├── .gitignore ├── index.js ├── x11.h ├── binding.gyp ├── package.json ├── x11hash.cc ├── README.md ├── test └── test.js ├── x11.c └── sha3 ├── sph_jh.h ├── sph_keccak.h ├── sph_luffa.h ├── sph_cubehash.h ├── sph_skein.h ├── sph_simd.h ├── sph_echo.h ├── sph_bmw.h ├── sph_blake.h ├── sph_shavite.h ├── sph_groestl.h ├── cubehash.c ├── aes_helper.c └── echo.c /.gitignore: -------------------------------------------------------------------------------- 1 | node_modules 2 | build 3 | -------------------------------------------------------------------------------- /index.js: -------------------------------------------------------------------------------- 1 | module.exports = require('bindings')('x11hash.node') -------------------------------------------------------------------------------- /x11.h: -------------------------------------------------------------------------------- 1 | #ifndef X11_H 2 | #define X11_H 3 | 4 | #ifdef __cplusplus 5 | extern "C" { 6 | #endif 7 | 8 | #include 9 | 10 | void x11_hash(const char* input, char* output, uint32_t len); 11 | 12 | #ifdef __cplusplus 13 | } 14 | #endif 15 | 16 | #endif 17 | -------------------------------------------------------------------------------- /binding.gyp: -------------------------------------------------------------------------------- 1 | { 2 | "targets": [ 3 | { 4 | "target_name": "x11hash", 5 | "sources": [ 6 | "x11hash.cc", 7 | "x11.c", 8 | "x11.h", 9 | "sha3/aes_helper.c", 10 | "sha3/blake.c", 11 | "sha3/bmw.c", 12 | "sha3/cubehash.c", 13 | "sha3/echo.c", 14 | "sha3/groestl.c", 15 | "sha3/jh.c", 16 | "sha3/keccak.c", 17 | "sha3/luffa.c", 18 | "sha3/shavite.c", 19 | "sha3/simd.c", 20 | "sha3/skein.c" 21 | ], 22 | "include_dirs" : [ 23 | " 2 | 3 | extern "C" { 4 | #include "x11.h" 5 | } 6 | 7 | NAN_METHOD(digest) { 8 | if (info.Length() != 1){ 9 | Nan::ThrowError("You must provide exactly one argument."); 10 | return; 11 | } 12 | 13 | v8::Local target = info[0]->ToObject(); 14 | 15 | if(!node::Buffer::HasInstance(target)) { 16 | Nan::ThrowError("Argument should be a buffer object."); 17 | return; 18 | } 19 | 20 | char * input = node::Buffer::Data(target); 21 | uint32_t input_len = node::Buffer::Length(target); 22 | char * output = new char[32]; 23 | 24 | x11_hash(input, output, input_len); 25 | 26 | Nan::MaybeLocal buffer = Nan::CopyBuffer(output, 32); 27 | 28 | delete []output; 29 | info.GetReturnValue().Set(buffer.ToLocalChecked()); 30 | } 31 | 32 | NAN_MODULE_INIT(init) { 33 | NAN_EXPORT(target, digest); 34 | } 35 | 36 | NODE_MODULE(x11hash, init) 37 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | node-x11-hash 2 | =============== 3 | 4 | x11 hashing function for node.js. Useful for various cryptocurrencies. 5 | 6 | Usage 7 | ----- 8 | 9 | Install 10 | 11 | ~ 12 | 13 | 14 | Hash your data 15 | 16 | var x11 = require('x11-hash'); 17 | 18 | var data = new Buffer('01234567890123456789012345678901234567890123456789012345678901234567890123456789'); 19 | var hashed = x11.digest(data); //returns a 32 byte buffer 20 | 21 | console.log("data: ", data, "\nhashed: ", hashed, "\nhashed(hex): ", hashed.toString('hex')); 22 | // data: 23 | // hashed: 24 | // hashed(hex): 0fe0c9bd25d85c203e95412ff6d23e1982411be1d95ea9679f90b2f0a28fb13b 25 | 26 | Credits 27 | ------- 28 | 29 | * Uses scrypt.c written by Colin Percival 30 | * [Neisklar](https://github.com/Neisklar/quarkcoin-hash-python) for the python module this is based off of 31 | -------------------------------------------------------------------------------- /test/test.js: -------------------------------------------------------------------------------- 1 | const x11 = require('./../'); 2 | const assert = require('assert'); 3 | 4 | const data = new Buffer('01234567890123456789012345678901234567890123456789012345678901234567890123456789'); 5 | var hashed = x11.digest(data); //returns a 32 byte buffer 6 | 7 | /* Debug output */ 8 | 9 | console.log("data: ", data, "\nhashed: ", hashed, "\nhashed(hex): ", hashed.toString('hex')); 10 | // data: 11 | // hashed: 12 | // hashed(hex): 0fe0c9bd25d85c203e95412ff6d23e1982411be1d95ea9679f90b2f0a28fb13b 13 | 14 | 15 | /* Test result vs known one */ 16 | 17 | assert( 18 | hashed.toString('hex') === '0fe0c9bd25d85c203e95412ff6d23e1982411be1d95ea9679f90b2f0a28fb13b', 19 | "Hashes do not match!" 20 | ); 21 | 22 | 23 | /* Test illegal function calls */ 24 | 25 | // You must provide exactly one argument. 26 | assert.throws( 27 | function() { 28 | x11.digest(); 29 | }, 30 | /You must provide exactly one argument\./, 31 | "Failed to throw error on less then 1 arguments" 32 | ); 33 | assert.throws( 34 | function() { 35 | x11.digest(data, data); 36 | }, 37 | /You must provide exactly one argument\./, 38 | "Failed to throw error on more than 1 arguments" 39 | ); 40 | 41 | // Argument should be a buffer object. 42 | assert.throws( 43 | function() { 44 | x11.digest("some string"); 45 | }, 46 | /Argument should be a buffer object\./, 47 | "Failed to throw error on non-buffer argument" 48 | ); 49 | 50 | /* Everything is fine */ 51 | 52 | console.log("\nAll tests \033[32mPASSED\033[0m!\n"); 53 | -------------------------------------------------------------------------------- /x11.c: -------------------------------------------------------------------------------- 1 | #include "x11.h" 2 | #include 3 | #include 4 | #include 5 | #include 6 | 7 | #include "sha3/sph_blake.h" 8 | #include "sha3/sph_bmw.h" 9 | #include "sha3/sph_groestl.h" 10 | #include "sha3/sph_jh.h" 11 | #include "sha3/sph_keccak.h" 12 | #include "sha3/sph_skein.h" 13 | #include "sha3/sph_luffa.h" 14 | #include "sha3/sph_cubehash.h" 15 | #include "sha3/sph_shavite.h" 16 | #include "sha3/sph_simd.h" 17 | #include "sha3/sph_echo.h" 18 | 19 | 20 | void x11_hash(const char* input, char* output, uint32_t len) 21 | { 22 | sph_blake512_context ctx_blake; 23 | sph_bmw512_context ctx_bmw; 24 | sph_groestl512_context ctx_groestl; 25 | sph_skein512_context ctx_skein; 26 | sph_jh512_context ctx_jh; 27 | sph_keccak512_context ctx_keccak; 28 | 29 | sph_luffa512_context ctx_luffa1; 30 | sph_cubehash512_context ctx_cubehash1; 31 | sph_shavite512_context ctx_shavite1; 32 | sph_simd512_context ctx_simd1; 33 | sph_echo512_context ctx_echo1; 34 | 35 | //these uint512 in the c++ source of the client are backed by an array of uint32 36 | uint32_t hashA[16], hashB[16]; 37 | 38 | sph_blake512_init(&ctx_blake); 39 | sph_blake512 (&ctx_blake, input, len); 40 | sph_blake512_close (&ctx_blake, hashA); 41 | 42 | sph_bmw512_init(&ctx_bmw); 43 | sph_bmw512 (&ctx_bmw, hashA, 64); 44 | sph_bmw512_close(&ctx_bmw, hashB); 45 | 46 | sph_groestl512_init(&ctx_groestl); 47 | sph_groestl512 (&ctx_groestl, hashB, 64); 48 | sph_groestl512_close(&ctx_groestl, hashA); 49 | 50 | sph_skein512_init(&ctx_skein); 51 | sph_skein512 (&ctx_skein, hashA, 64); 52 | sph_skein512_close (&ctx_skein, hashB); 53 | 54 | sph_jh512_init(&ctx_jh); 55 | sph_jh512 (&ctx_jh, hashB, 64); 56 | sph_jh512_close(&ctx_jh, hashA); 57 | 58 | sph_keccak512_init(&ctx_keccak); 59 | sph_keccak512 (&ctx_keccak, hashA, 64); 60 | sph_keccak512_close(&ctx_keccak, hashB); 61 | 62 | sph_luffa512_init (&ctx_luffa1); 63 | sph_luffa512 (&ctx_luffa1, hashB, 64); 64 | sph_luffa512_close (&ctx_luffa1, hashA); 65 | 66 | sph_cubehash512_init (&ctx_cubehash1); 67 | sph_cubehash512 (&ctx_cubehash1, hashA, 64); 68 | sph_cubehash512_close(&ctx_cubehash1, hashB); 69 | 70 | sph_shavite512_init (&ctx_shavite1); 71 | sph_shavite512 (&ctx_shavite1, hashB, 64); 72 | sph_shavite512_close(&ctx_shavite1, hashA); 73 | 74 | sph_simd512_init (&ctx_simd1); 75 | sph_simd512 (&ctx_simd1, hashA, 64); 76 | sph_simd512_close(&ctx_simd1, hashB); 77 | 78 | sph_echo512_init (&ctx_echo1); 79 | sph_echo512 (&ctx_echo1, hashB, 64); 80 | sph_echo512_close(&ctx_echo1, hashA); 81 | 82 | memcpy(output, hashA, 32); 83 | } 84 | 85 | -------------------------------------------------------------------------------- /sha3/sph_jh.h: -------------------------------------------------------------------------------- 1 | /* $Id: sph_jh.h 216 2010-06-08 09:46:57Z tp $ */ 2 | /** 3 | * JH interface. JH is a family of functions which differ by 4 | * their output size; this implementation defines JH for output 5 | * sizes 224, 256, 384 and 512 bits. 6 | * 7 | * ==========================(LICENSE BEGIN)============================ 8 | * 9 | * Copyright (c) 2007-2010 Projet RNRT SAPHIR 10 | * 11 | * Permission is hereby granted, free of charge, to any person obtaining 12 | * a copy of this software and associated documentation files (the 13 | * "Software"), to deal in the Software without restriction, including 14 | * without limitation the rights to use, copy, modify, merge, publish, 15 | * distribute, sublicense, and/or sell copies of the Software, and to 16 | * permit persons to whom the Software is furnished to do so, subject to 17 | * the following conditions: 18 | * 19 | * The above copyright notice and this permission notice shall be 20 | * included in all copies or substantial portions of the Software. 21 | * 22 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 23 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 24 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 25 | * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 26 | * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 27 | * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 28 | * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 29 | * 30 | * ===========================(LICENSE END)============================= 31 | * 32 | * @file sph_jh.h 33 | * @author Thomas Pornin 34 | */ 35 | 36 | #ifndef SPH_JH_H__ 37 | #define SPH_JH_H__ 38 | 39 | #ifdef __cplusplus 40 | extern "C"{ 41 | #endif 42 | 43 | #include 44 | #include "sph_types.h" 45 | 46 | /** 47 | * Output size (in bits) for JH-224. 48 | */ 49 | #define SPH_SIZE_jh224 224 50 | 51 | /** 52 | * Output size (in bits) for JH-256. 53 | */ 54 | #define SPH_SIZE_jh256 256 55 | 56 | /** 57 | * Output size (in bits) for JH-384. 58 | */ 59 | #define SPH_SIZE_jh384 384 60 | 61 | /** 62 | * Output size (in bits) for JH-512. 63 | */ 64 | #define SPH_SIZE_jh512 512 65 | 66 | /** 67 | * This structure is a context for JH computations: it contains the 68 | * intermediate values and some data from the last entered block. Once 69 | * a JH computation has been performed, the context can be reused for 70 | * another computation. 71 | * 72 | * The contents of this structure are private. A running JH computation 73 | * can be cloned by copying the context (e.g. with a simple 74 | * memcpy()). 75 | */ 76 | typedef struct { 77 | #ifndef DOXYGEN_IGNORE 78 | unsigned char buf[64]; /* first field, for alignment */ 79 | size_t ptr; 80 | union { 81 | #if SPH_64 82 | sph_u64 wide[16]; 83 | #endif 84 | sph_u32 narrow[32]; 85 | } H; 86 | #if SPH_64 87 | sph_u64 block_count; 88 | #else 89 | sph_u32 block_count_high, block_count_low; 90 | #endif 91 | #endif 92 | } sph_jh_context; 93 | 94 | /** 95 | * Type for a JH-224 context (identical to the common context). 96 | */ 97 | typedef sph_jh_context sph_jh224_context; 98 | 99 | /** 100 | * Type for a JH-256 context (identical to the common context). 101 | */ 102 | typedef sph_jh_context sph_jh256_context; 103 | 104 | /** 105 | * Type for a JH-384 context (identical to the common context). 106 | */ 107 | typedef sph_jh_context sph_jh384_context; 108 | 109 | /** 110 | * Type for a JH-512 context (identical to the common context). 111 | */ 112 | typedef sph_jh_context sph_jh512_context; 113 | 114 | /** 115 | * Initialize a JH-224 context. This process performs no memory allocation. 116 | * 117 | * @param cc the JH-224 context (pointer to a 118 | * sph_jh224_context) 119 | */ 120 | void sph_jh224_init(void *cc); 121 | 122 | /** 123 | * Process some data bytes. It is acceptable that len is zero 124 | * (in which case this function does nothing). 125 | * 126 | * @param cc the JH-224 context 127 | * @param data the input data 128 | * @param len the input data length (in bytes) 129 | */ 130 | void sph_jh224(void *cc, const void *data, size_t len); 131 | 132 | /** 133 | * Terminate the current JH-224 computation and output the result into 134 | * the provided buffer. The destination buffer must be wide enough to 135 | * accomodate the result (28 bytes). The context is automatically 136 | * reinitialized. 137 | * 138 | * @param cc the JH-224 context 139 | * @param dst the destination buffer 140 | */ 141 | void sph_jh224_close(void *cc, void *dst); 142 | 143 | /** 144 | * Add a few additional bits (0 to 7) to the current computation, then 145 | * terminate it and output the result in the provided buffer, which must 146 | * be wide enough to accomodate the result (28 bytes). If bit number i 147 | * in ub has value 2^i, then the extra bits are those 148 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 149 | * level). The context is automatically reinitialized. 150 | * 151 | * @param cc the JH-224 context 152 | * @param ub the extra bits 153 | * @param n the number of extra bits (0 to 7) 154 | * @param dst the destination buffer 155 | */ 156 | void sph_jh224_addbits_and_close( 157 | void *cc, unsigned ub, unsigned n, void *dst); 158 | 159 | /** 160 | * Initialize a JH-256 context. This process performs no memory allocation. 161 | * 162 | * @param cc the JH-256 context (pointer to a 163 | * sph_jh256_context) 164 | */ 165 | void sph_jh256_init(void *cc); 166 | 167 | /** 168 | * Process some data bytes. It is acceptable that len is zero 169 | * (in which case this function does nothing). 170 | * 171 | * @param cc the JH-256 context 172 | * @param data the input data 173 | * @param len the input data length (in bytes) 174 | */ 175 | void sph_jh256(void *cc, const void *data, size_t len); 176 | 177 | /** 178 | * Terminate the current JH-256 computation and output the result into 179 | * the provided buffer. The destination buffer must be wide enough to 180 | * accomodate the result (32 bytes). The context is automatically 181 | * reinitialized. 182 | * 183 | * @param cc the JH-256 context 184 | * @param dst the destination buffer 185 | */ 186 | void sph_jh256_close(void *cc, void *dst); 187 | 188 | /** 189 | * Add a few additional bits (0 to 7) to the current computation, then 190 | * terminate it and output the result in the provided buffer, which must 191 | * be wide enough to accomodate the result (32 bytes). If bit number i 192 | * in ub has value 2^i, then the extra bits are those 193 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 194 | * level). The context is automatically reinitialized. 195 | * 196 | * @param cc the JH-256 context 197 | * @param ub the extra bits 198 | * @param n the number of extra bits (0 to 7) 199 | * @param dst the destination buffer 200 | */ 201 | void sph_jh256_addbits_and_close( 202 | void *cc, unsigned ub, unsigned n, void *dst); 203 | 204 | /** 205 | * Initialize a JH-384 context. This process performs no memory allocation. 206 | * 207 | * @param cc the JH-384 context (pointer to a 208 | * sph_jh384_context) 209 | */ 210 | void sph_jh384_init(void *cc); 211 | 212 | /** 213 | * Process some data bytes. It is acceptable that len is zero 214 | * (in which case this function does nothing). 215 | * 216 | * @param cc the JH-384 context 217 | * @param data the input data 218 | * @param len the input data length (in bytes) 219 | */ 220 | void sph_jh384(void *cc, const void *data, size_t len); 221 | 222 | /** 223 | * Terminate the current JH-384 computation and output the result into 224 | * the provided buffer. The destination buffer must be wide enough to 225 | * accomodate the result (48 bytes). The context is automatically 226 | * reinitialized. 227 | * 228 | * @param cc the JH-384 context 229 | * @param dst the destination buffer 230 | */ 231 | void sph_jh384_close(void *cc, void *dst); 232 | 233 | /** 234 | * Add a few additional bits (0 to 7) to the current computation, then 235 | * terminate it and output the result in the provided buffer, which must 236 | * be wide enough to accomodate the result (48 bytes). If bit number i 237 | * in ub has value 2^i, then the extra bits are those 238 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 239 | * level). The context is automatically reinitialized. 240 | * 241 | * @param cc the JH-384 context 242 | * @param ub the extra bits 243 | * @param n the number of extra bits (0 to 7) 244 | * @param dst the destination buffer 245 | */ 246 | void sph_jh384_addbits_and_close( 247 | void *cc, unsigned ub, unsigned n, void *dst); 248 | 249 | /** 250 | * Initialize a JH-512 context. This process performs no memory allocation. 251 | * 252 | * @param cc the JH-512 context (pointer to a 253 | * sph_jh512_context) 254 | */ 255 | void sph_jh512_init(void *cc); 256 | 257 | /** 258 | * Process some data bytes. It is acceptable that len is zero 259 | * (in which case this function does nothing). 260 | * 261 | * @param cc the JH-512 context 262 | * @param data the input data 263 | * @param len the input data length (in bytes) 264 | */ 265 | void sph_jh512(void *cc, const void *data, size_t len); 266 | 267 | /** 268 | * Terminate the current JH-512 computation and output the result into 269 | * the provided buffer. The destination buffer must be wide enough to 270 | * accomodate the result (64 bytes). The context is automatically 271 | * reinitialized. 272 | * 273 | * @param cc the JH-512 context 274 | * @param dst the destination buffer 275 | */ 276 | void sph_jh512_close(void *cc, void *dst); 277 | 278 | /** 279 | * Add a few additional bits (0 to 7) to the current computation, then 280 | * terminate it and output the result in the provided buffer, which must 281 | * be wide enough to accomodate the result (64 bytes). If bit number i 282 | * in ub has value 2^i, then the extra bits are those 283 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 284 | * level). The context is automatically reinitialized. 285 | * 286 | * @param cc the JH-512 context 287 | * @param ub the extra bits 288 | * @param n the number of extra bits (0 to 7) 289 | * @param dst the destination buffer 290 | */ 291 | void sph_jh512_addbits_and_close( 292 | void *cc, unsigned ub, unsigned n, void *dst); 293 | 294 | #ifdef __cplusplus 295 | } 296 | #endif 297 | 298 | #endif 299 | -------------------------------------------------------------------------------- /sha3/sph_keccak.h: -------------------------------------------------------------------------------- 1 | /* $Id: sph_keccak.h 216 2010-06-08 09:46:57Z tp $ */ 2 | /** 3 | * Keccak interface. This is the interface for Keccak with the 4 | * recommended parameters for SHA-3, with output lengths 224, 256, 5 | * 384 and 512 bits. 6 | * 7 | * ==========================(LICENSE BEGIN)============================ 8 | * 9 | * Copyright (c) 2007-2010 Projet RNRT SAPHIR 10 | * 11 | * Permission is hereby granted, free of charge, to any person obtaining 12 | * a copy of this software and associated documentation files (the 13 | * "Software"), to deal in the Software without restriction, including 14 | * without limitation the rights to use, copy, modify, merge, publish, 15 | * distribute, sublicense, and/or sell copies of the Software, and to 16 | * permit persons to whom the Software is furnished to do so, subject to 17 | * the following conditions: 18 | * 19 | * The above copyright notice and this permission notice shall be 20 | * included in all copies or substantial portions of the Software. 21 | * 22 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 23 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 24 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 25 | * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 26 | * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 27 | * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 28 | * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 29 | * 30 | * ===========================(LICENSE END)============================= 31 | * 32 | * @file sph_keccak.h 33 | * @author Thomas Pornin 34 | */ 35 | 36 | #ifndef SPH_KECCAK_H__ 37 | #define SPH_KECCAK_H__ 38 | 39 | #ifdef __cplusplus 40 | extern "C"{ 41 | #endif 42 | 43 | #include 44 | #include "sph_types.h" 45 | 46 | /** 47 | * Output size (in bits) for Keccak-224. 48 | */ 49 | #define SPH_SIZE_keccak224 224 50 | 51 | /** 52 | * Output size (in bits) for Keccak-256. 53 | */ 54 | #define SPH_SIZE_keccak256 256 55 | 56 | /** 57 | * Output size (in bits) for Keccak-384. 58 | */ 59 | #define SPH_SIZE_keccak384 384 60 | 61 | /** 62 | * Output size (in bits) for Keccak-512. 63 | */ 64 | #define SPH_SIZE_keccak512 512 65 | 66 | /** 67 | * This structure is a context for Keccak computations: it contains the 68 | * intermediate values and some data from the last entered block. Once a 69 | * Keccak computation has been performed, the context can be reused for 70 | * another computation. 71 | * 72 | * The contents of this structure are private. A running Keccak computation 73 | * can be cloned by copying the context (e.g. with a simple 74 | * memcpy()). 75 | */ 76 | typedef struct { 77 | #ifndef DOXYGEN_IGNORE 78 | unsigned char buf[144]; /* first field, for alignment */ 79 | size_t ptr, lim; 80 | union { 81 | #if SPH_64 82 | sph_u64 wide[25]; 83 | #endif 84 | sph_u32 narrow[50]; 85 | } u; 86 | #endif 87 | } sph_keccak_context; 88 | 89 | /** 90 | * Type for a Keccak-224 context (identical to the common context). 91 | */ 92 | typedef sph_keccak_context sph_keccak224_context; 93 | 94 | /** 95 | * Type for a Keccak-256 context (identical to the common context). 96 | */ 97 | typedef sph_keccak_context sph_keccak256_context; 98 | 99 | /** 100 | * Type for a Keccak-384 context (identical to the common context). 101 | */ 102 | typedef sph_keccak_context sph_keccak384_context; 103 | 104 | /** 105 | * Type for a Keccak-512 context (identical to the common context). 106 | */ 107 | typedef sph_keccak_context sph_keccak512_context; 108 | 109 | /** 110 | * Initialize a Keccak-224 context. This process performs no memory allocation. 111 | * 112 | * @param cc the Keccak-224 context (pointer to a 113 | * sph_keccak224_context) 114 | */ 115 | void sph_keccak224_init(void *cc); 116 | 117 | /** 118 | * Process some data bytes. It is acceptable that len is zero 119 | * (in which case this function does nothing). 120 | * 121 | * @param cc the Keccak-224 context 122 | * @param data the input data 123 | * @param len the input data length (in bytes) 124 | */ 125 | void sph_keccak224(void *cc, const void *data, size_t len); 126 | 127 | /** 128 | * Terminate the current Keccak-224 computation and output the result into 129 | * the provided buffer. The destination buffer must be wide enough to 130 | * accomodate the result (28 bytes). The context is automatically 131 | * reinitialized. 132 | * 133 | * @param cc the Keccak-224 context 134 | * @param dst the destination buffer 135 | */ 136 | void sph_keccak224_close(void *cc, void *dst); 137 | 138 | /** 139 | * Add a few additional bits (0 to 7) to the current computation, then 140 | * terminate it and output the result in the provided buffer, which must 141 | * be wide enough to accomodate the result (28 bytes). If bit number i 142 | * in ub has value 2^i, then the extra bits are those 143 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 144 | * level). The context is automatically reinitialized. 145 | * 146 | * @param cc the Keccak-224 context 147 | * @param ub the extra bits 148 | * @param n the number of extra bits (0 to 7) 149 | * @param dst the destination buffer 150 | */ 151 | void sph_keccak224_addbits_and_close( 152 | void *cc, unsigned ub, unsigned n, void *dst); 153 | 154 | /** 155 | * Initialize a Keccak-256 context. This process performs no memory allocation. 156 | * 157 | * @param cc the Keccak-256 context (pointer to a 158 | * sph_keccak256_context) 159 | */ 160 | void sph_keccak256_init(void *cc); 161 | 162 | /** 163 | * Process some data bytes. It is acceptable that len is zero 164 | * (in which case this function does nothing). 165 | * 166 | * @param cc the Keccak-256 context 167 | * @param data the input data 168 | * @param len the input data length (in bytes) 169 | */ 170 | void sph_keccak256(void *cc, const void *data, size_t len); 171 | 172 | /** 173 | * Terminate the current Keccak-256 computation and output the result into 174 | * the provided buffer. The destination buffer must be wide enough to 175 | * accomodate the result (32 bytes). The context is automatically 176 | * reinitialized. 177 | * 178 | * @param cc the Keccak-256 context 179 | * @param dst the destination buffer 180 | */ 181 | void sph_keccak256_close(void *cc, void *dst); 182 | 183 | /** 184 | * Add a few additional bits (0 to 7) to the current computation, then 185 | * terminate it and output the result in the provided buffer, which must 186 | * be wide enough to accomodate the result (32 bytes). If bit number i 187 | * in ub has value 2^i, then the extra bits are those 188 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 189 | * level). The context is automatically reinitialized. 190 | * 191 | * @param cc the Keccak-256 context 192 | * @param ub the extra bits 193 | * @param n the number of extra bits (0 to 7) 194 | * @param dst the destination buffer 195 | */ 196 | void sph_keccak256_addbits_and_close( 197 | void *cc, unsigned ub, unsigned n, void *dst); 198 | 199 | /** 200 | * Initialize a Keccak-384 context. This process performs no memory allocation. 201 | * 202 | * @param cc the Keccak-384 context (pointer to a 203 | * sph_keccak384_context) 204 | */ 205 | void sph_keccak384_init(void *cc); 206 | 207 | /** 208 | * Process some data bytes. It is acceptable that len is zero 209 | * (in which case this function does nothing). 210 | * 211 | * @param cc the Keccak-384 context 212 | * @param data the input data 213 | * @param len the input data length (in bytes) 214 | */ 215 | void sph_keccak384(void *cc, const void *data, size_t len); 216 | 217 | /** 218 | * Terminate the current Keccak-384 computation and output the result into 219 | * the provided buffer. The destination buffer must be wide enough to 220 | * accomodate the result (48 bytes). The context is automatically 221 | * reinitialized. 222 | * 223 | * @param cc the Keccak-384 context 224 | * @param dst the destination buffer 225 | */ 226 | void sph_keccak384_close(void *cc, void *dst); 227 | 228 | /** 229 | * Add a few additional bits (0 to 7) to the current computation, then 230 | * terminate it and output the result in the provided buffer, which must 231 | * be wide enough to accomodate the result (48 bytes). If bit number i 232 | * in ub has value 2^i, then the extra bits are those 233 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 234 | * level). The context is automatically reinitialized. 235 | * 236 | * @param cc the Keccak-384 context 237 | * @param ub the extra bits 238 | * @param n the number of extra bits (0 to 7) 239 | * @param dst the destination buffer 240 | */ 241 | void sph_keccak384_addbits_and_close( 242 | void *cc, unsigned ub, unsigned n, void *dst); 243 | 244 | /** 245 | * Initialize a Keccak-512 context. This process performs no memory allocation. 246 | * 247 | * @param cc the Keccak-512 context (pointer to a 248 | * sph_keccak512_context) 249 | */ 250 | void sph_keccak512_init(void *cc); 251 | 252 | /** 253 | * Process some data bytes. It is acceptable that len is zero 254 | * (in which case this function does nothing). 255 | * 256 | * @param cc the Keccak-512 context 257 | * @param data the input data 258 | * @param len the input data length (in bytes) 259 | */ 260 | void sph_keccak512(void *cc, const void *data, size_t len); 261 | 262 | /** 263 | * Terminate the current Keccak-512 computation and output the result into 264 | * the provided buffer. The destination buffer must be wide enough to 265 | * accomodate the result (64 bytes). The context is automatically 266 | * reinitialized. 267 | * 268 | * @param cc the Keccak-512 context 269 | * @param dst the destination buffer 270 | */ 271 | void sph_keccak512_close(void *cc, void *dst); 272 | 273 | /** 274 | * Add a few additional bits (0 to 7) to the current computation, then 275 | * terminate it and output the result in the provided buffer, which must 276 | * be wide enough to accomodate the result (64 bytes). If bit number i 277 | * in ub has value 2^i, then the extra bits are those 278 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 279 | * level). The context is automatically reinitialized. 280 | * 281 | * @param cc the Keccak-512 context 282 | * @param ub the extra bits 283 | * @param n the number of extra bits (0 to 7) 284 | * @param dst the destination buffer 285 | */ 286 | void sph_keccak512_addbits_and_close( 287 | void *cc, unsigned ub, unsigned n, void *dst); 288 | 289 | #ifdef __cplusplus 290 | } 291 | #endif 292 | 293 | #endif 294 | -------------------------------------------------------------------------------- /sha3/sph_luffa.h: -------------------------------------------------------------------------------- 1 | /* $Id: sph_luffa.h 154 2010-04-26 17:00:24Z tp $ */ 2 | /** 3 | * Luffa interface. Luffa is a family of functions which differ by 4 | * their output size; this implementation defines Luffa for output 5 | * sizes 224, 256, 384 and 512 bits. 6 | * 7 | * ==========================(LICENSE BEGIN)============================ 8 | * 9 | * Copyright (c) 2007-2010 Projet RNRT SAPHIR 10 | * 11 | * Permission is hereby granted, free of charge, to any person obtaining 12 | * a copy of this software and associated documentation files (the 13 | * "Software"), to deal in the Software without restriction, including 14 | * without limitation the rights to use, copy, modify, merge, publish, 15 | * distribute, sublicense, and/or sell copies of the Software, and to 16 | * permit persons to whom the Software is furnished to do so, subject to 17 | * the following conditions: 18 | * 19 | * The above copyright notice and this permission notice shall be 20 | * included in all copies or substantial portions of the Software. 21 | * 22 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 23 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 24 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 25 | * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 26 | * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 27 | * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 28 | * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 29 | * 30 | * ===========================(LICENSE END)============================= 31 | * 32 | * @file sph_luffa.h 33 | * @author Thomas Pornin 34 | */ 35 | 36 | #ifndef SPH_LUFFA_H__ 37 | #define SPH_LUFFA_H__ 38 | 39 | #ifdef __cplusplus 40 | extern "C"{ 41 | #endif 42 | 43 | #include 44 | #include "sph_types.h" 45 | 46 | /** 47 | * Output size (in bits) for Luffa-224. 48 | */ 49 | #define SPH_SIZE_luffa224 224 50 | 51 | /** 52 | * Output size (in bits) for Luffa-256. 53 | */ 54 | #define SPH_SIZE_luffa256 256 55 | 56 | /** 57 | * Output size (in bits) for Luffa-384. 58 | */ 59 | #define SPH_SIZE_luffa384 384 60 | 61 | /** 62 | * Output size (in bits) for Luffa-512. 63 | */ 64 | #define SPH_SIZE_luffa512 512 65 | 66 | /** 67 | * This structure is a context for Luffa-224 computations: it contains 68 | * the intermediate values and some data from the last entered block. 69 | * Once a Luffa computation has been performed, the context can be 70 | * reused for another computation. 71 | * 72 | * The contents of this structure are private. A running Luffa 73 | * computation can be cloned by copying the context (e.g. with a simple 74 | * memcpy()). 75 | */ 76 | typedef struct { 77 | #ifndef DOXYGEN_IGNORE 78 | unsigned char buf[32]; /* first field, for alignment */ 79 | size_t ptr; 80 | sph_u32 V[3][8]; 81 | #endif 82 | } sph_luffa224_context; 83 | 84 | /** 85 | * This structure is a context for Luffa-256 computations. It is 86 | * identical to sph_luffa224_context. 87 | */ 88 | typedef sph_luffa224_context sph_luffa256_context; 89 | 90 | /** 91 | * This structure is a context for Luffa-384 computations. 92 | */ 93 | typedef struct { 94 | #ifndef DOXYGEN_IGNORE 95 | unsigned char buf[32]; /* first field, for alignment */ 96 | size_t ptr; 97 | sph_u32 V[4][8]; 98 | #endif 99 | } sph_luffa384_context; 100 | 101 | /** 102 | * This structure is a context for Luffa-512 computations. 103 | */ 104 | typedef struct { 105 | #ifndef DOXYGEN_IGNORE 106 | unsigned char buf[32]; /* first field, for alignment */ 107 | size_t ptr; 108 | sph_u32 V[5][8]; 109 | #endif 110 | } sph_luffa512_context; 111 | 112 | /** 113 | * Initialize a Luffa-224 context. This process performs no memory allocation. 114 | * 115 | * @param cc the Luffa-224 context (pointer to a 116 | * sph_luffa224_context) 117 | */ 118 | void sph_luffa224_init(void *cc); 119 | 120 | /** 121 | * Process some data bytes. It is acceptable that len is zero 122 | * (in which case this function does nothing). 123 | * 124 | * @param cc the Luffa-224 context 125 | * @param data the input data 126 | * @param len the input data length (in bytes) 127 | */ 128 | void sph_luffa224(void *cc, const void *data, size_t len); 129 | 130 | /** 131 | * Terminate the current Luffa-224 computation and output the result into 132 | * the provided buffer. The destination buffer must be wide enough to 133 | * accomodate the result (28 bytes). The context is automatically 134 | * reinitialized. 135 | * 136 | * @param cc the Luffa-224 context 137 | * @param dst the destination buffer 138 | */ 139 | void sph_luffa224_close(void *cc, void *dst); 140 | 141 | /** 142 | * Add a few additional bits (0 to 7) to the current computation, then 143 | * terminate it and output the result in the provided buffer, which must 144 | * be wide enough to accomodate the result (28 bytes). If bit number i 145 | * in ub has value 2^i, then the extra bits are those 146 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 147 | * level). The context is automatically reinitialized. 148 | * 149 | * @param cc the Luffa-224 context 150 | * @param ub the extra bits 151 | * @param n the number of extra bits (0 to 7) 152 | * @param dst the destination buffer 153 | */ 154 | void sph_luffa224_addbits_and_close( 155 | void *cc, unsigned ub, unsigned n, void *dst); 156 | 157 | /** 158 | * Initialize a Luffa-256 context. This process performs no memory allocation. 159 | * 160 | * @param cc the Luffa-256 context (pointer to a 161 | * sph_luffa256_context) 162 | */ 163 | void sph_luffa256_init(void *cc); 164 | 165 | /** 166 | * Process some data bytes. It is acceptable that len is zero 167 | * (in which case this function does nothing). 168 | * 169 | * @param cc the Luffa-256 context 170 | * @param data the input data 171 | * @param len the input data length (in bytes) 172 | */ 173 | void sph_luffa256(void *cc, const void *data, size_t len); 174 | 175 | /** 176 | * Terminate the current Luffa-256 computation and output the result into 177 | * the provided buffer. The destination buffer must be wide enough to 178 | * accomodate the result (32 bytes). The context is automatically 179 | * reinitialized. 180 | * 181 | * @param cc the Luffa-256 context 182 | * @param dst the destination buffer 183 | */ 184 | void sph_luffa256_close(void *cc, void *dst); 185 | 186 | /** 187 | * Add a few additional bits (0 to 7) to the current computation, then 188 | * terminate it and output the result in the provided buffer, which must 189 | * be wide enough to accomodate the result (32 bytes). If bit number i 190 | * in ub has value 2^i, then the extra bits are those 191 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 192 | * level). The context is automatically reinitialized. 193 | * 194 | * @param cc the Luffa-256 context 195 | * @param ub the extra bits 196 | * @param n the number of extra bits (0 to 7) 197 | * @param dst the destination buffer 198 | */ 199 | void sph_luffa256_addbits_and_close( 200 | void *cc, unsigned ub, unsigned n, void *dst); 201 | 202 | /** 203 | * Initialize a Luffa-384 context. This process performs no memory allocation. 204 | * 205 | * @param cc the Luffa-384 context (pointer to a 206 | * sph_luffa384_context) 207 | */ 208 | void sph_luffa384_init(void *cc); 209 | 210 | /** 211 | * Process some data bytes. It is acceptable that len is zero 212 | * (in which case this function does nothing). 213 | * 214 | * @param cc the Luffa-384 context 215 | * @param data the input data 216 | * @param len the input data length (in bytes) 217 | */ 218 | void sph_luffa384(void *cc, const void *data, size_t len); 219 | 220 | /** 221 | * Terminate the current Luffa-384 computation and output the result into 222 | * the provided buffer. The destination buffer must be wide enough to 223 | * accomodate the result (48 bytes). The context is automatically 224 | * reinitialized. 225 | * 226 | * @param cc the Luffa-384 context 227 | * @param dst the destination buffer 228 | */ 229 | void sph_luffa384_close(void *cc, void *dst); 230 | 231 | /** 232 | * Add a few additional bits (0 to 7) to the current computation, then 233 | * terminate it and output the result in the provided buffer, which must 234 | * be wide enough to accomodate the result (48 bytes). If bit number i 235 | * in ub has value 2^i, then the extra bits are those 236 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 237 | * level). The context is automatically reinitialized. 238 | * 239 | * @param cc the Luffa-384 context 240 | * @param ub the extra bits 241 | * @param n the number of extra bits (0 to 7) 242 | * @param dst the destination buffer 243 | */ 244 | void sph_luffa384_addbits_and_close( 245 | void *cc, unsigned ub, unsigned n, void *dst); 246 | 247 | /** 248 | * Initialize a Luffa-512 context. This process performs no memory allocation. 249 | * 250 | * @param cc the Luffa-512 context (pointer to a 251 | * sph_luffa512_context) 252 | */ 253 | void sph_luffa512_init(void *cc); 254 | 255 | /** 256 | * Process some data bytes. It is acceptable that len is zero 257 | * (in which case this function does nothing). 258 | * 259 | * @param cc the Luffa-512 context 260 | * @param data the input data 261 | * @param len the input data length (in bytes) 262 | */ 263 | void sph_luffa512(void *cc, const void *data, size_t len); 264 | 265 | /** 266 | * Terminate the current Luffa-512 computation and output the result into 267 | * the provided buffer. The destination buffer must be wide enough to 268 | * accomodate the result (64 bytes). The context is automatically 269 | * reinitialized. 270 | * 271 | * @param cc the Luffa-512 context 272 | * @param dst the destination buffer 273 | */ 274 | void sph_luffa512_close(void *cc, void *dst); 275 | 276 | /** 277 | * Add a few additional bits (0 to 7) to the current computation, then 278 | * terminate it and output the result in the provided buffer, which must 279 | * be wide enough to accomodate the result (64 bytes). If bit number i 280 | * in ub has value 2^i, then the extra bits are those 281 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 282 | * level). The context is automatically reinitialized. 283 | * 284 | * @param cc the Luffa-512 context 285 | * @param ub the extra bits 286 | * @param n the number of extra bits (0 to 7) 287 | * @param dst the destination buffer 288 | */ 289 | void sph_luffa512_addbits_and_close( 290 | void *cc, unsigned ub, unsigned n, void *dst); 291 | 292 | #ifdef __cplusplus 293 | } 294 | #endif 295 | 296 | #endif 297 | -------------------------------------------------------------------------------- /sha3/sph_cubehash.h: -------------------------------------------------------------------------------- 1 | /* $Id: sph_cubehash.h 180 2010-05-08 02:29:25Z tp $ */ 2 | /** 3 | * CubeHash interface. CubeHash is a family of functions which differ by 4 | * their output size; this implementation defines CubeHash for output 5 | * sizes 224, 256, 384 and 512 bits, with the "standard parameters" 6 | * (CubeHash16/32 with the CubeHash specification notations). 7 | * 8 | * ==========================(LICENSE BEGIN)============================ 9 | * 10 | * Copyright (c) 2007-2010 Projet RNRT SAPHIR 11 | * 12 | * Permission is hereby granted, free of charge, to any person obtaining 13 | * a copy of this software and associated documentation files (the 14 | * "Software"), to deal in the Software without restriction, including 15 | * without limitation the rights to use, copy, modify, merge, publish, 16 | * distribute, sublicense, and/or sell copies of the Software, and to 17 | * permit persons to whom the Software is furnished to do so, subject to 18 | * the following conditions: 19 | * 20 | * The above copyright notice and this permission notice shall be 21 | * included in all copies or substantial portions of the Software. 22 | * 23 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 24 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 25 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 26 | * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 27 | * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 28 | * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 29 | * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 30 | * 31 | * ===========================(LICENSE END)============================= 32 | * 33 | * @file sph_cubehash.h 34 | * @author Thomas Pornin 35 | */ 36 | 37 | #ifndef SPH_CUBEHASH_H__ 38 | #define SPH_CUBEHASH_H__ 39 | 40 | #ifdef __cplusplus 41 | extern "C"{ 42 | #endif 43 | 44 | #include 45 | #include "sph_types.h" 46 | 47 | /** 48 | * Output size (in bits) for CubeHash-224. 49 | */ 50 | #define SPH_SIZE_cubehash224 224 51 | 52 | /** 53 | * Output size (in bits) for CubeHash-256. 54 | */ 55 | #define SPH_SIZE_cubehash256 256 56 | 57 | /** 58 | * Output size (in bits) for CubeHash-384. 59 | */ 60 | #define SPH_SIZE_cubehash384 384 61 | 62 | /** 63 | * Output size (in bits) for CubeHash-512. 64 | */ 65 | #define SPH_SIZE_cubehash512 512 66 | 67 | /** 68 | * This structure is a context for CubeHash computations: it contains the 69 | * intermediate values and some data from the last entered block. Once 70 | * a CubeHash computation has been performed, the context can be reused for 71 | * another computation. 72 | * 73 | * The contents of this structure are private. A running CubeHash computation 74 | * can be cloned by copying the context (e.g. with a simple 75 | * memcpy()). 76 | */ 77 | typedef struct { 78 | #ifndef DOXYGEN_IGNORE 79 | unsigned char buf[32]; /* first field, for alignment */ 80 | size_t ptr; 81 | sph_u32 state[32]; 82 | #endif 83 | } sph_cubehash_context; 84 | 85 | /** 86 | * Type for a CubeHash-224 context (identical to the common context). 87 | */ 88 | typedef sph_cubehash_context sph_cubehash224_context; 89 | 90 | /** 91 | * Type for a CubeHash-256 context (identical to the common context). 92 | */ 93 | typedef sph_cubehash_context sph_cubehash256_context; 94 | 95 | /** 96 | * Type for a CubeHash-384 context (identical to the common context). 97 | */ 98 | typedef sph_cubehash_context sph_cubehash384_context; 99 | 100 | /** 101 | * Type for a CubeHash-512 context (identical to the common context). 102 | */ 103 | typedef sph_cubehash_context sph_cubehash512_context; 104 | 105 | /** 106 | * Initialize a CubeHash-224 context. This process performs no memory 107 | * allocation. 108 | * 109 | * @param cc the CubeHash-224 context (pointer to a 110 | * sph_cubehash224_context) 111 | */ 112 | void sph_cubehash224_init(void *cc); 113 | 114 | /** 115 | * Process some data bytes. It is acceptable that len is zero 116 | * (in which case this function does nothing). 117 | * 118 | * @param cc the CubeHash-224 context 119 | * @param data the input data 120 | * @param len the input data length (in bytes) 121 | */ 122 | void sph_cubehash224(void *cc, const void *data, size_t len); 123 | 124 | /** 125 | * Terminate the current CubeHash-224 computation and output the result into 126 | * the provided buffer. The destination buffer must be wide enough to 127 | * accomodate the result (28 bytes). The context is automatically 128 | * reinitialized. 129 | * 130 | * @param cc the CubeHash-224 context 131 | * @param dst the destination buffer 132 | */ 133 | void sph_cubehash224_close(void *cc, void *dst); 134 | 135 | /** 136 | * Add a few additional bits (0 to 7) to the current computation, then 137 | * terminate it and output the result in the provided buffer, which must 138 | * be wide enough to accomodate the result (28 bytes). If bit number i 139 | * in ub has value 2^i, then the extra bits are those 140 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 141 | * level). The context is automatically reinitialized. 142 | * 143 | * @param cc the CubeHash-224 context 144 | * @param ub the extra bits 145 | * @param n the number of extra bits (0 to 7) 146 | * @param dst the destination buffer 147 | */ 148 | void sph_cubehash224_addbits_and_close( 149 | void *cc, unsigned ub, unsigned n, void *dst); 150 | 151 | /** 152 | * Initialize a CubeHash-256 context. This process performs no memory 153 | * allocation. 154 | * 155 | * @param cc the CubeHash-256 context (pointer to a 156 | * sph_cubehash256_context) 157 | */ 158 | void sph_cubehash256_init(void *cc); 159 | 160 | /** 161 | * Process some data bytes. It is acceptable that len is zero 162 | * (in which case this function does nothing). 163 | * 164 | * @param cc the CubeHash-256 context 165 | * @param data the input data 166 | * @param len the input data length (in bytes) 167 | */ 168 | void sph_cubehash256(void *cc, const void *data, size_t len); 169 | 170 | /** 171 | * Terminate the current CubeHash-256 computation and output the result into 172 | * the provided buffer. The destination buffer must be wide enough to 173 | * accomodate the result (32 bytes). The context is automatically 174 | * reinitialized. 175 | * 176 | * @param cc the CubeHash-256 context 177 | * @param dst the destination buffer 178 | */ 179 | void sph_cubehash256_close(void *cc, void *dst); 180 | 181 | /** 182 | * Add a few additional bits (0 to 7) to the current computation, then 183 | * terminate it and output the result in the provided buffer, which must 184 | * be wide enough to accomodate the result (32 bytes). If bit number i 185 | * in ub has value 2^i, then the extra bits are those 186 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 187 | * level). The context is automatically reinitialized. 188 | * 189 | * @param cc the CubeHash-256 context 190 | * @param ub the extra bits 191 | * @param n the number of extra bits (0 to 7) 192 | * @param dst the destination buffer 193 | */ 194 | void sph_cubehash256_addbits_and_close( 195 | void *cc, unsigned ub, unsigned n, void *dst); 196 | 197 | /** 198 | * Initialize a CubeHash-384 context. This process performs no memory 199 | * allocation. 200 | * 201 | * @param cc the CubeHash-384 context (pointer to a 202 | * sph_cubehash384_context) 203 | */ 204 | void sph_cubehash384_init(void *cc); 205 | 206 | /** 207 | * Process some data bytes. It is acceptable that len is zero 208 | * (in which case this function does nothing). 209 | * 210 | * @param cc the CubeHash-384 context 211 | * @param data the input data 212 | * @param len the input data length (in bytes) 213 | */ 214 | void sph_cubehash384(void *cc, const void *data, size_t len); 215 | 216 | /** 217 | * Terminate the current CubeHash-384 computation and output the result into 218 | * the provided buffer. The destination buffer must be wide enough to 219 | * accomodate the result (48 bytes). The context is automatically 220 | * reinitialized. 221 | * 222 | * @param cc the CubeHash-384 context 223 | * @param dst the destination buffer 224 | */ 225 | void sph_cubehash384_close(void *cc, void *dst); 226 | 227 | /** 228 | * Add a few additional bits (0 to 7) to the current computation, then 229 | * terminate it and output the result in the provided buffer, which must 230 | * be wide enough to accomodate the result (48 bytes). If bit number i 231 | * in ub has value 2^i, then the extra bits are those 232 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 233 | * level). The context is automatically reinitialized. 234 | * 235 | * @param cc the CubeHash-384 context 236 | * @param ub the extra bits 237 | * @param n the number of extra bits (0 to 7) 238 | * @param dst the destination buffer 239 | */ 240 | void sph_cubehash384_addbits_and_close( 241 | void *cc, unsigned ub, unsigned n, void *dst); 242 | 243 | /** 244 | * Initialize a CubeHash-512 context. This process performs no memory 245 | * allocation. 246 | * 247 | * @param cc the CubeHash-512 context (pointer to a 248 | * sph_cubehash512_context) 249 | */ 250 | void sph_cubehash512_init(void *cc); 251 | 252 | /** 253 | * Process some data bytes. It is acceptable that len is zero 254 | * (in which case this function does nothing). 255 | * 256 | * @param cc the CubeHash-512 context 257 | * @param data the input data 258 | * @param len the input data length (in bytes) 259 | */ 260 | void sph_cubehash512(void *cc, const void *data, size_t len); 261 | 262 | /** 263 | * Terminate the current CubeHash-512 computation and output the result into 264 | * the provided buffer. The destination buffer must be wide enough to 265 | * accomodate the result (64 bytes). The context is automatically 266 | * reinitialized. 267 | * 268 | * @param cc the CubeHash-512 context 269 | * @param dst the destination buffer 270 | */ 271 | void sph_cubehash512_close(void *cc, void *dst); 272 | 273 | /** 274 | * Add a few additional bits (0 to 7) to the current computation, then 275 | * terminate it and output the result in the provided buffer, which must 276 | * be wide enough to accomodate the result (64 bytes). If bit number i 277 | * in ub has value 2^i, then the extra bits are those 278 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 279 | * level). The context is automatically reinitialized. 280 | * 281 | * @param cc the CubeHash-512 context 282 | * @param ub the extra bits 283 | * @param n the number of extra bits (0 to 7) 284 | * @param dst the destination buffer 285 | */ 286 | void sph_cubehash512_addbits_and_close( 287 | void *cc, unsigned ub, unsigned n, void *dst); 288 | #ifdef __cplusplus 289 | } 290 | #endif 291 | 292 | #endif 293 | -------------------------------------------------------------------------------- /sha3/sph_skein.h: -------------------------------------------------------------------------------- 1 | /* $Id: sph_skein.h 253 2011-06-07 18:33:10Z tp $ */ 2 | /** 3 | * Skein interface. The Skein specification defines three main 4 | * functions, called Skein-256, Skein-512 and Skein-1024, which can be 5 | * further parameterized with an output length. For the SHA-3 6 | * competition, Skein-512 is used for output sizes of 224, 256, 384 and 7 | * 512 bits; this is what this code implements. Thus, we hereafter call 8 | * Skein-224, Skein-256, Skein-384 and Skein-512 what the Skein 9 | * specification defines as Skein-512-224, Skein-512-256, Skein-512-384 10 | * and Skein-512-512, respectively. 11 | * 12 | * ==========================(LICENSE BEGIN)============================ 13 | * 14 | * Copyright (c) 2007-2010 Projet RNRT SAPHIR 15 | * 16 | * Permission is hereby granted, free of charge, to any person obtaining 17 | * a copy of this software and associated documentation files (the 18 | * "Software"), to deal in the Software without restriction, including 19 | * without limitation the rights to use, copy, modify, merge, publish, 20 | * distribute, sublicense, and/or sell copies of the Software, and to 21 | * permit persons to whom the Software is furnished to do so, subject to 22 | * the following conditions: 23 | * 24 | * The above copyright notice and this permission notice shall be 25 | * included in all copies or substantial portions of the Software. 26 | * 27 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 28 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 29 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 30 | * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 31 | * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 32 | * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 33 | * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 34 | * 35 | * ===========================(LICENSE END)============================= 36 | * 37 | * @file sph_skein.h 38 | * @author Thomas Pornin 39 | */ 40 | 41 | #ifndef SPH_SKEIN_H__ 42 | #define SPH_SKEIN_H__ 43 | 44 | #ifdef __cplusplus 45 | extern "C"{ 46 | #endif 47 | 48 | #include 49 | #include "sph_types.h" 50 | 51 | #if SPH_64 52 | 53 | /** 54 | * Output size (in bits) for Skein-224. 55 | */ 56 | #define SPH_SIZE_skein224 224 57 | 58 | /** 59 | * Output size (in bits) for Skein-256. 60 | */ 61 | #define SPH_SIZE_skein256 256 62 | 63 | /** 64 | * Output size (in bits) for Skein-384. 65 | */ 66 | #define SPH_SIZE_skein384 384 67 | 68 | /** 69 | * Output size (in bits) for Skein-512. 70 | */ 71 | #define SPH_SIZE_skein512 512 72 | 73 | /** 74 | * This structure is a context for Skein computations (with a 384- or 75 | * 512-bit output): it contains the intermediate values and some data 76 | * from the last entered block. Once a Skein computation has been 77 | * performed, the context can be reused for another computation. 78 | * 79 | * The contents of this structure are private. A running Skein computation 80 | * can be cloned by copying the context (e.g. with a simple 81 | * memcpy()). 82 | */ 83 | typedef struct { 84 | #ifndef DOXYGEN_IGNORE 85 | unsigned char buf[64]; /* first field, for alignment */ 86 | size_t ptr; 87 | sph_u64 h0, h1, h2, h3, h4, h5, h6, h7; 88 | sph_u64 bcount; 89 | #endif 90 | } sph_skein_big_context; 91 | 92 | /** 93 | * Type for a Skein-224 context (identical to the common "big" context). 94 | */ 95 | typedef sph_skein_big_context sph_skein224_context; 96 | 97 | /** 98 | * Type for a Skein-256 context (identical to the common "big" context). 99 | */ 100 | typedef sph_skein_big_context sph_skein256_context; 101 | 102 | /** 103 | * Type for a Skein-384 context (identical to the common "big" context). 104 | */ 105 | typedef sph_skein_big_context sph_skein384_context; 106 | 107 | /** 108 | * Type for a Skein-512 context (identical to the common "big" context). 109 | */ 110 | typedef sph_skein_big_context sph_skein512_context; 111 | 112 | /** 113 | * Initialize a Skein-224 context. This process performs no memory allocation. 114 | * 115 | * @param cc the Skein-224 context (pointer to a 116 | * sph_skein224_context) 117 | */ 118 | void sph_skein224_init(void *cc); 119 | 120 | /** 121 | * Process some data bytes. It is acceptable that len is zero 122 | * (in which case this function does nothing). 123 | * 124 | * @param cc the Skein-224 context 125 | * @param data the input data 126 | * @param len the input data length (in bytes) 127 | */ 128 | void sph_skein224(void *cc, const void *data, size_t len); 129 | 130 | /** 131 | * Terminate the current Skein-224 computation and output the result into 132 | * the provided buffer. The destination buffer must be wide enough to 133 | * accomodate the result (28 bytes). The context is automatically 134 | * reinitialized. 135 | * 136 | * @param cc the Skein-224 context 137 | * @param dst the destination buffer 138 | */ 139 | void sph_skein224_close(void *cc, void *dst); 140 | 141 | /** 142 | * Add a few additional bits (0 to 7) to the current computation, then 143 | * terminate it and output the result in the provided buffer, which must 144 | * be wide enough to accomodate the result (28 bytes). If bit number i 145 | * in ub has value 2^i, then the extra bits are those 146 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 147 | * level). The context is automatically reinitialized. 148 | * 149 | * @param cc the Skein-224 context 150 | * @param ub the extra bits 151 | * @param n the number of extra bits (0 to 7) 152 | * @param dst the destination buffer 153 | */ 154 | void sph_skein224_addbits_and_close( 155 | void *cc, unsigned ub, unsigned n, void *dst); 156 | 157 | /** 158 | * Initialize a Skein-256 context. This process performs no memory allocation. 159 | * 160 | * @param cc the Skein-256 context (pointer to a 161 | * sph_skein256_context) 162 | */ 163 | void sph_skein256_init(void *cc); 164 | 165 | /** 166 | * Process some data bytes. It is acceptable that len is zero 167 | * (in which case this function does nothing). 168 | * 169 | * @param cc the Skein-256 context 170 | * @param data the input data 171 | * @param len the input data length (in bytes) 172 | */ 173 | void sph_skein256(void *cc, const void *data, size_t len); 174 | 175 | /** 176 | * Terminate the current Skein-256 computation and output the result into 177 | * the provided buffer. The destination buffer must be wide enough to 178 | * accomodate the result (32 bytes). The context is automatically 179 | * reinitialized. 180 | * 181 | * @param cc the Skein-256 context 182 | * @param dst the destination buffer 183 | */ 184 | void sph_skein256_close(void *cc, void *dst); 185 | 186 | /** 187 | * Add a few additional bits (0 to 7) to the current computation, then 188 | * terminate it and output the result in the provided buffer, which must 189 | * be wide enough to accomodate the result (32 bytes). If bit number i 190 | * in ub has value 2^i, then the extra bits are those 191 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 192 | * level). The context is automatically reinitialized. 193 | * 194 | * @param cc the Skein-256 context 195 | * @param ub the extra bits 196 | * @param n the number of extra bits (0 to 7) 197 | * @param dst the destination buffer 198 | */ 199 | void sph_skein256_addbits_and_close( 200 | void *cc, unsigned ub, unsigned n, void *dst); 201 | 202 | /** 203 | * Initialize a Skein-384 context. This process performs no memory allocation. 204 | * 205 | * @param cc the Skein-384 context (pointer to a 206 | * sph_skein384_context) 207 | */ 208 | void sph_skein384_init(void *cc); 209 | 210 | /** 211 | * Process some data bytes. It is acceptable that len is zero 212 | * (in which case this function does nothing). 213 | * 214 | * @param cc the Skein-384 context 215 | * @param data the input data 216 | * @param len the input data length (in bytes) 217 | */ 218 | void sph_skein384(void *cc, const void *data, size_t len); 219 | 220 | /** 221 | * Terminate the current Skein-384 computation and output the result into 222 | * the provided buffer. The destination buffer must be wide enough to 223 | * accomodate the result (48 bytes). The context is automatically 224 | * reinitialized. 225 | * 226 | * @param cc the Skein-384 context 227 | * @param dst the destination buffer 228 | */ 229 | void sph_skein384_close(void *cc, void *dst); 230 | 231 | /** 232 | * Add a few additional bits (0 to 7) to the current computation, then 233 | * terminate it and output the result in the provided buffer, which must 234 | * be wide enough to accomodate the result (48 bytes). If bit number i 235 | * in ub has value 2^i, then the extra bits are those 236 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 237 | * level). The context is automatically reinitialized. 238 | * 239 | * @param cc the Skein-384 context 240 | * @param ub the extra bits 241 | * @param n the number of extra bits (0 to 7) 242 | * @param dst the destination buffer 243 | */ 244 | void sph_skein384_addbits_and_close( 245 | void *cc, unsigned ub, unsigned n, void *dst); 246 | 247 | /** 248 | * Initialize a Skein-512 context. This process performs no memory allocation. 249 | * 250 | * @param cc the Skein-512 context (pointer to a 251 | * sph_skein512_context) 252 | */ 253 | void sph_skein512_init(void *cc); 254 | 255 | /** 256 | * Process some data bytes. It is acceptable that len is zero 257 | * (in which case this function does nothing). 258 | * 259 | * @param cc the Skein-512 context 260 | * @param data the input data 261 | * @param len the input data length (in bytes) 262 | */ 263 | void sph_skein512(void *cc, const void *data, size_t len); 264 | 265 | /** 266 | * Terminate the current Skein-512 computation and output the result into 267 | * the provided buffer. The destination buffer must be wide enough to 268 | * accomodate the result (64 bytes). The context is automatically 269 | * reinitialized. 270 | * 271 | * @param cc the Skein-512 context 272 | * @param dst the destination buffer 273 | */ 274 | void sph_skein512_close(void *cc, void *dst); 275 | 276 | /** 277 | * Add a few additional bits (0 to 7) to the current computation, then 278 | * terminate it and output the result in the provided buffer, which must 279 | * be wide enough to accomodate the result (64 bytes). If bit number i 280 | * in ub has value 2^i, then the extra bits are those 281 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 282 | * level). The context is automatically reinitialized. 283 | * 284 | * @param cc the Skein-512 context 285 | * @param ub the extra bits 286 | * @param n the number of extra bits (0 to 7) 287 | * @param dst the destination buffer 288 | */ 289 | void sph_skein512_addbits_and_close( 290 | void *cc, unsigned ub, unsigned n, void *dst); 291 | 292 | #endif 293 | 294 | #ifdef __cplusplus 295 | } 296 | #endif 297 | 298 | #endif 299 | -------------------------------------------------------------------------------- /sha3/sph_simd.h: -------------------------------------------------------------------------------- 1 | /* $Id: sph_simd.h 154 2010-04-26 17:00:24Z tp $ */ 2 | /** 3 | * SIMD interface. SIMD is a family of functions which differ by 4 | * their output size; this implementation defines SIMD for output 5 | * sizes 224, 256, 384 and 512 bits. 6 | * 7 | * ==========================(LICENSE BEGIN)============================ 8 | * 9 | * Copyright (c) 2007-2010 Projet RNRT SAPHIR 10 | * 11 | * Permission is hereby granted, free of charge, to any person obtaining 12 | * a copy of this software and associated documentation files (the 13 | * "Software"), to deal in the Software without restriction, including 14 | * without limitation the rights to use, copy, modify, merge, publish, 15 | * distribute, sublicense, and/or sell copies of the Software, and to 16 | * permit persons to whom the Software is furnished to do so, subject to 17 | * the following conditions: 18 | * 19 | * The above copyright notice and this permission notice shall be 20 | * included in all copies or substantial portions of the Software. 21 | * 22 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 23 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 24 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 25 | * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 26 | * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 27 | * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 28 | * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 29 | * 30 | * ===========================(LICENSE END)============================= 31 | * 32 | * @file sph_simd.h 33 | * @author Thomas Pornin 34 | */ 35 | 36 | #ifndef SPH_SIMD_H__ 37 | #define SPH_SIMD_H__ 38 | 39 | #ifdef __cplusplus 40 | extern "C"{ 41 | #endif 42 | 43 | #include 44 | #include "sph_types.h" 45 | 46 | /** 47 | * Output size (in bits) for SIMD-224. 48 | */ 49 | #define SPH_SIZE_simd224 224 50 | 51 | /** 52 | * Output size (in bits) for SIMD-256. 53 | */ 54 | #define SPH_SIZE_simd256 256 55 | 56 | /** 57 | * Output size (in bits) for SIMD-384. 58 | */ 59 | #define SPH_SIZE_simd384 384 60 | 61 | /** 62 | * Output size (in bits) for SIMD-512. 63 | */ 64 | #define SPH_SIZE_simd512 512 65 | 66 | /** 67 | * This structure is a context for SIMD computations: it contains the 68 | * intermediate values and some data from the last entered block. Once 69 | * an SIMD computation has been performed, the context can be reused for 70 | * another computation. This specific structure is used for SIMD-224 71 | * and SIMD-256. 72 | * 73 | * The contents of this structure are private. A running SIMD computation 74 | * can be cloned by copying the context (e.g. with a simple 75 | * memcpy()). 76 | */ 77 | typedef struct { 78 | #ifndef DOXYGEN_IGNORE 79 | unsigned char buf[64]; /* first field, for alignment */ 80 | size_t ptr; 81 | sph_u32 state[16]; 82 | sph_u32 count_low, count_high; 83 | #endif 84 | } sph_simd_small_context; 85 | 86 | /** 87 | * This structure is a context for SIMD computations: it contains the 88 | * intermediate values and some data from the last entered block. Once 89 | * an SIMD computation has been performed, the context can be reused for 90 | * another computation. This specific structure is used for SIMD-384 91 | * and SIMD-512. 92 | * 93 | * The contents of this structure are private. A running SIMD computation 94 | * can be cloned by copying the context (e.g. with a simple 95 | * memcpy()). 96 | */ 97 | typedef struct { 98 | #ifndef DOXYGEN_IGNORE 99 | unsigned char buf[128]; /* first field, for alignment */ 100 | size_t ptr; 101 | sph_u32 state[32]; 102 | sph_u32 count_low, count_high; 103 | #endif 104 | } sph_simd_big_context; 105 | 106 | /** 107 | * Type for a SIMD-224 context (identical to the common "small" context). 108 | */ 109 | typedef sph_simd_small_context sph_simd224_context; 110 | 111 | /** 112 | * Type for a SIMD-256 context (identical to the common "small" context). 113 | */ 114 | typedef sph_simd_small_context sph_simd256_context; 115 | 116 | /** 117 | * Type for a SIMD-384 context (identical to the common "big" context). 118 | */ 119 | typedef sph_simd_big_context sph_simd384_context; 120 | 121 | /** 122 | * Type for a SIMD-512 context (identical to the common "big" context). 123 | */ 124 | typedef sph_simd_big_context sph_simd512_context; 125 | 126 | /** 127 | * Initialize an SIMD-224 context. This process performs no memory allocation. 128 | * 129 | * @param cc the SIMD-224 context (pointer to a 130 | * sph_simd224_context) 131 | */ 132 | void sph_simd224_init(void *cc); 133 | 134 | /** 135 | * Process some data bytes. It is acceptable that len is zero 136 | * (in which case this function does nothing). 137 | * 138 | * @param cc the SIMD-224 context 139 | * @param data the input data 140 | * @param len the input data length (in bytes) 141 | */ 142 | void sph_simd224(void *cc, const void *data, size_t len); 143 | 144 | /** 145 | * Terminate the current SIMD-224 computation and output the result into 146 | * the provided buffer. The destination buffer must be wide enough to 147 | * accomodate the result (28 bytes). The context is automatically 148 | * reinitialized. 149 | * 150 | * @param cc the SIMD-224 context 151 | * @param dst the destination buffer 152 | */ 153 | void sph_simd224_close(void *cc, void *dst); 154 | 155 | /** 156 | * Add a few additional bits (0 to 7) to the current computation, then 157 | * terminate it and output the result in the provided buffer, which must 158 | * be wide enough to accomodate the result (28 bytes). If bit number i 159 | * in ub has value 2^i, then the extra bits are those 160 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 161 | * level). The context is automatically reinitialized. 162 | * 163 | * @param cc the SIMD-224 context 164 | * @param ub the extra bits 165 | * @param n the number of extra bits (0 to 7) 166 | * @param dst the destination buffer 167 | */ 168 | void sph_simd224_addbits_and_close( 169 | void *cc, unsigned ub, unsigned n, void *dst); 170 | 171 | /** 172 | * Initialize an SIMD-256 context. This process performs no memory allocation. 173 | * 174 | * @param cc the SIMD-256 context (pointer to a 175 | * sph_simd256_context) 176 | */ 177 | void sph_simd256_init(void *cc); 178 | 179 | /** 180 | * Process some data bytes. It is acceptable that len is zero 181 | * (in which case this function does nothing). 182 | * 183 | * @param cc the SIMD-256 context 184 | * @param data the input data 185 | * @param len the input data length (in bytes) 186 | */ 187 | void sph_simd256(void *cc, const void *data, size_t len); 188 | 189 | /** 190 | * Terminate the current SIMD-256 computation and output the result into 191 | * the provided buffer. The destination buffer must be wide enough to 192 | * accomodate the result (32 bytes). The context is automatically 193 | * reinitialized. 194 | * 195 | * @param cc the SIMD-256 context 196 | * @param dst the destination buffer 197 | */ 198 | void sph_simd256_close(void *cc, void *dst); 199 | 200 | /** 201 | * Add a few additional bits (0 to 7) to the current computation, then 202 | * terminate it and output the result in the provided buffer, which must 203 | * be wide enough to accomodate the result (32 bytes). If bit number i 204 | * in ub has value 2^i, then the extra bits are those 205 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 206 | * level). The context is automatically reinitialized. 207 | * 208 | * @param cc the SIMD-256 context 209 | * @param ub the extra bits 210 | * @param n the number of extra bits (0 to 7) 211 | * @param dst the destination buffer 212 | */ 213 | void sph_simd256_addbits_and_close( 214 | void *cc, unsigned ub, unsigned n, void *dst); 215 | 216 | /** 217 | * Initialize an SIMD-384 context. This process performs no memory allocation. 218 | * 219 | * @param cc the SIMD-384 context (pointer to a 220 | * sph_simd384_context) 221 | */ 222 | void sph_simd384_init(void *cc); 223 | 224 | /** 225 | * Process some data bytes. It is acceptable that len is zero 226 | * (in which case this function does nothing). 227 | * 228 | * @param cc the SIMD-384 context 229 | * @param data the input data 230 | * @param len the input data length (in bytes) 231 | */ 232 | void sph_simd384(void *cc, const void *data, size_t len); 233 | 234 | /** 235 | * Terminate the current SIMD-384 computation and output the result into 236 | * the provided buffer. The destination buffer must be wide enough to 237 | * accomodate the result (48 bytes). The context is automatically 238 | * reinitialized. 239 | * 240 | * @param cc the SIMD-384 context 241 | * @param dst the destination buffer 242 | */ 243 | void sph_simd384_close(void *cc, void *dst); 244 | 245 | /** 246 | * Add a few additional bits (0 to 7) to the current computation, then 247 | * terminate it and output the result in the provided buffer, which must 248 | * be wide enough to accomodate the result (48 bytes). If bit number i 249 | * in ub has value 2^i, then the extra bits are those 250 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 251 | * level). The context is automatically reinitialized. 252 | * 253 | * @param cc the SIMD-384 context 254 | * @param ub the extra bits 255 | * @param n the number of extra bits (0 to 7) 256 | * @param dst the destination buffer 257 | */ 258 | void sph_simd384_addbits_and_close( 259 | void *cc, unsigned ub, unsigned n, void *dst); 260 | 261 | /** 262 | * Initialize an SIMD-512 context. This process performs no memory allocation. 263 | * 264 | * @param cc the SIMD-512 context (pointer to a 265 | * sph_simd512_context) 266 | */ 267 | void sph_simd512_init(void *cc); 268 | 269 | /** 270 | * Process some data bytes. It is acceptable that len is zero 271 | * (in which case this function does nothing). 272 | * 273 | * @param cc the SIMD-512 context 274 | * @param data the input data 275 | * @param len the input data length (in bytes) 276 | */ 277 | void sph_simd512(void *cc, const void *data, size_t len); 278 | 279 | /** 280 | * Terminate the current SIMD-512 computation and output the result into 281 | * the provided buffer. The destination buffer must be wide enough to 282 | * accomodate the result (64 bytes). The context is automatically 283 | * reinitialized. 284 | * 285 | * @param cc the SIMD-512 context 286 | * @param dst the destination buffer 287 | */ 288 | void sph_simd512_close(void *cc, void *dst); 289 | 290 | /** 291 | * Add a few additional bits (0 to 7) to the current computation, then 292 | * terminate it and output the result in the provided buffer, which must 293 | * be wide enough to accomodate the result (64 bytes). If bit number i 294 | * in ub has value 2^i, then the extra bits are those 295 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 296 | * level). The context is automatically reinitialized. 297 | * 298 | * @param cc the SIMD-512 context 299 | * @param ub the extra bits 300 | * @param n the number of extra bits (0 to 7) 301 | * @param dst the destination buffer 302 | */ 303 | void sph_simd512_addbits_and_close( 304 | void *cc, unsigned ub, unsigned n, void *dst); 305 | #ifdef __cplusplus 306 | } 307 | #endif 308 | 309 | #endif 310 | -------------------------------------------------------------------------------- /sha3/sph_echo.h: -------------------------------------------------------------------------------- 1 | /* $Id: sph_echo.h 216 2010-06-08 09:46:57Z tp $ */ 2 | /** 3 | * ECHO interface. ECHO is a family of functions which differ by 4 | * their output size; this implementation defines ECHO for output 5 | * sizes 224, 256, 384 and 512 bits. 6 | * 7 | * ==========================(LICENSE BEGIN)============================ 8 | * 9 | * Copyright (c) 2007-2010 Projet RNRT SAPHIR 10 | * 11 | * Permission is hereby granted, free of charge, to any person obtaining 12 | * a copy of this software and associated documentation files (the 13 | * "Software"), to deal in the Software without restriction, including 14 | * without limitation the rights to use, copy, modify, merge, publish, 15 | * distribute, sublicense, and/or sell copies of the Software, and to 16 | * permit persons to whom the Software is furnished to do so, subject to 17 | * the following conditions: 18 | * 19 | * The above copyright notice and this permission notice shall be 20 | * included in all copies or substantial portions of the Software. 21 | * 22 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 23 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 24 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 25 | * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 26 | * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 27 | * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 28 | * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 29 | * 30 | * ===========================(LICENSE END)============================= 31 | * 32 | * @file sph_echo.h 33 | * @author Thomas Pornin 34 | */ 35 | 36 | #ifndef SPH_ECHO_H__ 37 | #define SPH_ECHO_H__ 38 | 39 | #ifdef __cplusplus 40 | extern "C"{ 41 | #endif 42 | 43 | #include 44 | #include "sph_types.h" 45 | 46 | /** 47 | * Output size (in bits) for ECHO-224. 48 | */ 49 | #define SPH_SIZE_echo224 224 50 | 51 | /** 52 | * Output size (in bits) for ECHO-256. 53 | */ 54 | #define SPH_SIZE_echo256 256 55 | 56 | /** 57 | * Output size (in bits) for ECHO-384. 58 | */ 59 | #define SPH_SIZE_echo384 384 60 | 61 | /** 62 | * Output size (in bits) for ECHO-512. 63 | */ 64 | #define SPH_SIZE_echo512 512 65 | 66 | /** 67 | * This structure is a context for ECHO computations: it contains the 68 | * intermediate values and some data from the last entered block. Once 69 | * an ECHO computation has been performed, the context can be reused for 70 | * another computation. This specific structure is used for ECHO-224 71 | * and ECHO-256. 72 | * 73 | * The contents of this structure are private. A running ECHO computation 74 | * can be cloned by copying the context (e.g. with a simple 75 | * memcpy()). 76 | */ 77 | typedef struct { 78 | #ifndef DOXYGEN_IGNORE 79 | unsigned char buf[192]; /* first field, for alignment */ 80 | size_t ptr; 81 | union { 82 | sph_u32 Vs[4][4]; 83 | #if SPH_64 84 | sph_u64 Vb[4][2]; 85 | #endif 86 | } u; 87 | sph_u32 C0, C1, C2, C3; 88 | #endif 89 | } sph_echo_small_context; 90 | 91 | /** 92 | * This structure is a context for ECHO computations: it contains the 93 | * intermediate values and some data from the last entered block. Once 94 | * an ECHO computation has been performed, the context can be reused for 95 | * another computation. This specific structure is used for ECHO-384 96 | * and ECHO-512. 97 | * 98 | * The contents of this structure are private. A running ECHO computation 99 | * can be cloned by copying the context (e.g. with a simple 100 | * memcpy()). 101 | */ 102 | typedef struct { 103 | #ifndef DOXYGEN_IGNORE 104 | unsigned char buf[128]; /* first field, for alignment */ 105 | size_t ptr; 106 | union { 107 | sph_u32 Vs[8][4]; 108 | #if SPH_64 109 | sph_u64 Vb[8][2]; 110 | #endif 111 | } u; 112 | sph_u32 C0, C1, C2, C3; 113 | #endif 114 | } sph_echo_big_context; 115 | 116 | /** 117 | * Type for a ECHO-224 context (identical to the common "small" context). 118 | */ 119 | typedef sph_echo_small_context sph_echo224_context; 120 | 121 | /** 122 | * Type for a ECHO-256 context (identical to the common "small" context). 123 | */ 124 | typedef sph_echo_small_context sph_echo256_context; 125 | 126 | /** 127 | * Type for a ECHO-384 context (identical to the common "big" context). 128 | */ 129 | typedef sph_echo_big_context sph_echo384_context; 130 | 131 | /** 132 | * Type for a ECHO-512 context (identical to the common "big" context). 133 | */ 134 | typedef sph_echo_big_context sph_echo512_context; 135 | 136 | /** 137 | * Initialize an ECHO-224 context. This process performs no memory allocation. 138 | * 139 | * @param cc the ECHO-224 context (pointer to a 140 | * sph_echo224_context) 141 | */ 142 | void sph_echo224_init(void *cc); 143 | 144 | /** 145 | * Process some data bytes. It is acceptable that len is zero 146 | * (in which case this function does nothing). 147 | * 148 | * @param cc the ECHO-224 context 149 | * @param data the input data 150 | * @param len the input data length (in bytes) 151 | */ 152 | void sph_echo224(void *cc, const void *data, size_t len); 153 | 154 | /** 155 | * Terminate the current ECHO-224 computation and output the result into 156 | * the provided buffer. The destination buffer must be wide enough to 157 | * accomodate the result (28 bytes). The context is automatically 158 | * reinitialized. 159 | * 160 | * @param cc the ECHO-224 context 161 | * @param dst the destination buffer 162 | */ 163 | void sph_echo224_close(void *cc, void *dst); 164 | 165 | /** 166 | * Add a few additional bits (0 to 7) to the current computation, then 167 | * terminate it and output the result in the provided buffer, which must 168 | * be wide enough to accomodate the result (28 bytes). If bit number i 169 | * in ub has value 2^i, then the extra bits are those 170 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 171 | * level). The context is automatically reinitialized. 172 | * 173 | * @param cc the ECHO-224 context 174 | * @param ub the extra bits 175 | * @param n the number of extra bits (0 to 7) 176 | * @param dst the destination buffer 177 | */ 178 | void sph_echo224_addbits_and_close( 179 | void *cc, unsigned ub, unsigned n, void *dst); 180 | 181 | /** 182 | * Initialize an ECHO-256 context. This process performs no memory allocation. 183 | * 184 | * @param cc the ECHO-256 context (pointer to a 185 | * sph_echo256_context) 186 | */ 187 | void sph_echo256_init(void *cc); 188 | 189 | /** 190 | * Process some data bytes. It is acceptable that len is zero 191 | * (in which case this function does nothing). 192 | * 193 | * @param cc the ECHO-256 context 194 | * @param data the input data 195 | * @param len the input data length (in bytes) 196 | */ 197 | void sph_echo256(void *cc, const void *data, size_t len); 198 | 199 | /** 200 | * Terminate the current ECHO-256 computation and output the result into 201 | * the provided buffer. The destination buffer must be wide enough to 202 | * accomodate the result (32 bytes). The context is automatically 203 | * reinitialized. 204 | * 205 | * @param cc the ECHO-256 context 206 | * @param dst the destination buffer 207 | */ 208 | void sph_echo256_close(void *cc, void *dst); 209 | 210 | /** 211 | * Add a few additional bits (0 to 7) to the current computation, then 212 | * terminate it and output the result in the provided buffer, which must 213 | * be wide enough to accomodate the result (32 bytes). If bit number i 214 | * in ub has value 2^i, then the extra bits are those 215 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 216 | * level). The context is automatically reinitialized. 217 | * 218 | * @param cc the ECHO-256 context 219 | * @param ub the extra bits 220 | * @param n the number of extra bits (0 to 7) 221 | * @param dst the destination buffer 222 | */ 223 | void sph_echo256_addbits_and_close( 224 | void *cc, unsigned ub, unsigned n, void *dst); 225 | 226 | /** 227 | * Initialize an ECHO-384 context. This process performs no memory allocation. 228 | * 229 | * @param cc the ECHO-384 context (pointer to a 230 | * sph_echo384_context) 231 | */ 232 | void sph_echo384_init(void *cc); 233 | 234 | /** 235 | * Process some data bytes. It is acceptable that len is zero 236 | * (in which case this function does nothing). 237 | * 238 | * @param cc the ECHO-384 context 239 | * @param data the input data 240 | * @param len the input data length (in bytes) 241 | */ 242 | void sph_echo384(void *cc, const void *data, size_t len); 243 | 244 | /** 245 | * Terminate the current ECHO-384 computation and output the result into 246 | * the provided buffer. The destination buffer must be wide enough to 247 | * accomodate the result (48 bytes). The context is automatically 248 | * reinitialized. 249 | * 250 | * @param cc the ECHO-384 context 251 | * @param dst the destination buffer 252 | */ 253 | void sph_echo384_close(void *cc, void *dst); 254 | 255 | /** 256 | * Add a few additional bits (0 to 7) to the current computation, then 257 | * terminate it and output the result in the provided buffer, which must 258 | * be wide enough to accomodate the result (48 bytes). If bit number i 259 | * in ub has value 2^i, then the extra bits are those 260 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 261 | * level). The context is automatically reinitialized. 262 | * 263 | * @param cc the ECHO-384 context 264 | * @param ub the extra bits 265 | * @param n the number of extra bits (0 to 7) 266 | * @param dst the destination buffer 267 | */ 268 | void sph_echo384_addbits_and_close( 269 | void *cc, unsigned ub, unsigned n, void *dst); 270 | 271 | /** 272 | * Initialize an ECHO-512 context. This process performs no memory allocation. 273 | * 274 | * @param cc the ECHO-512 context (pointer to a 275 | * sph_echo512_context) 276 | */ 277 | void sph_echo512_init(void *cc); 278 | 279 | /** 280 | * Process some data bytes. It is acceptable that len is zero 281 | * (in which case this function does nothing). 282 | * 283 | * @param cc the ECHO-512 context 284 | * @param data the input data 285 | * @param len the input data length (in bytes) 286 | */ 287 | void sph_echo512(void *cc, const void *data, size_t len); 288 | 289 | /** 290 | * Terminate the current ECHO-512 computation and output the result into 291 | * the provided buffer. The destination buffer must be wide enough to 292 | * accomodate the result (64 bytes). The context is automatically 293 | * reinitialized. 294 | * 295 | * @param cc the ECHO-512 context 296 | * @param dst the destination buffer 297 | */ 298 | void sph_echo512_close(void *cc, void *dst); 299 | 300 | /** 301 | * Add a few additional bits (0 to 7) to the current computation, then 302 | * terminate it and output the result in the provided buffer, which must 303 | * be wide enough to accomodate the result (64 bytes). If bit number i 304 | * in ub has value 2^i, then the extra bits are those 305 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 306 | * level). The context is automatically reinitialized. 307 | * 308 | * @param cc the ECHO-512 context 309 | * @param ub the extra bits 310 | * @param n the number of extra bits (0 to 7) 311 | * @param dst the destination buffer 312 | */ 313 | void sph_echo512_addbits_and_close( 314 | void *cc, unsigned ub, unsigned n, void *dst); 315 | 316 | #ifdef __cplusplus 317 | } 318 | #endif 319 | 320 | #endif 321 | -------------------------------------------------------------------------------- /sha3/sph_bmw.h: -------------------------------------------------------------------------------- 1 | /* $Id: sph_bmw.h 216 2010-06-08 09:46:57Z tp $ */ 2 | /** 3 | * BMW interface. BMW (aka "Blue Midnight Wish") is a family of 4 | * functions which differ by their output size; this implementation 5 | * defines BMW for output sizes 224, 256, 384 and 512 bits. 6 | * 7 | * ==========================(LICENSE BEGIN)============================ 8 | * 9 | * Copyright (c) 2007-2010 Projet RNRT SAPHIR 10 | * 11 | * Permission is hereby granted, free of charge, to any person obtaining 12 | * a copy of this software and associated documentation files (the 13 | * "Software"), to deal in the Software without restriction, including 14 | * without limitation the rights to use, copy, modify, merge, publish, 15 | * distribute, sublicense, and/or sell copies of the Software, and to 16 | * permit persons to whom the Software is furnished to do so, subject to 17 | * the following conditions: 18 | * 19 | * The above copyright notice and this permission notice shall be 20 | * included in all copies or substantial portions of the Software. 21 | * 22 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 23 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 24 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 25 | * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 26 | * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 27 | * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 28 | * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 29 | * 30 | * ===========================(LICENSE END)============================= 31 | * 32 | * @file sph_bmw.h 33 | * @author Thomas Pornin 34 | */ 35 | 36 | #ifndef SPH_BMW_H__ 37 | #define SPH_BMW_H__ 38 | 39 | #ifdef __cplusplus 40 | extern "C"{ 41 | #endif 42 | 43 | #include 44 | #include "sph_types.h" 45 | 46 | /** 47 | * Output size (in bits) for BMW-224. 48 | */ 49 | #define SPH_SIZE_bmw224 224 50 | 51 | /** 52 | * Output size (in bits) for BMW-256. 53 | */ 54 | #define SPH_SIZE_bmw256 256 55 | 56 | #if SPH_64 57 | 58 | /** 59 | * Output size (in bits) for BMW-384. 60 | */ 61 | #define SPH_SIZE_bmw384 384 62 | 63 | /** 64 | * Output size (in bits) for BMW-512. 65 | */ 66 | #define SPH_SIZE_bmw512 512 67 | 68 | #endif 69 | 70 | /** 71 | * This structure is a context for BMW-224 and BMW-256 computations: 72 | * it contains the intermediate values and some data from the last 73 | * entered block. Once a BMW computation has been performed, the 74 | * context can be reused for another computation. 75 | * 76 | * The contents of this structure are private. A running BMW 77 | * computation can be cloned by copying the context (e.g. with a simple 78 | * memcpy()). 79 | */ 80 | typedef struct { 81 | #ifndef DOXYGEN_IGNORE 82 | unsigned char buf[64]; /* first field, for alignment */ 83 | size_t ptr; 84 | sph_u32 H[16]; 85 | #if SPH_64 86 | sph_u64 bit_count; 87 | #else 88 | sph_u32 bit_count_high, bit_count_low; 89 | #endif 90 | #endif 91 | } sph_bmw_small_context; 92 | 93 | /** 94 | * This structure is a context for BMW-224 computations. It is 95 | * identical to the common sph_bmw_small_context. 96 | */ 97 | typedef sph_bmw_small_context sph_bmw224_context; 98 | 99 | /** 100 | * This structure is a context for BMW-256 computations. It is 101 | * identical to the common sph_bmw_small_context. 102 | */ 103 | typedef sph_bmw_small_context sph_bmw256_context; 104 | 105 | #if SPH_64 106 | 107 | /** 108 | * This structure is a context for BMW-384 and BMW-512 computations: 109 | * it contains the intermediate values and some data from the last 110 | * entered block. Once a BMW computation has been performed, the 111 | * context can be reused for another computation. 112 | * 113 | * The contents of this structure are private. A running BMW 114 | * computation can be cloned by copying the context (e.g. with a simple 115 | * memcpy()). 116 | */ 117 | typedef struct { 118 | #ifndef DOXYGEN_IGNORE 119 | unsigned char buf[128]; /* first field, for alignment */ 120 | size_t ptr; 121 | sph_u64 H[16]; 122 | sph_u64 bit_count; 123 | #endif 124 | } sph_bmw_big_context; 125 | 126 | /** 127 | * This structure is a context for BMW-384 computations. It is 128 | * identical to the common sph_bmw_small_context. 129 | */ 130 | typedef sph_bmw_big_context sph_bmw384_context; 131 | 132 | /** 133 | * This structure is a context for BMW-512 computations. It is 134 | * identical to the common sph_bmw_small_context. 135 | */ 136 | typedef sph_bmw_big_context sph_bmw512_context; 137 | 138 | #endif 139 | 140 | /** 141 | * Initialize a BMW-224 context. This process performs no memory allocation. 142 | * 143 | * @param cc the BMW-224 context (pointer to a 144 | * sph_bmw224_context) 145 | */ 146 | void sph_bmw224_init(void *cc); 147 | 148 | /** 149 | * Process some data bytes. It is acceptable that len is zero 150 | * (in which case this function does nothing). 151 | * 152 | * @param cc the BMW-224 context 153 | * @param data the input data 154 | * @param len the input data length (in bytes) 155 | */ 156 | void sph_bmw224(void *cc, const void *data, size_t len); 157 | 158 | /** 159 | * Terminate the current BMW-224 computation and output the result into 160 | * the provided buffer. The destination buffer must be wide enough to 161 | * accomodate the result (28 bytes). The context is automatically 162 | * reinitialized. 163 | * 164 | * @param cc the BMW-224 context 165 | * @param dst the destination buffer 166 | */ 167 | void sph_bmw224_close(void *cc, void *dst); 168 | 169 | /** 170 | * Add a few additional bits (0 to 7) to the current computation, then 171 | * terminate it and output the result in the provided buffer, which must 172 | * be wide enough to accomodate the result (28 bytes). If bit number i 173 | * in ub has value 2^i, then the extra bits are those 174 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 175 | * level). The context is automatically reinitialized. 176 | * 177 | * @param cc the BMW-224 context 178 | * @param ub the extra bits 179 | * @param n the number of extra bits (0 to 7) 180 | * @param dst the destination buffer 181 | */ 182 | void sph_bmw224_addbits_and_close( 183 | void *cc, unsigned ub, unsigned n, void *dst); 184 | 185 | /** 186 | * Initialize a BMW-256 context. This process performs no memory allocation. 187 | * 188 | * @param cc the BMW-256 context (pointer to a 189 | * sph_bmw256_context) 190 | */ 191 | void sph_bmw256_init(void *cc); 192 | 193 | /** 194 | * Process some data bytes. It is acceptable that len is zero 195 | * (in which case this function does nothing). 196 | * 197 | * @param cc the BMW-256 context 198 | * @param data the input data 199 | * @param len the input data length (in bytes) 200 | */ 201 | void sph_bmw256(void *cc, const void *data, size_t len); 202 | 203 | /** 204 | * Terminate the current BMW-256 computation and output the result into 205 | * the provided buffer. The destination buffer must be wide enough to 206 | * accomodate the result (32 bytes). The context is automatically 207 | * reinitialized. 208 | * 209 | * @param cc the BMW-256 context 210 | * @param dst the destination buffer 211 | */ 212 | void sph_bmw256_close(void *cc, void *dst); 213 | 214 | /** 215 | * Add a few additional bits (0 to 7) to the current computation, then 216 | * terminate it and output the result in the provided buffer, which must 217 | * be wide enough to accomodate the result (32 bytes). If bit number i 218 | * in ub has value 2^i, then the extra bits are those 219 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 220 | * level). The context is automatically reinitialized. 221 | * 222 | * @param cc the BMW-256 context 223 | * @param ub the extra bits 224 | * @param n the number of extra bits (0 to 7) 225 | * @param dst the destination buffer 226 | */ 227 | void sph_bmw256_addbits_and_close( 228 | void *cc, unsigned ub, unsigned n, void *dst); 229 | 230 | #if SPH_64 231 | 232 | /** 233 | * Initialize a BMW-384 context. This process performs no memory allocation. 234 | * 235 | * @param cc the BMW-384 context (pointer to a 236 | * sph_bmw384_context) 237 | */ 238 | void sph_bmw384_init(void *cc); 239 | 240 | /** 241 | * Process some data bytes. It is acceptable that len is zero 242 | * (in which case this function does nothing). 243 | * 244 | * @param cc the BMW-384 context 245 | * @param data the input data 246 | * @param len the input data length (in bytes) 247 | */ 248 | void sph_bmw384(void *cc, const void *data, size_t len); 249 | 250 | /** 251 | * Terminate the current BMW-384 computation and output the result into 252 | * the provided buffer. The destination buffer must be wide enough to 253 | * accomodate the result (48 bytes). The context is automatically 254 | * reinitialized. 255 | * 256 | * @param cc the BMW-384 context 257 | * @param dst the destination buffer 258 | */ 259 | void sph_bmw384_close(void *cc, void *dst); 260 | 261 | /** 262 | * Add a few additional bits (0 to 7) to the current computation, then 263 | * terminate it and output the result in the provided buffer, which must 264 | * be wide enough to accomodate the result (48 bytes). If bit number i 265 | * in ub has value 2^i, then the extra bits are those 266 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 267 | * level). The context is automatically reinitialized. 268 | * 269 | * @param cc the BMW-384 context 270 | * @param ub the extra bits 271 | * @param n the number of extra bits (0 to 7) 272 | * @param dst the destination buffer 273 | */ 274 | void sph_bmw384_addbits_and_close( 275 | void *cc, unsigned ub, unsigned n, void *dst); 276 | 277 | /** 278 | * Initialize a BMW-512 context. This process performs no memory allocation. 279 | * 280 | * @param cc the BMW-512 context (pointer to a 281 | * sph_bmw512_context) 282 | */ 283 | void sph_bmw512_init(void *cc); 284 | 285 | /** 286 | * Process some data bytes. It is acceptable that len is zero 287 | * (in which case this function does nothing). 288 | * 289 | * @param cc the BMW-512 context 290 | * @param data the input data 291 | * @param len the input data length (in bytes) 292 | */ 293 | void sph_bmw512(void *cc, const void *data, size_t len); 294 | 295 | /** 296 | * Terminate the current BMW-512 computation and output the result into 297 | * the provided buffer. The destination buffer must be wide enough to 298 | * accomodate the result (64 bytes). The context is automatically 299 | * reinitialized. 300 | * 301 | * @param cc the BMW-512 context 302 | * @param dst the destination buffer 303 | */ 304 | void sph_bmw512_close(void *cc, void *dst); 305 | 306 | /** 307 | * Add a few additional bits (0 to 7) to the current computation, then 308 | * terminate it and output the result in the provided buffer, which must 309 | * be wide enough to accomodate the result (64 bytes). If bit number i 310 | * in ub has value 2^i, then the extra bits are those 311 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 312 | * level). The context is automatically reinitialized. 313 | * 314 | * @param cc the BMW-512 context 315 | * @param ub the extra bits 316 | * @param n the number of extra bits (0 to 7) 317 | * @param dst the destination buffer 318 | */ 319 | void sph_bmw512_addbits_and_close( 320 | void *cc, unsigned ub, unsigned n, void *dst); 321 | 322 | #endif 323 | 324 | #ifdef __cplusplus 325 | } 326 | #endif 327 | 328 | #endif 329 | -------------------------------------------------------------------------------- /sha3/sph_blake.h: -------------------------------------------------------------------------------- 1 | /* $Id: sph_blake.h 252 2011-06-07 17:55:14Z tp $ */ 2 | /** 3 | * BLAKE interface. BLAKE is a family of functions which differ by their 4 | * output size; this implementation defines BLAKE for output sizes 224, 5 | * 256, 384 and 512 bits. This implementation conforms to the "third 6 | * round" specification. 7 | * 8 | * ==========================(LICENSE BEGIN)============================ 9 | * 10 | * Copyright (c) 2007-2010 Projet RNRT SAPHIR 11 | * 12 | * Permission is hereby granted, free of charge, to any person obtaining 13 | * a copy of this software and associated documentation files (the 14 | * "Software"), to deal in the Software without restriction, including 15 | * without limitation the rights to use, copy, modify, merge, publish, 16 | * distribute, sublicense, and/or sell copies of the Software, and to 17 | * permit persons to whom the Software is furnished to do so, subject to 18 | * the following conditions: 19 | * 20 | * The above copyright notice and this permission notice shall be 21 | * included in all copies or substantial portions of the Software. 22 | * 23 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 24 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 25 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 26 | * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 27 | * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 28 | * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 29 | * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 30 | * 31 | * ===========================(LICENSE END)============================= 32 | * 33 | * @file sph_blake.h 34 | * @author Thomas Pornin 35 | */ 36 | 37 | #ifndef SPH_BLAKE_H__ 38 | #define SPH_BLAKE_H__ 39 | 40 | #ifdef __cplusplus 41 | extern "C"{ 42 | #endif 43 | 44 | #include 45 | #include "sph_types.h" 46 | 47 | /** 48 | * Output size (in bits) for BLAKE-224. 49 | */ 50 | #define SPH_SIZE_blake224 224 51 | 52 | /** 53 | * Output size (in bits) for BLAKE-256. 54 | */ 55 | #define SPH_SIZE_blake256 256 56 | 57 | #if SPH_64 58 | 59 | /** 60 | * Output size (in bits) for BLAKE-384. 61 | */ 62 | #define SPH_SIZE_blake384 384 63 | 64 | /** 65 | * Output size (in bits) for BLAKE-512. 66 | */ 67 | #define SPH_SIZE_blake512 512 68 | 69 | #endif 70 | 71 | /** 72 | * This structure is a context for BLAKE-224 and BLAKE-256 computations: 73 | * it contains the intermediate values and some data from the last 74 | * entered block. Once a BLAKE computation has been performed, the 75 | * context can be reused for another computation. 76 | * 77 | * The contents of this structure are private. A running BLAKE 78 | * computation can be cloned by copying the context (e.g. with a simple 79 | * memcpy()). 80 | */ 81 | typedef struct { 82 | #ifndef DOXYGEN_IGNORE 83 | unsigned char buf[64]; /* first field, for alignment */ 84 | size_t ptr; 85 | sph_u32 H[8]; 86 | sph_u32 S[4]; 87 | sph_u32 T0, T1; 88 | #endif 89 | } sph_blake_small_context; 90 | 91 | /** 92 | * This structure is a context for BLAKE-224 computations. It is 93 | * identical to the common sph_blake_small_context. 94 | */ 95 | typedef sph_blake_small_context sph_blake224_context; 96 | 97 | /** 98 | * This structure is a context for BLAKE-256 computations. It is 99 | * identical to the common sph_blake_small_context. 100 | */ 101 | typedef sph_blake_small_context sph_blake256_context; 102 | 103 | #if SPH_64 104 | 105 | /** 106 | * This structure is a context for BLAKE-384 and BLAKE-512 computations: 107 | * it contains the intermediate values and some data from the last 108 | * entered block. Once a BLAKE computation has been performed, the 109 | * context can be reused for another computation. 110 | * 111 | * The contents of this structure are private. A running BLAKE 112 | * computation can be cloned by copying the context (e.g. with a simple 113 | * memcpy()). 114 | */ 115 | typedef struct { 116 | #ifndef DOXYGEN_IGNORE 117 | unsigned char buf[128]; /* first field, for alignment */ 118 | size_t ptr; 119 | sph_u64 H[8]; 120 | sph_u64 S[4]; 121 | sph_u64 T0, T1; 122 | #endif 123 | } sph_blake_big_context; 124 | 125 | /** 126 | * This structure is a context for BLAKE-384 computations. It is 127 | * identical to the common sph_blake_small_context. 128 | */ 129 | typedef sph_blake_big_context sph_blake384_context; 130 | 131 | /** 132 | * This structure is a context for BLAKE-512 computations. It is 133 | * identical to the common sph_blake_small_context. 134 | */ 135 | typedef sph_blake_big_context sph_blake512_context; 136 | 137 | #endif 138 | 139 | /** 140 | * Initialize a BLAKE-224 context. This process performs no memory allocation. 141 | * 142 | * @param cc the BLAKE-224 context (pointer to a 143 | * sph_blake224_context) 144 | */ 145 | void sph_blake224_init(void *cc); 146 | 147 | /** 148 | * Process some data bytes. It is acceptable that len is zero 149 | * (in which case this function does nothing). 150 | * 151 | * @param cc the BLAKE-224 context 152 | * @param data the input data 153 | * @param len the input data length (in bytes) 154 | */ 155 | void sph_blake224(void *cc, const void *data, size_t len); 156 | 157 | /** 158 | * Terminate the current BLAKE-224 computation and output the result into 159 | * the provided buffer. The destination buffer must be wide enough to 160 | * accomodate the result (28 bytes). The context is automatically 161 | * reinitialized. 162 | * 163 | * @param cc the BLAKE-224 context 164 | * @param dst the destination buffer 165 | */ 166 | void sph_blake224_close(void *cc, void *dst); 167 | 168 | /** 169 | * Add a few additional bits (0 to 7) to the current computation, then 170 | * terminate it and output the result in the provided buffer, which must 171 | * be wide enough to accomodate the result (28 bytes). If bit number i 172 | * in ub has value 2^i, then the extra bits are those 173 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 174 | * level). The context is automatically reinitialized. 175 | * 176 | * @param cc the BLAKE-224 context 177 | * @param ub the extra bits 178 | * @param n the number of extra bits (0 to 7) 179 | * @param dst the destination buffer 180 | */ 181 | void sph_blake224_addbits_and_close( 182 | void *cc, unsigned ub, unsigned n, void *dst); 183 | 184 | /** 185 | * Initialize a BLAKE-256 context. This process performs no memory allocation. 186 | * 187 | * @param cc the BLAKE-256 context (pointer to a 188 | * sph_blake256_context) 189 | */ 190 | void sph_blake256_init(void *cc); 191 | 192 | /** 193 | * Process some data bytes. It is acceptable that len is zero 194 | * (in which case this function does nothing). 195 | * 196 | * @param cc the BLAKE-256 context 197 | * @param data the input data 198 | * @param len the input data length (in bytes) 199 | */ 200 | void sph_blake256(void *cc, const void *data, size_t len); 201 | 202 | /** 203 | * Terminate the current BLAKE-256 computation and output the result into 204 | * the provided buffer. The destination buffer must be wide enough to 205 | * accomodate the result (32 bytes). The context is automatically 206 | * reinitialized. 207 | * 208 | * @param cc the BLAKE-256 context 209 | * @param dst the destination buffer 210 | */ 211 | void sph_blake256_close(void *cc, void *dst); 212 | 213 | /** 214 | * Add a few additional bits (0 to 7) to the current computation, then 215 | * terminate it and output the result in the provided buffer, which must 216 | * be wide enough to accomodate the result (32 bytes). If bit number i 217 | * in ub has value 2^i, then the extra bits are those 218 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 219 | * level). The context is automatically reinitialized. 220 | * 221 | * @param cc the BLAKE-256 context 222 | * @param ub the extra bits 223 | * @param n the number of extra bits (0 to 7) 224 | * @param dst the destination buffer 225 | */ 226 | void sph_blake256_addbits_and_close( 227 | void *cc, unsigned ub, unsigned n, void *dst); 228 | 229 | #if SPH_64 230 | 231 | /** 232 | * Initialize a BLAKE-384 context. This process performs no memory allocation. 233 | * 234 | * @param cc the BLAKE-384 context (pointer to a 235 | * sph_blake384_context) 236 | */ 237 | void sph_blake384_init(void *cc); 238 | 239 | /** 240 | * Process some data bytes. It is acceptable that len is zero 241 | * (in which case this function does nothing). 242 | * 243 | * @param cc the BLAKE-384 context 244 | * @param data the input data 245 | * @param len the input data length (in bytes) 246 | */ 247 | void sph_blake384(void *cc, const void *data, size_t len); 248 | 249 | /** 250 | * Terminate the current BLAKE-384 computation and output the result into 251 | * the provided buffer. The destination buffer must be wide enough to 252 | * accomodate the result (48 bytes). The context is automatically 253 | * reinitialized. 254 | * 255 | * @param cc the BLAKE-384 context 256 | * @param dst the destination buffer 257 | */ 258 | void sph_blake384_close(void *cc, void *dst); 259 | 260 | /** 261 | * Add a few additional bits (0 to 7) to the current computation, then 262 | * terminate it and output the result in the provided buffer, which must 263 | * be wide enough to accomodate the result (48 bytes). If bit number i 264 | * in ub has value 2^i, then the extra bits are those 265 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 266 | * level). The context is automatically reinitialized. 267 | * 268 | * @param cc the BLAKE-384 context 269 | * @param ub the extra bits 270 | * @param n the number of extra bits (0 to 7) 271 | * @param dst the destination buffer 272 | */ 273 | void sph_blake384_addbits_and_close( 274 | void *cc, unsigned ub, unsigned n, void *dst); 275 | 276 | /** 277 | * Initialize a BLAKE-512 context. This process performs no memory allocation. 278 | * 279 | * @param cc the BLAKE-512 context (pointer to a 280 | * sph_blake512_context) 281 | */ 282 | void sph_blake512_init(void *cc); 283 | 284 | /** 285 | * Process some data bytes. It is acceptable that len is zero 286 | * (in which case this function does nothing). 287 | * 288 | * @param cc the BLAKE-512 context 289 | * @param data the input data 290 | * @param len the input data length (in bytes) 291 | */ 292 | void sph_blake512(void *cc, const void *data, size_t len); 293 | 294 | /** 295 | * Terminate the current BLAKE-512 computation and output the result into 296 | * the provided buffer. The destination buffer must be wide enough to 297 | * accomodate the result (64 bytes). The context is automatically 298 | * reinitialized. 299 | * 300 | * @param cc the BLAKE-512 context 301 | * @param dst the destination buffer 302 | */ 303 | void sph_blake512_close(void *cc, void *dst); 304 | 305 | /** 306 | * Add a few additional bits (0 to 7) to the current computation, then 307 | * terminate it and output the result in the provided buffer, which must 308 | * be wide enough to accomodate the result (64 bytes). If bit number i 309 | * in ub has value 2^i, then the extra bits are those 310 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 311 | * level). The context is automatically reinitialized. 312 | * 313 | * @param cc the BLAKE-512 context 314 | * @param ub the extra bits 315 | * @param n the number of extra bits (0 to 7) 316 | * @param dst the destination buffer 317 | */ 318 | void sph_blake512_addbits_and_close( 319 | void *cc, unsigned ub, unsigned n, void *dst); 320 | 321 | #endif 322 | 323 | #ifdef __cplusplus 324 | } 325 | #endif 326 | 327 | #endif 328 | -------------------------------------------------------------------------------- /sha3/sph_shavite.h: -------------------------------------------------------------------------------- 1 | /* $Id: sph_shavite.h 208 2010-06-02 20:33:00Z tp $ */ 2 | /** 3 | * SHAvite-3 interface. This code implements SHAvite-3 with the 4 | * recommended parameters for SHA-3, with outputs of 224, 256, 384 and 5 | * 512 bits. In the following, we call the function "SHAvite" (without 6 | * the "-3" suffix), thus "SHAvite-224" is "SHAvite-3 with a 224-bit 7 | * output". 8 | * 9 | * ==========================(LICENSE BEGIN)============================ 10 | * 11 | * Copyright (c) 2007-2010 Projet RNRT SAPHIR 12 | * 13 | * Permission is hereby granted, free of charge, to any person obtaining 14 | * a copy of this software and associated documentation files (the 15 | * "Software"), to deal in the Software without restriction, including 16 | * without limitation the rights to use, copy, modify, merge, publish, 17 | * distribute, sublicense, and/or sell copies of the Software, and to 18 | * permit persons to whom the Software is furnished to do so, subject to 19 | * the following conditions: 20 | * 21 | * The above copyright notice and this permission notice shall be 22 | * included in all copies or substantial portions of the Software. 23 | * 24 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 25 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 26 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 27 | * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 28 | * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 29 | * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 30 | * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 31 | * 32 | * ===========================(LICENSE END)============================= 33 | * 34 | * @file sph_shavite.h 35 | * @author Thomas Pornin 36 | */ 37 | 38 | #ifndef SPH_SHAVITE_H__ 39 | #define SPH_SHAVITE_H__ 40 | 41 | #include 42 | #include "sph_types.h" 43 | 44 | #ifdef __cplusplus 45 | extern "C"{ 46 | #endif 47 | 48 | /** 49 | * Output size (in bits) for SHAvite-224. 50 | */ 51 | #define SPH_SIZE_shavite224 224 52 | 53 | /** 54 | * Output size (in bits) for SHAvite-256. 55 | */ 56 | #define SPH_SIZE_shavite256 256 57 | 58 | /** 59 | * Output size (in bits) for SHAvite-384. 60 | */ 61 | #define SPH_SIZE_shavite384 384 62 | 63 | /** 64 | * Output size (in bits) for SHAvite-512. 65 | */ 66 | #define SPH_SIZE_shavite512 512 67 | 68 | /** 69 | * This structure is a context for SHAvite-224 and SHAvite-256 computations: 70 | * it contains the intermediate values and some data from the last 71 | * entered block. Once a SHAvite computation has been performed, the 72 | * context can be reused for another computation. 73 | * 74 | * The contents of this structure are private. A running SHAvite 75 | * computation can be cloned by copying the context (e.g. with a simple 76 | * memcpy()). 77 | */ 78 | typedef struct { 79 | #ifndef DOXYGEN_IGNORE 80 | unsigned char buf[64]; /* first field, for alignment */ 81 | size_t ptr; 82 | sph_u32 h[8]; 83 | sph_u32 count0, count1; 84 | #endif 85 | } sph_shavite_small_context; 86 | 87 | /** 88 | * This structure is a context for SHAvite-224 computations. It is 89 | * identical to the common sph_shavite_small_context. 90 | */ 91 | typedef sph_shavite_small_context sph_shavite224_context; 92 | 93 | /** 94 | * This structure is a context for SHAvite-256 computations. It is 95 | * identical to the common sph_shavite_small_context. 96 | */ 97 | typedef sph_shavite_small_context sph_shavite256_context; 98 | 99 | /** 100 | * This structure is a context for SHAvite-384 and SHAvite-512 computations: 101 | * it contains the intermediate values and some data from the last 102 | * entered block. Once a SHAvite computation has been performed, the 103 | * context can be reused for another computation. 104 | * 105 | * The contents of this structure are private. A running SHAvite 106 | * computation can be cloned by copying the context (e.g. with a simple 107 | * memcpy()). 108 | */ 109 | typedef struct { 110 | #ifndef DOXYGEN_IGNORE 111 | unsigned char buf[128]; /* first field, for alignment */ 112 | size_t ptr; 113 | sph_u32 h[16]; 114 | sph_u32 count0, count1, count2, count3; 115 | #endif 116 | } sph_shavite_big_context; 117 | 118 | /** 119 | * This structure is a context for SHAvite-384 computations. It is 120 | * identical to the common sph_shavite_small_context. 121 | */ 122 | typedef sph_shavite_big_context sph_shavite384_context; 123 | 124 | /** 125 | * This structure is a context for SHAvite-512 computations. It is 126 | * identical to the common sph_shavite_small_context. 127 | */ 128 | typedef sph_shavite_big_context sph_shavite512_context; 129 | 130 | /** 131 | * Initialize a SHAvite-224 context. This process performs no memory allocation. 132 | * 133 | * @param cc the SHAvite-224 context (pointer to a 134 | * sph_shavite224_context) 135 | */ 136 | void sph_shavite224_init(void *cc); 137 | 138 | /** 139 | * Process some data bytes. It is acceptable that len is zero 140 | * (in which case this function does nothing). 141 | * 142 | * @param cc the SHAvite-224 context 143 | * @param data the input data 144 | * @param len the input data length (in bytes) 145 | */ 146 | void sph_shavite224(void *cc, const void *data, size_t len); 147 | 148 | /** 149 | * Terminate the current SHAvite-224 computation and output the result into 150 | * the provided buffer. The destination buffer must be wide enough to 151 | * accomodate the result (28 bytes). The context is automatically 152 | * reinitialized. 153 | * 154 | * @param cc the SHAvite-224 context 155 | * @param dst the destination buffer 156 | */ 157 | void sph_shavite224_close(void *cc, void *dst); 158 | 159 | /** 160 | * Add a few additional bits (0 to 7) to the current computation, then 161 | * terminate it and output the result in the provided buffer, which must 162 | * be wide enough to accomodate the result (28 bytes). If bit number i 163 | * in ub has value 2^i, then the extra bits are those 164 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 165 | * level). The context is automatically reinitialized. 166 | * 167 | * @param cc the SHAvite-224 context 168 | * @param ub the extra bits 169 | * @param n the number of extra bits (0 to 7) 170 | * @param dst the destination buffer 171 | */ 172 | void sph_shavite224_addbits_and_close( 173 | void *cc, unsigned ub, unsigned n, void *dst); 174 | 175 | /** 176 | * Initialize a SHAvite-256 context. This process performs no memory allocation. 177 | * 178 | * @param cc the SHAvite-256 context (pointer to a 179 | * sph_shavite256_context) 180 | */ 181 | void sph_shavite256_init(void *cc); 182 | 183 | /** 184 | * Process some data bytes. It is acceptable that len is zero 185 | * (in which case this function does nothing). 186 | * 187 | * @param cc the SHAvite-256 context 188 | * @param data the input data 189 | * @param len the input data length (in bytes) 190 | */ 191 | void sph_shavite256(void *cc, const void *data, size_t len); 192 | 193 | /** 194 | * Terminate the current SHAvite-256 computation and output the result into 195 | * the provided buffer. The destination buffer must be wide enough to 196 | * accomodate the result (32 bytes). The context is automatically 197 | * reinitialized. 198 | * 199 | * @param cc the SHAvite-256 context 200 | * @param dst the destination buffer 201 | */ 202 | void sph_shavite256_close(void *cc, void *dst); 203 | 204 | /** 205 | * Add a few additional bits (0 to 7) to the current computation, then 206 | * terminate it and output the result in the provided buffer, which must 207 | * be wide enough to accomodate the result (32 bytes). If bit number i 208 | * in ub has value 2^i, then the extra bits are those 209 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 210 | * level). The context is automatically reinitialized. 211 | * 212 | * @param cc the SHAvite-256 context 213 | * @param ub the extra bits 214 | * @param n the number of extra bits (0 to 7) 215 | * @param dst the destination buffer 216 | */ 217 | void sph_shavite256_addbits_and_close( 218 | void *cc, unsigned ub, unsigned n, void *dst); 219 | 220 | /** 221 | * Initialize a SHAvite-384 context. This process performs no memory allocation. 222 | * 223 | * @param cc the SHAvite-384 context (pointer to a 224 | * sph_shavite384_context) 225 | */ 226 | void sph_shavite384_init(void *cc); 227 | 228 | /** 229 | * Process some data bytes. It is acceptable that len is zero 230 | * (in which case this function does nothing). 231 | * 232 | * @param cc the SHAvite-384 context 233 | * @param data the input data 234 | * @param len the input data length (in bytes) 235 | */ 236 | void sph_shavite384(void *cc, const void *data, size_t len); 237 | 238 | /** 239 | * Terminate the current SHAvite-384 computation and output the result into 240 | * the provided buffer. The destination buffer must be wide enough to 241 | * accomodate the result (48 bytes). The context is automatically 242 | * reinitialized. 243 | * 244 | * @param cc the SHAvite-384 context 245 | * @param dst the destination buffer 246 | */ 247 | void sph_shavite384_close(void *cc, void *dst); 248 | 249 | /** 250 | * Add a few additional bits (0 to 7) to the current computation, then 251 | * terminate it and output the result in the provided buffer, which must 252 | * be wide enough to accomodate the result (48 bytes). If bit number i 253 | * in ub has value 2^i, then the extra bits are those 254 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 255 | * level). The context is automatically reinitialized. 256 | * 257 | * @param cc the SHAvite-384 context 258 | * @param ub the extra bits 259 | * @param n the number of extra bits (0 to 7) 260 | * @param dst the destination buffer 261 | */ 262 | void sph_shavite384_addbits_and_close( 263 | void *cc, unsigned ub, unsigned n, void *dst); 264 | 265 | /** 266 | * Initialize a SHAvite-512 context. This process performs no memory allocation. 267 | * 268 | * @param cc the SHAvite-512 context (pointer to a 269 | * sph_shavite512_context) 270 | */ 271 | void sph_shavite512_init(void *cc); 272 | 273 | /** 274 | * Process some data bytes. It is acceptable that len is zero 275 | * (in which case this function does nothing). 276 | * 277 | * @param cc the SHAvite-512 context 278 | * @param data the input data 279 | * @param len the input data length (in bytes) 280 | */ 281 | void sph_shavite512(void *cc, const void *data, size_t len); 282 | 283 | /** 284 | * Terminate the current SHAvite-512 computation and output the result into 285 | * the provided buffer. The destination buffer must be wide enough to 286 | * accomodate the result (64 bytes). The context is automatically 287 | * reinitialized. 288 | * 289 | * @param cc the SHAvite-512 context 290 | * @param dst the destination buffer 291 | */ 292 | void sph_shavite512_close(void *cc, void *dst); 293 | 294 | /** 295 | * Add a few additional bits (0 to 7) to the current computation, then 296 | * terminate it and output the result in the provided buffer, which must 297 | * be wide enough to accomodate the result (64 bytes). If bit number i 298 | * in ub has value 2^i, then the extra bits are those 299 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 300 | * level). The context is automatically reinitialized. 301 | * 302 | * @param cc the SHAvite-512 context 303 | * @param ub the extra bits 304 | * @param n the number of extra bits (0 to 7) 305 | * @param dst the destination buffer 306 | */ 307 | void sph_shavite512_addbits_and_close( 308 | void *cc, unsigned ub, unsigned n, void *dst); 309 | 310 | #ifdef __cplusplus 311 | } 312 | #endif 313 | 314 | #endif 315 | -------------------------------------------------------------------------------- /sha3/sph_groestl.h: -------------------------------------------------------------------------------- 1 | /* $Id: sph_groestl.h 216 2010-06-08 09:46:57Z tp $ */ 2 | /** 3 | * Groestl interface. This code implements Groestl with the recommended 4 | * parameters for SHA-3, with outputs of 224, 256, 384 and 512 bits. 5 | * 6 | * ==========================(LICENSE BEGIN)============================ 7 | * 8 | * Copyright (c) 2007-2010 Projet RNRT SAPHIR 9 | * 10 | * Permission is hereby granted, free of charge, to any person obtaining 11 | * a copy of this software and associated documentation files (the 12 | * "Software"), to deal in the Software without restriction, including 13 | * without limitation the rights to use, copy, modify, merge, publish, 14 | * distribute, sublicense, and/or sell copies of the Software, and to 15 | * permit persons to whom the Software is furnished to do so, subject to 16 | * the following conditions: 17 | * 18 | * The above copyright notice and this permission notice shall be 19 | * included in all copies or substantial portions of the Software. 20 | * 21 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 22 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 23 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 24 | * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 25 | * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 26 | * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 27 | * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 28 | * 29 | * ===========================(LICENSE END)============================= 30 | * 31 | * @file sph_groestl.h 32 | * @author Thomas Pornin 33 | */ 34 | 35 | #ifndef SPH_GROESTL_H__ 36 | #define SPH_GROESTL_H__ 37 | 38 | #ifdef __cplusplus 39 | extern "C"{ 40 | #endif 41 | 42 | #include 43 | #include "sph_types.h" 44 | 45 | /** 46 | * Output size (in bits) for Groestl-224. 47 | */ 48 | #define SPH_SIZE_groestl224 224 49 | 50 | /** 51 | * Output size (in bits) for Groestl-256. 52 | */ 53 | #define SPH_SIZE_groestl256 256 54 | 55 | /** 56 | * Output size (in bits) for Groestl-384. 57 | */ 58 | #define SPH_SIZE_groestl384 384 59 | 60 | /** 61 | * Output size (in bits) for Groestl-512. 62 | */ 63 | #define SPH_SIZE_groestl512 512 64 | 65 | /** 66 | * This structure is a context for Groestl-224 and Groestl-256 computations: 67 | * it contains the intermediate values and some data from the last 68 | * entered block. Once a Groestl computation has been performed, the 69 | * context can be reused for another computation. 70 | * 71 | * The contents of this structure are private. A running Groestl 72 | * computation can be cloned by copying the context (e.g. with a simple 73 | * memcpy()). 74 | */ 75 | typedef struct { 76 | #ifndef DOXYGEN_IGNORE 77 | unsigned char buf[64]; /* first field, for alignment */ 78 | size_t ptr; 79 | union { 80 | #if SPH_64 81 | sph_u64 wide[8]; 82 | #endif 83 | sph_u32 narrow[16]; 84 | } state; 85 | #if SPH_64 86 | sph_u64 count; 87 | #else 88 | sph_u32 count_high, count_low; 89 | #endif 90 | #endif 91 | } sph_groestl_small_context; 92 | 93 | /** 94 | * This structure is a context for Groestl-224 computations. It is 95 | * identical to the common sph_groestl_small_context. 96 | */ 97 | typedef sph_groestl_small_context sph_groestl224_context; 98 | 99 | /** 100 | * This structure is a context for Groestl-256 computations. It is 101 | * identical to the common sph_groestl_small_context. 102 | */ 103 | typedef sph_groestl_small_context sph_groestl256_context; 104 | 105 | /** 106 | * This structure is a context for Groestl-384 and Groestl-512 computations: 107 | * it contains the intermediate values and some data from the last 108 | * entered block. Once a Groestl computation has been performed, the 109 | * context can be reused for another computation. 110 | * 111 | * The contents of this structure are private. A running Groestl 112 | * computation can be cloned by copying the context (e.g. with a simple 113 | * memcpy()). 114 | */ 115 | typedef struct { 116 | #ifndef DOXYGEN_IGNORE 117 | unsigned char buf[128]; /* first field, for alignment */ 118 | size_t ptr; 119 | union { 120 | #if SPH_64 121 | sph_u64 wide[16]; 122 | #endif 123 | sph_u32 narrow[32]; 124 | } state; 125 | #if SPH_64 126 | sph_u64 count; 127 | #else 128 | sph_u32 count_high, count_low; 129 | #endif 130 | #endif 131 | } sph_groestl_big_context; 132 | 133 | /** 134 | * This structure is a context for Groestl-384 computations. It is 135 | * identical to the common sph_groestl_small_context. 136 | */ 137 | typedef sph_groestl_big_context sph_groestl384_context; 138 | 139 | /** 140 | * This structure is a context for Groestl-512 computations. It is 141 | * identical to the common sph_groestl_small_context. 142 | */ 143 | typedef sph_groestl_big_context sph_groestl512_context; 144 | 145 | /** 146 | * Initialize a Groestl-224 context. This process performs no memory allocation. 147 | * 148 | * @param cc the Groestl-224 context (pointer to a 149 | * sph_groestl224_context) 150 | */ 151 | void sph_groestl224_init(void *cc); 152 | 153 | /** 154 | * Process some data bytes. It is acceptable that len is zero 155 | * (in which case this function does nothing). 156 | * 157 | * @param cc the Groestl-224 context 158 | * @param data the input data 159 | * @param len the input data length (in bytes) 160 | */ 161 | void sph_groestl224(void *cc, const void *data, size_t len); 162 | 163 | /** 164 | * Terminate the current Groestl-224 computation and output the result into 165 | * the provided buffer. The destination buffer must be wide enough to 166 | * accomodate the result (28 bytes). The context is automatically 167 | * reinitialized. 168 | * 169 | * @param cc the Groestl-224 context 170 | * @param dst the destination buffer 171 | */ 172 | void sph_groestl224_close(void *cc, void *dst); 173 | 174 | /** 175 | * Add a few additional bits (0 to 7) to the current computation, then 176 | * terminate it and output the result in the provided buffer, which must 177 | * be wide enough to accomodate the result (28 bytes). If bit number i 178 | * in ub has value 2^i, then the extra bits are those 179 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 180 | * level). The context is automatically reinitialized. 181 | * 182 | * @param cc the Groestl-224 context 183 | * @param ub the extra bits 184 | * @param n the number of extra bits (0 to 7) 185 | * @param dst the destination buffer 186 | */ 187 | void sph_groestl224_addbits_and_close( 188 | void *cc, unsigned ub, unsigned n, void *dst); 189 | 190 | /** 191 | * Initialize a Groestl-256 context. This process performs no memory allocation. 192 | * 193 | * @param cc the Groestl-256 context (pointer to a 194 | * sph_groestl256_context) 195 | */ 196 | void sph_groestl256_init(void *cc); 197 | 198 | /** 199 | * Process some data bytes. It is acceptable that len is zero 200 | * (in which case this function does nothing). 201 | * 202 | * @param cc the Groestl-256 context 203 | * @param data the input data 204 | * @param len the input data length (in bytes) 205 | */ 206 | void sph_groestl256(void *cc, const void *data, size_t len); 207 | 208 | /** 209 | * Terminate the current Groestl-256 computation and output the result into 210 | * the provided buffer. The destination buffer must be wide enough to 211 | * accomodate the result (32 bytes). The context is automatically 212 | * reinitialized. 213 | * 214 | * @param cc the Groestl-256 context 215 | * @param dst the destination buffer 216 | */ 217 | void sph_groestl256_close(void *cc, void *dst); 218 | 219 | /** 220 | * Add a few additional bits (0 to 7) to the current computation, then 221 | * terminate it and output the result in the provided buffer, which must 222 | * be wide enough to accomodate the result (32 bytes). If bit number i 223 | * in ub has value 2^i, then the extra bits are those 224 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 225 | * level). The context is automatically reinitialized. 226 | * 227 | * @param cc the Groestl-256 context 228 | * @param ub the extra bits 229 | * @param n the number of extra bits (0 to 7) 230 | * @param dst the destination buffer 231 | */ 232 | void sph_groestl256_addbits_and_close( 233 | void *cc, unsigned ub, unsigned n, void *dst); 234 | 235 | /** 236 | * Initialize a Groestl-384 context. This process performs no memory allocation. 237 | * 238 | * @param cc the Groestl-384 context (pointer to a 239 | * sph_groestl384_context) 240 | */ 241 | void sph_groestl384_init(void *cc); 242 | 243 | /** 244 | * Process some data bytes. It is acceptable that len is zero 245 | * (in which case this function does nothing). 246 | * 247 | * @param cc the Groestl-384 context 248 | * @param data the input data 249 | * @param len the input data length (in bytes) 250 | */ 251 | void sph_groestl384(void *cc, const void *data, size_t len); 252 | 253 | /** 254 | * Terminate the current Groestl-384 computation and output the result into 255 | * the provided buffer. The destination buffer must be wide enough to 256 | * accomodate the result (48 bytes). The context is automatically 257 | * reinitialized. 258 | * 259 | * @param cc the Groestl-384 context 260 | * @param dst the destination buffer 261 | */ 262 | void sph_groestl384_close(void *cc, void *dst); 263 | 264 | /** 265 | * Add a few additional bits (0 to 7) to the current computation, then 266 | * terminate it and output the result in the provided buffer, which must 267 | * be wide enough to accomodate the result (48 bytes). If bit number i 268 | * in ub has value 2^i, then the extra bits are those 269 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 270 | * level). The context is automatically reinitialized. 271 | * 272 | * @param cc the Groestl-384 context 273 | * @param ub the extra bits 274 | * @param n the number of extra bits (0 to 7) 275 | * @param dst the destination buffer 276 | */ 277 | void sph_groestl384_addbits_and_close( 278 | void *cc, unsigned ub, unsigned n, void *dst); 279 | 280 | /** 281 | * Initialize a Groestl-512 context. This process performs no memory allocation. 282 | * 283 | * @param cc the Groestl-512 context (pointer to a 284 | * sph_groestl512_context) 285 | */ 286 | void sph_groestl512_init(void *cc); 287 | 288 | /** 289 | * Process some data bytes. It is acceptable that len is zero 290 | * (in which case this function does nothing). 291 | * 292 | * @param cc the Groestl-512 context 293 | * @param data the input data 294 | * @param len the input data length (in bytes) 295 | */ 296 | void sph_groestl512(void *cc, const void *data, size_t len); 297 | 298 | /** 299 | * Terminate the current Groestl-512 computation and output the result into 300 | * the provided buffer. The destination buffer must be wide enough to 301 | * accomodate the result (64 bytes). The context is automatically 302 | * reinitialized. 303 | * 304 | * @param cc the Groestl-512 context 305 | * @param dst the destination buffer 306 | */ 307 | void sph_groestl512_close(void *cc, void *dst); 308 | 309 | /** 310 | * Add a few additional bits (0 to 7) to the current computation, then 311 | * terminate it and output the result in the provided buffer, which must 312 | * be wide enough to accomodate the result (64 bytes). If bit number i 313 | * in ub has value 2^i, then the extra bits are those 314 | * numbered 7 downto 8-n (this is the big-endian convention at the byte 315 | * level). The context is automatically reinitialized. 316 | * 317 | * @param cc the Groestl-512 context 318 | * @param ub the extra bits 319 | * @param n the number of extra bits (0 to 7) 320 | * @param dst the destination buffer 321 | */ 322 | void sph_groestl512_addbits_and_close( 323 | void *cc, unsigned ub, unsigned n, void *dst); 324 | 325 | #ifdef __cplusplus 326 | } 327 | #endif 328 | 329 | #endif 330 | -------------------------------------------------------------------------------- /sha3/cubehash.c: -------------------------------------------------------------------------------- 1 | /* $Id: cubehash.c 227 2010-06-16 17:28:38Z tp $ */ 2 | /* 3 | * CubeHash implementation. 4 | * 5 | * ==========================(LICENSE BEGIN)============================ 6 | * 7 | * Copyright (c) 2007-2010 Projet RNRT SAPHIR 8 | * 9 | * Permission is hereby granted, free of charge, to any person obtaining 10 | * a copy of this software and associated documentation files (the 11 | * "Software"), to deal in the Software without restriction, including 12 | * without limitation the rights to use, copy, modify, merge, publish, 13 | * distribute, sublicense, and/or sell copies of the Software, and to 14 | * permit persons to whom the Software is furnished to do so, subject to 15 | * the following conditions: 16 | * 17 | * The above copyright notice and this permission notice shall be 18 | * included in all copies or substantial portions of the Software. 19 | * 20 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 21 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 22 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 23 | * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 24 | * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 25 | * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 26 | * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 27 | * 28 | * ===========================(LICENSE END)============================= 29 | * 30 | * @author Thomas Pornin 31 | */ 32 | 33 | #include 34 | #include 35 | #include 36 | 37 | #include "sph_cubehash.h" 38 | #ifdef __cplusplus 39 | extern "C"{ 40 | #endif 41 | 42 | #if SPH_SMALL_FOOTPRINT && !defined SPH_SMALL_FOOTPRINT_CUBEHASH 43 | #define SPH_SMALL_FOOTPRINT_CUBEHASH 1 44 | #endif 45 | 46 | /* 47 | * Some tests were conducted on an Intel Core2 Q6600 (32-bit and 64-bit 48 | * mode), a PowerPC G3, and a MIPS-compatible CPU (Broadcom BCM3302). 49 | * It appears that the optimal settings are: 50 | * -- full unroll, no state copy on the "big" systems (x86, PowerPC) 51 | * -- unroll to 4 or 8, state copy on the "small" system (MIPS) 52 | */ 53 | 54 | #if SPH_SMALL_FOOTPRINT_CUBEHASH 55 | 56 | #if !defined SPH_CUBEHASH_UNROLL 57 | #define SPH_CUBEHASH_UNROLL 4 58 | #endif 59 | #if !defined SPH_CUBEHASH_NOCOPY 60 | #define SPH_CUBEHASH_NOCOPY 1 61 | #endif 62 | 63 | #else 64 | 65 | #if !defined SPH_CUBEHASH_UNROLL 66 | #define SPH_CUBEHASH_UNROLL 0 67 | #endif 68 | #if !defined SPH_CUBEHASH_NOCOPY 69 | #define SPH_CUBEHASH_NOCOPY 0 70 | #endif 71 | 72 | #endif 73 | 74 | #ifdef _MSC_VER 75 | #pragma warning (disable: 4146) 76 | #endif 77 | 78 | static const sph_u32 IV224[] = { 79 | SPH_C32(0xB0FC8217), SPH_C32(0x1BEE1A90), SPH_C32(0x829E1A22), 80 | SPH_C32(0x6362C342), SPH_C32(0x24D91C30), SPH_C32(0x03A7AA24), 81 | SPH_C32(0xA63721C8), SPH_C32(0x85B0E2EF), SPH_C32(0xF35D13F3), 82 | SPH_C32(0x41DA807D), SPH_C32(0x21A70CA6), SPH_C32(0x1F4E9774), 83 | SPH_C32(0xB3E1C932), SPH_C32(0xEB0A79A8), SPH_C32(0xCDDAAA66), 84 | SPH_C32(0xE2F6ECAA), SPH_C32(0x0A713362), SPH_C32(0xAA3080E0), 85 | SPH_C32(0xD8F23A32), SPH_C32(0xCEF15E28), SPH_C32(0xDB086314), 86 | SPH_C32(0x7F709DF7), SPH_C32(0xACD228A4), SPH_C32(0x704D6ECE), 87 | SPH_C32(0xAA3EC95F), SPH_C32(0xE387C214), SPH_C32(0x3A6445FF), 88 | SPH_C32(0x9CAB81C3), SPH_C32(0xC73D4B98), SPH_C32(0xD277AEBE), 89 | SPH_C32(0xFD20151C), SPH_C32(0x00CB573E) 90 | }; 91 | 92 | static const sph_u32 IV256[] = { 93 | SPH_C32(0xEA2BD4B4), SPH_C32(0xCCD6F29F), SPH_C32(0x63117E71), 94 | SPH_C32(0x35481EAE), SPH_C32(0x22512D5B), SPH_C32(0xE5D94E63), 95 | SPH_C32(0x7E624131), SPH_C32(0xF4CC12BE), SPH_C32(0xC2D0B696), 96 | SPH_C32(0x42AF2070), SPH_C32(0xD0720C35), SPH_C32(0x3361DA8C), 97 | SPH_C32(0x28CCECA4), SPH_C32(0x8EF8AD83), SPH_C32(0x4680AC00), 98 | SPH_C32(0x40E5FBAB), SPH_C32(0xD89041C3), SPH_C32(0x6107FBD5), 99 | SPH_C32(0x6C859D41), SPH_C32(0xF0B26679), SPH_C32(0x09392549), 100 | SPH_C32(0x5FA25603), SPH_C32(0x65C892FD), SPH_C32(0x93CB6285), 101 | SPH_C32(0x2AF2B5AE), SPH_C32(0x9E4B4E60), SPH_C32(0x774ABFDD), 102 | SPH_C32(0x85254725), SPH_C32(0x15815AEB), SPH_C32(0x4AB6AAD6), 103 | SPH_C32(0x9CDAF8AF), SPH_C32(0xD6032C0A) 104 | }; 105 | 106 | static const sph_u32 IV384[] = { 107 | SPH_C32(0xE623087E), SPH_C32(0x04C00C87), SPH_C32(0x5EF46453), 108 | SPH_C32(0x69524B13), SPH_C32(0x1A05C7A9), SPH_C32(0x3528DF88), 109 | SPH_C32(0x6BDD01B5), SPH_C32(0x5057B792), SPH_C32(0x6AA7A922), 110 | SPH_C32(0x649C7EEE), SPH_C32(0xF426309F), SPH_C32(0xCB629052), 111 | SPH_C32(0xFC8E20ED), SPH_C32(0xB3482BAB), SPH_C32(0xF89E5E7E), 112 | SPH_C32(0xD83D4DE4), SPH_C32(0x44BFC10D), SPH_C32(0x5FC1E63D), 113 | SPH_C32(0x2104E6CB), SPH_C32(0x17958F7F), SPH_C32(0xDBEAEF70), 114 | SPH_C32(0xB4B97E1E), SPH_C32(0x32C195F6), SPH_C32(0x6184A8E4), 115 | SPH_C32(0x796C2543), SPH_C32(0x23DE176D), SPH_C32(0xD33BBAEC), 116 | SPH_C32(0x0C12E5D2), SPH_C32(0x4EB95A7B), SPH_C32(0x2D18BA01), 117 | SPH_C32(0x04EE475F), SPH_C32(0x1FC5F22E) 118 | }; 119 | 120 | static const sph_u32 IV512[] = { 121 | SPH_C32(0x2AEA2A61), SPH_C32(0x50F494D4), SPH_C32(0x2D538B8B), 122 | SPH_C32(0x4167D83E), SPH_C32(0x3FEE2313), SPH_C32(0xC701CF8C), 123 | SPH_C32(0xCC39968E), SPH_C32(0x50AC5695), SPH_C32(0x4D42C787), 124 | SPH_C32(0xA647A8B3), SPH_C32(0x97CF0BEF), SPH_C32(0x825B4537), 125 | SPH_C32(0xEEF864D2), SPH_C32(0xF22090C4), SPH_C32(0xD0E5CD33), 126 | SPH_C32(0xA23911AE), SPH_C32(0xFCD398D9), SPH_C32(0x148FE485), 127 | SPH_C32(0x1B017BEF), SPH_C32(0xB6444532), SPH_C32(0x6A536159), 128 | SPH_C32(0x2FF5781C), SPH_C32(0x91FA7934), SPH_C32(0x0DBADEA9), 129 | SPH_C32(0xD65C8A2B), SPH_C32(0xA5A70E75), SPH_C32(0xB1C62456), 130 | SPH_C32(0xBC796576), SPH_C32(0x1921C8F7), SPH_C32(0xE7989AF1), 131 | SPH_C32(0x7795D246), SPH_C32(0xD43E3B44) 132 | }; 133 | 134 | #define T32 SPH_T32 135 | #define ROTL32 SPH_ROTL32 136 | 137 | #if SPH_CUBEHASH_NOCOPY 138 | 139 | #define DECL_STATE 140 | #define READ_STATE(cc) 141 | #define WRITE_STATE(cc) 142 | 143 | #define x0 ((sc)->state[ 0]) 144 | #define x1 ((sc)->state[ 1]) 145 | #define x2 ((sc)->state[ 2]) 146 | #define x3 ((sc)->state[ 3]) 147 | #define x4 ((sc)->state[ 4]) 148 | #define x5 ((sc)->state[ 5]) 149 | #define x6 ((sc)->state[ 6]) 150 | #define x7 ((sc)->state[ 7]) 151 | #define x8 ((sc)->state[ 8]) 152 | #define x9 ((sc)->state[ 9]) 153 | #define xa ((sc)->state[10]) 154 | #define xb ((sc)->state[11]) 155 | #define xc ((sc)->state[12]) 156 | #define xd ((sc)->state[13]) 157 | #define xe ((sc)->state[14]) 158 | #define xf ((sc)->state[15]) 159 | #define xg ((sc)->state[16]) 160 | #define xh ((sc)->state[17]) 161 | #define xi ((sc)->state[18]) 162 | #define xj ((sc)->state[19]) 163 | #define xk ((sc)->state[20]) 164 | #define xl ((sc)->state[21]) 165 | #define xm ((sc)->state[22]) 166 | #define xn ((sc)->state[23]) 167 | #define xo ((sc)->state[24]) 168 | #define xp ((sc)->state[25]) 169 | #define xq ((sc)->state[26]) 170 | #define xr ((sc)->state[27]) 171 | #define xs ((sc)->state[28]) 172 | #define xt ((sc)->state[29]) 173 | #define xu ((sc)->state[30]) 174 | #define xv ((sc)->state[31]) 175 | 176 | #else 177 | 178 | #define DECL_STATE \ 179 | sph_u32 x0, x1, x2, x3, x4, x5, x6, x7; \ 180 | sph_u32 x8, x9, xa, xb, xc, xd, xe, xf; \ 181 | sph_u32 xg, xh, xi, xj, xk, xl, xm, xn; \ 182 | sph_u32 xo, xp, xq, xr, xs, xt, xu, xv; 183 | 184 | #define READ_STATE(cc) do { \ 185 | x0 = (cc)->state[ 0]; \ 186 | x1 = (cc)->state[ 1]; \ 187 | x2 = (cc)->state[ 2]; \ 188 | x3 = (cc)->state[ 3]; \ 189 | x4 = (cc)->state[ 4]; \ 190 | x5 = (cc)->state[ 5]; \ 191 | x6 = (cc)->state[ 6]; \ 192 | x7 = (cc)->state[ 7]; \ 193 | x8 = (cc)->state[ 8]; \ 194 | x9 = (cc)->state[ 9]; \ 195 | xa = (cc)->state[10]; \ 196 | xb = (cc)->state[11]; \ 197 | xc = (cc)->state[12]; \ 198 | xd = (cc)->state[13]; \ 199 | xe = (cc)->state[14]; \ 200 | xf = (cc)->state[15]; \ 201 | xg = (cc)->state[16]; \ 202 | xh = (cc)->state[17]; \ 203 | xi = (cc)->state[18]; \ 204 | xj = (cc)->state[19]; \ 205 | xk = (cc)->state[20]; \ 206 | xl = (cc)->state[21]; \ 207 | xm = (cc)->state[22]; \ 208 | xn = (cc)->state[23]; \ 209 | xo = (cc)->state[24]; \ 210 | xp = (cc)->state[25]; \ 211 | xq = (cc)->state[26]; \ 212 | xr = (cc)->state[27]; \ 213 | xs = (cc)->state[28]; \ 214 | xt = (cc)->state[29]; \ 215 | xu = (cc)->state[30]; \ 216 | xv = (cc)->state[31]; \ 217 | } while (0) 218 | 219 | #define WRITE_STATE(cc) do { \ 220 | (cc)->state[ 0] = x0; \ 221 | (cc)->state[ 1] = x1; \ 222 | (cc)->state[ 2] = x2; \ 223 | (cc)->state[ 3] = x3; \ 224 | (cc)->state[ 4] = x4; \ 225 | (cc)->state[ 5] = x5; \ 226 | (cc)->state[ 6] = x6; \ 227 | (cc)->state[ 7] = x7; \ 228 | (cc)->state[ 8] = x8; \ 229 | (cc)->state[ 9] = x9; \ 230 | (cc)->state[10] = xa; \ 231 | (cc)->state[11] = xb; \ 232 | (cc)->state[12] = xc; \ 233 | (cc)->state[13] = xd; \ 234 | (cc)->state[14] = xe; \ 235 | (cc)->state[15] = xf; \ 236 | (cc)->state[16] = xg; \ 237 | (cc)->state[17] = xh; \ 238 | (cc)->state[18] = xi; \ 239 | (cc)->state[19] = xj; \ 240 | (cc)->state[20] = xk; \ 241 | (cc)->state[21] = xl; \ 242 | (cc)->state[22] = xm; \ 243 | (cc)->state[23] = xn; \ 244 | (cc)->state[24] = xo; \ 245 | (cc)->state[25] = xp; \ 246 | (cc)->state[26] = xq; \ 247 | (cc)->state[27] = xr; \ 248 | (cc)->state[28] = xs; \ 249 | (cc)->state[29] = xt; \ 250 | (cc)->state[30] = xu; \ 251 | (cc)->state[31] = xv; \ 252 | } while (0) 253 | 254 | #endif 255 | 256 | #define INPUT_BLOCK do { \ 257 | x0 ^= sph_dec32le_aligned(buf + 0); \ 258 | x1 ^= sph_dec32le_aligned(buf + 4); \ 259 | x2 ^= sph_dec32le_aligned(buf + 8); \ 260 | x3 ^= sph_dec32le_aligned(buf + 12); \ 261 | x4 ^= sph_dec32le_aligned(buf + 16); \ 262 | x5 ^= sph_dec32le_aligned(buf + 20); \ 263 | x6 ^= sph_dec32le_aligned(buf + 24); \ 264 | x7 ^= sph_dec32le_aligned(buf + 28); \ 265 | } while (0) 266 | 267 | #define ROUND_EVEN do { \ 268 | xg = T32(x0 + xg); \ 269 | x0 = ROTL32(x0, 7); \ 270 | xh = T32(x1 + xh); \ 271 | x1 = ROTL32(x1, 7); \ 272 | xi = T32(x2 + xi); \ 273 | x2 = ROTL32(x2, 7); \ 274 | xj = T32(x3 + xj); \ 275 | x3 = ROTL32(x3, 7); \ 276 | xk = T32(x4 + xk); \ 277 | x4 = ROTL32(x4, 7); \ 278 | xl = T32(x5 + xl); \ 279 | x5 = ROTL32(x5, 7); \ 280 | xm = T32(x6 + xm); \ 281 | x6 = ROTL32(x6, 7); \ 282 | xn = T32(x7 + xn); \ 283 | x7 = ROTL32(x7, 7); \ 284 | xo = T32(x8 + xo); \ 285 | x8 = ROTL32(x8, 7); \ 286 | xp = T32(x9 + xp); \ 287 | x9 = ROTL32(x9, 7); \ 288 | xq = T32(xa + xq); \ 289 | xa = ROTL32(xa, 7); \ 290 | xr = T32(xb + xr); \ 291 | xb = ROTL32(xb, 7); \ 292 | xs = T32(xc + xs); \ 293 | xc = ROTL32(xc, 7); \ 294 | xt = T32(xd + xt); \ 295 | xd = ROTL32(xd, 7); \ 296 | xu = T32(xe + xu); \ 297 | xe = ROTL32(xe, 7); \ 298 | xv = T32(xf + xv); \ 299 | xf = ROTL32(xf, 7); \ 300 | x8 ^= xg; \ 301 | x9 ^= xh; \ 302 | xa ^= xi; \ 303 | xb ^= xj; \ 304 | xc ^= xk; \ 305 | xd ^= xl; \ 306 | xe ^= xm; \ 307 | xf ^= xn; \ 308 | x0 ^= xo; \ 309 | x1 ^= xp; \ 310 | x2 ^= xq; \ 311 | x3 ^= xr; \ 312 | x4 ^= xs; \ 313 | x5 ^= xt; \ 314 | x6 ^= xu; \ 315 | x7 ^= xv; \ 316 | xi = T32(x8 + xi); \ 317 | x8 = ROTL32(x8, 11); \ 318 | xj = T32(x9 + xj); \ 319 | x9 = ROTL32(x9, 11); \ 320 | xg = T32(xa + xg); \ 321 | xa = ROTL32(xa, 11); \ 322 | xh = T32(xb + xh); \ 323 | xb = ROTL32(xb, 11); \ 324 | xm = T32(xc + xm); \ 325 | xc = ROTL32(xc, 11); \ 326 | xn = T32(xd + xn); \ 327 | xd = ROTL32(xd, 11); \ 328 | xk = T32(xe + xk); \ 329 | xe = ROTL32(xe, 11); \ 330 | xl = T32(xf + xl); \ 331 | xf = ROTL32(xf, 11); \ 332 | xq = T32(x0 + xq); \ 333 | x0 = ROTL32(x0, 11); \ 334 | xr = T32(x1 + xr); \ 335 | x1 = ROTL32(x1, 11); \ 336 | xo = T32(x2 + xo); \ 337 | x2 = ROTL32(x2, 11); \ 338 | xp = T32(x3 + xp); \ 339 | x3 = ROTL32(x3, 11); \ 340 | xu = T32(x4 + xu); \ 341 | x4 = ROTL32(x4, 11); \ 342 | xv = T32(x5 + xv); \ 343 | x5 = ROTL32(x5, 11); \ 344 | xs = T32(x6 + xs); \ 345 | x6 = ROTL32(x6, 11); \ 346 | xt = T32(x7 + xt); \ 347 | x7 = ROTL32(x7, 11); \ 348 | xc ^= xi; \ 349 | xd ^= xj; \ 350 | xe ^= xg; \ 351 | xf ^= xh; \ 352 | x8 ^= xm; \ 353 | x9 ^= xn; \ 354 | xa ^= xk; \ 355 | xb ^= xl; \ 356 | x4 ^= xq; \ 357 | x5 ^= xr; \ 358 | x6 ^= xo; \ 359 | x7 ^= xp; \ 360 | x0 ^= xu; \ 361 | x1 ^= xv; \ 362 | x2 ^= xs; \ 363 | x3 ^= xt; \ 364 | } while (0) 365 | 366 | #define ROUND_ODD do { \ 367 | xj = T32(xc + xj); \ 368 | xc = ROTL32(xc, 7); \ 369 | xi = T32(xd + xi); \ 370 | xd = ROTL32(xd, 7); \ 371 | xh = T32(xe + xh); \ 372 | xe = ROTL32(xe, 7); \ 373 | xg = T32(xf + xg); \ 374 | xf = ROTL32(xf, 7); \ 375 | xn = T32(x8 + xn); \ 376 | x8 = ROTL32(x8, 7); \ 377 | xm = T32(x9 + xm); \ 378 | x9 = ROTL32(x9, 7); \ 379 | xl = T32(xa + xl); \ 380 | xa = ROTL32(xa, 7); \ 381 | xk = T32(xb + xk); \ 382 | xb = ROTL32(xb, 7); \ 383 | xr = T32(x4 + xr); \ 384 | x4 = ROTL32(x4, 7); \ 385 | xq = T32(x5 + xq); \ 386 | x5 = ROTL32(x5, 7); \ 387 | xp = T32(x6 + xp); \ 388 | x6 = ROTL32(x6, 7); \ 389 | xo = T32(x7 + xo); \ 390 | x7 = ROTL32(x7, 7); \ 391 | xv = T32(x0 + xv); \ 392 | x0 = ROTL32(x0, 7); \ 393 | xu = T32(x1 + xu); \ 394 | x1 = ROTL32(x1, 7); \ 395 | xt = T32(x2 + xt); \ 396 | x2 = ROTL32(x2, 7); \ 397 | xs = T32(x3 + xs); \ 398 | x3 = ROTL32(x3, 7); \ 399 | x4 ^= xj; \ 400 | x5 ^= xi; \ 401 | x6 ^= xh; \ 402 | x7 ^= xg; \ 403 | x0 ^= xn; \ 404 | x1 ^= xm; \ 405 | x2 ^= xl; \ 406 | x3 ^= xk; \ 407 | xc ^= xr; \ 408 | xd ^= xq; \ 409 | xe ^= xp; \ 410 | xf ^= xo; \ 411 | x8 ^= xv; \ 412 | x9 ^= xu; \ 413 | xa ^= xt; \ 414 | xb ^= xs; \ 415 | xh = T32(x4 + xh); \ 416 | x4 = ROTL32(x4, 11); \ 417 | xg = T32(x5 + xg); \ 418 | x5 = ROTL32(x5, 11); \ 419 | xj = T32(x6 + xj); \ 420 | x6 = ROTL32(x6, 11); \ 421 | xi = T32(x7 + xi); \ 422 | x7 = ROTL32(x7, 11); \ 423 | xl = T32(x0 + xl); \ 424 | x0 = ROTL32(x0, 11); \ 425 | xk = T32(x1 + xk); \ 426 | x1 = ROTL32(x1, 11); \ 427 | xn = T32(x2 + xn); \ 428 | x2 = ROTL32(x2, 11); \ 429 | xm = T32(x3 + xm); \ 430 | x3 = ROTL32(x3, 11); \ 431 | xp = T32(xc + xp); \ 432 | xc = ROTL32(xc, 11); \ 433 | xo = T32(xd + xo); \ 434 | xd = ROTL32(xd, 11); \ 435 | xr = T32(xe + xr); \ 436 | xe = ROTL32(xe, 11); \ 437 | xq = T32(xf + xq); \ 438 | xf = ROTL32(xf, 11); \ 439 | xt = T32(x8 + xt); \ 440 | x8 = ROTL32(x8, 11); \ 441 | xs = T32(x9 + xs); \ 442 | x9 = ROTL32(x9, 11); \ 443 | xv = T32(xa + xv); \ 444 | xa = ROTL32(xa, 11); \ 445 | xu = T32(xb + xu); \ 446 | xb = ROTL32(xb, 11); \ 447 | x0 ^= xh; \ 448 | x1 ^= xg; \ 449 | x2 ^= xj; \ 450 | x3 ^= xi; \ 451 | x4 ^= xl; \ 452 | x5 ^= xk; \ 453 | x6 ^= xn; \ 454 | x7 ^= xm; \ 455 | x8 ^= xp; \ 456 | x9 ^= xo; \ 457 | xa ^= xr; \ 458 | xb ^= xq; \ 459 | xc ^= xt; \ 460 | xd ^= xs; \ 461 | xe ^= xv; \ 462 | xf ^= xu; \ 463 | } while (0) 464 | 465 | /* 466 | * There is no need to unroll all 16 rounds. The word-swapping permutation 467 | * is an involution, so we need to unroll an even number of rounds. On 468 | * "big" systems, unrolling 4 rounds yields about 97% of the speed 469 | * achieved with full unrolling; and it keeps the code more compact 470 | * for small architectures. 471 | */ 472 | 473 | #if SPH_CUBEHASH_UNROLL == 2 474 | 475 | #define SIXTEEN_ROUNDS do { \ 476 | int j; \ 477 | for (j = 0; j < 8; j ++) { \ 478 | ROUND_EVEN; \ 479 | ROUND_ODD; \ 480 | } \ 481 | } while (0) 482 | 483 | #elif SPH_CUBEHASH_UNROLL == 4 484 | 485 | #define SIXTEEN_ROUNDS do { \ 486 | int j; \ 487 | for (j = 0; j < 4; j ++) { \ 488 | ROUND_EVEN; \ 489 | ROUND_ODD; \ 490 | ROUND_EVEN; \ 491 | ROUND_ODD; \ 492 | } \ 493 | } while (0) 494 | 495 | #elif SPH_CUBEHASH_UNROLL == 8 496 | 497 | #define SIXTEEN_ROUNDS do { \ 498 | int j; \ 499 | for (j = 0; j < 2; j ++) { \ 500 | ROUND_EVEN; \ 501 | ROUND_ODD; \ 502 | ROUND_EVEN; \ 503 | ROUND_ODD; \ 504 | ROUND_EVEN; \ 505 | ROUND_ODD; \ 506 | ROUND_EVEN; \ 507 | ROUND_ODD; \ 508 | } \ 509 | } while (0) 510 | 511 | #else 512 | 513 | #define SIXTEEN_ROUNDS do { \ 514 | ROUND_EVEN; \ 515 | ROUND_ODD; \ 516 | ROUND_EVEN; \ 517 | ROUND_ODD; \ 518 | ROUND_EVEN; \ 519 | ROUND_ODD; \ 520 | ROUND_EVEN; \ 521 | ROUND_ODD; \ 522 | ROUND_EVEN; \ 523 | ROUND_ODD; \ 524 | ROUND_EVEN; \ 525 | ROUND_ODD; \ 526 | ROUND_EVEN; \ 527 | ROUND_ODD; \ 528 | ROUND_EVEN; \ 529 | ROUND_ODD; \ 530 | } while (0) 531 | 532 | #endif 533 | 534 | static void 535 | cubehash_init(sph_cubehash_context *sc, const sph_u32 *iv) 536 | { 537 | memcpy(sc->state, iv, sizeof sc->state); 538 | sc->ptr = 0; 539 | } 540 | 541 | static void 542 | cubehash_core(sph_cubehash_context *sc, const void *data, size_t len) 543 | { 544 | unsigned char *buf; 545 | size_t ptr; 546 | DECL_STATE 547 | 548 | buf = sc->buf; 549 | ptr = sc->ptr; 550 | if (len < (sizeof sc->buf) - ptr) { 551 | memcpy(buf + ptr, data, len); 552 | ptr += len; 553 | sc->ptr = ptr; 554 | return; 555 | } 556 | 557 | READ_STATE(sc); 558 | while (len > 0) { 559 | size_t clen; 560 | 561 | clen = (sizeof sc->buf) - ptr; 562 | if (clen > len) 563 | clen = len; 564 | memcpy(buf + ptr, data, clen); 565 | ptr += clen; 566 | data = (const unsigned char *)data + clen; 567 | len -= clen; 568 | if (ptr == sizeof sc->buf) { 569 | INPUT_BLOCK; 570 | SIXTEEN_ROUNDS; 571 | ptr = 0; 572 | } 573 | } 574 | WRITE_STATE(sc); 575 | sc->ptr = ptr; 576 | } 577 | 578 | static void 579 | cubehash_close(sph_cubehash_context *sc, unsigned ub, unsigned n, 580 | void *dst, size_t out_size_w32) 581 | { 582 | unsigned char *buf, *out; 583 | size_t ptr; 584 | unsigned z; 585 | int i; 586 | DECL_STATE 587 | 588 | buf = sc->buf; 589 | ptr = sc->ptr; 590 | z = 0x80 >> n; 591 | buf[ptr ++] = ((ub & -z) | z) & 0xFF; 592 | memset(buf + ptr, 0, (sizeof sc->buf) - ptr); 593 | READ_STATE(sc); 594 | INPUT_BLOCK; 595 | for (i = 0; i < 11; i ++) { 596 | SIXTEEN_ROUNDS; 597 | if (i == 0) 598 | xv ^= SPH_C32(1); 599 | } 600 | WRITE_STATE(sc); 601 | out = dst; 602 | for (z = 0; z < out_size_w32; z ++) 603 | sph_enc32le(out + (z << 2), sc->state[z]); 604 | } 605 | 606 | /* see sph_cubehash.h */ 607 | void 608 | sph_cubehash224_init(void *cc) 609 | { 610 | cubehash_init(cc, IV224); 611 | } 612 | 613 | /* see sph_cubehash.h */ 614 | void 615 | sph_cubehash224(void *cc, const void *data, size_t len) 616 | { 617 | cubehash_core(cc, data, len); 618 | } 619 | 620 | /* see sph_cubehash.h */ 621 | void 622 | sph_cubehash224_close(void *cc, void *dst) 623 | { 624 | sph_cubehash224_addbits_and_close(cc, 0, 0, dst); 625 | } 626 | 627 | /* see sph_cubehash.h */ 628 | void 629 | sph_cubehash224_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) 630 | { 631 | cubehash_close(cc, ub, n, dst, 7); 632 | sph_cubehash224_init(cc); 633 | } 634 | 635 | /* see sph_cubehash.h */ 636 | void 637 | sph_cubehash256_init(void *cc) 638 | { 639 | cubehash_init(cc, IV256); 640 | } 641 | 642 | /* see sph_cubehash.h */ 643 | void 644 | sph_cubehash256(void *cc, const void *data, size_t len) 645 | { 646 | cubehash_core(cc, data, len); 647 | } 648 | 649 | /* see sph_cubehash.h */ 650 | void 651 | sph_cubehash256_close(void *cc, void *dst) 652 | { 653 | sph_cubehash256_addbits_and_close(cc, 0, 0, dst); 654 | } 655 | 656 | /* see sph_cubehash.h */ 657 | void 658 | sph_cubehash256_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) 659 | { 660 | cubehash_close(cc, ub, n, dst, 8); 661 | sph_cubehash256_init(cc); 662 | } 663 | 664 | /* see sph_cubehash.h */ 665 | void 666 | sph_cubehash384_init(void *cc) 667 | { 668 | cubehash_init(cc, IV384); 669 | } 670 | 671 | /* see sph_cubehash.h */ 672 | void 673 | sph_cubehash384(void *cc, const void *data, size_t len) 674 | { 675 | cubehash_core(cc, data, len); 676 | } 677 | 678 | /* see sph_cubehash.h */ 679 | void 680 | sph_cubehash384_close(void *cc, void *dst) 681 | { 682 | sph_cubehash384_addbits_and_close(cc, 0, 0, dst); 683 | } 684 | 685 | /* see sph_cubehash.h */ 686 | void 687 | sph_cubehash384_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) 688 | { 689 | cubehash_close(cc, ub, n, dst, 12); 690 | sph_cubehash384_init(cc); 691 | } 692 | 693 | /* see sph_cubehash.h */ 694 | void 695 | sph_cubehash512_init(void *cc) 696 | { 697 | cubehash_init(cc, IV512); 698 | } 699 | 700 | /* see sph_cubehash.h */ 701 | void 702 | sph_cubehash512(void *cc, const void *data, size_t len) 703 | { 704 | cubehash_core(cc, data, len); 705 | } 706 | 707 | /* see sph_cubehash.h */ 708 | void 709 | sph_cubehash512_close(void *cc, void *dst) 710 | { 711 | sph_cubehash512_addbits_and_close(cc, 0, 0, dst); 712 | } 713 | 714 | /* see sph_cubehash.h */ 715 | void 716 | sph_cubehash512_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) 717 | { 718 | cubehash_close(cc, ub, n, dst, 16); 719 | sph_cubehash512_init(cc); 720 | } 721 | #ifdef __cplusplus 722 | } 723 | #endif 724 | -------------------------------------------------------------------------------- /sha3/aes_helper.c: -------------------------------------------------------------------------------- 1 | /* $Id: aes_helper.c 220 2010-06-09 09:21:50Z tp $ */ 2 | /* 3 | * AES tables. This file is not meant to be compiled by itself; it 4 | * is included by some hash function implementations. It contains 5 | * the precomputed tables and helper macros for evaluating an AES 6 | * round, optionally with a final XOR with a subkey. 7 | * 8 | * By default, this file defines the tables and macros for little-endian 9 | * processing (i.e. it is assumed that the input bytes have been read 10 | * from memory and assembled with the little-endian convention). If 11 | * the 'AES_BIG_ENDIAN' macro is defined (to a non-zero integer value) 12 | * when this file is included, then the tables and macros for big-endian 13 | * processing are defined instead. The big-endian tables and macros have 14 | * names distinct from the little-endian tables and macros, hence it is 15 | * possible to have both simultaneously, by including this file twice 16 | * (with and without the AES_BIG_ENDIAN macro). 17 | * 18 | * ==========================(LICENSE BEGIN)============================ 19 | * 20 | * Copyright (c) 2007-2010 Projet RNRT SAPHIR 21 | * 22 | * Permission is hereby granted, free of charge, to any person obtaining 23 | * a copy of this software and associated documentation files (the 24 | * "Software"), to deal in the Software without restriction, including 25 | * without limitation the rights to use, copy, modify, merge, publish, 26 | * distribute, sublicense, and/or sell copies of the Software, and to 27 | * permit persons to whom the Software is furnished to do so, subject to 28 | * the following conditions: 29 | * 30 | * The above copyright notice and this permission notice shall be 31 | * included in all copies or substantial portions of the Software. 32 | * 33 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 34 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 35 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 36 | * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 37 | * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 38 | * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 39 | * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 40 | * 41 | * ===========================(LICENSE END)============================= 42 | * 43 | * @author Thomas Pornin 44 | */ 45 | 46 | #include "sph_types.h" 47 | #ifdef __cplusplus 48 | extern "C"{ 49 | #endif 50 | #if AES_BIG_ENDIAN 51 | 52 | #define AESx(x) ( ((SPH_C32(x) >> 24) & SPH_C32(0x000000FF)) \ 53 | | ((SPH_C32(x) >> 8) & SPH_C32(0x0000FF00)) \ 54 | | ((SPH_C32(x) << 8) & SPH_C32(0x00FF0000)) \ 55 | | ((SPH_C32(x) << 24) & SPH_C32(0xFF000000))) 56 | 57 | #define AES0 AES0_BE 58 | #define AES1 AES1_BE 59 | #define AES2 AES2_BE 60 | #define AES3 AES3_BE 61 | 62 | #define AES_ROUND_BE(X0, X1, X2, X3, K0, K1, K2, K3, Y0, Y1, Y2, Y3) do { \ 63 | (Y0) = AES0[((X0) >> 24) & 0xFF] \ 64 | ^ AES1[((X1) >> 16) & 0xFF] \ 65 | ^ AES2[((X2) >> 8) & 0xFF] \ 66 | ^ AES3[(X3) & 0xFF] ^ (K0); \ 67 | (Y1) = AES0[((X1) >> 24) & 0xFF] \ 68 | ^ AES1[((X2) >> 16) & 0xFF] \ 69 | ^ AES2[((X3) >> 8) & 0xFF] \ 70 | ^ AES3[(X0) & 0xFF] ^ (K1); \ 71 | (Y2) = AES0[((X2) >> 24) & 0xFF] \ 72 | ^ AES1[((X3) >> 16) & 0xFF] \ 73 | ^ AES2[((X0) >> 8) & 0xFF] \ 74 | ^ AES3[(X1) & 0xFF] ^ (K2); \ 75 | (Y3) = AES0[((X3) >> 24) & 0xFF] \ 76 | ^ AES1[((X0) >> 16) & 0xFF] \ 77 | ^ AES2[((X1) >> 8) & 0xFF] \ 78 | ^ AES3[(X2) & 0xFF] ^ (K3); \ 79 | } while (0) 80 | 81 | #define AES_ROUND_NOKEY_BE(X0, X1, X2, X3, Y0, Y1, Y2, Y3) \ 82 | AES_ROUND_BE(X0, X1, X2, X3, 0, 0, 0, 0, Y0, Y1, Y2, Y3) 83 | 84 | #else 85 | 86 | #define AESx(x) SPH_C32(x) 87 | #define AES0 AES0_LE 88 | #define AES1 AES1_LE 89 | #define AES2 AES2_LE 90 | #define AES3 AES3_LE 91 | 92 | #define AES_ROUND_LE(X0, X1, X2, X3, K0, K1, K2, K3, Y0, Y1, Y2, Y3) do { \ 93 | (Y0) = AES0[(X0) & 0xFF] \ 94 | ^ AES1[((X1) >> 8) & 0xFF] \ 95 | ^ AES2[((X2) >> 16) & 0xFF] \ 96 | ^ AES3[((X3) >> 24) & 0xFF] ^ (K0); \ 97 | (Y1) = AES0[(X1) & 0xFF] \ 98 | ^ AES1[((X2) >> 8) & 0xFF] \ 99 | ^ AES2[((X3) >> 16) & 0xFF] \ 100 | ^ AES3[((X0) >> 24) & 0xFF] ^ (K1); \ 101 | (Y2) = AES0[(X2) & 0xFF] \ 102 | ^ AES1[((X3) >> 8) & 0xFF] \ 103 | ^ AES2[((X0) >> 16) & 0xFF] \ 104 | ^ AES3[((X1) >> 24) & 0xFF] ^ (K2); \ 105 | (Y3) = AES0[(X3) & 0xFF] \ 106 | ^ AES1[((X0) >> 8) & 0xFF] \ 107 | ^ AES2[((X1) >> 16) & 0xFF] \ 108 | ^ AES3[((X2) >> 24) & 0xFF] ^ (K3); \ 109 | } while (0) 110 | 111 | #define AES_ROUND_NOKEY_LE(X0, X1, X2, X3, Y0, Y1, Y2, Y3) \ 112 | AES_ROUND_LE(X0, X1, X2, X3, 0, 0, 0, 0, Y0, Y1, Y2, Y3) 113 | 114 | #endif 115 | 116 | /* 117 | * The AES*[] tables allow us to perform a fast evaluation of an AES 118 | * round; table AESi[] combines SubBytes for a byte at row i, and 119 | * MixColumns for the column where that byte goes after ShiftRows. 120 | */ 121 | 122 | static const sph_u32 AES0[256] = { 123 | AESx(0xA56363C6), AESx(0x847C7CF8), AESx(0x997777EE), AESx(0x8D7B7BF6), 124 | AESx(0x0DF2F2FF), AESx(0xBD6B6BD6), AESx(0xB16F6FDE), AESx(0x54C5C591), 125 | AESx(0x50303060), AESx(0x03010102), AESx(0xA96767CE), AESx(0x7D2B2B56), 126 | AESx(0x19FEFEE7), AESx(0x62D7D7B5), AESx(0xE6ABAB4D), AESx(0x9A7676EC), 127 | AESx(0x45CACA8F), AESx(0x9D82821F), AESx(0x40C9C989), AESx(0x877D7DFA), 128 | AESx(0x15FAFAEF), AESx(0xEB5959B2), AESx(0xC947478E), AESx(0x0BF0F0FB), 129 | AESx(0xECADAD41), AESx(0x67D4D4B3), AESx(0xFDA2A25F), AESx(0xEAAFAF45), 130 | AESx(0xBF9C9C23), AESx(0xF7A4A453), AESx(0x967272E4), AESx(0x5BC0C09B), 131 | AESx(0xC2B7B775), AESx(0x1CFDFDE1), AESx(0xAE93933D), AESx(0x6A26264C), 132 | AESx(0x5A36366C), AESx(0x413F3F7E), AESx(0x02F7F7F5), AESx(0x4FCCCC83), 133 | AESx(0x5C343468), AESx(0xF4A5A551), AESx(0x34E5E5D1), AESx(0x08F1F1F9), 134 | AESx(0x937171E2), AESx(0x73D8D8AB), AESx(0x53313162), AESx(0x3F15152A), 135 | AESx(0x0C040408), AESx(0x52C7C795), AESx(0x65232346), AESx(0x5EC3C39D), 136 | AESx(0x28181830), AESx(0xA1969637), AESx(0x0F05050A), AESx(0xB59A9A2F), 137 | AESx(0x0907070E), AESx(0x36121224), AESx(0x9B80801B), AESx(0x3DE2E2DF), 138 | AESx(0x26EBEBCD), AESx(0x6927274E), AESx(0xCDB2B27F), AESx(0x9F7575EA), 139 | AESx(0x1B090912), AESx(0x9E83831D), AESx(0x742C2C58), AESx(0x2E1A1A34), 140 | AESx(0x2D1B1B36), AESx(0xB26E6EDC), AESx(0xEE5A5AB4), AESx(0xFBA0A05B), 141 | AESx(0xF65252A4), AESx(0x4D3B3B76), AESx(0x61D6D6B7), AESx(0xCEB3B37D), 142 | AESx(0x7B292952), AESx(0x3EE3E3DD), AESx(0x712F2F5E), AESx(0x97848413), 143 | AESx(0xF55353A6), AESx(0x68D1D1B9), AESx(0x00000000), AESx(0x2CEDEDC1), 144 | AESx(0x60202040), AESx(0x1FFCFCE3), AESx(0xC8B1B179), AESx(0xED5B5BB6), 145 | AESx(0xBE6A6AD4), AESx(0x46CBCB8D), AESx(0xD9BEBE67), AESx(0x4B393972), 146 | AESx(0xDE4A4A94), AESx(0xD44C4C98), AESx(0xE85858B0), AESx(0x4ACFCF85), 147 | AESx(0x6BD0D0BB), AESx(0x2AEFEFC5), AESx(0xE5AAAA4F), AESx(0x16FBFBED), 148 | AESx(0xC5434386), AESx(0xD74D4D9A), AESx(0x55333366), AESx(0x94858511), 149 | AESx(0xCF45458A), AESx(0x10F9F9E9), AESx(0x06020204), AESx(0x817F7FFE), 150 | AESx(0xF05050A0), AESx(0x443C3C78), AESx(0xBA9F9F25), AESx(0xE3A8A84B), 151 | AESx(0xF35151A2), AESx(0xFEA3A35D), AESx(0xC0404080), AESx(0x8A8F8F05), 152 | AESx(0xAD92923F), AESx(0xBC9D9D21), AESx(0x48383870), AESx(0x04F5F5F1), 153 | AESx(0xDFBCBC63), AESx(0xC1B6B677), AESx(0x75DADAAF), AESx(0x63212142), 154 | AESx(0x30101020), AESx(0x1AFFFFE5), AESx(0x0EF3F3FD), AESx(0x6DD2D2BF), 155 | AESx(0x4CCDCD81), AESx(0x140C0C18), AESx(0x35131326), AESx(0x2FECECC3), 156 | AESx(0xE15F5FBE), AESx(0xA2979735), AESx(0xCC444488), AESx(0x3917172E), 157 | AESx(0x57C4C493), AESx(0xF2A7A755), AESx(0x827E7EFC), AESx(0x473D3D7A), 158 | AESx(0xAC6464C8), AESx(0xE75D5DBA), AESx(0x2B191932), AESx(0x957373E6), 159 | AESx(0xA06060C0), AESx(0x98818119), AESx(0xD14F4F9E), AESx(0x7FDCDCA3), 160 | AESx(0x66222244), AESx(0x7E2A2A54), AESx(0xAB90903B), AESx(0x8388880B), 161 | AESx(0xCA46468C), AESx(0x29EEEEC7), AESx(0xD3B8B86B), AESx(0x3C141428), 162 | AESx(0x79DEDEA7), AESx(0xE25E5EBC), AESx(0x1D0B0B16), AESx(0x76DBDBAD), 163 | AESx(0x3BE0E0DB), AESx(0x56323264), AESx(0x4E3A3A74), AESx(0x1E0A0A14), 164 | AESx(0xDB494992), AESx(0x0A06060C), AESx(0x6C242448), AESx(0xE45C5CB8), 165 | AESx(0x5DC2C29F), AESx(0x6ED3D3BD), AESx(0xEFACAC43), AESx(0xA66262C4), 166 | AESx(0xA8919139), AESx(0xA4959531), AESx(0x37E4E4D3), AESx(0x8B7979F2), 167 | AESx(0x32E7E7D5), AESx(0x43C8C88B), AESx(0x5937376E), AESx(0xB76D6DDA), 168 | AESx(0x8C8D8D01), AESx(0x64D5D5B1), AESx(0xD24E4E9C), AESx(0xE0A9A949), 169 | AESx(0xB46C6CD8), AESx(0xFA5656AC), AESx(0x07F4F4F3), AESx(0x25EAEACF), 170 | AESx(0xAF6565CA), AESx(0x8E7A7AF4), AESx(0xE9AEAE47), AESx(0x18080810), 171 | AESx(0xD5BABA6F), AESx(0x887878F0), AESx(0x6F25254A), AESx(0x722E2E5C), 172 | AESx(0x241C1C38), AESx(0xF1A6A657), AESx(0xC7B4B473), AESx(0x51C6C697), 173 | AESx(0x23E8E8CB), AESx(0x7CDDDDA1), AESx(0x9C7474E8), AESx(0x211F1F3E), 174 | AESx(0xDD4B4B96), AESx(0xDCBDBD61), AESx(0x868B8B0D), AESx(0x858A8A0F), 175 | AESx(0x907070E0), AESx(0x423E3E7C), AESx(0xC4B5B571), AESx(0xAA6666CC), 176 | AESx(0xD8484890), AESx(0x05030306), AESx(0x01F6F6F7), AESx(0x120E0E1C), 177 | AESx(0xA36161C2), AESx(0x5F35356A), AESx(0xF95757AE), AESx(0xD0B9B969), 178 | AESx(0x91868617), AESx(0x58C1C199), AESx(0x271D1D3A), AESx(0xB99E9E27), 179 | AESx(0x38E1E1D9), AESx(0x13F8F8EB), AESx(0xB398982B), AESx(0x33111122), 180 | AESx(0xBB6969D2), AESx(0x70D9D9A9), AESx(0x898E8E07), AESx(0xA7949433), 181 | AESx(0xB69B9B2D), AESx(0x221E1E3C), AESx(0x92878715), AESx(0x20E9E9C9), 182 | AESx(0x49CECE87), AESx(0xFF5555AA), AESx(0x78282850), AESx(0x7ADFDFA5), 183 | AESx(0x8F8C8C03), AESx(0xF8A1A159), AESx(0x80898909), AESx(0x170D0D1A), 184 | AESx(0xDABFBF65), AESx(0x31E6E6D7), AESx(0xC6424284), AESx(0xB86868D0), 185 | AESx(0xC3414182), AESx(0xB0999929), AESx(0x772D2D5A), AESx(0x110F0F1E), 186 | AESx(0xCBB0B07B), AESx(0xFC5454A8), AESx(0xD6BBBB6D), AESx(0x3A16162C) 187 | }; 188 | 189 | static const sph_u32 AES1[256] = { 190 | AESx(0x6363C6A5), AESx(0x7C7CF884), AESx(0x7777EE99), AESx(0x7B7BF68D), 191 | AESx(0xF2F2FF0D), AESx(0x6B6BD6BD), AESx(0x6F6FDEB1), AESx(0xC5C59154), 192 | AESx(0x30306050), AESx(0x01010203), AESx(0x6767CEA9), AESx(0x2B2B567D), 193 | AESx(0xFEFEE719), AESx(0xD7D7B562), AESx(0xABAB4DE6), AESx(0x7676EC9A), 194 | AESx(0xCACA8F45), AESx(0x82821F9D), AESx(0xC9C98940), AESx(0x7D7DFA87), 195 | AESx(0xFAFAEF15), AESx(0x5959B2EB), AESx(0x47478EC9), AESx(0xF0F0FB0B), 196 | AESx(0xADAD41EC), AESx(0xD4D4B367), AESx(0xA2A25FFD), AESx(0xAFAF45EA), 197 | AESx(0x9C9C23BF), AESx(0xA4A453F7), AESx(0x7272E496), AESx(0xC0C09B5B), 198 | AESx(0xB7B775C2), AESx(0xFDFDE11C), AESx(0x93933DAE), AESx(0x26264C6A), 199 | AESx(0x36366C5A), AESx(0x3F3F7E41), AESx(0xF7F7F502), AESx(0xCCCC834F), 200 | AESx(0x3434685C), AESx(0xA5A551F4), AESx(0xE5E5D134), AESx(0xF1F1F908), 201 | AESx(0x7171E293), AESx(0xD8D8AB73), AESx(0x31316253), AESx(0x15152A3F), 202 | AESx(0x0404080C), AESx(0xC7C79552), AESx(0x23234665), AESx(0xC3C39D5E), 203 | AESx(0x18183028), AESx(0x969637A1), AESx(0x05050A0F), AESx(0x9A9A2FB5), 204 | AESx(0x07070E09), AESx(0x12122436), AESx(0x80801B9B), AESx(0xE2E2DF3D), 205 | AESx(0xEBEBCD26), AESx(0x27274E69), AESx(0xB2B27FCD), AESx(0x7575EA9F), 206 | AESx(0x0909121B), AESx(0x83831D9E), AESx(0x2C2C5874), AESx(0x1A1A342E), 207 | AESx(0x1B1B362D), AESx(0x6E6EDCB2), AESx(0x5A5AB4EE), AESx(0xA0A05BFB), 208 | AESx(0x5252A4F6), AESx(0x3B3B764D), AESx(0xD6D6B761), AESx(0xB3B37DCE), 209 | AESx(0x2929527B), AESx(0xE3E3DD3E), AESx(0x2F2F5E71), AESx(0x84841397), 210 | AESx(0x5353A6F5), AESx(0xD1D1B968), AESx(0x00000000), AESx(0xEDEDC12C), 211 | AESx(0x20204060), AESx(0xFCFCE31F), AESx(0xB1B179C8), AESx(0x5B5BB6ED), 212 | AESx(0x6A6AD4BE), AESx(0xCBCB8D46), AESx(0xBEBE67D9), AESx(0x3939724B), 213 | AESx(0x4A4A94DE), AESx(0x4C4C98D4), AESx(0x5858B0E8), AESx(0xCFCF854A), 214 | AESx(0xD0D0BB6B), AESx(0xEFEFC52A), AESx(0xAAAA4FE5), AESx(0xFBFBED16), 215 | AESx(0x434386C5), AESx(0x4D4D9AD7), AESx(0x33336655), AESx(0x85851194), 216 | AESx(0x45458ACF), AESx(0xF9F9E910), AESx(0x02020406), AESx(0x7F7FFE81), 217 | AESx(0x5050A0F0), AESx(0x3C3C7844), AESx(0x9F9F25BA), AESx(0xA8A84BE3), 218 | AESx(0x5151A2F3), AESx(0xA3A35DFE), AESx(0x404080C0), AESx(0x8F8F058A), 219 | AESx(0x92923FAD), AESx(0x9D9D21BC), AESx(0x38387048), AESx(0xF5F5F104), 220 | AESx(0xBCBC63DF), AESx(0xB6B677C1), AESx(0xDADAAF75), AESx(0x21214263), 221 | AESx(0x10102030), AESx(0xFFFFE51A), AESx(0xF3F3FD0E), AESx(0xD2D2BF6D), 222 | AESx(0xCDCD814C), AESx(0x0C0C1814), AESx(0x13132635), AESx(0xECECC32F), 223 | AESx(0x5F5FBEE1), AESx(0x979735A2), AESx(0x444488CC), AESx(0x17172E39), 224 | AESx(0xC4C49357), AESx(0xA7A755F2), AESx(0x7E7EFC82), AESx(0x3D3D7A47), 225 | AESx(0x6464C8AC), AESx(0x5D5DBAE7), AESx(0x1919322B), AESx(0x7373E695), 226 | AESx(0x6060C0A0), AESx(0x81811998), AESx(0x4F4F9ED1), AESx(0xDCDCA37F), 227 | AESx(0x22224466), AESx(0x2A2A547E), AESx(0x90903BAB), AESx(0x88880B83), 228 | AESx(0x46468CCA), AESx(0xEEEEC729), AESx(0xB8B86BD3), AESx(0x1414283C), 229 | AESx(0xDEDEA779), AESx(0x5E5EBCE2), AESx(0x0B0B161D), AESx(0xDBDBAD76), 230 | AESx(0xE0E0DB3B), AESx(0x32326456), AESx(0x3A3A744E), AESx(0x0A0A141E), 231 | AESx(0x494992DB), AESx(0x06060C0A), AESx(0x2424486C), AESx(0x5C5CB8E4), 232 | AESx(0xC2C29F5D), AESx(0xD3D3BD6E), AESx(0xACAC43EF), AESx(0x6262C4A6), 233 | AESx(0x919139A8), AESx(0x959531A4), AESx(0xE4E4D337), AESx(0x7979F28B), 234 | AESx(0xE7E7D532), AESx(0xC8C88B43), AESx(0x37376E59), AESx(0x6D6DDAB7), 235 | AESx(0x8D8D018C), AESx(0xD5D5B164), AESx(0x4E4E9CD2), AESx(0xA9A949E0), 236 | AESx(0x6C6CD8B4), AESx(0x5656ACFA), AESx(0xF4F4F307), AESx(0xEAEACF25), 237 | AESx(0x6565CAAF), AESx(0x7A7AF48E), AESx(0xAEAE47E9), AESx(0x08081018), 238 | AESx(0xBABA6FD5), AESx(0x7878F088), AESx(0x25254A6F), AESx(0x2E2E5C72), 239 | AESx(0x1C1C3824), AESx(0xA6A657F1), AESx(0xB4B473C7), AESx(0xC6C69751), 240 | AESx(0xE8E8CB23), AESx(0xDDDDA17C), AESx(0x7474E89C), AESx(0x1F1F3E21), 241 | AESx(0x4B4B96DD), AESx(0xBDBD61DC), AESx(0x8B8B0D86), AESx(0x8A8A0F85), 242 | AESx(0x7070E090), AESx(0x3E3E7C42), AESx(0xB5B571C4), AESx(0x6666CCAA), 243 | AESx(0x484890D8), AESx(0x03030605), AESx(0xF6F6F701), AESx(0x0E0E1C12), 244 | AESx(0x6161C2A3), AESx(0x35356A5F), AESx(0x5757AEF9), AESx(0xB9B969D0), 245 | AESx(0x86861791), AESx(0xC1C19958), AESx(0x1D1D3A27), AESx(0x9E9E27B9), 246 | AESx(0xE1E1D938), AESx(0xF8F8EB13), AESx(0x98982BB3), AESx(0x11112233), 247 | AESx(0x6969D2BB), AESx(0xD9D9A970), AESx(0x8E8E0789), AESx(0x949433A7), 248 | AESx(0x9B9B2DB6), AESx(0x1E1E3C22), AESx(0x87871592), AESx(0xE9E9C920), 249 | AESx(0xCECE8749), AESx(0x5555AAFF), AESx(0x28285078), AESx(0xDFDFA57A), 250 | AESx(0x8C8C038F), AESx(0xA1A159F8), AESx(0x89890980), AESx(0x0D0D1A17), 251 | AESx(0xBFBF65DA), AESx(0xE6E6D731), AESx(0x424284C6), AESx(0x6868D0B8), 252 | AESx(0x414182C3), AESx(0x999929B0), AESx(0x2D2D5A77), AESx(0x0F0F1E11), 253 | AESx(0xB0B07BCB), AESx(0x5454A8FC), AESx(0xBBBB6DD6), AESx(0x16162C3A) 254 | }; 255 | 256 | static const sph_u32 AES2[256] = { 257 | AESx(0x63C6A563), AESx(0x7CF8847C), AESx(0x77EE9977), AESx(0x7BF68D7B), 258 | AESx(0xF2FF0DF2), AESx(0x6BD6BD6B), AESx(0x6FDEB16F), AESx(0xC59154C5), 259 | AESx(0x30605030), AESx(0x01020301), AESx(0x67CEA967), AESx(0x2B567D2B), 260 | AESx(0xFEE719FE), AESx(0xD7B562D7), AESx(0xAB4DE6AB), AESx(0x76EC9A76), 261 | AESx(0xCA8F45CA), AESx(0x821F9D82), AESx(0xC98940C9), AESx(0x7DFA877D), 262 | AESx(0xFAEF15FA), AESx(0x59B2EB59), AESx(0x478EC947), AESx(0xF0FB0BF0), 263 | AESx(0xAD41ECAD), AESx(0xD4B367D4), AESx(0xA25FFDA2), AESx(0xAF45EAAF), 264 | AESx(0x9C23BF9C), AESx(0xA453F7A4), AESx(0x72E49672), AESx(0xC09B5BC0), 265 | AESx(0xB775C2B7), AESx(0xFDE11CFD), AESx(0x933DAE93), AESx(0x264C6A26), 266 | AESx(0x366C5A36), AESx(0x3F7E413F), AESx(0xF7F502F7), AESx(0xCC834FCC), 267 | AESx(0x34685C34), AESx(0xA551F4A5), AESx(0xE5D134E5), AESx(0xF1F908F1), 268 | AESx(0x71E29371), AESx(0xD8AB73D8), AESx(0x31625331), AESx(0x152A3F15), 269 | AESx(0x04080C04), AESx(0xC79552C7), AESx(0x23466523), AESx(0xC39D5EC3), 270 | AESx(0x18302818), AESx(0x9637A196), AESx(0x050A0F05), AESx(0x9A2FB59A), 271 | AESx(0x070E0907), AESx(0x12243612), AESx(0x801B9B80), AESx(0xE2DF3DE2), 272 | AESx(0xEBCD26EB), AESx(0x274E6927), AESx(0xB27FCDB2), AESx(0x75EA9F75), 273 | AESx(0x09121B09), AESx(0x831D9E83), AESx(0x2C58742C), AESx(0x1A342E1A), 274 | AESx(0x1B362D1B), AESx(0x6EDCB26E), AESx(0x5AB4EE5A), AESx(0xA05BFBA0), 275 | AESx(0x52A4F652), AESx(0x3B764D3B), AESx(0xD6B761D6), AESx(0xB37DCEB3), 276 | AESx(0x29527B29), AESx(0xE3DD3EE3), AESx(0x2F5E712F), AESx(0x84139784), 277 | AESx(0x53A6F553), AESx(0xD1B968D1), AESx(0x00000000), AESx(0xEDC12CED), 278 | AESx(0x20406020), AESx(0xFCE31FFC), AESx(0xB179C8B1), AESx(0x5BB6ED5B), 279 | AESx(0x6AD4BE6A), AESx(0xCB8D46CB), AESx(0xBE67D9BE), AESx(0x39724B39), 280 | AESx(0x4A94DE4A), AESx(0x4C98D44C), AESx(0x58B0E858), AESx(0xCF854ACF), 281 | AESx(0xD0BB6BD0), AESx(0xEFC52AEF), AESx(0xAA4FE5AA), AESx(0xFBED16FB), 282 | AESx(0x4386C543), AESx(0x4D9AD74D), AESx(0x33665533), AESx(0x85119485), 283 | AESx(0x458ACF45), AESx(0xF9E910F9), AESx(0x02040602), AESx(0x7FFE817F), 284 | AESx(0x50A0F050), AESx(0x3C78443C), AESx(0x9F25BA9F), AESx(0xA84BE3A8), 285 | AESx(0x51A2F351), AESx(0xA35DFEA3), AESx(0x4080C040), AESx(0x8F058A8F), 286 | AESx(0x923FAD92), AESx(0x9D21BC9D), AESx(0x38704838), AESx(0xF5F104F5), 287 | AESx(0xBC63DFBC), AESx(0xB677C1B6), AESx(0xDAAF75DA), AESx(0x21426321), 288 | AESx(0x10203010), AESx(0xFFE51AFF), AESx(0xF3FD0EF3), AESx(0xD2BF6DD2), 289 | AESx(0xCD814CCD), AESx(0x0C18140C), AESx(0x13263513), AESx(0xECC32FEC), 290 | AESx(0x5FBEE15F), AESx(0x9735A297), AESx(0x4488CC44), AESx(0x172E3917), 291 | AESx(0xC49357C4), AESx(0xA755F2A7), AESx(0x7EFC827E), AESx(0x3D7A473D), 292 | AESx(0x64C8AC64), AESx(0x5DBAE75D), AESx(0x19322B19), AESx(0x73E69573), 293 | AESx(0x60C0A060), AESx(0x81199881), AESx(0x4F9ED14F), AESx(0xDCA37FDC), 294 | AESx(0x22446622), AESx(0x2A547E2A), AESx(0x903BAB90), AESx(0x880B8388), 295 | AESx(0x468CCA46), AESx(0xEEC729EE), AESx(0xB86BD3B8), AESx(0x14283C14), 296 | AESx(0xDEA779DE), AESx(0x5EBCE25E), AESx(0x0B161D0B), AESx(0xDBAD76DB), 297 | AESx(0xE0DB3BE0), AESx(0x32645632), AESx(0x3A744E3A), AESx(0x0A141E0A), 298 | AESx(0x4992DB49), AESx(0x060C0A06), AESx(0x24486C24), AESx(0x5CB8E45C), 299 | AESx(0xC29F5DC2), AESx(0xD3BD6ED3), AESx(0xAC43EFAC), AESx(0x62C4A662), 300 | AESx(0x9139A891), AESx(0x9531A495), AESx(0xE4D337E4), AESx(0x79F28B79), 301 | AESx(0xE7D532E7), AESx(0xC88B43C8), AESx(0x376E5937), AESx(0x6DDAB76D), 302 | AESx(0x8D018C8D), AESx(0xD5B164D5), AESx(0x4E9CD24E), AESx(0xA949E0A9), 303 | AESx(0x6CD8B46C), AESx(0x56ACFA56), AESx(0xF4F307F4), AESx(0xEACF25EA), 304 | AESx(0x65CAAF65), AESx(0x7AF48E7A), AESx(0xAE47E9AE), AESx(0x08101808), 305 | AESx(0xBA6FD5BA), AESx(0x78F08878), AESx(0x254A6F25), AESx(0x2E5C722E), 306 | AESx(0x1C38241C), AESx(0xA657F1A6), AESx(0xB473C7B4), AESx(0xC69751C6), 307 | AESx(0xE8CB23E8), AESx(0xDDA17CDD), AESx(0x74E89C74), AESx(0x1F3E211F), 308 | AESx(0x4B96DD4B), AESx(0xBD61DCBD), AESx(0x8B0D868B), AESx(0x8A0F858A), 309 | AESx(0x70E09070), AESx(0x3E7C423E), AESx(0xB571C4B5), AESx(0x66CCAA66), 310 | AESx(0x4890D848), AESx(0x03060503), AESx(0xF6F701F6), AESx(0x0E1C120E), 311 | AESx(0x61C2A361), AESx(0x356A5F35), AESx(0x57AEF957), AESx(0xB969D0B9), 312 | AESx(0x86179186), AESx(0xC19958C1), AESx(0x1D3A271D), AESx(0x9E27B99E), 313 | AESx(0xE1D938E1), AESx(0xF8EB13F8), AESx(0x982BB398), AESx(0x11223311), 314 | AESx(0x69D2BB69), AESx(0xD9A970D9), AESx(0x8E07898E), AESx(0x9433A794), 315 | AESx(0x9B2DB69B), AESx(0x1E3C221E), AESx(0x87159287), AESx(0xE9C920E9), 316 | AESx(0xCE8749CE), AESx(0x55AAFF55), AESx(0x28507828), AESx(0xDFA57ADF), 317 | AESx(0x8C038F8C), AESx(0xA159F8A1), AESx(0x89098089), AESx(0x0D1A170D), 318 | AESx(0xBF65DABF), AESx(0xE6D731E6), AESx(0x4284C642), AESx(0x68D0B868), 319 | AESx(0x4182C341), AESx(0x9929B099), AESx(0x2D5A772D), AESx(0x0F1E110F), 320 | AESx(0xB07BCBB0), AESx(0x54A8FC54), AESx(0xBB6DD6BB), AESx(0x162C3A16) 321 | }; 322 | 323 | static const sph_u32 AES3[256] = { 324 | AESx(0xC6A56363), AESx(0xF8847C7C), AESx(0xEE997777), AESx(0xF68D7B7B), 325 | AESx(0xFF0DF2F2), AESx(0xD6BD6B6B), AESx(0xDEB16F6F), AESx(0x9154C5C5), 326 | AESx(0x60503030), AESx(0x02030101), AESx(0xCEA96767), AESx(0x567D2B2B), 327 | AESx(0xE719FEFE), AESx(0xB562D7D7), AESx(0x4DE6ABAB), AESx(0xEC9A7676), 328 | AESx(0x8F45CACA), AESx(0x1F9D8282), AESx(0x8940C9C9), AESx(0xFA877D7D), 329 | AESx(0xEF15FAFA), AESx(0xB2EB5959), AESx(0x8EC94747), AESx(0xFB0BF0F0), 330 | AESx(0x41ECADAD), AESx(0xB367D4D4), AESx(0x5FFDA2A2), AESx(0x45EAAFAF), 331 | AESx(0x23BF9C9C), AESx(0x53F7A4A4), AESx(0xE4967272), AESx(0x9B5BC0C0), 332 | AESx(0x75C2B7B7), AESx(0xE11CFDFD), AESx(0x3DAE9393), AESx(0x4C6A2626), 333 | AESx(0x6C5A3636), AESx(0x7E413F3F), AESx(0xF502F7F7), AESx(0x834FCCCC), 334 | AESx(0x685C3434), AESx(0x51F4A5A5), AESx(0xD134E5E5), AESx(0xF908F1F1), 335 | AESx(0xE2937171), AESx(0xAB73D8D8), AESx(0x62533131), AESx(0x2A3F1515), 336 | AESx(0x080C0404), AESx(0x9552C7C7), AESx(0x46652323), AESx(0x9D5EC3C3), 337 | AESx(0x30281818), AESx(0x37A19696), AESx(0x0A0F0505), AESx(0x2FB59A9A), 338 | AESx(0x0E090707), AESx(0x24361212), AESx(0x1B9B8080), AESx(0xDF3DE2E2), 339 | AESx(0xCD26EBEB), AESx(0x4E692727), AESx(0x7FCDB2B2), AESx(0xEA9F7575), 340 | AESx(0x121B0909), AESx(0x1D9E8383), AESx(0x58742C2C), AESx(0x342E1A1A), 341 | AESx(0x362D1B1B), AESx(0xDCB26E6E), AESx(0xB4EE5A5A), AESx(0x5BFBA0A0), 342 | AESx(0xA4F65252), AESx(0x764D3B3B), AESx(0xB761D6D6), AESx(0x7DCEB3B3), 343 | AESx(0x527B2929), AESx(0xDD3EE3E3), AESx(0x5E712F2F), AESx(0x13978484), 344 | AESx(0xA6F55353), AESx(0xB968D1D1), AESx(0x00000000), AESx(0xC12CEDED), 345 | AESx(0x40602020), AESx(0xE31FFCFC), AESx(0x79C8B1B1), AESx(0xB6ED5B5B), 346 | AESx(0xD4BE6A6A), AESx(0x8D46CBCB), AESx(0x67D9BEBE), AESx(0x724B3939), 347 | AESx(0x94DE4A4A), AESx(0x98D44C4C), AESx(0xB0E85858), AESx(0x854ACFCF), 348 | AESx(0xBB6BD0D0), AESx(0xC52AEFEF), AESx(0x4FE5AAAA), AESx(0xED16FBFB), 349 | AESx(0x86C54343), AESx(0x9AD74D4D), AESx(0x66553333), AESx(0x11948585), 350 | AESx(0x8ACF4545), AESx(0xE910F9F9), AESx(0x04060202), AESx(0xFE817F7F), 351 | AESx(0xA0F05050), AESx(0x78443C3C), AESx(0x25BA9F9F), AESx(0x4BE3A8A8), 352 | AESx(0xA2F35151), AESx(0x5DFEA3A3), AESx(0x80C04040), AESx(0x058A8F8F), 353 | AESx(0x3FAD9292), AESx(0x21BC9D9D), AESx(0x70483838), AESx(0xF104F5F5), 354 | AESx(0x63DFBCBC), AESx(0x77C1B6B6), AESx(0xAF75DADA), AESx(0x42632121), 355 | AESx(0x20301010), AESx(0xE51AFFFF), AESx(0xFD0EF3F3), AESx(0xBF6DD2D2), 356 | AESx(0x814CCDCD), AESx(0x18140C0C), AESx(0x26351313), AESx(0xC32FECEC), 357 | AESx(0xBEE15F5F), AESx(0x35A29797), AESx(0x88CC4444), AESx(0x2E391717), 358 | AESx(0x9357C4C4), AESx(0x55F2A7A7), AESx(0xFC827E7E), AESx(0x7A473D3D), 359 | AESx(0xC8AC6464), AESx(0xBAE75D5D), AESx(0x322B1919), AESx(0xE6957373), 360 | AESx(0xC0A06060), AESx(0x19988181), AESx(0x9ED14F4F), AESx(0xA37FDCDC), 361 | AESx(0x44662222), AESx(0x547E2A2A), AESx(0x3BAB9090), AESx(0x0B838888), 362 | AESx(0x8CCA4646), AESx(0xC729EEEE), AESx(0x6BD3B8B8), AESx(0x283C1414), 363 | AESx(0xA779DEDE), AESx(0xBCE25E5E), AESx(0x161D0B0B), AESx(0xAD76DBDB), 364 | AESx(0xDB3BE0E0), AESx(0x64563232), AESx(0x744E3A3A), AESx(0x141E0A0A), 365 | AESx(0x92DB4949), AESx(0x0C0A0606), AESx(0x486C2424), AESx(0xB8E45C5C), 366 | AESx(0x9F5DC2C2), AESx(0xBD6ED3D3), AESx(0x43EFACAC), AESx(0xC4A66262), 367 | AESx(0x39A89191), AESx(0x31A49595), AESx(0xD337E4E4), AESx(0xF28B7979), 368 | AESx(0xD532E7E7), AESx(0x8B43C8C8), AESx(0x6E593737), AESx(0xDAB76D6D), 369 | AESx(0x018C8D8D), AESx(0xB164D5D5), AESx(0x9CD24E4E), AESx(0x49E0A9A9), 370 | AESx(0xD8B46C6C), AESx(0xACFA5656), AESx(0xF307F4F4), AESx(0xCF25EAEA), 371 | AESx(0xCAAF6565), AESx(0xF48E7A7A), AESx(0x47E9AEAE), AESx(0x10180808), 372 | AESx(0x6FD5BABA), AESx(0xF0887878), AESx(0x4A6F2525), AESx(0x5C722E2E), 373 | AESx(0x38241C1C), AESx(0x57F1A6A6), AESx(0x73C7B4B4), AESx(0x9751C6C6), 374 | AESx(0xCB23E8E8), AESx(0xA17CDDDD), AESx(0xE89C7474), AESx(0x3E211F1F), 375 | AESx(0x96DD4B4B), AESx(0x61DCBDBD), AESx(0x0D868B8B), AESx(0x0F858A8A), 376 | AESx(0xE0907070), AESx(0x7C423E3E), AESx(0x71C4B5B5), AESx(0xCCAA6666), 377 | AESx(0x90D84848), AESx(0x06050303), AESx(0xF701F6F6), AESx(0x1C120E0E), 378 | AESx(0xC2A36161), AESx(0x6A5F3535), AESx(0xAEF95757), AESx(0x69D0B9B9), 379 | AESx(0x17918686), AESx(0x9958C1C1), AESx(0x3A271D1D), AESx(0x27B99E9E), 380 | AESx(0xD938E1E1), AESx(0xEB13F8F8), AESx(0x2BB39898), AESx(0x22331111), 381 | AESx(0xD2BB6969), AESx(0xA970D9D9), AESx(0x07898E8E), AESx(0x33A79494), 382 | AESx(0x2DB69B9B), AESx(0x3C221E1E), AESx(0x15928787), AESx(0xC920E9E9), 383 | AESx(0x8749CECE), AESx(0xAAFF5555), AESx(0x50782828), AESx(0xA57ADFDF), 384 | AESx(0x038F8C8C), AESx(0x59F8A1A1), AESx(0x09808989), AESx(0x1A170D0D), 385 | AESx(0x65DABFBF), AESx(0xD731E6E6), AESx(0x84C64242), AESx(0xD0B86868), 386 | AESx(0x82C34141), AESx(0x29B09999), AESx(0x5A772D2D), AESx(0x1E110F0F), 387 | AESx(0x7BCBB0B0), AESx(0xA8FC5454), AESx(0x6DD6BBBB), AESx(0x2C3A1616) 388 | }; 389 | 390 | #ifdef __cplusplus 391 | } 392 | #endif 393 | -------------------------------------------------------------------------------- /sha3/echo.c: -------------------------------------------------------------------------------- 1 | /* $Id: echo.c 227 2010-06-16 17:28:38Z tp $ */ 2 | /* 3 | * ECHO implementation. 4 | * 5 | * ==========================(LICENSE BEGIN)============================ 6 | * 7 | * Copyright (c) 2007-2010 Projet RNRT SAPHIR 8 | * 9 | * Permission is hereby granted, free of charge, to any person obtaining 10 | * a copy of this software and associated documentation files (the 11 | * "Software"), to deal in the Software without restriction, including 12 | * without limitation the rights to use, copy, modify, merge, publish, 13 | * distribute, sublicense, and/or sell copies of the Software, and to 14 | * permit persons to whom the Software is furnished to do so, subject to 15 | * the following conditions: 16 | * 17 | * The above copyright notice and this permission notice shall be 18 | * included in all copies or substantial portions of the Software. 19 | * 20 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 21 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 22 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 23 | * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 24 | * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 25 | * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 26 | * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 27 | * 28 | * ===========================(LICENSE END)============================= 29 | * 30 | * @author Thomas Pornin 31 | */ 32 | 33 | #include 34 | #include 35 | #include 36 | 37 | #include "sph_echo.h" 38 | 39 | #ifdef __cplusplus 40 | extern "C"{ 41 | #endif 42 | 43 | #if SPH_SMALL_FOOTPRINT && !defined SPH_SMALL_FOOTPRINT_ECHO 44 | #define SPH_SMALL_FOOTPRINT_ECHO 1 45 | #endif 46 | 47 | /* 48 | * Some measures tend to show that the 64-bit implementation offers 49 | * better performance only on a "64-bit architectures", those which have 50 | * actual 64-bit registers. 51 | */ 52 | #if !defined SPH_ECHO_64 && SPH_64_TRUE 53 | #define SPH_ECHO_64 1 54 | #endif 55 | 56 | /* 57 | * We can use a 64-bit implementation only if a 64-bit type is available. 58 | */ 59 | #if !SPH_64 60 | #undef SPH_ECHO_64 61 | #endif 62 | 63 | #ifdef _MSC_VER 64 | #pragma warning (disable: 4146) 65 | #endif 66 | 67 | #define T32 SPH_T32 68 | #define C32 SPH_C32 69 | #if SPH_64 70 | #define C64 SPH_C64 71 | #endif 72 | 73 | #define AES_BIG_ENDIAN 0 74 | #include "aes_helper.c" 75 | 76 | #if SPH_ECHO_64 77 | 78 | #define DECL_STATE_SMALL \ 79 | sph_u64 W[16][2]; 80 | 81 | #define DECL_STATE_BIG \ 82 | sph_u64 W[16][2]; 83 | 84 | #define INPUT_BLOCK_SMALL(sc) do { \ 85 | unsigned u; \ 86 | memcpy(W, sc->u.Vb, 8 * sizeof(sph_u64)); \ 87 | for (u = 0; u < 12; u ++) { \ 88 | W[u + 4][0] = sph_dec64le_aligned( \ 89 | sc->buf + 16 * u); \ 90 | W[u + 4][1] = sph_dec64le_aligned( \ 91 | sc->buf + 16 * u + 8); \ 92 | } \ 93 | } while (0) 94 | 95 | #define INPUT_BLOCK_BIG(sc) do { \ 96 | unsigned u; \ 97 | memcpy(W, sc->u.Vb, 16 * sizeof(sph_u64)); \ 98 | for (u = 0; u < 8; u ++) { \ 99 | W[u + 8][0] = sph_dec64le_aligned( \ 100 | sc->buf + 16 * u); \ 101 | W[u + 8][1] = sph_dec64le_aligned( \ 102 | sc->buf + 16 * u + 8); \ 103 | } \ 104 | } while (0) 105 | 106 | #if SPH_SMALL_FOOTPRINT_ECHO 107 | 108 | static void 109 | aes_2rounds_all(sph_u64 W[16][2], 110 | sph_u32 *pK0, sph_u32 *pK1, sph_u32 *pK2, sph_u32 *pK3) 111 | { 112 | int n; 113 | sph_u32 K0 = *pK0; 114 | sph_u32 K1 = *pK1; 115 | sph_u32 K2 = *pK2; 116 | sph_u32 K3 = *pK3; 117 | 118 | for (n = 0; n < 16; n ++) { 119 | sph_u64 Wl = W[n][0]; 120 | sph_u64 Wh = W[n][1]; 121 | sph_u32 X0 = (sph_u32)Wl; 122 | sph_u32 X1 = (sph_u32)(Wl >> 32); 123 | sph_u32 X2 = (sph_u32)Wh; 124 | sph_u32 X3 = (sph_u32)(Wh >> 32); 125 | sph_u32 Y0, Y1, Y2, Y3; \ 126 | AES_ROUND_LE(X0, X1, X2, X3, K0, K1, K2, K3, Y0, Y1, Y2, Y3); 127 | AES_ROUND_NOKEY_LE(Y0, Y1, Y2, Y3, X0, X1, X2, X3); 128 | W[n][0] = (sph_u64)X0 | ((sph_u64)X1 << 32); 129 | W[n][1] = (sph_u64)X2 | ((sph_u64)X3 << 32); 130 | if ((K0 = T32(K0 + 1)) == 0) { 131 | if ((K1 = T32(K1 + 1)) == 0) 132 | if ((K2 = T32(K2 + 1)) == 0) 133 | K3 = T32(K3 + 1); 134 | } 135 | } 136 | *pK0 = K0; 137 | *pK1 = K1; 138 | *pK2 = K2; 139 | *pK3 = K3; 140 | } 141 | 142 | #define BIG_SUB_WORDS do { \ 143 | aes_2rounds_all(W, &K0, &K1, &K2, &K3); \ 144 | } while (0) 145 | 146 | #else 147 | 148 | #define AES_2ROUNDS(X) do { \ 149 | sph_u32 X0 = (sph_u32)(X[0]); \ 150 | sph_u32 X1 = (sph_u32)(X[0] >> 32); \ 151 | sph_u32 X2 = (sph_u32)(X[1]); \ 152 | sph_u32 X3 = (sph_u32)(X[1] >> 32); \ 153 | sph_u32 Y0, Y1, Y2, Y3; \ 154 | AES_ROUND_LE(X0, X1, X2, X3, K0, K1, K2, K3, Y0, Y1, Y2, Y3); \ 155 | AES_ROUND_NOKEY_LE(Y0, Y1, Y2, Y3, X0, X1, X2, X3); \ 156 | X[0] = (sph_u64)X0 | ((sph_u64)X1 << 32); \ 157 | X[1] = (sph_u64)X2 | ((sph_u64)X3 << 32); \ 158 | if ((K0 = T32(K0 + 1)) == 0) { \ 159 | if ((K1 = T32(K1 + 1)) == 0) \ 160 | if ((K2 = T32(K2 + 1)) == 0) \ 161 | K3 = T32(K3 + 1); \ 162 | } \ 163 | } while (0) 164 | 165 | #define BIG_SUB_WORDS do { \ 166 | AES_2ROUNDS(W[ 0]); \ 167 | AES_2ROUNDS(W[ 1]); \ 168 | AES_2ROUNDS(W[ 2]); \ 169 | AES_2ROUNDS(W[ 3]); \ 170 | AES_2ROUNDS(W[ 4]); \ 171 | AES_2ROUNDS(W[ 5]); \ 172 | AES_2ROUNDS(W[ 6]); \ 173 | AES_2ROUNDS(W[ 7]); \ 174 | AES_2ROUNDS(W[ 8]); \ 175 | AES_2ROUNDS(W[ 9]); \ 176 | AES_2ROUNDS(W[10]); \ 177 | AES_2ROUNDS(W[11]); \ 178 | AES_2ROUNDS(W[12]); \ 179 | AES_2ROUNDS(W[13]); \ 180 | AES_2ROUNDS(W[14]); \ 181 | AES_2ROUNDS(W[15]); \ 182 | } while (0) 183 | 184 | #endif 185 | 186 | #define SHIFT_ROW1(a, b, c, d) do { \ 187 | sph_u64 tmp; \ 188 | tmp = W[a][0]; \ 189 | W[a][0] = W[b][0]; \ 190 | W[b][0] = W[c][0]; \ 191 | W[c][0] = W[d][0]; \ 192 | W[d][0] = tmp; \ 193 | tmp = W[a][1]; \ 194 | W[a][1] = W[b][1]; \ 195 | W[b][1] = W[c][1]; \ 196 | W[c][1] = W[d][1]; \ 197 | W[d][1] = tmp; \ 198 | } while (0) 199 | 200 | #define SHIFT_ROW2(a, b, c, d) do { \ 201 | sph_u64 tmp; \ 202 | tmp = W[a][0]; \ 203 | W[a][0] = W[c][0]; \ 204 | W[c][0] = tmp; \ 205 | tmp = W[b][0]; \ 206 | W[b][0] = W[d][0]; \ 207 | W[d][0] = tmp; \ 208 | tmp = W[a][1]; \ 209 | W[a][1] = W[c][1]; \ 210 | W[c][1] = tmp; \ 211 | tmp = W[b][1]; \ 212 | W[b][1] = W[d][1]; \ 213 | W[d][1] = tmp; \ 214 | } while (0) 215 | 216 | #define SHIFT_ROW3(a, b, c, d) SHIFT_ROW1(d, c, b, a) 217 | 218 | #define BIG_SHIFT_ROWS do { \ 219 | SHIFT_ROW1(1, 5, 9, 13); \ 220 | SHIFT_ROW2(2, 6, 10, 14); \ 221 | SHIFT_ROW3(3, 7, 11, 15); \ 222 | } while (0) 223 | 224 | #if SPH_SMALL_FOOTPRINT_ECHO 225 | 226 | static void 227 | mix_column(sph_u64 W[16][2], int ia, int ib, int ic, int id) 228 | { 229 | int n; 230 | 231 | for (n = 0; n < 2; n ++) { 232 | sph_u64 a = W[ia][n]; 233 | sph_u64 b = W[ib][n]; 234 | sph_u64 c = W[ic][n]; 235 | sph_u64 d = W[id][n]; 236 | sph_u64 ab = a ^ b; 237 | sph_u64 bc = b ^ c; 238 | sph_u64 cd = c ^ d; 239 | sph_u64 abx = ((ab & C64(0x8080808080808080)) >> 7) * 27U 240 | ^ ((ab & C64(0x7F7F7F7F7F7F7F7F)) << 1); 241 | sph_u64 bcx = ((bc & C64(0x8080808080808080)) >> 7) * 27U 242 | ^ ((bc & C64(0x7F7F7F7F7F7F7F7F)) << 1); 243 | sph_u64 cdx = ((cd & C64(0x8080808080808080)) >> 7) * 27U 244 | ^ ((cd & C64(0x7F7F7F7F7F7F7F7F)) << 1); 245 | W[ia][n] = abx ^ bc ^ d; 246 | W[ib][n] = bcx ^ a ^ cd; 247 | W[ic][n] = cdx ^ ab ^ d; 248 | W[id][n] = abx ^ bcx ^ cdx ^ ab ^ c; 249 | } 250 | } 251 | 252 | #define MIX_COLUMN(a, b, c, d) mix_column(W, a, b, c, d) 253 | 254 | #else 255 | 256 | #define MIX_COLUMN1(ia, ib, ic, id, n) do { \ 257 | sph_u64 a = W[ia][n]; \ 258 | sph_u64 b = W[ib][n]; \ 259 | sph_u64 c = W[ic][n]; \ 260 | sph_u64 d = W[id][n]; \ 261 | sph_u64 ab = a ^ b; \ 262 | sph_u64 bc = b ^ c; \ 263 | sph_u64 cd = c ^ d; \ 264 | sph_u64 abx = ((ab & C64(0x8080808080808080)) >> 7) * 27U \ 265 | ^ ((ab & C64(0x7F7F7F7F7F7F7F7F)) << 1); \ 266 | sph_u64 bcx = ((bc & C64(0x8080808080808080)) >> 7) * 27U \ 267 | ^ ((bc & C64(0x7F7F7F7F7F7F7F7F)) << 1); \ 268 | sph_u64 cdx = ((cd & C64(0x8080808080808080)) >> 7) * 27U \ 269 | ^ ((cd & C64(0x7F7F7F7F7F7F7F7F)) << 1); \ 270 | W[ia][n] = abx ^ bc ^ d; \ 271 | W[ib][n] = bcx ^ a ^ cd; \ 272 | W[ic][n] = cdx ^ ab ^ d; \ 273 | W[id][n] = abx ^ bcx ^ cdx ^ ab ^ c; \ 274 | } while (0) 275 | 276 | #define MIX_COLUMN(a, b, c, d) do { \ 277 | MIX_COLUMN1(a, b, c, d, 0); \ 278 | MIX_COLUMN1(a, b, c, d, 1); \ 279 | } while (0) 280 | 281 | #endif 282 | 283 | #define BIG_MIX_COLUMNS do { \ 284 | MIX_COLUMN(0, 1, 2, 3); \ 285 | MIX_COLUMN(4, 5, 6, 7); \ 286 | MIX_COLUMN(8, 9, 10, 11); \ 287 | MIX_COLUMN(12, 13, 14, 15); \ 288 | } while (0) 289 | 290 | #define BIG_ROUND do { \ 291 | BIG_SUB_WORDS; \ 292 | BIG_SHIFT_ROWS; \ 293 | BIG_MIX_COLUMNS; \ 294 | } while (0) 295 | 296 | #define FINAL_SMALL do { \ 297 | unsigned u; \ 298 | sph_u64 *VV = &sc->u.Vb[0][0]; \ 299 | sph_u64 *WW = &W[0][0]; \ 300 | for (u = 0; u < 8; u ++) { \ 301 | VV[u] ^= sph_dec64le_aligned(sc->buf + (u * 8)) \ 302 | ^ sph_dec64le_aligned(sc->buf + (u * 8) + 64) \ 303 | ^ sph_dec64le_aligned(sc->buf + (u * 8) + 128) \ 304 | ^ WW[u] ^ WW[u + 8] \ 305 | ^ WW[u + 16] ^ WW[u + 24]; \ 306 | } \ 307 | } while (0) 308 | 309 | #define FINAL_BIG do { \ 310 | unsigned u; \ 311 | sph_u64 *VV = &sc->u.Vb[0][0]; \ 312 | sph_u64 *WW = &W[0][0]; \ 313 | for (u = 0; u < 16; u ++) { \ 314 | VV[u] ^= sph_dec64le_aligned(sc->buf + (u * 8)) \ 315 | ^ WW[u] ^ WW[u + 16]; \ 316 | } \ 317 | } while (0) 318 | 319 | #define COMPRESS_SMALL(sc) do { \ 320 | sph_u32 K0 = sc->C0; \ 321 | sph_u32 K1 = sc->C1; \ 322 | sph_u32 K2 = sc->C2; \ 323 | sph_u32 K3 = sc->C3; \ 324 | unsigned u; \ 325 | INPUT_BLOCK_SMALL(sc); \ 326 | for (u = 0; u < 8; u ++) { \ 327 | BIG_ROUND; \ 328 | } \ 329 | FINAL_SMALL; \ 330 | } while (0) 331 | 332 | #define COMPRESS_BIG(sc) do { \ 333 | sph_u32 K0 = sc->C0; \ 334 | sph_u32 K1 = sc->C1; \ 335 | sph_u32 K2 = sc->C2; \ 336 | sph_u32 K3 = sc->C3; \ 337 | unsigned u; \ 338 | INPUT_BLOCK_BIG(sc); \ 339 | for (u = 0; u < 10; u ++) { \ 340 | BIG_ROUND; \ 341 | } \ 342 | FINAL_BIG; \ 343 | } while (0) 344 | 345 | #else 346 | 347 | #define DECL_STATE_SMALL \ 348 | sph_u32 W[16][4]; 349 | 350 | #define DECL_STATE_BIG \ 351 | sph_u32 W[16][4]; 352 | 353 | #define INPUT_BLOCK_SMALL(sc) do { \ 354 | unsigned u; \ 355 | memcpy(W, sc->u.Vs, 16 * sizeof(sph_u32)); \ 356 | for (u = 0; u < 12; u ++) { \ 357 | W[u + 4][0] = sph_dec32le_aligned( \ 358 | sc->buf + 16 * u); \ 359 | W[u + 4][1] = sph_dec32le_aligned( \ 360 | sc->buf + 16 * u + 4); \ 361 | W[u + 4][2] = sph_dec32le_aligned( \ 362 | sc->buf + 16 * u + 8); \ 363 | W[u + 4][3] = sph_dec32le_aligned( \ 364 | sc->buf + 16 * u + 12); \ 365 | } \ 366 | } while (0) 367 | 368 | #define INPUT_BLOCK_BIG(sc) do { \ 369 | unsigned u; \ 370 | memcpy(W, sc->u.Vs, 32 * sizeof(sph_u32)); \ 371 | for (u = 0; u < 8; u ++) { \ 372 | W[u + 8][0] = sph_dec32le_aligned( \ 373 | sc->buf + 16 * u); \ 374 | W[u + 8][1] = sph_dec32le_aligned( \ 375 | sc->buf + 16 * u + 4); \ 376 | W[u + 8][2] = sph_dec32le_aligned( \ 377 | sc->buf + 16 * u + 8); \ 378 | W[u + 8][3] = sph_dec32le_aligned( \ 379 | sc->buf + 16 * u + 12); \ 380 | } \ 381 | } while (0) 382 | 383 | #if SPH_SMALL_FOOTPRINT_ECHO 384 | 385 | static void 386 | aes_2rounds_all(sph_u32 W[16][4], 387 | sph_u32 *pK0, sph_u32 *pK1, sph_u32 *pK2, sph_u32 *pK3) 388 | { 389 | int n; 390 | sph_u32 K0 = *pK0; 391 | sph_u32 K1 = *pK1; 392 | sph_u32 K2 = *pK2; 393 | sph_u32 K3 = *pK3; 394 | 395 | for (n = 0; n < 16; n ++) { 396 | sph_u32 *X = W[n]; 397 | sph_u32 Y0, Y1, Y2, Y3; 398 | AES_ROUND_LE(X[0], X[1], X[2], X[3], 399 | K0, K1, K2, K3, Y0, Y1, Y2, Y3); 400 | AES_ROUND_NOKEY_LE(Y0, Y1, Y2, Y3, X[0], X[1], X[2], X[3]); 401 | if ((K0 = T32(K0 + 1)) == 0) { 402 | if ((K1 = T32(K1 + 1)) == 0) 403 | if ((K2 = T32(K2 + 1)) == 0) 404 | K3 = T32(K3 + 1); 405 | } 406 | } 407 | *pK0 = K0; 408 | *pK1 = K1; 409 | *pK2 = K2; 410 | *pK3 = K3; 411 | } 412 | 413 | #define BIG_SUB_WORDS do { \ 414 | aes_2rounds_all(W, &K0, &K1, &K2, &K3); \ 415 | } while (0) 416 | 417 | #else 418 | 419 | #define AES_2ROUNDS(X) do { \ 420 | sph_u32 Y0, Y1, Y2, Y3; \ 421 | AES_ROUND_LE(X[0], X[1], X[2], X[3], \ 422 | K0, K1, K2, K3, Y0, Y1, Y2, Y3); \ 423 | AES_ROUND_NOKEY_LE(Y0, Y1, Y2, Y3, X[0], X[1], X[2], X[3]); \ 424 | if ((K0 = T32(K0 + 1)) == 0) { \ 425 | if ((K1 = T32(K1 + 1)) == 0) \ 426 | if ((K2 = T32(K2 + 1)) == 0) \ 427 | K3 = T32(K3 + 1); \ 428 | } \ 429 | } while (0) 430 | 431 | #define BIG_SUB_WORDS do { \ 432 | AES_2ROUNDS(W[ 0]); \ 433 | AES_2ROUNDS(W[ 1]); \ 434 | AES_2ROUNDS(W[ 2]); \ 435 | AES_2ROUNDS(W[ 3]); \ 436 | AES_2ROUNDS(W[ 4]); \ 437 | AES_2ROUNDS(W[ 5]); \ 438 | AES_2ROUNDS(W[ 6]); \ 439 | AES_2ROUNDS(W[ 7]); \ 440 | AES_2ROUNDS(W[ 8]); \ 441 | AES_2ROUNDS(W[ 9]); \ 442 | AES_2ROUNDS(W[10]); \ 443 | AES_2ROUNDS(W[11]); \ 444 | AES_2ROUNDS(W[12]); \ 445 | AES_2ROUNDS(W[13]); \ 446 | AES_2ROUNDS(W[14]); \ 447 | AES_2ROUNDS(W[15]); \ 448 | } while (0) 449 | 450 | #endif 451 | 452 | #define SHIFT_ROW1(a, b, c, d) do { \ 453 | sph_u32 tmp; \ 454 | tmp = W[a][0]; \ 455 | W[a][0] = W[b][0]; \ 456 | W[b][0] = W[c][0]; \ 457 | W[c][0] = W[d][0]; \ 458 | W[d][0] = tmp; \ 459 | tmp = W[a][1]; \ 460 | W[a][1] = W[b][1]; \ 461 | W[b][1] = W[c][1]; \ 462 | W[c][1] = W[d][1]; \ 463 | W[d][1] = tmp; \ 464 | tmp = W[a][2]; \ 465 | W[a][2] = W[b][2]; \ 466 | W[b][2] = W[c][2]; \ 467 | W[c][2] = W[d][2]; \ 468 | W[d][2] = tmp; \ 469 | tmp = W[a][3]; \ 470 | W[a][3] = W[b][3]; \ 471 | W[b][3] = W[c][3]; \ 472 | W[c][3] = W[d][3]; \ 473 | W[d][3] = tmp; \ 474 | } while (0) 475 | 476 | #define SHIFT_ROW2(a, b, c, d) do { \ 477 | sph_u32 tmp; \ 478 | tmp = W[a][0]; \ 479 | W[a][0] = W[c][0]; \ 480 | W[c][0] = tmp; \ 481 | tmp = W[b][0]; \ 482 | W[b][0] = W[d][0]; \ 483 | W[d][0] = tmp; \ 484 | tmp = W[a][1]; \ 485 | W[a][1] = W[c][1]; \ 486 | W[c][1] = tmp; \ 487 | tmp = W[b][1]; \ 488 | W[b][1] = W[d][1]; \ 489 | W[d][1] = tmp; \ 490 | tmp = W[a][2]; \ 491 | W[a][2] = W[c][2]; \ 492 | W[c][2] = tmp; \ 493 | tmp = W[b][2]; \ 494 | W[b][2] = W[d][2]; \ 495 | W[d][2] = tmp; \ 496 | tmp = W[a][3]; \ 497 | W[a][3] = W[c][3]; \ 498 | W[c][3] = tmp; \ 499 | tmp = W[b][3]; \ 500 | W[b][3] = W[d][3]; \ 501 | W[d][3] = tmp; \ 502 | } while (0) 503 | 504 | #define SHIFT_ROW3(a, b, c, d) SHIFT_ROW1(d, c, b, a) 505 | 506 | #define BIG_SHIFT_ROWS do { \ 507 | SHIFT_ROW1(1, 5, 9, 13); \ 508 | SHIFT_ROW2(2, 6, 10, 14); \ 509 | SHIFT_ROW3(3, 7, 11, 15); \ 510 | } while (0) 511 | 512 | #if SPH_SMALL_FOOTPRINT_ECHO 513 | 514 | static void 515 | mix_column(sph_u32 W[16][4], int ia, int ib, int ic, int id) 516 | { 517 | int n; 518 | 519 | for (n = 0; n < 4; n ++) { 520 | sph_u32 a = W[ia][n]; 521 | sph_u32 b = W[ib][n]; 522 | sph_u32 c = W[ic][n]; 523 | sph_u32 d = W[id][n]; 524 | sph_u32 ab = a ^ b; 525 | sph_u32 bc = b ^ c; 526 | sph_u32 cd = c ^ d; 527 | sph_u32 abx = ((ab & C32(0x80808080)) >> 7) * 27U 528 | ^ ((ab & C32(0x7F7F7F7F)) << 1); 529 | sph_u32 bcx = ((bc & C32(0x80808080)) >> 7) * 27U 530 | ^ ((bc & C32(0x7F7F7F7F)) << 1); 531 | sph_u32 cdx = ((cd & C32(0x80808080)) >> 7) * 27U 532 | ^ ((cd & C32(0x7F7F7F7F)) << 1); 533 | W[ia][n] = abx ^ bc ^ d; 534 | W[ib][n] = bcx ^ a ^ cd; 535 | W[ic][n] = cdx ^ ab ^ d; 536 | W[id][n] = abx ^ bcx ^ cdx ^ ab ^ c; 537 | } 538 | } 539 | 540 | #define MIX_COLUMN(a, b, c, d) mix_column(W, a, b, c, d) 541 | 542 | #else 543 | 544 | #define MIX_COLUMN1(ia, ib, ic, id, n) do { \ 545 | sph_u32 a = W[ia][n]; \ 546 | sph_u32 b = W[ib][n]; \ 547 | sph_u32 c = W[ic][n]; \ 548 | sph_u32 d = W[id][n]; \ 549 | sph_u32 ab = a ^ b; \ 550 | sph_u32 bc = b ^ c; \ 551 | sph_u32 cd = c ^ d; \ 552 | sph_u32 abx = ((ab & C32(0x80808080)) >> 7) * 27U \ 553 | ^ ((ab & C32(0x7F7F7F7F)) << 1); \ 554 | sph_u32 bcx = ((bc & C32(0x80808080)) >> 7) * 27U \ 555 | ^ ((bc & C32(0x7F7F7F7F)) << 1); \ 556 | sph_u32 cdx = ((cd & C32(0x80808080)) >> 7) * 27U \ 557 | ^ ((cd & C32(0x7F7F7F7F)) << 1); \ 558 | W[ia][n] = abx ^ bc ^ d; \ 559 | W[ib][n] = bcx ^ a ^ cd; \ 560 | W[ic][n] = cdx ^ ab ^ d; \ 561 | W[id][n] = abx ^ bcx ^ cdx ^ ab ^ c; \ 562 | } while (0) 563 | 564 | #define MIX_COLUMN(a, b, c, d) do { \ 565 | MIX_COLUMN1(a, b, c, d, 0); \ 566 | MIX_COLUMN1(a, b, c, d, 1); \ 567 | MIX_COLUMN1(a, b, c, d, 2); \ 568 | MIX_COLUMN1(a, b, c, d, 3); \ 569 | } while (0) 570 | 571 | #endif 572 | 573 | #define BIG_MIX_COLUMNS do { \ 574 | MIX_COLUMN(0, 1, 2, 3); \ 575 | MIX_COLUMN(4, 5, 6, 7); \ 576 | MIX_COLUMN(8, 9, 10, 11); \ 577 | MIX_COLUMN(12, 13, 14, 15); \ 578 | } while (0) 579 | 580 | #define BIG_ROUND do { \ 581 | BIG_SUB_WORDS; \ 582 | BIG_SHIFT_ROWS; \ 583 | BIG_MIX_COLUMNS; \ 584 | } while (0) 585 | 586 | #define FINAL_SMALL do { \ 587 | unsigned u; \ 588 | sph_u32 *VV = &sc->u.Vs[0][0]; \ 589 | sph_u32 *WW = &W[0][0]; \ 590 | for (u = 0; u < 16; u ++) { \ 591 | VV[u] ^= sph_dec32le_aligned(sc->buf + (u * 4)) \ 592 | ^ sph_dec32le_aligned(sc->buf + (u * 4) + 64) \ 593 | ^ sph_dec32le_aligned(sc->buf + (u * 4) + 128) \ 594 | ^ WW[u] ^ WW[u + 16] \ 595 | ^ WW[u + 32] ^ WW[u + 48]; \ 596 | } \ 597 | } while (0) 598 | 599 | #define FINAL_BIG do { \ 600 | unsigned u; \ 601 | sph_u32 *VV = &sc->u.Vs[0][0]; \ 602 | sph_u32 *WW = &W[0][0]; \ 603 | for (u = 0; u < 32; u ++) { \ 604 | VV[u] ^= sph_dec32le_aligned(sc->buf + (u * 4)) \ 605 | ^ WW[u] ^ WW[u + 32]; \ 606 | } \ 607 | } while (0) 608 | 609 | #define COMPRESS_SMALL(sc) do { \ 610 | sph_u32 K0 = sc->C0; \ 611 | sph_u32 K1 = sc->C1; \ 612 | sph_u32 K2 = sc->C2; \ 613 | sph_u32 K3 = sc->C3; \ 614 | unsigned u; \ 615 | INPUT_BLOCK_SMALL(sc); \ 616 | for (u = 0; u < 8; u ++) { \ 617 | BIG_ROUND; \ 618 | } \ 619 | FINAL_SMALL; \ 620 | } while (0) 621 | 622 | #define COMPRESS_BIG(sc) do { \ 623 | sph_u32 K0 = sc->C0; \ 624 | sph_u32 K1 = sc->C1; \ 625 | sph_u32 K2 = sc->C2; \ 626 | sph_u32 K3 = sc->C3; \ 627 | unsigned u; \ 628 | INPUT_BLOCK_BIG(sc); \ 629 | for (u = 0; u < 10; u ++) { \ 630 | BIG_ROUND; \ 631 | } \ 632 | FINAL_BIG; \ 633 | } while (0) 634 | 635 | #endif 636 | 637 | #define INCR_COUNTER(sc, val) do { \ 638 | sc->C0 = T32(sc->C0 + (sph_u32)(val)); \ 639 | if (sc->C0 < (sph_u32)(val)) { \ 640 | if ((sc->C1 = T32(sc->C1 + 1)) == 0) \ 641 | if ((sc->C2 = T32(sc->C2 + 1)) == 0) \ 642 | sc->C3 = T32(sc->C3 + 1); \ 643 | } \ 644 | } while (0) 645 | 646 | static void 647 | echo_small_init(sph_echo_small_context *sc, unsigned out_len) 648 | { 649 | #if SPH_ECHO_64 650 | sc->u.Vb[0][0] = (sph_u64)out_len; 651 | sc->u.Vb[0][1] = 0; 652 | sc->u.Vb[1][0] = (sph_u64)out_len; 653 | sc->u.Vb[1][1] = 0; 654 | sc->u.Vb[2][0] = (sph_u64)out_len; 655 | sc->u.Vb[2][1] = 0; 656 | sc->u.Vb[3][0] = (sph_u64)out_len; 657 | sc->u.Vb[3][1] = 0; 658 | #else 659 | sc->u.Vs[0][0] = (sph_u32)out_len; 660 | sc->u.Vs[0][1] = sc->u.Vs[0][2] = sc->u.Vs[0][3] = 0; 661 | sc->u.Vs[1][0] = (sph_u32)out_len; 662 | sc->u.Vs[1][1] = sc->u.Vs[1][2] = sc->u.Vs[1][3] = 0; 663 | sc->u.Vs[2][0] = (sph_u32)out_len; 664 | sc->u.Vs[2][1] = sc->u.Vs[2][2] = sc->u.Vs[2][3] = 0; 665 | sc->u.Vs[3][0] = (sph_u32)out_len; 666 | sc->u.Vs[3][1] = sc->u.Vs[3][2] = sc->u.Vs[3][3] = 0; 667 | #endif 668 | sc->ptr = 0; 669 | sc->C0 = sc->C1 = sc->C2 = sc->C3 = 0; 670 | } 671 | 672 | static void 673 | echo_big_init(sph_echo_big_context *sc, unsigned out_len) 674 | { 675 | #if SPH_ECHO_64 676 | sc->u.Vb[0][0] = (sph_u64)out_len; 677 | sc->u.Vb[0][1] = 0; 678 | sc->u.Vb[1][0] = (sph_u64)out_len; 679 | sc->u.Vb[1][1] = 0; 680 | sc->u.Vb[2][0] = (sph_u64)out_len; 681 | sc->u.Vb[2][1] = 0; 682 | sc->u.Vb[3][0] = (sph_u64)out_len; 683 | sc->u.Vb[3][1] = 0; 684 | sc->u.Vb[4][0] = (sph_u64)out_len; 685 | sc->u.Vb[4][1] = 0; 686 | sc->u.Vb[5][0] = (sph_u64)out_len; 687 | sc->u.Vb[5][1] = 0; 688 | sc->u.Vb[6][0] = (sph_u64)out_len; 689 | sc->u.Vb[6][1] = 0; 690 | sc->u.Vb[7][0] = (sph_u64)out_len; 691 | sc->u.Vb[7][1] = 0; 692 | #else 693 | sc->u.Vs[0][0] = (sph_u32)out_len; 694 | sc->u.Vs[0][1] = sc->u.Vs[0][2] = sc->u.Vs[0][3] = 0; 695 | sc->u.Vs[1][0] = (sph_u32)out_len; 696 | sc->u.Vs[1][1] = sc->u.Vs[1][2] = sc->u.Vs[1][3] = 0; 697 | sc->u.Vs[2][0] = (sph_u32)out_len; 698 | sc->u.Vs[2][1] = sc->u.Vs[2][2] = sc->u.Vs[2][3] = 0; 699 | sc->u.Vs[3][0] = (sph_u32)out_len; 700 | sc->u.Vs[3][1] = sc->u.Vs[3][2] = sc->u.Vs[3][3] = 0; 701 | sc->u.Vs[4][0] = (sph_u32)out_len; 702 | sc->u.Vs[4][1] = sc->u.Vs[4][2] = sc->u.Vs[4][3] = 0; 703 | sc->u.Vs[5][0] = (sph_u32)out_len; 704 | sc->u.Vs[5][1] = sc->u.Vs[5][2] = sc->u.Vs[5][3] = 0; 705 | sc->u.Vs[6][0] = (sph_u32)out_len; 706 | sc->u.Vs[6][1] = sc->u.Vs[6][2] = sc->u.Vs[6][3] = 0; 707 | sc->u.Vs[7][0] = (sph_u32)out_len; 708 | sc->u.Vs[7][1] = sc->u.Vs[7][2] = sc->u.Vs[7][3] = 0; 709 | #endif 710 | sc->ptr = 0; 711 | sc->C0 = sc->C1 = sc->C2 = sc->C3 = 0; 712 | } 713 | 714 | static void 715 | echo_small_compress(sph_echo_small_context *sc) 716 | { 717 | DECL_STATE_SMALL 718 | 719 | COMPRESS_SMALL(sc); 720 | } 721 | 722 | static void 723 | echo_big_compress(sph_echo_big_context *sc) 724 | { 725 | DECL_STATE_BIG 726 | 727 | COMPRESS_BIG(sc); 728 | } 729 | 730 | static void 731 | echo_small_core(sph_echo_small_context *sc, 732 | const unsigned char *data, size_t len) 733 | { 734 | unsigned char *buf; 735 | size_t ptr; 736 | 737 | buf = sc->buf; 738 | ptr = sc->ptr; 739 | if (len < (sizeof sc->buf) - ptr) { 740 | memcpy(buf + ptr, data, len); 741 | ptr += len; 742 | sc->ptr = ptr; 743 | return; 744 | } 745 | 746 | while (len > 0) { 747 | size_t clen; 748 | 749 | clen = (sizeof sc->buf) - ptr; 750 | if (clen > len) 751 | clen = len; 752 | memcpy(buf + ptr, data, clen); 753 | ptr += clen; 754 | data += clen; 755 | len -= clen; 756 | if (ptr == sizeof sc->buf) { 757 | INCR_COUNTER(sc, 1536); 758 | echo_small_compress(sc); 759 | ptr = 0; 760 | } 761 | } 762 | sc->ptr = ptr; 763 | } 764 | 765 | static void 766 | echo_big_core(sph_echo_big_context *sc, 767 | const unsigned char *data, size_t len) 768 | { 769 | unsigned char *buf; 770 | size_t ptr; 771 | 772 | buf = sc->buf; 773 | ptr = sc->ptr; 774 | if (len < (sizeof sc->buf) - ptr) { 775 | memcpy(buf + ptr, data, len); 776 | ptr += len; 777 | sc->ptr = ptr; 778 | return; 779 | } 780 | 781 | while (len > 0) { 782 | size_t clen; 783 | 784 | clen = (sizeof sc->buf) - ptr; 785 | if (clen > len) 786 | clen = len; 787 | memcpy(buf + ptr, data, clen); 788 | ptr += clen; 789 | data += clen; 790 | len -= clen; 791 | if (ptr == sizeof sc->buf) { 792 | INCR_COUNTER(sc, 1024); 793 | echo_big_compress(sc); 794 | ptr = 0; 795 | } 796 | } 797 | sc->ptr = ptr; 798 | } 799 | 800 | static void 801 | echo_small_close(sph_echo_small_context *sc, unsigned ub, unsigned n, 802 | void *dst, unsigned out_size_w32) 803 | { 804 | unsigned char *buf; 805 | size_t ptr; 806 | unsigned z; 807 | unsigned elen; 808 | union { 809 | unsigned char tmp[32]; 810 | sph_u32 dummy; 811 | #if SPH_ECHO_64 812 | sph_u64 dummy2; 813 | #endif 814 | } u; 815 | #if SPH_ECHO_64 816 | sph_u64 *VV; 817 | #else 818 | sph_u32 *VV; 819 | #endif 820 | unsigned k; 821 | 822 | buf = sc->buf; 823 | ptr = sc->ptr; 824 | elen = ((unsigned)ptr << 3) + n; 825 | INCR_COUNTER(sc, elen); 826 | sph_enc32le_aligned(u.tmp, sc->C0); 827 | sph_enc32le_aligned(u.tmp + 4, sc->C1); 828 | sph_enc32le_aligned(u.tmp + 8, sc->C2); 829 | sph_enc32le_aligned(u.tmp + 12, sc->C3); 830 | /* 831 | * If elen is zero, then this block actually contains no message 832 | * bit, only the first padding bit. 833 | */ 834 | if (elen == 0) { 835 | sc->C0 = sc->C1 = sc->C2 = sc->C3 = 0; 836 | } 837 | z = 0x80 >> n; 838 | buf[ptr ++] = ((ub & -z) | z) & 0xFF; 839 | memset(buf + ptr, 0, (sizeof sc->buf) - ptr); 840 | if (ptr > ((sizeof sc->buf) - 18)) { 841 | echo_small_compress(sc); 842 | sc->C0 = sc->C1 = sc->C2 = sc->C3 = 0; 843 | memset(buf, 0, sizeof sc->buf); 844 | } 845 | sph_enc16le(buf + (sizeof sc->buf) - 18, out_size_w32 << 5); 846 | memcpy(buf + (sizeof sc->buf) - 16, u.tmp, 16); 847 | echo_small_compress(sc); 848 | #if SPH_ECHO_64 849 | for (VV = &sc->u.Vb[0][0], k = 0; k < ((out_size_w32 + 1) >> 1); k ++) 850 | sph_enc64le_aligned(u.tmp + (k << 3), VV[k]); 851 | #else 852 | for (VV = &sc->u.Vs[0][0], k = 0; k < out_size_w32; k ++) 853 | sph_enc32le_aligned(u.tmp + (k << 2), VV[k]); 854 | #endif 855 | memcpy(dst, u.tmp, out_size_w32 << 2); 856 | echo_small_init(sc, out_size_w32 << 5); 857 | } 858 | 859 | static void 860 | echo_big_close(sph_echo_big_context *sc, unsigned ub, unsigned n, 861 | void *dst, unsigned out_size_w32) 862 | { 863 | unsigned char *buf; 864 | size_t ptr; 865 | unsigned z; 866 | unsigned elen; 867 | union { 868 | unsigned char tmp[64]; 869 | sph_u32 dummy; 870 | #if SPH_ECHO_64 871 | sph_u64 dummy2; 872 | #endif 873 | } u; 874 | #if SPH_ECHO_64 875 | sph_u64 *VV; 876 | #else 877 | sph_u32 *VV; 878 | #endif 879 | unsigned k; 880 | 881 | buf = sc->buf; 882 | ptr = sc->ptr; 883 | elen = ((unsigned)ptr << 3) + n; 884 | INCR_COUNTER(sc, elen); 885 | sph_enc32le_aligned(u.tmp, sc->C0); 886 | sph_enc32le_aligned(u.tmp + 4, sc->C1); 887 | sph_enc32le_aligned(u.tmp + 8, sc->C2); 888 | sph_enc32le_aligned(u.tmp + 12, sc->C3); 889 | /* 890 | * If elen is zero, then this block actually contains no message 891 | * bit, only the first padding bit. 892 | */ 893 | if (elen == 0) { 894 | sc->C0 = sc->C1 = sc->C2 = sc->C3 = 0; 895 | } 896 | z = 0x80 >> n; 897 | buf[ptr ++] = ((ub & -z) | z) & 0xFF; 898 | memset(buf + ptr, 0, (sizeof sc->buf) - ptr); 899 | if (ptr > ((sizeof sc->buf) - 18)) { 900 | echo_big_compress(sc); 901 | sc->C0 = sc->C1 = sc->C2 = sc->C3 = 0; 902 | memset(buf, 0, sizeof sc->buf); 903 | } 904 | sph_enc16le(buf + (sizeof sc->buf) - 18, out_size_w32 << 5); 905 | memcpy(buf + (sizeof sc->buf) - 16, u.tmp, 16); 906 | echo_big_compress(sc); 907 | #if SPH_ECHO_64 908 | for (VV = &sc->u.Vb[0][0], k = 0; k < ((out_size_w32 + 1) >> 1); k ++) 909 | sph_enc64le_aligned(u.tmp + (k << 3), VV[k]); 910 | #else 911 | for (VV = &sc->u.Vs[0][0], k = 0; k < out_size_w32; k ++) 912 | sph_enc32le_aligned(u.tmp + (k << 2), VV[k]); 913 | #endif 914 | memcpy(dst, u.tmp, out_size_w32 << 2); 915 | echo_big_init(sc, out_size_w32 << 5); 916 | } 917 | 918 | /* see sph_echo.h */ 919 | void 920 | sph_echo224_init(void *cc) 921 | { 922 | echo_small_init(cc, 224); 923 | } 924 | 925 | /* see sph_echo.h */ 926 | void 927 | sph_echo224(void *cc, const void *data, size_t len) 928 | { 929 | echo_small_core(cc, data, len); 930 | } 931 | 932 | /* see sph_echo.h */ 933 | void 934 | sph_echo224_close(void *cc, void *dst) 935 | { 936 | echo_small_close(cc, 0, 0, dst, 7); 937 | } 938 | 939 | /* see sph_echo.h */ 940 | void 941 | sph_echo224_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) 942 | { 943 | echo_small_close(cc, ub, n, dst, 7); 944 | } 945 | 946 | /* see sph_echo.h */ 947 | void 948 | sph_echo256_init(void *cc) 949 | { 950 | echo_small_init(cc, 256); 951 | } 952 | 953 | /* see sph_echo.h */ 954 | void 955 | sph_echo256(void *cc, const void *data, size_t len) 956 | { 957 | echo_small_core(cc, data, len); 958 | } 959 | 960 | /* see sph_echo.h */ 961 | void 962 | sph_echo256_close(void *cc, void *dst) 963 | { 964 | echo_small_close(cc, 0, 0, dst, 8); 965 | } 966 | 967 | /* see sph_echo.h */ 968 | void 969 | sph_echo256_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) 970 | { 971 | echo_small_close(cc, ub, n, dst, 8); 972 | } 973 | 974 | /* see sph_echo.h */ 975 | void 976 | sph_echo384_init(void *cc) 977 | { 978 | echo_big_init(cc, 384); 979 | } 980 | 981 | /* see sph_echo.h */ 982 | void 983 | sph_echo384(void *cc, const void *data, size_t len) 984 | { 985 | echo_big_core(cc, data, len); 986 | } 987 | 988 | /* see sph_echo.h */ 989 | void 990 | sph_echo384_close(void *cc, void *dst) 991 | { 992 | echo_big_close(cc, 0, 0, dst, 12); 993 | } 994 | 995 | /* see sph_echo.h */ 996 | void 997 | sph_echo384_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) 998 | { 999 | echo_big_close(cc, ub, n, dst, 12); 1000 | } 1001 | 1002 | /* see sph_echo.h */ 1003 | void 1004 | sph_echo512_init(void *cc) 1005 | { 1006 | echo_big_init(cc, 512); 1007 | } 1008 | 1009 | /* see sph_echo.h */ 1010 | void 1011 | sph_echo512(void *cc, const void *data, size_t len) 1012 | { 1013 | echo_big_core(cc, data, len); 1014 | } 1015 | 1016 | /* see sph_echo.h */ 1017 | void 1018 | sph_echo512_close(void *cc, void *dst) 1019 | { 1020 | echo_big_close(cc, 0, 0, dst, 16); 1021 | } 1022 | 1023 | /* see sph_echo.h */ 1024 | void 1025 | sph_echo512_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) 1026 | { 1027 | echo_big_close(cc, ub, n, dst, 16); 1028 | } 1029 | #ifdef __cplusplus 1030 | } 1031 | #endif 1032 | --------------------------------------------------------------------------------