 
1044 static const sph_u64 IV224[] = {
1045  SPH_C64(0xCCD0616248677224), SPH_C64(0xCBA65CF3A92339EF),
1046  SPH_C64(0x8CCD69D652FF4B64), SPH_C64(0x398AED7B3AB890B4),
1047  SPH_C64(0x0F59D1B1457D2BD0), SPH_C64(0x6776FE6575D4EB3D),
1048  SPH_C64(0x99FBC70E997413E9), SPH_C64(0x9E2CFCCFE1C41EF7)
1049 };
1050 
1051 static const sph_u64 IV256[] = {
1052  SPH_C64(0xCCD044A12FDB3E13), SPH_C64(0xE83590301A79A9EB),
1053  SPH_C64(0x55AEA0614F816E6F), SPH_C64(0x2A2767A4AE9B94DB),
1054  SPH_C64(0xEC06025E74DD7683), SPH_C64(0xE7A436CDC4746251),
1055  SPH_C64(0xC36FBAF9393AD185), SPH_C64(0x3EEDBA1833EDFC13)
1056 };
1057 
1058 static const sph_u64 IV384[] = {
1059  SPH_C64(0xA3F6C6BF3A75EF5F), SPH_C64(0xB0FEF9CCFD84FAA4),
1060  SPH_C64(0x9D77DD663D770CFE), SPH_C64(0xD798CBF3B468FDDA),
1061  SPH_C64(0x1BC4A6668A0E4465), SPH_C64(0x7ED7D434E5807407),
1062  SPH_C64(0x548FC1ACD4EC44D6), SPH_C64(0x266E17546AA18FF8)
1063 };
1064 
1065 static const sph_u64 IV512[] = {
1066  SPH_C64(0x4903ADFF749C51CE), SPH_C64(0x0D95DE399746DF03),
1067  SPH_C64(0x8FD1934127C79BCE), SPH_C64(0x9A255629FF352CB1),
1068  SPH_C64(0x5DB62599DF6CA7B0), SPH_C64(0xEABE394CA9D5C3F4),
1069  SPH_C64(0x991112C71A75B523), SPH_C64(0xAE18A40B660FCC33)
1070 };
1071 
1072 #if 0
1073 /* obsolete */
1074 /* see sph_skein.h */
1075 void
1076 sph_skein224_init(void *cc)
1077 {
1078  skein_small_init(cc, IV224);
1079 }
1080 
1081 /* see sph_skein.h */
1082 void
1083 sph_skein224(void *cc, const void *data, size_t len)
1084 {
1085  skein_small_core(cc, data, len);
1086 }
1087 
1088 /* see sph_skein.h */
1089 void
1090 sph_skein224_close(void *cc, void *dst)
1091 {
1092  sph_skein224_addbits_and_close(cc, 0, 0, dst);
1093 }
1094 
1095 /* see sph_skein.h */
1096 void
1097 sph_skein224_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst)
1098 {
1099  skein_small_close(cc, ub, n, dst, 28);
1100  sph_skein224_init(cc);
1101 }
1102 
1103 /* see sph_skein.h */
1104 void
1105 sph_skein256_init(void *cc)
1106 {
1107  skein_small_init(cc, IV256);
1108 }
1109 
1110 /* see sph_skein.h */
1111 void
1112 sph_skein256(void *cc, const void *data, size_t len)
1113 {
1114  skein_small_core(cc, data, len);
1115 }
1116 
1117 /* see sph_skein.h */
1118 void
1119 sph_skein256_close(void *cc, void *dst)
1120 {
1121  sph_skein256_addbits_and_close(cc, 0, 0, dst);
1122 }
1123 
1124 /* see sph_skein.h */
1125 void
1126 sph_skein256_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst)
1127 {
1128  skein_small_close(cc, ub, n, dst, 32);
1129  sph_skein256_init(cc);
1130 }
1131 #endif
1132 
1133 /* see sph_skein.h */
1134 void
1135 sph_skein224_init(void *cc)
1136 {
1137  skein_big_init(cc, IV224);
1138 }
1139 
1140 /* see sph_skein.h */
1141 void
1142 sph_skein224(void *cc, const void *data, size_t len)
1143 {
1144  skein_big_core(cc, data, len);
1145 }
1146 
1147 /* see sph_skein.h */
1148 void
1149 sph_skein224_close(void *cc, void *dst)
1150 {
1151  sph_skein224_addbits_and_close(cc, 0, 0, dst);
1152 }
1153 
1154 /* see sph_skein.h */
1155 void
1156 sph_skein224_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst)
1157 {
1158  skein_big_close(cc, ub, n, dst, 28);
1159  sph_skein224_init(cc);
1160 }
1161 
1162 /* see sph_skein.h */
1163 void
1164 sph_skein256_init(void *cc)
1165 {
1166  skein_big_init(cc, IV256);
1167 }
1168 
1169 /* see sph_skein.h */
1170 void
1171 sph_skein256(void *cc, const void *data, size_t len)
1172 {
1173  skein_big_core(cc, data, len);
1174 }
1175 
1176 /* see sph_skein.h */
1177 void
1178 sph_skein256_close(void *cc, void *dst)
1179 {
1180  sph_skein256_addbits_and_close(cc, 0, 0, dst);
1181 }
1182 
1183 /* see sph_skein.h */
1184 void
1185 sph_skein256_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst)
1186 {
1187  skein_big_close(cc, ub, n, dst, 32);
1188  sph_skein256_init(cc);
1189 }
1190 
1191 /* see sph_skein.h */
1192 void
1193 sph_skein384_init(void *cc)
1194 {
1195  skein_big_init(cc, IV384);
1196 }
1197 
1198 /* see sph_skein.h */
1199 void
1200 sph_skein384(void *cc, const void *data, size_t len)
1201 {
1202  skein_big_core(cc, data, len);
1203 }
1204 
1205 /* see sph_skein.h */
1206 void
1207 sph_skein384_close(void *cc, void *dst)
1208 {
1209  sph_skein384_addbits_and_close(cc, 0, 0, dst);
1210 }
1211 
1212 /* see sph_skein.h */
1213 void
1214 sph_skein384_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst)
1215 {
1216  skein_big_close(cc, ub, n, dst, 48);
1217  sph_skein384_init(cc);
1218 }
1219 
1220 /* see sph_skein.h */
1221 void
1222 sph_skein512_init(void *cc)
1223 {
1224  skein_big_init(cc, IV512);
1225 }
1226 
1227 /* see sph_skein.h */
1228 void
1229 sph_skein512(void *cc, const void *data, size_t len)
1230 {
1231  skein_big_core(cc, data, len);
1232 }
1233 
1234 /* see sph_skein.h */
1235 void
1236 sph_skein512_close(void *cc, void *dst)
1237 {
1238  sph_skein512_addbits_and_close(cc, 0, 0, dst);
1239 }
1240 
1241 /* see sph_skein.h */
1242 void
1243 sph_skein512_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst)
1244 {
1245  skein_big_close(cc, ub, n, dst, 64);
1246  sph_skein512_init(cc);
1247 }
1248 
1249 #endif
1250 
1251 
1252 #ifdef __cplusplus
1253 }
1254 #endif
#define READ_STATE_BIG(sc)
Definition: groestl.c:2355
Skein interface.
#define WRITE_STATE_BIG(sc)
Definition: groestl.c:2359
#define DECL_STATE_BIG
Definition: echo.c:350
void * memcpy(void *a, const void *b, size_t c)
#define READ_STATE_SMALL(sc)
Definition: groestl.c:2208
#define WRITE_STATE_SMALL(sc)
Definition: groestl.c:2212
#define DECL_STATE_SMALL
Definition: echo.c:347